xeovalyte/nix
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: xeovalyte:a8a6776b1bb2cd4ee0abbeff40fc79669bf90e90
Branches Tags
xeovalyte:main
...
compare: xeovalyte:main
Branches Tags
xeovalyte:main

85 Commits
a8a6776b1b ... main

Author SHA1 Message Date
Timo Boomers
e28f9d5f2f Config changes... 2025-07-17 15:59:45 +02:00
Timo Boomers
6381ccf530 updated flakes inputs 2025-07-09 13:47:29 +02:00
Timo Boomers
35e7c0df79 added ppd 2025-07-08 15:23:59 +02:00
Timo Boomers
047e54ef74 removed not used padding 2025-07-08 15:15:05 +02:00
Timo Boomers
6dfad3f7f1 merge 2025-07-08 15:13:29 +02:00
Timo Boomers
74ecc77048 merges 2025-07-08 15:12:58 +02:00
Timo Boomers
5c74dc820b changed configs 2025-07-08 15:10:02 +02:00
Timo Boomers
89de487f68 added margin between modules 2025-07-08 15:08:35 +02:00
Timo Boomers
07c5526868 niri changes 2025-07-07 16:02:37 +02:00
Timo Boomers
d3bb262f7a added brightnessctl 2025-06-24 14:21:51 +02:00
Timo Boomers
d5560fd847 add brightness controls 2025-06-24 14:18:40 +02:00
Timo Boomers
751cb87d8d Added host option 2025-06-24 14:04:56 +02:00
Timo Boomers
d2cc6663e7 added greetd greeter for niri 2025-06-24 13:56:38 +02:00
Timo Boomers
64f21a317b More niri styling 2025-06-23 17:04:59 +02:00
Timo Boomers
849bd2a5e0 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-06-22 10:09:47 +02:00
Timo Boomers
79d07a5bfd Changed some configs 2025-06-22 10:09:41 +02:00
Timo Boomers
351272fc5c Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-06-20 16:35:21 +02:00
Timo Boomers
f68ff8d18c updated laptop configuration 2025-06-20 16:35:05 +02:00
Timo Boomers
f475b7b4ab added niri and samba share 2025-06-20 16:34:19 +02:00
Timo Boomers
e65e523992 added niri 2025-06-19 14:07:57 +02:00
Timo Boomers
38cb13a195 enabled bluetooth on desktop 2025-06-16 20:43:32 +02:00
Timo Boomers
fa648a174d Added obs and useful links section to README 2025-06-14 11:02:27 +02:00
Timo Boomers
95235d5ad5 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-06-11 13:14:22 +02:00
Timo Boomers
4d1b3e9911 updated flake file 2025-06-11 13:14:20 +02:00
Timo Boomers
e1fd8a07bd fixed jellyfin 2025-06-03 19:41:07 +02:00
Timo Boomers
8e9ab3aa38 fixed jellyfin 2025-06-03 19:24:36 +02:00
Timo Boomers
5da7636a42 Changed caddy config 2025-06-03 19:24:29 +02:00
Timo Boomers
9fd98e97fe changed how caddy works 2025-05-22 13:25:58 +02:00
Timo Boomers
af966ab2f3 removed packages 2025-05-22 13:21:46 +02:00
Timo Boomers
ff981dc3f4 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-22 12:07:36 +02:00
Timo Boomers
8b2bcf41d4 modified hostname 2025-05-22 12:07:19 +02:00
Timo Boomers
4874017b4f updated inputs 2025-05-22 12:06:55 +02:00
Timo Boomers
37b631f68b Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-22 11:24:58 +02:00
Timo Boomers
cc362f7b5b changed url's 2025-05-22 11:24:56 +02:00
Timo Boomers
933b9bb6d6 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-22 08:01:46 +02:00
Timo Boomers
f3bf8d650a Added caddyfile generation 2025-05-22 08:01:31 +02:00
Timo Boomers
0cdb821d5b disabled karakaeep 2025-05-22 07:57:12 +02:00
Timo Boomers
bace54a43d added age keys 2025-05-20 17:23:31 +02:00
Timo Boomers
b260743b9e updated nix flake 2025-05-20 16:41:58 +02:00
Timo Boomers
f51c7e4267 added basic raspi config 2025-05-20 16:36:44 +02:00
xeovalyte
2839974006 Delete result 2025-05-20 15:46:12 +02:00
Timo Boomers
fe6d12b060 added linkding 2025-05-20 15:36:56 +02:00
Timo Boomers
f09dfbc108 Migrated from default.nix to configuration.nix 2025-05-17 17:13:43 +02:00
Timo Boomers
ceeb4980ef recrypt keys again 2025-05-17 15:24:06 +02:00
Timo Boomers
ae43972aa3 changed age keys 2025-05-17 15:23:52 +02:00
Timo Boomers
abc634dab8 recrypt again 2025-05-17 15:17:47 +02:00
Timo Boomers
67cb031d5e Recript files 2025-05-17 15:14:20 +02:00
Timo Boomers
a321537c40 recript 2025-05-17 15:11:44 +02:00
Timo Boomers
66f7a1be30 changed rpi config 2025-05-17 15:09:05 +02:00
Timo Boomers
71390267eb added default home manager 2025-05-17 14:22:08 +02:00
Timo Boomers
be91e1e877 changed overlay 2025-05-17 14:04:55 +02:00
Timo Boomers
a6b7791093 changed x86 to arm 2025-05-17 13:59:06 +02:00
Timo Boomers
329e741553 fixed spelling mistake 2025-05-17 13:51:51 +02:00
Timo Boomers
5c9cce1e4a added home config for rpi 2025-05-17 13:50:45 +02:00
Timo Boomers
59f36caeb1 changed rpi config 2025-05-17 13:33:35 +02:00
Timo Boomers
2f90d8e0e8 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-17 13:12:28 +02:00
Timo Boomers
2df3077b80 replaced vesktop with webcord 2025-05-17 13:12:27 +02:00
Timo Boomers
1628be3e62 Added config for static sites 2025-05-16 15:28:36 +02:00
Timo Boomers
92f20c250b Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-16 14:27:57 +02:00
Timo Boomers
8ecf066196 Changed typst config 2025-05-16 14:27:55 +02:00
Timo Boomers
b072ac82e1 added stalwart 2025-05-16 13:24:35 +02:00
Timo Boomers
a79b1b7281 Added typst 2025-05-16 10:50:59 +02:00
Timo Boomers
38cb4a54b1 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-13 14:53:40 +02:00
Timo Boomers
ca45586276 Fixed cliplboard 2025-05-13 14:53:39 +02:00
Timo Boomers
51f96a1158 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-13 08:14:42 +02:00
Timo Boomers
e384a2bb8b added vscode 2025-05-13 08:14:38 +02:00
Timo Boomers
ad155e63ce Added more services 2025-05-09 13:06:35 +02:00
Timo Boomers
87b73dc10e Added podman aliases 2025-05-09 13:02:38 +02:00
Timo Boomers
6d3dea12ff Changed helix preferences 2025-05-09 12:19:47 +02:00
Timo Boomers
5c78d0c1f5 Modularized helix 2025-05-09 12:18:16 +02:00
Timo Boomers
42cab14829 disabled nushell 2025-05-09 08:43:06 +02:00
Timo Boomers
22f69febf9 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-09 08:41:44 +02:00
Timo Boomers
c1d5675927 Added wezterm and added aliases for justfile 2025-05-09 08:40:34 +02:00
Timo Boomers
86bf66c817 Added storage and home assistant 2025-05-02 16:43:52 +02:00
Timo Boomers
bde66ffbe2 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-02 08:57:28 +02:00
Timo Boomers
eb9ca5e5e1 Added nushell 2025-05-02 08:57:22 +02:00
Timo Boomers
d7056e8f38 Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix 2025-05-01 18:50:20 +02:00
Timo Boomers
9147a68f0b Reconfigured zellij configuration 2025-05-01 18:50:16 +02:00
Timo Boomers
4ab5ad76cf Added beszel to homepage 2025-04-30 15:56:19 +02:00
Timo Boomers
5f0eb27281 Added beszel monitoring 2025-04-30 15:24:02 +02:00
Timo Boomers
1a6889d561 added prototype of beszel container 2025-04-30 15:00:05 +02:00
Timo Boomers
c4f86996d9 Changed hosts 2025-04-30 14:18:34 +02:00
Timo Boomers
e17752dec4 Paperless added and fixes for old services 2025-04-30 14:17:05 +02:00
Timo Boomers
40a5f794ea Added pingvin and vaultwarden 2025-04-30 14:17:05 +02:00
Timo Boomers
b6a91b7dcb Added homepage, immich and uptime kuma 2025-04-30 14:17:05 +02:00
66 changed files with 2954 additions and 594 deletions
Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
result

7
.sops.yaml Normal file
View File

@@ -0,0 +1,7 @@
keys:
- &v-th-ctr-01 age1cs2p7tgk9356tjmet6526k3ghwq9we82nz6z7qggqns656paku6sx30tkg
- &p-th-rpi-01 age1dd7xpgnak6z6zmwa9889pjd6hmj42zaxq7ea8s47dlk3v6u5f37sldkt97
creation_rules:
- path_regex: secrets/deploy.yaml$
age: >-
age1cs2p7tgk9356tjmet6526k3ghwq9we82nz6z7qggqns656paku6sx30tkg,age12gjtehffgmepyga9vaqkurn9fyvte8n7wsklmg866z5usezvuqlsr2m5mp

72
README.md
View File

@@ -3,6 +3,7 @@
## New system install guide
### 1. Install Nixos with ISO
[Nixos download](https://nixos.org/download)
### 2. Copy hardware configuration to hosts directory
@@ -10,14 +11,85 @@
### 3. Generate ssh-keys
**Archserver**
1. `ssh-keygen -f ~/.ssh/archserver`
2. `ssh-copy-id -i ~/.ssh/archserver 192.168.1.20`
**Gitea**
1. `ssh-keygen -f ~/.ssh/gitea -t ed25519 -C "me+gitea@xeovalyte.dev"`
2. Upload to [Gitea](https://gitea.xeovalyt.dev)
3. Verify ssh key (follow instructions on Gitea)
### 4. Add SSH keys
1. `ssh-add ~/.ssh/gitea`
2. `ssh-add ~/.ssh/archserver`
## Homelab
List over services
| Service | Description | Link |
| -------------- | ---------------------------------- | ---------------------------------------------------------------------- |
| Caddy | Reverse proxy | - |
| Kanidm | Openid provider | [auth.tbmrs.nl](https://auth.tbmrs.nl) |
| Forgejo | Git provider | [git.tbmrs.nl](https://git.tbmrs.nl) |
| Immich | Photo and videos | [photos.tbmrs.nl](https://photos.tbmrs.nl) |
| Homepage | Dashboard | [home.tbmrs.nl](https://home.tbmrs.nl) |
| Uptime Kuma | Uptime monitor | [uptime.tbmrs.nl](https://uptime.tbmrs.nl) |
| Pingvin share | Sharing of files | [share.tbmrs.nl](https://share.tbmrs.nl) |
| Vaultwarden | Password manager | [vault.local.tbmrs.nl](https://vault.local.tbmrs.nl) |
| Paperless NGX | Documents management | [paperless.local.tbmrs.nl](https://paperless.local.tbmrs.nl) |
| Beszel | Resource usage | [monitor.local.tbmrs.nl](https://monitor.local.tbmrs.nl) |
| Dufs | File manager | [files.tbmrs.nl](https://files.tbmrs.nl) |
| Syncthing | File syncing | [syncthing.local.tbmrs.nl](https://syncthing.local.tbmrs.nl) |
| Home Assistant | Home automation | [home-assistant.local.tbmrs.nl](https://home-assistant.local.tbmrs.nl) |
| ~~Karakeep~~ | Bookmarking | ~~[karakeep.local.tbmrs.nl](https://karakeep.local.tbmrs.nl)~~ |
| Vikunja | Tasks management | [vikunja.local.tbmrs.nl](https://vikunja.local.tbmrs.nl) |
| Stalwart | Mailserver | [mail.tbmrs.nl](https://mail.tbmrs.nl) |
| Linkding | Bookmark managment | [links.local.tbmrs.nl](https://links.local.tbmrs.nl) |
| Jellyfin | Movies, series and music streaming | [stream.local.tbmrs.nl](https://stream.local.tbmrs.nl) |
### Todo
- Install koreader selfhosted sync
### Openid commands
#### Configure new openid client
From: [Kanidm Docs](https://kanidm.github.io/kanidm/master/integrations/oauth2/examples.html)
Replace `<service>` with the name of the service.
1. Create a new Kanidm group, and add your regular account to it:
```bash
$ kanidm group create <service>_users
$ kanidm group add-members <service>_users your_username
```
2. Create a new OAuth2 application configuration in Kanidm, configure the redirect URL, and scope access to the group:
```bash
$ kanidm system oauth2 create <service> <servicename> <service_login_url>
$ kanidm system oauth2 add-redirect-url <service> <redirect_url>
$ kanidm system oauth2 update-scope-map <service> <service>_users email openid profile groups
```
3. (Optional) Disable PKCE
```bash
$ kanidm system oauth2 warning-insecure-client-disable-pkce <service>
```
4. Get the OAuth2 client secret from Kanidm
```bash
$ kanidm system oauth2 show-basic-secret <service>
```
## Useful links
Womier keyboard permissions denied or not finding: https://github.com/the-via/releases/issues/257

BIN
assets/wallpaper-2-blurred.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.0 MiB

