xeovalyte/nix
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: xeovalyte:5b64398bfb9ab93507f1a8d72942882730a9db2c
Branches Tags
xeovalyte:main
...
compare: xeovalyte:main
Branches Tags
xeovalyte:main

120 Commits
5b64398bfb ... main

Author SHA1 Message Date
Timo Boomers
e28f9d5f2f Config changes... 2025-07-17 15:59:45 +02:00
Timo Boomers
6381ccf530 updated flakes inputs 2025-07-09 13:47:29 +02:00
Timo Boomers
35e7c0df79 added ppd 2025-07-08 15:23:59 +02:00
Timo Boomers
047e54ef74 removed not used padding 2025-07-08 15:15:05 +02:00
Timo Boomers
6dfad3f7f1 merge 2025-07-08 15:13:29 +02:00
Timo Boomers
74ecc77048 merges 2025-07-08 15:12:58 +02:00
Timo Boomers
5c74dc820b changed configs 2025-07-08 15:10:02 +02:00
Timo Boomers
89de487f68 added margin between modules 2025-07-08 15:08:35 +02:00
Timo Boomers
07c5526868 niri changes 2025-07-07 16:02:37 +02:00
Timo Boomers
d3bb262f7a added brightnessctl 2025-06-24 14:21:51 +02:00
Timo Boomers
d5560fd847 add brightness controls 2025-06-24 14:18:40 +02:00
Timo Boomers
751cb87d8d Added host option 2025-06-24 14:04:56 +02:00
Timo Boomers
d2cc6663e7 added greetd greeter for niri 2025-06-24 13:56:38 +02:00
Timo Boomers
64f21a317b More niri styling 2025-06-23 17:04:59 +02:00
Timo Boomers
849bd2a5e0 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-06-22 10:09:47 +02:00
Timo Boomers
79d07a5bfd Changed some configs 2025-06-22 10:09:41 +02:00
Timo Boomers
351272fc5c Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-06-20 16:35:21 +02:00
Timo Boomers
f68ff8d18c updated laptop configuration 2025-06-20 16:35:05 +02:00
Timo Boomers
f475b7b4ab added niri and samba share 2025-06-20 16:34:19 +02:00
Timo Boomers
e65e523992 added niri 2025-06-19 14:07:57 +02:00
Timo Boomers
38cb13a195 enabled bluetooth on desktop 2025-06-16 20:43:32 +02:00
Timo Boomers
fa648a174d Added obs and useful links section to README 2025-06-14 11:02:27 +02:00
Timo Boomers
95235d5ad5 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-06-11 13:14:22 +02:00
Timo Boomers
4d1b3e9911 updated flake file 2025-06-11 13:14:20 +02:00
Timo Boomers
e1fd8a07bd fixed jellyfin 2025-06-03 19:41:07 +02:00
Timo Boomers
8e9ab3aa38 fixed jellyfin 2025-06-03 19:24:36 +02:00
Timo Boomers
5da7636a42 Changed caddy config 2025-06-03 19:24:29 +02:00
Timo Boomers
9fd98e97fe changed how caddy works 2025-05-22 13:25:58 +02:00
Timo Boomers
af966ab2f3 removed packages 2025-05-22 13:21:46 +02:00
Timo Boomers
ff981dc3f4 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-22 12:07:36 +02:00
Timo Boomers
8b2bcf41d4 modified hostname 2025-05-22 12:07:19 +02:00
Timo Boomers
4874017b4f updated inputs 2025-05-22 12:06:55 +02:00
Timo Boomers
37b631f68b Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-22 11:24:58 +02:00
Timo Boomers
cc362f7b5b changed url's 2025-05-22 11:24:56 +02:00
Timo Boomers
933b9bb6d6 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-22 08:01:46 +02:00
Timo Boomers
f3bf8d650a Added caddyfile generation 2025-05-22 08:01:31 +02:00
Timo Boomers
0cdb821d5b disabled karakaeep 2025-05-22 07:57:12 +02:00
Timo Boomers
bace54a43d added age keys 2025-05-20 17:23:31 +02:00
Timo Boomers
b260743b9e updated nix flake 2025-05-20 16:41:58 +02:00
Timo Boomers
f51c7e4267 added basic raspi config 2025-05-20 16:36:44 +02:00
xeovalyte
2839974006 Delete result 2025-05-20 15:46:12 +02:00
Timo Boomers
fe6d12b060 added linkding 2025-05-20 15:36:56 +02:00
Timo Boomers
f09dfbc108 Migrated from default.nix to configuration.nix 2025-05-17 17:13:43 +02:00
Timo Boomers
ceeb4980ef recrypt keys again 2025-05-17 15:24:06 +02:00
Timo Boomers
ae43972aa3 changed age keys 2025-05-17 15:23:52 +02:00
Timo Boomers
abc634dab8 recrypt again 2025-05-17 15:17:47 +02:00
Timo Boomers
67cb031d5e Recript files 2025-05-17 15:14:20 +02:00
Timo Boomers
a321537c40 recript 2025-05-17 15:11:44 +02:00
Timo Boomers
66f7a1be30 changed rpi config 2025-05-17 15:09:05 +02:00
Timo Boomers
71390267eb added default home manager 2025-05-17 14:22:08 +02:00
Timo Boomers
be91e1e877 changed overlay 2025-05-17 14:04:55 +02:00
Timo Boomers
a6b7791093 changed x86 to arm 2025-05-17 13:59:06 +02:00
Timo Boomers
329e741553 fixed spelling mistake 2025-05-17 13:51:51 +02:00
Timo Boomers
5c9cce1e4a added home config for rpi 2025-05-17 13:50:45 +02:00
Timo Boomers
59f36caeb1 changed rpi config 2025-05-17 13:33:35 +02:00
Timo Boomers
2f90d8e0e8 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-17 13:12:28 +02:00
Timo Boomers
2df3077b80 replaced vesktop with webcord 2025-05-17 13:12:27 +02:00
Timo Boomers
1628be3e62 Added config for static sites 2025-05-16 15:28:36 +02:00
Timo Boomers
92f20c250b Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-16 14:27:57 +02:00
Timo Boomers
8ecf066196 Changed typst config 2025-05-16 14:27:55 +02:00
Timo Boomers
b072ac82e1 added stalwart 2025-05-16 13:24:35 +02:00
Timo Boomers
a79b1b7281 Added typst 2025-05-16 10:50:59 +02:00
Timo Boomers
38cb4a54b1 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-13 14:53:40 +02:00
Timo Boomers
ca45586276 Fixed cliplboard 2025-05-13 14:53:39 +02:00
Timo Boomers
51f96a1158 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-13 08:14:42 +02:00
Timo Boomers
e384a2bb8b added vscode 2025-05-13 08:14:38 +02:00
Timo Boomers
ad155e63ce Added more services 2025-05-09 13:06:35 +02:00
Timo Boomers
87b73dc10e Added podman aliases 2025-05-09 13:02:38 +02:00
Timo Boomers
6d3dea12ff Changed helix preferences 2025-05-09 12:19:47 +02:00
Timo Boomers
5c78d0c1f5 Modularized helix 2025-05-09 12:18:16 +02:00
Timo Boomers
42cab14829 disabled nushell 2025-05-09 08:43:06 +02:00
Timo Boomers
22f69febf9 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-09 08:41:44 +02:00
Timo Boomers
c1d5675927 Added wezterm and added aliases for justfile 2025-05-09 08:40:34 +02:00
Timo Boomers
86bf66c817 Added storage and home assistant 2025-05-02 16:43:52 +02:00
Timo Boomers
bde66ffbe2 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-02 08:57:28 +02:00
Timo Boomers
eb9ca5e5e1 Added nushell 2025-05-02 08:57:22 +02:00
Timo Boomers
d7056e8f38 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-01 18:50:20 +02:00
Timo Boomers
9147a68f0b Reconfigured zellij configuration 2025-05-01 18:50:16 +02:00
Timo Boomers
4ab5ad76cf Added beszel to homepage 2025-04-30 15:56:19 +02:00
Timo Boomers
5f0eb27281 Added beszel monitoring 2025-04-30 15:24:02 +02:00
Timo Boomers
1a6889d561 added prototype of beszel container 2025-04-30 15:00:05 +02:00
Timo Boomers
c4f86996d9 Changed hosts 2025-04-30 14:18:34 +02:00
Timo Boomers
e17752dec4 Paperless added and fixes for old services 2025-04-30 14:17:05 +02:00
Timo Boomers
40a5f794ea Added pingvin and vaultwarden 2025-04-30 14:17:05 +02:00
Timo Boomers
b6a91b7dcb Added homepage, immich and uptime kuma 2025-04-30 14:17:05 +02:00
Timo Boomers
a8a6776b1b merge 2025-04-28 07:46:11 +02:00
Timo Boomers
4c47313acc updated inputs 2025-04-28 07:45:33 +02:00
Timo Boomers
01343006a5 Add forgejo container 2025-04-26 14:54:08 +02:00
Timo Boomers
4788bd8cd4 Changed lldap to kanidm configuration 2025-04-26 14:09:34 +02:00
Timo Boomers
af39ac1be4 Added boilerplate for lldap and handle wildcard certificates for tbmrs.nl 2025-04-26 12:23:41 +02:00
Timo Boomers
8dbddaf62d fixed caddy container and added acme 2025-04-26 11:49:14 +02:00
Timo Boomers
fcc9fe0773 Modified caddy to make a simple working code 2025-04-25 21:09:55 +02:00
Timo Boomers
7a0797bcd8 added caddy container 2025-04-25 20:08:18 +02:00
Timo Boomers
52ce5660fa updated inputs 2025-04-25 19:41:14 +02:00
xeovalyte
fdf3fe63d7 added surfer 2025-04-25 17:34:05 +02:00
xeovalyte
751fc9298f disabled common home applications 2025-04-25 08:54:11 +02:00
xeovalyte
2bd950bd83 added ssh 2025-04-25 08:41:34 +02:00
xeovalyte
68ec429e96 Enable first podman container 2025-04-25 08:31:10 +02:00
xeovalyte
e07c854ae0 updated inputs 2025-04-25 08:14:18 +02:00
xeovalyte
a3f022f5fc added pkgs 2025-04-24 22:56:59 +02:00
xeovalyte
63c40c4230 added podman workaround 2025-04-24 22:52:25 +02:00
xeovalyte
4512b87d02 changed kernel version 2025-04-24 20:37:18 +02:00
xeovalyte
bd454fe348 renaming 2025-04-24 17:27:32 +02:00
xeovalyte
4b1332e748 Hostname diff 2025-04-24 17:25:36 +02:00
xeovalyte
ff3388379c removed bootloader 2025-04-24 16:48:11 +02:00
xeovalyte
0c2736b9aa Fixed hostname 2025-04-24 16:45:42 +02:00
xeovalyte
a28c86b74a Added none to display mananger 2025-04-24 16:43:14 +02:00
xeovalyte
293fad6bf8 Changed configuration 2025-04-24 16:40:15 +02:00
xeovalyte
323b8af5aa Removed modulespath 2025-04-24 16:37:17 +02:00
xeovalyte
8a425afdde Bunch of naming 2025-04-24 16:36:36 +02:00
xeovalyte
b9d4c49d43 Added two new hosts 2025-04-24 16:10:39 +02:00
xeovalyte
7f42d033db Changed git username 2025-04-23 12:08:32 +02:00
xeovalyte
0ce120c045 Added tu delft gitlab entry 2025-04-23 11:04:34 +02:00
xeovalyte
46d4f7f0f6 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-04-22 08:19:48 +02:00
xeovalyte
cd16cc2cb8 Updated firefox 2025-04-22 08:19:31 +02:00
xeovalyte
82e9af1d80 updated inputes 2025-04-21 16:08:22 +02:00
xeovalyte
66aa78041e Updated inputes 2025-04-10 09:08:27 +02:00
xeovalyte
c52c189e87 Added assembly language server 2025-04-02 12:54:06 +02:00
xeovalyte
e22ca026e5 Fixed conflicts 2025-03-28 16:07:21 +01:00
xeovalyte
52624b4390 Lots of changes 2025-03-28 16:06:09 +01:00
73 changed files with 3412 additions and 534 deletions
Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
result

7
.sops.yaml Normal file
View File

@@ -0,0 +1,7 @@
keys:
- &v-th-ctr-01 age1cs2p7tgk9356tjmet6526k3ghwq9we82nz6z7qggqns656paku6sx30tkg
- &p-th-rpi-01 age1dd7xpgnak6z6zmwa9889pjd6hmj42zaxq7ea8s47dlk3v6u5f37sldkt97
creation_rules:
- path_regex: secrets/deploy.yaml$
age: >-
age1cs2p7tgk9356tjmet6526k3ghwq9we82nz6z7qggqns656paku6sx30tkg,age12gjtehffgmepyga9vaqkurn9fyvte8n7wsklmg866z5usezvuqlsr2m5mp

72
README.md
View File

@@ -3,6 +3,7 @@
## New system install guide ## New system install guide
### 1. Install Nixos with ISO ### 1. Install Nixos with ISO
[Nixos download](https://nixos.org/download) [Nixos download](https://nixos.org/download)
### 2. Copy hardware configuration to hosts directory ### 2. Copy hardware configuration to hosts directory
@@ -10,14 +11,85 @@
### 3. Generate ssh-keys ### 3. Generate ssh-keys
**Archserver** **Archserver**
1. `ssh-keygen -f ~/.ssh/archserver` 1. `ssh-keygen -f ~/.ssh/archserver`
2. `ssh-copy-id -i ~/.ssh/archserver 192.168.1.20` 2. `ssh-copy-id -i ~/.ssh/archserver 192.168.1.20`
**Gitea** **Gitea**
1. `ssh-keygen -f ~/.ssh/gitea -t ed25519 -C "me+gitea@xeovalyte.dev"` 1. `ssh-keygen -f ~/.ssh/gitea -t ed25519 -C "me+gitea@xeovalyte.dev"`
2. Upload to [Gitea](https://gitea.xeovalyt.dev) 2. Upload to [Gitea](https://gitea.xeovalyt.dev)
3. Verify ssh key (follow instructions on Gitea) 3. Verify ssh key (follow instructions on Gitea)
### 4. Add SSH keys ### 4. Add SSH keys
1. `ssh-add ~/.ssh/gitea` 1. `ssh-add ~/.ssh/gitea`
2. `ssh-add ~/.ssh/archserver` 2. `ssh-add ~/.ssh/archserver`
## Homelab
List over services
| Service | Description | Link |
| -------------- | ---------------------------------- | ---------------------------------------------------------------------- |
| Caddy | Reverse proxy | - |
| Kanidm | Openid provider | [auth.tbmrs.nl](https://auth.tbmrs.nl) |
| Forgejo | Git provider | [git.tbmrs.nl](https://git.tbmrs.nl) |
| Immich | Photo and videos | [photos.tbmrs.nl](https://photos.tbmrs.nl) |
| Homepage | Dashboard | [home.tbmrs.nl](https://home.tbmrs.nl) |
| Uptime Kuma | Uptime monitor | [uptime.tbmrs.nl](https://uptime.tbmrs.nl) |
| Pingvin share | Sharing of files | [share.tbmrs.nl](https://share.tbmrs.nl) |
| Vaultwarden | Password manager | [vault.local.tbmrs.nl](https://vault.local.tbmrs.nl) |
| Paperless NGX | Documents management | [paperless.local.tbmrs.nl](https://paperless.local.tbmrs.nl) |
| Beszel | Resource usage | [monitor.local.tbmrs.nl](https://monitor.local.tbmrs.nl) |
| Dufs | File manager | [files.tbmrs.nl](https://files.tbmrs.nl) |
| Syncthing | File syncing | [syncthing.local.tbmrs.nl](https://syncthing.local.tbmrs.nl) |
| Home Assistant | Home automation | [home-assistant.local.tbmrs.nl](https://home-assistant.local.tbmrs.nl) |
| ~~Karakeep~~ | Bookmarking | ~~[karakeep.local.tbmrs.nl](https://karakeep.local.tbmrs.nl)~~ |
| Vikunja | Tasks management | [vikunja.local.tbmrs.nl](https://vikunja.local.tbmrs.nl) |
| Stalwart | Mailserver | [mail.tbmrs.nl](https://mail.tbmrs.nl) |
| Linkding | Bookmark managment | [links.local.tbmrs.nl](https://links.local.tbmrs.nl) |
| Jellyfin | Movies, series and music streaming | [stream.local.tbmrs.nl](https://stream.local.tbmrs.nl) |
### Todo
- Install koreader selfhosted sync
### Openid commands
#### Configure new openid client
From: [Kanidm Docs](https://kanidm.github.io/kanidm/master/integrations/oauth2/examples.html)
Replace `<service>` with the name of the service.
1. Create a new Kanidm group, and add your regular account to it:
```bash
$ kanidm group create <service>_users
$ kanidm group add-members <service>_users your_username
```
2. Create a new OAuth2 application configuration in Kanidm, configure the redirect URL, and scope access to the group:
```bash
$ kanidm system oauth2 create <service> <servicename> <service_login_url>
$ kanidm system oauth2 add-redirect-url <service> <redirect_url>
$ kanidm system oauth2 update-scope-map <service> <service>_users email openid profile groups
```
3. (Optional) Disable PKCE
```bash
$ kanidm system oauth2 warning-insecure-client-disable-pkce <service>
```
4. Get the OAuth2 client secret from Kanidm
```bash
$ kanidm system oauth2 show-basic-secret <service>
```
## Useful links
Womier keyboard permissions denied or not finding: https://github.com/the-via/releases/issues/257

