Compare commits
167 Commits
3c31e70fd2
...
main
Author | SHA1 | Date | |
---|---|---|---|
e28f9d5f2f
|
|||
6381ccf530
|
|||
35e7c0df79
|
|||
047e54ef74
|
|||
6dfad3f7f1
|
|||
74ecc77048
|
|||
5c74dc820b
|
|||
89de487f68
|
|||
07c5526868
|
|||
d3bb262f7a
|
|||
d5560fd847
|
|||
751cb87d8d
|
|||
d2cc6663e7
|
|||
64f21a317b
|
|||
849bd2a5e0
|
|||
79d07a5bfd
|
|||
351272fc5c
|
|||
f68ff8d18c
|
|||
f475b7b4ab
|
|||
e65e523992
|
|||
38cb13a195
|
|||
fa648a174d
|
|||
95235d5ad5
|
|||
4d1b3e9911
|
|||
e1fd8a07bd | |||
8e9ab3aa38 | |||
5da7636a42 | |||
9fd98e97fe | |||
af966ab2f3
|
|||
ff981dc3f4
|
|||
8b2bcf41d4
|
|||
4874017b4f
|
|||
37b631f68b
|
|||
cc362f7b5b
|
|||
933b9bb6d6 | |||
f3bf8d650a | |||
0cdb821d5b | |||
bace54a43d | |||
b260743b9e
|
|||
f51c7e4267
|
|||
2839974006 | |||
fe6d12b060 | |||
f09dfbc108
|
|||
ceeb4980ef | |||
ae43972aa3 | |||
abc634dab8 | |||
67cb031d5e | |||
a321537c40 | |||
66f7a1be30 | |||
71390267eb
|
|||
be91e1e877
|
|||
a6b7791093
|
|||
329e741553
|
|||
5c9cce1e4a
|
|||
59f36caeb1
|
|||
2f90d8e0e8
|
|||
2df3077b80
|
|||
1628be3e62 | |||
92f20c250b
|
|||
8ecf066196
|
|||
b072ac82e1 | |||
a79b1b7281
|
|||
38cb4a54b1
|
|||
ca45586276
|
|||
51f96a1158
|
|||
e384a2bb8b
|
|||
ad155e63ce | |||
87b73dc10e
|
|||
6d3dea12ff
|
|||
5c78d0c1f5
|
|||
42cab14829
|
|||
22f69febf9
|
|||
c1d5675927
|
|||
86bf66c817 | |||
bde66ffbe2
|
|||
eb9ca5e5e1
|
|||
d7056e8f38
|
|||
9147a68f0b
|
|||
4ab5ad76cf | |||
5f0eb27281 | |||
1a6889d561
|
|||
c4f86996d9
|
|||
e17752dec4 | |||
40a5f794ea | |||
b6a91b7dcb | |||
a8a6776b1b
|
|||
4c47313acc
|
|||
01343006a5 | |||
4788bd8cd4 | |||
af39ac1be4 | |||
8dbddaf62d | |||
fcc9fe0773 | |||
7a0797bcd8
|
|||
52ce5660fa
|
|||
fdf3fe63d7
|
|||
751fc9298f
|
|||
2bd950bd83
|
|||
68ec429e96
|
|||
e07c854ae0
|
|||
a3f022f5fc
|
|||
63c40c4230
|
|||
4512b87d02
|
|||
bd454fe348
|
|||
4b1332e748
|
|||
ff3388379c
|
|||
0c2736b9aa
|
|||
a28c86b74a
|
|||
293fad6bf8
|
|||
323b8af5aa
|
|||
8a425afdde
|
|||
b9d4c49d43
|
|||
7f42d033db
|
|||
0ce120c045
|
|||
46d4f7f0f6
|
|||
cd16cc2cb8
|
|||
82e9af1d80
|
|||
66aa78041e
|
|||
c52c189e87
|
|||
e22ca026e5
|
|||
52624b4390
|
|||
5b64398bfb
|
|||
a9b50ca7f2
|
|||
78d49601db
|
|||
77953bd48b
|
|||
3567163844
|
|||
aa5022198f
|
|||
c573823590
|
|||
e655ba8b08
|
|||
4a4648eafd
|
|||
ae201dc410
|
|||
729fd9688f
|
|||
eacbe34402
|
|||
690daec6fa
|
|||
9a08ed5dff
|
|||
e1eef10228
|
|||
f3362df5aa
|
|||
3a61bc6b26
|
|||
d161cf7a81
|
|||
19e101ddc9
|
|||
eab59092a4
|
|||
dc7061e70a
|
|||
482abfdf63
|
|||
16d8eb35d1
|
|||
f739a1a984
|
|||
6033709dea
|
|||
bfc2c002b1
|
|||
8944b6534a
|
|||
587d2bc790
|
|||
beb673db10
|
|||
44c97f169d
|
|||
ecc8187973
|
|||
9c88315c00
|
|||
c0661b2522
|
|||
e09285d330
|
|||
ba648c277c
|
|||
42cd51c0b5
|
|||
fa8a1f2eec
|
|||
ac8f095cce
|
|||
3705f8b8fe
|
|||
89993d7c8a
|
|||
f85a04b3b8
|
|||
53e3c11d1e
|
|||
b19e207ec7
|
|||
86b463f067
|
|||
71f09fccc0
|
|||
331f2c2962
|
|||
08f7138ba4 |
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
||||
result
|
7
.sops.yaml
Normal file
7
.sops.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
keys:
|
||||
- &v-th-ctr-01 age1cs2p7tgk9356tjmet6526k3ghwq9we82nz6z7qggqns656paku6sx30tkg
|
||||
- &p-th-rpi-01 age1dd7xpgnak6z6zmwa9889pjd6hmj42zaxq7ea8s47dlk3v6u5f37sldkt97
|
||||
creation_rules:
|
||||
- path_regex: secrets/deploy.yaml$
|
||||
age: >-
|
||||
age1cs2p7tgk9356tjmet6526k3ghwq9we82nz6z7qggqns656paku6sx30tkg,age12gjtehffgmepyga9vaqkurn9fyvte8n7wsklmg866z5usezvuqlsr2m5mp
|
72
README.md
72
README.md
@@ -3,6 +3,7 @@
|
||||
## New system install guide
|
||||
|
||||
### 1. Install Nixos with ISO
|
||||
|
||||
[Nixos download](https://nixos.org/download)
|
||||
|
||||
### 2. Copy hardware configuration to hosts directory
|
||||
@@ -10,14 +11,85 @@
|
||||
### 3. Generate ssh-keys
|
||||
|
||||
**Archserver**
|
||||
|
||||
1. `ssh-keygen -f ~/.ssh/archserver`
|
||||
2. `ssh-copy-id -i ~/.ssh/archserver 192.168.1.20`
|
||||
|
||||
**Gitea**
|
||||
|
||||
1. `ssh-keygen -f ~/.ssh/gitea -t ed25519 -C "me+gitea@xeovalyte.dev"`
|
||||
2. Upload to [Gitea](https://gitea.xeovalyt.dev)
|
||||
3. Verify ssh key (follow instructions on Gitea)
|
||||
|
||||
### 4. Add SSH keys
|
||||
|
||||
1. `ssh-add ~/.ssh/gitea`
|
||||
2. `ssh-add ~/.ssh/archserver`
|
||||
|
||||
## Homelab
|
||||
|
||||
List over services
|
||||
|
||||
| Service | Description | Link |
|
||||
| -------------- | ---------------------------------- | ---------------------------------------------------------------------- |
|
||||
| Caddy | Reverse proxy | - |
|
||||
| Kanidm | Openid provider | [auth.tbmrs.nl](https://auth.tbmrs.nl) |
|
||||
| Forgejo | Git provider | [git.tbmrs.nl](https://git.tbmrs.nl) |
|
||||
| Immich | Photo and videos | [photos.tbmrs.nl](https://photos.tbmrs.nl) |
|
||||
| Homepage | Dashboard | [home.tbmrs.nl](https://home.tbmrs.nl) |
|
||||
| Uptime Kuma | Uptime monitor | [uptime.tbmrs.nl](https://uptime.tbmrs.nl) |
|
||||
| Pingvin share | Sharing of files | [share.tbmrs.nl](https://share.tbmrs.nl) |
|
||||
| Vaultwarden | Password manager | [vault.local.tbmrs.nl](https://vault.local.tbmrs.nl) |
|
||||
| Paperless NGX | Documents management | [paperless.local.tbmrs.nl](https://paperless.local.tbmrs.nl) |
|
||||
| Beszel | Resource usage | [monitor.local.tbmrs.nl](https://monitor.local.tbmrs.nl) |
|
||||
| Dufs | File manager | [files.tbmrs.nl](https://files.tbmrs.nl) |
|
||||
| Syncthing | File syncing | [syncthing.local.tbmrs.nl](https://syncthing.local.tbmrs.nl) |
|
||||
| Home Assistant | Home automation | [home-assistant.local.tbmrs.nl](https://home-assistant.local.tbmrs.nl) |
|
||||
| ~~Karakeep~~ | Bookmarking | ~~[karakeep.local.tbmrs.nl](https://karakeep.local.tbmrs.nl)~~ |
|
||||
| Vikunja | Tasks management | [vikunja.local.tbmrs.nl](https://vikunja.local.tbmrs.nl) |
|
||||
| Stalwart | Mailserver | [mail.tbmrs.nl](https://mail.tbmrs.nl) |
|
||||
| Linkding | Bookmark managment | [links.local.tbmrs.nl](https://links.local.tbmrs.nl) |
|
||||
| Jellyfin | Movies, series and music streaming | [stream.local.tbmrs.nl](https://stream.local.tbmrs.nl) |
|
||||
|
||||
### Todo
|
||||
|
||||
- Install koreader selfhosted sync
|
||||
|
||||
### Openid commands
|
||||
|
||||
#### Configure new openid client
|
||||
|
||||
From: [Kanidm Docs](https://kanidm.github.io/kanidm/master/integrations/oauth2/examples.html)
|
||||
|
||||
Replace `<service>` with the name of the service.
|
||||
|
||||
1. Create a new Kanidm group, and add your regular account to it:
|
||||
|
||||
```bash
|
||||
$ kanidm group create <service>_users
|
||||
$ kanidm group add-members <service>_users your_username
|
||||
```
|
||||
|
||||
2. Create a new OAuth2 application configuration in Kanidm, configure the redirect URL, and scope access to the group:
|
||||
|
||||
```bash
|
||||
$ kanidm system oauth2 create <service> <servicename> <service_login_url>
|
||||
$ kanidm system oauth2 add-redirect-url <service> <redirect_url>
|
||||
$ kanidm system oauth2 update-scope-map <service> <service>_users email openid profile groups
|
||||
```
|
||||
|
||||
3. (Optional) Disable PKCE
|
||||
|
||||
```bash
|
||||
$ kanidm system oauth2 warning-insecure-client-disable-pkce <service>
|
||||
```
|
||||
|
||||
4. Get the OAuth2 client secret from Kanidm
|
||||
|
||||
```bash
|
||||
$ kanidm system oauth2 show-basic-secret <service>
|
||||
```
|
||||
|
||||
## Useful links
|
||||
|
||||
Womier keyboard permissions denied or not finding: https://github.com/the-via/releases/issues/257
|
||||
|
BIN
assets/kiiwy.png
Normal file
BIN
assets/kiiwy.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 46 KiB |
BIN
assets/wallpaper-2-blurred.png
Normal file
BIN
assets/wallpaper-2-blurred.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 1.0 MiB |
@@ -1,7 +1,7 @@
|
||||
FROM caddy:2.8-builder AS builder
|
||||
|
||||
RUN xcaddy build \
|
||||
--with github.com/caddy-dns/cloudflare
|
||||
--with github.com/caddy-dns/transip
|
||||
|
||||
FROM caddy:2.8
|
||||
|
465
flake.lock
generated
465
flake.lock
generated
@@ -5,11 +5,11 @@
|
||||
"fromYaml": "fromYaml"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732200724,
|
||||
"narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=",
|
||||
"lastModified": 1746562888,
|
||||
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=",
|
||||
"owner": "SenchoPens",
|
||||
"repo": "base16.nix",
|
||||
"rev": "153d52373b0fb2d343592871009a286ec8837aec",
|
||||
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -37,11 +37,11 @@
|
||||
"base16-helix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1725860795,
|
||||
"narHash": "sha256-Z2o8VBPW3I+KKTSfe25kskz0EUj7MpUh8u355Z1nVsU=",
|
||||
"lastModified": 1748408240,
|
||||
"narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-helix",
|
||||
"rev": "7f795bf75d38e0eea9fed287264067ca187b88a9",
|
||||
"rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -69,69 +69,74 @@
|
||||
"base16-vim": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1731949548,
|
||||
"narHash": "sha256-XIDexXM66sSh5j/x70e054BnUsviibUShW7XhbDGhYo=",
|
||||
"lastModified": 1732806396,
|
||||
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-vim",
|
||||
"rev": "61165b1632409bd55e530f3dbdd4477f011cadc6",
|
||||
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-vim",
|
||||
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1717312683,
|
||||
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "flake-compat",
|
||||
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"systems": [
|
||||
"stylix",
|
||||
"systems"
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731533236,
|
||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||
"lastModified": 1751854533,
|
||||
"narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "16b74a1e304197248a1bc663280f2548dbfcae3c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"firefox-gnome-theme": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1748383148,
|
||||
"narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=",
|
||||
"owner": "rafaelmardojai",
|
||||
"repo": "firefox-gnome-theme",
|
||||
"rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "rafaelmardojai",
|
||||
"repo": "firefox-gnome-theme",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"stylix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1749398372,
|
||||
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
@@ -154,16 +159,16 @@
|
||||
"gnome-shell": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1732369855,
|
||||
"narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
|
||||
"lastModified": 1744584021,
|
||||
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
|
||||
"owner": "GNOME",
|
||||
"repo": "gnome-shell",
|
||||
"rev": "dadd58f630eeea41d645ee225a63f719390829dc",
|
||||
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "GNOME",
|
||||
"ref": "47.2",
|
||||
"ref": "48.1",
|
||||
"repo": "gnome-shell",
|
||||
"type": "github"
|
||||
}
|
||||
@@ -175,38 +180,73 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1735344290,
|
||||
"narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
|
||||
"lastModified": 1751810233,
|
||||
"narHash": "sha256-kllkNbIqQi3VplgTMeGzuh1t8Gk8TauvkTRt93Km+tQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "613691f285dad87694c2ba1c9e6298d04736292d",
|
||||
"rev": "9b0873b46c9f9e4b7aa01eb634952c206af53068",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-24.11",
|
||||
"ref": "release-25.05",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager_2": {
|
||||
"niri": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"stylix",
|
||||
"nixpkgs"
|
||||
]
|
||||
"niri-stable": "niri-stable",
|
||||
"niri-unstable": "niri-unstable",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-stable": "nixpkgs-stable",
|
||||
"xwayland-satellite-stable": "xwayland-satellite-stable",
|
||||
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1733085484,
|
||||
"narHash": "sha256-dVmNuUajnU18oHzBQWZm1BQtANCHaqNuxTHZQ+GN0r8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "c1fee8d4a60b89cae12b288ba9dbc608ff298163",
|
||||
"lastModified": 1752057206,
|
||||
"narHash": "sha256-f8fNAag3K3WAq+lJr2EEu2f3xVSFLPddLgJKZRzXa3M=",
|
||||
"owner": "sodiboo",
|
||||
"repo": "niri-flake",
|
||||
"rev": "90c2edcf32d0fcb511fee9a0b8c580a18178c109",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"owner": "sodiboo",
|
||||
"repo": "niri-flake",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"niri-stable": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1748151941,
|
||||
"narHash": "sha256-z4viQZLgC2bIJ3VrzQnR+q2F3gAOEQpU1H5xHtX/2fs=",
|
||||
"owner": "YaLTeR",
|
||||
"repo": "niri",
|
||||
"rev": "8ba57fcf25d2fc9565131684a839d58703f1dae7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "YaLTeR",
|
||||
"ref": "v25.05.1",
|
||||
"repo": "niri",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"niri-unstable": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1750791124,
|
||||
"narHash": "sha256-F5iVU/hjoSHSSe0gllxm0PcAaseEtGNanYK5Ha3k2Tg=",
|
||||
"owner": "YaLTeR",
|
||||
"repo": "niri",
|
||||
"rev": "37458d94b288945f6cfbd3c5c233f634d59f246c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "YaLTeR",
|
||||
"repo": "niri",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
@@ -229,34 +269,13 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-cosmic": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-stable": "nixpkgs-stable",
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1735695461,
|
||||
"narHash": "sha256-xWeCORE1NA95dt3m1wGTmWFao8uMtmysK26jVcsL1tI=",
|
||||
"owner": "lilyinstarlight",
|
||||
"repo": "nixos-cosmic",
|
||||
"rev": "80d9501f798baa8d55d86398142bc94db7619d8e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lilyinstarlight",
|
||||
"repo": "nixos-cosmic",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1735388221,
|
||||
"narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=",
|
||||
"lastModified": 1752048960,
|
||||
"narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "7c674c6734f61157e321db595dbfcd8523e04e19",
|
||||
"rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -268,11 +287,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1735471104,
|
||||
"narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
|
||||
"lastModified": 1751792365,
|
||||
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
|
||||
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -299,27 +318,27 @@
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1735531152,
|
||||
"narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=",
|
||||
"lastModified": 1751943650,
|
||||
"narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3ffbbdbac0566a0977da3d2657b89cbcfe9a173b",
|
||||
"rev": "88983d4b665fb491861005137ce2b11a9f89f203",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-24.11",
|
||||
"ref": "nixos-25.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1735471104,
|
||||
"narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
|
||||
"lastModified": 1751792365,
|
||||
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
|
||||
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -330,11 +349,26 @@
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1732238832,
|
||||
"narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=",
|
||||
"lastModified": 1751943650,
|
||||
"narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d",
|
||||
"rev": "88983d4b665fb491861005137ce2b11a9f89f203",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-25.05",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1744868846,
|
||||
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -344,38 +378,76 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"home-manager": "home-manager",
|
||||
"nix-colors": "nix-colors",
|
||||
"nixos-cosmic": "nixos-cosmic",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": [
|
||||
"nixos-cosmic",
|
||||
"nixpkgs-stable"
|
||||
],
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"stylix": "stylix"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixos-cosmic",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1735612067,
|
||||
"narHash": "sha256-rsjojgfPUf9tWuMXuuo2KAIoUZ49XGZQJSjFGOO8Cq4=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "d199142e84bfaae476ffb4e09a70879d7918784d",
|
||||
"lastModified": 1751211869,
|
||||
"narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-25.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nur": {
|
||||
"inputs": {
|
||||
"flake-parts": [
|
||||
"stylix",
|
||||
"flake-parts"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"stylix",
|
||||
"nixpkgs"
|
||||
],
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1751320053,
|
||||
"narHash": "sha256-3m6RMw0FbbaUUa01PNaMLoO7D99aBClmY5ed9V3vz+0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "cbde1735782f9c2bb2c63d5e05fba171a14a4670",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"disko": "disko",
|
||||
"home-manager": "home-manager",
|
||||
"niri": "niri",
|
||||
"nix-colors": "nix-colors",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"sops-nix": "sops-nix",
|
||||
"stylix": "stylix"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1751606940,
|
||||
"narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
@@ -385,26 +457,29 @@
|
||||
"base16-fish": "base16-fish",
|
||||
"base16-helix": "base16-helix",
|
||||
"base16-vim": "base16-vim",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-utils": "flake-utils",
|
||||
"firefox-gnome-theme": "firefox-gnome-theme",
|
||||
"flake-parts": "flake-parts",
|
||||
"gnome-shell": "gnome-shell",
|
||||
"home-manager": "home-manager_2",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"nur": "nur",
|
||||
"systems": "systems",
|
||||
"tinted-foot": "tinted-foot",
|
||||
"tinted-kitty": "tinted-kitty",
|
||||
"tinted-tmux": "tinted-tmux"
|
||||
"tinted-schemes": "tinted-schemes",
|
||||
"tinted-tmux": "tinted-tmux",
|
||||
"tinted-zed": "tinted-zed"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1735664732,
|
||||
"narHash": "sha256-KoXLDDDT/nMBMl6VtoAGxJ58COvT+SWL5aiR+hUPBUo=",
|
||||
"lastModified": 1752014016,
|
||||
"narHash": "sha256-Gn6cnUPchPenxUFDt+dh7836CNu3GM13aghTabfZUrU=",
|
||||
"owner": "danth",
|
||||
"repo": "stylix",
|
||||
"rev": "f48cab39ba162c5eaef3d975aaac467c20db402b",
|
||||
"rev": "26042c1f59ae868193fa4378f85e4f6240f25ff8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "danth",
|
||||
"ref": "release-25.05",
|
||||
"repo": "stylix",
|
||||
"type": "github"
|
||||
}
|
||||
@@ -444,28 +519,43 @@
|
||||
"tinted-kitty": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1716423189,
|
||||
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
|
||||
"lastModified": 1735730497,
|
||||
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-kitty",
|
||||
"rev": "eb39e141db14baef052893285df9f266df041ff8",
|
||||
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-kitty",
|
||||
"rev": "eb39e141db14baef052893285df9f266df041ff8",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tinted-schemes": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1750770351,
|
||||
"narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "schemes",
|
||||
"rev": "5a775c6ffd6e6125947b393872cde95867d85a2a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "schemes",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tinted-tmux": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1729501581,
|
||||
"narHash": "sha256-1ohEFMC23elnl39kxWnjzH1l2DFWWx4DhFNNYDTYt54=",
|
||||
"lastModified": 1751159871,
|
||||
"narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-tmux",
|
||||
"rev": "f0e7f7974a6441033eb0a172a0342e96722b4f14",
|
||||
"rev": "bded5e24407cec9d01bd47a317d15b9223a1546c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -473,6 +563,77 @@
|
||||
"repo": "tinted-tmux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tinted-zed": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1751158968,
|
||||
"narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-zed",
|
||||
"rev": "86a470d94204f7652b906ab0d378e4231a5b3384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-zed",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"treefmt-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"stylix",
|
||||
"nur",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1733222881,
|
||||
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"xwayland-satellite-stable": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1748488455,
|
||||
"narHash": "sha256-IiLr1alzKFIy5tGGpDlabQbe6LV1c9ABvkH6T5WmyRI=",
|
||||
"owner": "Supreeeme",
|
||||
"repo": "xwayland-satellite",
|
||||
"rev": "3ba30b149f9eb2bbf42cf4758d2158ca8cceef73",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Supreeeme",
|
||||
"ref": "v0.6",
|
||||
"repo": "xwayland-satellite",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"xwayland-satellite-unstable": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1751228685,
|
||||
"narHash": "sha256-MENtauGBhJ+kDeFaawvWGXaFG3Il6qQzjaP0RmtfM0k=",
|
||||
"owner": "Supreeeme",
|
||||
"repo": "xwayland-satellite",
|
||||
"rev": "557ebeb616e03d5e4a8049862bbbd1f02c6f020b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Supreeeme",
|
||||
"repo": "xwayland-satellite",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
184
flake.nix
184
flake.nix
@@ -1,13 +1,13 @@
|
||||
{
|
||||
description = "Nixos configuration for Xeovalyte";
|
||||
description = "Nixos configuration for Timo";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "nixpkgs/nixos-24.11";
|
||||
nixpkgs.url = "nixpkgs/nixos-25.05";
|
||||
|
||||
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
|
||||
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager/release-24.11";
|
||||
url = "github:nix-community/home-manager/release-25.05";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
@@ -15,130 +15,140 @@
|
||||
|
||||
nix-colors.url = "github:misterio77/nix-colors";
|
||||
|
||||
stylix.url = "github:danth/stylix";
|
||||
stylix.url = "github:danth/stylix/release-25.05";
|
||||
|
||||
nixpkgs.follows = "nixos-cosmic/nixpkgs-stable";
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
niri.url = "github:sodiboo/niri-flake";
|
||||
|
||||
nixos-cosmic = {
|
||||
url = "github:lilyinstarlight/nixos-cosmic";
|
||||
};
|
||||
disko.url = "github:nix-community/disko";
|
||||
disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, home-manager, nix-colors, stylix, nixos-cosmic, ... }:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
overlay-unstable = final: prev: {
|
||||
unstable = import nixpkgs-unstable {
|
||||
config.allowUnfree = true;
|
||||
localSystem = { inherit system; };
|
||||
};
|
||||
};
|
||||
outputs = {
|
||||
self,
|
||||
nixpkgs,
|
||||
home-manager,
|
||||
nix-colors,
|
||||
stylix,
|
||||
sops-nix,
|
||||
niri,
|
||||
disko,
|
||||
...
|
||||
} @ inputs: let
|
||||
inherit (self) outputs;
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
forAllSystems = nixpkgs.lib.genAttrs systems;
|
||||
in
|
||||
{
|
||||
# Laptop Configuration
|
||||
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system} );
|
||||
overlays = import ./overlays { inherit inputs; };
|
||||
|
||||
nixosConfigurations = {
|
||||
xv-laptop = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
ti-clt-lpt01 = nixpkgs.lib.nixosSystem {
|
||||
specialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
|
||||
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
|
||||
|
||||
./hosts/laptop
|
||||
./hosts/ti-clt-lpt01/configuration.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
homeConfigurations = {
|
||||
"xeovalyte@xv-laptop" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
extraSpecialArgs = { inherit inputs nix-colors; };
|
||||
ch-clt-dsk01 = nixpkgs.lib.nixosSystem {
|
||||
specialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
|
||||
./hosts/laptop/home.nix
|
||||
./hosts/ch-clt-dsk01/configuration.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# Surface Configuration
|
||||
nixosConfigurations = {
|
||||
xv-surface = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
ti-clt-tbl01 = nixpkgs.lib.nixosSystem {
|
||||
specialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
|
||||
inputs.nixos-hardware.nixosModules.microsoft-surface-go
|
||||
nixos-cosmic.nixosModules.default
|
||||
|
||||
./hosts/surface
|
||||
./hosts/ti-clt-tbl01/configuration.nix
|
||||
];
|
||||
};
|
||||
|
||||
# Timo's desktop
|
||||
ti-clt-dsk01 = nixpkgs.lib.nixosSystem {
|
||||
specialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
./hosts/ti-clt-dsk01/configuration.nix
|
||||
];
|
||||
};
|
||||
|
||||
v-th-ctr-01 = nixpkgs.lib.nixosSystem {
|
||||
specialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
./hosts/v-th-ctr-01/configuration.nix
|
||||
];
|
||||
};
|
||||
|
||||
# Raspberry pi
|
||||
p-th-rpi-01 = nixpkgs.lib.nixosSystem {
|
||||
specialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
./hosts/p-th-rpi-01/configuration.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
homeConfigurations = {
|
||||
"xeovalyte@xv-surface" = home-manager.lib.homeManagerConfiguration {
|
||||
# Timo
|
||||
"xeovalyte@ti-clt-lpt01" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
extraSpecialArgs = { inherit inputs nix-colors; };
|
||||
extraSpecialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
|
||||
./hosts/surface/home.nix
|
||||
./hosts/ti-clt-lpt01/home.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nixosConfigurations = {
|
||||
xv-desktop = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = [
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
|
||||
./hosts/desktop
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
homeConfigurations = {
|
||||
"xeovalyte@xv-desktop" = home-manager.lib.homeManagerConfiguration {
|
||||
"xeovalyte@ti-clt-tbl01" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
extraSpecialArgs = { inherit inputs nix-colors; };
|
||||
extraSpecialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
|
||||
./hosts/desktop/home.nix
|
||||
./hosts/ti-clt-tbl01/home.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# pm01vm01 Configuration
|
||||
nixosConfigurations = {
|
||||
pm01vm01 = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = [
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
|
||||
./hosts/pm01vm01
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
homeConfigurations = {
|
||||
"xeovalyte@pm01vm01" = home-manager.lib.homeManagerConfiguration {
|
||||
"xeovalyte@ti-clt-dsk01" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
extraSpecialArgs = { inherit inputs nix-colors; };
|
||||
extraSpecialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
|
||||
./hosts/pm01vm01/home.nix
|
||||
./hosts/ti-clt-dsk01/home.nix
|
||||
];
|
||||
};
|
||||
|
||||
# Christa
|
||||
"kiiwy@ch-clt-dsk01" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
extraSpecialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
./hosts/ch-clt-dsk01/home.nix
|
||||
];
|
||||
};
|
||||
|
||||
# Deploy
|
||||
"deploy@v-th-ctr-01" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
extraSpecialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
./hosts/v-th-ctr-01/home.nix
|
||||
];
|
||||
};
|
||||
|
||||
# Deploy
|
||||
"deploy@p-th-rpi-01" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.aarch64-linux;
|
||||
extraSpecialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
./hosts/p-th-rpi-01/home.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
||||
|
2
homelab/.gitignore
vendored
2
homelab/.gitignore
vendored
@@ -1,2 +0,0 @@
|
||||
secrets/
|
||||
.env
|
@@ -1,44 +0,0 @@
|
||||
# Configuration steps
|
||||
|
||||
## 1. Install [NixOS](https://nixos.org/)
|
||||
|
||||
Follow the steps from the [NixOS Manual Installation](https://nixos.org/manual/nixos/stable/#sec-installation-manual)
|
||||
|
||||
> At the edit configuration.nix step you must:
|
||||
>
|
||||
> - Add a user to the configuration file and set a password
|
||||
> - Enable openssh
|
||||
|
||||
## 2. Configuring flake
|
||||
|
||||
1. Clone this repository
|
||||
2. Copy hardware configuration to host<br>
|
||||
`cp /etc/nixos/hardware-configuration.nix ~/nix/hosts/<host>/hardware-configuration.nix`
|
||||
3. Rebuild system
|
||||
`sudo nixos-rebuild switch --flake .#<host>`
|
||||
4. Rebuild home-manager
|
||||
`home-manager switch --flake .#<user>@<host>`
|
||||
5. Reboot
|
||||
|
||||
## 3. Configuring docker containers
|
||||
|
||||
1. Create proxy network<br>
|
||||
`docker network create proxy`
|
||||
|
||||
2. Configure [Adguard](./adguard/README.md)
|
||||
3. Configure [Caddy](./caddy/README.md)
|
||||
4. Configure [Authelia](./authelia/README.md)
|
||||
5. Configure the rest of the services
|
||||
|
||||
# Services
|
||||
|
||||
| Name | Use | Domain | Auth |
|
||||
| ------- | -------------- | ----------------------------- | ------ |
|
||||
| Adguard | DNS | https://adguard.timo.bmrs.nl/ | local |
|
||||
| Caddy | Reverse proxy | - | - |
|
||||
| Forgejo | Git | https://git.timo.bmrs.nl/ | Openid |
|
||||
| Ldap | User directory | https://ldap.timo.bmrs.nl/ | - |
|
||||
|
||||
# Services to try out
|
||||
|
||||
- [Beszel](https://github.com/henrygd/beszel)
|
@@ -1,7 +0,0 @@
|
||||
# Adguard Home
|
||||
|
||||
1. Temporaraly edit ports in docker-compose file to setup
|
||||
2. Configuration screen<br>
|
||||
1. Change listen interface to port 3000
|
||||
3. Add DNS rewrite for *.timo.bmrs.nl
|
||||
4. Delete temporaraly port edit in docker-compose
|
@@ -1,21 +0,0 @@
|
||||
services:
|
||||
adguardhome:
|
||||
image: adguard/adguardhome:latest
|
||||
container_name: adguardhome
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 53:53/tcp
|
||||
- 53:53/udp
|
||||
# - 80:3000 # Only use during setup
|
||||
volumes:
|
||||
- work:/opt/adguardhome/work
|
||||
- conf:/opt/adguardhome/conf
|
||||
|
||||
volumes:
|
||||
work:
|
||||
conf:
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: proxy
|
||||
external: true
|
1
homelab/authelia/.gitignore
vendored
1
homelab/authelia/.gitignore
vendored
@@ -1 +0,0 @@
|
||||
keys/
|
@@ -1,13 +0,0 @@
|
||||
# Authelia
|
||||
|
||||
1. Edit environment variables.
|
||||
1. For HMAC_SECRET, JWT_SECRET, ADMIN_PASSWORD, SESSION_SECRET, STORAGE_ENCRYPTION_KEY, LLDAP_KEY_SEED use an random alphanumeric string of at least 64 characters
|
||||
2. For CLIENT_SECRET, CLIEND_ID: [Generate client identifier](https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-a-client-identifier-or-client-secret)
|
||||
1. Use single quotes for the client secret
|
||||
|
||||
2. Generate PAM file using and save it to the /config/keys directory: [Generating keypair](https://www.authelia.com/reference/guides/generating-secure-values/#generating-an-rsa-keypair)
|
||||
1. Save the random password
|
||||
|
||||
3. Configure LLDAP
|
||||
1. Create a user in LLDAP with the group: lldap_password_manager
|
||||
2. Create groups: forgejo
|
File diff suppressed because it is too large
Load Diff
@@ -1,44 +0,0 @@
|
||||
services:
|
||||
authelia:
|
||||
image: authelia/authelia:latest
|
||||
container_name: authelia
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- lldap
|
||||
volumes:
|
||||
- ./config/configuration.yml:/config/configuration.yml
|
||||
- ./config/keys:/keys
|
||||
- data_authelia:/config
|
||||
environment:
|
||||
X_AUTHELIA_CONFIG_FILTERS: template
|
||||
JWT_SECRET: ${AUTHELIA_JWT_SECRET}
|
||||
SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
|
||||
STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
|
||||
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${LLDAP_ADMIN_PASSWORD}
|
||||
HMAC_SECRET: ${AUTHELIA_HMAC_SECRET}
|
||||
CLIENT_SECRET_FORGEJO: ${AUTHELIA_CLIENT_SECRET_FORGEJO}
|
||||
CLIENT_ID_FORGEJO: ${AUTHELIA_CLIENT_ID_FORGEJO}
|
||||
CLIENT_SECRET_PAPERLESS: ${AUTHELIA_CLIENT_SECRET_PAPERLESS}
|
||||
CLIENT_ID_PAPERLESS: ${AUTHELIA_CLIENT_ID_PAPERLESS}
|
||||
|
||||
lldap:
|
||||
image: lldap/lldap:latest
|
||||
container_name: lldap
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- data_lldap:/data
|
||||
environment:
|
||||
LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
|
||||
LLDAP_KEY_SEED: ${LLDAP_KEY_SEED}
|
||||
LLDAP_LDAP_BASE_DN: dc=bmrs,dc=nl
|
||||
LLDAP_LDAP_USER_PASS: ${LLDAP_ADMIN_PASSWORD}
|
||||
|
||||
volumes:
|
||||
data_lldap:
|
||||
data_authelia:
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: proxy
|
||||
external: true
|
||||
|
@@ -1,4 +0,0 @@
|
||||
# Caddy reverse proxy
|
||||
|
||||
1. Obtain cloudflare tokens: [Caddy Cloudflare](https://github.com/caddy-dns/cloudflare)
|
||||
2. Set environment variables
|
@@ -1,21 +0,0 @@
|
||||
localhost {
|
||||
respond "Hello world!"