504
flake.lock generated
View File

@@ -5,11 +5,11 @@
"fromYaml": "fromYaml"
},
"locked": {
"lastModified": 1732200724,
"narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=",
"lastModified": 1746562888,
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "153d52373b0fb2d343592871009a286ec8837aec",
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89",
"type": "github"
},
"original": {
@@ -37,11 +37,11 @@
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1736852337,
"narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=",
"lastModified": 1748408240,
"narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5",
"rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e",
"type": "github"
},
"original": {
@@ -83,72 +83,60 @@
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1743774811,
"narHash": "sha256-oiHLDHXq7ymsMVYSg92dD1OLnKLQoU/Gf2F1GoONLCE=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "df53a7a31872faf5ca53dd0730038a62ec63ca9e",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1717312683,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"disko": {
"inputs": {
"systems": [
"stylix",
"systems"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"lastModified": 1751854533,
"narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=",
"owner": "nix-community",
"repo": "disko",
"rev": "16b74a1e304197248a1bc663280f2548dbfcae3c",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1748383148,
"narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
@@ -168,67 +156,19 @@
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"stylix",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1732369855,
"narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
"lastModified": 1744584021,
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "dadd58f630eeea41d645ee225a63f719390829dc",
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "47.2",
"ref": "48.1",
"repo": "gnome-shell",
"type": "github"
}
@@ -240,39 +180,73 @@
]
},
"locked": {
"lastModified": 1745557122,
"narHash": "sha256-eqSo9ugzsqhFgaDFYUZj943nurlX4L6f+AW0skJ4W+M=",
"lastModified": 1751810233,
"narHash": "sha256-kllkNbIqQi3VplgTMeGzuh1t8Gk8TauvkTRt93Km+tQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "dd26f75fb4ec1c731d4b1396eaf4439ce40a91c1",
"rev": "9b0873b46c9f9e4b7aa01eb634952c206af53068",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"niri": {
"inputs": {
"nixpkgs": [
"stylix",
"nixpkgs"
]
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1743808813,
"narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6",
"lastModified": 1752057206,
"narHash": "sha256-f8fNAag3K3WAq+lJr2EEu2f3xVSFLPddLgJKZRzXa3M=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "90c2edcf32d0fcb511fee9a0b8c580a18178c109",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"owner": "sodiboo",
"repo": "niri-flake",
"type": "github"
}
},
"niri-stable": {
"flake": false,
"locked": {
"lastModified": 1748151941,
"narHash": "sha256-z4viQZLgC2bIJ3VrzQnR+q2F3gAOEQpU1H5xHtX/2fs=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "8ba57fcf25d2fc9565131684a839d58703f1dae7",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"ref": "v25.05.1",
"repo": "niri",
"type": "github"
}
},
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1750791124,
"narHash": "sha256-F5iVU/hjoSHSSe0gllxm0PcAaseEtGNanYK5Ha3k2Tg=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "37458d94b288945f6cfbd3c5c233f634d59f246c",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"repo": "niri",
"type": "github"
}
},
@@ -295,34 +269,13 @@
"type": "github"
}
},
"nixos-cosmic": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1745752145,
"narHash": "sha256-SRvolJBy9oRUdfik/xtcsguQtcDHrkzq1yf5NbsLBhY=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "0ba6c63681ae317d122a5e76bc2bf556737a53d0",
"type": "github"
},
"original": {
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1745503349,
"narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=",
"lastModified": 1752048960,
"narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1",
"rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806",
"type": "github"
},
"original": {
@@ -334,11 +287,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1745526057,
"narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
"lastModified": 1751792365,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"type": "github"
},
"original": {
@@ -365,27 +318,27 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1745487689,
"narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=",
"lastModified": 1751943650,
"narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3",
"rev": "88983d4b665fb491861005137ce2b11a9f89f203",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1745526057,
"narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
"lastModified": 1751792365,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"type": "github"
},
"original": {
@@ -396,52 +349,105 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1743703532,
"narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=",
"lastModified": 1751943650,
"narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bdb91860de2f719b57eef819b5617762f7120c70",
"rev": "88983d4b665fb491861005137ce2b11a9f89f203",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-25.05",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1744868846,
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1751211869,
"narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": [
"stylix",
"flake-parts"
],
"nixpkgs": [
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1751320053,
"narHash": "sha256-3m6RMw0FbbaUUa01PNaMLoO7D99aBClmY5ed9V3vz+0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "cbde1735782f9c2bb2c63d5e05fba171a14a4670",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"niri": "niri",
"nix-colors": "nix-colors",
"nixos-cosmic": "nixos-cosmic",
"nixos-hardware": "nixos-hardware",
"nixpkgs": [
"nixos-cosmic",
"nixpkgs-stable"
],
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix",
"stylix": "stylix"
}
},
"rust-overlay": {
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixos-cosmic",
"nixpkgs"
]
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1745721366,
"narHash": "sha256-dm93104HXjKWzkrr7yAPtxpbllOSzrwFFruc+rKQHSg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "621131c9e281d1047bf8937547ed77e97c464aba",
"lastModified": 1751606940,
"narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
@@ -452,28 +458,28 @@
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"git-hooks": "git-hooks",
"flake-parts": "flake-parts",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_4",
"nur": "nur",
"systems": "systems",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-tmux": "tinted-tmux"
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1745750068,
"narHash": "sha256-LbbioU14KbJpXE0DKcPJaW6W2lB8ayHE4YddupfvU+c=",
"lastModified": 1752014016,
"narHash": "sha256-Gn6cnUPchPenxUFDt+dh7836CNu3GM13aghTabfZUrU=",
"owner": "danth",
"repo": "stylix",
"rev": "ed3f7d9ecbf2c95cc4fe633f648cb776385efd86",
"rev": "26042c1f59ae868193fa4378f85e4f6240f25ff8",
"type": "github"
},
"original": {
"owner": "danth",
"ref": "release-24.11",
"ref": "release-25.05",
"repo": "stylix",
"type": "github"
}
@@ -513,28 +519,43 @@
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1716423189,
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
"lastModified": 1735730497,
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1750770351,
"narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "5a775c6ffd6e6125947b393872cde95867d85a2a",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1743296873,
"narHash": "sha256-8IQulrb1OBSxMwdKijO9fB70ON//V32dpK9Uioy7FzY=",
"lastModified": 1751159871,
"narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "af5152c8d7546dfb4ff6df94080bf5ff54f64e3a",
"rev": "bded5e24407cec9d01bd47a317d15b9223a1546c",
"type": "github"
},
"original": {
@@ -542,6 +563,77 @@
"repo": "tinted-tmux",
"type": "github"
}
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1751158968,
"narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "86a470d94204f7652b906ab0d378e4231a5b3384",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"xwayland-satellite-stable": {
"flake": false,
"locked": {
"lastModified": 1748488455,
"narHash": "sha256-IiLr1alzKFIy5tGGpDlabQbe6LV1c9ABvkH6T5WmyRI=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "3ba30b149f9eb2bbf42cf4758d2158ca8cceef73",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"ref": "v0.6",
"repo": "xwayland-satellite",
"type": "github"
}
},
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1751228685,
"narHash": "sha256-MENtauGBhJ+kDeFaawvWGXaFG3Il6qQzjaP0RmtfM0k=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "557ebeb616e03d5e4a8049862bbbd1f02c6f020b",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"type": "github"
}
}
},
"root": "root",

134
flake.nix
View File

@@ -1,13 +1,13 @@
{
description = "Nixos configuration for Xeovalyte";
description = "Nixos configuration for Timo";
inputs = {
nixpkgs.url = "nixpkgs/nixos-24.11";
nixpkgs.url = "nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
@@ -15,131 +15,139 @@
nix-colors.url = "github:misterio77/nix-colors";
stylix.url = "github:danth/stylix/release-24.11";
stylix.url = "github:danth/stylix/release-25.05";
nixpkgs.follows = "nixos-cosmic/nixpkgs-stable";
sops-nix.url = "github:Mic92/sops-nix";
niri.url = "github:sodiboo/niri-flake";
nixos-cosmic = {
url = "github:lilyinstarlight/nixos-cosmic";
};
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, home-manager, nix-colors, stylix, nixos-cosmic, ... }:
let
system = "x86_64-linux";
overlay-unstable = final: prev: {
unstable = import nixpkgs-unstable {
config.allowUnfree = true;
localSystem = { inherit system; };
};
};
outputs = {
self,
nixpkgs,
home-manager,
nix-colors,
stylix,
sops-nix,
niri,
disko,
...
} @ inputs: let
inherit (self) outputs;
systems = [
"x86_64-linux"
"aarch64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
in
{
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system} );
overlays = import ./overlays { inherit inputs; };
nixosConfigurations = {
ti-clt-lpt01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
specialArgs = { inherit inputs outputs; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
./hosts/ti-clt-lpt01
./hosts/ti-clt-lpt01/configuration.nix
];
};
ch-clt-dsk01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
specialArgs = { inherit inputs outputs; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/ch-clt-dsk01
./hosts/ch-clt-dsk01/configuration.nix
];
};
ti-clt-tbl01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
specialArgs = { inherit inputs outputs; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
inputs.nixos-hardware.nixosModules.microsoft-surface-go
./hosts/ti-clt-tbl01
./hosts/ti-clt-tbl01/configuration.nix
];
};
# Timo's desktop
ti-clt-dsk01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
specialArgs = { inherit inputs outputs; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/ti-clt-dsk01
./hosts/ti-clt-dsk01/configuration.nix
];
};
v-th-ctr-01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
specialArgs = { inherit inputs outputs; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/v-th-ctr-01
./hosts/v-th-ctr-01/configuration.nix
];
};
# Raspberry pi
p-th-rpi-01 = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = [
./hosts/p-th-rpi-01/configuration.nix
];
};
};
homeConfigurations = {
# Timo
"xeovalyte@ti-clt-lpt01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs nix-colors; };
extraSpecialArgs = { inherit inputs outputs; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/ti-clt-lpt01/home.nix
];
};
"kiiwy@ch-clt-dsk01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs nix-colors; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/ch-clt-dsk01/home.nix
];
};
"xeovalyte@ti-clt-tbl01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs nix-colors; };
extraSpecialArgs = { inherit inputs outputs; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/ti-clt-tbl01/home.nix
];
};
"xeovalyte@ti-clt-dsk01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs nix-colors; };
extraSpecialArgs = { inherit inputs outputs; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/ti-clt-dsk01/home.nix
];
};
# Christa
"kiiwy@ch-clt-dsk01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs outputs; };
modules = [
./hosts/ch-clt-dsk01/home.nix
];
};
# Deploy
"deploy@v-th-ctr-01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs nix-colors; };
extraSpecialArgs = { inherit inputs outputs; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/v-th-ctr-01/home.nix
];
};
# Deploy
"deploy@p-th-rpi-01" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.aarch64-linux;
extraSpecialArgs = { inherit inputs outputs; };
modules = [
./hosts/p-th-rpi-01/home.nix
];
};
};
};
}

46
hosts/ch-clt-dsk01/default.nix → hosts/ch-clt-dsk01/configuration.nix
View File

@@ -6,10 +6,11 @@
./hardware-configuration.nix
# Import modules
../../modules/system/default.nix
../../modules/system
];
settings = {
hostname = "ch-clt-dsk01";
display-manager = "gdm";
desktop-environments = {
cosmic.enable = false;
@@ -37,20 +38,14 @@
};
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nix-community.cachix.org"
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
# Users
users.users.kiiwy = {
isNormalUser = true;
description = "Christa Boomers";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
};
# Bootloader.
# Bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;
@@ -59,28 +54,5 @@
configurationLimit = 32;
};
networking.hostName = "ch-clt-dsk01"; # Define your hostname.
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 443 53 ];
allowedUDPPorts = [ 80 443 53 ];
};
users.users.kiiwy = {
isNormalUser = true;
description = "Christa Boomers";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
};
nix.settings.trusted-users = [ "root" "kiiwy" ];
# Prevent system freeze on high load
services.earlyoom = {
enable = true;
};
# boot.kernelPackages = pkgs.linuxPackages_latest;
system.stateVersion = "24.05";
system.stateVersion = "24.11";
}

6
hosts/ch-clt-dsk01/home.nix
View File

@@ -13,8 +13,10 @@
};
settings = {
host = "c-clt-dsk01";
applications.common.enable = true;
applications.alacritty.enable = false;
applications.alacritty.enable = true;
applications.devenv.enable = false;
applications.firefox.enable = true;
applications.git.enable = true;
@@ -24,6 +26,7 @@
applications.thunderbird.enable = false;
applications.yazi.enable = false;
applications.zellij.enable = false;
applications.wezterm.enable = false;
services.nextcloud-sync.enable = false;
@@ -40,6 +43,7 @@
prismlauncher
unstable.signal-desktop
unstable.vesktop
unstable.webcord
unstable.prusa-slicer
blender

51
hosts/v-th-ctr-01/default.nix → hosts/p-th-rpi-01/configuration.nix
View File

@@ -1,14 +1,18 @@
{ ... }:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ modulesPath, ... }:
{
imports = [
./configuration.nix
# Import modules
./hardware-configuration.nix
# Include the container-specific autogenerated configuration.
../../modules/system/default.nix
];
settings = {
hostname = "p-th-rpi-01";
display-manager = "none";
desktop-environments = {
cosmic.enable = false;
@@ -39,38 +43,27 @@
};
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nix-community.cachix.org"
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
users.users.deploy = {
isNormalUser = true;
description = "Deploy";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
linger = true;
};
networking.hostName = "v-th-ctr-01"; # Define your hostname.
networking.firewall = {
enable = true;
allowedTCPPorts = [ 1080 1443 1053 ];
allowedUDPPorts = [ 1080 1443 1053 ];
# networking
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
};
networking.hosts = {
"127.0.0.1" = [ "tbmrs.nl" ];
};
users.users.deploy = {
isNormalUser = true;
description = "Deploy";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
networking.firewall = {
enable = true;
allowedTCPPorts = [ 1080 1443 1053 ];
allowedUDPPorts = [ 1080 1443 1053 ];
};
nix.settings.trusted-users = [ "root" "deploy" ];
system.stateVersion = "24.05";
}