BIN
assets/wallpaper-2-blurred.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.0 MiB

8
dockerfiles/caddy.Dockerfile Normal file
View File

@@ -0,0 +1,8 @@
FROM caddy:2.8-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/transip
FROM caddy:2.8
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

504
flake.lock generated
View File

@@ -5,11 +5,11 @@
"fromYaml": "fromYaml" "fromYaml": "fromYaml"
}, },
"locked": { "locked": {
"lastModified": 1732200724, "lastModified": 1746562888,
"narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=", "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=",
"owner": "SenchoPens", "owner": "SenchoPens",
"repo": "base16.nix", "repo": "base16.nix",
"rev": "153d52373b0fb2d343592871009a286ec8837aec", "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -37,11 +37,11 @@
"base16-helix": { "base16-helix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1736852337, "lastModified": 1748408240,
"narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=", "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-helix", "repo": "base16-helix",
"rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5", "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -83,72 +83,60 @@
"type": "github" "type": "github"
} }
}, },
"firefox-gnome-theme": { "disko": {
"flake": false,
"locked": {
"lastModified": 1741628778,
"narHash": "sha256-RsvHGNTmO2e/eVfgYK7g+eYEdwwh7SbZa+gZkT24MEA=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "5a81d390bb64afd4e81221749ec4bffcbeb5fa80",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1717312683,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": { "inputs": {
"systems": [ "nixpkgs": [
"stylix", "nixpkgs"
"systems"
] ]
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1751854533,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=",
"owner": "numtide", "owner": "nix-community",
"repo": "flake-utils", "repo": "disko",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "nix-community",
"repo": "flake-utils", "repo": "disko",
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1748383148,
"narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github" "type": "github"
} }
}, },
@@ -168,67 +156,19 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": [
"stylix",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741379162,
"narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": { "gnome-shell": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1732369855, "lastModified": 1744584021,
"narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=", "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
"owner": "GNOME", "owner": "GNOME",
"repo": "gnome-shell", "repo": "gnome-shell",
"rev": "dadd58f630eeea41d645ee225a63f719390829dc", "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "GNOME", "owner": "GNOME",
"ref": "47.2", "ref": "48.1",
"repo": "gnome-shell", "repo": "gnome-shell",
"type": "github" "type": "github"
} }
@@ -240,39 +180,73 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742655702, "lastModified": 1751810233,
"narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", "narHash": "sha256-kllkNbIqQi3VplgTMeGzuh1t8Gk8TauvkTRt93Km+tQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", "rev": "9b0873b46c9f9e4b7aa01eb634952c206af53068",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11", "ref": "release-25.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"home-manager_2": { "niri": {
"inputs": { "inputs": {
"nixpkgs": [ "niri-stable": "niri-stable",
"stylix", "niri-unstable": "niri-unstable",
"nixpkgs" "nixpkgs": "nixpkgs",
] "nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
}, },
"locked": { "locked": {
"lastModified": 1739757849, "lastModified": 1752057206,
"narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", "narHash": "sha256-f8fNAag3K3WAq+lJr2EEu2f3xVSFLPddLgJKZRzXa3M=",
"owner": "nix-community", "owner": "sodiboo",
"repo": "home-manager", "repo": "niri-flake",
"rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", "rev": "90c2edcf32d0fcb511fee9a0b8c580a18178c109",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "sodiboo",
"ref": "release-24.11", "repo": "niri-flake",
"repo": "home-manager", "type": "github"
}
},
"niri-stable": {
"flake": false,
"locked": {
"lastModified": 1748151941,
"narHash": "sha256-z4viQZLgC2bIJ3VrzQnR+q2F3gAOEQpU1H5xHtX/2fs=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "8ba57fcf25d2fc9565131684a839d58703f1dae7",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"ref": "v25.05.1",
"repo": "niri",
"type": "github"
}
},
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1750791124,
"narHash": "sha256-F5iVU/hjoSHSSe0gllxm0PcAaseEtGNanYK5Ha3k2Tg=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "37458d94b288945f6cfbd3c5c233f634d59f246c",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"repo": "niri",
"type": "github" "type": "github"
} }
}, },
@@ -295,34 +269,13 @@
"type": "github" "type": "github"
} }
}, },
"nixos-cosmic": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1742999608,
"narHash": "sha256-BuEqHl+sLA52KXhy8XJLQEfA/EfgG/vALtd8Xh+is7I=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "4d27b1af6c813a968b7633fe747104dd5a9d7bcb",
"type": "github"
},
"original": {
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1742806253, "lastModified": 1752048960,
"narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=", "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726", "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -334,11 +287,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1742889210, "lastModified": 1751792365,
"narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "698214a32beb4f4c8e3942372c694f40848b360d", "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -365,27 +318,27 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1742751704, "lastModified": 1751943650,
"narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", "narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", "rev": "88983d4b665fb491861005137ce2b11a9f89f203",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1742889210, "lastModified": 1751792365,
"narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "698214a32beb4f4c8e3942372c694f40848b360d", "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -396,52 +349,105 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1741600792, "lastModified": 1751943650,
"narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", "narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", "rev": "88983d4b665fb491861005137ce2b11a9f89f203",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-25.05",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1744868846,
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1751211869,
"narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": [
"stylix",
"flake-parts"
],
"nixpkgs": [
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1751320053,
"narHash": "sha256-3m6RMw0FbbaUUa01PNaMLoO7D99aBClmY5ed9V3vz+0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "cbde1735782f9c2bb2c63d5e05fba171a14a4670",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko",
"home-manager": "home-manager", "home-manager": "home-manager",
"niri": "niri",
"nix-colors": "nix-colors", "nix-colors": "nix-colors",
"nixos-cosmic": "nixos-cosmic",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": [ "nixpkgs": "nixpkgs_2",
"nixos-cosmic",
"nixpkgs-stable"
],
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix",
"stylix": "stylix" "stylix": "stylix"
} }
}, },
"rust-overlay": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": "nixpkgs_3"
"nixos-cosmic",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1742956365, "lastModified": 1751606940,
"narHash": "sha256-Slrqmt6kJ/M7Z/ce4ebQWsz2aeEodrX56CsupOEPoz0=", "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
"owner": "oxalica", "owner": "Mic92",
"repo": "rust-overlay", "repo": "sops-nix",
"rev": "a0e3395c63cdbc9c1ec17915f8328c077c79c4a1", "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "oxalica", "owner": "Mic92",
"repo": "rust-overlay", "repo": "sops-nix",
"type": "github" "type": "github"
} }
}, },
@@ -452,28 +458,28 @@
"base16-helix": "base16-helix", "base16-helix": "base16-helix",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": "flake-compat_2", "flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"home-manager": "home-manager_2", "nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_2", "nur": "nur",
"systems": "systems", "systems": "systems",
"tinted-foot": "tinted-foot", "tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty", "tinted-kitty": "tinted-kitty",
"tinted-tmux": "tinted-tmux" "tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1741961698, "lastModified": 1752014016,
"narHash": "sha256-utsgC6H3ja6sLAXMd8//I2D7yjyScFqVDRX0wpbqPZo=", "narHash": "sha256-Gn6cnUPchPenxUFDt+dh7836CNu3GM13aghTabfZUrU=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "9bfc74f330ead111e8ea354b2220a431b0cfaa26", "rev": "26042c1f59ae868193fa4378f85e4f6240f25ff8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "danth", "owner": "danth",
"ref": "release-24.11", "ref": "release-25.05",
"repo": "stylix", "repo": "stylix",
"type": "github" "type": "github"
} }
@@ -513,28 +519,43 @@
"tinted-kitty": { "tinted-kitty": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1716423189, "lastModified": 1735730497,
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=", "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-kitty", "repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8", "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-kitty", "repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8", "type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1750770351,
"narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "5a775c6ffd6e6125947b393872cde95867d85a2a",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github" "type": "github"
} }
}, },
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1740877430, "lastModified": 1751159871,
"narHash": "sha256-zWcCXgdC4/owfH/eEXx26y5BLzTrefjtSLFHWVD5KxU=", "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "d48ee86394cbe45b112ba23ab63e33656090edb4", "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -542,6 +563,77 @@
"repo": "tinted-tmux", "repo": "tinted-tmux",
"type": "github" "type": "github"
} }
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1751158968,
"narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "86a470d94204f7652b906ab0d378e4231a5b3384",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"xwayland-satellite-stable": {
"flake": false,
"locked": {
"lastModified": 1748488455,
"narHash": "sha256-IiLr1alzKFIy5tGGpDlabQbe6LV1c9ABvkH6T5WmyRI=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "3ba30b149f9eb2bbf42cf4758d2158ca8cceef73",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"ref": "v0.6",
"repo": "xwayland-satellite",
"type": "github"
}
},
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1751228685,
"narHash": "sha256-MENtauGBhJ+kDeFaawvWGXaFG3Il6qQzjaP0RmtfM0k=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "557ebeb616e03d5e4a8049862bbbd1f02c6f020b",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

137
flake.nix
View File

@@ -1,13 +1,13 @@
{ {
description = "Nixos configuration for Xeovalyte"; description = "Nixos configuration for Timo";
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-24.11"; nixpkgs.url = "nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-24.11"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@@ -15,112 +15,139 @@
nix-colors.url = "github:misterio77/nix-colors"; nix-colors.url = "github:misterio77/nix-colors";
stylix.url = "github:danth/stylix/release-24.11"; stylix.url = "github:danth/stylix/release-25.05";
nixpkgs.follows = "nixos-cosmic/nixpkgs-stable"; sops-nix.url = "github:Mic92/sops-nix";
niri.url = "github:sodiboo/niri-flake";
nixos-cosmic = { disko.url = "github:nix-community/disko";
url = "github:lilyinstarlight/nixos-cosmic"; disko.inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, home-manager, nix-colors, stylix, nixos-cosmic, ... }: outputs = {
let self,
system = "x86_64-linux"; nixpkgs,
overlay-unstable = final: prev: { home-manager,
unstable = import nixpkgs-unstable { nix-colors,
config.allowUnfree = true; stylix,
localSystem = { inherit system; }; sops-nix,
}; niri,
}; disko,
...
} @ inputs: let
inherit (self) outputs;
systems = [
"x86_64-linux"
"aarch64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
in in
{ {
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system} );
overlays = import ./overlays { inherit inputs; };
nixosConfigurations = { nixosConfigurations = {
ti-clt-lpt01 = nixpkgs.lib.nixosSystem { ti-clt-lpt01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; specialArgs = { inherit inputs outputs; };
specialArgs = { inherit inputs; };
modules = [ modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
inputs.nixos-hardware.nixosModules.framework-13-7040-amd inputs.nixos-hardware.nixosModules.framework-13-7040-amd
./hosts/ti-clt-lpt01 ./hosts/ti-clt-lpt01/configuration.nix
]; ];
}; };
ch-clt-dsk01 = nixpkgs.lib.nixosSystem { ch-clt-dsk01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; specialArgs = { inherit inputs outputs; };
specialArgs = { inherit inputs; };
modules = [ modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ./hosts/ch-clt-dsk01/configuration.nix
./hosts/ch-clt-dsk01
]; ];
}; };
ti-clt-tbl01 = nixpkgs.lib.nixosSystem { ti-clt-tbl01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; specialArgs = { inherit inputs outputs; };
specialArgs = { inherit inputs; };
modules = [ modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
inputs.nixos-hardware.nixosModules.microsoft-surface-go inputs.nixos-hardware.nixosModules.microsoft-surface-go
./hosts/ti-clt-tbl01 ./hosts/ti-clt-tbl01/configuration.nix
]; ];
}; };
# Timo's desktop
ti-clt-dsk01 = nixpkgs.lib.nixosSystem { ti-clt-dsk01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; specialArgs = { inherit inputs outputs; };
specialArgs = { inherit inputs; };
modules = [ modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ./hosts/ti-clt-dsk01/configuration.nix
];
};
./hosts/ti-clt-dsk01 v-th-ctr-01 = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = [
./hosts/v-th-ctr-01/configuration.nix
];
};
# Raspberry pi
p-th-rpi-01 = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = [
./hosts/p-th-rpi-01/configuration.nix
]; ];
}; };
}; };
homeConfigurations = { homeConfigurations = {
# Timo
"xeovalyte@ti-clt-lpt01" = home-manager.lib.homeManagerConfiguration { "xeovalyte@ti-clt-lpt01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs nix-colors; }; extraSpecialArgs = { inherit inputs outputs; };
modules = [ modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/ti-clt-lpt01/home.nix ./hosts/ti-clt-lpt01/home.nix
]; ];
}; };
"kiiwy@ch-clt-dsk01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs nix-colors; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/ch-clt-dsk01/home.nix
];
};
"xeovalyte@ti-clt-tbl01" = home-manager.lib.homeManagerConfiguration { "xeovalyte@ti-clt-tbl01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs nix-colors; }; extraSpecialArgs = { inherit inputs outputs; };
modules = [ modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/ti-clt-tbl01/home.nix ./hosts/ti-clt-tbl01/home.nix
]; ];
}; };
"xeovalyte@ti-clt-dsk01" = home-manager.lib.homeManagerConfiguration { "xeovalyte@ti-clt-dsk01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs nix-colors; }; extraSpecialArgs = { inherit inputs outputs; };
modules = [ modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/ti-clt-dsk01/home.nix ./hosts/ti-clt-dsk01/home.nix
]; ];
}; };
# Christa
"kiiwy@ch-clt-dsk01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs outputs; };
modules = [
./hosts/ch-clt-dsk01/home.nix
];
};
# Deploy
"deploy@v-th-ctr-01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs outputs; };
modules = [
./hosts/v-th-ctr-01/home.nix
];
};
# Deploy
"deploy@p-th-rpi-01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.aarch64-linux;
extraSpecialArgs = { inherit inputs outputs; };
modules = [
./hosts/p-th-rpi-01/home.nix
];
};
}; };
}; };
} }

46
hosts/ch-clt-dsk01/default.nix → hosts/ch-clt-dsk01/configuration.nix
View File

@@ -6,10 +6,11 @@
./hardware-configuration.nix ./hardware-configuration.nix
# Import modules # Import modules
../../modules/system/default.nix ../../modules/system
]; ];
settings = { settings = {
hostname = "ch-clt-dsk01";
display-manager = "gdm"; display-manager = "gdm";
desktop-environments = { desktop-environments = {
cosmic.enable = false; cosmic.enable = false;
@@ -37,20 +38,14 @@
}; };
}; };
nix.settings = { # Users
experimental-features = [ "nix-command" "flakes" ]; users.users.kiiwy = {
isNormalUser = true;
substituters = [ description = "Christa Boomers";
"https://nix-community.cachix.org" extraGroups = [ "networkmanager" "wheel" "dialout" ];
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
}; };
# Bootloader. # Bootloader
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
@@ -59,28 +54,5 @@
configurationLimit = 32; configurationLimit = 32;
}; };
networking.hostName = "ch-clt-dsk01"; # Define your hostname. system.stateVersion = "24.11";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 443 53 ];
allowedUDPPorts = [ 80 443 53 ];
};
users.users.kiiwy = {
isNormalUser = true;
description = "Christa Boomers";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
};
nix.settings.trusted-users = [ "root" "kiiwy" ];
# Prevent system freeze on high load
services.earlyoom = {
enable = true;
};
boot.kernelPackages = pkgs.linuxPackages_latest;
system.stateVersion = "24.05";
} }

