xeovalyte/nix
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' of https://gitea.xeovalyte.dev/xeovalyte/nix

Browse Source 
Merge
This commit is contained in:
xeovalyte 2024-11-09 18:47:19 +01:00
commit 6dd44cc064
Signed by: xeovalyte
SSH Key Fingerprint: SHA256:GWI1hq+MNKR2UOcvk7n9tekASXT8vyazK7vDF9Xyciw
63 changed files with 7586 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
flake.nix
View File

@ -69,26 +69,31 @@
}; };
}; };
# pm01vm01 Configuration
nixosConfigurations = { nixosConfigurations = {
vnix-ctr = nixpkgs.lib.nixosSystem { pm01vm01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
modules = [ modules = [
({ config, pkgs, ... }: { ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
nixpkgs.overlays = [ overlay-unstable ];
networking.hostName = "vnix-ctn01";
})
./hosts/vnix-ctr ./hosts/pm01vm01
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.extraSpecialArgs = { inherit inputs nix-colors; };
home-manager.users.xeovalyte.imports = [ ./hosts/vnix-ctr/home.nix ];
}
]; ];
}; };
}; };
homeConfigurations = {
"xeovalyte@pm01vm01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs nix-colors; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/pm01vm01/home.nix
];
};
};
}; };
} }

2
homelab/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
secrets/
.env

13
homelab/README.md Normal file
View File

@ -0,0 +1,13 @@
# Create proxy network
`docker network create proxy`
# Configure caddy cloudflare
Find instructions on [caddy-dns cloudflare](https://github.com/caddy-dns/cloudflare)
# Services
| Name | Use | Domain | Auth |
| --- | --- | --- | --- |
| Adguard | DNS | https://adguard.timo.bmrs.nl/ | local |
| Caddy | Reverse proxy | - | - |
| Forgejo | Git | https://git.timo.bmrs.nl/ | Openid |
| Ldap | User directory | https://ldap.timo.bmrs.nl/ | - |

21
homelab/adguard/docker-compose.yml Normal file
View File

@ -0,0 +1,21 @@
services:
adguardhome:
image: adguard/adguardhome:latest
container_name: adguardhome
restart: unless-stopped
ports:
- 53:53/tcp
- 53:53/udp
# - 80:3000 # Only use during setup
volumes:
- work:/opt/adguardhome/work
- conf:/opt/adguardhome/conf
volumes:
work:
conf:
networks:
default:
name: proxy
external: true

1
homelab/authelia/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
keys/

2
homelab/authelia/README.md Normal file
View File

@ -0,0 +1,2 @@
- Follow [This](https://www.authelia.com/configuration/identity-providers/openid-connect/provider/) guide for generating keys
- Store the keys in the /keys directory

1320
homelab/authelia/config/configuration.yml Normal file
View File

File diff suppressed because it is too large Load Diff

44
homelab/authelia/docker-compose.yml Normal file
View File

@ -0,0 +1,44 @@
services:
authelia:
image: authelia/authelia:latest
container_name: authelia
restart: unless-stopped
depends_on:
- lldap
volumes:
- ./config/configuration.yml:/config/configuration.yml
- ./config/keys:/keys
- data_authelia:/config
environment:
X_AUTHELIA_CONFIG_FILTERS: template
JWT_SECRET: ${AUTHELIA_JWT_SECRET}
SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${LLDAP_ADMIN_PASSWORD}
HMAC_SECRET: ${AUTHELIA_HMAC_SECRET}
CLIENT_SECRET_FORGEJO: ${AUTHELIA_CLIENT_SECRET_FORGEJO}
CLIENT_ID_FORGEJO: ${AUTHELIA_CLIENT_ID_FORGEJO}
CLIENT_SECRET_PAPERLESS: ${AUTHELIA_CLIENT_SECRET_PAPERLESS}
CLIENT_ID_PAPERLESS: ${AUTHELIA_CLIENT_ID_PAPERLESS}
lldap:
image: lldap/lldap:latest
container_name: lldap
restart: unless-stopped
volumes:
- data_lldap:/data
environment:
LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
LLDAP_KEY_SEED: ${LLDAP_KEY_SEED}
LLDAP_LDAP_BASE_DN: dc=bmrs,dc=nl
LLDAP_LDAP_USER_PASS: ${LLDAP_ADMIN_PASSWORD}
volumes:
data_lldap:
data_authelia:
networks:
default:
name: proxy
external: true