|
||||
}
|
||||
|
||||
|
||||
*.timo.bmrs.nl timo.bmrs.nl {
|
||||
tls {
|
||||
dns cloudflare {
|
||||
zone_token {env.CF_ZONE_TOKEN}
|
||||
api_token {env.CF_API_TOKEN}
|
||||
}
|
||||
resolvers 1.1.1.1
|
||||
}
|
||||
|
||||
forward_auth authelia:9091 {
|
||||
uri /api/authz/forward-auth
|
||||
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
|
||||
}
|
||||
|
||||
import routes/*
|
||||
}
|
@@ -1,4 +0,0 @@
|
||||
@adguard host adguard.timo.bmrs.nl
|
||||
handle @adguard {
|
||||
reverse_proxy adguardhome:3000
|
||||
}
|
@@ -1,9 +0,0 @@
|
||||
@ldap host ldap.timo.bmrs.nl
|
||||
handle @ldap {
|
||||
reverse_proxy lldap:17170
|
||||
}
|
||||
|
||||
@authelia host auth.timo.bmrs.nl
|
||||
handle @authelia {
|
||||
reverse_proxy authelia:9091
|
||||
}
|
@@ -1,9 +0,0 @@
|
||||
@dozzle host dozzle.timo.bmrs.nl
|
||||
handle @dozzle {
|
||||
forward_auth authelia:9091 {
|
||||
uri /api/authz/forward-auth
|
||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||
}
|
||||
|
||||
reverse_proxy dozzle:8080
|
||||
}
|
@@ -1,4 +0,0 @@
|
||||
@forgejo host git.timo.bmrs.nl
|
||||
handle @forgejo {
|
||||
reverse_proxy forgejo:3000
|
||||
}
|
@@ -1,4 +0,0 @@
|
||||
@homeassistant host homeassistant.timo.bmrs.nl
|
||||
handle @homeassistant {
|
||||
reverse_proxy homeassistant:8123
|
||||
}
|
@@ -1,4 +0,0 @@
|
||||
@homepage host home.timo.bmrs.nl
|
||||
handle @homepage {
|
||||
reverse_proxy homepage:3000
|
||||
}
|
@@ -1,4 +0,0 @@
|
||||
@immich host immich.timo.bmrs.nl
|
||||
handle @immich {
|
||||
reverse_proxy immich:2283
|
||||
}
|
@@ -1,12 +0,0 @@
|
||||
@nextcloud host cloud.timo.bmrs.nl
|
||||
handle @nextcloud {
|
||||
redir /.well-known/carddav /remote.php/dav/ 301
|
||||
redir /.well-known/caldav /remote.php/dav/ 301
|
||||
|
||||
reverse_proxy nextcloud:80
|
||||
}
|
||||
|
||||
@office host office.timo.bmrs.nl
|
||||
handle @office {
|
||||
reverse_proxy nextcloud-office:9980
|
||||
}
|
@@ -1,4 +0,0 @@
|
||||
@paperless-ngx host paperless.timo.bmrs.nl
|
||||
handle @paperless-ngx {
|
||||
reverse_proxy paperless-ngx:8000
|
||||
}
|
@@ -1,4 +0,0 @@
|
||||
@searxng host search.timo.bmrs.nl
|
||||
handle @searxng {
|
||||
reverse_proxy searxng:8080
|
||||
}
|
@@ -1,4 +0,0 @@
|
||||
@uptime-kuma host uptime.timo.bmrs.nl
|
||||
handle @uptime-kuma {
|
||||
reverse_proxy uptime-kuma:3001
|
||||
}
|
@@ -1,4 +0,0 @@
|
||||
@vaultwarden host bitwarden.timo.bmrs.nl
|
||||
handle @vaultwarden {
|
||||
reverse_proxy vaultwarden:80
|
||||
}
|
@@ -1,33 +0,0 @@
|
||||
services:
|
||||
caddy:
|
||||
build: .
|
||||
container_name: caddy
|
||||
restart: unless-stopped
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
- 443:443/udp
|
||||
volumes:
|
||||
- data:/data
|
||||
- config:/config
|
||||
- ./caddyfiles:/etc/caddy/
|
||||
environment:
|
||||
CF_ZONE_TOKEN: ${CF_ZONE_TOKEN}
|
||||
CF_API_TOKEN: ${CF_API_TOKEN}
|
||||
networks:
|
||||
proxy:
|
||||
aliases:
|
||||
- auth.timo.bmrs.nl
|
||||
- cloud.timo.bmrs.nl
|
||||
- office.timo.bmrs.nl
|
||||
|
||||
volumes:
|
||||
data:
|
||||
config:
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
name: proxy
|
||||
external: true
|
@@ -1,15 +0,0 @@
|
||||
services:
|
||||
dozzle:
|
||||
image: amir20/dozzle:latest
|
||||
container_name: dozzle
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /run/user/1000/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
DOZZLE_ENABLE_ACTIONS: true
|
||||
DOZZLE_AUTH_PROVIDER: forward-proxy
|
||||
|
||||
networks:
|
||||
default:
|
||||
external: true
|
||||
name: proxy
|
File diff suppressed because it is too large
Load Diff
@@ -1,40 +0,0 @@
|
||||
services:
|
||||
forgejo:
|
||||
image: codeberg.org/forgejo/forgejo:9
|
||||
container_name: forgejo
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- db
|
||||
ports:
|
||||
- 222:22
|
||||
volumes:
|
||||
- data:/data
|
||||
- ./config/app.ini:/etc/forgejo/app.ini
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
FORGEJO__database__DB_TYPE: postgres
|
||||
FORGEJO__database__HOST: "forgejo-db"
|
||||
FORGEJO__database__NAME: forgejo
|
||||
FORGEJO__database__USER: forgejo
|
||||
FORGEJO__database__PASSWD: ${DB_PASSWORD}
|
||||
|
||||
db:
|
||||
image: postgres:14
|
||||
container_name: forgejo-db
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- data_db:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_USER: forgejo
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
POSTGES_DB: forgejo
|
||||
|
||||
volumes:
|
||||
data:
|
||||
data_db:
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: proxy
|
||||
external: true
|
@@ -1,15 +0,0 @@
|
||||
# Loads default set of integrations. Do not remove.
|
||||
default_config:
|
||||
|
||||
# Load frontend themes from the themes folder
|
||||
frontend:
|
||||
themes: !include_dir_merge_named themes
|
||||
|
||||
automation: !include automations.yaml
|
||||
script: !include scripts.yaml
|
||||
scene: !include scenes.yaml
|
||||
|
||||
http:
|
||||
use_x_forwarded_for: true
|
||||
trusted_proxies:
|
||||
- 172.18.0.0/24
|
@@ -1,17 +0,0 @@
|
||||
services:
|
||||
homeassistant:
|
||||
image: ghcr.io/home-assistant/home-assistant:stable
|
||||
container_name: homeassistant
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- config:/config
|
||||
- ./config/configuration.yaml:/config/configuration.yaml
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
|
||||
volumes:
|
||||
config:
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: proxy
|
||||
external: true
|
1
homelab/homepage/config/.gitignore
vendored
1
homelab/homepage/config/.gitignore
vendored
@@ -1 +0,0 @@
|
||||
logs/
|
@@ -1,3 +0,0 @@
|
||||
---
|
||||
# For configuration options and examples, please see:
|
||||
# https://gethomepage.dev/configs/bookmarks
|
@@ -1,10 +0,0 @@
|
||||
---
|
||||
# For configuration options and examples, please see:
|
||||
# https://gethomepage.dev/configs/docker/
|
||||
|
||||
# my-docker:
|
||||
# host: 127.0.0.1
|
||||
# port: 2375
|
||||
|
||||
docker:
|
||||
socket: /var/run/docker.sock
|
@@ -1,2 +0,0 @@
|
||||
---
|
||||
# sample kubernetes config
|
@@ -1,56 +0,0 @@
|
||||
---
|
||||
# For configuration options and examples, please see:
|
||||
# https://gethomepage.dev/configs/services
|
||||
|
||||
- Primary Services:
|
||||
- Adguard:
|
||||
href: https://adguard.timo.bmrs.nl/
|
||||
description: DNS
|
||||
icon: adguard-home
|
||||
server: docker
|
||||
container: adguardhome
|
||||
widget:
|
||||
type: adguard
|
||||
url: http://adguardhome:3000
|
||||
username: xeovalyte
|
||||
password: {{HOMEPAGE_VAR_ADGUARD_PASSWORD}}
|
||||
|
||||
- Forgejo:
|
||||
href: https://git.timo.bmrs.nl/
|
||||
description: Git
|
||||
icon: forgejo
|
||||
server: docker
|
||||
container: forgejo
|
||||
|
||||
- Uptime Kuma:
|
||||
href: https://uptime.timo.bmrs.nl/
|
||||
description: Uptime monitoring
|
||||
icon: uptime-kuma
|
||||
server: docker
|
||||
container: uptime-kuma
|
||||
|
||||
- Vaultwarden:
|
||||
href: https://bitwarden.timo.bmrs.nl/
|
||||
description: Password manager
|
||||
icon: bitwarden
|
||||
server: docker
|
||||
container: vaultwarden
|
||||
|
||||
- Backend Services:
|
||||
- Authelia:
|
||||
description: SSO
|
||||
icon: authelia
|
||||
server: docker
|
||||
container: authelia
|
||||
|
||||
- Caddy:
|
||||
description: Reverse proxy
|
||||
icon: caddy
|
||||
server: docker
|
||||
container: caddy
|
||||
|
||||
- LLDAP:
|
||||
description: Active directory
|
||||
href: https://ldap.timo.bmrs.nl/
|
||||
server: docker
|
||||
container: lldap
|
@@ -1,21 +0,0 @@
|
||||
---
|
||||
# For configuration options and examples, please see:
|
||||
# https://gethomepage.dev/configs/settings
|
||||
|
||||
providers:
|
||||
openweathermap: openweathermapapikey
|
||||
weatherapi: weatherapiapikey
|
||||
|
||||
title: Xeovalyte's Dashboard
|
||||
color: slate
|
||||
|
||||
headerStyle: boxedWidgets
|
||||
|
||||
layout:
|
||||
Primary Services:
|
||||
style: row
|
||||
columns: 3
|
||||
|
||||
Backend Services:
|
||||
style: row
|
||||
columns: 4
|
@@ -1,12 +0,0 @@
|
||||
---
|
||||
# For configuration options and examples, please see:
|
||||
# https://gethomepage.dev/configs/service-widgets
|
||||
|
||||
- resources:
|
||||
cpu: true
|
||||
memory: true
|
||||
disk: /
|
||||
|
||||
- search:
|
||||
provider: duckduckgo
|
||||
target: _blank
|
@@ -1,19 +0,0 @@
|
||||
services:
|
||||
homepage:
|
||||
image: ghcr.io/gethomepage/homepage:latest
|
||||
container_name: homepage
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./config:/app/config
|
||||
- logs:/app/config/logs
|
||||
- /run/user/1000/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
HOMEPAGE_VAR_ADGUARD_PASSWORD: $ADGUARD_PASSWORD
|
||||
|
||||
volumes:
|
||||
logs:
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: proxy
|
||||
external: true
|
@@ -1,78 +0,0 @@
|
||||
services:
|
||||
immich:
|
||||
image: ghcr.io/immich-app/immich-server:release
|
||||
container_name: immich
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- data:/usr/src/app/upload
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
DB_HOSTNAME: "immich-db"
|
||||
env_file:
|
||||
- .env
|
||||
depends_on:
|
||||
- redis
|
||||
- db
|
||||
|
||||
immich-machine-learning:
|
||||
image: ghcr.io/immich-app/immich-machine-learning:release
|
||||
container_name: immich-machine-learning
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- cache:/cache
|
||||
env_file:
|
||||
- .env
|
||||
|
||||
redis:
|
||||
image: docker.io/redis:6.2-alpine@sha256:2ba50e1ac3a0ea17b736ce9db2b0a9f6f8b85d4c27d5f5accc6a416d8f42c6d5
|
||||
container_name: immich-redis
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: redis-cli ping || exit 1
|
||||
volumes:
|
||||
- data_redis:/data
|
||||
|
||||
db:
|
||||
image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
|
||||
container_name: immich-db
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
|
||||
- data_db:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
|
||||
interval: 5m
|
||||
start_interval: 30s
|
||||
start_period: 5m
|
||||
command:
|
||||
[
|
||||
'postgres',
|
||||
'-c',
|
||||
'shared_preload_libraries=vectors.so',
|
||||
'-c',
|
||||
'search_path="$$user", public, vectors',
|
||||
'-c',
|
||||
'logging_collector=on',
|
||||
'-c',
|
||||
'max_wal_size=2GB',
|
||||
'-c',
|
||||
'shared_buffers=512MB',
|
||||
'-c',
|
||||
'wal_compression=on',
|
||||
]
|
||||
environment:
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
POSTGRES_USER: ${DB_USERNAME}
|
||||
POSTGRES_DB: ${DB_DATABASE_NAME}
|
||||
POSTGRES_INITDB_ARGS: '--data-checksums'
|
||||
|
||||
volumes:
|
||||
data:
|
||||
data_db:
|
||||
data_redis:
|
||||
cache:
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: proxy
|
||||
external: true
|
@@ -1,4 +0,0 @@
|
||||
# Nextcloud
|
||||
|
||||
1. Configure environment variables
|
||||
2. Update office configuration
|
@@ -1,54 +0,0 @@
|
||||
services:
|
||||
nextcloud:
|
||||
image: nextcloud:apache
|
||||
container_name: nextcloud
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- data:/var/www/html
|
||||
environment:
|
||||
POSTGRES_HOST: nextcloud-db
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
POSTGRES_DB: nextcloud
|
||||
POSTGRES_USER: nextcloud
|
||||
REDIS_HOST: nextcloud-redis
|
||||
TRUSTED_PROXIES: "172.23.0.0/24"
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
|
||||
db:
|
||||
image: postgres:16
|
||||
container_name: nextcloud-db
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- data_db:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
POSTGRES_DB: nextcloud
|
||||
POSTGRES_USER: nextcloud
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
container_name: nextcloud-redis
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- data_redis:/data
|
||||
|
||||
office:
|
||||
image: collabora/code
|
||||
container_name: nextcloud-office
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
DOMAIN: "cloud.timo.bmrs.nl"
|
||||
extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
|
||||
|
||||
|
||||
volumes:
|
||||
data:
|
||||
data_db:
|
||||
data_redis:
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: proxy
|
||||
external: true
|
@@ -1,3 +0,0 @@
|
||||
# Paperless NGX
|
||||
- Create super user: `docker compose exec paperless-ngx python3 manage.py createsuperuser`
|
||||
- Follow [Paperless wiki](https://www.authelia.com/integration/openid-connect/paperless/) for configuring oauth
|
@@ -1,50 +0,0 @@
|
||||
services:
|
||||
paperless-ngx:
|
||||
image: ghcr.io/paperless-ngx/paperless-ngx:latest
|
||||
container_name: paperless-ngx
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- broker
|
||||
- db
|
||||
volumes:
|
||||
- data:/usr/src/paperless/data
|
||||
- media:/usr/src/paperless/media
|
||||
environment:
|
||||
PAPERLESS_REDIS: redis://paperless-ngx-broker:6379
|
||||
PAPERLESS_DBHOST: paperless-ngx-db
|
||||
PAPERLESS_DBPASS: ${POSTGRES_PASSWORD}
|
||||
PAPERLESS_URL: https://paperless.timo.bmrs.nl
|
||||
|
||||
PAPERLESS_DISABLE_REGULAR_LOGIN: true
|
||||
PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
|
||||
PAPERLESS_SOCIALACCOUNT_PROVIDERS: ${PAPERLESS_SOCIALACCOUNT_PROVIDERS}
|
||||
|
||||
broker:
|
||||
image: docker.io/library/redis:7
|
||||
container_name: paperless-ngx-broker
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- data_redis:/data
|
||||
|
||||
db:
|
||||
image: docker.io/library/postgres:16
|
||||
container_name: paperless-ngx-db
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- data_db:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_DB: paperless
|
||||
POSTGRES_USER: paperless
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
|
||||
|
||||
volumes:
|
||||
data:
|
||||
data_db:
|
||||
data_redis:
|
||||
media:
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: proxy
|
||||
external: true
|
File diff suppressed because it is too large
Load Diff
@@ -1,54 +0,0 @@
|
||||
[uwsgi]
|
||||
# Who will run the code
|
||||
uid = searxng
|
||||
gid = searxng
|
||||
|
||||
# Number of workers (usually CPU count)
|
||||
# default value: %k (= number of CPU core, see Dockerfile)
|
||||
workers = %k
|
||||
|
||||
# Number of threads per worker
|
||||
# default value: 4 (see Dockerfile)
|
||||
threads = 4
|
||||
|
||||
# The right granted on the created socket
|
||||
chmod-socket = 666
|
||||
|
||||
# Plugin to use and interpreter config
|
||||
single-interpreter = true
|
||||
master = true
|
||||
plugin = python3
|
||||
lazy-apps = true
|
||||
enable-threads = 4
|
||||
|
||||
# Module to import
|
||||
module = searx.webapp
|
||||
|
||||
# Virtualenv and python path
|
||||
pythonpath = /usr/local/searxng/
|
||||
chdir = /usr/local/searxng/searx/
|
||||
|
||||
# automatically set processes name to something meaningful
|
||||
auto-procname = true
|
||||
|
||||
# Disable request logging for privacy
|
||||
disable-logging = true
|
||||
log-5xx = true
|
||||
|
||||
# Set the max size of a request (request-body excluded)
|
||||
buffer-size = 8192
|
||||
|
||||
# No keep alive
|
||||
# See https://github.com/searx/searx-docker/issues/24
|
||||
add-header = Connection: close
|
||||
|
||||
# Follow SIGTERM convention
|
||||
# See https://github.com/searxng/searxng/issues/3427
|
||||
die-on-term
|
||||
|
||||
# uwsgi serves the static files
|
||||
static-map = /static=/usr/local/searxng/searx/static
|
||||
# expires set to one day
|
||||
static-expires = /* 86400
|
||||
static-gzip-all = True
|
||||
offload-threads = 4
|
@@ -1,15 +0,0 @@
|
||||
services:
|
||||
searxng:
|
||||
image: searxng/searxng
|
||||
container_name: searxng
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./config:/etc/searxng
|
||||
environment:
|
||||
BASE_URL: "https://search.timo.bmrs.nl/"
|
||||
SEARXNG_SECRET: "PO8rO5ZW7K67sroemisMS8wpiq5pXEHecvXzGs4CdAgTQIQvAI09m65vFKGVVkZW"
|
||||
|
||||
networks:
|
||||
default:
|
||||
external: true
|
||||
name: proxy
|
@@ -1,15 +0,0 @@
|
||||
services:
|
||||
uptime-kuma:
|
||||
image: louislam/uptime-kuma:1
|
||||
container_name: uptime-kuma
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- data:/app/data
|
||||
|
||||
volumes:
|
||||
data:
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: proxy
|
||||
external: true
|
@@ -1,17 +0,0 @@
|
||||
services:
|
||||
vaultwarden:
|
||||
image: vaultwarden/server:latest
|
||||
container_name: vaultwarden
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- data:/data
|
||||
environment:
|
||||
SIGNUPS_ALLOWED: "true"
|
||||
|
||||
volumes:
|
||||
data:
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: proxy
|
||||
external: true
|
58
hosts/ch-clt-dsk01/configuration.nix
Normal file
58
hosts/ch-clt-dsk01/configuration.nix
Normal file
@@ -0,0 +1,58 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# Import hardware configuration
|
||||
./hardware-configuration.nix
|
||||
|
||||
# Import modules
|
||||
../../modules/system
|
||||
];
|
||||
|
||||
settings = {
|
||||
hostname = "ch-clt-dsk01";
|
||||
display-manager = "gdm";
|
||||
desktop-environments = {
|
||||
cosmic.enable = false;
|
||||
hyprland.enable = false;
|
||||
gnome.enable = true;
|
||||
};
|
||||
applications = {
|
||||
common.enable = true;
|
||||
steam.enable = true;
|
||||
thunar.enable = false;
|
||||
};
|
||||
services = {
|
||||
docker.enable = false;
|
||||
quickemu.enable = false;
|
||||
sunshine.enable = false;
|
||||
garbage-collection.enable = true;
|
||||
};
|
||||
hardware = {
|
||||
fprint.enable = false;
|
||||
printing.enable = true;
|
||||
bluetooth.enable = false;
|
||||
firewall.enable = true;
|
||||
locale.enable = true;
|
||||
nvidia.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Users
|
||||
users.users.kiiwy = {
|
||||
isNormalUser = true;
|
||||
description = "Christa Boomers";
|
||||
extraGroups = [ "networkmanager" "wheel" "dialout" ];
|
||||
};
|
||||
|
||||
# Bootloader
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
device = "nodev";
|
||||
configurationLimit = 32;
|
||||
};
|
||||
|
||||
system.stateVersion = "24.11";
|
||||
}
|
61
hosts/ch-clt-dsk01/home.nix
Normal file
61
hosts/ch-clt-dsk01/home.nix
Normal file
@@ -0,0 +1,61 @@
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# Modules
|
||||
../../modules/home/default.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
home = {
|
||||
username = "kiiwy";
|
||||
homeDirectory = "/home/kiiwy";
|
||||
};
|
||||
|
||||
settings = {
|
||||
host = "c-clt-dsk01";
|
||||
|
||||
applications.common.enable = true;
|
||||
applications.alacritty.enable = true;
|
||||
applications.devenv.enable = false;
|
||||
applications.firefox.enable = true;
|
||||
applications.git.enable = true;
|
||||
applications.helix.enable = true;
|
||||
applications.zsh.enable = true;
|
||||
applications.ssh.enable = true;
|
||||
applications.thunderbird.enable = false;
|
||||
applications.yazi.enable = false;
|
||||
applications.zellij.enable = false;
|
||||
applications.wezterm.enable = false;
|
||||
|
||||
services.nextcloud-sync.enable = false;
|
||||
|
||||
theming.fonts.enable = true;
|
||||
theming.stylix.enable = true;
|
||||
theming.stylix.wallpaper = "kiiwy.png";
|
||||
theming.stylix.theme = "theme";
|
||||
|
||||
desktop-environments.hyprland.enable = false;
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [
|
||||
# Desktop Applications
|
||||
prismlauncher
|
||||
unstable.signal-desktop
|
||||
unstable.vesktop
|
||||
unstable.webcord
|
||||
unstable.prusa-slicer
|
||||
blender
|
||||
|
||||
brave
|
||||
|
||||
# Office
|
||||
libreoffice
|
||||
];
|
||||
|
||||
# Enable home-manager
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
home.stateVersion = "24.05";
|
||||
};
|
||||
}
|
@@ -1,75 +0,0 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
|
||||
# Import modules
|
||||
../../modules/system/default.nix
|
||||
];
|
||||
|
||||
settings = {
|
||||
display-manager = "cosmic-greeter";
|
||||
desktop-environments = {
|
||||
cosmic.enable = true;
|
||||
hyprland.enable = false;
|
||||
gnome.enable = false;
|
||||
};
|
||||
applications = {
|
||||
common.enable = true;
|
||||
steam.enable = true;
|
||||
thunar.enable = false;
|
||||
};
|
||||
services = {
|
||||
docker.enable = false;
|
||||
quickemu.enable = false;
|
||||
sunshine.enable = false;
|
||||
garbage-collection.enable = true;
|
||||
};
|
||||
hardware = {
|
||||
fprint.enable = false;
|
||||
printing.enable = true;
|
||||
bluetooth.enable = false;
|
||||
firewall.enable = true;
|
||||
locale.enable = true;
|
||||
nvidia.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cosmic.cachix.org/"
|
||||
];
|
||||
|
||||
trusted-public-keys = [
|
||||
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
|
||||
];
|
||||
};