8
hosts/ch-clt-dsk01/home.nix
View File

@@ -13,8 +13,10 @@
}; };
settings = { settings = {
host = "c-clt-dsk01";
applications.common.enable = true; applications.common.enable = true;
applications.alacritty.enable = false; applications.alacritty.enable = true;
applications.devenv.enable = false; applications.devenv.enable = false;
applications.firefox.enable = true; applications.firefox.enable = true;
applications.git.enable = true; applications.git.enable = true;
@@ -24,6 +26,7 @@
applications.thunderbird.enable = false; applications.thunderbird.enable = false;
applications.yazi.enable = false; applications.yazi.enable = false;
applications.zellij.enable = false; applications.zellij.enable = false;
applications.wezterm.enable = false;
services.nextcloud-sync.enable = false; services.nextcloud-sync.enable = false;
@@ -38,8 +41,9 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
# Desktop Applications # Desktop Applications
prismlauncher prismlauncher
signal-desktop unstable.signal-desktop
unstable.vesktop unstable.vesktop
unstable.webcord
unstable.prusa-slicer unstable.prusa-slicer
blender blender

69
hosts/p-th-rpi-01/configuration.nix Normal file
View File

@@ -0,0 +1,69 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ modulesPath, ... }:
{
imports = [
./hardware-configuration.nix
# Include the container-specific autogenerated configuration.
../../modules/system/default.nix
];
settings = {
hostname = "p-th-rpi-01";
display-manager = "none";
desktop-environments = {
cosmic.enable = false;
hyprland.enable = false;
gnome.enable = false;
};
applications = {
common.enable = true;
steam.enable = false;
thunar.enable = false;
};
services = {
docker.enable = false;
podman.enable = true;
quickemu.enable = false;
sunshine.enable = false;
garbage-collection.enable = true;
incus.enable = false;
ssh.enable = true;
};
hardware = {
fprint.enable = false;
printing.enable = false;
bluetooth.enable = false;
firewall.enable = true;
locale.enable = true;
nvidia.enable = false;
};
};
users.users.deploy = {
isNormalUser = true;
description = "Deploy";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
linger = true;
};
# networking
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
};
networking.hosts = {
"127.0.0.1" = [ "tbmrs.nl" ];
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 1080 1443 1053 ];
allowedUDPPorts = [ 1080 1443 1053 ];
};
}

76
hosts/p-th-rpi-01/home.nix Normal file
View File

@@ -0,0 +1,76 @@
{ pkgs, ... }:
{
imports = [
# Modules
../../modules/home/default.nix
];
config = {
home = {
username = "deploy";
homeDirectory = "/home/deploy";
};
settings = {
host = "p-th-rpi-01";
applications.common.enable = false;
applications.alacritty.enable = false;
applications.devenv.enable = false;
applications.firefox.enable = false;
applications.git.enable = false;
applications.helix.enable = true;
applications.zsh.enable = true;
applications.ssh.enable = true;
applications.thunderbird.enable = false;
applications.yazi.enable = true;
applications.zellij.enable = true;
applications.wezterm.enable = false;
services.nextcloud-sync.enable = false;
services.podman.enable = true;
services.sops.enable = true;
theming.fonts.enable = false;
theming.stylix.enable = false;
theming.stylix.wallpaper = "wallpaper-2.png";
theming.stylix.theme = "da-one-ocean";
desktop-environments.hyprland.enable = false;
containers = {
network.enable = true;
nginx.enable = false;
caddy.enable = true;
kanidm.enable = false;
forgejo.enable = false;
immich.enable = false;
homepage.enable = false;
uptime-kuma.enable = false;
pingvin-share.enable = false;
vaultwarden.enable = false;
paperless-ngx.enable = false;
beszel.enable = false;
storage.enable = false;
homeassistant.enable = false;
karakeep.enable = false;
vikunja.enable = false;
stalwart.enable = false;
linkding.enable = false;
static.enable = true;
};
};
home.packages = with pkgs; [
unstable.helix
lazygit
];
# Enable home-manager
programs.home-manager.enable = true;
home.stateVersion = "24.05";
};
}

97
hosts/ti-clt-dsk01/configuration.nix Normal file
View File

@@ -0,0 +1,97 @@
{ inputs, outputs, pkgs, lib, ... }:
{
imports = [
./hardware-configuration.nix
../../modules/system
];
settings = {
hostname = "ti-clt-dsk01";
display-manager = "greetd";
desktop-environments = {
cosmic.enable = false;
hyprland.enable = false;
gnome.enable = false;
niri.enable = true;
};
applications = {
common.enable = true;
steam.enable = true;
thunar.enable = false;
};
services = {
docker.enable = true;
quickemu.enable = false;
sunshine.enable = true;
garbage-collection.enable = true;
ssh.enable = true;
};
hardware = {
fprint.enable = false;
printing.enable = true;
bluetooth.enable = true;
firewall.enable = true;
locale.enable = true;
nvidia.enable = true;
};
};
# Users
users.users.xeovalyte = {
isNormalUser = true;
description = "Timo Boomers";
extraGroups = [ "wheel" ];
};
# Boot
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
};
# Networking
networking.interfaces.enp7s0.wakeOnLan.enable = true;
networking.hosts = {
"192.168.100.118" = [
"tbmrs.nl"
"auth.tbmrs.nl"
"git.tbmrs.nl"
"photos.tbmrs.nl"
"home.tbmrs.nl"
"uptime.tbmrs.nl"
"share.tbmrs.nl"
"files.tbmrs.nl"
"mail.tbmrs.nl"
"vault.local.tbmrs.nl"
"paperless.local.tbmrs.nl"
"monitor.local.tbmrs.nl"
"syncthing.local.tbmrs.nl"
"home-assistant.local.tbmrs.nl"
"tasks.local.tbmrs.nl"
"links.local.tbmrs.nl"
"stream.local.tbmrs.nl"
];
};
# Temp keyboard override
environment.systemPackages = with pkgs; [
via
vial
];
services.udev.packages = with pkgs; [
via
vial
];
# manual udev override
# services.udev.extraRules = ''
# KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", ATTRS{idVendor}=="320f", ATTRS{idProduct}=="5055", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
# '';
# state version
system.stateVersion = "24.11";
}

86
hosts/ti-clt-dsk01/default.nix
View File

@@ -1,86 +0,0 @@
{ pkgs, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Import modules
../../modules/system/default.nix
];
settings = {
display-manager = "cosmic-greeter";
desktop-environments = {
cosmic.enable = true;
hyprland.enable = false;
gnome.enable = false;
};
applications = {
common.enable = true;
steam.enable = true;
thunar.enable = false;
};
services = {
docker.enable = true;
quickemu.enable = false;
sunshine.enable = true;
garbage-collection.enable = true;
};
hardware = {
fprint.enable = false;
printing.enable = true;
bluetooth.enable = false;
firewall.enable = true;
locale.enable = true;
nvidia.enable = true;
};
};
networking.firewall = {
allowedTCPPorts = [ 3000 ];
allowedUDPPorts = [ 3000 ];
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nix-community.cachix.org"
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
};
# Bootloader.
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
};
# Networking configuration
networking.hostName = "ti-clt-dsk01"; # Define your hostname.
networking.interfaces.enp7s0.wakeOnLan.enable = true;
users.users.xeovalyte = {
isNormalUser = true;
description = "Timo Boomers";
extraGroups = [ "networkmanager" "wheel" "dialout" "fuse" ];
};
nix.settings.trusted-users = [ "root" "xeovalyte" ];
networking.hosts = {
"192.168.100.118" = [ "timo.bmrs.nl" "www.timo.bmrs.nl" "homeassistant.timo.bmrs.nl" "adguard.timo.bmrs.nl" "git.timo.bmrs.nl" "auth.timo.bmrs.nl" "ldap.timo.bmrs.nl" "dozzle.timo.bmrs.nl" "home.timo.bmrs.nl" "immich.timo.bmrs.nl" "paperless.timo.bmrs.nl" "search.timo.bmrs.nl" ];
};
services.openssh.enable = true;
system.stateVersion = "24.05";
}

32
hosts/ti-clt-dsk01/home.nix
View File

@@ -13,17 +13,30 @@
}; };
settings = { settings = {
host = "ti-clt-dsk01";
applications.common.enable = true; applications.common.enable = true;
applications.alacritty.enable = false; applications.alacritty.enable = false;
applications.devenv.enable = true; applications.devenv.enable = true;
applications.firefox.enable = true; applications.firefox.enable = true;
applications.git.enable = true; applications.git.enable = true;
applications.helix.enable = true; applications.helix = {
enable = true;
markdown = true;
rust = true;
systemverilog = true;
nix = true;
latex = true;
vue = true;
};
applications.zsh.enable = true; applications.zsh.enable = true;
applications.ssh.enable = true; applications.ssh.enable = true;
applications.thunderbird.enable = true; applications.thunderbird.enable = true;
applications.yazi.enable = true; applications.yazi.enable = true;
applications.zellij.enable = true; applications.zellij.enable = true;
applications.wezterm.enable = true;
applications.typst.enable = true;
applications.obs-studio.enable = true;
services.nextcloud-sync.enable = true; services.nextcloud-sync.enable = true;
@@ -33,24 +46,31 @@
theming.stylix.theme = "da-one-ocean"; theming.stylix.theme = "da-one-ocean";
desktop-environments.hyprland.enable = false; desktop-environments.hyprland.enable = false;
desktop-environments.niri.enable = true;
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
unstable.prismlauncher unstable.prismlauncher
unstable.vesktop vesktop
unstable.rnote unstable.rnote
unstable.inkscape unstable.inkscape
unstable.gimp unstable.gimp
unstable.openscad-unstable
unstable.brave unstable.brave
unstable.freecad unstable.freecad
unstable.hoppscotch hoppscotch
unstable.xournalpp unstable.blender
unstable.apostrophe
unstable.signal-desktop unstable.signal-desktop
unstable.ladybird
unstable.prusa-slicer
unstable.surfer # waveform viewer
pomodoro-gtk
# Office # Office
libreoffice libreoffice
# Scripts
(import ../../modules/scripts/save_image.nix { inherit pkgs; })
]; ];
# Enable home-manager # Enable home-manager

85
hosts/ti-clt-lpt01/default.nix → hosts/ti-clt-lpt01/configuration.nix
View File

@@ -6,15 +6,17 @@
./hardware-configuration.nix ./hardware-configuration.nix
# Import modules # Import modules
../../modules/system/default.nix ../../modules/system
]; ];
settings = { settings = {
display-manager = "cosmic-greeter"; hostname = "ti-clt-lpt01";
display-manager = "greetd";
desktop-environments = { desktop-environments = {
cosmic.enable = true; cosmic.enable = false;
hyprland.enable = true; hyprland.enable = false;
gnome.enable = false; gnome.enable = false;
niri.enable = true;
}; };
applications = { applications = {
common.enable = true; common.enable = true;
@@ -38,25 +40,20 @@
}; };
}; };
nix.settings = { # Users
experimental-features = [ "nix-command" "flakes" ]; users.users.xeovalyte = {
isNormalUser = true;
substituters = [ description = "Timo Boomers";
"https://nix-community.cachix.org" extraGroups = [ "networkmanager" "wheel" "dialout" "adbusers" ];
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
}; };
# Enable host networking.networkmanager.enable = true;
networking.hosts = {
"127.0.0.1" = [ "adguard.timo.bmrs.nl" "git.timo.bmrs.nl" "auth.timo.bmrs.nl" "ldap.timo.bmrs.nl" "dozzle.timo.bmrs.nl" "home.timo.bmrs.nl" "immich.timo.bmrs.nl" "paperless.timo.bmrs.nl" "search.timo.bmrs.nl" ];
};
# Bootloader. programs.nix-ld.enable = true;
programs.adb.enable = true;
services.power-profiles-daemon.enable = true;
# Boot.
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
@@ -64,29 +61,49 @@
device = "nodev"; device = "nodev";
configurationLimit = 32; configurationLimit = 32;
}; };
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.supportedFilesystems = [ "nfs" ];
networking.hostName = "ti-clt-lpt01"; # Define your hostname. # Networking
networking.hosts = {
"127.0.0.1" = [
"tbmrs.nl"
"auth.tbmrs.nl"
"git.tbmrs.nl"
"photos.tbmrs.nl"
"home.tbmrs.nl"
"uptime.tbmrs.nl"
"share.tbmrs.nl"
"vault.local.tbmrs.nl"
"paperless.local.tbmrs.nl"
"monitor.local.tbmrs.nl"
];
};
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 80 443 53 ]; allowedTCPPorts = [ 22 80 443 53 ];
allowedUDPPorts = [ 80 443 53 ]; allowedUDPPorts = [ 80 443 53 ];
}; };
users.users.xeovalyte = { # Obs
isNormalUser = true; programs.obs-studio = {
description = "Timo Boomers";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
};
nix.settings.trusted-users = [ "root" "xeovalyte" ];
# Prevent system freeze on high load
services.earlyoom = {
enable = true; enable = true;
};
boot.kernelPackages = pkgs.linuxPackages_latest; # optional Nvidia hardware acceleration
package = (
pkgs.obs-studio.override {
cudaSupport = true;
}
);
plugins = with pkgs.obs-studio-plugins; [
wlrobs
obs-vaapi #optional AMD hardware acceleration
obs-gstreamer
obs-vkcapture
];
};
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

30
hosts/ti-clt-lpt01/home.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, lib, inputs, ... }:
{ {
imports = [ imports = [
@@ -13,17 +13,31 @@
}; };
settings = { settings = {
host = "ti-clt-lpt01";
applications.common.enable = true; applications.common.enable = true;
applications.alacritty.enable = true; applications.alacritty.enable = true;
applications.devenv.enable = true; applications.devenv.enable = true;
applications.firefox.enable = true; applications.firefox.enable = true;
applications.git.enable = true; applications.git.enable = true;
applications.helix.enable = true; applications.helix = {
enable = true;
markdown = true;
rust = true;
systemverilog = true;
nix = true;
latex = true;
vue = true;
};
applications.zsh.enable = true; applications.zsh.enable = true;
applications.ssh.enable = true; applications.ssh.enable = true;
applications.thunderbird.enable = true; applications.thunderbird.enable = true;
applications.yazi.enable = true; applications.yazi.enable = true;
applications.zellij.enable = true; applications.zellij.enable = true;
applications.wezterm.enable = true;
applications.nushell.enable = false;
applications.typst.enable = true;
# applications.obs-studio.enable = true;
services.nextcloud-sync.enable = true; services.nextcloud-sync.enable = true;
@@ -33,15 +47,16 @@
theming.stylix.theme = "da-one-ocean"; theming.stylix.theme = "da-one-ocean";
desktop-environments.hyprland.enable = false; desktop-environments.hyprland.enable = false;
desktop-environments.niri.enable = true;
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
# Desktop Applications # Desktop Applications
kdenlive
prismlauncher prismlauncher
unstable.prusa-slicer unstable.prusa-slicer
signal-desktop signal-desktop
unstable.vesktop unstable.vesktop
unstable.webcord
blender blender
unstable.freecad-wayland unstable.freecad-wayland
loupe loupe
@@ -49,6 +64,10 @@
unstable.bottles unstable.bottles
unstable.hoppscotch unstable.hoppscotch
unstable.apostrophe unstable.apostrophe
unstable.surfer # waveform viewer
unstable.vscode
pomodoro-gtk
unstable.brave
# Office # Office
libreoffice libreoffice
@@ -56,10 +75,6 @@
# Image editing # Image editing
gimp gimp
inkscape inkscape
unstable.obs-studio
# Development
unstable.drawio
unstable.moonlight-qt unstable.moonlight-qt
@@ -67,7 +82,6 @@
(import ../../modules/scripts/save_image.nix { inherit pkgs; }) (import ../../modules/scripts/save_image.nix { inherit pkgs; })
]; ];
# Enable home-manager # Enable home-manager
programs.home-manager.enable = true; programs.home-manager.enable = true;