8
homelab/caddy/Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM caddy:2.8-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:2.8
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

2
homelab/caddy/README.md Normal file
View File

@ -0,0 +1,2 @@
# Caddy reverse proxy
Follow [this](https://github.com/caddy-dns/cloudflare) to obtain secrets

21
homelab/caddy/caddyfiles/Caddyfile
View File

@ -0,0 +1,21 @@
localhost {
respond "Hello world!"
}
*.timo.bmrs.nl timo.bmrs.nl {
tls {
dns cloudflare {
zone_token {env.CF_ZONE_TOKEN}
api_token {env.CF_API_TOKEN}
}
resolvers 1.1.1.1
}
forward_auth authelia:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
import routes/*
}

4
homelab/caddy/caddyfiles/routes/adguard Normal file
View File

@ -0,0 +1,4 @@
@adguard host adguard.timo.bmrs.nl
handle @adguard {
reverse_proxy adguardhome:3000
}

9
homelab/caddy/caddyfiles/routes/authelia Normal file
View File

@ -0,0 +1,9 @@
@ldap host ldap.timo.bmrs.nl
handle @ldap {
reverse_proxy lldap:17170
}
@authelia host auth.timo.bmrs.nl
handle @authelia {
reverse_proxy authelia:9091
}

9
homelab/caddy/caddyfiles/routes/dozzle Normal file
View File

@ -0,0 +1,9 @@
@dozzle host dozzle.timo.bmrs.nl
handle @dozzle {
forward_auth authelia:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
reverse_proxy dozzle:8080
}

4
homelab/caddy/caddyfiles/routes/forgejo Normal file
View File

@ -0,0 +1,4 @@
@forgejo host git.timo.bmrs.nl
handle @forgejo {
reverse_proxy forgejo:3000
}

4
homelab/caddy/caddyfiles/routes/homeassistant Normal file
View File

@ -0,0 +1,4 @@
@homeassistant host homeassistant.timo.bmrs.nl
handle @homeassistant {
reverse_proxy homeassistant:8123
}

4
homelab/caddy/caddyfiles/routes/homepage Normal file
View File

@ -0,0 +1,4 @@
@homepage host home.timo.bmrs.nl
handle @homepage {
reverse_proxy homepage:3000
}

4
homelab/caddy/caddyfiles/routes/immich Normal file
View File

@ -0,0 +1,4 @@
@immich host immich.timo.bmrs.nl
handle @immich {
reverse_proxy immich:2283
}

12
homelab/caddy/caddyfiles/routes/nextcloud Normal file
View File

@ -0,0 +1,12 @@
@nextcloud host cloud.timo.bmrs.nl
handle @nextcloud {
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
reverse_proxy nextcloud:80
}
@office host office.timo.bmrs.nl
handle @office {
reverse_proxy nextcloud-office:9980
}

4
homelab/caddy/caddyfiles/routes/paperless-ngx Normal file
View File

@ -0,0 +1,4 @@
@paperless-ngx host paperless.timo.bmrs.nl
handle @paperless-ngx {
reverse_proxy paperless-ngx:8000
}

4
homelab/caddy/caddyfiles/routes/searxng Normal file
View File

@ -0,0 +1,4 @@
@searxng host search.timo.bmrs.nl
handle @searxng {
reverse_proxy searxng:8080
}

4
homelab/caddy/caddyfiles/routes/uptime-kuma Normal file
View File

@ -0,0 +1,4 @@
@uptime-kuma host uptime.timo.bmrs.nl
handle @uptime-kuma {
reverse_proxy uptime-kuma:3001
}

4
homelab/caddy/caddyfiles/routes/vaultwarden Normal file
View File

@ -0,0 +1,4 @@
@vaultwarden host bitwarden.timo.bmrs.nl
handle @vaultwarden {
reverse_proxy vaultwarden:80
}