76
hosts/p-th-rpi-01/home.nix Normal file
View File

@@ -0,0 +1,76 @@
{ pkgs, ... }:
{
imports = [
# Modules
../../modules/home/default.nix
];
config = {
home = {
username = "deploy";
homeDirectory = "/home/deploy";
};
settings = {
host = "p-th-rpi-01";
applications.common.enable = false;
applications.alacritty.enable = false;
applications.devenv.enable = false;
applications.firefox.enable = false;
applications.git.enable = false;
applications.helix.enable = true;
applications.zsh.enable = true;
applications.ssh.enable = true;
applications.thunderbird.enable = false;
applications.yazi.enable = true;
applications.zellij.enable = true;
applications.wezterm.enable = false;
services.nextcloud-sync.enable = false;
services.podman.enable = true;
services.sops.enable = true;
theming.fonts.enable = false;
theming.stylix.enable = false;
theming.stylix.wallpaper = "wallpaper-2.png";
theming.stylix.theme = "da-one-ocean";
desktop-environments.hyprland.enable = false;
containers = {
network.enable = true;
nginx.enable = false;
caddy.enable = true;
kanidm.enable = false;
forgejo.enable = false;
immich.enable = false;
homepage.enable = false;
uptime-kuma.enable = false;
pingvin-share.enable = false;
vaultwarden.enable = false;
paperless-ngx.enable = false;
beszel.enable = false;
storage.enable = false;
homeassistant.enable = false;
karakeep.enable = false;
vikunja.enable = false;
stalwart.enable = false;
linkding.enable = false;
static.enable = true;
};
};
home.packages = with pkgs; [
unstable.helix
lazygit
];
# Enable home-manager
programs.home-manager.enable = true;
home.stateVersion = "24.05";
};
}

97
hosts/ti-clt-dsk01/configuration.nix Normal file
View File

@@ -0,0 +1,97 @@
{ inputs, outputs, pkgs, lib, ... }:
{
imports = [
./hardware-configuration.nix
../../modules/system
];
settings = {
hostname = "ti-clt-dsk01";
display-manager = "greetd";
desktop-environments = {
cosmic.enable = false;
hyprland.enable = false;
gnome.enable = false;
niri.enable = true;
};
applications = {
common.enable = true;
steam.enable = true;
thunar.enable = false;
};
services = {
docker.enable = true;
quickemu.enable = false;
sunshine.enable = true;
garbage-collection.enable = true;
ssh.enable = true;
};
hardware = {
fprint.enable = false;
printing.enable = true;
bluetooth.enable = true;
firewall.enable = true;
locale.enable = true;
nvidia.enable = true;
};
};
# Users
users.users.xeovalyte = {
isNormalUser = true;
description = "Timo Boomers";
extraGroups = [ "wheel" ];
};
# Boot
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
};
# Networking
networking.interfaces.enp7s0.wakeOnLan.enable = true;
networking.hosts = {
"192.168.100.118" = [
"tbmrs.nl"
"auth.tbmrs.nl"
"git.tbmrs.nl"
"photos.tbmrs.nl"
"home.tbmrs.nl"
"uptime.tbmrs.nl"
"share.tbmrs.nl"
"files.tbmrs.nl"
"mail.tbmrs.nl"
"vault.local.tbmrs.nl"
"paperless.local.tbmrs.nl"
"monitor.local.tbmrs.nl"
"syncthing.local.tbmrs.nl"
"home-assistant.local.tbmrs.nl"
"tasks.local.tbmrs.nl"
"links.local.tbmrs.nl"
"stream.local.tbmrs.nl"
];
};
# Temp keyboard override
environment.systemPackages = with pkgs; [
via
vial
];
services.udev.packages = with pkgs; [
via
vial
];
# manual udev override
# services.udev.extraRules = ''
# KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", ATTRS{idVendor}=="320f", ATTRS{idProduct}=="5055", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
# '';
# state version
system.stateVersion = "24.11";
}

93
hosts/ti-clt-dsk01/default.nix
View File

@@ -1,93 +0,0 @@
{ pkgs, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Import modules
../../modules/system/default.nix
];
settings = {
display-manager = "cosmic-greeter";
desktop-environments = {
cosmic.enable = true;
hyprland.enable = false;
gnome.enable = false;
};
applications = {
common.enable = true;
steam.enable = true;
thunar.enable = false;
};
services = {
docker.enable = true;
quickemu.enable = false;
sunshine.enable = true;
garbage-collection.enable = true;
};
hardware = {
fprint.enable = false;
printing.enable = true;
bluetooth.enable = false;
firewall.enable = true;
locale.enable = true;
nvidia.enable = true;
};
};
networking.firewall = {
allowedTCPPorts = [ 3000 ];
allowedUDPPorts = [ 3000 ];
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nix-community.cachix.org"
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
# Bootloader.
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
};
# Networking configuration
networking.hostName = "ti-clt-dsk01"; # Define your hostname.
networking.interfaces.enp7s0.wakeOnLan.enable = true;
users.users.xeovalyte = {
isNormalUser = true;
description = "Timo Boomers";
extraGroups = [ "networkmanager" "wheel" "dialout" "fuse" ];
};
nix.settings.trusted-users = [ "root" "xeovalyte" ];
networking.hosts = {
"192.168.100.118" = [
"tbmrs.nl"
"auth.tbmrs.nl"
"git.tbmrs.nl"
"photos.tbmrs.nl"
"home.tbmrs.nl"
];
};
services.openssh.enable = true;
system.stateVersion = "24.05";
}

28
hosts/ti-clt-dsk01/home.nix
View File

@@ -13,17 +13,30 @@
};
settings = {
host = "ti-clt-dsk01";
applications.common.enable = true;
applications.alacritty.enable = false;
applications.devenv.enable = true;
applications.firefox.enable = true;
applications.git.enable = true;
applications.helix.enable = true;
applications.helix = {
enable = true;
markdown = true;
rust = true;
systemverilog = true;
nix = true;
latex = true;
vue = true;
};
applications.zsh.enable = true;
applications.ssh.enable = true;
applications.thunderbird.enable = true;
applications.yazi.enable = true;
applications.zellij.enable = true;
applications.wezterm.enable = true;
applications.typst.enable = true;
applications.obs-studio.enable = true;
services.nextcloud-sync.enable = true;
@@ -33,24 +46,31 @@
theming.stylix.theme = "da-one-ocean";
desktop-environments.hyprland.enable = false;
desktop-environments.niri.enable = true;
};
home.packages = with pkgs; [
unstable.prismlauncher
unstable.vesktop
vesktop
unstable.rnote
unstable.inkscape
unstable.gimp
unstable.openscad-unstable
unstable.brave
unstable.freecad
unstable.hoppscotch
hoppscotch
unstable.blender
unstable.signal-desktop
unstable.ladybird
unstable.prusa-slicer
unstable.surfer # waveform viewer
pomodoro-gtk
# Office
libreoffice
# Scripts
(import ../../modules/scripts/save_image.nix { inherit pkgs; })
];
# Enable home-manager

85
hosts/ti-clt-lpt01/default.nix → hosts/ti-clt-lpt01/configuration.nix
View File

@@ -6,15 +6,17 @@
./hardware-configuration.nix
# Import modules
../../modules/system/default.nix
../../modules/system
];
settings = {
display-manager = "cosmic-greeter";
hostname = "ti-clt-lpt01";
display-manager = "greetd";
desktop-environments = {
cosmic.enable = true;
hyprland.enable = true;
cosmic.enable = false;
hyprland.enable = false;
gnome.enable = false;
niri.enable = true;
};
applications = {
common.enable = true;
@@ -38,25 +40,20 @@
};
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nix-community.cachix.org"
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
# Users
users.users.xeovalyte = {
isNormalUser = true;
description = "Timo Boomers";
extraGroups = [ "networkmanager" "wheel" "dialout" "adbusers" ];
};
# Enable host
networking.hosts = {
"127.0.0.1" = [ "adguard.timo.bmrs.nl" "git.timo.bmrs.nl" "auth.timo.bmrs.nl" "ldap.timo.bmrs.nl" "dozzle.timo.bmrs.nl" "home.timo.bmrs.nl" "immich.timo.bmrs.nl" "paperless.timo.bmrs.nl" "search.timo.bmrs.nl" ];
};
networking.networkmanager.enable = true;
# Bootloader.
programs.nix-ld.enable = true;
programs.adb.enable = true;
services.power-profiles-daemon.enable = true;
# Boot.
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;
@@ -64,29 +61,49 @@
device = "nodev";
configurationLimit = 32;
};
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.supportedFilesystems = [ "nfs" ];
networking.hostName = "ti-clt-lpt01"; # Define your hostname.
# Networking
networking.hosts = {
"127.0.0.1" = [
"tbmrs.nl"
"auth.tbmrs.nl"
"git.tbmrs.nl"
"photos.tbmrs.nl"
"home.tbmrs.nl"
"uptime.tbmrs.nl"
"share.tbmrs.nl"
"vault.local.tbmrs.nl"
"paperless.local.tbmrs.nl"
"monitor.local.tbmrs.nl"
];
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 443 53 ];
allowedTCPPorts = [ 22 80 443 53 ];
allowedUDPPorts = [ 80 443 53 ];
};
users.users.xeovalyte = {
isNormalUser = true;
description = "Timo Boomers";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
};
nix.settings.trusted-users = [ "root" "xeovalyte" ];
# Prevent system freeze on high load
services.earlyoom = {
# Obs
programs.obs-studio = {
enable = true;
};
boot.kernelPackages = pkgs.linuxPackages_latest;
# optional Nvidia hardware acceleration
package = (
pkgs.obs-studio.override {
cudaSupport = true;
}
);
plugins = with pkgs.obs-studio-plugins; [
wlrobs
obs-vaapi #optional AMD hardware acceleration
obs-gstreamer
obs-vkcapture
];
};
system.stateVersion = "24.05";
}

29
hosts/ti-clt-lpt01/home.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, lib, inputs, ... }:
{
imports = [
@@ -13,17 +13,31 @@
};
settings = {
host = "ti-clt-lpt01";
applications.common.enable = true;
applications.alacritty.enable = true;
applications.devenv.enable = true;
applications.firefox.enable = true;
applications.git.enable = true;
applications.helix.enable = true;
applications.helix = {
enable = true;
markdown = true;
rust = true;
systemverilog = true;
nix = true;
latex = true;
vue = true;
};
applications.zsh.enable = true;
applications.ssh.enable = true;
applications.thunderbird.enable = true;
applications.yazi.enable = true;
applications.zellij.enable = true;
applications.wezterm.enable = true;
applications.nushell.enable = false;
applications.typst.enable = true;
# applications.obs-studio.enable = true;
services.nextcloud-sync.enable = true;
@@ -33,15 +47,16 @@
theming.stylix.theme = "da-one-ocean";
desktop-environments.hyprland.enable = false;
desktop-environments.niri.enable = true;
};
home.packages = with pkgs; [
# Desktop Applications
kdenlive
prismlauncher
unstable.prusa-slicer
signal-desktop
unstable.vesktop
unstable.webcord
blender
unstable.freecad-wayland
loupe
@@ -50,6 +65,9 @@
unstable.hoppscotch
unstable.apostrophe
unstable.surfer # waveform viewer
unstable.vscode
pomodoro-gtk
unstable.brave
# Office
libreoffice
@@ -57,10 +75,6 @@
# Image editing
gimp
inkscape
unstable.obs-studio
# Development
unstable.drawio
unstable.moonlight-qt
@@ -68,7 +82,6 @@
(import ../../modules/scripts/save_image.nix { inherit pkgs; })
];
# Enable home-manager
programs.home-manager.enable = true;

37
hosts/ti-clt-tbl01/default.nix → hosts/ti-clt-tbl01/configuration.nix
View File

@@ -6,10 +6,11 @@
./hardware-configuration.nix
# Import modules
../../modules/system/default.nix
../../modules/system
];
settings = {
hostname = "ti-clt-tbl01";
display-manager = "gdm";
desktop-environments = {
cosmic.enable = false;
@@ -37,17 +38,11 @@
};
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nix-community.cachix.org"
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
# Users
users.users.xeovalyte = {
isNormalUser = true;
description = "Timo Boomers";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
};
# Bootloader.
@@ -58,24 +53,8 @@
device = "nodev";
configurationLimit = 32;
};
networking.hostName = "ti-clt-tbl01"; # Define your hostname.
users.users.xeovalyte = {
isNormalUser = true;
description = "Timo Boomers";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
};
nix.settings.trusted-users = [ "root" "xeovalyte" ];
# Prevent system freeze on high load
services.earlyoom = {
enable = true;
};
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
system.stateVersion = "24.05";
system.stateVersion = "24.11";
}

3
hosts/ti-clt-tbl01/home.nix
View File

@@ -13,6 +13,8 @@
};
settings = {
host = "ti-clt-tbl01";
applications.common.enable = true;
applications.alacritty.enable = false;
applications.devenv.enable = false;
@@ -24,6 +26,7 @@
applications.thunderbird.enable = false;
applications.yazi.enable = true;
applications.zellij.enable = false;
applications.wezterm.enable = false;
services.nextcloud-sync.enable = true;

55
hosts/v-th-ctr-01/configuration.nix
View File

@@ -2,21 +2,74 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ modulesPath, ... }:
{ modulesPath, lib, ... }:
{
imports = [
# Include the default incus configuration.
"${modulesPath}/virtualisation/lxc-container.nix"
# Include the container-specific autogenerated configuration.
../../modules/system/default.nix
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
settings = {
hostname = "v-th-ctr-01";
display-manager = "none";
desktop-environments = {
cosmic.enable = false;
hyprland.enable = false;
gnome.enable = false;
};
applications = {
common.enable = true;
steam.enable = false;
thunar.enable = false;
};
services = {
docker.enable = false;
podman.enable = true;
quickemu.enable = false;
sunshine.enable = false;
garbage-collection.enable = true;
incus.enable = false;
ssh.enable = true;
};
hardware = {
fprint.enable = false;
printing.enable = false;
bluetooth.enable = false;
firewall.enable = true;
locale.enable = true;
nvidia.enable = false;
};
};
users.users.deploy = {
isNormalUser = true;
description = "Deploy";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
linger = true;
};
# networking
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
};
networking.hosts = {
"127.0.0.1" = [ "tbmrs.nl" ];
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 1080 1443 1053 ];
allowedUDPPorts = [ 1080 1443 1053 ];
};
systemd.network = {
enable = true;
networks."50-eth0" = {