|
||||
|
||||
# Bootloader.
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
device = "nodev";
|
||||
};
|
||||
|
||||
# Networking configuration
|
||||
networking.hostName = "xv-desktop"; # Define your hostname.
|
||||
networking.interfaces.enp7s0.wakeOnLan.enable = true;
|
||||
|
||||
users.users.xeovalyte = {
|
||||
isNormalUser = true;
|
||||
description = "Timo Boomers";
|
||||
extraGroups = [ "networkmanager" "wheel" "dialout" "fuse" ];
|
||||
};
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
}
|
@@ -1,80 +0,0 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# Import hardware configuration
|
||||
./hardware-configuration.nix
|
||||
|
||||
# Import modules
|
||||
../../modules/system/default.nix
|
||||
];
|
||||
|
||||
settings = {
|
||||
display-manager = "cosmic-greeter";
|
||||
desktop-environments = {
|
||||
cosmic.enable = true;
|
||||
hyprland.enable = true;
|
||||
gnome.enable = false;
|
||||
};
|
||||
applications = {
|
||||
common.enable = true;
|
||||
steam.enable = true;
|
||||
thunar.enable = true;
|
||||
};
|
||||
services = {
|
||||
docker.enable = true;
|
||||
quickemu.enable = true;
|
||||
sunshine.enable = false;
|
||||
garbage-collection.enable = true;
|
||||
};
|
||||
hardware = {
|
||||
fprint.enable = true;
|
||||
printing.enable = true;
|
||||
bluetooth.enable = true;
|
||||
firewall.enable = true;
|
||||
locale.enable = true;
|
||||
nvidia.enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cosmic.cachix.org/"
|
||||
];
|
||||
|
||||
trusted-public-keys = [
|
||||
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
|
||||
];
|
||||
};
|
||||
|
||||
# Bootloader.
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
device = "nodev";
|
||||
configurationLimit = 32;
|
||||
};
|
||||
|
||||
networking.hostName = "xv-laptop"; # Define your hostname.
|
||||
|
||||
users.users.xeovalyte = {
|
||||
isNormalUser = true;
|
||||
description = "Timo Boomers";
|
||||
extraGroups = [ "networkmanager" "wheel" "dialout" ];
|
||||
};
|
||||
|
||||
nix.settings.trusted-users = [ "root" "xeovalyte" ];
|
||||
|
||||
# Prevent system freeze on high load
|
||||
services.earlyoom = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
}
|
69
hosts/p-th-rpi-01/configuration.nix
Normal file
69
hosts/p-th-rpi-01/configuration.nix
Normal file
@@ -0,0 +1,69 @@
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
# Include the container-specific autogenerated configuration.
|
||||
../../modules/system/default.nix
|
||||
];
|
||||
|
||||
settings = {
|
||||
hostname = "p-th-rpi-01";
|
||||
display-manager = "none";
|
||||
desktop-environments = {
|
||||
cosmic.enable = false;
|
||||
hyprland.enable = false;
|
||||
gnome.enable = false;
|
||||
};
|
||||
applications = {
|
||||
common.enable = true;
|
||||
steam.enable = false;
|
||||
thunar.enable = false;
|
||||
};
|
||||
services = {
|
||||
docker.enable = false;
|
||||
podman.enable = true;
|
||||
quickemu.enable = false;
|
||||
sunshine.enable = false;
|
||||
garbage-collection.enable = true;
|
||||
incus.enable = false;
|
||||
ssh.enable = true;
|
||||
};
|
||||
hardware = {
|
||||
fprint.enable = false;
|
||||
printing.enable = false;
|
||||
bluetooth.enable = false;
|
||||
firewall.enable = true;
|
||||
locale.enable = true;
|
||||
nvidia.enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
users.users.deploy = {
|
||||
isNormalUser = true;
|
||||
description = "Deploy";
|
||||
extraGroups = [ "networkmanager" "wheel" "dialout" ];
|
||||
linger = true;
|
||||
};
|
||||
|
||||
# networking
|
||||
networking = {
|
||||
dhcpcd.enable = false;
|
||||
useDHCP = false;
|
||||
useHostResolvConf = false;
|
||||
};
|
||||
|
||||
networking.hosts = {
|
||||
"127.0.0.1" = [ "tbmrs.nl" ];
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 1080 1443 1053 ];
|
||||
allowedUDPPorts = [ 1080 1443 1053 ];
|
||||
};
|
||||
}
|
76
hosts/p-th-rpi-01/home.nix
Normal file
76
hosts/p-th-rpi-01/home.nix
Normal file
@@ -0,0 +1,76 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# Modules
|
||||
../../modules/home/default.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
home = {
|
||||
username = "deploy";
|
||||
homeDirectory = "/home/deploy";
|
||||
};
|
||||
|
||||
settings = {
|
||||
host = "p-th-rpi-01";
|
||||
|
||||
applications.common.enable = false;
|
||||
applications.alacritty.enable = false;
|
||||
applications.devenv.enable = false;
|
||||
applications.firefox.enable = false;
|
||||
applications.git.enable = false;
|
||||
applications.helix.enable = true;
|
||||
applications.zsh.enable = true;
|
||||
applications.ssh.enable = true;
|
||||
applications.thunderbird.enable = false;
|
||||
applications.yazi.enable = true;
|
||||
applications.zellij.enable = true;
|
||||
applications.wezterm.enable = false;
|
||||
|
||||
services.nextcloud-sync.enable = false;
|
||||
services.podman.enable = true;
|
||||
services.sops.enable = true;
|
||||
|
||||
theming.fonts.enable = false;
|
||||
theming.stylix.enable = false;
|
||||
theming.stylix.wallpaper = "wallpaper-2.png";
|
||||
theming.stylix.theme = "da-one-ocean";
|
||||
|
||||
desktop-environments.hyprland.enable = false;
|
||||
|
||||
containers = {
|
||||
network.enable = true;
|
||||
|
||||
nginx.enable = false;
|
||||
caddy.enable = true;
|
||||
kanidm.enable = false;
|
||||
forgejo.enable = false;
|
||||
immich.enable = false;
|
||||
homepage.enable = false;
|
||||
uptime-kuma.enable = false;
|
||||
pingvin-share.enable = false;
|
||||
vaultwarden.enable = false;
|
||||
paperless-ngx.enable = false;
|
||||
beszel.enable = false;
|
||||
storage.enable = false;
|
||||
homeassistant.enable = false;
|
||||
karakeep.enable = false;
|
||||
vikunja.enable = false;
|
||||
stalwart.enable = false;
|
||||
linkding.enable = false;
|
||||
static.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [
|
||||
unstable.helix
|
||||
lazygit
|
||||
];
|
||||
|
||||
# Enable home-manager
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
home.stateVersion = "24.05";
|
||||
};
|
||||
}
|
@@ -1,48 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
# CLI
|
||||
../../modules/system/cli/common.nix
|
||||
../../modules/system/cli/docker.nix
|
||||
|
||||
# Hardware
|
||||
../../modules/system/hardware/firewall.nix
|
||||
../../modules/system/hardware/garbage-collection.nix
|
||||
../../modules/system/hardware/locale.nix
|
||||
];
|
||||
|
||||
nix.settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
];
|
||||
};
|
||||
|
||||
# Bootloader.
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
||||
networking.hostName = "pm01vm01"; # Define your hostname.
|
||||
|
||||
users.users.xeovalyte = {
|
||||
isNormalUser = true;
|
||||
description = "Timo Boomers";
|
||||
extraGroups = [ "networkmanager" "wheel" ];
|
||||
};
|
||||
|
||||
# Enable ssh
|
||||
services.openssh.enable = true;
|
||||
|
||||
# Forward ports
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 80 443 53 ];
|
||||
allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
}
|
@@ -1,37 +0,0 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ohci_pci" "ehci_pci" "virtio_pci" "ahci" "usbhid" "sr_mod" "virtio_blk" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/47301fe6-a7db-4ffd-854a-beddd53b6d99";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/6A5B-F811";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0077" "dmask=0077" ];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp0s8.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
@@ -1,48 +0,0 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# Gui
|
||||
../../modules/home/gui/theming.nix
|
||||
|
||||
# CLI
|
||||
../../modules/home/cli/common
|
||||
../../modules/home/cli/yazi.nix
|
||||
];
|
||||
|
||||
|
||||
options = {
|
||||
host = lib.mkOption {
|
||||
type = with lib.types; str;
|
||||
description = ''
|
||||
Define the host of the machine
|
||||
'';
|
||||
};
|
||||
|
||||
headless = lib.mkOption {
|
||||
type = with lib.types; bool;
|
||||
description = ''
|
||||
Is this machine headless?
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
home = {
|
||||
username = "xeovalyte";
|
||||
homeDirectory = "/home/xeovalyte";
|
||||
};
|
||||
|
||||
host = "pm01vm01";
|
||||
headless = true;
|
||||
|
||||
home.packages = with pkgs; [
|
||||
];
|
||||
|
||||
# Enable home-manager
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
home.stateVersion = "24.05";
|
||||
};
|
||||
|
||||
}
|
97
hosts/ti-clt-dsk01/configuration.nix
Normal file
97
hosts/ti-clt-dsk01/configuration.nix
Normal file
@@ -0,0 +1,97 @@
|
||||
{ inputs, outputs, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
../../modules/system
|
||||
];
|
||||
|
||||
settings = {
|
||||
hostname = "ti-clt-dsk01";
|
||||
display-manager = "greetd";
|
||||
desktop-environments = {
|
||||
cosmic.enable = false;
|
||||
hyprland.enable = false;
|
||||
gnome.enable = false;
|
||||
niri.enable = true;
|
||||
};
|
||||
applications = {
|
||||
common.enable = true;
|
||||
steam.enable = true;
|
||||
thunar.enable = false;
|
||||
};
|
||||
services = {
|
||||
docker.enable = true;
|
||||
quickemu.enable = false;
|
||||
sunshine.enable = true;
|
||||
garbage-collection.enable = true;
|
||||
ssh.enable = true;
|
||||
};
|
||||
hardware = {
|
||||
fprint.enable = false;
|
||||
printing.enable = true;
|
||||
bluetooth.enable = true;
|
||||
firewall.enable = true;
|
||||
locale.enable = true;
|
||||
nvidia.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Users
|
||||
users.users.xeovalyte = {
|
||||
isNormalUser = true;
|
||||
description = "Timo Boomers";
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
|
||||
# Boot
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
device = "nodev";
|
||||
};
|
||||
|
||||
# Networking
|
||||
networking.interfaces.enp7s0.wakeOnLan.enable = true;
|
||||
networking.hosts = {
|
||||
"192.168.100.118" = [
|
||||
"tbmrs.nl"
|
||||
"auth.tbmrs.nl"
|
||||
"git.tbmrs.nl"
|
||||
"photos.tbmrs.nl"
|
||||
"home.tbmrs.nl"
|
||||
"uptime.tbmrs.nl"
|
||||
"share.tbmrs.nl"
|
||||
"files.tbmrs.nl"
|
||||
"mail.tbmrs.nl"
|
||||
"vault.local.tbmrs.nl"
|
||||
"paperless.local.tbmrs.nl"
|
||||
"monitor.local.tbmrs.nl"
|
||||
"syncthing.local.tbmrs.nl"
|
||||
"home-assistant.local.tbmrs.nl"
|
||||
"tasks.local.tbmrs.nl"
|
||||
"links.local.tbmrs.nl"
|
||||
"stream.local.tbmrs.nl"
|
||||
];
|
||||
};
|
||||
|
||||
# Temp keyboard override
|
||||
environment.systemPackages = with pkgs; [
|
||||
via
|
||||
vial
|
||||
];
|
||||
services.udev.packages = with pkgs; [
|
||||
via
|
||||
vial
|
||||
];
|
||||
|
||||
# manual udev override
|
||||
# services.udev.extraRules = ''
|
||||
# KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", ATTRS{idVendor}=="320f", ATTRS{idProduct}=="5055", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
|
||||
# '';
|
||||
|
||||
# state version
|
||||
system.stateVersion = "24.11";
|
||||
}
|
@@ -6,62 +6,76 @@
|
||||
../../modules/home/default.nix
|
||||
];
|
||||
|
||||
options = {
|
||||
host = lib.mkOption {
|
||||
type = with lib.types; str;
|
||||
description = ''
|
||||
Define the host of the machine
|
||||
'';
|
||||
};
|
||||
|
||||
headless = lib.mkOption {
|
||||
type = with lib.types; bool;
|
||||
description = ''
|
||||
Is this machine headless?