24
homelab/caddy/docker-compose.yml
View File

@ -1,6 +1,6 @@
services: services:
caddy: caddy:
image: caddy:2.8 build: .
container_name: caddy container_name: caddy
restart: unless-stopped restart: unless-stopped
cap_add: cap_add:
@ -10,10 +10,24 @@ services:
- 443:443 - 443:443
- 443:443/udp - 443:443/udp
volumes: volumes:
- caddy_data:/data - data:/data
- caddy_config:/config - config:/config
- ./caddyfiles:/etc/caddy/ - ./caddyfiles:/etc/caddy/
environment:
CF_ZONE_TOKEN: ${CF_ZONE_TOKEN}
CF_API_TOKEN: ${CF_API_TOKEN}
networks:
proxy:
aliases:
- auth.timo.bmrs.nl
- cloud.timo.bmrs.nl
- office.timo.bmrs.nl
volumes: volumes:
caddy_data: data:
caddy_config: config:
networks:
proxy:
name: proxy
external: true

15
homelab/dozzle/docker-compose.yml Normal file
View File

@ -0,0 +1,15 @@
services:
dozzle:
image: amir20/dozzle:latest
container_name: dozzle
restart: unless-stopped
volumes:
- /run/user/1000/docker.sock:/var/run/docker.sock:ro
environment:
DOZZLE_ENABLE_ACTIONS: true
DOZZLE_AUTH_PROVIDER: forward-proxy
networks:
default:
external: true
name: proxy

2755
homelab/forgejo/config/app.ini Normal file
View File

File diff suppressed because it is too large Load Diff

40
homelab/forgejo/docker-compose.yml Normal file
View File

@ -0,0 +1,40 @@
services:
forgejo:
image: codeberg.org/forgejo/forgejo:9
container_name: forgejo
restart: unless-stopped
depends_on:
- db
ports:
- 222:22
volumes:
- data:/data
- ./config/app.ini:/etc/forgejo/app.ini
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
FORGEJO__database__DB_TYPE: postgres
FORGEJO__database__HOST: "forgejo-db"
FORGEJO__database__NAME: forgejo
FORGEJO__database__USER: forgejo
FORGEJO__database__PASSWD: ${DB_PASSWORD}
db:
image: postgres:14
container_name: forgejo-db
restart: unless-stopped
volumes:
- data_db:/var/lib/postgresql/data
environment:
POSTGRES_USER: forgejo
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGES_DB: forgejo
volumes:
data:
data_db:
networks:
default:
name: proxy
external: true

15
homelab/homeassistant/config/configuration.yaml Normal file
View File

@ -0,0 +1,15 @@
# Loads default set of integrations. Do not remove.
default_config:
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.18.0.0/24

17
homelab/homeassistant/docker-compose.yml Normal file
View File

@ -0,0 +1,17 @@
services:
homeassistant:
image: ghcr.io/home-assistant/home-assistant:stable
container_name: homeassistant
restart: unless-stopped
volumes:
- config:/config
- ./config/configuration.yaml:/config/configuration.yaml
- /etc/localtime:/etc/localtime:ro
volumes:
config:
networks:
default:
name: proxy
external: true

1
homelab/homepage/config/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
logs/

3
homelab/homepage/config/bookmarks.yaml Normal file
View File

@ -0,0 +1,3 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/bookmarks

0
homelab/caddy/Caddyfile → homelab/homepage/config/custom.css
View File

0
homelab/homepage/config/custom.js Normal file
View File

10
homelab/homepage/config/docker.yaml Normal file
View File

@ -0,0 +1,10 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/docker/
# my-docker:
# host: 127.0.0.1
# port: 2375
docker:
socket: /var/run/docker.sock