20
hosts/v-th-ctr-01/home.nix
View File

@@ -13,20 +13,24 @@
};
settings = {
host = "v-th-ctr-01";
applications.common.enable = false;
applications.alacritty.enable = false;
applications.devenv.enable = false;
applications.firefox.enable = false;
applications.git.enable = false;
applications.helix.enable = false;
applications.helix.enable = true;
applications.zsh.enable = true;
applications.ssh.enable = true;
applications.thunderbird.enable = false;
applications.yazi.enable = true;
applications.zellij.enable = true;
applications.wezterm.enable = false;
services.nextcloud-sync.enable = false;
services.podman.enable = true;
services.sops.enable = true;
theming.fonts.enable = false;
theming.stylix.enable = false;
@@ -42,6 +46,20 @@
caddy.enable = true;
kanidm.enable = true;
forgejo.enable = true;
immich.enable = true;
homepage.enable = true;
uptime-kuma.enable = true;
pingvin-share.enable = true;
vaultwarden.enable = true;
paperless-ngx.enable = true;
beszel.enable = true;
storage.enable = true;
homeassistant.enable = true;
karakeep.enable = false;
vikunja.enable = true;
stalwart.enable = true;
linkding.enable = true;
jellyfin.enable = true;
};
};

13
justfile
View File

@@ -15,12 +15,25 @@ clean:
fmt:
nix fmt
alias s := switch
switch:
sudo nixos-rebuild switch --flake .
home-manager switch --flake .
alias sw := switch-system
switch-system:
sudo nixos-rebuild switch --flake .
alias sh := switch-home-manager
switch-home-manager:
home-manager switch --flake .
alias gc := collect-garbage
collect-garbage:
sudo nix-collect-garbage -d
nix-collect-garbage -d

16
modules/home/applications/firefox.nix
View File

@@ -22,6 +22,9 @@ in {
home.packages = with pkgs; [
unstable.firefoxpwa
];
stylix.targets.firefox.profileNames = [ "${config.home.username}" ];
programs.firefox = lib.mkMerge [
{
enable = true;
@@ -65,8 +68,9 @@ in {
};
};
};
profiles.xeovalyte = {
bookmarks = [
profiles.${config.home.username} = {
bookmarks.force = true;
bookmarks.settings = [
{
name = "Toolbar";
toolbar = true;
@@ -130,12 +134,12 @@ in {
definedAliases = [ "@sp" ];
};
"Bing".metaData.hidden = true;
"Google".metaData.hidden = true;
"eBay".metaData.hidden = true;
"bing".metaData.hidden = true;
"google".metaData.hidden = true;
"ebay".metaData.hidden = true;
};
search.force = true;
search.default = "SearXNG";
search.default = "ddg";
settings = {
"browser.disableResetPrompt" = true;

116
modules/home/applications/helix.nix
View File

@@ -12,37 +12,68 @@ in {
Enable helix text editor
'';
};
settings.applications.helix.markdown = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable markdown language support
'';
};
settings.applications.helix.systemverilog = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable systemverilog language support
'';
};
settings.applications.helix.nix = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable nix language support
'';
};
settings.applications.helix.latex = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable latex language support
'';
};
settings.applications.helix.vue = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable vue/nuxt language support
'';
};
settings.applications.helix.rust = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable rust language support
'';
};
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
# Markdown
unstable.marksman
unstable.markdown-oxide
dprint
# Systemverilog
unstable.svls
# Assembly
unstable.asm-lsp
# Nixos
unstable.nil
unstable.nixpkgs-fmt
# Latex
tectonic
unstable.texlab
# Vue/Nuxt
unstable.vue-language-server
unstable.typescript
unstable.typescript-language-server
home.packages = with pkgs; lib.concatLists [
(lib.optionals cfg.markdown [ unstable.marksman unstable.markdown-oxide dprint ])
(lib.optionals cfg.systemverilog [ unstable.svls ])
(lib.optionals cfg.nix [ unstable.nix unstable.nixpkgs-fmt ])
(lib.optionals cfg.latex [ tectonic unstable.texlab ])
(lib.optionals cfg.vue [ unstable.vue-language-server unstable.typescript unstable.typescript-language-server ])
];
# Markdown
home.file.".config/.dprint.json".text =''
home.file.".config/.dprint.json" = lib.mkIf cfg.markdown {
text = ''
{
"markdown": {
"lineWidth":120,
@@ -53,6 +84,7 @@ in {
]
}
'';
};
programs.helix = {
enable = true;
@@ -62,27 +94,23 @@ in {
editor.cursor-shape = {
insert = "bar";
};
editor.end-of-line-diagnostics = "hint";
};
languages = {
# Rust
language-server.rust-analyzer.config = {
language-server.rust-analyzer.config = lib.mkIf cfg.rust {
cargo = {
features = "all";
};
};
# Systemverilog
language-server.svls = {
language-server.svls = lib.mkIf cfg.systemverilog {
command = "svls";
};
# Systemverilog
language-server.asm = {
command = "asm-lsp";
};
# Latex
language-server.texlab = {
language-server.texlab = lib.mkIf cfg.latex {
config = {
texlab.chktex = {
onOpenAndSave = true;
@@ -116,7 +144,7 @@ in {
};
};
language-server.typescript-language-server.config = {
language-server.typescript-language-server.config = lib.mkIf cfg.vue {
# tsserver = {
# path = "${pkgs.unstable.typescript}/bin/tsserver";
# };
@@ -148,18 +176,12 @@ in {
# };
# };
language = [
{
language = lib.concatLists [
(lib.optionals cfg.systemverilog [{
name = "verilog";
language-servers = [ "svls" ];
}
{
name = "asm";
scope = "source.s";
language-servers = [ "asm" ];
file-types = [ "s" "S" ];
}
{
}])
(lib.optionals cfg.markdown [{
name = "markdown";
auto-format = true;
language-servers = [ "markdown-oxide" ];
@@ -170,11 +192,11 @@ in {
name = "typst";
auto-format = false;
formatter.command = "${pkgs.typstfmt}/bin/typstfmt";
}
{
}])
(lib.optionals cfg.vue [{
name = "vue";
language-servers = ["vuels" "typescript-language-server"];
}
}])
];
};
};

37
modules/home/applications/nushell.nix Normal file
View File

@@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.applications.nushell;
in {
options = {
settings.applications.nushell.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable nushell shell
'';
default = false;
};
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
eza
bat
];
programs.bash = {
enable = false;
};
programs.nushell = {
enable = true;
};
programs.starship = {
enable = true;
enableNushellIntegration = true;
};
};
}

27
modules/home/applications/obs-studio.nix Normal file
View File

@@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.applications.obs-studio;
in {
options = {
settings.applications.obs-studio.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable obs studio with optional plugins
'';
default = false;
};
};
config = mkIf cfg.enable {
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
wlrobs
obs-vaapi #optional AMD hardware acceleration
];
};
};
}

24
modules/home/applications/typst.nix Normal file
View File

@@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.applications.typst;
in {
options = {
settings.applications.typst.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable typst
'';
default = false;
};
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
unstable.typst
unstable.typst-live
];
};
}

107
modules/home/applications/wezterm.nix Normal file
View File

@@ -0,0 +1,107 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.applications.wezterm;
in {
options = {
settings.applications.wezterm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable wezterm terminal
'';
};
};
config = mkIf cfg.enable {
programs.wezterm = {
enable = true;
enableZshIntegration = true;
package = pkgs.unstable.wezterm;
extraConfig = /* lua */ ''
-- Pull in the wezterm API
local wezterm = require 'wezterm'
-- This will hold the configuration.
local config = wezterm.config_builder()
local act = wezterm.action
-- This is where you actually apply your config choices
-- For example, changing the color scheme:
config.enable_tab_bar = true
config.use_fancy_tab_bar = false
config.window_decorations = "NONE"
config.tab_bar_at_bottom = true
config.keys = {
-- Pane controls
{
key = 'h',
mods = 'CTRL',
action = act.ActivatePaneDirection 'Left',
},
{
key = 'l',
mods = 'CTRL',
action = act.ActivatePaneDirection 'Right',
},
{
key = 'k',
mods = 'CTRL',
action = act.ActivatePaneDirection 'Up',
},
{
key = 'j',
mods = 'CTRL',
action = act.ActivatePaneDirection 'Down',
},
-- Pane resizing
{
key = 'H',
mods = 'CTRL',
action = act.AdjustPaneSize { 'Left', 5 },
},
{
key = 'L',
mods = 'CTRL',
action = act.AdjustPaneSize { 'Right', 5 },
},
{
key = 'K',
mods = 'CTRL',
action = act.AdjustPaneSize { 'Up', 5 },
},
{
key = 'J',
mods = 'CTRL',
action = act.AdjustPaneSize { 'Down', 5 },
},
{
key = 'q',
mods = 'CTRL',
action = act.CloseCurrentPane { confirm = false },
},
-- Tab management
{ key = '1', mods = 'ALT', action = act.ActivateTab(0) },
{ key = '2', mods = 'ALT', action = act.ActivateTab(1) },
{ key = '3', mods = 'ALT', action = act.ActivateTab(2) },
{ key = '4', mods = 'ALT', action = act.ActivateTab(3) },
{ key = '5', mods = 'ALT', action = act.ActivateTab(4) },
{
key = 'q',
mods = 'ALT',
action = act.CloseCurrentTab { confirm = false },
},
}
-- and finally, return the configuration to wezterm
return config
'';
};
};
}

41
modules/home/applications/zellij.nix
View File

@@ -1,9 +1,38 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.applications.zellij;
sesh = pkgs.writeScriptBin "sesh" ''
#! /usr/bin/env sh
# Taken from https://github.com/zellij-org/zellij/issues/884#issuecomment-1851136980
# select a directory using zoxide
ZOXIDE_RESULT=$(${pkgs.zoxide}/bin/zoxide query --interactive)
# checks whether a directory has been selected
if [[ -z "$ZOXIDE_RESULT" ]]; then
# if there was no directory, select returns without executing
exit 0
fi
# extracts the directory name from the absolute path
SESSION_TITLE=$(echo "$ZOXIDE_RESULT" | sed 's#.*/##')
# get the list of sessions
SESSION_LIST=$(zellij list-sessions -n | awk '{print $1}')
# checks if SESSION_TITLE is in the session list
if echo "$SESSION_LIST" | grep -q "^$SESSION_TITLE$"; then
# if so, attach to existing session
zellij attach "$SESSION_TITLE"
else
# if not, create a new session
echo "Creating new session $SESSION_TITLE and CD $ZOXIDE_RESULT"
cd $ZOXIDE_RESULT
zellij attach -c "$SESSION_TITLE"
fi
'';
in {
options = {
settings.applications.zellij.enable = lib.mkOption {
@@ -19,6 +48,15 @@ in {
enable = true;
};
programs.zoxide = {
enable = true;
enableZshIntegration = true;
};
home.packages = [
sesh
];
home.file.zellij = {
target = ".config/zellij/config.kdl";
text = ''
@@ -26,6 +64,7 @@ in {
keybinds {
normal {
bind "Ctrl e" { ToggleFloatingPanes; SwitchToMode "normal"; }
bind "Ctrl d" { Detach; }
bind "Alt 1" { GoToTab 1; }
bind "Alt 2" { GoToTab 2; }
bind "Alt 3" { GoToTab 3; }

61
modules/home/containers/beszel.nix Normal file
View File

@@ -0,0 +1,61 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.beszel;
in {
options = {
settings.containers.beszel.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable Beszel container
'';
};
};
config = mkIf cfg.enable {
settings.services.sops.enable = true;
services.podman.containers.beszel = {
image = "henrygd/beszel:latest";
network = "proxy";
volumes = [
"%h/containers/beszel/data:/beszel_data"
"%h/containers/beszel/socket:/beszel_socket"
];
environment = {
DISABLE_PASSWORD_AUTH = false;
USER_CREATION = true;
};
};
services.podman.containers.beszel-agent = {
image = "henrygd/beszel-agent:latest";
network = "proxy";
volumes = [
"%h/containers/beszel/socket:/beszel_socket"
"/run/user/1000/podman/podman.sock:/var/run/podman.sock:ro"
"${config.sops.secrets."containers/beszel/key".path}:/run/secrets/key"
];
user = 1000;
userNS = "keep-id";
environment = {
LISTEN = "/beszel_socket/beszel.sock";
KEY_FILE = "/run/secrets/key";
DOCKER_HOST = "unix:///var/run/podman.sock";
};
};
settings.containers.caddy.routes.tbmrs-local.routes.beszel = {
host = "monitor";
url = "beszel:8090";
};
sops.secrets = {
"containers/beszel/key" = { };
};
};
}

