will-holdsworth/dots
1
1
Fork 0
Code Issues 22 Pull requests Projects 1 Releases Packages Wiki Activity Actions 1

refactor: switch from modules to import arrays

Browse source
This commit is contained in:
wi11-holdsworth 2025-10-22 01:22:05 +11:00
parent d893750c09
commit 41eaa38d31
75 changed files with 1870 additions and 2541 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/nixos/features/agenix.nix
View file

@ -1,21 +1,14 @@
{
config,
# keep-sorted start
inputs,
lib,
system,
userName,
# keep-sorted end
...
}:
let
feature = "agenix";
in
{
config = lib.mkIf config.${feature}.enable {
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ];
};
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ];
imports = [ inputs.agenix.nixosModules.default ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

24
modules/nixos/features/amd-gpu.nix
View file

@ -1,26 +1,16 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "amd-gpu";
in
{
config = lib.mkIf config.${feature}.enable {
# load graphics drivers before anything else
boot.initrd.kernelModules = [ "amdgpu" ];
# load graphics drivers before anything else
boot.initrd.kernelModules = [ "amdgpu" ];
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [ amdvlk ];
};
services.xserver.videoDrivers = [ "amdgpu" ];
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [ amdvlk ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
services.xserver.videoDrivers = [ "amdgpu" ];
}

153
modules/nixos/features/borgmatic.nix
View file

@ -1,92 +1,87 @@
{
# keep-sorted start
config,
lib,
# keep-sorted end
...
}:
let
feature = "borgmatic";
in
{
config = lib.mkIf config.${feature}.enable {
# service
services.borgmatic = {
enable = true;
settings = {
# keep-sorted start block=yes
compression = "auto,zlib";
encryption_passcommand = "cat ${config.age.secrets.borgmatic.path}";
keep_daily = 7;
keep_monthly = 6;
keep_weekly = 4;
keep_yearly = 1;
ntfy = {
topic = "backups";
server = config.services.ntfy-sh.settings.base-url;
finish = {
title = "Ping!";
message = "Your backups have succeeded :)";
tags = "tada,BorgBackup,Server";
};
fail = {
title = "Ping!";
message = "Your backups have failed :(";
tags = "rotating_light,BorgBackup,Server";
};
states = [
"finish"
"fail"
];
# service
services.borgmatic = {
enable = true;
settings = {
# keep-sorted start block=yes
compression = "auto,zlib";
encryption_passcommand = "cat ${config.age.secrets.borgmatic.path}";
keep_daily = 7;
keep_monthly = 6;
keep_weekly = 4;
keep_yearly = 1;
ntfy = {
topic = "backups";
server = config.services.ntfy-sh.settings.base-url;
finish = {
title = "Ping!";
message = "Your backups have succeeded :)";
tags = "tada,BorgBackup,Server";
};
repositories = [
{
path = "/backup/repo";
label = "onsite";
# encryption = "repokey-blake2";
}
{
path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo";
label = "offsite";
# encryption = "repokey-blake2";
}
fail = {
title = "Ping!";
message = "Your backups have failed :(";
tags = "rotating_light,BorgBackup,Server";
};
states = [
"finish"
"fail"
];
retries = 3;
retry_wait = 10;
ssh_command = "ssh -i /home/srv/.ssh/id_ed25519";
# keep-sorted end
};
};
# postgres
services.postgresql.ensureUsers = [
{
name = "root";
}
];
systemd.services.postgresql.postStart = lib.mkAfter ''
/run/current-system/sw/bin/psql postgres -c "GRANT pg_read_all_data TO root"
'';
systemd.services.borgmatic.path = [
config.services.postgresql.package
];
# credentials
systemd.services.borgmatic.serviceConfig.LoadCredential = [
"borgmatic-pg:${config.age.secrets.borgmatic-pg.path}"
];
# onsite drive
services.udisks2.enable = true;
fileSystems."/backup" = {
device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e";
fsType = "ext4";
};
# secrets
age.secrets = {
"borgmatic".file = ../../../secrets/borgmatic.age;
"borgmatic-pg".file = ../../../secrets/borgmatic-pg.age;
repositories = [
{
path = "/backup/repo";
label = "onsite";
# encryption = "repokey-blake2";
}
{
path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo";
label = "offsite";
# encryption = "repokey-blake2";
}
];
retries = 3;
retry_wait = 10;
ssh_command = "ssh -i /home/srv/.ssh/id_ed25519";
# keep-sorted end
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
# postgres
services.postgresql.ensureUsers = [
{
name = "root";
}
];
systemd.services.postgresql.postStart = lib.mkAfter ''
/run/current-system/sw/bin/psql postgres -c "GRANT pg_read_all_data TO root"
'';
systemd.services.borgmatic.path = [
config.services.postgresql.package
];
# credentials
systemd.services.borgmatic.serviceConfig.LoadCredential = [
"borgmatic-pg:${config.age.secrets.borgmatic-pg.path}"
];
# onsite drive
services.udisks2.enable = true;
fileSystems."/backup" = {
device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e";
fsType = "ext4";
};
# secrets
age.secrets = {
"borgmatic".file = ../../../secrets/borgmatic.age;
"borgmatic-pg".file = ../../../secrets/borgmatic-pg.age;
};
}