37
hosts/ti-clt-tbl01/default.nix → hosts/ti-clt-tbl01/configuration.nix
View File

@@ -6,10 +6,11 @@
./hardware-configuration.nix ./hardware-configuration.nix
# Import modules # Import modules
../../modules/system/default.nix ../../modules/system
]; ];
settings = { settings = {
hostname = "ti-clt-tbl01";
display-manager = "gdm"; display-manager = "gdm";
desktop-environments = { desktop-environments = {
cosmic.enable = false; cosmic.enable = false;
@@ -37,17 +38,11 @@
}; };
}; };
nix.settings = { # Users
experimental-features = [ "nix-command" "flakes" ]; users.users.xeovalyte = {
isNormalUser = true;
substituters = [ description = "Timo Boomers";
"https://nix-community.cachix.org" extraGroups = [ "networkmanager" "wheel" "dialout" ];
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
}; };
# Bootloader. # Bootloader.
@@ -58,24 +53,8 @@
device = "nodev"; device = "nodev";
configurationLimit = 32; configurationLimit = 32;
}; };
networking.hostName = "ti-clt-tbl01"; # Define your hostname.
users.users.xeovalyte = {
isNormalUser = true;
description = "Timo Boomers";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
};
nix.settings.trusted-users = [ "root" "xeovalyte" ];
# Prevent system freeze on high load
services.earlyoom = {
enable = true;
};
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
system.stateVersion = "24.05"; system.stateVersion = "24.11";
} }

3
hosts/ti-clt-tbl01/home.nix
View File

@@ -13,6 +13,8 @@
}; };
settings = { settings = {
host = "ti-clt-tbl01";
applications.common.enable = true; applications.common.enable = true;
applications.alacritty.enable = false; applications.alacritty.enable = false;
applications.devenv.enable = false; applications.devenv.enable = false;
@@ -24,6 +26,7 @@
applications.thunderbird.enable = false; applications.thunderbird.enable = false;
applications.yazi.enable = true; applications.yazi.enable = true;
applications.zellij.enable = false; applications.zellij.enable = false;
applications.wezterm.enable = false;
services.nextcloud-sync.enable = true; services.nextcloud-sync.enable = true;

84
hosts/v-th-ctr-01/configuration.nix Normal file
View File

@@ -0,0 +1,84 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ modulesPath, lib, ... }:
{
imports = [
# Include the default incus configuration.
"${modulesPath}/virtualisation/lxc-container.nix"
# Include the container-specific autogenerated configuration.
../../modules/system/default.nix
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
settings = {
hostname = "v-th-ctr-01";
display-manager = "none";
desktop-environments = {
cosmic.enable = false;
hyprland.enable = false;
gnome.enable = false;
};
applications = {
common.enable = true;
steam.enable = false;
thunar.enable = false;
};
services = {
docker.enable = false;
podman.enable = true;
quickemu.enable = false;
sunshine.enable = false;
garbage-collection.enable = true;
incus.enable = false;
ssh.enable = true;
};
hardware = {
fprint.enable = false;
printing.enable = false;
bluetooth.enable = false;
firewall.enable = true;
locale.enable = true;
nvidia.enable = false;
};
};
users.users.deploy = {
isNormalUser = true;
description = "Deploy";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
linger = true;
};
# networking
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
};
networking.hosts = {
"127.0.0.1" = [ "tbmrs.nl" ];
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 1080 1443 1053 ];
allowedUDPPorts = [ 1080 1443 1053 ];
};
systemd.network = {
enable = true;
networks."50-eth0" = {
matchConfig.Name = "eth0";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
};
};
}

76
hosts/v-th-ctr-01/home.nix Normal file
View File

@@ -0,0 +1,76 @@
{ pkgs, ... }:
{
imports = [
# Modules
../../modules/home/default.nix
];
config = {
home = {
username = "deploy";
homeDirectory = "/home/deploy";
};
settings = {
host = "v-th-ctr-01";
applications.common.enable = false;
applications.alacritty.enable = false;
applications.devenv.enable = false;
applications.firefox.enable = false;
applications.git.enable = false;
applications.helix.enable = true;
applications.zsh.enable = true;
applications.ssh.enable = true;
applications.thunderbird.enable = false;
applications.yazi.enable = true;
applications.zellij.enable = true;
applications.wezterm.enable = false;
services.nextcloud-sync.enable = false;
services.podman.enable = true;
services.sops.enable = true;
theming.fonts.enable = false;
theming.stylix.enable = false;
theming.stylix.wallpaper = "wallpaper-2.png";
theming.stylix.theme = "da-one-ocean";
desktop-environments.hyprland.enable = false;
containers = {
network.enable = true;
nginx.enable = true;
caddy.enable = true;
kanidm.enable = true;
forgejo.enable = true;
immich.enable = true;
homepage.enable = true;
uptime-kuma.enable = true;
pingvin-share.enable = true;
vaultwarden.enable = true;
paperless-ngx.enable = true;
beszel.enable = true;
storage.enable = true;
homeassistant.enable = true;
karakeep.enable = false;
vikunja.enable = true;
stalwart.enable = true;
linkding.enable = true;
jellyfin.enable = true;
};
};
home.packages = with pkgs; [
unstable.helix
lazygit
];
# Enable home-manager
programs.home-manager.enable = true;
home.stateVersion = "24.05";
};
}

13
justfile
View File

@@ -15,12 +15,25 @@ clean:
fmt: fmt:
nix fmt nix fmt
alias s := switch
switch: switch:
sudo nixos-rebuild switch --flake . sudo nixos-rebuild switch --flake .
home-manager switch --flake . home-manager switch --flake .
alias sw := switch-system
switch-system: switch-system:
sudo nixos-rebuild switch --flake . sudo nixos-rebuild switch --flake .
alias sh := switch-home-manager
switch-home-manager: switch-home-manager:
home-manager switch --flake . home-manager switch --flake .
alias gc := collect-garbage
collect-garbage:
sudo nix-collect-garbage -d
nix-collect-garbage -d

28
modules/home/applications/firefox.nix
View File

@@ -22,6 +22,9 @@ in {
home.packages = with pkgs; [ home.packages = with pkgs; [
unstable.firefoxpwa unstable.firefoxpwa
]; ];
stylix.targets.firefox.profileNames = [ "${config.home.username}" ];
programs.firefox = lib.mkMerge [ programs.firefox = lib.mkMerge [
{ {
enable = true; enable = true;
@@ -65,8 +68,9 @@ in {
}; };
}; };
}; };
profiles.xeovalyte = { profiles.${config.home.username} = {
bookmarks = [ bookmarks.force = true;
bookmarks.settings = [
{ {
name = "Toolbar"; name = "Toolbar";
toolbar = true; toolbar = true;
@@ -79,16 +83,16 @@ in {
url = "https://drive.google.com/drive/folders/1L5OTbn5p3i7_Nc80hc5PztiEGHKwi-I4"; url = "https://drive.google.com/drive/folders/1L5OTbn5p3i7_Nc80hc5PztiEGHKwi-I4";
} }
{ {
name = "Electricy & Magnetism"; name = "Linear algebra and Differential equations";
url = "https://brightspace.tudelft.nl/d2l/le/content/681030/Home"; url = "https://brightspace.tudelft.nl/d2l/le/content/681028/Home";
} }
{ {
name = "Calculus & Linear Algebra"; name = "Electrical Energy Fundamentals";
url = "https://brightspace.tudelft.nl/d2l/le/content/681026/Home"; url = "https://brightspace.tudelft.nl/d2l/le/content/681016/Home";
} }
{ {
name = "Digital Systems B"; name = "IP 2";
url = "https://brightspace.tudelft.nl/d2l/home/722657"; url = "https://brightspace.tudelft.nl/d2l/le/content/681022/Home";
} }
]; ];
} }
@@ -130,12 +134,12 @@ in {
definedAliases = [ "@sp" ]; definedAliases = [ "@sp" ];
}; };
"Bing".metaData.hidden = true; "bing".metaData.hidden = true;
"Google".metaData.hidden = true; "google".metaData.hidden = true;
"eBay".metaData.hidden = true; "ebay".metaData.hidden = true;
}; };
search.force = true; search.force = true;
search.default = "SearXNG"; search.default = "ddg";
settings = { settings = {
"browser.disableResetPrompt" = true; "browser.disableResetPrompt" = true;

2
modules/home/applications/git.nix
View File

@@ -35,7 +35,7 @@ in {
programs.git = mkIf cfg.lazygit.enable { programs.git = mkIf cfg.lazygit.enable {
enable = true; enable = true;
userEmail = "me+gitea@xeovalyte.dev"; userEmail = "me+gitea@xeovalyte.dev";
userName = "xeovalyte"; userName = "Timo Boomers";
extraConfig = { extraConfig = {
commit.gpgsign = true; commit.gpgsign = true;
gpg.format = "ssh"; gpg.format = "ssh";

155
modules/home/applications/helix.nix
View File

@@ -12,43 +12,79 @@ in {
Enable helix text editor Enable helix text editor
''; '';
}; };
settings.applications.helix.markdown = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable markdown language support
'';
};
settings.applications.helix.systemverilog = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable systemverilog language support
'';
};
settings.applications.helix.nix = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable nix language support
'';
};
settings.applications.helix.latex = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable latex language support
'';
};
settings.applications.helix.vue = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable vue/nuxt language support
'';
};
settings.applications.helix.rust = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable rust language support
'';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; lib.concatLists [
# Markdown (lib.optionals cfg.markdown [ unstable.marksman unstable.markdown-oxide dprint ])
unstable.marksman (lib.optionals cfg.systemverilog [ unstable.svls ])
unstable.markdown-oxide (lib.optionals cfg.nix [ unstable.nix unstable.nixpkgs-fmt ])
dprint (lib.optionals cfg.latex [ tectonic unstable.texlab ])
(lib.optionals cfg.vue [ unstable.vue-language-server unstable.typescript unstable.typescript-language-server ])
# Systemverilog
unstable.svls
# Nixos
unstable.nil
unstable.nixpkgs-fmt
# Latex
tectonic
unstable.texlab
# Vue/Nuxt
unstable.vue-language-server
unstable.typescript
]; ];
# Markdown # Markdown
home.file.".config/.dprint.json".text ='' home.file.".config/.dprint.json" = lib.mkIf cfg.markdown {
{ text = ''
"markdown": { {
"lineWidth":120, "markdown": {
}, "lineWidth":120,
"excludes": [], },
"plugins": [ "excludes": [],
"https://plugins.dprint.dev/markdown-0.16.1.wasm" "plugins": [
] "https://plugins.dprint.dev/markdown-0.16.1.wasm"
} ]
''; }
'';
};
programs.helix = { programs.helix = {
enable = true; enable = true;
@@ -58,26 +94,23 @@ in {
editor.cursor-shape = { editor.cursor-shape = {
insert = "bar"; insert = "bar";
}; };
editor.end-of-line-diagnostics = "hint";
}; };
languages = { languages = {
# Rust # Rust
language-server.rust-analyzer.config = { language-server.rust-analyzer.config = lib.mkIf cfg.rust {
cargo = { cargo = {
features = "all"; features = "all";
}; };
}; };
language-server.vuels = {
config.typescript.tsdk = "${pkgs.typescript}/lib/node_modules/typescript/lib/";
};
# Systemverilog # Systemverilog
language-server.svls = { language-server.svls = lib.mkIf cfg.systemverilog {
command = "svls"; command = "svls";
}; };
# Latex # Latex
language-server.texlab = { language-server.texlab = lib.mkIf cfg.latex {
config = { config = {
texlab.chktex = { texlab.chktex = {
onOpenAndSave = true; onOpenAndSave = true;
@@ -111,12 +144,44 @@ in {
}; };
}; };
language = [ language-server.typescript-language-server.config = lib.mkIf cfg.vue {
{ # tsserver = {
# path = "${pkgs.unstable.typescript}/bin/tsserver";
# };
plugins = [
{
name = "@vue/typescript-plugin";
location = "${pkgs.unstable.vue-language-server}/bin/vue-language-server}";
languages = ["vue"];
}
];
vue.inlayHints = {
includeInlayEnumMemberValueHints = true;
includeInlayFunctionLikeReturnTypeHints = true;
includeInlayFunctionParameterTypeHints = true;
includeInlayParameterNameHints = "all";
includeInlayParameterNameHintsWhenArgumentMatchesName = true;
includeInlayPropertyDeclarationTypeHints = true;
includeInlayVariableTypeHints = true;
};
};
# language-server.vue-language-server = {
# command = "${pkgs.vue-language-server}/bin/vue-language-server";
# args = [ "--stdio" ];
# config = {
# typescript = {
# tsdk = "${pkgs.typescript}/bin/";
# };
# };
# };
language = lib.concatLists [
(lib.optionals cfg.systemverilog [{
name = "verilog"; name = "verilog";
language-servers = [ "svls" ]; language-servers = [ "svls" ];
} }])
{ (lib.optionals cfg.markdown [{
name = "markdown"; name = "markdown";
auto-format = true; auto-format = true;
language-servers = [ "markdown-oxide" ]; language-servers = [ "markdown-oxide" ];
@@ -127,7 +192,11 @@ in {
name = "typst"; name = "typst";
auto-format = false; auto-format = false;
formatter.command = "${pkgs.typstfmt}/bin/typstfmt"; formatter.command = "${pkgs.typstfmt}/bin/typstfmt";
} }])
(lib.optionals cfg.vue [{
name = "vue";
language-servers = ["vuels" "typescript-language-server"];
}])
]; ];
}; };
}; };

37
modules/home/applications/nushell.nix Normal file
View File

@@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.applications.nushell;
in {
options = {
settings.applications.nushell.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable nushell shell
'';
default = false;
};
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
eza
bat
];
programs.bash = {
enable = false;
};
programs.nushell = {
enable = true;
};
programs.starship = {
enable = true;
enableNushellIntegration = true;
};
};
}

27
modules/home/applications/obs-studio.nix Normal file
View File

@@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.applications.obs-studio;
in {
options = {
settings.applications.obs-studio.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable obs studio with optional plugins
'';
default = false;
};
};
config = mkIf cfg.enable {
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
wlrobs
obs-vaapi #optional AMD hardware acceleration
];
};
};
}

6
modules/home/applications/ssh.nix
View File

@@ -30,6 +30,12 @@ in {
user = "git"; user = "git";
identityFile = "~/.ssh/gitea"; identityFile = "~/.ssh/gitea";
}; };
"gitlab.ewi.tudelft.nl" = {
hostname = "gitlab.ewi.tudelft.nl";
user = "tboomers";
identityFile = "~/.ssh/gitlab_tudelft";
};
}; };
addKeysToAgent = "yes"; addKeysToAgent = "yes";
}; };

24
modules/home/applications/typst.nix Normal file
View File

@@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.applications.typst;
in {
options = {
settings.applications.typst.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable typst
'';
default = false;
};
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
unstable.typst
unstable.typst-live
];
};
}