63
modules/home/containers/caddy.nix
View File

@@ -4,21 +4,61 @@ with lib;
let
cfg = config.settings.containers.caddy;
toInternal = name: routesDef: {
name = name;
host = routesDef.host;
url = routesDef.url;
};
generateRoutes = domain: entries: lib.concatMapStrings (route: ''
@${route.name} host ${route.host}.${domain}
handle @${route.name} {
reverse_proxy ${route.url}
}
'') entries;
routesOption = lib.mkOption {
type = types.attrsOf (types.submodule {
options = {
url = mkOption {
type = types.str;
};
host = mkOption {
type = types.str;
};
};
});
};
in {
options = {
settings.containers.caddy.enable = lib.mkOption {
settings.containers.caddy.enable = mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable caddy container
'';
};
settings.containers.caddy.routes = mkOption {
type = lib.types.attrsOf (types.submodule {
options = {
routes = routesOption;
domain = mkOption {
type = types.str;
};
};
});
};
};
config = mkIf cfg.enable {
services.podman.containers.caddy = {
image = "localhost/tboomers/caddy-custom:latest";
network = "proxy";
networkAlias = [
"mail.tbmrs.nl"
];
ports = [
"1080:80"
"1443:443"
@@ -30,6 +70,11 @@ in {
];
};
settings.containers.caddy.routes = {
tbmrs.domain = "tbmrs.nl";
tbmrs-local.domain = "local.tbmrs.nl";
};
home.file."containers/caddy/Caddyfile".text = ''
*.tbmrs.nl, tbmrs.nl {
tls {
@@ -37,20 +82,16 @@ in {
resolvers 1.1.1.1
}
@root host tbmrs.nl
handle @root {
respond "Hello there"
${generateRoutes cfg.routes.tbmrs.domain (mapAttrsToList toInternal cfg.routes.tbmrs.routes)}
}
@kanidm host auth.tbmrs.nl
handle @kanidm {
reverse_proxy https://auth.tbmrs.nl
*.local.tbmrs.nl {
tls {
dns transip xeovalyte /etc/caddy/acme_key
resolvers 1.1.1.1
}
@forgejo host git.tbmrs.nl
handle @forgejo {
reverse_proxy forgejo:3000
}
${generateRoutes cfg.routes.tbmrs-local.domain (mapAttrsToList toInternal cfg.routes.tbmrs-local.routes)}
}
'';
};

5
modules/home/containers/forgejo.nix
View File

@@ -28,5 +28,10 @@ in {
FORGEJO__service__ENABLE_PASSWORD_SIGNIN_FORM = false;
};
};
settings.containers.caddy.routes.tbmrs.routes.forgejo = {
host = "git";
url = "forgejo:3000";
};
};
}

36
modules/home/containers/homeassistant.nix Normal file
View File

@@ -0,0 +1,36 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.homeassistant;
in {
options = {
settings.containers.homeassistant.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable storage configuration
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.homeassistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
network = "proxy";
volumes = [
"%h/containers/homeassistant/config:/config"
];
userNS = "keep-id";
environment = {
TZ = "Europe/Amsterdam";
};
};
settings.containers.caddy.routes.tbmrs-local.routes.home-assistant = {
host = "home-assistant";
url = "homeassistant:8123";
};
};
}

191
modules/home/containers/homepage.nix Normal file
View File

@@ -0,0 +1,191 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.containers.homepage;
in {
options = {
settings.containers.homepage.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable homepage container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.homepage = {
image = "ghcr.io/gethomepage/homepage:latest";
network = "proxy";
volumes = [
"%h/containers/homepage/config:/app/config"
"%h/containers/homepage/config/settings.yaml:/app/config/settings.yaml"
"%h/containers/homepage/config/services.yaml:/app/config/services.yaml"
"%h/containers/homepage/config/docker.yaml:/app/config/docker.yaml"
"/run/user/1000/podman/podman.sock:/var/run/podman.sock:ro"
];
userNS = "keep-id";
environment = {
HOMEPAGE_ALLOWED_HOSTS = "home.tbmrs.nl";
};
};
settings.containers.caddy.routes.tbmrs.routes.homepage = {
host = "home";
url = "homepage:3000";
};
home.file."containers/homepage/config/settings.yaml".source = (pkgs.formats.yaml { }).generate "settings" {
title = "Timo's Server";
description = "server from Timo";
theme = "dark";
color = "slate";
layout = {
Services = {
style = "row";
columns = "4";
};
Infra = {
style = "row";
columns = "4";
};
};
};
home.file."containers/homepage/config/services.yaml".source = (pkgs.formats.yaml { }).generate "services" [
{
"Services" = [
{
"Forgejo" = {
href = "https://git.tbmrs.nl";
description = "Git server";
icon = "forgejo";
server = "podman";
container = "forgejo";
};
}
{
"Immich" = {
href = "https://photos.tbmrs.nl";
description = "Photo's and videos";
icon = "immich";
server = "podman";
container = "immich-server";
};
}
{
"Pingvin" = {
href = "https://share.tbmrs.nl";
description = "File sharing";
icon = "pingvin-share";
server = "podman";
container = "pingvin-share";
};
}
{
"Vaultwarden" = {
href = "https://vault.local.tbmrs.nl";
description = "Password management";
icon = "vaultwarden";
server = "podman";
container = "vaultwarden";
};
}
{
"Paperless" = {
href = "https://paperless.local.tbmrs.nl";
description = "Documents management";
icon = "paperless-ngx";
server = "podman";
container = "paperless-ngx";
};
}
{
"Home Assistant" = {
href = "https://home-assistant.local.tbmrs.nl";
description = "Home automation";
icon = "home-assistant";
server = "podman";
container = "homeassistant";
};
}
{
"Syncthing" = {
href = "https://syncthing.local.tbmrs.nl";
description = "File syncronisation";
icon = "syncthing";
server = "podman";
container = "syncthing";
};
}
{
"Dufs" = {
href = "https://files.tbmrs.nl";
description = "File management";
icon = "dufs";
server = "podman";
container = "dufs";
};
}
{
"Linkding" = {
href = "https://links.local.tbmrs.nl";
description = "Bookmarks";
icon = "linkding";
server = "podman";
container = "linkding";
};
}
{
"Stalwart" = {
href = "https://mail.tbmrs.nl";
description = "Mailserver";
icon = "stalwart";
server = "podman";
container = "stalwart";
};
}
];
}
{
"Infra" = [
{
"Kanidm" = {
href = "https://auth.tbmrs.nl";
description = "Oauth2 and ldap provider";
icon = "kanidm";
server = "podman";
container = "kanidm";
};
}
{
"Uptime Kuma" = {
href = "https://uptime.tbmrs.nl";
description = "Uptime and status";
icon = "uptime-kuma";
server = "podman";
container = "uptime-kuma";
};
}
{
"Beszel" = {
href = "https://monitor.local.tbmrs.nl";
description = "Server monitoring";
icon = "beszel";
server = "podman";
container = "beszel";
};
}
];
}
];
home.file."containers/homepage/config/docker.yaml".source = (pkgs.formats.yaml {}).generate "docker" {
podman = {
socket = "/var/run/podman.sock";
};
};
};
}

80
modules/home/containers/immich.nix Normal file
View File

@@ -0,0 +1,80 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.immich;
in {
options = {
settings.containers.immich.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable immich container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.immich-server = {
image = "ghcr.io/immich-app/immich-server:release";
network = "proxy";
volumes = [
"%h/containers/immich/upload:/usr/src/app/upload"
"/etc/localtime:/etc/localtime:ro"
];
extraConfig = {
Unit = {
After = [
"podman-immich-redis.service"
"podman-immich-database.service"
];
Requires = [
"podman-immich-redis.service"
"podman-immich-database.service"
];
};
};
environment = {
DB_PASSWORD = "changeme";
DB_USERNAME = "postgres";
DB_DATABASE_NAME = "immich";
DB_HOSTNAME = "immich-database";
REDIS_HOSTNAME = "immich-redis";
};
};
services.podman.containers.immich-machine-learning = {
image = "ghcr.io/immich-app/immich-machine-learning:release";
network = "proxy";
volumes = [
"%h/containers/immich/model-cache:/cache"
];
};
services.podman.containers.immich-redis = {
image = "docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1";
network = "proxy";
};
services.podman.containers.immich-database = {
image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52";
network = "proxy";
volumes = [
"%h/containers/immich/database-data:/var/lib/postgresql/data"
];
environment = {
POSTGRES_PASSWORD = "changeme";
POSTGRES_USER = "postgres";
POSTGRES_DB = "immich";
POSTGRES_INITDB_ARGS = "--data-checksums";
};
exec = ''postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user", public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on'';
};
settings.containers.caddy.routes.tbmrs.routes.immich = {
host = "photos";
url = "immich-server:2283";
};
};
}

35
modules/home/containers/jellyfin.nix Normal file
View File

@@ -0,0 +1,35 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.jellyfin;
in {
options = {
settings.containers.jellyfin.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable jellyfin container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.jellyfin = {
image = "jellyfin/jellyfin";
network = "proxy";
volumes = [
"%h/containers/jellyfin/config:/config"
"%h/containers/jellyfin/cache:/cache"
"%h/media:/media"
];
userNS = "keep-id";
};
settings.containers.caddy.routes.tbmrs-local.routes.jellyfin = {
host = "stream";
url = "jellyfin:8096";
};
};
}

5
modules/home/containers/kanidm.nix
View File

@@ -36,5 +36,10 @@ in {
KANIDM_ORIGIN = "https://auth.tbmrs.nl";
};
};
settings.containers.caddy.routes.tbmrs.routes.kanidm = {
host = "auth";
url = "https://auth.tbmrs.nl";
};
};
}

82
modules/home/containers/karakeep.nix Normal file
View File

@@ -0,0 +1,82 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.karakeep;
in {
options = {
settings.containers.karakeep.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable karakeep container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.karakeep = {
image = "ghcr.io/karakeep-app/karakeep:release";
network = "proxy";
volumes = [
"%h/containers/karakeep/data:/data"
];
environment = {
MEILI_ADDR = "http://karakeep-meilisearch:7700";
BROWSER_WEB_URL = "http://karakeep-chrome:9222";
DATA_DIR = "/data";
};
environmentFile = [
"${config.sops.templates."container-karakeep.env".path}"
];
extraConfig = {
Unit = {
After = [
"podman-karakeep-chrome.service"
"podman-karakeep-meilisearch.service"
];
Requires = [
"podman-karakeep-chrome.service"
"podman-karakeep-meilisearch.service"
];
};
};
};
services.podman.containers.karakeep-chrome = {
image = "gcr.io/zenika-hub/alpine-chrome:123";
network = "proxy";
exec = "--no-sandbox --disable-gpu --disable-dev-shm-usage --remote-debugging-address=0.0.0.0 --remote-debugging-port=9222 --hide-scrollbars";
};
services.podman.containers.karakeep-meilisearch = {
image = "getmeili/meilisearch:v1.13.3";
network = "proxy";
environment = {
MEILI_NO_ANALYTICS = "true";
};
volumes = [
"%h/containers/karakeep/meilisearch:/meili_data"
];
};
settings.services.sops.enable = true;
sops.secrets = {
"containers/karakeep/nextauth-secret" = { };
"containers/karakeep/meili-key" = { };
};
sops.templates = {
"container-karakeep.env" = {
content = ''
KARAKEEP_VERSION=release
NEXTAUTH_SECRET=${config.sops.placeholder."containers/karakeep/nextauth-secret"}
MEILI_MASTER_KEY=${config.sops.placeholder."containers/karakeep/meili-key"}
NEXTAUTH_URL=https://karakeep.local.tbmrs.nl
'';
};
};
};
}

58
modules/home/containers/linkding.nix Normal file
View File

@@ -0,0 +1,58 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.linkding;
in {
options = {
settings.containers.linkding.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable linkding container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.linkding = {
image = "ghcr.io/sissbruecker/linkding:latest";
network = "proxy";
volumes = [
"%h/containers/linkding/data:/etc/linkding/data"
];
environment = {
LD_ENABLE_OIDC = "True";
OIDC_RP_CLIENT_ID = "linkding";
OIDC_OP_AUTHORIZATION_ENDPOINT = "https://auth.tbmrs.nl/ui/oauth2";
OIDC_OP_TOKEN_ENDPOINT = "https://auth.tbmrs.nl/oauth2/token";
OIDC_OP_USER_ENDPOINT = "https://auth.tbmrs.nl/oauth2/openid/linkding/userinfo";
OIDC_OP_JWKS_ENDPOINT = "https://auth.tbmrs.nl/oauth2/openid/linkding/public_key.jwk";
OIDC_RP_SIGN_ALGO = "ES256";
};
environmentFile = [
"${config.sops.templates."container-linkding.env".path}"
];
};
settings.containers.caddy.routes.tbmrs-local.routes.linkding = {
host = "links";
url = "linkding:9090";
};
settings.services.sops.enable = true;
sops.templates = {
"container-linkding.env" = {
content = /*bash*/ ''
OIDC_RP_CLIENT_SECRET=${config.sops.placeholder."containers/linkding/oidc-secret"}
'';
};
};
sops.secrets = {
"containers/linkding/oidc-secret" = { };
};
};
}

3
modules/home/containers/network.nix
View File

@@ -3,7 +3,7 @@
with lib;
let
cfg = config.settings.containers.nginx;
cfg = config.settings.containers.network;
in {
options = {
settings.containers.network.enable = lib.mkOption {
@@ -18,6 +18,7 @@ in {
config = mkIf cfg.enable {
services.podman.networks.proxy = {
description = "Container network for the proxy";
driver = "bridge";
autoStart = true;
};
};