76
modules/nixos/features/copyparty.nix
View file

@ -1,67 +1,51 @@
{
# keep-sorted start
config,
lib,
inputs,
lib,
# keep-sorted end
...
}:
let
feature = "copyparty";
port = "5000";
in
{
imports = [ inputs.copyparty.nixosModules.default ];
config = lib.mkIf config.${feature}.enable {
services = {
# service
copyparty = {
enable = true;
settings = {
z = true;
e2dsa = true;
e2ts = true;
e2vu = true;
p = lib.toInt port;
};
accounts = {
will = {
passwordFile = config.age.secrets.copyparty-will.path;
};
};
volumes = {
"/" = {
path = "/srv/copyparty";
access = {
r = "*";
A = [ "will" ];
};
};
};
services = {
copyparty = {
enable = true;
settings = {
z = true;
e2dsa = true;
e2ts = true;
e2vu = true;
p = lib.toInt port;
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
accounts.will.passwordFile = config.age.secrets.copyparty-will.path;
volumes."/" = {
path = "/srv/copyparty";
access = {
r = "*";
A = [ "will" ];
};
};
};
# secrets
age.secrets."copyparty-will" = {
file = ../../../secrets/copyparty-will.age;
owner = "copyparty";
nginx.virtualHosts."copyparty.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
nixpkgs.overlays = [ inputs.copyparty.overlays.default ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
# secrets
age.secrets."copyparty-will" = {
file = ../../../secrets/copyparty-will.age;
owner = "copyparty";
};
nixpkgs.overlays = [ inputs.copyparty.overlays.default ];
}

77
modules/nixos/features/couchdb.nix
View file

@ -1,60 +1,47 @@
{
config,
lib,
...
}:
let
feature = "couchdb";
port = "5984";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
couchdb = {
enable = true;
databaseDir = "/srv/couchdb";
viewIndexDir = "/srv/couchdb";
configFile = "/srv/couchdb";
port = lib.toInt port;
extraConfig = {
chttpd = {
require_valid_user = true;
enable_cors = true;
max_http_request_size = 4294967296;
};
chttpd_auth.require_valid_user = true;
httpd = {
WWW-Authenticate = ''Basic realm="couchdb"'';
enable_cors = true;
};
couchdb.max_document_size = 50000000;
cors = {
credentials = true;
origins = ''
app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz
'';
};
services = {
couchdb = {
enable = true;
databaseDir = "/srv/couchdb";
viewIndexDir = "/srv/couchdb";
configFile = "/srv/couchdb";
port = lib.toInt port;
extraConfig = {
chttpd = {
require_valid_user = true;
enable_cors = true;
max_http_request_size = 4294967296;
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
chttpd_auth.require_valid_user = true;
httpd = {
WWW-Authenticate = ''Basic realm="couchdb"'';
enable_cors = true;
};
couchdb.max_document_size = 50000000;
cors = {
credentials = true;
origins = ''
app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz
'';
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
nginx.virtualHosts."couchdb.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
}