107
modules/home/applications/wezterm.nix Normal file
View File

@@ -0,0 +1,107 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.applications.wezterm;
in {
options = {
settings.applications.wezterm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable wezterm terminal
'';
};
};
config = mkIf cfg.enable {
programs.wezterm = {
enable = true;
enableZshIntegration = true;
package = pkgs.unstable.wezterm;
extraConfig = /* lua */ ''
-- Pull in the wezterm API
local wezterm = require 'wezterm'
-- This will hold the configuration.
local config = wezterm.config_builder()
local act = wezterm.action
-- This is where you actually apply your config choices
-- For example, changing the color scheme:
config.enable_tab_bar = true
config.use_fancy_tab_bar = false
config.window_decorations = "NONE"
config.tab_bar_at_bottom = true
config.keys = {
-- Pane controls
{
key = 'h',
mods = 'CTRL',
action = act.ActivatePaneDirection 'Left',
},
{
key = 'l',
mods = 'CTRL',
action = act.ActivatePaneDirection 'Right',
},
{
key = 'k',
mods = 'CTRL',
action = act.ActivatePaneDirection 'Up',
},
{
key = 'j',
mods = 'CTRL',
action = act.ActivatePaneDirection 'Down',
},
-- Pane resizing
{
key = 'H',
mods = 'CTRL',
action = act.AdjustPaneSize { 'Left', 5 },
},
{
key = 'L',
mods = 'CTRL',
action = act.AdjustPaneSize { 'Right', 5 },
},
{
key = 'K',
mods = 'CTRL',
action = act.AdjustPaneSize { 'Up', 5 },
},
{
key = 'J',
mods = 'CTRL',
action = act.AdjustPaneSize { 'Down', 5 },
},
{
key = 'q',
mods = 'CTRL',
action = act.CloseCurrentPane { confirm = false },
},
-- Tab management
{ key = '1', mods = 'ALT', action = act.ActivateTab(0) },
{ key = '2', mods = 'ALT', action = act.ActivateTab(1) },
{ key = '3', mods = 'ALT', action = act.ActivateTab(2) },
{ key = '4', mods = 'ALT', action = act.ActivateTab(3) },
{ key = '5', mods = 'ALT', action = act.ActivateTab(4) },
{
key = 'q',
mods = 'ALT',
action = act.CloseCurrentTab { confirm = false },
},
}
-- and finally, return the configuration to wezterm
return config
'';
};
};
}

41
modules/home/applications/zellij.nix
View File

@@ -1,9 +1,38 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.settings.applications.zellij; cfg = config.settings.applications.zellij;
sesh = pkgs.writeScriptBin "sesh" ''
#! /usr/bin/env sh
# Taken from https://github.com/zellij-org/zellij/issues/884#issuecomment-1851136980
# select a directory using zoxide
ZOXIDE_RESULT=$(${pkgs.zoxide}/bin/zoxide query --interactive)
# checks whether a directory has been selected
if [[ -z "$ZOXIDE_RESULT" ]]; then
# if there was no directory, select returns without executing
exit 0
fi
# extracts the directory name from the absolute path
SESSION_TITLE=$(echo "$ZOXIDE_RESULT" | sed 's#.*/##')
# get the list of sessions
SESSION_LIST=$(zellij list-sessions -n | awk '{print $1}')
# checks if SESSION_TITLE is in the session list
if echo "$SESSION_LIST" | grep -q "^$SESSION_TITLE$"; then
# if so, attach to existing session
zellij attach "$SESSION_TITLE"
else
# if not, create a new session
echo "Creating new session $SESSION_TITLE and CD $ZOXIDE_RESULT"
cd $ZOXIDE_RESULT
zellij attach -c "$SESSION_TITLE"
fi
'';
in { in {
options = { options = {
settings.applications.zellij.enable = lib.mkOption { settings.applications.zellij.enable = lib.mkOption {
@@ -19,6 +48,15 @@ in {
enable = true; enable = true;
}; };
programs.zoxide = {
enable = true;
enableZshIntegration = true;
};
home.packages = [
sesh
];
home.file.zellij = { home.file.zellij = {
target = ".config/zellij/config.kdl"; target = ".config/zellij/config.kdl";
text = '' text = ''
@@ -26,6 +64,7 @@ in {
keybinds { keybinds {
normal { normal {
bind "Ctrl e" { ToggleFloatingPanes; SwitchToMode "normal"; } bind "Ctrl e" { ToggleFloatingPanes; SwitchToMode "normal"; }
bind "Ctrl d" { Detach; }
bind "Alt 1" { GoToTab 1; } bind "Alt 1" { GoToTab 1; }
bind "Alt 2" { GoToTab 2; } bind "Alt 2" { GoToTab 2; }
bind "Alt 3" { GoToTab 3; } bind "Alt 3" { GoToTab 3; }

61
modules/home/containers/beszel.nix Normal file
View File

@@ -0,0 +1,61 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.beszel;
in {
options = {
settings.containers.beszel.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable Beszel container
'';
};
};
config = mkIf cfg.enable {
settings.services.sops.enable = true;
services.podman.containers.beszel = {
image = "henrygd/beszel:latest";
network = "proxy";
volumes = [
"%h/containers/beszel/data:/beszel_data"
"%h/containers/beszel/socket:/beszel_socket"
];
environment = {
DISABLE_PASSWORD_AUTH = false;
USER_CREATION = true;
};
};
services.podman.containers.beszel-agent = {
image = "henrygd/beszel-agent:latest";
network = "proxy";
volumes = [
"%h/containers/beszel/socket:/beszel_socket"
"/run/user/1000/podman/podman.sock:/var/run/podman.sock:ro"
"${config.sops.secrets."containers/beszel/key".path}:/run/secrets/key"
];
user = 1000;
userNS = "keep-id";
environment = {
LISTEN = "/beszel_socket/beszel.sock";
KEY_FILE = "/run/secrets/key";
DOCKER_HOST = "unix:///var/run/podman.sock";
};
};
settings.containers.caddy.routes.tbmrs-local.routes.beszel = {
host = "monitor";
url = "beszel:8090";
};
sops.secrets = {
"containers/beszel/key" = { };
};
};
}

98
modules/home/containers/caddy.nix Normal file
View File

@@ -0,0 +1,98 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.caddy;
toInternal = name: routesDef: {
name = name;
host = routesDef.host;
url = routesDef.url;
};
generateRoutes = domain: entries: lib.concatMapStrings (route: ''
@${route.name} host ${route.host}.${domain}
handle @${route.name} {
reverse_proxy ${route.url}
}
'') entries;
routesOption = lib.mkOption {
type = types.attrsOf (types.submodule {
options = {
url = mkOption {
type = types.str;
};
host = mkOption {
type = types.str;
};
};
});
};
in {
options = {
settings.containers.caddy.enable = mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable caddy container
'';
};
settings.containers.caddy.routes = mkOption {
type = lib.types.attrsOf (types.submodule {
options = {
routes = routesOption;
domain = mkOption {
type = types.str;
};
};
});
};
};
config = mkIf cfg.enable {
services.podman.containers.caddy = {
image = "localhost/tboomers/caddy-custom:latest";
network = "proxy";
networkAlias = [
"mail.tbmrs.nl"
];
ports = [
"1080:80"
"1443:443"
];
volumes = [
"%h/containers/caddy/Caddyfile:/etc/caddy/Caddyfile"
"%h/containers/caddy/acme_key:/etc/caddy/acme_key"
"%h/containers/caddy/data:/data"
];
};
settings.containers.caddy.routes = {
tbmrs.domain = "tbmrs.nl";
tbmrs-local.domain = "local.tbmrs.nl";
};
home.file."containers/caddy/Caddyfile".text = ''
*.tbmrs.nl, tbmrs.nl {
tls {
dns transip xeovalyte /etc/caddy/acme_key
resolvers 1.1.1.1
}
${generateRoutes cfg.routes.tbmrs.domain (mapAttrsToList toInternal cfg.routes.tbmrs.routes)}
}
*.local.tbmrs.nl {
tls {
dns transip xeovalyte /etc/caddy/acme_key
resolvers 1.1.1.1
}
${generateRoutes cfg.routes.tbmrs-local.domain (mapAttrsToList toInternal cfg.routes.tbmrs-local.routes)}
}
'';
};
}

37
modules/home/containers/forgejo.nix Normal file
View File

@@ -0,0 +1,37 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.forgejo;
in {
options = {
settings.containers.forgejo.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable forgejo container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.forgejo = {
image = "codeberg.org/forgejo/forgejo:11";
network = "proxy";
volumes = [
"%h/containers/forgejo/data:/data"
];
environment = {
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
FORGEJO__service__SHOW_REGISTRATION_BUTTON = false;
FORGEJO__service__ENABLE_PASSWORD_SIGNIN_FORM = false;
};
};
settings.containers.caddy.routes.tbmrs.routes.forgejo = {
host = "git";
url = "forgejo:3000";
};
};
}

36
modules/home/containers/homeassistant.nix Normal file
View File

@@ -0,0 +1,36 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.homeassistant;
in {
options = {
settings.containers.homeassistant.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable storage configuration
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.homeassistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
network = "proxy";
volumes = [
"%h/containers/homeassistant/config:/config"
];
userNS = "keep-id";
environment = {
TZ = "Europe/Amsterdam";
};
};
settings.containers.caddy.routes.tbmrs-local.routes.home-assistant = {
host = "home-assistant";
url = "homeassistant:8123";
};
};
}

191
modules/home/containers/homepage.nix Normal file
View File

@@ -0,0 +1,191 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.containers.homepage;
in {
options = {
settings.containers.homepage.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable homepage container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.homepage = {
image = "ghcr.io/gethomepage/homepage:latest";
network = "proxy";
volumes = [
"%h/containers/homepage/config:/app/config"
"%h/containers/homepage/config/settings.yaml:/app/config/settings.yaml"
"%h/containers/homepage/config/services.yaml:/app/config/services.yaml"
"%h/containers/homepage/config/docker.yaml:/app/config/docker.yaml"
"/run/user/1000/podman/podman.sock:/var/run/podman.sock:ro"
];
userNS = "keep-id";
environment = {
HOMEPAGE_ALLOWED_HOSTS = "home.tbmrs.nl";
};
};
settings.containers.caddy.routes.tbmrs.routes.homepage = {
host = "home";
url = "homepage:3000";
};
home.file."containers/homepage/config/settings.yaml".source = (pkgs.formats.yaml { }).generate "settings" {
title = "Timo's Server";
description = "server from Timo";
theme = "dark";
color = "slate";
layout = {
Services = {
style = "row";
columns = "4";
};
Infra = {
style = "row";
columns = "4";
};
};
};
home.file."containers/homepage/config/services.yaml".source = (pkgs.formats.yaml { }).generate "services" [
{
"Services" = [
{
"Forgejo" = {
href = "https://git.tbmrs.nl";
description = "Git server";
icon = "forgejo";
server = "podman";
container = "forgejo";
};
}
{
"Immich" = {
href = "https://photos.tbmrs.nl";
description = "Photo's and videos";
icon = "immich";
server = "podman";
container = "immich-server";
};
}
{
"Pingvin" = {
href = "https://share.tbmrs.nl";
description = "File sharing";
icon = "pingvin-share";
server = "podman";
container = "pingvin-share";
};
}
{
"Vaultwarden" = {
href = "https://vault.local.tbmrs.nl";
description = "Password management";
icon = "vaultwarden";
server = "podman";
container = "vaultwarden";
};
}
{
"Paperless" = {
href = "https://paperless.local.tbmrs.nl";
description = "Documents management";
icon = "paperless-ngx";
server = "podman";
container = "paperless-ngx";
};
}
{
"Home Assistant" = {
href = "https://home-assistant.local.tbmrs.nl";
description = "Home automation";
icon = "home-assistant";
server = "podman";
container = "homeassistant";
};
}
{
"Syncthing" = {
href = "https://syncthing.local.tbmrs.nl";
description = "File syncronisation";
icon = "syncthing";
server = "podman";
container = "syncthing";
};
}
{
"Dufs" = {
href = "https://files.tbmrs.nl";
description = "File management";
icon = "dufs";
server = "podman";
container = "dufs";
};
}
{
"Linkding" = {
href = "https://links.local.tbmrs.nl";
description = "Bookmarks";
icon = "linkding";
server = "podman";
container = "linkding";
};
}
{
"Stalwart" = {
href = "https://mail.tbmrs.nl";
description = "Mailserver";
icon = "stalwart";
server = "podman";
container = "stalwart";
};
}
];
}
{
"Infra" = [
{
"Kanidm" = {
href = "https://auth.tbmrs.nl";
description = "Oauth2 and ldap provider";
icon = "kanidm";
server = "podman";
container = "kanidm";
};
}
{
"Uptime Kuma" = {
href = "https://uptime.tbmrs.nl";
description = "Uptime and status";
icon = "uptime-kuma";
server = "podman";
container = "uptime-kuma";
};
}
{
"Beszel" = {
href = "https://monitor.local.tbmrs.nl";
description = "Server monitoring";
icon = "beszel";
server = "podman";
container = "beszel";
};
}
];
}
];
home.file."containers/homepage/config/docker.yaml".source = (pkgs.formats.yaml {}).generate "docker" {
podman = {
socket = "/var/run/podman.sock";
};
};
};
}

80
modules/home/containers/immich.nix Normal file
View File

@@ -0,0 +1,80 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.immich;
in {
options = {
settings.containers.immich.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable immich container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.immich-server = {
image = "ghcr.io/immich-app/immich-server:release";
network = "proxy";
volumes = [
"%h/containers/immich/upload:/usr/src/app/upload"
"/etc/localtime:/etc/localtime:ro"
];
extraConfig = {
Unit = {
After = [
"podman-immich-redis.service"
"podman-immich-database.service"
];
Requires = [
"podman-immich-redis.service"
"podman-immich-database.service"
];
};
};
environment = {
DB_PASSWORD = "changeme";
DB_USERNAME = "postgres";
DB_DATABASE_NAME = "immich";
DB_HOSTNAME = "immich-database";
REDIS_HOSTNAME = "immich-redis";
};
};
services.podman.containers.immich-machine-learning = {
image = "ghcr.io/immich-app/immich-machine-learning:release";
network = "proxy";
volumes = [
"%h/containers/immich/model-cache:/cache"
];
};
services.podman.containers.immich-redis = {
image = "docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1";
network = "proxy";
};
services.podman.containers.immich-database = {
image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52";
network = "proxy";
volumes = [
"%h/containers/immich/database-data:/var/lib/postgresql/data"
];
environment = {
POSTGRES_PASSWORD = "changeme";
POSTGRES_USER = "postgres";
POSTGRES_DB = "immich";
POSTGRES_INITDB_ARGS = "--data-checksums";
};
exec = ''postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user", public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on'';
};
settings.containers.caddy.routes.tbmrs.routes.immich = {
host = "photos";
url = "immich-server:2283";
};
};
}

35
modules/home/containers/jellyfin.nix Normal file
View File

@@ -0,0 +1,35 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.jellyfin;
in {
options = {
settings.containers.jellyfin.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable jellyfin container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.jellyfin = {
image = "jellyfin/jellyfin";
network = "proxy";
volumes = [
"%h/containers/jellyfin/config:/config"
"%h/containers/jellyfin/cache:/cache"
"%h/media:/media"
];
userNS = "keep-id";
};
settings.containers.caddy.routes.tbmrs-local.routes.jellyfin = {
host = "stream";
url = "jellyfin:8096";
};
};
}

45
modules/home/containers/kanidm.nix Normal file
View File

@@ -0,0 +1,45 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.nginx;
in {
options = {
settings.containers.kanidm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable kanidm container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.kanidm = {
image = "kanidm/server:latest";
network = "proxy";
networkAlias = [
"auth.tbmrs.nl"
];
volumes = [
"%h/containers/kanidm/data:/data"
"%h/containers/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.tbmrs.nl:/data/keys"
];
environment = {
KANIDM_VERSION = "2";
KANIDM_BINDADDRESS = "[::]:443";
KANIDM_DB_PATH = "/data/kanidm.db";
KANIDM_TLS_CHAIN = "/data/keys/wildcard_.tbmrs.nl.crt";
KANIDM_TLS_KEY = "/data/keys/wildcard_.tbmrs.nl.key";
KANIDM_DOMAIN = "auth.tbmrs.nl";
KANIDM_ORIGIN = "https://auth.tbmrs.nl";
};
};
settings.containers.caddy.routes.tbmrs.routes.kanidm = {
host = "auth";
url = "https://auth.tbmrs.nl";
};
};
}