102
modules/home/containers/paperless-ngx.nix Normal file
View File

@@ -0,0 +1,102 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.containers.paperless-ngx;
in {
options = {
settings.containers.paperless-ngx.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable Paperless NGX container
'';
};
};
config = mkIf cfg.enable {
settings.services.sops.enable = true;
services.podman.containers.paperless-ngx = {
image = "ghcr.io/paperless-ngx/paperless-ngx:latest";
network = "proxy";
volumes = [
"%h/containers/paperless-ngx/data:/usr/src/paperless/data"
"%h/containers/paperless-ngx/media:/usr/src/paperless/media"
"%h/containers/paperless-ngx/export:/usr/src/paperless/export"
"%h/containers/paperless-ngx/consume:/usr/src/paperless/consume"
"${config.sops.secrets."containers/paperless-ngx/db-password".path}:/run/secrets/db-password"
"${config.sops.secrets."containers/paperless-ngx/secret".path}:/run/secrets/secret"
"${config.sops.secrets."containers/paperless-ngx/openid-providers".path}:/run/secrets/openid-providers"
];
environment = {
PAPERLESS_REDIS = "redis://paperless-ngx-broker:6379";
PAPERLESS_DBHOST = "paperless-ngx-db";
PAPERLESS_URL = "https://paperless.local.tbmrs.nl";
PAPERLESS_DBPASS_FILE = "/run/secrets/db-password";
PAPERLESS_SECRET_KEY_FILE = "/run/secrets/secret";
PAPERLESS_DISABLE_REGULAR_LOGIN = false;
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
PAPERLESS_SOCIALACCOUNT_PROVIDERS_FILE = "/run/secrets/openid-providers";
PAPERLESS_SOCIAL_ACCOUNT_SYNC_GROUPS = true;
};
extraConfig = {
Unit = {
After = [
"sops-nix.service"
"podman-paperless-ngx-db.service"
"podman-paperless-ngx-broker.service"
];
Requires = [
"podman-paperless-ngx-db.service"
"podman-paperless-ngx-broker.service"
];
};
};
};
services.podman.containers.paperless-ngx-db = {
image = "docker.io/library/postgres:17";
network = "proxy";
volumes = [
"%h/containers/paperless-ngx/db-data:/var/lib/postgresql/data"
"${config.sops.secrets."containers/paperless-ngx/db-password".path}:/run/secrets/db-password"
];
environment = {
POSTGRES_DB = "paperless";
POSTGRES_USER = "paperless";
POSTGRES_PASSWORD_FILE = "/run/secrets/db-password";
};
extraConfig = {
Unit = {
After = [
"sops-nix.service"
];
};
};
};
services.podman.containers.paperless-ngx-broker = {
image = "docker.io/library/redis:7";
network = "proxy";
volumes = [
"%h/containers/paperless-ngx/redis-data:/data"
];
};
settings.containers.caddy.routes.tbmrs-local.routes.paperless-ngx = {
host = "paperless";
url = "paperless-ngx:8000";
};
sops.secrets = {
"containers/paperless-ngx/db-password" = { };
"containers/paperless-ngx/secret" = { };
"containers/paperless-ngx/openid-providers" = { };
};
};
}

78
modules/home/containers/pingvin-share.nix Normal file
View File

@@ -0,0 +1,78 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.containers.pingvin-share;
in {
options = {
settings.containers.pingvin-share.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable Pingvin share container
'';
};
};
config = mkIf cfg.enable {
settings.services.sops.enable = true;
services.podman.containers.pingvin-share = {
image = "ghcr.io/stonith404/pingvin-share";
network = "proxy";
volumes = [
"%h/containers/pingvin-share/data:/opt/app/backend/data"
# "%h/containers/pingvin-share/config.yaml:/opt/app/config.yaml"
"${config.sops.templates."container-pingvin.yaml".path}:/opt/app/config.yaml"
];
environment = {
TRUST_PROXY = true;
};
userNS = "keep-id";
extraConfig = {
Unit = {
After = [
"sops-nix.service"
];
};
};
};
settings.containers.caddy.routes.tbmrs.routes.pingvin = {
host = "share";
url = "pingvin-share:3000";
};
sops.templates = {
"container-pingvin.yaml" = {
content = /*yaml*/ ''
general:
secureCookies: "true"
appUrl: https://share.tbmrs.nl
showHomePage: "false"
share:
allowRegistration: "true"
maxSize: "10000000000"
oauth:
disablePassword: "false"
oidc-enabled: "true"
oidc-discoveryUri: "https://auth.tbmrs.nl/oauth2/openid/pingvin/.well-known/openid-configuration"
oidc-clientId: pingvin
oidc-clientSecret: "${config.sops.placeholder."containers/pingvin-share/oidc-secret"}"
initUser:
enabled: "true"
username: "admin"
email: "admin@example.com"
password: "my-secure-password"
isAdmin: true
ldapDN: ""
'';
};
};
sops.secrets = {
"containers/pingvin-share/oidc-secret" = { };
};
};
}

42
modules/home/containers/stalwart.nix Normal file
View File

@@ -0,0 +1,42 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.stalwart;
in {
options = {
settings.containers.stalwart.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable stalwart mailserver container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.stalwart = {
image = "stalwartlabs/mail-server:latest";
network = "proxy";
ports = [
"1025:25"
"1587:587"
"1465:465"
"1143:143"
"1993:993"
"14190:4190"
"1110:110"
"1995:995"
];
volumes = [
"%h/containers/stalwart/data:/opt/stalwart-mail"
];
};
settings.containers.caddy.routes.tbmrs.routes.stalwart = {
host = "mail";
url = "stalwart:8080";
};
};
}

60
modules/home/containers/static.nix Normal file
View File

@@ -0,0 +1,60 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.static;
in {
options = {
settings.containers.static.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable static pages containers
'';
};
};
config = mkIf cfg.enable {
settings.services.sops.enable = true;
services.podman.containers.wrbapp = {
image = "gitea.xeovalyte.dev/xeovalyte/wrbapp:latest-arm";
network = "proxy";
environmentFile = [
"${config.sops.templates."container-wrbapp.env".path}"
];
};
services.podman.containers.hunshin = {
image = "gitea.xeovalyte.dev/xeovalyte/hunshin:latest-arm";
network = "proxy";
};
services.podman.containers.bijlobke = {
image = "gitea.xeovalyte.dev/xeovalyte/bijlobke:latest-arm";
network = "proxy";
};
services.podman.containers.ardsite = {
image = "gitea.xeovalyte.dev/ardsite/ardsite:latest-arm";
network = "proxy";
};
sops.templates = {
"container-wrbapp.env" = {
content = ''
NUXT_PRIVATE_KEY_ID: "${config.sops.placeholder."containers/wrbapp/private-key-id"}"
NUXT_PRIVATE_KEY: "${config.sops.placeholder."containers/wrbapp/private-key"}"
NUXT_CLIENT_ID: "${config.sops.placeholder."containers/wrbapp/client-id"}"
'';
};
};
sops.secrets = {
"containers/wrbapp/private-key-id" = { };
"containers/wrbapp/private-key" = { };
"containers/wrbapp/client-id" = { };
};
};
}

57
modules/home/containers/storage.nix Normal file
View File

@@ -0,0 +1,57 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.storage;
in {
options = {
settings.containers.storage.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable storage configuration
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.dufs = {
image = "sigoden/dufs";
network = "proxy";
volumes = [
"%h/storage:/data"
];
userNS = "keep-id";
environment = {
DUFS_SERVE_PATH = "data";
DUFS_AUTH = "@/tboomers/public:ro|tboomers:password@/tboomers:rw";
DUFS_ALLOW_ALL = true;
};
};
services.podman.containers.syncthing = {
image = "syncthing/syncthing";
network = "proxy";
volumes = [
"%h/storage:/storage"
"%h/containers/syncthing/data:/var/syncthing"
];
userNS = "keep-id";
ports = [
"22000:22000/tcp"
"22000:22000/udp"
];
};
settings.containers.caddy.routes.tbmrs-local.routes.sycnthing = {
host = "syncthing";
url = "syncthing:8384";
};
settings.containers.caddy.routes.tbmrs.routes.dufs = {
host = "files";
url = "dufs:5000";
};
};
}

32
modules/home/containers/uptime-kuma.nix Normal file
View File

@@ -0,0 +1,32 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.uptime-kuma;
in {
options = {
settings.containers.uptime-kuma.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable uptime kuma container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.uptime-kuma = {
image = "louislam/uptime-kuma:beta";
network = "proxy";
volumes = [
"%h/containers/uptime-kuma/data:/app/data"
];
};
settings.containers.caddy.routes.tbmrs.routes.uptime-kuma = {
host = "uptime";
url = "uptime-kuma:3001";
};
};
}

37
modules/home/containers/vaultwarden.nix Normal file
View File

@@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.containers.vaultwarden;
in {
options = {
settings.containers.vaultwarden.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable Vaultwarden container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.vaultwarden = {
image = "ghcr.io/dani-garcia/vaultwarden:latest";
network = "proxy";
volumes = [
"%h/containers/vaultwarden/data:/data"
];
environment = {
DOMAIN = "https://vault.local.tbmrs.nl";
SIGNUPS_ALLOWED = true;
};
};
settings.containers.caddy.routes.tbmrs-local.routes.vaultwarden = {
host = "vault";
url = "vaultwarden:80";
};
};
}

34
modules/home/containers/vikunja.nix Normal file
View File

@@ -0,0 +1,34 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.vikunja;
in {
options = {
settings.containers.vikunja.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable vikunja container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.vikunja = {
image = "vikunja/vikunja";
network = "proxy";
userNS = "keep-id";
volumes = [
"%h/containers/vikunja/files:/app/vikunja/files"
"%h/containers/vikunja/db:/db"
];
};
settings.containers.caddy.routes.tbmrs-local.routes.vikunja = {
host = "tasks";
url = "vikunja:3456";
};
};
}

40
modules/home/default.nix
View File

@@ -1,6 +1,13 @@
{ ... }:
{ inputs, outputs, config, lib, ... }:
{
options = {
settings.host = lib.mkOption {
type = lib.types.str;
description = "Hostname";
};
};
imports = [
./applications/alacritty.nix
./applications/common.nix
@@ -13,14 +20,20 @@
./applications/thunderbird.nix
./applications/yazi.nix
./applications/zellij.nix
./applications/wezterm.nix
./applications/nushell.nix
./applications/typst.nix
./applications/obs-studio.nix
./services/nextcloud.nix
./services/podman.nix
./services/sops.nix
./theming/fonts.nix
./theming/stylix.nix
./desktop-environments/hyprland/default.nix
./desktop-environments/niri/default.nix
./containers/network.nix
@@ -28,5 +41,30 @@
./containers/kanidm.nix
./containers/nginx.nix
./containers/forgejo.nix
./containers/immich.nix
./containers/homepage.nix
./containers/uptime-kuma.nix
./containers/pingvin-share.nix
./containers/vaultwarden.nix
./containers/paperless-ngx.nix
./containers/beszel.nix
./containers/storage.nix
./containers/homeassistant.nix
./containers/karakeep.nix
./containers/vikunja.nix
./containers/stalwart.nix
./containers/static.nix
./containers/linkding.nix
./containers/jellyfin.nix
];
config = {
nixpkgs = {
overlays = [
outputs.overlays.unstable-packages
outputs.overlays.additions
outputs.overlays.modifications
];
};
};
}

2
modules/home/desktop-environments/hyprland/default.nix
View File

@@ -15,7 +15,7 @@ in {
};
imports = [
./waybar.nix
# ./waybar.nix
./fixes.nix
./dunst.nix
./rofi.nix

216
modules/home/desktop-environments/niri/default.nix Normal file
View File

@@ -0,0 +1,216 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let
cfg = config.settings.desktop-environments.niri;
in {
options = {
settings.desktop-environments.niri.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable niri window manager configuration
'';
default = false;
};
};
imports = [
inputs.niri.homeModules.niri
./waybar.nix
./mako.nix
./swww.nix
];
config = mkIf cfg.enable {
home.packages = with pkgs; [
fuzzel
brightnessctl
];
programs.alacritty = {
enable = true;
settings = {
window.decorations = "None";
};
};
# Configure default applications
xdg.mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "firefox.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/about" = "firefox.desktop";
"x-scheme-handler/unknown" = "firefox.desktop";
"application/pdf" = "firefox.desktop";
};
};
programs.niri.enable = true;
programs.niri.package = pkgs.unstable.niri;
programs.niri.settings.outputs = lib.mkIf (config.settings.host == "ti-clt-dsk01") {
"HDMI-A-1".position = {
x = 1920;
y = 0;
};
"DP-1".position = {
x = 0;
y = 0;
};
};
programs.niri.settings.layout = {
gaps = 8;
focus-ring = {
width = 2;
};
preset-column-widths = [
{ proportion = 1. / 3.; }
{ proportion = 1. / 2.; }
{ proportion = 2. / 3.; }
];
};
programs.niri.settings.workspaces = {
"00-app" = { name = "app"; open-on-output = "DP-1"; };
"01-term" = { name = "term"; open-on-output = "DP-1"; };
"10-web" = { name = "web"; open-on-output = "HDMI-A-1"; };
"11-mus" = { name = "mus"; open-on-output = "HDMI-A-1"; };
"12-com" = { name = "com"; open-on-output = "HDMI-A-1"; };
};
# Default startup applications
programs.niri.settings.spawn-at-startup = [
{ command = ["vesktop"]; }
{ command = ["thunderbird"]; }
{ command = ["xwayland-satellite" ":10"]; }
];
programs.niri.settings.environment.DISPLAY = ":10";
programs.niri.settings.window-rules = [
{
matches = [
{ at-startup = true; app-id = "vesktop"; }
{ at-startup = true; app-id = "thunderbird"; }
];
open-on-workspace = "com";
}
];
# Configure overview
programs.niri.settings.layer-rules = [
{
matches = [
{ namespace = "wallpaper"; }
];
place-within-backdrop = true;
}
];
programs.niri.settings.binds = with config.lib.niri.actions; {
"Mod+Shift+Slash".action = show-hotkey-overlay;
# Spawn applications
"Mod+Space".action = spawn "fuzzel";
"Mod+T".action = spawn "alacritty";
"Mod+B".action = spawn "firefox";
# Volume controls
"XF86AudioRaiseVolume".action = spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.1+";
"XF86AudioLowerVolume".action = spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.1-";
"XF86AudioMute".action = spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK" "toggle";
# Media controls
"XF86AudioPlay".action = spawn "playerctl" "play-pause";
"XF86AudioNext".action = spawn "playerctl" "next";
"XF86AudioPrev".action = spawn "playerctl" "previous";
# Brightness controls
"XF86MonBrightnessUp".action = spawn "brightnessctl" "set" "5%+";
"XF86MonBrightnessDown".action = spawn "brightnessctl" "set" "5%-";
"Mod+O".action = toggle-overview;
"Mod+Q".action = close-window;
"Mod+C".action = center-column;
"Mod+R".action = switch-preset-column-width;
"Mod+Escape".action = quit;
# Sizing
"Mod+Minus".action = set-column-width "-10%";
"Mod+Equal".action = set-column-width "+10%";
# Full screen
"Mod+F".action = maximize-column;
"Mod+Shift+F".action = fullscreen-window;
"Mod+Ctrl+F".action = expand-column-to-available-width;
# Toggle floating
"Mod+V".action = toggle-window-floating;
"Mod+Shift+V".action = switch-focus-between-floating-and-tiling;
# Print screen
"Print".action = screenshot { show-pointer=false; };
# Window focus
"Mod+H".action = focus-column-left;
"Mod+J".action = focus-window-down;
"Mod+K".action = focus-window-up;
"Mod+L".action = focus-column-right;
# Window moving
"Mod+Ctrl+H".action = move-column-left;
"Mod+Ctrl+J".action = move-window-down;
"Mod+Ctrl+K".action = move-window-up;
"Mod+Ctrl+L".action = move-column-right;
# Focus to different monitor
"Mod+Shift+H".action = focus-monitor-left;
"Mod+Shift+J".action = focus-monitor-down;
"Mod+Shift+K".action = focus-monitor-up;
"Mod+Shift+L".action = focus-monitor-right;
# Move to different monitor
"Mod+Ctrl+Shift+H".action = move-column-to-monitor-left;
"Mod+Ctrl+Shift+J".action = move-column-to-monitor-down;
"Mod+Ctrl+Shift+K".action = move-column-to-monitor-up;
"Mod+Ctrl+Shift+L".action = move-column-to-monitor-right;
# Switch workspaces
"Mod+Page_Down".action = focus-workspace-down;
"Mod+Page_Up".action = focus-workspace-up;
"Mod+U".action = focus-workspace-down;
"Mod+I".action = focus-workspace-up;
# Move workspaces
"Mod+Ctrl+Page_Down".action = move-column-to-workspace-down;
"Mod+Ctrl+Page_Up".action = move-column-to-workspace-up;
"Mod+Ctrl+U".action = move-column-to-workspace-down;
"Mod+Ctrl+I".action = move-column-to-workspace-up;
# Workspace scrolling
"Mod+WheelScrollDown" = {
action = focus-workspace-down;
cooldown-ms = 150;
};
"Mod+WheelScrollUp" = {
action = focus-workspace-up;
cooldown-ms = 150;
};
"Mod+Shift+WheelScrollDown" = {
action = focus-column-left;
cooldown-ms = 150;
};
"Mod+Shift+WheelScrollUp" = {
action = focus-column-right;
cooldown-ms = 150;
};
};
};
}