18
modules/nixos/features/external-speakers.nix
View file

@ -1,17 +1,5 @@
{
config,
lib,
...
}:
let
feature = "external-speakers";
in
{
config = lib.mkIf config.${feature}.enable {
boot.extraModprobeConfig = ''
options snd_hda_intel power_save=0
'';
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
boot.extraModprobeConfig = ''
options snd_hda_intel power_save=0
'';
}

31
modules/nixos/features/flaresolverr.nix
View file

@ -1,34 +1,21 @@
{
config,
lib,
...
}:
let
feature = "flaresolverr";
port = "5011";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
flaresolverr = {
enable = true;
port = lib.toInt port;
};
services = {
flaresolverr = {
enable = true;
port = lib.toInt port;
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
nginx.virtualHosts."flaresolverr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

19
modules/nixos/features/fonts.nix
View file

@ -1,21 +1,10 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "fonts";
in
{
config = lib.mkIf config.${feature}.enable {
fonts.packages = with pkgs; [
nerd-fonts.jetbrains-mono
inter-nerdfont
];
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
fonts.packages = with pkgs; [
nerd-fonts.jetbrains-mono
inter-nerdfont
];
}

57
modules/nixos/features/gaming.nix
View file

@ -1,44 +1,35 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "gaming";
in
{
config = lib.mkIf config.${feature}.enable {
environment.systemPackages = with pkgs; [
# keep-sorted start
heroic
lutris
mangohud
nexusmods-app
prismlauncher
protonup-qt
wine
wine64
winetricks
# keep-sorted end
];
environment.systemPackages = with pkgs; [
# keep-sorted start
heroic
lutris
mangohud
nexusmods-app
prismlauncher
protonup-qt
wine
wine64
winetricks
# keep-sorted end
];
programs = {
gamemode.enable = true;
steam = {
enable = true;
gamescopeSession.enable = true;
};
};
services.lact = {
programs = {
gamemode.enable = true;
steam = {
enable = true;
settings = { };
gamescopeSession.enable = true;
};
# latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
services.lact = {
enable = true;
settings = { };
};
# latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
}

93
modules/nixos/features/gnome.nix
View file

@ -1,59 +1,50 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "gnome";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
desktopManager.gnome.enable = true;
displayManager.gdm.enable = true;
};
environment = {
# https://discourse.nixos.org/t/howto-disable-most-gnome-default-applications-and-what-they-are/13505
gnome.excludePackages = with pkgs; [
# keep-sorted start
# baobab # disk usage analyzer
# cheese # photo booth
# eog # image viewer
epiphany # web browser
evince # document viewer
# file-roller # archive manager
geary # email client
gedit # text editor
gnome-calculator
gnome-calendar
gnome-characters
gnome-clocks
# gnome-disk-utility
gnome-connections
gnome-contacts
gnome-font-viewer
gnome-logs
gnome-maps
gnome-music
gnome-photos
# gnome-screenshot
# gnome-system-monitor
gnome-terminal
gnome-weather
seahorse # password manager
# simple-scan # document scanner
totem # video player
yelp # help viewer
# keep-sorted end
];
systemPackages = with pkgs; [
gnome-tweaks
bibata-cursors
];
};
services = {
desktopManager.gnome.enable = true;
displayManager.gdm.enable = true;
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
environment = {
# https://discourse.nixos.org/t/howto-disable-most-gnome-default-applications-and-what-they-are/13505
gnome.excludePackages = with pkgs; [
# keep-sorted start
# baobab # disk usage analyzer
# cheese # photo booth
# eog # image viewer
epiphany # web browser
evince # document viewer
# file-roller # archive manager
geary # email client
gedit # text editor
gnome-calculator
gnome-calendar
gnome-characters
gnome-clocks
# gnome-disk-utility
gnome-connections
gnome-contacts
gnome-font-viewer
gnome-logs
gnome-maps
gnome-music
gnome-photos
# gnome-screenshot
# gnome-system-monitor
gnome-terminal
gnome-weather
seahorse # password manager
# simple-scan # document scanner
totem # video player
yelp # help viewer
# keep-sorted end
];
systemPackages = with pkgs; [
gnome-tweaks
bibata-cursors
];
};
}