2
homelab/homepage/config/kubernetes.yaml Normal file
View File

@ -0,0 +1,2 @@
---
# sample kubernetes config

56
homelab/homepage/config/services.yaml Normal file
View File

@ -0,0 +1,56 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/services
- Primary Services:
- Adguard:
href: https://adguard.timo.bmrs.nl/
description: DNS
icon: adguard-home
server: docker
container: adguardhome
widget:
type: adguard
url: http://adguardhome:3000
username: xeovalyte
password: {{HOMEPAGE_VAR_ADGUARD_PASSWORD}}
- Forgejo:
href: https://git.timo.bmrs.nl/
description: Git
icon: forgejo
server: docker
container: forgejo
- Uptime Kuma:
href: https://uptime.timo.bmrs.nl/
description: Uptime monitoring
icon: uptime-kuma
server: docker
container: uptime-kuma
- Vaultwarden:
href: https://bitwarden.timo.bmrs.nl/
description: Password manager
icon: bitwarden
server: docker
container: vaultwarden
- Backend Services:
- Authelia:
description: SSO
icon: authelia
server: docker
container: authelia
- Caddy:
description: Reverse proxy
icon: caddy
server: docker
container: caddy
- LLDAP:
description: Active directory
href: https://ldap.timo.bmrs.nl/
server: docker
container: lldap

21
homelab/homepage/config/settings.yaml Normal file
View File

@ -0,0 +1,21 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/settings
providers:
openweathermap: openweathermapapikey
weatherapi: weatherapiapikey
title: Xeovalyte's Dashboard
color: slate
headerStyle: boxedWidgets
layout:
Primary Services:
style: row
columns: 3
Backend Services:
style: row
columns: 4

12
homelab/homepage/config/widgets.yaml Normal file
View File

@ -0,0 +1,12 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/service-widgets
- resources:
cpu: true
memory: true
disk: /
- search:
provider: duckduckgo
target: _blank

19
homelab/homepage/docker-compose.yml Normal file
View File

@ -0,0 +1,19 @@
services:
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
restart: unless-stopped
volumes:
- ./config:/app/config
- logs:/app/config/logs
- /run/user/1000/docker.sock:/var/run/docker.sock
environment:
HOMEPAGE_VAR_ADGUARD_PASSWORD: $ADGUARD_PASSWORD
volumes:
logs:
networks:
default:
name: proxy
external: true

78
homelab/immich/docker-compose.yml Normal file
View File

@ -0,0 +1,78 @@
services:
immich:
image: ghcr.io/immich-app/immich-server:release
container_name: immich
restart: unless-stopped
volumes:
- data:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
environment:
DB_HOSTNAME: "immich-db"
env_file:
- .env
depends_on:
- redis
- db
immich-machine-learning:
image: ghcr.io/immich-app/immich-machine-learning:release
container_name: immich-machine-learning
restart: unless-stopped
volumes:
- cache:/cache
env_file:
- .env
redis:
image: docker.io/redis:6.2-alpine@sha256:2ba50e1ac3a0ea17b736ce9db2b0a9f6f8b85d4c27d5f5accc6a416d8f42c6d5
container_name: immich-redis
restart: unless-stopped
healthcheck:
test: redis-cli ping || exit 1
volumes:
- data_redis:/data
db:
image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
container_name: immich-db
restart: unless-stopped
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- data_db:/var/lib/postgresql/data
healthcheck:
test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
interval: 5m
start_interval: 30s
start_period: 5m
command:
[
'postgres',
'-c',
'shared_preload_libraries=vectors.so',
'-c',
'search_path="$$user", public, vectors',
'-c',
'logging_collector=on',
'-c',
'max_wal_size=2GB',
'-c',
'shared_buffers=512MB',
'-c',
'wal_compression=on',
]
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: '--data-checksums'
volumes:
data:
data_db:
data_redis:
cache:
networks:
default:
name: proxy
external: true

54
homelab/nextcloud/docker-compose.yml Normal file
View File

@ -0,0 +1,54 @@
services:
nextcloud:
image: nextcloud:apache
container_name: nextcloud
restart: unless-stopped
volumes:
- data:/var/www/html
environment:
POSTGRES_HOST: nextcloud-db
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
REDIS_HOST: nextcloud-redis
TRUSTED_PROXIES: "172.23.0.0/24"
depends_on:
- db
- redis
db:
image: postgres:16
container_name: nextcloud-db
restart: unless-stopped
volumes:
- data_db:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
redis:
image: redis:alpine
container_name: nextcloud-redis
restart: unless-stopped
volumes:
- data_redis:/data
office:
image: collabora/code
container_name: nextcloud-office
restart: unless-stopped
environment:
DOMAIN: "cloud.timo.bmrs.nl"
extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
volumes:
data:
data_db:
data_redis:
networks:
default:
name: proxy
external: true