21
modules/home/desktop-environments/niri/mako.nix Normal file
View File

@@ -0,0 +1,21 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let
cfg = config.settings.desktop-environments.niri.mako;
in {
options = {
settings.desktop-environments.niri.mako.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable mako notifiaction deamon
'';
default = config.settings.desktop-environments.niri.enable;
};
};
config = mkIf cfg.enable {
services.mako.enable = true;
};
}

56
modules/home/desktop-environments/niri/swww.nix Normal file
View File

@@ -0,0 +1,56 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let
cfg = config.settings.desktop-environments.niri.swww;
in {
options = {
settings.desktop-environments.niri.swww.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable swww wallpapers deamon
'';
default = config.settings.desktop-environments.niri.enable;
};
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
swww
swaybg
];
systemd.user.services.swaybg = {
Unit = {
After = [ "graphical-session.target" ];
PartOf = [ "graphical-session.target" ];
Requisite = [ "graphical-session.target" ];
Description = "Enable swaybg wallpaper management";
};
Install = {
WantedBy = [ "niri.service"];
};
Service = {
ExecStart = ''${pkgs.swaybg}/bin/swaybg -m fill -i "%h/nix/assets/wallpaper-2-blurred.png"'';
Restart = ''on-failure'';
};
};
systemd.user.services.swww = {
Unit = {
After = [ "graphical-session.target" ];
PartOf = [ "graphical-session.target" ];
Requisite = [ "graphical-session.target" ];
Description = "Enable swww wallpaper management";
};
Install = {
WantedBy = [ "niri.service"];
};
Service = {
ExecStart = ''${pkgs.swww}/bin/swww-daemon'';
Restart = ''on-failure'';
};
};
};
}

127
modules/home/desktop-environments/niri/waybar.nix Normal file
View File

@@ -0,0 +1,127 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let
cfg = config.settings.desktop-environments.niri.waybar;
in {
options = {
settings.desktop-environments.niri.waybar.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable waybar configuration for configuration
'';
default = config.settings.desktop-environments.niri.enable;
};
};
config = mkIf cfg.enable {
stylix.targets.waybar.addCss = false;
programs.waybar = {
enable = true;
package = pkgs.unstable.waybar;
systemd.enable = true;
};
programs.waybar.settings = {
main = {
layer = "top";
position = "top";
modules-left = [
"niri/workspaces"
];
modules-center = [
"clock"
];
modules-right = [
"tray"
"network"
"pulseaudio"
"battery"
];
"clock" = {
"format" = "{:%H:%M - %d}";
};
"tray" = {
"spacing" = 8;
};
"battery" = {
"bat" = "BAT1";
"interval" = 60;
"states" = {
"warning" = 30;
"critical" = 15;
};
"format" = "{icon} {capacity}%";
"format-icons" = [ "" "" "" "" "" ];
};
"pulseaudio" = {
"format" = "{icon} {volume}%";
"format-bluetooth" = "{volume}% {icon}";
"format-muted" = "󰝟";
"format-icons" = {
"headphone" = "";
"hands-free" = "";
"headset" = "";
"phone" = "";
"portable" = "";
"car" = "";
"default" = ["" ""];
};
"scroll-step" = 1;
"on-click" = "pavucontrol";
"ignored-sinks" = ["Easy Effects Sink"];
};
"network" = {
"interface" = "wlan0";
"format" = "{ifname}";
"format-wifi" = " {essid}";
"format-ethernet" = "󰊗 {ipaddr}/{cidr}";
"format-disconnected" = "";
"tooltip-format" = "{ifname} via {gwaddr}";
"tooltip-format-wifi" = "{essid} ({signalStrength}%)";
"tooltip-format-ethernet" = "{ifname}";
"tooltip-format-disconnected" = "Disconnected";
"max-length" = 50;
};
};
};
programs.waybar.style = /* css */''
#workspaces,#window,#clock,#battery,#tray,#pulseaudio,#network {
background-color: @base01;
border-radius: 10px;
padding: 0px 10px;
margin-top: 3px;
margin-left: 5px;
margin-right: 5px;
}
#workspaces button {
padding: 0 5px;
background: transparent;
color: @base05;
border-bottom: 2px solid transparent;
border-radius: 0;
}
window#waybar {
background: transparent;
}
#workspaces button.active {
border-bottom: 2px solid @base05;
}
#network {
padding: 0 5px;
}
'';
};
}

19
modules/home/services/podman.nix
View File

@@ -13,11 +13,30 @@ in {
Enable podman configuration
'';
};
settings.services.podman.systemctlAliases = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable podman systemctl aliases configuration
'';
};
};
config = mkIf cfg.enable {
services.podman = {
enable = true;
};
home.shellAliases = lib.mkIf cfg.systemctlAliases {
scu = "systemctl --user";
scus = "systemctl --user start";
scur = "systemctl --user restart";
scust = "systemctl --user stop";
scusts = "systemctl --user status";
jcu = "journalctl --user";
jcur = "journalctl --user -xe";
};
};
}

34
modules/home/services/sops.nix Normal file
View File

@@ -0,0 +1,34 @@
{ lib, config, inputs, pkgs, ... }:
with lib;
let
cfg = config.settings.services.sops;
in {
options = {
settings.services.sops.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable sops secret management
'';
default = false;
};
};
imports = [
inputs.sops-nix.homeManagerModules.sops
];
config = mkIf cfg.enable {
home.packages = with pkgs; [
sops
age
];
sops = {
age.keyFile = "/home/${config.home.username}/.config/sops/age/keys.txt"; # must have no password!
defaultSopsFile = ../../../secrets/deploy.yaml;
};
};
}

2
modules/home/theming/fonts.nix
View File

@@ -23,7 +23,7 @@ in {
font-awesome
dejavu_fonts
roboto
(nerdfonts.override { fonts = [ "DejaVuSansMono" ]; })
nerd-fonts.dejavu-sans-mono
];
};
}

7
modules/home/theming/stylix.nix
View File

@@ -29,7 +29,7 @@ in {
};
imports = [
inputs.stylix.homeManagerModules.stylix
inputs.stylix.homeModules.stylix
];
config = mkIf cfg.enable {
@@ -43,6 +43,11 @@ in {
stylix.autoEnable = true;
stylix.fonts.monospace = {
package = pkgs.nerd-fonts.dejavu-sans-mono;
name = "DejaVuSansM Nerd Font Propo";
};
stylix.cursor = {
package = pkgs.phinger-cursors;
name = "phinger-cursors-dark";

5
modules/overlays.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }:
{
}

2
modules/system/applications/common.nix
View File

@@ -22,6 +22,8 @@ in {
btop
git
yazi
zoxide
home-manager
just
];

38
modules/system/default.nix
View File

@@ -1,4 +1,4 @@
{ ... }:
{ outputs, config, lib, ... }:
{
imports = [
@@ -24,7 +24,43 @@
./desktop-environments/cosmic.nix
./desktop-environments/hyprland.nix
./desktop-environments/gnome.nix
./desktop-environments/niri.nix
./display-managers/default.nix
];
options = {
settings.hostname = lib.mkOption {
type = lib.types.str;
description = ''
Set hostname of the system
'';
};
};
config = {
nixpkgs = {
overlays = [
outputs.overlays.unstable-packages
outputs.overlays.additions
outputs.overlays.modifications
];
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nix-community.cachix.org"
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
networking.hostName = config.settings.hostname;
};
}

13
modules/system/desktop-environments/cosmic.nix
View File

@@ -1,4 +1,4 @@
{ lib, config, inputs, ... }:
{ lib, config, inputs, pkgs, ... }:
with lib;
@@ -14,15 +14,20 @@ in {
};
};
imports = [
inputs.nixos-cosmic.nixosModules.default
];
# imports = [
# inputs.nixos-cosmic.nixosModules.default
# ];
config = mkIf cfg.enable {
services.desktopManager.cosmic.enable = true;
environment.sessionVariables = {
COSMIC_DISABLE_DIRECT_SCANOUT = "true";
COSMIC_DATA_CONTROL_ENABLED = 1;
};
environment.systemPackages = with pkgs; [
wl-clipboard-rs
];
};
}

49
modules/system/desktop-environments/niri.nix Normal file
View File

@@ -0,0 +1,49 @@
{ lib, config, inputs, pkgs, ... }:
with lib;
let
cfg = config.settings.desktop-environments.niri;
in {
options = {
settings.desktop-environments.niri.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable niri desktop environment
'';
default = false;
};
};
imports = [
inputs.niri.nixosModules.niri
];
config = mkIf cfg.enable {
nix = {
settings = {
substituters = [
"https://niri.cachix.org"
];
trusted-public-keys = [
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
];
};
};
programs.niri.enable = true;
programs.niri.package = pkgs.unstable.niri;
nixpkgs.overlays = [ inputs.niri.overlays.niri ];
environment.variables.NIXOS_OZONE_WL = "1";
environment.systemPackages = with pkgs; [
wl-clipboard
wayland-utils
libsecret
cage
gamescope
xwayland-satellite-unstable
swaybg
];
};
}

3
modules/system/display-managers/default.nix
View File

@@ -7,7 +7,7 @@ let
in {
options = {
settings.display-manager = lib.mkOption {
type = lib.types.enum ["sddm" "cosmic-greeter" "gdm" "none"];
type = lib.types.enum ["sddm" "cosmic-greeter" "gdm" "none" "greetd"];
description = ''
Specify which display manager to use
'';
@@ -18,5 +18,6 @@ in {
./sddm.nix
./cosmic-greeter.nix
./gdm.nix
./greetd.nix
];
}

35
modules/system/display-managers/greetd.nix Normal file
View File

@@ -0,0 +1,35 @@
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.settings.display-manager;
in {
config = mkIf (cfg == "greetd") {
# systemd.services.greetd = {
# serviceConfig.Type = "idle";
# # unitConfig.After = [ "docker.service" ];
# };
systemd.services.greetd.serviceConfig = {
Type = "idle";
StandardInput = "tty";
StandardOutput = "tty";
StandardError = "journal"; # Without this errors will spam on screen
# Without these bootlogs will spam on screen
TTYReset = true;
TTYVHangup = true;
TTYVTDisallocate = true;
};
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd niri-session";
user = "greeter";
};
};
};
};
}

18
overlays/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{ inputs, ...}: {
# This one brings our custom packages from the 'pkgs' directory
additions = final: prev: import ../pkgs final.pkgs;
# This one contains whatever you want to overlay
# You can change versions, add patches, set compilation flags, anything really.
# https://nixos.wiki/wiki/Overlays
modifications = final: prev: {
};
unstable-packages = final: _prev: {
unstable = import inputs.nixpkgs-unstable {
system = final.system;
config.allowUnfree = true;
};
};
}