492
modules/nixos/features/homepage-dashboard.nix
View file

@ -1,11 +1,12 @@
{
# keep-sorted start
config,
lib,
pkgs,
# keep-sorted end
...
}:
let
feature = "homepage-dashboard";
port = "5004";
genSecrets =
secrets:
@ -34,280 +35,269 @@ let
];
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
homepage-dashboard = {
enable = true;
listenPort = lib.toInt port;
allowedHosts = "homepage-dashboard.fi33.buzz";
services = [
# keep-sorted start block=yes
{
"Cloud Services" = [
{
"copyparty" = {
"description" = "Cloud file manager";
"icon" = "sh-copyparty.svg";
"href" = "https://copyparty.fi33.buzz/";
};
}
{
"CouchDB" = {
"description" = "Obsidian sync database";
"icon" = "couchdb.svg";
"href" = "https://couchdb.fi33.buzz/_utils/";
};
}
{
"ntfy" = {
"description" = "Notification service";
"icon" = "ntfy.svg";
"href" = "https://ntfy-sh.fi33.buzz/";
};
}
{
"Syncthing" = {
"description" = "Decentralised file synchronisation";
"icon" = "syncthing.svg";
"href" = "https://syncthing.fi33.buzz/";
};
}
{
"qBittorrent" = {
"description" = "BitTorrent client";
"icon" = "qbittorrent.svg";
"href" = "https://qbittorrent.fi33.buzz/";
};
}
{
"Vaultwarden" = {
"description" = "Password manager";
"icon" = "vaultwarden.svg";
"href" = "https://vaultwarden.fi33.buzz/";
};
}
];
}
{
"Media Management" = [
{
"Lidarr" = {
"description" = "Music collection manager";
"icon" = "lidarr.svg";
"href" = "https://lidarr.fi33.buzz/";
"widget" = {
"type" = "lidarr";
"url" = "https://lidarr.fi33.buzz/";
"key" = "@lidarr@";
"enableQueue" = true;
};
};
}
{
"Prowlarr" = {
"description" = "Indexer management tool";
"icon" = "prowlarr.svg";
"href" = "https://prowlarr.fi33.buzz/";
"widget" = {
"type" = "prowlarr";
"url" = "https://prowlarr.fi33.buzz/";
"key" = "@prowlarr@";
};
};
}
{
"Radarr" = {
"description" = "Movie collection manager";
"icon" = "radarr.svg";
"href" = "https://radarr.fi33.buzz/";
"widget" = {
"type" = "radarr";
"url" = "https://radarr.fi33.buzz/";
"key" = "@radarr@";
"enableQueue" = true;
};
};
}
{
"Sonarr" = {
"description" = "TV show collection manager";
"icon" = "sonarr.svg";
"href" = "https://sonarr.fi33.buzz/";
"widget" = {
"type" = "sonarr";
"url" = "https://sonarr.fi33.buzz/";
"key" = "@sonarr@";
"enableQueue" = true;
};
};
}
];
}
{
"Media Streaming" = [
{
"Immich" = {
"description" = "Photo backup";
"icon" = "immich.svg";
"href" = "https://immich.fi33.buzz/";
"widget" = {
"type" = "immich";
"fields" = [
"users"
"photos"
"videos"
"storage"
];
"url" = "https://immich.fi33.buzz/";
"version" = 2;
"key" = "@immich@";
};
};
}
{
"Jellyfin" = {
"description" = "Media streaming";
"icon" = "jellyfin.svg";
"href" = "https://jellyfin.fi33.buzz/";
"widget" = {
"type" = "jellyfin";
"url" = "https://jellyfin.fi33.buzz/";
"key" = "@jellyfin@";
"enableBlocks" = true;
"enableNowPlaying" = true;
"enableUser" = true;
"showEpisodeNumber" = true;
"expandOneStreamToTwoRows" = false;