3
homelab/paperless-ngx/README.md Normal file
View File

@ -0,0 +1,3 @@
# Paperless NGX
- Create super user: `docker compose exec paperless-ngx python3 manage.py createsuperuser`
- Follow [Paperless wiki](https://www.authelia.com/integration/openid-connect/paperless/) for configuring oauth

50
homelab/paperless-ngx/docker-compose.yml Normal file
View File

@ -0,0 +1,50 @@
services:
paperless-ngx:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
container_name: paperless-ngx
restart: unless-stopped
depends_on:
- broker
- db
volumes:
- data:/usr/src/paperless/data
- media:/usr/src/paperless/media
environment:
PAPERLESS_REDIS: redis://paperless-ngx-broker:6379
PAPERLESS_DBHOST: paperless-ngx-db
PAPERLESS_DBPASS: ${POSTGRES_PASSWORD}
PAPERLESS_URL: https://paperless.timo.bmrs.nl
PAPERLESS_DISABLE_REGULAR_LOGIN: true
PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
PAPERLESS_SOCIALACCOUNT_PROVIDERS: ${PAPERLESS_SOCIALACCOUNT_PROVIDERS}
broker:
image: docker.io/library/redis:7
container_name: paperless-ngx-broker
restart: unless-stopped
volumes:
- data_redis:/data
db:
image: docker.io/library/postgres:16
container_name: paperless-ngx-db
restart: unless-stopped
volumes:
- data_db:/var/lib/postgresql/data
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperless
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
data:
data_db:
data_redis:
media:
networks:
default:
name: proxy
external: true

2493
homelab/searxng/config/settings.yml Normal file
View File

File diff suppressed because it is too large Load Diff

54
homelab/searxng/config/uwsgi.ini Normal file
View File

@ -0,0 +1,54 @@
[uwsgi]
# Who will run the code
uid = searxng
gid = searxng
# Number of workers (usually CPU count)
# default value: %k (= number of CPU core, see Dockerfile)
workers = %k
# Number of threads per worker
# default value: 4 (see Dockerfile)
threads = 4
# The right granted on the created socket
chmod-socket = 666
# Plugin to use and interpreter config
single-interpreter = true
master = true
plugin = python3
lazy-apps = true
enable-threads = 4
# Module to import
module = searx.webapp
# Virtualenv and python path
pythonpath = /usr/local/searxng/
chdir = /usr/local/searxng/searx/
# automatically set processes name to something meaningful
auto-procname = true
# Disable request logging for privacy
disable-logging = true
log-5xx = true
# Set the max size of a request (request-body excluded)
buffer-size = 8192
# No keep alive
# See https://github.com/searx/searx-docker/issues/24
add-header = Connection: close
# Follow SIGTERM convention
# See https://github.com/searxng/searxng/issues/3427
die-on-term
# uwsgi serves the static files
static-map = /static=/usr/local/searxng/searx/static
# expires set to one day
static-expires = /* 86400
static-gzip-all = True
offload-threads = 4

15
homelab/searxng/docker-compose.yml Normal file
View File

@ -0,0 +1,15 @@
services:
searxng:
image: searxng/searxng
container_name: searxng
restart: unless-stopped
volumes:
- ./config:/etc/searxng
environment:
BASE_URL: "https://search.timo.bmrs.nl/"
SEARXNG_SECRET: "PO8rO5ZW7K67sroemisMS8wpiq5pXEHecvXzGs4CdAgTQIQvAI09m65vFKGVVkZW"
networks:
default:
external: true
name: proxy

15
homelab/uptime-kuma/docker-compose.yml Normal file
View File

@ -0,0 +1,15 @@
services:
uptime-kuma:
image: louislam/uptime-kuma:1
container_name: uptime-kuma
restart: unless-stopped
volumes:
- data:/app/data
volumes:
data:
networks:
default:
name: proxy
external: true