82
modules/home/containers/karakeep.nix Normal file
View File

@@ -0,0 +1,82 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.karakeep;
in {
options = {
settings.containers.karakeep.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable karakeep container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.karakeep = {
image = "ghcr.io/karakeep-app/karakeep:release";
network = "proxy";
volumes = [
"%h/containers/karakeep/data:/data"
];
environment = {
MEILI_ADDR = "http://karakeep-meilisearch:7700";
BROWSER_WEB_URL = "http://karakeep-chrome:9222";
DATA_DIR = "/data";
};
environmentFile = [
"${config.sops.templates."container-karakeep.env".path}"
];
extraConfig = {
Unit = {
After = [
"podman-karakeep-chrome.service"
"podman-karakeep-meilisearch.service"
];
Requires = [
"podman-karakeep-chrome.service"
"podman-karakeep-meilisearch.service"
];
};
};
};
services.podman.containers.karakeep-chrome = {
image = "gcr.io/zenika-hub/alpine-chrome:123";
network = "proxy";
exec = "--no-sandbox --disable-gpu --disable-dev-shm-usage --remote-debugging-address=0.0.0.0 --remote-debugging-port=9222 --hide-scrollbars";
};
services.podman.containers.karakeep-meilisearch = {
image = "getmeili/meilisearch:v1.13.3";
network = "proxy";
environment = {
MEILI_NO_ANALYTICS = "true";
};
volumes = [
"%h/containers/karakeep/meilisearch:/meili_data"
];
};
settings.services.sops.enable = true;
sops.secrets = {
"containers/karakeep/nextauth-secret" = { };
"containers/karakeep/meili-key" = { };
};
sops.templates = {
"container-karakeep.env" = {
content = ''
KARAKEEP_VERSION=release
NEXTAUTH_SECRET=${config.sops.placeholder."containers/karakeep/nextauth-secret"}
MEILI_MASTER_KEY=${config.sops.placeholder."containers/karakeep/meili-key"}
NEXTAUTH_URL=https://karakeep.local.tbmrs.nl
'';
};
};
};
}

58
modules/home/containers/linkding.nix Normal file
View File

@@ -0,0 +1,58 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.linkding;
in {
options = {
settings.containers.linkding.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable linkding container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.linkding = {
image = "ghcr.io/sissbruecker/linkding:latest";
network = "proxy";
volumes = [
"%h/containers/linkding/data:/etc/linkding/data"
];
environment = {
LD_ENABLE_OIDC = "True";
OIDC_RP_CLIENT_ID = "linkding";
OIDC_OP_AUTHORIZATION_ENDPOINT = "https://auth.tbmrs.nl/ui/oauth2";
OIDC_OP_TOKEN_ENDPOINT = "https://auth.tbmrs.nl/oauth2/token";
OIDC_OP_USER_ENDPOINT = "https://auth.tbmrs.nl/oauth2/openid/linkding/userinfo";
OIDC_OP_JWKS_ENDPOINT = "https://auth.tbmrs.nl/oauth2/openid/linkding/public_key.jwk";
OIDC_RP_SIGN_ALGO = "ES256";
};
environmentFile = [
"${config.sops.templates."container-linkding.env".path}"
];
};
settings.containers.caddy.routes.tbmrs-local.routes.linkding = {
host = "links";
url = "linkding:9090";
};
settings.services.sops.enable = true;
sops.templates = {
"container-linkding.env" = {
content = /*bash*/ ''
OIDC_RP_CLIENT_SECRET=${config.sops.placeholder."containers/linkding/oidc-secret"}
'';
};
};
sops.secrets = {
"containers/linkding/oidc-secret" = { };
};
};
}

25
modules/home/containers/network.nix Normal file
View File

@@ -0,0 +1,25 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.network;
in {
options = {
settings.containers.network.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable network
'';
};
};
config = mkIf cfg.enable {
services.podman.networks.proxy = {
description = "Container network for the proxy";
driver = "bridge";
autoStart = true;
};
};
}

26
modules/home/containers/nginx.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.nginx;
in {
options = {
settings.containers.nginx.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable nginx container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.nginx = {
image = "nginx";
ports = [
"8080:80"
];
};
};
}

102
modules/home/containers/paperless-ngx.nix Normal file
View File

@@ -0,0 +1,102 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.containers.paperless-ngx;
in {
options = {
settings.containers.paperless-ngx.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable Paperless NGX container
'';
};
};
config = mkIf cfg.enable {
settings.services.sops.enable = true;
services.podman.containers.paperless-ngx = {
image = "ghcr.io/paperless-ngx/paperless-ngx:latest";
network = "proxy";
volumes = [
"%h/containers/paperless-ngx/data:/usr/src/paperless/data"
"%h/containers/paperless-ngx/media:/usr/src/paperless/media"
"%h/containers/paperless-ngx/export:/usr/src/paperless/export"
"%h/containers/paperless-ngx/consume:/usr/src/paperless/consume"
"${config.sops.secrets."containers/paperless-ngx/db-password".path}:/run/secrets/db-password"
"${config.sops.secrets."containers/paperless-ngx/secret".path}:/run/secrets/secret"
"${config.sops.secrets."containers/paperless-ngx/openid-providers".path}:/run/secrets/openid-providers"
];
environment = {
PAPERLESS_REDIS = "redis://paperless-ngx-broker:6379";
PAPERLESS_DBHOST = "paperless-ngx-db";
PAPERLESS_URL = "https://paperless.local.tbmrs.nl";
PAPERLESS_DBPASS_FILE = "/run/secrets/db-password";
PAPERLESS_SECRET_KEY_FILE = "/run/secrets/secret";
PAPERLESS_DISABLE_REGULAR_LOGIN = false;
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
PAPERLESS_SOCIALACCOUNT_PROVIDERS_FILE = "/run/secrets/openid-providers";
PAPERLESS_SOCIAL_ACCOUNT_SYNC_GROUPS = true;
};
extraConfig = {
Unit = {
After = [
"sops-nix.service"
"podman-paperless-ngx-db.service"
"podman-paperless-ngx-broker.service"
];
Requires = [
"podman-paperless-ngx-db.service"
"podman-paperless-ngx-broker.service"
];
};
};
};
services.podman.containers.paperless-ngx-db = {
image = "docker.io/library/postgres:17";
network = "proxy";
volumes = [
"%h/containers/paperless-ngx/db-data:/var/lib/postgresql/data"
"${config.sops.secrets."containers/paperless-ngx/db-password".path}:/run/secrets/db-password"
];
environment = {
POSTGRES_DB = "paperless";
POSTGRES_USER = "paperless";
POSTGRES_PASSWORD_FILE = "/run/secrets/db-password";
};
extraConfig = {
Unit = {
After = [
"sops-nix.service"
];
};
};
};
services.podman.containers.paperless-ngx-broker = {
image = "docker.io/library/redis:7";
network = "proxy";
volumes = [
"%h/containers/paperless-ngx/redis-data:/data"
];
};
settings.containers.caddy.routes.tbmrs-local.routes.paperless-ngx = {
host = "paperless";
url = "paperless-ngx:8000";
};
sops.secrets = {
"containers/paperless-ngx/db-password" = { };
"containers/paperless-ngx/secret" = { };
"containers/paperless-ngx/openid-providers" = { };
};
};
}

78
modules/home/containers/pingvin-share.nix Normal file
View File

@@ -0,0 +1,78 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.containers.pingvin-share;
in {
options = {
settings.containers.pingvin-share.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable Pingvin share container
'';
};
};
config = mkIf cfg.enable {
settings.services.sops.enable = true;
services.podman.containers.pingvin-share = {
image = "ghcr.io/stonith404/pingvin-share";
network = "proxy";
volumes = [
"%h/containers/pingvin-share/data:/opt/app/backend/data"
# "%h/containers/pingvin-share/config.yaml:/opt/app/config.yaml"
"${config.sops.templates."container-pingvin.yaml".path}:/opt/app/config.yaml"
];
environment = {
TRUST_PROXY = true;
};
userNS = "keep-id";
extraConfig = {
Unit = {
After = [
"sops-nix.service"
];
};
};
};
settings.containers.caddy.routes.tbmrs.routes.pingvin = {
host = "share";
url = "pingvin-share:3000";
};
sops.templates = {
"container-pingvin.yaml" = {
content = /*yaml*/ ''
general:
secureCookies: "true"
appUrl: https://share.tbmrs.nl
showHomePage: "false"
share:
allowRegistration: "true"
maxSize: "10000000000"
oauth:
disablePassword: "false"
oidc-enabled: "true"
oidc-discoveryUri: "https://auth.tbmrs.nl/oauth2/openid/pingvin/.well-known/openid-configuration"
oidc-clientId: pingvin
oidc-clientSecret: "${config.sops.placeholder."containers/pingvin-share/oidc-secret"}"
initUser:
enabled: "true"
username: "admin"
email: "admin@example.com"
password: "my-secure-password"
isAdmin: true
ldapDN: ""
'';
};
};
sops.secrets = {
"containers/pingvin-share/oidc-secret" = { };
};
};
}

42
modules/home/containers/stalwart.nix Normal file
View File

@@ -0,0 +1,42 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.stalwart;
in {
options = {
settings.containers.stalwart.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable stalwart mailserver container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.stalwart = {
image = "stalwartlabs/mail-server:latest";
network = "proxy";
ports = [
"1025:25"
"1587:587"
"1465:465"
"1143:143"
"1993:993"
"14190:4190"
"1110:110"
"1995:995"
];
volumes = [
"%h/containers/stalwart/data:/opt/stalwart-mail"
];
};
settings.containers.caddy.routes.tbmrs.routes.stalwart = {
host = "mail";
url = "stalwart:8080";
};
};
}

60
modules/home/containers/static.nix Normal file
View File

@@ -0,0 +1,60 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.static;
in {
options = {
settings.containers.static.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable static pages containers
'';
};
};
config = mkIf cfg.enable {
settings.services.sops.enable = true;
services.podman.containers.wrbapp = {
image = "gitea.xeovalyte.dev/xeovalyte/wrbapp:latest-arm";
network = "proxy";
environmentFile = [
"${config.sops.templates."container-wrbapp.env".path}"
];
};
services.podman.containers.hunshin = {
image = "gitea.xeovalyte.dev/xeovalyte/hunshin:latest-arm";
network = "proxy";
};
services.podman.containers.bijlobke = {
image = "gitea.xeovalyte.dev/xeovalyte/bijlobke:latest-arm";
network = "proxy";
};
services.podman.containers.ardsite = {
image = "gitea.xeovalyte.dev/ardsite/ardsite:latest-arm";
network = "proxy";
};
sops.templates = {
"container-wrbapp.env" = {
content = ''
NUXT_PRIVATE_KEY_ID: "${config.sops.placeholder."containers/wrbapp/private-key-id"}"
NUXT_PRIVATE_KEY: "${config.sops.placeholder."containers/wrbapp/private-key"}"
NUXT_CLIENT_ID: "${config.sops.placeholder."containers/wrbapp/client-id"}"
'';
};
};
sops.secrets = {
"containers/wrbapp/private-key-id" = { };
"containers/wrbapp/private-key" = { };
"containers/wrbapp/client-id" = { };
};
};
}

57
modules/home/containers/storage.nix Normal file
View File

@@ -0,0 +1,57 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.storage;
in {
options = {
settings.containers.storage.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable storage configuration
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.dufs = {
image = "sigoden/dufs";
network = "proxy";
volumes = [
"%h/storage:/data"
];
userNS = "keep-id";
environment = {
DUFS_SERVE_PATH = "data";
DUFS_AUTH = "@/tboomers/public:ro|tboomers:password@/tboomers:rw";
DUFS_ALLOW_ALL = true;
};
};
services.podman.containers.syncthing = {
image = "syncthing/syncthing";
network = "proxy";
volumes = [
"%h/storage:/storage"
"%h/containers/syncthing/data:/var/syncthing"
];
userNS = "keep-id";
ports = [
"22000:22000/tcp"
"22000:22000/udp"
];
};
settings.containers.caddy.routes.tbmrs-local.routes.sycnthing = {
host = "syncthing";
url = "syncthing:8384";
};
settings.containers.caddy.routes.tbmrs.routes.dufs = {
host = "files";
url = "dufs:5000";
};
};
}

32
modules/home/containers/uptime-kuma.nix Normal file
View File

@@ -0,0 +1,32 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.uptime-kuma;
in {
options = {
settings.containers.uptime-kuma.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable uptime kuma container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.uptime-kuma = {
image = "louislam/uptime-kuma:beta";
network = "proxy";
volumes = [
"%h/containers/uptime-kuma/data:/app/data"
];
};
settings.containers.caddy.routes.tbmrs.routes.uptime-kuma = {
host = "uptime";
url = "uptime-kuma:3001";
};
};
}

37
modules/home/containers/vaultwarden.nix Normal file
View File

@@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.containers.vaultwarden;
in {
options = {
settings.containers.vaultwarden.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable Vaultwarden container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.vaultwarden = {
image = "ghcr.io/dani-garcia/vaultwarden:latest";
network = "proxy";
volumes = [
"%h/containers/vaultwarden/data:/data"
];
environment = {
DOMAIN = "https://vault.local.tbmrs.nl";
SIGNUPS_ALLOWED = true;
};
};
settings.containers.caddy.routes.tbmrs-local.routes.vaultwarden = {
host = "vault";
url = "vaultwarden:80";
};
};
}

34
modules/home/containers/vikunja.nix Normal file
View File

@@ -0,0 +1,34 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.vikunja;
in {
options = {
settings.containers.vikunja.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable vikunja container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.vikunja = {
image = "vikunja/vikunja";
network = "proxy";
userNS = "keep-id";
volumes = [
"%h/containers/vikunja/files:/app/vikunja/files"
"%h/containers/vikunja/db:/db"
];
};
settings.containers.caddy.routes.tbmrs-local.routes.vikunja = {
host = "tasks";
url = "vikunja:3456";
};
};
}

48
modules/home/default.nix
View File

@@ -1,6 +1,13 @@
{ ... }: { inputs, outputs, config, lib, ... }:
{ {
options = {
settings.host = lib.mkOption {
type = lib.types.str;
description = "Hostname";
};
};
imports = [ imports = [
./applications/alacritty.nix ./applications/alacritty.nix
./applications/common.nix ./applications/common.nix
@@ -13,12 +20,51 @@
./applications/thunderbird.nix ./applications/thunderbird.nix
./applications/yazi.nix ./applications/yazi.nix
./applications/zellij.nix ./applications/zellij.nix
./applications/wezterm.nix
./applications/nushell.nix
./applications/typst.nix
./applications/obs-studio.nix
./services/nextcloud.nix ./services/nextcloud.nix
./services/podman.nix
./services/sops.nix
./theming/fonts.nix ./theming/fonts.nix
./theming/stylix.nix ./theming/stylix.nix
./desktop-environments/hyprland/default.nix ./desktop-environments/hyprland/default.nix
./desktop-environments/niri/default.nix
./containers/network.nix
./containers/caddy.nix
./containers/kanidm.nix
./containers/nginx.nix
./containers/forgejo.nix
./containers/immich.nix
./containers/homepage.nix
./containers/uptime-kuma.nix
./containers/pingvin-share.nix
./containers/vaultwarden.nix
./containers/paperless-ngx.nix
./containers/beszel.nix
./containers/storage.nix
./containers/homeassistant.nix
./containers/karakeep.nix
./containers/vikunja.nix
./containers/stalwart.nix
./containers/static.nix
./containers/linkding.nix
./containers/jellyfin.nix
]; ];
config = {
nixpkgs = {
overlays = [
outputs.overlays.unstable-packages
outputs.overlays.additions
outputs.overlays.modifications
];
};
};
} }

2
modules/home/desktop-environments/hyprland/default.nix
View File

@@ -15,7 +15,7 @@ in {
}; };
imports = [ imports = [
./waybar.nix # ./waybar.nix
./fixes.nix ./fixes.nix
./dunst.nix ./dunst.nix
./rofi.nix ./rofi.nix