};
};
}
{
"Miniflux" = {
"description" = "RSS aggregator";
"icon" = "miniflux.svg";
"href" = "https://miniflux.fi33.buzz/";
"widget" = {
"type" = "miniflux";
"url" = "https://miniflux.fi33.buzz/";
"key" = "@miniflux@";
};
};
}
{
"Paperless" = {
"description" = "Digital filing cabinet";
"icon" = "paperless.svg";
"href" = "https://paperless.fi33.buzz/";
"widget" = {
"type" = "paperlessngx";
"url" = "https://paperless.fi33.buzz/";
"username" = "admin";
"password" = "@paperless@";
};
};
}
];
}
{
"Utilities" = [
{
"NanoKVM" = {
"description" = "Remote KVM switch";
"icon" = "mdi-console.svg";
"href" = "http://nano-kvm/";
};
}
];
}
# keep-sorted end
];
settings = {
title = "Mission Control";
theme = "dark";
color = "neutral";
headerStyle = "clean";
layout = [
services = {
homepage-dashboard = {
enable = true;
listenPort = lib.toInt port;
allowedHosts = "homepage-dashboard.fi33.buzz";
services = [
# keep-sorted start block=yes
{
"Cloud Services" = [
{
"Media Streaming" = {
style = "row";
columns = 4;
useEqualHeights = true;
"copyparty" = {
"description" = "Cloud file manager";
"icon" = "sh-copyparty.svg";
"href" = "https://copyparty.fi33.buzz/";
};
}
{
"Media Management" = {
style = "row";
columns = 4;
useEqualHeights = true;
"CouchDB" = {
"description" = "Obsidian sync database";
"icon" = "couchdb.svg";
"href" = "https://couchdb.fi33.buzz/_utils/";
};
}
{
"Cloud Services" = {
style = "row";
columns = 3;
"ntfy" = {
"description" = "Notification service";
"icon" = "ntfy.svg";
"href" = "https://ntfy-sh.fi33.buzz/";
};
}
{
"Utilities" = {
style = "row";
columns = 3;
"Syncthing" = {
"description" = "Decentralised file synchronisation";
"icon" = "syncthing.svg";
"href" = "https://syncthing.fi33.buzz/";
};
}
{
"qBittorrent" = {
"description" = "BitTorrent client";
"icon" = "qbittorrent.svg";
"href" = "https://qbittorrent.fi33.buzz/";
};
}
{
"Vaultwarden" = {
"description" = "Password manager";
"icon" = "vaultwarden.svg";
"href" = "https://vaultwarden.fi33.buzz/";
};
}
];
quicklaunch.searchDescriptions = true;
disableUpdateCheck = true;
showStats = true;
statusStyle = "dot";
};
widgets = [
}
{
"Media Management" = [
{
"Lidarr" = {
"description" = "Music collection manager";
"icon" = "lidarr.svg";
"href" = "https://lidarr.fi33.buzz/";
"widget" = {
"type" = "lidarr";
"url" = "https://lidarr.fi33.buzz/";
"key" = "@lidarr@";
"enableQueue" = true;
};
};
}
{
"Prowlarr" = {
"description" = "Indexer management tool";
"icon" = "prowlarr.svg";
"href" = "https://prowlarr.fi33.buzz/";
"widget" = {
"type" = "prowlarr";
"url" = "https://prowlarr.fi33.buzz/";
"key" = "@prowlarr@";
};
};
}
{
"Radarr" = {
"description" = "Movie collection manager";
"icon" = "radarr.svg";
"href" = "https://radarr.fi33.buzz/";
"widget" = {
"type" = "radarr";
"url" = "https://radarr.fi33.buzz/";
"key" = "@radarr@";
"enableQueue" = true;
};
};
}
{
"Sonarr" = {
"description" = "TV show collection manager";