17
homelab/vaultwarden/docker-compose.yml Normal file
View File

@ -0,0 +1,17 @@
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
volumes:
- data:/data
environment:
SIGNUPS_ALLOWED: "true"
volumes:
data:
networks:
default:
name: proxy
external: true

8
hosts/desktop/home.nix
View File

@ -19,6 +19,13 @@
Define the host of the machine Define the host of the machine
''; '';
}; };
headless = lib.mkOption {
type = with lib.types; bool;
description = ''
Is this machine headless?
'';
};
}; };
config = { config = {
@ -28,6 +35,7 @@
}; };
host = "xv-desktop"; host = "xv-desktop";
headless = false;
home.packages = with pkgs; [ home.packages = with pkgs; [
unstable.prismlauncher unstable.prismlauncher

28
hosts/laptop/home.nix
View File

@ -13,6 +13,7 @@
../../modules/home/cli/common ../../modules/home/cli/common
../../modules/home/cli/develop.nix ../../modules/home/cli/develop.nix
../../modules/home/cli/ssh.nix ../../modules/home/cli/ssh.nix
../../modules/home/cli/yazi.nix
]; ];
@ -23,6 +24,13 @@
Define the host of the machine Define the host of the machine
''; '';
}; };
headless = lib.mkOption {
type = with lib.types; bool;
description = ''
Is this machine headless?
'';
};
}; };
config = { config = {
@ -32,6 +40,7 @@
}; };
host = "xv-laptop"; host = "xv-laptop";
headless = false;
home.packages = with pkgs; [ home.packages = with pkgs; [
# Desktop Applications # Desktop Applications
@ -43,12 +52,7 @@
unstable.vesktop unstable.vesktop
unstable.blender unstable.blender
loupe loupe
unstable.bottles unstable.rnote
# Systemverilog
unstable.gtkwave
unstable.verilator
gnumake
# Office # Office
libreoffice libreoffice
@ -62,11 +66,23 @@
# Development # Development
unstable.drawio unstable.drawio
# Scripts
(import ../../modules/scripts/save_image.nix { inherit pkgs; })
]; ];
# Enable home-manager # Enable home-manager
programs.home-manager.enable = true; programs.home-manager.enable = true;
# Enable default applications
xdg.mimeApps = {
enable = true;
defaultApplications = {
"application/pdf" = "firefox.desktop";
"application/rnote" = "rnote.desktop";
};
};
home.stateVersion = "24.05"; home.stateVersion = "24.05";
}; };

48
hosts/pm01vm01/default.nix Normal file
View File

@ -0,0 +1,48 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
# CLI
../../modules/system/cli/common.nix
../../modules/system/cli/docker.nix
# Hardware
../../modules/system/hardware/firewall.nix
../../modules/system/hardware/garbage-collection.nix
../../modules/system/hardware/locale.nix
];
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nix-community.cachix.org"
];
};
# Bootloader.
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
networking.hostName = "pm01vm01"; # Define your hostname.
users.users.xeovalyte = {
isNormalUser = true;
description = "Timo Boomers";
extraGroups = [ "networkmanager" "wheel" ];
};
# Enable ssh
services.openssh.enable = true;
# Forward ports
networking.firewall = {
allowedTCPPorts = [ 80 443 53 ];
allowedUDPPorts = [ 53 ];
};
system.stateVersion = "24.05";
}

37
hosts/pm01vm01/hardware-configuration.nix Normal file
View File

@ -0,0 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ohci_pci" "ehci_pci" "virtio_pci" "ahci" "usbhid" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/47301fe6-a7db-4ffd-854a-beddd53b6d99";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/6A5B-F811";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s8.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

48
hosts/pm01vm01/home.nix Normal file
View File

@ -0,0 +1,48 @@
{ pkgs, lib, config, ... }:
{
imports = [
# Gui
../../modules/home/gui/theming.nix
# CLI
../../modules/home/cli/common
../../modules/home/cli/yazi.nix
];
options = {
host = lib.mkOption {
type = with lib.types; str;
description = ''
Define the host of the machine
'';
};
headless = lib.mkOption {
type = with lib.types; bool;
description = ''
Is this machine headless?
'';
};
};
config = {
home = {
username = "xeovalyte";
homeDirectory = "/home/xeovalyte";
};
host = "pm01vm01";
headless = true;
home.packages = with pkgs; [
];
# Enable home-manager
programs.home-manager.enable = true;
home.stateVersion = "24.05";
};
}