216
modules/home/desktop-environments/niri/default.nix Normal file
View File

@@ -0,0 +1,216 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let
cfg = config.settings.desktop-environments.niri;
in {
options = {
settings.desktop-environments.niri.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable niri window manager configuration
'';
default = false;
};
};
imports = [
inputs.niri.homeModules.niri
./waybar.nix
./mako.nix
./swww.nix
];
config = mkIf cfg.enable {
home.packages = with pkgs; [
fuzzel
brightnessctl
];
programs.alacritty = {
enable = true;
settings = {
window.decorations = "None";
};
};
# Configure default applications
xdg.mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "firefox.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/about" = "firefox.desktop";
"x-scheme-handler/unknown" = "firefox.desktop";
"application/pdf" = "firefox.desktop";
};
};
programs.niri.enable = true;
programs.niri.package = pkgs.unstable.niri;
programs.niri.settings.outputs = lib.mkIf (config.settings.host == "ti-clt-dsk01") {
"HDMI-A-1".position = {
x = 1920;
y = 0;
};
"DP-1".position = {
x = 0;
y = 0;
};
};
programs.niri.settings.layout = {
gaps = 8;
focus-ring = {
width = 2;
};
preset-column-widths = [
{ proportion = 1. / 3.; }
{ proportion = 1. / 2.; }
{ proportion = 2. / 3.; }
];
};
programs.niri.settings.workspaces = {
"00-app" = { name = "app"; open-on-output = "DP-1"; };
"01-term" = { name = "term"; open-on-output = "DP-1"; };
"10-web" = { name = "web"; open-on-output = "HDMI-A-1"; };
"11-mus" = { name = "mus"; open-on-output = "HDMI-A-1"; };
"12-com" = { name = "com"; open-on-output = "HDMI-A-1"; };
};
# Default startup applications
programs.niri.settings.spawn-at-startup = [
{ command = ["vesktop"]; }
{ command = ["thunderbird"]; }
{ command = ["xwayland-satellite" ":10"]; }
];
programs.niri.settings.environment.DISPLAY = ":10";
programs.niri.settings.window-rules = [
{
matches = [
{ at-startup = true; app-id = "vesktop"; }
{ at-startup = true; app-id = "thunderbird"; }
];
open-on-workspace = "com";
}
];
# Configure overview
programs.niri.settings.layer-rules = [
{
matches = [
{ namespace = "wallpaper"; }
];
place-within-backdrop = true;
}
];
programs.niri.settings.binds = with config.lib.niri.actions; {
"Mod+Shift+Slash".action = show-hotkey-overlay;
# Spawn applications
"Mod+Space".action = spawn "fuzzel";
"Mod+T".action = spawn "alacritty";
"Mod+B".action = spawn "firefox";
# Volume controls
"XF86AudioRaiseVolume".action = spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.1+";
"XF86AudioLowerVolume".action = spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.1-";
"XF86AudioMute".action = spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK" "toggle";
# Media controls
"XF86AudioPlay".action = spawn "playerctl" "play-pause";
"XF86AudioNext".action = spawn "playerctl" "next";
"XF86AudioPrev".action = spawn "playerctl" "previous";
# Brightness controls
"XF86MonBrightnessUp".action = spawn "brightnessctl" "set" "5%+";
"XF86MonBrightnessDown".action = spawn "brightnessctl" "set" "5%-";
"Mod+O".action = toggle-overview;
"Mod+Q".action = close-window;
"Mod+C".action = center-column;
"Mod+R".action = switch-preset-column-width;
"Mod+Escape".action = quit;
# Sizing
"Mod+Minus".action = set-column-width "-10%";
"Mod+Equal".action = set-column-width "+10%";
# Full screen
"Mod+F".action = maximize-column;
"Mod+Shift+F".action = fullscreen-window;
"Mod+Ctrl+F".action = expand-column-to-available-width;
# Toggle floating
"Mod+V".action = toggle-window-floating;
"Mod+Shift+V".action = switch-focus-between-floating-and-tiling;
# Print screen
"Print".action = screenshot { show-pointer=false; };
# Window focus
"Mod+H".action = focus-column-left;
"Mod+J".action = focus-window-down;
"Mod+K".action = focus-window-up;
"Mod+L".action = focus-column-right;
# Window moving
"Mod+Ctrl+H".action = move-column-left;
"Mod+Ctrl+J".action = move-window-down;
"Mod+Ctrl+K".action = move-window-up;
"Mod+Ctrl+L".action = move-column-right;
# Focus to different monitor
"Mod+Shift+H".action = focus-monitor-left;
"Mod+Shift+J".action = focus-monitor-down;
"Mod+Shift+K".action = focus-monitor-up;
"Mod+Shift+L".action = focus-monitor-right;
# Move to different monitor
"Mod+Ctrl+Shift+H".action = move-column-to-monitor-left;
"Mod+Ctrl+Shift+J".action = move-column-to-monitor-down;
"Mod+Ctrl+Shift+K".action = move-column-to-monitor-up;
"Mod+Ctrl+Shift+L".action = move-column-to-monitor-right;
# Switch workspaces
"Mod+Page_Down".action = focus-workspace-down;
"Mod+Page_Up".action = focus-workspace-up;
"Mod+U".action = focus-workspace-down;
"Mod+I".action = focus-workspace-up;
# Move workspaces
"Mod+Ctrl+Page_Down".action = move-column-to-workspace-down;
"Mod+Ctrl+Page_Up".action = move-column-to-workspace-up;
"Mod+Ctrl+U".action = move-column-to-workspace-down;
"Mod+Ctrl+I".action = move-column-to-workspace-up;
# Workspace scrolling
"Mod+WheelScrollDown" = {
action = focus-workspace-down;
cooldown-ms = 150;
};
"Mod+WheelScrollUp" = {
action = focus-workspace-up;
cooldown-ms = 150;
};
"Mod+Shift+WheelScrollDown" = {
action = focus-column-left;
cooldown-ms = 150;
};
"Mod+Shift+WheelScrollUp" = {
action = focus-column-right;
cooldown-ms = 150;
};
};
};
}

21
modules/home/desktop-environments/niri/mako.nix Normal file
View File

@@ -0,0 +1,21 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let
cfg = config.settings.desktop-environments.niri.mako;
in {
options = {
settings.desktop-environments.niri.mako.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable mako notifiaction deamon
'';
default = config.settings.desktop-environments.niri.enable;
};
};
config = mkIf cfg.enable {
services.mako.enable = true;
};
}

56
modules/home/desktop-environments/niri/swww.nix Normal file
View File

@@ -0,0 +1,56 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let
cfg = config.settings.desktop-environments.niri.swww;
in {
options = {
settings.desktop-environments.niri.swww.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable swww wallpapers deamon
'';
default = config.settings.desktop-environments.niri.enable;
};
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
swww
swaybg
];
systemd.user.services.swaybg = {
Unit = {
After = [ "graphical-session.target" ];
PartOf = [ "graphical-session.target" ];
Requisite = [ "graphical-session.target" ];
Description = "Enable swaybg wallpaper management";
};
Install = {
WantedBy = [ "niri.service"];
};
Service = {
ExecStart = ''${pkgs.swaybg}/bin/swaybg -m fill -i "%h/nix/assets/wallpaper-2-blurred.png"'';
Restart = ''on-failure'';
};
};
systemd.user.services.swww = {
Unit = {
After = [ "graphical-session.target" ];
PartOf = [ "graphical-session.target" ];
Requisite = [ "graphical-session.target" ];
Description = "Enable swww wallpaper management";
};
Install = {
WantedBy = [ "niri.service"];
};
Service = {
ExecStart = ''${pkgs.swww}/bin/swww-daemon'';
Restart = ''on-failure'';
};
};
};
}

127
modules/home/desktop-environments/niri/waybar.nix Normal file
View File

@@ -0,0 +1,127 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let
cfg = config.settings.desktop-environments.niri.waybar;
in {
options = {
settings.desktop-environments.niri.waybar.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable waybar configuration for configuration
'';
default = config.settings.desktop-environments.niri.enable;
};
};
config = mkIf cfg.enable {
stylix.targets.waybar.addCss = false;
programs.waybar = {
enable = true;
package = pkgs.unstable.waybar;
systemd.enable = true;
};
programs.waybar.settings = {
main = {
layer = "top";
position = "top";
modules-left = [
"niri/workspaces"
];
modules-center = [
"clock"
];
modules-right = [
"tray"
"network"
"pulseaudio"
"battery"
];
"clock" = {
"format" = "{:%H:%M - %d}";
};
"tray" = {
"spacing" = 8;
};
"battery" = {
"bat" = "BAT1";
"interval" = 60;
"states" = {
"warning" = 30;
"critical" = 15;
};
"format" = "{icon} {capacity}%";
"format-icons" = [ "" "" "" "" "" ];
};
"pulseaudio" = {
"format" = "{icon} {volume}%";
"format-bluetooth" = "{volume}% {icon}";
"format-muted" = "󰝟";
"format-icons" = {
"headphone" = "";
"hands-free" = "";
"headset" = "";
"phone" = "";
"portable" = "";
"car" = "";
"default" = ["" ""];
};
"scroll-step" = 1;
"on-click" = "pavucontrol";
"ignored-sinks" = ["Easy Effects Sink"];
};
"network" = {
"interface" = "wlan0";
"format" = "{ifname}";
"format-wifi" = " {essid}";
"format-ethernet" = "󰊗 {ipaddr}/{cidr}";
"format-disconnected" = "";
"tooltip-format" = "{ifname} via {gwaddr}";
"tooltip-format-wifi" = "{essid} ({signalStrength}%)";
"tooltip-format-ethernet" = "{ifname}";
"tooltip-format-disconnected" = "Disconnected";
"max-length" = 50;
};
};
};
programs.waybar.style = /* css */''
#workspaces,#window,#clock,#battery,#tray,#pulseaudio,#network {
background-color: @base01;
border-radius: 10px;
padding: 0px 10px;
margin-top: 3px;
margin-left: 5px;
margin-right: 5px;
}
#workspaces button {
padding: 0 5px;
background: transparent;
color: @base05;
border-bottom: 2px solid transparent;
border-radius: 0;
}
window#waybar {
background: transparent;
}
#workspaces button.active {
border-bottom: 2px solid @base05;
}
#network {
padding: 0 5px;
}
'';
};
}

42
modules/home/services/podman.nix Normal file
View File

@@ -0,0 +1,42 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.settings.services.podman;
in {
options = {
settings.services.podman.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable podman configuration
'';
};
settings.services.podman.systemctlAliases = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable podman systemctl aliases configuration
'';
};
};
config = mkIf cfg.enable {
services.podman = {
enable = true;
};
home.shellAliases = lib.mkIf cfg.systemctlAliases {
scu = "systemctl --user";
scus = "systemctl --user start";
scur = "systemctl --user restart";
scust = "systemctl --user stop";
scusts = "systemctl --user status";
jcu = "journalctl --user";
jcur = "journalctl --user -xe";
};
};
}

34
modules/home/services/sops.nix Normal file
View File

@@ -0,0 +1,34 @@
{ lib, config, inputs, pkgs, ... }:
with lib;
let
cfg = config.settings.services.sops;
in {
options = {
settings.services.sops.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable sops secret management
'';
default = false;
};
};
imports = [
inputs.sops-nix.homeManagerModules.sops
];
config = mkIf cfg.enable {
home.packages = with pkgs; [
sops
age
];
sops = {
age.keyFile = "/home/${config.home.username}/.config/sops/age/keys.txt"; # must have no password!
defaultSopsFile = ../../../secrets/deploy.yaml;
};
};
}

2
modules/home/theming/fonts.nix
View File

@@ -23,7 +23,7 @@ in {
font-awesome font-awesome
dejavu_fonts dejavu_fonts
roboto roboto
(nerdfonts.override { fonts = [ "DejaVuSansMono" ]; }) nerd-fonts.dejavu-sans-mono
]; ];
}; };
} }

7
modules/home/theming/stylix.nix
View File

@@ -29,7 +29,7 @@ in {
}; };
imports = [ imports = [
inputs.stylix.homeManagerModules.stylix inputs.stylix.homeModules.stylix
]; ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
@@ -43,6 +43,11 @@ in {
stylix.autoEnable = true; stylix.autoEnable = true;
stylix.fonts.monospace = {
package = pkgs.nerd-fonts.dejavu-sans-mono;
name = "DejaVuSansM Nerd Font Propo";
};
stylix.cursor = { stylix.cursor = {
package = pkgs.phinger-cursors; package = pkgs.phinger-cursors;
name = "phinger-cursors-dark"; name = "phinger-cursors-dark";

5
modules/overlays.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }:
{
}

2
modules/system/applications/common.nix
View File

@@ -22,6 +22,8 @@ in {
btop btop
git git
yazi yazi
zoxide
home-manager
just just
]; ];

40
modules/system/default.nix
View File

@@ -1,4 +1,4 @@
{ ... }: { outputs, config, lib, ... }:
{ {
imports = [ imports = [
@@ -7,7 +7,9 @@
./applications/thunar.nix ./applications/thunar.nix
./services/docker.nix ./services/docker.nix
./services/podman.nix
./services/quickemu.nix ./services/quickemu.nix
./services/ssh.nix
./services/sunshine.nix ./services/sunshine.nix
./services/garbage-collection.nix ./services/garbage-collection.nix
./services/incus.nix ./services/incus.nix
@@ -22,7 +24,43 @@
./desktop-environments/cosmic.nix ./desktop-environments/cosmic.nix
./desktop-environments/hyprland.nix ./desktop-environments/hyprland.nix
./desktop-environments/gnome.nix ./desktop-environments/gnome.nix
./desktop-environments/niri.nix
./display-managers/default.nix ./display-managers/default.nix
]; ];
options = {
settings.hostname = lib.mkOption {
type = lib.types.str;
description = ''
Set hostname of the system
'';
};
};
config = {
nixpkgs = {
overlays = [
outputs.overlays.unstable-packages
outputs.overlays.additions
outputs.overlays.modifications
];
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nix-community.cachix.org"
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
networking.hostName = config.settings.hostname;
};
} }

13
modules/system/desktop-environments/cosmic.nix
View File

@@ -1,4 +1,4 @@
{ lib, config, inputs, ... }: { lib, config, inputs, pkgs, ... }:
with lib; with lib;
@@ -14,15 +14,20 @@ in {
}; };
}; };
imports = [ # imports = [
inputs.nixos-cosmic.nixosModules.default # inputs.nixos-cosmic.nixosModules.default
]; # ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.desktopManager.cosmic.enable = true; services.desktopManager.cosmic.enable = true;
environment.sessionVariables = { environment.sessionVariables = {
COSMIC_DISABLE_DIRECT_SCANOUT = "true"; COSMIC_DISABLE_DIRECT_SCANOUT = "true";
COSMIC_DATA_CONTROL_ENABLED = 1;
}; };
environment.systemPackages = with pkgs; [
wl-clipboard-rs
];
}; };
} }

49
modules/system/desktop-environments/niri.nix Normal file
View File

@@ -0,0 +1,49 @@
{ lib, config, inputs, pkgs, ... }:
with lib;
let
cfg = config.settings.desktop-environments.niri;
in {
options = {
settings.desktop-environments.niri.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable niri desktop environment
'';
default = false;
};
};
imports = [
inputs.niri.nixosModules.niri
];
config = mkIf cfg.enable {
nix = {
settings = {
substituters = [
"https://niri.cachix.org"
];
trusted-public-keys = [
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
];
};
};
programs.niri.enable = true;
programs.niri.package = pkgs.unstable.niri;
nixpkgs.overlays = [ inputs.niri.overlays.niri ];
environment.variables.NIXOS_OZONE_WL = "1";
environment.systemPackages = with pkgs; [
wl-clipboard
wayland-utils
libsecret
cage
gamescope
xwayland-satellite-unstable
swaybg
];
};
}

3
modules/system/display-managers/default.nix
View File

@@ -7,7 +7,7 @@ let
in { in {
options = { options = {
settings.display-manager = lib.mkOption { settings.display-manager = lib.mkOption {
type = lib.types.enum ["sddm" "cosmic-greeter" "gdm"]; type = lib.types.enum ["sddm" "cosmic-greeter" "gdm" "none" "greetd"];
description = '' description = ''
Specify which display manager to use Specify which display manager to use
''; '';
@@ -18,5 +18,6 @@ in {
./sddm.nix ./sddm.nix
./cosmic-greeter.nix ./cosmic-greeter.nix
./gdm.nix ./gdm.nix
./greetd.nix
]; ];
} }

35
modules/system/display-managers/greetd.nix Normal file
View File

@@ -0,0 +1,35 @@
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.settings.display-manager;
in {
config = mkIf (cfg == "greetd") {
# systemd.services.greetd = {
# serviceConfig.Type = "idle";
# # unitConfig.After = [ "docker.service" ];
# };
systemd.services.greetd.serviceConfig = {
Type = "idle";
StandardInput = "tty";
StandardOutput = "tty";
StandardError = "journal"; # Without this errors will spam on screen
# Without these bootlogs will spam on screen
TTYReset = true;
TTYVHangup = true;
TTYVTDisallocate = true;
};
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd niri-session";
user = "greeter";
};
};
};
};
}