3
pkgs/default.nix Normal file
View File

@@ -0,0 +1,3 @@
pkgs: {
}

48
secrets/deploy.yaml Normal file
View File

@@ -0,0 +1,48 @@
example-key: ENC[AES256_GCM,data:ijBs+W5luWy8bD2u9Q==,iv:SgpzREfqbgBgd8psV7Optl4nDpMmDBDsitGQZLLSAL0=,tag:E8lN8xCOye2UPs2x21c0Jw==,type:str]
containers:
pingvin-share:
oidc-secret: ENC[AES256_GCM,data:V8bFxcEfWEJvt0ZRnHRNQhQ2qCsivngRkKyDhupz9HFxBw0BZLb7U2mDothtE1XS,iv:SnnmXiZoawpZV83483esQ1TIaFTACiIUcA6hcoXsw0I=,tag:M3h/ueLRZx1oOzW2WJjJDQ==,type:str]
linkding:
oidc-secret: ENC[AES256_GCM,data:2KP6B7s9fKyg6PHKzWvvqe5TcrFvl80goQ8Gy91pW6CwOZWywcNnwsnrrSjpJL9O,iv:IlbwHY8BXB93L0UYDU9jmbXX7s6ovHQp9BUAmDBhgwk=,tag:0pnhkJVVQTYd5Jy9yPz+Kw==,type:str]
beszel:
key: ENC[AES256_GCM,data:BfhgCX2Ws/xpQ2Nz+qJv04Ag99pmOtD8js2Yq0vNEoRb7KGeoeBiJSepbXPZNWkdyRztXA/LPEbcVCQwmCzu3+emcAvsVRTX41Bxt9nQ2Kw=,iv:OS/+jF4MtwPdijXPpG2pgpJQTYyer9bms97B+kO8XhI=,tag:AYhQltmzceVaTuM//mtFYw==,type:str]
karakeep:
nextauth-secret: ENC[AES256_GCM,data:Izp5kO9dhD28mUzHOS4TqBINbbQ03spP865nrfUWbhqpx2dgW/rbExFZDXmgp1tX,iv:98su3bR8jMLr1jF5XBiNePMZ7qz4pMDQ6B4i8rMxIQQ=,tag:gyzJA6dsKy6YWkE8r5JXqg==,type:str]
meili-key: ENC[AES256_GCM,data:47t3gk/189dmtriOb37MT4XC2pwBdwr2n+22t3K7q8Hf6tX2iHaq6zg1EV6W51F/,iv:OjAmWJWmGtIsSeIFWNlqT8hv8H8LLz+WQtvlvyu9Lx0=,tag:v4acQvlJPK64l0yCVpBqCQ==,type:str]
wrbapp:
private-key-id: ENC[AES256_GCM,data:VEPNv774ZI+5IAM43BSKJr7LoGYquUpLTk3iE4xObSscDtr/pVTnZQ==,iv:HVZHRU3v/REhrb9DTsKLyfryROU2WkPzg6tM0wz8Myc=,tag:rfjNGz5B526nvLw4Pj8hQw==,type:str]
private-key: ENC[AES256_GCM,data:vZIoRJH6bc/RBeZxr+g5mLWdBYWERetRHuoqntE5Ah1FnDmmShpSwBS8wYNaAEbq2FSDSe0RSbJ5OArmnhMnp8sm/VgVjY+AYm0IqRKkLCyf4sReCZ3duHcFnO9PjYULM2ABqAUofQqFqDD3BV44eFLeTudqY3fE8lCsDT0kdzKyyNVy3esQfbmTOTBcWVc54tI8hXcKsYGPMmzaxpnYqB9pc52KI7iOeSDoXxi7cjvHKPsYBLiK71oYi8T4JtwbR/uaT02kwY9cBNWThdaUpotYFO0D71pbLjQZ6gqEcWLSeUpUROwtmWoPPmR89cwUBuSbce9ovhsYlbqAE/AjwoJFUxuhZHa6wAdsjswR9wWXs9TZFsIzQVq6uGP3S80N1z2QPQnbT4Zha29V78iQXN8/Aq27/MjCtebgnVC9+mFY0zM4/5DpTT0D9HsNYixoUmDq5CIU1VS4JB2jgC5CublSCgs2ciXEwXTA/7nfctdIrE8g1UGPPw4wk34EAIvXz+tMdar3u+fQB9b+J6BuCW4TFVAUe9Nb6SHdIeLxgCDYbtGWSDY7laLNBSWrN0JY5t4ZMXlKVYHgGCdPcmJRrS4KE7LWjLrrVOzUiIslrBRYmNNrO5LJrpBQ8UDGUVVbGMH8UCFpPlytXskhjG5msioCOQ2ctVvoTrvvA1T7zVqaMZLdP1Lzxmw8brhHX34hu5q8z+lO/whrZxgqPbZ1WZrgoBGgAwp7+tn8Ddsq/8Ui8i8g89lny45ttjGHyroh2qlt3kBTJdU71Qg8JiiWgS6Wk0AbtkGO08SGJmMgJ5CtXo0zmq6pfrDmgursM5ItuVtvutZDyD+vz1BFdrli6ZNTAXVVq5bbCGUuKAM4AgHCJ1yS75l336xUxsIiTaLD9VDHd+XWetHXQWXk8xv9y02puiQAp+fJFISGn8TZya2CigW7OsibYSc3bFaZjm72pgfFhDm0a1q9AYTuF49PuLKi/McuJctuOc/iF6mbLnotIOF6Cc64/Iie1MCjX/IJzCZWlXJE8+0n8FTR9t+d1f4EBMxL8Z+h8pp4r8B3u+8ZKIUiCTmc+PZ0Mmr+acTOjY+X04RcrVcwQz49172NHwI3/C2we0ZUaZTjxTm253ikif/xcxYjxlCCP6WERR1rI0OMFr5RvA0+2RkzIBmHQtDlHNk11Tfauz7jyWkh4RfG9PYFr40khyNSD9vX4ePWTeIEQxMcdHLlRztLc3lbxiKumivHvLYlJmZ0eodp0/RpWv1l3VyVEsvqB04lKYzm42uJe6NkWTF0l+7XCWem7IchWWxrKW0P9UqLjrN3FAif2NVu6HjAtexMLp82yRUJFiLZufssm3QB91MAUebZOIW4fURrJOQpRj2xo3p7BSe+0nb4Hd00W187Q3HHbwZXK3yPaGX/wRD3cYFMku9AMWXgewHXwynkBITk1eEiZpwy7eyCBtxaScmglEbxtTEAs7PXLeUD7iQ0eM3MV4qRL3Nu/LRUTjpKZDXs22FpHbT3jUw24JgzB7jeJiYtEa/zIlDGvY3tPuhCruvJA+W8f8TWzTYVZoJjBhwCukD7l8APeiBNT58ulUPUz8Fn2lrUmujM3pXAJUSYknmUo4urBh/zQq5DCIbAWvvrU/OHHQDu547UTjguLMbqkAVF4nlb9RPdaBaUWLPsYDNHFGuHLuNvA5b6ymMa3oDuLZZVWT3FyGXQui4sNRQceKasEH3reSOMPvNUQ0af604rzlGrJlMX8QDq2GZR/Os+jdJwWahDlwincdEaRikAF6PD0vHlKGkcvm/E278ClSRQ2l2raF54B1EZ7NZ/+t5HaztTrx85xnt1l5hA/Gms9z58PBKi69oIv389KLxhviQWUo0PsEpeFx8KIk6h6FdjJwvzKaYpmjNwt4kxK8fI73rcjaDer+FhNYsUzluKmk4KNnWSMZPTEIHRnF9RrXPbw5x+nKrJrMx3tBswBAvif5xK5jlrnIsyo3f+bc3eXpioccxidCMMmKwSzcRj8u7N9Tevsvm2NmgCgawTLubisWkOE75jJuHexWDzU6jg/ArBczKXci0L5vCKC+Aq+U9q13Hgl5hbunlKq7jVPwemj6Ko7yEZ5ohw4UhLAKgSk1uN3XXQ2f7vQvo0zArEU567uWfGp6Jw3JHGL0AxjKCPvyFqd/AhqEFj1rS7XAx4yR1Ws8cDg9Y+tA/ils8FF4m9Th9xShLFNl3zphoU8z7OB+qrqzFirbKJ0uas1j7z/7962DGhg4QOicdPvNda,iv:rMdIIc6MszxdOGX5rPQNqNrK7RbleEbKhFVcx4oWUZk=,tag:ti7O+u8PYNj2eKF7+jUfWQ==,type:str]
client-id: ENC[AES256_GCM,data:rVWPkR8RUhJL0vsUFNxBuqgfJBm4,iv:7WbzSt04QPcEf86eduT3R3K29tfVlQ6bWdBjSAHIf40=,tag:6OiHIR+7ncX4gMnH6ePj8w==,type:str]
paperless-ngx:
db-password: ENC[AES256_GCM,data:Trlr577CSZHBdaIya/UwAYGPq7Td+f7k7QeNWbpz41sIEEuBGtiOXaAi17292E2nhBCLMDsrugGVusugBo+Z7g==,iv:tDIRfThBOfHr+gGRqywlHAk/x4MkhHRFsJEp5nnlGPA=,tag:3LeYyRjgA/ZOIaFsrcEZGQ==,type:str]
secret: ENC[AES256_GCM,data:eS/hG9A87fcop0Wey8HVLM8wwVQfzN9pmxhos9GkmtW0b9lsrjq/A2k2ngyJFNN+YKTqVIATD0VbQ28WvWRj1A==,iv:zzhFaoLnskspp1S291KABLZITgcof63cjShnsZrlAmw=,tag:ZxHsyxJSfVVSaOTlDuByCw==,type:str]
openid-providers: ENC[AES256_GCM,data:AsAVxsJ6mtjj2J2CaIYeizMTyEv4bb4RUBYOIP8enB1GbGbZ7dJWvRAAgjwoYZxPkBgc8/WeVQQUzrhhg/eoKFJRQSn3e+p+83GfymVJCdQNy1yCQFqe7IwnbVBX9unHcWiUPGo1lhU4CWKDVqoL56Zt3gVoJo/cNVR4Se2xlY1TuYl7YoSm2E3LjX5eTwamChPldON5sER23dh3IRCzK5A+ep4aGyqvMdiW9U6kHyuFBEd9P8ftUHY7ZrOu41nPOg8ezbu8w8PEI8oxxSPMFszwfroIaa41Nxxgheft6SCI+/570WVw+pAaW3gxEjBw5+qv07yshJOFEC1dYVTvZK5hWRAdVcpSl7ejN+KxAANvviAxA9tvJFAyHhfvoxd3YhG9BKVWLI+ZCUelcUY80cMFXt1By/WOjxaisTuqw8JCaEICrTNevAqLN4xfvYGLyNoZLGgqCtXjT9apXcwP1YYoxDGRDCEGb46/CuUvLMLa9VHZXY4wKJTgxdqq5yR/VQMD98ATBatzfrMsfJyBuJYNXjGuPhh9kobTIThDF4vJehWevIbroSL9GGeJd5CJAODo8vAu4pRPvkCHGQQg0NGwMo1GRY3OXm5TqHBlOAHu/qGe0zd/3DS0bL+jU/qR6JpzEzv95OVxRzbyGJvVTbCGkzavvxS9IiDc3buCNuHj+RFo6xFLFl5XPPH+RvH+WtCmXDrXJJ1KqVzWEbaB0M6tGLL3gxyqUXB6zxJkCIugL5Jq7SLIdvnBRebXvDuVqTy4wRjMtHdAhsZ/f9lDxTa2QFmewg0sJhBsRt95LVlRmcZeDEy5HUqEePfhbuJCExT0ZPRmPVnKF4lphHKzRDROt5DAz6DvYaWbDtRPtTHNFVZqyZXPnarn1Xc+Iy3bfIcK+cOL2RyF/nlYnOmoIFqa5b9a,iv:ba2bri2F/B6Sp3HfpXVWZ/WMVFOPF4+DyAtdS56yNqQ=,tag:k+tPX9QDGhgLYgNC/C9kKw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1cs2p7tgk9356tjmet6526k3ghwq9we82nz6z7qggqns656paku6sx30tkg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGWWk1WE8wS1RneSswWmhj
TTgzYk1tbEdiRkl2WGcwVU9RY2YwZk9ZTzJnCm8yWDVlMXIzb1hEOFI4WVl2N3NN
Ny9VUDI1R3JTeVRmL2lsQkk0dGU4bVkKLS0tIDRxT0xzdXZUUTJxcjlDdHRJc25D
aXB4WTVoYUNXRFVCZkhnYXlsV1MxaW8KFJf3ufkinpKEG8YAAjGURUq/+p+RpaAF
kUTvl95nvmED73OcLLn6wCssoSPsi2iJWWY/7QeBh5KbGjz1ofTb1Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age12gjtehffgmepyga9vaqkurn9fyvte8n7wsklmg866z5usezvuqlsr2m5mp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldkJ3c2E0Yjdvd3dhd0hM
WTVCdFkxSGU1N3ZpT0s4UENmUjRTNGJYWHpnCkJna3lCTjR3MlAwZU02TkV5RnhK
anR3dVg4MDN4Wk05WDdEOTlBUDNRMmsKLS0tIFFUL1FVOTcxK1NkaEJOaGdRbGdn
SzhxRnVPMHg0VzJzZWhYdGZndHVIL0UKgloohouQu5rN48hy5FvouHlZO1RoIG9W
DlMH50012l4kcQ3ggP0BwuWRUq4FQ/bEpSBZoIOQriPmPQQp1qXOdA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-20T15:30:19Z"
mac: ENC[AES256_GCM,data:LHel3MmVvQ/TwEYQePjCNRZxmipPyJtssltyAIjSqdxSN6s7Kp4rbnAWSM6D/k7fVtasCCmWcqlbnHBH+M06/dIGhhjjL7HRPBj0jKgDlct7FshHAI5m+ZjrWMyzKOlKUj+2Il1d7VCdMKvC10jXoylpiunaHksaQMvagWAXDFc=,iv:0y/VL/eUw7p+u/ifnzXbZIyEfZNTv0aV5w7A9FT9A4w=,tag:RLAPe1C3DXOHjhLWM8TfEA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4