29
modules/home/cli/common/helix.nix
View File

@ -6,8 +6,20 @@
unstable.svls unstable.svls
unstable.nil unstable.nil
unstable.nixpkgs-fmt unstable.nixpkgs-fmt
unstable.vale-ls
unstable.vale
]; ];
home.file.".config/vale/.vale.ini".text = ''
StylesPath = ~/.local/share/vale/styles
MinAlertLevel = suggestion
Packages = Readability
[*]
BasedOnStyles = Vale
'';
programs.helix = { programs.helix = {
enable = true; enable = true;
package = pkgs.unstable.helix; package = pkgs.unstable.helix;
@ -31,6 +43,11 @@
command = "svls"; command = "svls";
}; };
# Vale
language-server.vale = {
command = "vale-ls";
};
language = [ language = [
{ {
name = "verilog"; name = "verilog";
@ -40,6 +57,18 @@
name = "nix"; name = "nix";
language-servers = [ "svls" ]; language-servers = [ "svls" ];
} }
{
name = "html";
language-servers = [ "vscode-html-language-server" "tailwindcss-ls" ];
}
{
name = "css";
language-servers = [ "vscode-html-language-server" "tailwindcss-ls" ];
}
{
name = "markdown";
language-servers = [ "vale" ];
}
]; ];
}; };
themes = { themes = {

20
modules/home/cli/yazi.nix Normal file
View File

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
programs.yazi = {
enable = true;
enableZshIntegration = true;
settings = {
opener = {
open = [
{ run = "xdg-open $@"; desc = "xdg"; orphan = true; }
];
};
open = {
prepend_rules = [
{ name = "*.rnote"; use = "open"; }
];
};
};
};
}

6
modules/home/gui/common/firefox.nix
View File

@ -26,7 +26,7 @@
DisableFirefoxAccounts = true; DisableFirefoxAccounts = true;
DisableAccounts = true; DisableAccounts = true;
DontCheckDefaultBrowser = true; DontCheckDefaultBrowser = true;
DisplayBookmarksToolbar = "never"; DisplayBookmarksToolbar = "newpage";
ExtensionSettings = { ExtensionSettings = {
"nl-NL@dictionaries.addons.mozilla.org" = { "nl-NL@dictionaries.addons.mozilla.org" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/woordenboek-nederlands/latest.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/woordenboek-nederlands/latest.xpi";
@ -44,6 +44,10 @@
install_url = "https://addons.mozilla.org/firefox/downloads/latest/pwas-for-firefox/latest.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/pwas-for-firefox/latest.xpi";
installation_mode = "force_installed"; installation_mode = "force_installed";
}; };
"markdown-viewer@outofindex.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/markdown-viewer-chrome/latest.xpi";
installation_mode = "force_installed";
};
}; };
}; };
profiles.xeovalyte = { profiles.xeovalyte = {

24
modules/home/gui/hyprland/kanshi.nix Normal file
View File

@ -0,0 +1,24 @@
{ pkgs, ... }:
{
services.kanshi = {
enable = true;
systemdTarget = "hyprland-session.target";
profiles = {
undocked = {
outputs = [
{
criteria = "eDP-1";
}
];
};
docked = {
outputs = [
{
criteria = "eDP-9";
}
];
};
};
};
}