"icon" = "sonarr.svg";
"href" = "https://sonarr.fi33.buzz/";
"widget" = {
"type" = "sonarr";
"url" = "https://sonarr.fi33.buzz/";
"key" = "@sonarr@";
"enableQueue" = true;
};
};
}
];
}
{
"Media Streaming" = [
{
"Immich" = {
"description" = "Photo backup";
"icon" = "immich.svg";
"href" = "https://immich.fi33.buzz/";
"widget" = {
"type" = "immich";
"fields" = [
"users"
"photos"
"videos"
"storage"
];
"url" = "https://immich.fi33.buzz/";
"version" = 2;
"key" = "@immich@";
};
};
}
{
"Jellyfin" = {
"description" = "Media streaming";
"icon" = "jellyfin.svg";
"href" = "https://jellyfin.fi33.buzz/";
"widget" = {
"type" = "jellyfin";
"url" = "https://jellyfin.fi33.buzz/";
"key" = "@jellyfin@";
"enableBlocks" = true;
"enableNowPlaying" = true;
"enableUser" = true;
"showEpisodeNumber" = true;
"expandOneStreamToTwoRows" = false;
};
};
}
{
"Miniflux" = {
"description" = "RSS aggregator";
"icon" = "miniflux.svg";
"href" = "https://miniflux.fi33.buzz/";
"widget" = {
"type" = "miniflux";
"url" = "https://miniflux.fi33.buzz/";
"key" = "@miniflux@";
};
};
}
{
"Paperless" = {
"description" = "Digital filing cabinet";
"icon" = "paperless.svg";
"href" = "https://paperless.fi33.buzz/";
"widget" = {
"type" = "paperlessngx";
"url" = "https://paperless.fi33.buzz/";
"username" = "admin";
"password" = "@paperless@";
};
};
}
];
}
{
"Utilities" = [
{
"NanoKVM" = {
"description" = "Remote KVM switch";
"icon" = "mdi-console.svg";
"href" = "http://nano-kvm/";
};
}
];
}
# keep-sorted end
];
settings = {
title = "Mission Control";
theme = "dark";
color = "neutral";
headerStyle = "clean";
layout = [
{
search = {
provider = [
"duckduckgo"
"brave"
];
focus = true;
showSearchSuggestions = true;
target = "_blank";
"Media Streaming" = {
style = "row";
columns = 4;
useEqualHeights = true;
};
}
{
resources = {
cpu = true;
memory = true;
disk = [
"/"
"/backup"
];
cputemp = true;
tempmin = 0;
tempmax = 100;
units = "metric";
network = true;
uptime = true;
"Media Management" = {
style = "row";
columns = 4;
useEqualHeights = true;
};
}
{
"Cloud Services" = {
style = "row";
columns = 3;
};
}
{
"Utilities" = {
style = "row";
columns = 3;
};
}
];
quicklaunch.searchDescriptions = true;
disableUpdateCheck = true;
showStats = true;
statusStyle = "dot";
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
widgets = [
{
search = {
provider = [
"duckduckgo"
"brave"
];
focus = true;
showSearchSuggestions = true;
target = "_blank";
};
};
};
}
{
resources = {
cpu = true;
memory = true;
disk = [
"/"
"/backup"
];
cputemp = true;
tempmin = 0;
tempmax = 100;
units = "metric";
network = true;
uptime = true;
};
}
];
};
# secrets
age.secrets = genSecrets secrets;
system.activationScripts = insertSecrets secrets;
nginx.virtualHosts."homepage-dashboard.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
# secrets
age.secrets = genSecrets secrets;
system.activationScripts = insertSecrets secrets;
}