6
modules/system/hardware/firewall.nix
View File

@@ -1,7 +1,5 @@
{ config, lib, ... }: { config, lib, ... }:
with lib;
let let
cfg = config.settings.hardware.firewall; cfg = config.settings.hardware.firewall;
in { in {
@@ -14,9 +12,9 @@ in {
}; };
}; };
config = mkIf cfg.enable { config = {
networking.firewall = { networking.firewall = {
enable = true; enable = cfg.enable;
allowedTCPPorts = [ ]; allowedTCPPorts = [ ];
allowedUDPPorts = [ ]; allowedUDPPorts = [ ];
}; };

29
modules/system/services/podman.nix Normal file
View File

@@ -0,0 +1,29 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.settings.services.podman;
in {
options = {
settings.services.podman.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable podman configuration
'';
};
};
config = mkIf cfg.enable {
virtualisation.containers.enable = true;
virtualisation.podman = {
enable = true;
};
environment.etc."systemd/user-generators/podman-user-generator" = {
source = "${pkgs.podman}/lib/systemd/user-generators/podman-user-generator";
target = "systemd/user-generators/podman-user-generator";
};
};
}

26
modules/system/services/ssh.nix Normal file
View File

@@ -0,0 +1,26 @@
{ pkgs, config, lib, ... }:
with lib;
let
cfg = config.settings.services.ssh;
in {
options = {
settings.services.ssh.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable ssh service
'';
default = false;
};
};
config = mkIf cfg.enable {
services.openssh = {
enable = true;
ports = [ 22 ];
};
networking.firewall.allowedTCPPorts = [ 22 ];
};
}

18
overlays/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{ inputs, ...}: {
# This one brings our custom packages from the 'pkgs' directory
additions = final: prev: import ../pkgs final.pkgs;
# This one contains whatever you want to overlay
# You can change versions, add patches, set compilation flags, anything really.
# https://nixos.wiki/wiki/Overlays
modifications = final: prev: {
};
unstable-packages = final: _prev: {
unstable = import inputs.nixpkgs-unstable {
system = final.system;
config.allowUnfree = true;
};
};
}

3
pkgs/default.nix Normal file
View File

@@ -0,0 +1,3 @@
pkgs: {
}

48
secrets/deploy.yaml Normal file
View File

@@ -0,0 +1,48 @@
example-key: ENC[AES256_GCM,data:ijBs+W5luWy8bD2u9Q==,iv:SgpzREfqbgBgd8psV7Optl4nDpMmDBDsitGQZLLSAL0=,tag:E8lN8xCOye2UPs2x21c0Jw==,type:str]
containers:
pingvin-share:
oidc-secret: ENC[AES256_GCM,data:V8bFxcEfWEJvt0ZRnHRNQhQ2qCsivngRkKyDhupz9HFxBw0BZLb7U2mDothtE1XS,iv:SnnmXiZoawpZV83483esQ1TIaFTACiIUcA6hcoXsw0I=,tag:M3h/ueLRZx1oOzW2WJjJDQ==,type:str]
linkding:
oidc-secret: ENC[AES256_GCM,data:2KP6B7s9fKyg6PHKzWvvqe5TcrFvl80goQ8Gy91pW6CwOZWywcNnwsnrrSjpJL9O,iv:IlbwHY8BXB93L0UYDU9jmbXX7s6ovHQp9BUAmDBhgwk=,tag:0pnhkJVVQTYd5Jy9yPz+Kw==,type:str]
beszel:
key: ENC[AES256_GCM,data:BfhgCX2Ws/xpQ2Nz+qJv04Ag99pmOtD8js2Yq0vNEoRb7KGeoeBiJSepbXPZNWkdyRztXA/LPEbcVCQwmCzu3+emcAvsVRTX41Bxt9nQ2Kw=,iv:OS/+jF4MtwPdijXPpG2pgpJQTYyer9bms97B+kO8XhI=,tag:AYhQltmzceVaTuM//mtFYw==,type:str]
karakeep:
nextauth-secret: ENC[AES256_GCM,data:Izp5kO9dhD28mUzHOS4TqBINbbQ03spP865nrfUWbhqpx2dgW/rbExFZDXmgp1tX,iv:98su3bR8jMLr1jF5XBiNePMZ7qz4pMDQ6B4i8rMxIQQ=,tag:gyzJA6dsKy6YWkE8r5JXqg==,type:str]
meili-key: ENC[AES256_GCM,data:47t3gk/189dmtriOb37MT4XC2pwBdwr2n+22t3K7q8Hf6tX2iHaq6zg1EV6W51F/,iv:OjAmWJWmGtIsSeIFWNlqT8hv8H8LLz+WQtvlvyu9Lx0=,tag:v4acQvlJPK64l0yCVpBqCQ==,type:str]
wrbapp:
private-key-id: ENC[AES256_GCM,data:VEPNv774ZI+5IAM43BSKJr7LoGYquUpLTk3iE4xObSscDtr/pVTnZQ==,iv:HVZHRU3v/REhrb9DTsKLyfryROU2WkPzg6tM0wz8Myc=,tag:rfjNGz5B526nvLw4Pj8hQw==,type:str]
private-key: ENC[AES256_GCM,data:vZIoRJH6bc/RBeZxr+g5mLWdBYWERetRHuoqntE5Ah1FnDmmShpSwBS8wYNaAEbq2FSDSe0RSbJ5OArmnhMnp8sm/VgVjY+AYm0IqRKkLCyf4sReCZ3duHcFnO9PjYULM2ABqAUofQqFqDD3BV44eFLeTudqY3fE8lCsDT0kdzKyyNVy3esQfbmTOTBcWVc54tI8hXcKsYGPMmzaxpnYqB9pc52KI7iOeSDoXxi7cjvHKPsYBLiK71oYi8T4JtwbR/uaT02kwY9cBNWThdaUpotYFO0D71pbLjQZ6gqEcWLSeUpUROwtmWoPPmR89cwUBuSbce9ovhsYlbqAE/AjwoJFUxuhZHa6wAdsjswR9wWXs9TZFsIzQVq6uGP3S80N1z2QPQnbT4Zha29V78iQXN8/Aq27/MjCtebgnVC9+mFY0zM4/5DpTT0D9HsNYixoUmDq5CIU1VS4JB2jgC5CublSCgs2ciXEwXTA/7nfctdIrE8g1UGPPw4wk34EAIvXz+tMdar3u+fQB9b+J6BuCW4TFVAUe9Nb6SHdIeLxgCDYbtGWSDY7laLNBSWrN0JY5t4ZMXlKVYHgGCdPcmJRrS4KE7LWjLrrVOzUiIslrBRYmNNrO5LJrpBQ8UDGUVVbGMH8UCFpPlytXskhjG5msioCOQ2ctVvoTrvvA1T7zVqaMZLdP1Lzxmw8brhHX34hu5q8z+lO/whrZxgqPbZ1WZrgoBGgAwp7+tn8Ddsq/8Ui8i8g89lny45ttjGHyroh2qlt3kBTJdU71Qg8JiiWgS6Wk0AbtkGO08SGJmMgJ5CtXo0zmq6pfrDmgursM5ItuVtvutZDyD+vz1BFdrli6ZNTAXVVq5bbCGUuKAM4AgHCJ1yS75l336xUxsIiTaLD9VDHd+XWetHXQWXk8xv9y02puiQAp+fJFISGn8TZya2CigW7OsibYSc3bFaZjm72pgfFhDm0a1q9AYTuF49PuLKi/McuJctuOc/iF6mbLnotIOF6Cc64/Iie1MCjX/IJzCZWlXJE8+0n8FTR9t+d1f4EBMxL8Z+h8pp4r8B3u+8ZKIUiCTmc+PZ0Mmr+acTOjY+X04RcrVcwQz49172NHwI3/C2we0ZUaZTjxTm253ikif/xcxYjxlCCP6WERR1rI0OMFr5RvA0+2RkzIBmHQtDlHNk11Tfauz7jyWkh4RfG9PYFr40khyNSD9vX4ePWTeIEQxMcdHLlRztLc3lbxiKumivHvLYlJmZ0eodp0/RpWv1l3VyVEsvqB04lKYzm42uJe6NkWTF0l+7XCWem7IchWWxrKW0P9UqLjrN3FAif2NVu6HjAtexMLp82yRUJFiLZufssm3QB91MAUebZOIW4fURrJOQpRj2xo3p7BSe+0nb4Hd00W187Q3HHbwZXK3yPaGX/wRD3cYFMku9AMWXgewHXwynkBITk1eEiZpwy7eyCBtxaScmglEbxtTEAs7PXLeUD7iQ0eM3MV4qRL3Nu/LRUTjpKZDXs22FpHbT3jUw24JgzB7jeJiYtEa/zIlDGvY3tPuhCruvJA+W8f8TWzTYVZoJjBhwCukD7l8APeiBNT58ulUPUz8Fn2lrUmujM3pXAJUSYknmUo4urBh/zQq5DCIbAWvvrU/OHHQDu547UTjguLMbqkAVF4nlb9RPdaBaUWLPsYDNHFGuHLuNvA5b6ymMa3oDuLZZVWT3FyGXQui4sNRQceKasEH3reSOMPvNUQ0af604rzlGrJlMX8QDq2GZR/Os+jdJwWahDlwincdEaRikAF6PD0vHlKGkcvm/E278ClSRQ2l2raF54B1EZ7NZ/+t5HaztTrx85xnt1l5hA/Gms9z58PBKi69oIv389KLxhviQWUo0PsEpeFx8KIk6h6FdjJwvzKaYpmjNwt4kxK8fI73rcjaDer+FhNYsUzluKmk4KNnWSMZPTEIHRnF9RrXPbw5x+nKrJrMx3tBswBAvif5xK5jlrnIsyo3f+bc3eXpioccxidCMMmKwSzcRj8u7N9Tevsvm2NmgCgawTLubisWkOE75jJuHexWDzU6jg/ArBczKXci0L5vCKC+Aq+U9q13Hgl5hbunlKq7jVPwemj6Ko7yEZ5ohw4UhLAKgSk1uN3XXQ2f7vQvo0zArEU567uWfGp6Jw3JHGL0AxjKCPvyFqd/AhqEFj1rS7XAx4yR1Ws8cDg9Y+tA/ils8FF4m9Th9xShLFNl3zphoU8z7OB+qrqzFirbKJ0uas1j7z/7962DGhg4QOicdPvNda,iv:rMdIIc6MszxdOGX5rPQNqNrK7RbleEbKhFVcx4oWUZk=,tag:ti7O+u8PYNj2eKF7+jUfWQ==,type:str]
client-id: ENC[AES256_GCM,data:rVWPkR8RUhJL0vsUFNxBuqgfJBm4,iv:7WbzSt04QPcEf86eduT3R3K29tfVlQ6bWdBjSAHIf40=,tag:6OiHIR+7ncX4gMnH6ePj8w==,type:str]
paperless-ngx:
db-password: ENC[AES256_GCM,data:Trlr577CSZHBdaIya/UwAYGPq7Td+f7k7QeNWbpz41sIEEuBGtiOXaAi17292E2nhBCLMDsrugGVusugBo+Z7g==,iv:tDIRfThBOfHr+gGRqywlHAk/x4MkhHRFsJEp5nnlGPA=,tag:3LeYyRjgA/ZOIaFsrcEZGQ==,type:str]
secret: ENC[AES256_GCM,data:eS/hG9A87fcop0Wey8HVLM8wwVQfzN9pmxhos9GkmtW0b9lsrjq/A2k2ngyJFNN+YKTqVIATD0VbQ28WvWRj1A==,iv:zzhFaoLnskspp1S291KABLZITgcof63cjShnsZrlAmw=,tag:ZxHsyxJSfVVSaOTlDuByCw==,type:str]
openid-providers: ENC[AES256_GCM,data:AsAVxsJ6mtjj2J2CaIYeizMTyEv4bb4RUBYOIP8enB1GbGbZ7dJWvRAAgjwoYZxPkBgc8/WeVQQUzrhhg/eoKFJRQSn3e+p+83GfymVJCdQNy1yCQFqe7IwnbVBX9unHcWiUPGo1lhU4CWKDVqoL56Zt3gVoJo/cNVR4Se2xlY1TuYl7YoSm2E3LjX5eTwamChPldON5sER23dh3IRCzK5A+ep4aGyqvMdiW9U6kHyuFBEd9P8ftUHY7ZrOu41nPOg8ezbu8w8PEI8oxxSPMFszwfroIaa41Nxxgheft6SCI+/570WVw+pAaW3gxEjBw5+qv07yshJOFEC1dYVTvZK5hWRAdVcpSl7ejN+KxAANvviAxA9tvJFAyHhfvoxd3YhG9BKVWLI+ZCUelcUY80cMFXt1By/WOjxaisTuqw8JCaEICrTNevAqLN4xfvYGLyNoZLGgqCtXjT9apXcwP1YYoxDGRDCEGb46/CuUvLMLa9VHZXY4wKJTgxdqq5yR/VQMD98ATBatzfrMsfJyBuJYNXjGuPhh9kobTIThDF4vJehWevIbroSL9GGeJd5CJAODo8vAu4pRPvkCHGQQg0NGwMo1GRY3OXm5TqHBlOAHu/qGe0zd/3DS0bL+jU/qR6JpzEzv95OVxRzbyGJvVTbCGkzavvxS9IiDc3buCNuHj+RFo6xFLFl5XPPH+RvH+WtCmXDrXJJ1KqVzWEbaB0M6tGLL3gxyqUXB6zxJkCIugL5Jq7SLIdvnBRebXvDuVqTy4wRjMtHdAhsZ/f9lDxTa2QFmewg0sJhBsRt95LVlRmcZeDEy5HUqEePfhbuJCExT0ZPRmPVnKF4lphHKzRDROt5DAz6DvYaWbDtRPtTHNFVZqyZXPnarn1Xc+Iy3bfIcK+cOL2RyF/nlYnOmoIFqa5b9a,iv:ba2bri2F/B6Sp3HfpXVWZ/WMVFOPF4+DyAtdS56yNqQ=,tag:k+tPX9QDGhgLYgNC/C9kKw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1cs2p7tgk9356tjmet6526k3ghwq9we82nz6z7qggqns656paku6sx30tkg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGWWk1WE8wS1RneSswWmhj
TTgzYk1tbEdiRkl2WGcwVU9RY2YwZk9ZTzJnCm8yWDVlMXIzb1hEOFI4WVl2N3NN
Ny9VUDI1R3JTeVRmL2lsQkk0dGU4bVkKLS0tIDRxT0xzdXZUUTJxcjlDdHRJc25D
aXB4WTVoYUNXRFVCZkhnYXlsV1MxaW8KFJf3ufkinpKEG8YAAjGURUq/+p+RpaAF
kUTvl95nvmED73OcLLn6wCssoSPsi2iJWWY/7QeBh5KbGjz1ofTb1Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age12gjtehffgmepyga9vaqkurn9fyvte8n7wsklmg866z5usezvuqlsr2m5mp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldkJ3c2E0Yjdvd3dhd0hM
WTVCdFkxSGU1N3ZpT0s4UENmUjRTNGJYWHpnCkJna3lCTjR3MlAwZU02TkV5RnhK
anR3dVg4MDN4Wk05WDdEOTlBUDNRMmsKLS0tIFFUL1FVOTcxK1NkaEJOaGdRbGdn
SzhxRnVPMHg0VzJzZWhYdGZndHVIL0UKgloohouQu5rN48hy5FvouHlZO1RoIG9W
DlMH50012l4kcQ3ggP0BwuWRUq4FQ/bEpSBZoIOQriPmPQQp1qXOdA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-20T15:30:19Z"
mac: ENC[AES256_GCM,data:LHel3MmVvQ/TwEYQePjCNRZxmipPyJtssltyAIjSqdxSN6s7Kp4rbnAWSM6D/k7fVtasCCmWcqlbnHBH+M06/dIGhhjjL7HRPBj0jKgDlct7FshHAI5m+ZjrWMyzKOlKUj+2Il1d7VCdMKvC10jXoylpiunaHksaQMvagWAXDFc=,iv:0y/VL/eUw7p+u/ifnzXbZIyEfZNTv0aV5w7A9FT9A4w=,tag:RLAPe1C3DXOHjhLWM8TfEA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4