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
home = {
|
||||
username = "xeovalyte";
|
||||
homeDirectory = "/home/xeovalyte";
|
||||
};
|
||||
|
||||
host = "xv-desktop";
|
||||
headless = false;
|
||||
|
||||
home.packages = with pkgs; [
|
||||
unstable.prismlauncher
|
||||
unstable.vesktop
|
||||
unstable.baobab
|
||||
];
|
||||
|
||||
# Enable home-manager
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
settings = {
|
||||
host = "ti-clt-dsk01";
|
||||
|
||||
applications.common.enable = true;
|
||||
applications.alacritty.enable = false;
|
||||
applications.devenv.enable = true;
|
||||
applications.firefox.enable = true;
|
||||
applications.git.enable = true;
|
||||
applications.helix.enable = true;
|
||||
applications.helix = {
|
||||
enable = true;
|
||||
markdown = true;
|
||||
rust = true;
|
||||
systemverilog = true;
|
||||
nix = true;
|
||||
latex = true;
|
||||
vue = true;
|
||||
};
|
||||
applications.zsh.enable = true;
|
||||
applications.ssh.enable = true;
|
||||
applications.thunderbird.enable = true;
|
||||
applications.yazi.enable = true;
|
||||
applications.zellij.enable = true;
|
||||
applications.wezterm.enable = true;
|
||||
applications.typst.enable = true;
|
||||
applications.obs-studio.enable = true;
|
||||
|
||||
services.nextcloud-sync.enable = true;
|
||||
|
||||
theming.fonts.enable = true;
|
||||
theming.nix-colors.enable = false;
|
||||
theming.stylix.enable = true;
|
||||
theming.stylix.wallpaper = "wallpaper-2.png";
|
||||
theming.stylix.theme = "da-one-ocean";
|
||||
|
||||
desktop-environments.hyprland.enable = false;
|
||||
desktop-environments.niri.enable = true;
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [
|
||||
unstable.prismlauncher
|
||||
vesktop
|
||||
unstable.rnote
|
||||
unstable.inkscape
|
||||
unstable.gimp
|
||||
unstable.brave
|
||||
unstable.freecad
|
||||
hoppscotch
|
||||
unstable.blender
|
||||
unstable.signal-desktop
|
||||
unstable.ladybird
|
||||
unstable.prusa-slicer
|
||||
|
||||
unstable.surfer # waveform viewer
|
||||
pomodoro-gtk
|
||||
|
||||
# Office
|
||||
libreoffice
|
||||
|
||||
# Scripts
|
||||
(import ../../modules/scripts/save_image.nix { inherit pkgs; })
|
||||
];
|
||||
|
||||
# Enable home-manager
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
home.stateVersion = "24.05";
|
||||
};
|
||||
}
|
109
hosts/ti-clt-lpt01/configuration.nix
Normal file
109
hosts/ti-clt-lpt01/configuration.nix
Normal file
@@ -0,0 +1,109 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# Import hardware configuration
|
||||
./hardware-configuration.nix
|
||||
|
||||
# Import modules
|
||||
../../modules/system
|
||||
];
|
||||
|
||||
settings = {
|
||||
hostname = "ti-clt-lpt01";
|
||||
display-manager = "greetd";
|
||||
desktop-environments = {
|
||||
cosmic.enable = false;
|
||||
hyprland.enable = false;
|
||||
gnome.enable = false;
|
||||
niri.enable = true;
|
||||
};
|
||||
applications = {
|
||||
common.enable = true;
|
||||
steam.enable = true;
|
||||
thunar.enable = true;
|
||||
};
|
||||
services = {
|
||||
docker.enable = false;
|
||||
quickemu.enable = true;
|
||||
sunshine.enable = false;
|
||||
garbage-collection.enable = true;
|
||||
incus.enable = true;
|
||||
};
|
||||
hardware = {
|
||||
fprint.enable = true;
|
||||
printing.enable = true;
|
||||
bluetooth.enable = true;
|
||||
firewall.enable = true;
|
||||
locale.enable = true;
|
||||
nvidia.enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
# Users
|
||||
users.users.xeovalyte = {
|
||||
isNormalUser = true;
|
||||
description = "Timo Boomers";
|
||||
extraGroups = [ "networkmanager" "wheel" "dialout" "adbusers" ];
|
||||
};
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
programs.nix-ld.enable = true;
|
||||
programs.adb.enable = true;
|
||||
services.power-profiles-daemon.enable = true;
|
||||
|
||||
# Boot.
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
device = "nodev";
|
||||
configurationLimit = 32;
|
||||
};
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
boot.supportedFilesystems = [ "nfs" ];
|
||||
|
||||
# Networking
|
||||
networking.hosts = {
|
||||
"127.0.0.1" = [
|
||||
"tbmrs.nl"
|
||||
"auth.tbmrs.nl"
|
||||
"git.tbmrs.nl"
|
||||
"photos.tbmrs.nl"
|
||||
"home.tbmrs.nl"
|
||||
"uptime.tbmrs.nl"
|
||||
"share.tbmrs.nl"
|
||||
"vault.local.tbmrs.nl"
|
||||
"paperless.local.tbmrs.nl"
|
||||
"monitor.local.tbmrs.nl"
|
||||
];
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 80 443 53 ];
|
||||
allowedUDPPorts = [ 80 443 53 ];
|
||||
};
|
||||
|
||||
# Obs
|
||||
programs.obs-studio = {
|
||||
enable = true;
|
||||
|
||||
# optional Nvidia hardware acceleration
|
||||
package = (
|
||||
pkgs.obs-studio.override {
|
||||
cudaSupport = true;
|
||||
}
|
||||
);
|
||||
|
||||
plugins = with pkgs.obs-studio-plugins; [
|
||||
wlrobs
|
||||
obs-vaapi #optional AMD hardware acceleration
|
||||
obs-gstreamer
|
||||
obs-vkcapture
|
||||
];
|
||||
};
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
}
|
@@ -1,4 +1,4 @@
|
||||
{ pkgs, lib, ... }:
|
||||
{ pkgs, lib, inputs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
@@ -6,58 +6,53 @@
|
||||
../../modules/home/default.nix
|
||||
];
|
||||
|
||||
options = {
|
||||
host = lib.mkOption {
|
||||
type = with lib.types; str;
|
||||
description = ''
|
||||
Define the host of the machine
|
||||
'';
|
||||
};
|
||||
|
||||
headless = lib.mkOption {
|
||||
type = with lib.types; bool;
|
||||
description = ''
|
||||
Is this machine headless?
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
home = {
|
||||
username = "xeovalyte";
|
||||
homeDirectory = "/home/xeovalyte";
|
||||
};
|
||||
|
||||
host = "xv-laptop";
|
||||
headless = false;
|
||||
|
||||
settings = {
|
||||
host = "ti-clt-lpt01";
|
||||
|
||||
applications.common.enable = true;
|
||||
applications.alacritty.enable = true;
|
||||
applications.devenv.enable = true;
|
||||
applications.firefox.enable = true;
|
||||
applications.git.enable = true;
|
||||
applications.helix.enable = true;
|
||||
applications.helix = {
|
||||
enable = true;
|
||||
markdown = true;
|
||||
rust = true;
|
||||
systemverilog = true;
|
||||
nix = true;
|
||||
latex = true;
|
||||
vue = true;
|
||||
};
|
||||
applications.zsh.enable = true;
|
||||
applications.ssh.enable = true;
|
||||
applications.thunderbird.enable = true;
|
||||
applications.yazi.enable = true;
|
||||
applications.zellij.enable = true;
|
||||
applications.wezterm.enable = true;
|
||||
applications.nushell.enable = false;
|
||||
applications.typst.enable = true;
|
||||
# applications.obs-studio.enable = true;
|
||||
|
||||
services.nextcloud-sync.enable = true;
|
||||
|
||||
theming.fonts.enable = true;
|
||||
theming.nix-colors.enable = false;
|
||||
theming.stylix.enable = true;
|
||||
theming.stylix.wallpaper = "wallpaper-2.png";
|
||||
theming.stylix.theme = "da-one-ocean";
|
||||
|
||||
desktop-environments.hyprland.enable = false;
|
||||
desktop-environments.niri.enable = true;
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [
|
||||
# Desktop Applications
|
||||
kdenlive
|
||||
prismlauncher
|
||||
unstable.joplin-desktop
|
||||
unstable.prusa-slicer
|
||||
signal-desktop
|
||||
unstable.vesktop
|
||||
@@ -67,6 +62,12 @@
|
||||
loupe
|
||||
unstable.rnote
|
||||
unstable.bottles
|
||||
unstable.hoppscotch
|
||||
unstable.apostrophe
|
||||
unstable.surfer # waveform viewer
|
||||
unstable.vscode
|
||||
pomodoro-gtk
|
||||
unstable.brave
|
||||
|
||||
# Office
|
||||
libreoffice
|
||||
@@ -74,10 +75,8 @@
|
||||
# Image editing
|
||||
gimp
|
||||
inkscape
|
||||
unstable.obs-studio
|
||||
|
||||
# Development
|
||||
unstable.drawio
|
||||
unstable.moonlight-qt
|
||||
|
||||
# Scripts
|
||||
(import ../../modules/scripts/save_image.nix { inherit pkgs; })
|
||||
@@ -88,5 +87,4 @@
|
||||
|
||||
home.stateVersion = "24.05";
|
||||
};
|
||||
|
||||
}
|
@@ -6,10 +6,11 @@
|
||||
./hardware-configuration.nix
|
||||
|
||||
# Import modules
|
||||
../../modules/system/default.nix
|
||||
../../modules/system
|
||||
];
|
||||
|
||||
settings = {
|
||||
hostname = "ti-clt-tbl01";
|
||||
display-manager = "gdm";
|
||||
desktop-environments = {
|
||||
cosmic.enable = false;
|
||||
@@ -37,17 +38,11 @@
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cosmic.cachix.org/"
|
||||
];
|
||||
|
||||
trusted-public-keys = [
|
||||
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
|
||||
];
|
||||
# Users
|
||||
users.users.xeovalyte = {
|
||||
isNormalUser = true;
|
||||
description = "Timo Boomers";
|
||||
extraGroups = [ "networkmanager" "wheel" "dialout" ];
|
||||
};
|
||||
|
||||
# Bootloader.
|
||||
@@ -58,24 +53,8 @@
|
||||
device = "nodev";
|
||||
configurationLimit = 32;
|
||||
};
|
||||
|
||||
networking.hostName = "xv-laptop"; # Define your hostname.
|
||||
|
||||
users.users.xeovalyte = {
|
||||
isNormalUser = true;
|
||||
description = "Timo Boomers";
|
||||
extraGroups = [ "networkmanager" "wheel" "dialout" ];
|
||||
};
|
||||
|
||||
nix.settings.trusted-users = [ "root" "xeovalyte" ];
|
||||
|
||||
# Prevent system freeze on high load
|
||||
services.earlyoom = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
system.stateVersion = "24.11";
|
||||
|
||||
}
|
@@ -14,18 +14,18 @@
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/09e81450-2741-4218-a2e5-780515cd90b9";
|
||||
{ device = "/dev/disk/by-uuid/4d44a7fb-9a4f-4d55-8daf-1c93f08485dd";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/FC00-C9A3";
|
||||
{ device = "/dev/disk/by-uuid/30EC-F045";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0077" "dmask=0077" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/30618725-d8ff-40c9-b218-6b1f7aaf9155"; }
|
||||
[ { device = "/dev/disk/by-uuid/e803d3e2-28f0-427d-88e2-e0daf62f47fa"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
@@ -6,32 +6,15 @@
|
||||
../../modules/home/default.nix
|
||||
];
|
||||
|
||||
options = {
|
||||
host = lib.mkOption {
|
||||
type = with lib.types; str;
|
||||
description = ''
|
||||
Define the host of the machine
|
||||
'';
|
||||
};
|
||||
|
||||
headless = lib.mkOption {
|
||||
type = with lib.types; bool;
|
||||
description = ''
|
||||
Is this machine headless?
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
home = {
|
||||
username = "xeovalyte";
|
||||
homeDirectory = "/home/xeovalyte";
|
||||
};
|
||||
|
||||
host = "xv-surface";
|
||||
headless = false;
|
||||
|
||||
settings = {
|
||||
host = "ti-clt-tbl01";
|
||||
|
||||
applications.common.enable = true;
|
||||
applications.alacritty.enable = false;
|
||||
applications.devenv.enable = false;
|
||||
@@ -43,11 +26,14 @@
|
||||
applications.thunderbird.enable = false;
|
||||
applications.yazi.enable = true;
|
||||
applications.zellij.enable = false;
|
||||
applications.wezterm.enable = false;
|
||||
|
||||
services.nextcloud-sync.enable = true;
|
||||
|
||||
theming.fonts.enable = true;
|
||||
theming.nix-colors.enable = true;
|
||||
theming.stylix.enable = true;
|
||||
theming.stylix.wallpaper = "wallpaper-2.png";
|
||||
theming.stylix.theme = "da-one-ocean";
|
||||
|
||||
desktop-environments.hyprland.enable = false;
|
||||
};
|
||||
@@ -55,9 +41,8 @@
|
||||
home.packages = with pkgs; [
|
||||
# Desktop Applications
|
||||
unstable.rnote
|
||||
|
||||
# Office
|
||||
libreoffice
|
||||
unstable.xournalpp
|
||||
unstable.koreader
|
||||
];
|
||||
|
||||
# Enable home-manager
|
||||
@@ -65,5 +50,4 @@
|
||||
|
||||
home.stateVersion = "24.05";
|
||||
};
|
||||
|
||||
}
|
84
hosts/v-th-ctr-01/configuration.nix
Normal file
84
hosts/v-th-ctr-01/configuration.nix
Normal file
@@ -0,0 +1,84 @@
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ modulesPath, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# Include the default incus configuration.
|
||||
"${modulesPath}/virtualisation/lxc-container.nix"
|
||||
# Include the container-specific autogenerated configuration.
|
||||
../../modules/system/default.nix
|
||||
];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
|
||||
settings = {
|
||||
hostname = "v-th-ctr-01";
|
||||
display-manager = "none";
|
||||
desktop-environments = {
|
||||
cosmic.enable = false;
|
||||
hyprland.enable = false;
|
||||
gnome.enable = false;
|
||||
};
|
||||
applications = {
|
||||
common.enable = true;
|
||||
steam.enable = false;
|
||||
thunar.enable = false;
|
||||
};
|
||||
services = {
|
||||
docker.enable = false;
|
||||
podman.enable = true;
|
||||
quickemu.enable = false;
|
||||
sunshine.enable = false;
|
||||
garbage-collection.enable = true;
|
||||
incus.enable = false;
|
||||
ssh.enable = true;
|
||||
};
|
||||
hardware = {
|
||||
fprint.enable = false;
|
||||
printing.enable = false;
|
||||
bluetooth.enable = false;
|
||||
firewall.enable = true;
|
||||
locale.enable = true;
|
||||
nvidia.enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
users.users.deploy = {
|
||||
isNormalUser = true;
|
||||
description = "Deploy";
|
||||
extraGroups = [ "networkmanager" "wheel" "dialout" ];
|
||||
linger = true;
|
||||
};
|
||||
|
||||
# networking
|
||||
networking = {
|
||||
dhcpcd.enable = false;
|
||||
useDHCP = false;
|
||||
useHostResolvConf = false;
|
||||
};
|
||||
|
||||
networking.hosts = {
|
||||
"127.0.0.1" = [ "tbmrs.nl" ];
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 1080 1443 1053 ];
|
||||
allowedUDPPorts = [ 1080 1443 1053 ];
|
||||
};
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks."50-eth0" = {
|
||||
matchConfig.Name = "eth0";
|
||||
networkConfig = {
|
||||
DHCP = "ipv4";
|
||||
IPv6AcceptRA = true;
|
||||
};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
};
|
||||
}
|
76
hosts/v-th-ctr-01/home.nix
Normal file
76
hosts/v-th-ctr-01/home.nix
Normal file
@@ -0,0 +1,76 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# Modules
|
||||
../../modules/home/default.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
home = {
|
||||
username = "deploy";
|
||||
homeDirectory = "/home/deploy";
|
||||
};
|
||||
|
||||
settings = {
|
||||
host = "v-th-ctr-01";
|
||||
|
||||
applications.common.enable = false;
|
||||
applications.alacritty.enable = false;
|
||||
applications.devenv.enable = false;
|
||||
applications.firefox.enable = false;
|
||||
applications.git.enable = false;
|
||||
applications.helix.enable = true;
|
||||
applications.zsh.enable = true;
|
||||
applications.ssh.enable = true;
|
||||
applications.thunderbird.enable = false;
|
||||
applications.yazi.enable = true;
|
||||
applications.zellij.enable = true;
|
||||
applications.wezterm.enable = false;
|
||||
|
||||
services.nextcloud-sync.enable = false;
|
||||
services.podman.enable = true;
|
||||
services.sops.enable = true;
|
||||
|
||||
theming.fonts.enable = false;
|
||||
theming.stylix.enable = false;
|
||||
theming.stylix.wallpaper = "wallpaper-2.png";
|
||||
theming.stylix.theme = "da-one-ocean";
|
||||
|
||||
desktop-environments.hyprland.enable = false;
|
||||
|
||||
containers = {
|
||||
network.enable = true;
|
||||
|
||||
nginx.enable = true;
|
||||
caddy.enable = true;
|
||||
kanidm.enable = true;
|
||||
forgejo.enable = true;
|
||||
immich.enable = true;
|
||||
homepage.enable = true;
|
||||
uptime-kuma.enable = true;
|
||||
pingvin-share.enable = true;
|
||||
vaultwarden.enable = true;
|
||||
paperless-ngx.enable = true;
|
||||
beszel.enable = true;
|
||||
storage.enable = true;
|
||||
homeassistant.enable = true;
|
||||
karakeep.enable = false;
|
||||
vikunja.enable = true;
|
||||
stalwart.enable = true;
|
||||
linkding.enable = true;
|
||||
jellyfin.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [
|
||||
unstable.helix
|
||||
lazygit
|
||||
];
|
||||
|
||||
# Enable home-manager
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
home.stateVersion = "24.05";
|
||||
};
|
||||
}
|
35
justfile
35
justfile
@@ -1,12 +1,39 @@
|
||||
set unstable
|
||||
|
||||
default:
|
||||
@just --choose
|
||||
@just --list
|
||||
|
||||
rebuild:
|
||||
update:
|
||||
git pull
|
||||
sudo nixos-rebuild switch --flake .
|
||||
home-manager switch --flake .
|
||||
|
||||
clean:
|
||||
sudo nix-collect-garbage -d
|
||||
nix-collect-garbage -d
|
||||
|
||||
fmt:
|
||||
nix fmt
|
||||
|
||||
alias s := switch
|
||||
|
||||
switch:
|
||||
sudo nixos-rebuild switch --flake .
|
||||
home-manager switch --flake .
|
||||
|
||||
rebuild-system:
|
||||
alias sw := switch-system
|
||||
|
||||
switch-system:
|
||||
sudo nixos-rebuild switch --flake .
|
||||
|
||||
rebuild-home-manager:
|
||||
alias sh := switch-home-manager
|
||||
|
||||
switch-home-manager:
|
||||
home-manager switch --flake .