12
modules/home/gui/theming.nix
View File

@ -5,20 +5,14 @@ let
gtkThemeFromScheme; gtkThemeFromScheme;
in in
{ {
options = {
guiTheming.enable = lib.mkEnableOption "Enable GTK and QT theming";
};
imports = [ imports = [
nix-colors.homeManagerModules.default nix-colors.homeManagerModules.default
]; ];
config = { config = {
guiTheming.enable = lib.mkDefault true;
colorScheme = nix-colors.colorSchemes.da-one-sea; colorScheme = nix-colors.colorSchemes.da-one-sea;
gtk = lib.mkIf config.guiTheming.enable { gtk = lib.mkIf (config.headless == false) {
enable = true; enable = true;
theme = { theme = {
name = "${config.colorScheme.slug}"; name = "${config.colorScheme.slug}";
@ -30,7 +24,7 @@ in
}; };
}; };
qt = lib.mkIf config.guiTheming.enable { qt = lib.mkIf (config.headless == false) {
enable = true; enable = true;
platformTheme.name = "gtk"; platformTheme.name = "gtk";
style = { style = {
@ -39,7 +33,7 @@ in
}; };
}; };
home.pointerCursor = lib.mkIf config.guiTheming.enable { home.pointerCursor = lib.mkIf (config.headless == false) {
package = pkgs.phinger-cursors; package = pkgs.phinger-cursors;
name = "phinger-cursors-dark"; name = "phinger-cursors-dark";
size = 24; size = 24;

46
modules/home/gui/thunderbird.nix
View File

@ -35,29 +35,29 @@
thunderbird.enable = true; thunderbird.enable = true;
thunderbird.profiles = [ "default" ]; thunderbird.profiles = [ "default" ];
}; };
# tudelft = { tudelft = {
# imap = { imap = {
# host = "outlook.office365.com"; host = "outlook.office365.com";
# port = 993; port = 993;
# tls = { tls = {
# enable = true; enable = true;
# }; };
# }; };
# smtp = { smtp = {
# host = "smtp-a.tudelft.nl"; host = "smtp.office365.com";
# port = 465; port = 587;
# tls = { tls = {
# enable = true; enable = true;
# useStartTls = false; useStartTls = false;
# }; };
# }; };
# address = "tboomers@tudelft.nl"; address = "tboomers@tudelft.nl";
# realName = "Timo Boomers"; realName = "Timo Boomers";
# userName = "tboomers@tudelft.nl"; userName = "tboomers@tudelft.nl";
# primary = false; primary = false;
# thunderbird.enable = true; thunderbird.enable = true;
# thunderbird.profiles = [ "default" ]; thunderbird.profiles = [ "default" ];
# }; };
xeovalyte = { xeovalyte = {
imap = { imap = {
host = "mail.xeovalyte.dev"; host = "mail.xeovalyte.dev";

25
modules/scripts/save_image.nix Normal file
View File

@ -0,0 +1,25 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "saveimage" ''
# Check if an argument is provided
if [ -z "$1" ]; then
echo "Usage: $0 <filename>"
exit 1
fi
# Create the assets directory if it doesn't exist
mkdir -p assets
# Set the output path in the assets directory
OUTPUT_PATH="assets/$1.png"
# Save the clipboard image to the specified file in assets directory
wl-paste --type image/png > "$OUTPUT_PATH"
# Check if the file was successfully saved
if [ $? -eq 0 ]; then
echo "Image saved to $OUTPUT_PATH"
else
echo "Failed to save the image"
fi
''

1
modules/system/cli/common.nix
View File

@ -7,6 +7,7 @@
fastfetch fastfetch
btop btop
git git
yazi
]; ];
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = [ "/share/zsh" ];

11
modules/system/cli/docker.nix
View File

@ -1,4 +1,4 @@
{ ... }: { pkgs, ... }:
{ {
virtualisation.docker = { virtualisation.docker = {
@ -10,4 +10,13 @@
}; };
users.users.xeovalyte.extraGroups = [ "docker" ]; users.users.xeovalyte.extraGroups = [ "docker" ];
security.wrappers = {
docker-rootlesskit = {
owner = "root";
group = "root";
capabilities = "cap_net_bind_service+ep";
source = "${pkgs.rootlesskit}/bin/rootlesskit";
};
};
} }

4
modules/system/hardware/firewall.nix
View File

@ -3,7 +3,7 @@
{ {
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 53317 3000 24800 ]; allowedTCPPorts = [ ];
allowedUDPPorts = [ 53317 24800 ]; allowedUDPPorts = [ ];
}; };
} }