|
||||
|
||||
alias gc := collect-garbage
|
||||
|
||||
collect-garbage:
|
||||
sudo nix-collect-garbage -d
|
||||
nix-collect-garbage -d
|
||||
|
||||
|
@@ -17,7 +17,7 @@ in {
|
||||
config = mkIf cfg.enable {
|
||||
home.packages = with pkgs; [
|
||||
vlc
|
||||
bitwarden
|
||||
unstable.bitwarden
|
||||
pavucontrol
|
||||
];
|
||||
};
|
||||
|
@@ -23,147 +23,158 @@ in {
|
||||
unstable.firefoxpwa
|
||||
];
|
||||
|
||||
programs.firefox = {
|
||||
enable = true;
|
||||
nativeMessagingHosts = [ pkgs.unstable.firefoxpwa ];
|
||||
policies = {
|
||||
DisableTelemetry = true;
|
||||
DisableFirefoxStudies = true;
|
||||
EnableTrackingProtection = {
|
||||
Value = true;
|
||||
Locked = true;
|
||||
Cryptomining = true;
|
||||
Fingerprinting = true;
|
||||
};
|
||||
DisablePocket = true;
|
||||
DisableFirefoxAccounts = true;
|
||||
DisableAccounts = true;
|
||||
DontCheckDefaultBrowser = true;
|
||||
DisplayBookmarksToolbar = "newpage";
|
||||
ExtensionSettings = {
|
||||
"nl-NL@dictionaries.addons.mozilla.org" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/woordenboek-nederlands/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
stylix.targets.firefox.profileNames = [ "${config.home.username}" ];
|
||||
|
||||
programs.firefox = lib.mkMerge [
|
||||
{
|
||||
enable = true;
|
||||
}
|
||||
(lib.mkIf (config.home.username == "xeovalyte") {
|
||||
nativeMessagingHosts = [ pkgs.unstable.firefoxpwa ];
|
||||
policies = {
|
||||
DisableTelemetry = true;
|
||||
DisableFirefoxStudies = true;
|
||||
EnableTrackingProtection = {
|
||||
Value = true;
|
||||
Locked = true;
|
||||
Cryptomining = true;
|
||||
Fingerprinting = true;
|
||||
};
|
||||
"uBlock0@raymondhill.net" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
};
|
||||
"{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
};
|
||||
"firefoxpwa@filips.si" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/pwas-for-firefox/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
};
|
||||
"markdown-viewer@outofindex.com" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/markdown-viewer-chrome/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
DisablePocket = true;
|
||||
DisableFirefoxAccounts = true;
|
||||
DisableAccounts = true;
|
||||
DontCheckDefaultBrowser = true;
|
||||
DisplayBookmarksToolbar = "newpage";
|
||||
ExtensionSettings = {
|
||||
"nl-NL@dictionaries.addons.mozilla.org" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/woordenboek-nederlands/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
};
|
||||
"uBlock0@raymondhill.net" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
};
|
||||
"{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
};
|
||||
"firefoxpwa@filips.si" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/pwas-for-firefox/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
};
|
||||
"markdown-viewer@outofindex.com" = {
|
||||
install_url = "https://addons.mozilla.org/firefox/downloads/latest/markdown-viewer-chrome/latest.xpi";
|
||||
installation_mode = "force_installed";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
profiles.xeovalyte = {
|
||||
bookmarks = [
|
||||
{
|
||||
name = "Toolbar";
|
||||
toolbar = true;
|
||||
bookmarks = [
|
||||
{
|
||||
name = "Brightspace";
|
||||
bookmarks = [
|
||||
{
|
||||
name = "Books";
|
||||
url = "https://drive.google.com/drive/folders/1L5OTbn5p3i7_Nc80hc5PztiEGHKwi-I4";
|
||||
}
|
||||
{
|
||||
name = "LCB";
|
||||
url = "https://brightspace.tudelft.nl/d2l/le/content/681010/Home";
|
||||
}
|
||||
{
|
||||
name = "Calculus";
|
||||
url = "https://brightspace.tudelft.nl/d2l/le/content/681024/Home";
|
||||
}
|
||||
{
|
||||
name = "IP1";
|
||||
url = "https://brightspace.tudelft.nl/d2l/le/content/681020/Home";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
search.engines = {
|
||||
"Nix" = {
|
||||
urls = [{
|
||||
template = "https://mynixos.com/search";
|
||||
params = [
|
||||
{ name = "q"; value = "{searchTerms}"; }
|
||||
];
|
||||
}];
|
||||
|
||||
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
|
||||
definedAliases = [ "@nix" ];
|
||||
};
|
||||
|
||||
"SearXNG" = {
|
||||
urls = [{
|
||||
template = "https:/search.xeovalyte.dev/search";
|
||||
params = [
|
||||
{ name = "q"; value = "{searchTerms}"; }
|
||||
];
|
||||
}];
|
||||
|
||||
definedAliases = [ "@searxng" ];
|
||||
};
|
||||
|
||||
"Startpage" = {
|
||||
urls = [{
|
||||
template = "https:/startpage.com/sp/search";
|
||||
params = [
|
||||
{ name = "q"; value = "{searchTerms}"; }
|
||||
];
|
||||
}];
|
||||
|
||||
definedAliases = [ "@sp" ];
|
||||
};
|
||||
|
||||
"Bing".metaData.hidden = true;
|
||||
"Google".metaData.hidden = true;
|
||||
"eBay".metaData.hidden = true;
|
||||
};
|
||||
search.force = true;
|
||||
search.default = "SearXNG";
|
||||
|
||||
settings = {
|
||||
"browser.disableResetPrompt" = true;
|
||||
"browser.download.panel.shown" = true;
|
||||
"browser.download.useDownloadDir" = false;
|
||||
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
|
||||
"browser.shell.checkDefaultBrowser" = false;
|
||||
"browser.shell.defaultBrowserCheckCount" = 1;
|
||||
"dom.security.https_only_mode" = true;
|
||||
"privacy.trackingProtection.enabled" = true;
|
||||
"browser.toolbars.bookmarks.visibility" = "newtab";
|
||||
"browser.translations.neverTranslateLanguages" = "nl";
|
||||
"browser.newtabpage.pinned" = [
|
||||
profiles.${config.home.username} = {
|
||||
bookmarks.force = true;
|
||||
bookmarks.settings = [
|
||||
{
|
||||
label = "Server";
|
||||
url = "https://home.xeovalyte.dev";
|
||||
}
|
||||
{
|
||||
label = "Youtube";
|
||||
url = "https://youtube.com";
|
||||
}
|
||||
{
|
||||
label = "My TU Delft";
|
||||
url = "https://my.tudelft.nl/";
|
||||
name = "Toolbar";
|
||||
toolbar = true;
|
||||
bookmarks = [
|
||||
{
|
||||
name = "Brightspace";
|
||||
bookmarks = [
|
||||
{
|
||||
name = "Books";
|
||||
url = "https://drive.google.com/drive/folders/1L5OTbn5p3i7_Nc80hc5PztiEGHKwi-I4";
|
||||
}
|
||||
{
|
||||
name = "Linear algebra and Differential equations";
|
||||
url = "https://brightspace.tudelft.nl/d2l/le/content/681028/Home";
|
||||
}
|
||||
{
|
||||
name = "Electrical Energy Fundamentals";
|
||||
url = "https://brightspace.tudelft.nl/d2l/le/content/681016/Home";
|
||||
}
|
||||
{
|
||||
name = "IP 2";
|
||||
url = "https://brightspace.tudelft.nl/d2l/le/content/681022/Home";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
"signon.rememberSignons" = false;
|
||||
search.engines = {
|
||||
"Nix" = {
|
||||
urls = [{
|
||||
template = "https://mynixos.com/search";
|
||||
params = [
|
||||
{ name = "q"; value = "{searchTerms}"; }
|
||||
];
|
||||
}];
|
||||
|
||||
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
|
||||
definedAliases = [ "@nix" ];
|
||||
};
|
||||
|
||||
"SearXNG" = {
|
||||
urls = [{
|
||||
template = "https:/search.xeovalyte.dev/search";
|
||||
params = [
|
||||
{ name = "q"; value = "{searchTerms}"; }
|
||||
];
|
||||
}];
|
||||
|
||||
definedAliases = [ "@searxng" ];
|
||||
};
|
||||
|
||||
"Startpage" = {
|
||||
urls = [{
|
||||
template = "https:/startpage.com/sp/search";
|
||||
params = [
|
||||
{ name = "q"; value = "{searchTerms}"; }
|
||||
];
|
||||
}];
|
||||
|
||||
definedAliases = [ "@sp" ];
|
||||
};
|
||||
|
||||
"bing".metaData.hidden = true;
|
||||
"google".metaData.hidden = true;
|
||||
"ebay".metaData.hidden = true;
|
||||
};
|
||||
search.force = true;
|
||||
search.default = "ddg";
|
||||
|
||||
settings = {
|
||||
"browser.disableResetPrompt" = true;
|
||||
"browser.download.panel.shown" = true;
|
||||
"browser.download.useDownloadDir" = false;
|
||||
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
|
||||
"browser.shell.checkDefaultBrowser" = false;
|
||||
"browser.shell.defaultBrowserCheckCount" = 1;
|
||||
"dom.security.https_only_mode" = true;
|
||||
"privacy.trackingProtection.enabled" = true;
|
||||
"browser.toolbars.bookmarks.visibility" = "newtab";
|
||||
"browser.translations.neverTranslateLanguages" = "nl";
|
||||
"browser.newtabpage.pinned" = [
|
||||
{
|
||||
label = "Server";
|
||||
url = "https://home.xeovalyte.dev";
|
||||
}
|
||||
{
|
||||
label = "Youtube";
|
||||
url = "https://youtube.com";
|
||||
}
|
||||
{
|
||||
label = "My TU Delft";
|
||||
url = "https://my.tudelft.nl/";
|
||||
}
|
||||
{
|
||||
label = "Vikunja";
|
||||
url = "https://vikunja.xeovalyte.dev/";
|
||||
}
|
||||
];
|
||||
"signon.rememberSignons" = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
|
@@ -35,7 +35,7 @@ in {
|
||||
programs.git = mkIf cfg.lazygit.enable {
|
||||
enable = true;
|
||||
userEmail = "me+gitea@xeovalyte.dev";
|
||||
userName = "xeovalyte";
|
||||
userName = "Timo Boomers";
|
||||
extraConfig = {
|
||||
commit.gpgsign = true;
|
||||
gpg.format = "ssh";
|
||||
|
@@ -12,56 +12,105 @@ in {
|
||||
Enable helix text editor
|
||||
'';
|
||||
};
|
||||
|
||||
settings.applications.helix.markdown = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable markdown language support
|
||||
'';
|
||||
};
|
||||
|
||||
settings.applications.helix.systemverilog = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable systemverilog language support
|
||||
'';
|
||||
};
|
||||
|
||||
settings.applications.helix.nix = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Enable nix language support
|
||||
'';
|
||||
};
|
||||
|
||||
settings.applications.helix.latex = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Enable latex language support
|
||||
'';
|
||||
};
|
||||
|
||||
settings.applications.helix.vue = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Enable vue/nuxt language support
|
||||
'';
|
||||
};
|
||||
|
||||
settings.applications.helix.rust = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable rust language support
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
home.packages = with pkgs; [
|
||||
unstable.marksman
|
||||
unstable.markdown-oxide
|
||||
unstable.svls
|
||||
unstable.nil
|
||||
unstable.nixpkgs-fmt
|
||||
unstable.tectonic
|
||||
unstable.texlab
|
||||
dprint
|
||||
home.packages = with pkgs; lib.concatLists [
|
||||
(lib.optionals cfg.markdown [ unstable.marksman unstable.markdown-oxide dprint ])
|
||||
(lib.optionals cfg.systemverilog [ unstable.svls ])
|
||||
(lib.optionals cfg.nix [ unstable.nix unstable.nixpkgs-fmt ])
|
||||
(lib.optionals cfg.latex [ tectonic unstable.texlab ])
|
||||
(lib.optionals cfg.vue [ unstable.vue-language-server unstable.typescript unstable.typescript-language-server ])
|
||||
];
|
||||
|
||||
home.file.".config/.dprint.json".text =''
|
||||
{
|
||||
"markdown": {
|
||||
"lineWidth":120,
|
||||
},
|
||||
"excludes": [],
|
||||
"plugins": [
|
||||
"https://plugins.dprint.dev/markdown-0.16.1.wasm"
|
||||
]
|
||||
}
|
||||
'';
|
||||
# Markdown
|
||||
home.file.".config/.dprint.json" = lib.mkIf cfg.markdown {
|
||||
text = ''
|
||||
{
|
||||
"markdown": {
|
||||
"lineWidth":120,
|
||||
},
|
||||
"excludes": [],
|
||||
"plugins": [
|
||||
"https://plugins.dprint.dev/markdown-0.16.1.wasm"
|
||||
]
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
programs.helix = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.helix;
|
||||
defaultEditor = true;
|
||||
settings = {
|
||||
# theme = "base16";
|
||||
editor.cursor-shape = {
|
||||
insert = "bar";
|
||||
};
|
||||
editor.end-of-line-diagnostics = "hint";
|
||||
};
|
||||
languages = {
|
||||
# Rust
|
||||
language-server.rust-analyzer.config = {
|
||||
language-server.rust-analyzer.config = lib.mkIf cfg.rust {
|
||||
cargo = {
|
||||
features = "all";
|
||||
};
|
||||
};
|
||||
|
||||
# Systemverilog
|
||||
language-server.svls = {
|
||||
language-server.svls = lib.mkIf cfg.systemverilog {
|
||||
command = "svls";
|
||||
};
|
||||
|
||||
language-server.texlab = {
|
||||
# Latex
|
||||
language-server.texlab = lib.mkIf cfg.latex {
|
||||
config = {
|
||||
texlab.chktex = {
|
||||
onOpenAndSave = true;
|
||||
@@ -95,20 +144,44 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
language = [
|
||||
{
|
||||
language-server.typescript-language-server.config = lib.mkIf cfg.vue {
|
||||
# tsserver = {
|
||||
# path = "${pkgs.unstable.typescript}/bin/tsserver";
|
||||
# };
|
||||
plugins = [
|
||||
{
|
||||
name = "@vue/typescript-plugin";
|
||||
location = "${pkgs.unstable.vue-language-server}/bin/vue-language-server}";
|
||||
languages = ["vue"];
|
||||
}
|
||||
];
|
||||
|
||||
vue.inlayHints = {
|
||||
includeInlayEnumMemberValueHints = true;
|
||||
includeInlayFunctionLikeReturnTypeHints = true;
|
||||
includeInlayFunctionParameterTypeHints = true;
|
||||
includeInlayParameterNameHints = "all";
|
||||
includeInlayParameterNameHintsWhenArgumentMatchesName = true;
|
||||
includeInlayPropertyDeclarationTypeHints = true;
|
||||
includeInlayVariableTypeHints = true;
|
||||
};
|
||||
};
|
||||
# language-server.vue-language-server = {
|
||||
# command = "${pkgs.vue-language-server}/bin/vue-language-server";
|
||||
# args = [ "--stdio" ];
|
||||
# config = {
|
||||
# typescript = {
|
||||
# tsdk = "${pkgs.typescript}/bin/";
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
|
||||
language = lib.concatLists [
|
||||
(lib.optionals cfg.systemverilog [{
|
||||
name = "verilog";
|
||||
language-servers = [ "svls" ];
|
||||
}
|
||||
{
|
||||
name = "html";
|
||||
language-servers = [ "vscode-html-language-server" "tailwindcss-ls" ];
|
||||
}
|
||||
{
|
||||
name = "css";
|
||||
language-servers = [ "vscode-html-language-server" "tailwindcss-ls" ];
|
||||
}
|
||||
{
|
||||
}])
|
||||
(lib.optionals cfg.markdown [{
|
||||
name = "markdown";
|
||||
auto-format = true;
|
||||
language-servers = [ "markdown-oxide" ];
|
||||
@@ -119,100 +192,13 @@ in {
|
||||
name = "typst";
|
||||
auto-format = false;
|
||||
formatter.command = "${pkgs.typstfmt}/bin/typstfmt";
|
||||
}
|
||||
}])
|
||||
(lib.optionals cfg.vue [{
|
||||
name = "vue";
|
||||
language-servers = ["vuels" "typescript-language-server"];
|
||||
}])
|
||||
];
|
||||
};
|
||||
# themes = {
|
||||
# base16 = let
|
||||
# base00 = "#${config.colorScheme.palette.base00}";
|
||||
# base01 = "#${config.colorScheme.palette.base01}";
|
||||
# base02 = "#${config.colorScheme.palette.base02}";
|
||||
# base03 = "#${config.colorScheme.palette.base03}";
|
||||
# base04 = "#${config.colorScheme.palette.base04}";
|
||||
# base05 = "#${config.colorScheme.palette.base05}";
|
||||
# base06 = "#${config.colorScheme.palette.base06}";
|
||||
# base07 = "#${config.colorScheme.palette.base07}";
|
||||
# base08 = "#${config.colorScheme.palette.base08}";
|
||||
# base09 = "#${config.colorScheme.palette.base09}";
|
||||
# base0A = "#${config.colorScheme.palette.base0A}";
|
||||
# base0B = "#${config.colorScheme.palette.base0B}";
|
||||
# base0C = "#${config.colorScheme.palette.base0C}";
|
||||
# base0D = "#${config.colorScheme.palette.base0D}";
|
||||
# base0E = "#${config.colorScheme.palette.base0E}";
|
||||
# base0F = "#${config.colorScheme.palette.base0F}";
|
||||
# in {
|
||||
# "attributes" = base09;
|
||||
# "comment" = { fg = base03; modifiers = ["italic"]; };
|
||||
# "constant" = base09;
|
||||
# "constant.character.escape" = base0C;
|
||||
# "constant.numeric" = base09;
|
||||
# "constructor" = base0D;
|
||||
# "debug" = base03;
|
||||
# "diagnostic" = { modifiers = ["underlined"]; };
|
||||
# "diff.delta" = base09;
|
||||
# "diff.minus" = base08;
|
||||
# "diff.plus" = base0B;
|
||||
# "error" = base08;
|
||||
# "function" = base0D;
|
||||
# "hint" = base03;
|
||||
# "info" = base0D;
|
||||
# "keyword" = base0E;
|
||||
# "label" = base0E;
|
||||
# "namespace" = base0E;
|
||||
# "operator" = base05;
|
||||
# "special" = base0D;
|
||||
# "string" = base0B;
|
||||
# "type" = base0A;
|
||||
# "variable" = base08;
|
||||
# "variable.other.member" = base0B;
|
||||
# "warning" = base09;
|
||||
|
||||
# "markup.bold" = { fg = base0A; modifiers = ["bold"]; };
|
||||
# "markup.heading" = base0D;
|
||||
# "markup.italic" = { fg = base0E; modifiers = ["italic"]; };
|
||||
# "markup.link.text" = base08;
|
||||
# "markup.link.url" = { fg = base09; modifiers = ["underlined"]; };
|
||||
# "markup.list" = base08;
|
||||
# "markup.quote" = base0C;
|
||||
# "markup.raw" = base0B;
|
||||
# "markup.strikethrough" = { modifiers = ["crossed_out"]; };
|
||||
|
||||
# "diagnostic.hint" = { underline = { style = "curl"; }; };
|
||||
# "diagnostic.info" = { underline = { style = "curl"; }; };
|
||||
# "diagnostic.warning" = { underline = { style = "curl"; }; };
|
||||
# "diagnostic.error" = { underline = { style = "curl"; }; };
|
||||
|
||||
# # "ui.background" = { bg = base00; };
|
||||
# "ui.bufferline.active" = { fg = base00; bg = base03; modifiers = ["bold"]; };
|
||||
# "ui.bufferline" = { fg = base04; bg = base00; };
|
||||
# "ui.cursor" = { fg = base0A; modifiers = ["reversed"]; };
|
||||
# "ui.cursor.insert" = { fg = base0A; modifiers = ["reversed"]; };
|
||||
# "ui.cursorline.primary" = { fg = base05; bg = base01; };
|
||||
# "ui.cursor.match" = { fg = base0A; modifiers = ["reversed"]; };
|
||||
# "ui.cursor.select" = { fg = base0A; modifiers = ["reversed"]; };
|
||||
# "ui.gutter" = { bg = base00; };
|
||||
# "ui.help" = { fg = base06; bg = base01; };
|
||||
# "ui.linenr" = { fg = base03; bg = base00; };
|
||||
# "ui.linenr.selected" = { fg = base04; bg = base01; modifiers = ["bold"]; };
|
||||
# "ui.menu" = { fg = base05; bg = base01; };
|
||||
# "ui.menu.scroll" = { fg = base03; bg = base01; };
|
||||
# "ui.menu.selected" = { fg = base01; bg = base04; };
|
||||
# "ui.popup" = { bg = base01; };
|
||||
# "ui.selection" = { bg = base02; };
|
||||
# "ui.selection.primary" = { bg = base02; };
|
||||
# "ui.statusline" = { fg = base04; bg = base01; };
|
||||
# "ui.statusline.inactive" = { bg = base01; fg = base03; };
|
||||
# "ui.statusline.insert" = { fg = base00; bg = base0B; };
|
||||
# "ui.statusline.normal" = { fg = base00; bg = base03; };
|
||||
# "ui.statusline.select" = { fg = base00; bg = base0F; };
|
||||
# "ui.text" = base05;
|
||||
# "ui.text.focus" = base05;
|
||||
# "ui.virtual.indent-guide" = { fg = base03; };
|
||||
# "ui.virtual.inlay-hint" = { fg = base01; };
|
||||
# "ui.virtual.ruler" = { bg = base01; };
|
||||
# "ui.window" = { bg = base01; };
|
||||
# };
|
||||
# };
|
||||
};
|
||||
};
|
||||
}
|
||||
|
37
modules/home/applications/nushell.nix
Normal file
37
modules/home/applications/nushell.nix
Normal file
@@ -0,0 +1,37 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.applications.nushell;
|
||||
in {
|
||||
options = {
|
||||
settings.applications.nushell.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Enable nushell shell
|
||||
'';
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
home.packages = with pkgs; [
|
||||
eza
|
||||
bat
|
||||
];
|
||||
|
||||
programs.bash = {
|
||||
enable = false;
|
||||
};
|
||||
|
||||
programs.nushell = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
programs.starship = {
|
||||
enable = true;
|
||||
enableNushellIntegration = true;
|
||||
};
|
||||
};
|
||||
}
|
27
modules/home/applications/obs-studio.nix
Normal file
27
modules/home/applications/obs-studio.nix
Normal file
@@ -0,0 +1,27 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.applications.obs-studio;
|
||||
in {
|
||||
options = {
|
||||
settings.applications.obs-studio.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Enable obs studio with optional plugins
|
||||
'';
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
programs.obs-studio = {
|
||||
enable = true;
|
||||
plugins = with pkgs.obs-studio-plugins; [
|
||||
wlrobs
|
||||
obs-vaapi #optional AMD hardware acceleration
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
@@ -30,6 +30,12 @@ in {
|
||||
user = "git";
|
||||
identityFile = "~/.ssh/gitea";
|
||||
};
|
||||
|
||||
"gitlab.ewi.tudelft.nl" = {
|
||||
hostname = "gitlab.ewi.tudelft.nl";
|
||||
user = "tboomers";
|
||||
identityFile = "~/.ssh/gitlab_tudelft";
|
||||
};
|
||||
};
|
||||
addKeysToAgent = "yes";
|
||||
};
|
||||
|
24
modules/home/applications/typst.nix
Normal file
24
modules/home/applications/typst.nix
Normal file
@@ -0,0 +1,24 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.applications.typst;
|
||||
in {
|
||||
options = {
|
||||
settings.applications.typst.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Enable typst
|
||||
'';
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
home.packages = with pkgs; [
|
||||
unstable.typst
|
||||
unstable.typst-live
|
||||
];
|
||||
};
|
||||
}
|
107
modules/home/applications/wezterm.nix
Normal file
107
modules/home/applications/wezterm.nix
Normal file
@@ -0,0 +1,107 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.applications.wezterm;
|
||||
in {
|
||||
options = {
|
||||
settings.applications.wezterm.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable wezterm terminal
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
programs.wezterm = {
|
||||
enable = true;
|
||||
enableZshIntegration = true;
|
||||
package = pkgs.unstable.wezterm;
|
||||
extraConfig = /* lua */ ''
|
||||
-- Pull in the wezterm API
|
||||
local wezterm = require 'wezterm'
|
||||
|
||||
-- This will hold the configuration.
|
||||
local config = wezterm.config_builder()
|
||||
local act = wezterm.action
|
||||
|
||||
-- This is where you actually apply your config choices
|
||||
|
||||
-- For example, changing the color scheme:
|
||||
config.enable_tab_bar = true
|
||||
config.use_fancy_tab_bar = false
|
||||
config.window_decorations = "NONE"
|
||||
config.tab_bar_at_bottom = true
|
||||
|
||||
config.keys = {
|
||||
-- Pane controls
|
||||
{
|
||||
key = 'h',
|
||||
mods = 'CTRL',
|
||||
action = act.ActivatePaneDirection 'Left',
|
||||
},
|
||||
{
|
||||
key = 'l',
|
||||
mods = 'CTRL',
|
||||
action = act.ActivatePaneDirection 'Right',
|
||||
},
|
||||
{
|
||||
key = 'k',
|
||||
mods = 'CTRL',
|
||||
action = act.ActivatePaneDirection 'Up',
|
||||
},
|
||||
{
|
||||
key = 'j',
|
||||
mods = 'CTRL',
|
||||
action = act.ActivatePaneDirection 'Down',
|
||||
},
|
||||
|
||||
-- Pane resizing
|
||||
{
|
||||
key = 'H',
|
||||
mods = 'CTRL',
|
||||
action = act.AdjustPaneSize { 'Left', 5 },
|
||||
},
|
||||
{
|
||||
key = 'L',
|
||||
mods = 'CTRL',
|
||||
action = act.AdjustPaneSize { 'Right', 5 },
|
||||
},
|
||||
{
|
||||
key = 'K',
|
||||
mods = 'CTRL',
|
||||
action = act.AdjustPaneSize { 'Up', 5 },
|
||||
},
|
||||
{
|
||||
key = 'J',
|
||||
mods = 'CTRL',
|
||||
action = act.AdjustPaneSize { 'Down', 5 },
|
||||
},
|
||||
{
|
||||
key = 'q',
|
||||
mods = 'CTRL',
|
||||
action = act.CloseCurrentPane { confirm = false },
|
||||
},
|
||||
|
||||
-- Tab management
|
||||
{ key = '1', mods = 'ALT', action = act.ActivateTab(0) },
|
||||
{ key = '2', mods = 'ALT', action = act.ActivateTab(1) },
|
||||
{ key = '3', mods = 'ALT', action = act.ActivateTab(2) },
|
||||
{ key = '4', mods = 'ALT', action = act.ActivateTab(3) },
|
||||
{ key = '5', mods = 'ALT', action = act.ActivateTab(4) },
|
||||
{
|
||||
key = 'q',
|
||||
mods = 'ALT',
|
||||
action = act.CloseCurrentTab { confirm = false },
|
||||
},
|
||||
}
|
||||
|
||||
-- and finally, return the configuration to wezterm
|
||||
return config
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@@ -1,9 +1,38 @@
|
||||
{ config, lib, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.applications.zellij;
|
||||
sesh = pkgs.writeScriptBin "sesh" ''
|
||||
#! /usr/bin/env sh
|
||||
|
||||
# Taken from https://github.com/zellij-org/zellij/issues/884#issuecomment-1851136980
|
||||
# select a directory using zoxide
|
||||
ZOXIDE_RESULT=$(${pkgs.zoxide}/bin/zoxide query --interactive)
|
||||
|
||||
# checks whether a directory has been selected
|
||||
if [[ -z "$ZOXIDE_RESULT" ]]; then
|
||||
# if there was no directory, select returns without executing
|
||||
exit 0
|
||||
fi
|
||||
# extracts the directory name from the absolute path
|
||||
SESSION_TITLE=$(echo "$ZOXIDE_RESULT" | sed 's#.*/##')
|
||||
|
||||
# get the list of sessions
|
||||
SESSION_LIST=$(zellij list-sessions -n | awk '{print $1}')
|
||||
|
||||
# checks if SESSION_TITLE is in the session list
|
||||
if echo "$SESSION_LIST" | grep -q "^$SESSION_TITLE$"; then
|
||||
# if so, attach to existing session
|
||||
zellij attach "$SESSION_TITLE"
|
||||
else
|
||||
# if not, create a new session
|
||||
echo "Creating new session $SESSION_TITLE and CD $ZOXIDE_RESULT"
|
||||
cd $ZOXIDE_RESULT
|
||||
zellij attach -c "$SESSION_TITLE"
|
||||
fi
|
||||
'';
|
||||
in {
|
||||
options = {
|
||||
settings.applications.zellij.enable = lib.mkOption {
|
||||
@@ -19,13 +48,23 @@ in {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
programs.zoxide = {
|
||||
enable = true;
|
||||
enableZshIntegration = true;
|
||||
};
|
||||
|
||||
home.packages = [
|
||||
sesh
|
||||
];
|
||||
|
||||
home.file.zellij = {
|
||||
target = ".config/zellij/config.kdl";
|
||||
text = ''
|
||||
pane_frames false
|
||||
pane_frames true
|
||||
keybinds {
|
||||
normal {
|
||||
bind "Ctrl e" { ToggleFloatingPanes; SwitchToMode "normal"; }
|
||||
bind "Ctrl d" { Detach; }
|
||||
bind "Alt 1" { GoToTab 1; }
|
||||
bind "Alt 2" { GoToTab 2; }
|
||||
bind "Alt 3" { GoToTab 3; }
|
||||
@@ -40,7 +79,7 @@ in {
|
||||
target = ".config/zellij/layouts/default.kdl";
|
||||
text = ''
|
||||
layout {
|
||||
pane
|
||||
pane borderless=true {}
|
||||
floating_panes {
|
||||
pane {
|
||||
width "80%"
|
||||
@@ -49,40 +88,8 @@ in {
|
||||
y "10%"
|
||||
}
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
home.file.zellij-layout-dioxus = {
|
||||
target = ".config/zellij/layouts/dioxus.kdl";
|
||||
text = ''
|
||||
layout {
|
||||
tab {
|
||||
pane {
|
||||
command "hx"
|
||||
args "."
|
||||
focus true
|
||||
}
|
||||
floating_panes {
|
||||
pane {
|
||||
width "80%"
|
||||
height "80%"
|
||||
x "10%"
|
||||
y "10%"
|
||||
}
|
||||
}
|
||||
}
|
||||
tab {
|
||||
pane {
|
||||
command "dx"
|
||||
args "serve"
|
||||
}
|
||||
}
|
||||
tab {
|
||||
pane {
|
||||
command "devenv"
|
||||
args "up"
|
||||
}
|
||||
pane size=1 borderless=true {
|
||||
plugin location="zellij:tab-bar"
|
||||
}
|
||||
}
|
||||
'';
|
||||
|
61
modules/home/containers/beszel.nix
Normal file
61
modules/home/containers/beszel.nix
Normal file
@@ -0,0 +1,61 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.beszel;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.beszel.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable Beszel container
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
settings.services.sops.enable = true;
|
||||
|
||||
services.podman.containers.beszel = {
|
||||
image = "henrygd/beszel:latest";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/beszel/data:/beszel_data"
|
||||
"%h/containers/beszel/socket:/beszel_socket"
|
||||
];
|
||||
environment = {
|
||||
DISABLE_PASSWORD_AUTH = false;
|
||||
USER_CREATION = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.podman.containers.beszel-agent = {
|
||||
image = "henrygd/beszel-agent:latest";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/beszel/socket:/beszel_socket"
|
||||
"/run/user/1000/podman/podman.sock:/var/run/podman.sock:ro"
|
||||
|
||||
"${config.sops.secrets."containers/beszel/key".path}:/run/secrets/key"
|
||||
];
|
||||
user = 1000;
|
||||
userNS = "keep-id";
|
||||
environment = {
|
||||
LISTEN = "/beszel_socket/beszel.sock";
|
||||
KEY_FILE = "/run/secrets/key";
|
||||
DOCKER_HOST = "unix:///var/run/podman.sock";
|
||||
};
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes.tbmrs-local.routes.beszel = {
|
||||
host = "monitor";
|
||||
url = "beszel:8090";
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"containers/beszel/key" = { };
|
||||
};
|
||||
};
|
||||
}
|
98
modules/home/containers/caddy.nix
Normal file
98
modules/home/containers/caddy.nix
Normal file
@@ -0,0 +1,98 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.caddy;
|
||||
|
||||
toInternal = name: routesDef: {
|
||||
name = name;
|
||||
host = routesDef.host;
|
||||
url = routesDef.url;
|
||||
};
|
||||
|
||||
generateRoutes = domain: entries: lib.concatMapStrings (route: ''
|
||||
@${route.name} host ${route.host}.${domain}
|
||||
handle @${route.name} {
|
||||
reverse_proxy ${route.url}
|
||||
}
|
||||
'') entries;
|
||||
|
||||
routesOption = lib.mkOption {
|
||||
type = types.attrsOf (types.submodule {
|
||||
options = {
|
||||
url = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
in {
|
||||
options = {
|
||||
settings.containers.caddy.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable caddy container
|
||||
'';
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes = mkOption {
|
||||
type = lib.types.attrsOf (types.submodule {
|
||||
options = {
|
||||
routes = routesOption;
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.containers.caddy = {
|
||||
image = "localhost/tboomers/caddy-custom:latest";
|
||||
network = "proxy";
|
||||
networkAlias = [
|
||||
"mail.tbmrs.nl"
|
||||
];
|
||||
ports = [
|
||||
"1080:80"
|
||||
"1443:443"
|
||||
];
|
||||
volumes = [
|
||||
"%h/containers/caddy/Caddyfile:/etc/caddy/Caddyfile"
|
||||
"%h/containers/caddy/acme_key:/etc/caddy/acme_key"
|
||||
"%h/containers/caddy/data:/data"
|
||||
];
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes = {
|
||||
tbmrs.domain = "tbmrs.nl";
|
||||
tbmrs-local.domain = "local.tbmrs.nl";
|
||||
};
|
||||
|
||||
home.file."containers/caddy/Caddyfile".text = ''
|
||||
*.tbmrs.nl, tbmrs.nl {
|
||||
tls {
|
||||
dns transip xeovalyte /etc/caddy/acme_key
|
||||
resolvers 1.1.1.1
|
||||
}
|
||||
|
||||
${generateRoutes cfg.routes.tbmrs.domain (mapAttrsToList toInternal cfg.routes.tbmrs.routes)}
|
||||
}
|
||||
|
||||
*.local.tbmrs.nl {
|
||||
tls {
|
||||
dns transip xeovalyte /etc/caddy/acme_key
|
||||
resolvers 1.1.1.1
|
||||
}
|
||||
|
||||
${generateRoutes cfg.routes.tbmrs-local.domain (mapAttrsToList toInternal cfg.routes.tbmrs-local.routes)}
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
37
modules/home/containers/forgejo.nix
Normal file
37
modules/home/containers/forgejo.nix
Normal file
@@ -0,0 +1,37 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.forgejo;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.forgejo.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable forgejo container
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.containers.forgejo = {
|
||||
image = "codeberg.org/forgejo/forgejo:11";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/forgejo/data:/data"
|
||||
];
|
||||
environment = {
|
||||
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
||||
FORGEJO__service__SHOW_REGISTRATION_BUTTON = false;
|
||||
FORGEJO__service__ENABLE_PASSWORD_SIGNIN_FORM = false;
|
||||
};
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes.tbmrs.routes.forgejo = {
|
||||
host = "git";
|
||||
url = "forgejo:3000";
|
||||
};
|
||||
};
|
||||
}
|
36
modules/home/containers/homeassistant.nix
Normal file
36
modules/home/containers/homeassistant.nix
Normal file
@@ -0,0 +1,36 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.homeassistant;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.homeassistant.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable storage configuration
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.containers.homeassistant = {
|
||||
image = "ghcr.io/home-assistant/home-assistant:stable";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/homeassistant/config:/config"
|
||||
];
|
||||
userNS = "keep-id";
|
||||
environment = {
|
||||
TZ = "Europe/Amsterdam";
|
||||
};
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes.tbmrs-local.routes.home-assistant = {
|
||||
host = "home-assistant";
|
||||
url = "homeassistant:8123";
|
||||
};
|
||||
};
|
||||
}
|
191
modules/home/containers/homepage.nix
Normal file
191
modules/home/containers/homepage.nix
Normal file
@@ -0,0 +1,191 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.homepage;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.homepage.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable homepage container
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.containers.homepage = {
|
||||
image = "ghcr.io/gethomepage/homepage:latest";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/homepage/config:/app/config"
|
||||
"%h/containers/homepage/config/settings.yaml:/app/config/settings.yaml"
|
||||
"%h/containers/homepage/config/services.yaml:/app/config/services.yaml"
|
||||
"%h/containers/homepage/config/docker.yaml:/app/config/docker.yaml"
|
||||
"/run/user/1000/podman/podman.sock:/var/run/podman.sock:ro"
|
||||
];
|
||||
userNS = "keep-id";
|
||||
environment = {
|
||||
HOMEPAGE_ALLOWED_HOSTS = "home.tbmrs.nl";
|
||||
};
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes.tbmrs.routes.homepage = {
|
||||
host = "home";
|
||||
url = "homepage:3000";
|
||||
};
|
||||
|
||||
home.file."containers/homepage/config/settings.yaml".source = (pkgs.formats.yaml { }).generate "settings" {
|
||||
title = "Timo's Server";
|
||||
description = "server from Timo";
|
||||
theme = "dark";
|
||||
color = "slate";
|
||||
layout = {
|
||||
Services = {
|
||||
style = "row";
|
||||
columns = "4";
|
||||
};
|
||||
Infra = {
|
||||
style = "row";
|
||||
columns = "4";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
home.file."containers/homepage/config/services.yaml".source = (pkgs.formats.yaml { }).generate "services" [
|
||||
{
|
||||
"Services" = [
|
||||
{
|
||||
"Forgejo" = {
|
||||
href = "https://git.tbmrs.nl";
|
||||
description = "Git server";
|
||||
icon = "forgejo";
|
||||
server = "podman";
|
||||
container = "forgejo";
|
||||
};
|
||||
}
|
||||
{
|
||||
"Immich" = {
|
||||
href = "https://photos.tbmrs.nl";
|
||||
description = "Photo's and videos";
|
||||
icon = "immich";
|
||||
server = "podman";
|
||||
container = "immich-server";
|
||||
};
|
||||
}
|
||||
{
|
||||
"Pingvin" = {
|
||||
href = "https://share.tbmrs.nl";
|
||||
description = "File sharing";
|
||||
icon = "pingvin-share";
|
||||
server = "podman";
|
||||
container = "pingvin-share";
|
||||
};
|
||||
}
|
||||
{
|
||||
"Vaultwarden" = {
|
||||
href = "https://vault.local.tbmrs.nl";
|
||||
description = "Password management";
|
||||
icon = "vaultwarden";
|
||||
server = "podman";
|
||||
container = "vaultwarden";
|
||||
};
|
||||
}
|
||||
{
|
||||
"Paperless" = {
|
||||
href = "https://paperless.local.tbmrs.nl";
|
||||
description = "Documents management";
|
||||
icon = "paperless-ngx";
|
||||
server = "podman";
|
||||
container = "paperless-ngx";
|
||||
};
|
||||
}
|
||||
{
|
||||
"Home Assistant" = {
|
||||
href = "https://home-assistant.local.tbmrs.nl";
|
||||
description = "Home automation";
|
||||
icon = "home-assistant";
|
||||
server = "podman";
|
||||
container = "homeassistant";
|
||||
};
|
||||
}
|
||||
{
|
||||
"Syncthing" = {
|
||||
href = "https://syncthing.local.tbmrs.nl";
|
||||
description = "File syncronisation";
|
||||
icon = "syncthing";
|
||||
server = "podman";
|
||||
container = "syncthing";
|
||||
};
|
||||
}
|
||||
{
|
||||
"Dufs" = {
|
||||
href = "https://files.tbmrs.nl";
|
||||
description = "File management";
|
||||
icon = "dufs";
|
||||
server = "podman";
|
||||
container = "dufs";
|
||||
};
|
||||
}
|
||||
{
|
||||
"Linkding" = {
|
||||
href = "https://links.local.tbmrs.nl";
|
||||
description = "Bookmarks";
|
||||
icon = "linkding";
|
||||
server = "podman";
|
||||
container = "linkding";
|
||||
};
|
||||
}
|
||||
{
|
||||
"Stalwart" = {
|
||||
href = "https://mail.tbmrs.nl";
|
||||
description = "Mailserver";
|
||||
icon = "stalwart";
|
||||
server = "podman";
|
||||
container = "stalwart";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
"Infra" = [
|
||||
{
|
||||
"Kanidm" = {
|
||||
href = "https://auth.tbmrs.nl";
|
||||
description = "Oauth2 and ldap provider";
|
||||
icon = "kanidm";
|
||||
server = "podman";
|
||||
container = "kanidm";
|
||||
};
|
||||
}
|
||||
{
|
||||
"Uptime Kuma" = {
|
||||
href = "https://uptime.tbmrs.nl";
|
||||
description = "Uptime and status";
|
||||
icon = "uptime-kuma";
|
||||
server = "podman";
|
||||
container = "uptime-kuma";
|
||||
};
|
||||
}
|
||||
{
|
||||
"Beszel" = {
|
||||
href = "https://monitor.local.tbmrs.nl";
|
||||
description = "Server monitoring";
|
||||
icon = "beszel";
|
||||
server = "podman";
|
||||
container = "beszel";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
home.file."containers/homepage/config/docker.yaml".source = (pkgs.formats.yaml {}).generate "docker" {
|
||||
podman = {
|
||||
socket = "/var/run/podman.sock";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
80
modules/home/containers/immich.nix
Normal file
80
modules/home/containers/immich.nix
Normal file
@@ -0,0 +1,80 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.immich;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.immich.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable immich container
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.containers.immich-server = {
|
||||
image = "ghcr.io/immich-app/immich-server:release";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/immich/upload:/usr/src/app/upload"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
extraConfig = {
|
||||
Unit = {
|
||||
After = [
|
||||
"podman-immich-redis.service"
|
||||
"podman-immich-database.service"
|
||||
];
|
||||
Requires = [
|
||||
"podman-immich-redis.service"
|
||||
"podman-immich-database.service"
|
||||
];
|
||||
};
|
||||
};
|
||||
environment = {
|
||||
DB_PASSWORD = "changeme";
|
||||
DB_USERNAME = "postgres";
|
||||
DB_DATABASE_NAME = "immich";
|
||||
DB_HOSTNAME = "immich-database";
|
||||
REDIS_HOSTNAME = "immich-redis";
|
||||
};
|
||||
};
|
||||
|
||||
services.podman.containers.immich-machine-learning = {
|
||||
image = "ghcr.io/immich-app/immich-machine-learning:release";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/immich/model-cache:/cache"
|
||||
];
|
||||
};
|
||||
|
||||
services.podman.containers.immich-redis = {
|
||||
image = "docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1";
|
||||
network = "proxy";
|
||||
};
|
||||
|
||||
services.podman.containers.immich-database = {
|
||||
image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/immich/database-data:/var/lib/postgresql/data"
|
||||
];
|
||||
environment = {
|
||||
POSTGRES_PASSWORD = "changeme";
|
||||
POSTGRES_USER = "postgres";
|
||||
POSTGRES_DB = "immich";
|
||||
POSTGRES_INITDB_ARGS = "--data-checksums";
|
||||
};
|
||||
exec = ''postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user", public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on'';
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes.tbmrs.routes.immich = {
|
||||
host = "photos";
|
||||
url = "immich-server:2283";
|
||||
};
|
||||
};
|
||||
}
|
35
modules/home/containers/jellyfin.nix
Normal file
35
modules/home/containers/jellyfin.nix
Normal file
@@ -0,0 +1,35 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.jellyfin;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.jellyfin.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable jellyfin container
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.containers.jellyfin = {
|
||||
image = "jellyfin/jellyfin";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/jellyfin/config:/config"
|
||||
"%h/containers/jellyfin/cache:/cache"
|
||||
"%h/media:/media"
|
||||
];
|
||||
userNS = "keep-id";
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes.tbmrs-local.routes.jellyfin = {
|
||||
host = "stream";
|
||||
url = "jellyfin:8096";
|
||||
};
|
||||
};
|
||||
}
|
45
modules/home/containers/kanidm.nix
Normal file
45
modules/home/containers/kanidm.nix
Normal file
@@ -0,0 +1,45 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.nginx;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.kanidm.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable kanidm container
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.containers.kanidm = {
|
||||
image = "kanidm/server:latest";
|
||||
network = "proxy";
|
||||
networkAlias = [
|
||||
"auth.tbmrs.nl"
|
||||
];
|
||||
volumes = [
|
||||
"%h/containers/kanidm/data:/data"
|
||||
"%h/containers/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.tbmrs.nl:/data/keys"
|
||||
];
|
||||
environment = {
|
||||
KANIDM_VERSION = "2";
|
||||
KANIDM_BINDADDRESS = "[::]:443";
|
||||
KANIDM_DB_PATH = "/data/kanidm.db";
|
||||
KANIDM_TLS_CHAIN = "/data/keys/wildcard_.tbmrs.nl.crt";
|
||||
KANIDM_TLS_KEY = "/data/keys/wildcard_.tbmrs.nl.key";
|
||||
KANIDM_DOMAIN = "auth.tbmrs.nl";
|
||||
KANIDM_ORIGIN = "https://auth.tbmrs.nl";
|
||||
};
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes.tbmrs.routes.kanidm = {
|
||||
host = "auth";
|
||||
url = "https://auth.tbmrs.nl";
|
||||
};
|
||||
};
|
||||
}
|
82
modules/home/containers/karakeep.nix
Normal file
82
modules/home/containers/karakeep.nix
Normal file
@@ -0,0 +1,82 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.karakeep;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.karakeep.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable karakeep container
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.containers.karakeep = {
|
||||
image = "ghcr.io/karakeep-app/karakeep:release";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/karakeep/data:/data"
|
||||
];
|
||||
environment = {
|
||||
MEILI_ADDR = "http://karakeep-meilisearch:7700";
|
||||
BROWSER_WEB_URL = "http://karakeep-chrome:9222";
|
||||
DATA_DIR = "/data";
|
||||
};
|
||||
environmentFile = [
|
||||
"${config.sops.templates."container-karakeep.env".path}"
|
||||
];
|
||||
extraConfig = {
|
||||
Unit = {
|
||||
After = [
|
||||
"podman-karakeep-chrome.service"
|
||||
"podman-karakeep-meilisearch.service"
|
||||
];
|
||||
Requires = [
|
||||
"podman-karakeep-chrome.service"
|
||||
"podman-karakeep-meilisearch.service"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.podman.containers.karakeep-chrome = {
|
||||
image = "gcr.io/zenika-hub/alpine-chrome:123";
|
||||
network = "proxy";
|
||||
exec = "--no-sandbox --disable-gpu --disable-dev-shm-usage --remote-debugging-address=0.0.0.0 --remote-debugging-port=9222 --hide-scrollbars";
|
||||
};
|
||||
|
||||
services.podman.containers.karakeep-meilisearch = {
|
||||
image = "getmeili/meilisearch:v1.13.3";
|
||||
network = "proxy";
|
||||
environment = {
|
||||
MEILI_NO_ANALYTICS = "true";
|
||||
};
|
||||
volumes = [
|
||||
"%h/containers/karakeep/meilisearch:/meili_data"
|
||||
];
|
||||
};
|
||||
|
||||
settings.services.sops.enable = true;
|
||||
|
||||
sops.secrets = {
|
||||
"containers/karakeep/nextauth-secret" = { };
|
||||
"containers/karakeep/meili-key" = { };
|
||||
};
|
||||
|
||||
sops.templates = {
|
||||
"container-karakeep.env" = {
|
||||
content = ''
|
||||
KARAKEEP_VERSION=release
|
||||
NEXTAUTH_SECRET=${config.sops.placeholder."containers/karakeep/nextauth-secret"}
|
||||
MEILI_MASTER_KEY=${config.sops.placeholder."containers/karakeep/meili-key"}
|
||||
NEXTAUTH_URL=https://karakeep.local.tbmrs.nl
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
58
modules/home/containers/linkding.nix
Normal file
58
modules/home/containers/linkding.nix
Normal file
@@ -0,0 +1,58 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.linkding;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.linkding.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable linkding container
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.containers.linkding = {
|
||||
image = "ghcr.io/sissbruecker/linkding:latest";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/linkding/data:/etc/linkding/data"
|
||||
];
|
||||
environment = {
|
||||
LD_ENABLE_OIDC = "True";
|
||||
OIDC_RP_CLIENT_ID = "linkding";
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT = "https://auth.tbmrs.nl/ui/oauth2";
|
||||
OIDC_OP_TOKEN_ENDPOINT = "https://auth.tbmrs.nl/oauth2/token";
|
||||
OIDC_OP_USER_ENDPOINT = "https://auth.tbmrs.nl/oauth2/openid/linkding/userinfo";
|
||||
OIDC_OP_JWKS_ENDPOINT = "https://auth.tbmrs.nl/oauth2/openid/linkding/public_key.jwk";
|
||||
OIDC_RP_SIGN_ALGO = "ES256";
|
||||
};
|
||||
environmentFile = [
|
||||
"${config.sops.templates."container-linkding.env".path}"
|
||||
];
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes.tbmrs-local.routes.linkding = {
|
||||
host = "links";
|
||||
url = "linkding:9090";
|
||||
};
|
||||
|
||||
settings.services.sops.enable = true;
|
||||
|
||||
sops.templates = {
|
||||
"container-linkding.env" = {
|
||||
content = /*bash*/ ''
|
||||
OIDC_RP_CLIENT_SECRET=${config.sops.placeholder."containers/linkding/oidc-secret"}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"containers/linkding/oidc-secret" = { };
|
||||
};
|
||||
};
|
||||
}
|
25
modules/home/containers/network.nix
Normal file
25
modules/home/containers/network.nix
Normal file
@@ -0,0 +1,25 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.network;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.network.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable network
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.networks.proxy = {
|
||||
description = "Container network for the proxy";
|
||||
driver = "bridge";
|
||||
autoStart = true;
|
||||
};
|
||||
};
|
||||
}
|
26
modules/home/containers/nginx.nix
Normal file
26
modules/home/containers/nginx.nix
Normal file
@@ -0,0 +1,26 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.nginx;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.nginx.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable nginx container
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.containers.nginx = {
|
||||
image = "nginx";
|
||||
ports = [
|
||||
"8080:80"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
102
modules/home/containers/paperless-ngx.nix
Normal file
102
modules/home/containers/paperless-ngx.nix
Normal file
@@ -0,0 +1,102 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.paperless-ngx;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.paperless-ngx.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable Paperless NGX container
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
settings.services.sops.enable = true;
|
||||
|
||||
services.podman.containers.paperless-ngx = {
|
||||
image = "ghcr.io/paperless-ngx/paperless-ngx:latest";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/paperless-ngx/data:/usr/src/paperless/data"
|
||||
"%h/containers/paperless-ngx/media:/usr/src/paperless/media"
|
||||
"%h/containers/paperless-ngx/export:/usr/src/paperless/export"
|
||||
"%h/containers/paperless-ngx/consume:/usr/src/paperless/consume"
|
||||
|
||||
"${config.sops.secrets."containers/paperless-ngx/db-password".path}:/run/secrets/db-password"
|
||||
"${config.sops.secrets."containers/paperless-ngx/secret".path}:/run/secrets/secret"
|
||||
"${config.sops.secrets."containers/paperless-ngx/openid-providers".path}:/run/secrets/openid-providers"
|
||||
];
|
||||
environment = {
|
||||
PAPERLESS_REDIS = "redis://paperless-ngx-broker:6379";
|
||||
PAPERLESS_DBHOST = "paperless-ngx-db";
|
||||
PAPERLESS_URL = "https://paperless.local.tbmrs.nl";
|
||||
PAPERLESS_DBPASS_FILE = "/run/secrets/db-password";
|
||||
PAPERLESS_SECRET_KEY_FILE = "/run/secrets/secret";
|
||||
|
||||
PAPERLESS_DISABLE_REGULAR_LOGIN = false;
|
||||
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
|
||||
PAPERLESS_SOCIALACCOUNT_PROVIDERS_FILE = "/run/secrets/openid-providers";
|
||||
PAPERLESS_SOCIAL_ACCOUNT_SYNC_GROUPS = true;
|
||||
};
|
||||
extraConfig = {
|
||||
Unit = {
|
||||
After = [
|
||||
"sops-nix.service"
|
||||
"podman-paperless-ngx-db.service"
|
||||
"podman-paperless-ngx-broker.service"
|
||||
];
|
||||
Requires = [
|
||||
"podman-paperless-ngx-db.service"
|
||||
"podman-paperless-ngx-broker.service"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.podman.containers.paperless-ngx-db = {
|
||||
image = "docker.io/library/postgres:17";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/paperless-ngx/db-data:/var/lib/postgresql/data"
|
||||
|
||||
"${config.sops.secrets."containers/paperless-ngx/db-password".path}:/run/secrets/db-password"
|
||||
];
|
||||
environment = {
|
||||
POSTGRES_DB = "paperless";
|
||||
POSTGRES_USER = "paperless";
|
||||
POSTGRES_PASSWORD_FILE = "/run/secrets/db-password";
|
||||
};
|
||||
extraConfig = {
|
||||
Unit = {
|
||||
After = [
|
||||
"sops-nix.service"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.podman.containers.paperless-ngx-broker = {
|
||||
image = "docker.io/library/redis:7";
|
||||
network = "proxy";
|
||||
volumes = [
|
||||
"%h/containers/paperless-ngx/redis-data:/data"
|
||||
];
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes.tbmrs-local.routes.paperless-ngx = {
|
||||
host = "paperless";
|
||||
url = "paperless-ngx:8000";
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"containers/paperless-ngx/db-password" = { };
|
||||
"containers/paperless-ngx/secret" = { };
|
||||
"containers/paperless-ngx/openid-providers" = { };
|
||||
};
|
||||
};
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user