53
modules/nixos/features/immich.nix
View file

@ -1,46 +1,37 @@
{
config,
lib,
...
}:
let
feature = "immich";
port = "2283";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
immich = {
enable = true;
port = builtins.fromJSON "${port}";
mediaLocation = "/srv/immich";
};
services = {
immich = {
enable = true;
port = lib.toInt "${port}";
mediaLocation = "/srv/immich";
};
# database backup
borgmatic.settings = {
postgresql_databases = [
{
name = "immich";
hostname = "localhost";
username = "root";
password = "{credential systemd borgmatic-pg}";
}
];
};
borgmatic.settings.postgresql_databases = [
{
name = "immich";
hostname = "localhost";
username = "root";
password = "{credential systemd borgmatic-pg}";
}
];
nginx = {
clientMaxBodySize = "50000M";
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://[::1]:${port}";
proxyWebsockets = true;
};
nginx = {
clientMaxBodySize = "50000M";
virtualHosts."immich.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://[::1]:${port}";
proxyWebsockets = true;
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

37
modules/nixos/features/intel-gpu.nix
View file

@ -1,32 +1,21 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "intel-gpu";
in
{
config = lib.mkIf config.${feature}.enable {
hardware = {
enableAllFirmware = true;
graphics = {
enable = true;
extraPackages = with pkgs; [
# keep-sorted start
intel-compute-runtime
intel-media-driver
intel-ocl
libva-vdpau-driver
vpl-gpu-rt
# keep-sorted end
];
};
hardware = {
enableAllFirmware = true;
graphics = {
enable = true;
extraPackages = with pkgs; [
# keep-sorted start
intel-compute-runtime
intel-media-driver
intel-ocl
libva-vdpau-driver
vpl-gpu-rt
# keep-sorted end
];
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

40
modules/nixos/features/jellyfin.nix
View file

@ -1,36 +1,24 @@
{
config,
lib,
...
}:
let
feature = "jellyfin";
port = "8096";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
jellyfin = {
enable = true;
dataDir = "/srv/jellyfin";
group = "media";
};
# reverse proxy
nginx.virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
services = {
jellyfin = {
enable = true;
dataDir = "/srv/jellyfin";
group = "media";
};
# use intel iGP
systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD";
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
nginx.virtualHosts."jellyfin.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
# use intel iGP
systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD";
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
};
}

35
modules/nixos/features/lidarr.nix
View file

@ -1,36 +1,23 @@
{
config,
lib,
...
}:
let
feature = "lidarr";
port = "5012";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
lidarr = {
enable = true;
dataDir = "/srv/lidarr";
settings.server.port = lib.toInt port;
group = "media";
};
services = {
lidarr = {
enable = true;
dataDir = "/srv/lidarr";
settings.server.port = lib.toInt port;
group = "media";
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
nginx.virtualHosts."lidarr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

18
modules/nixos/features/link2c.nix
View file

@ -1,17 +1,5 @@
{
config,
lib,
...
}:
let
feature = "link2c";
in
{
config = lib.mkIf config.${feature}.enable {
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="2e1a", ATTR{idProduct}=="4c03", TEST=="power/control", ATTR{power/control}="on"
'';
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="2e1a", ATTR{idProduct}=="4c03", TEST=="power/control", ATTR{power/control}="on"
'';
}

24
modules/nixos/features/localisation.nix
View file

@ -1,21 +1,11 @@
{ config, lib, ... }:
let
feature = "localisation";
in
{
config = lib.mkIf config.${feature}.enable {
i18n = {
defaultLocale = "en_AU.UTF-8";
supportedLocales = [
"en_US.UTF-8/UTF-8"
"en_AU.UTF-8/UTF-8"
];
};
time.timeZone = "Australia/Melbourne";
i18n = {
defaultLocale = "en_AU.UTF-8";
supportedLocales = [
"en_US.UTF-8/UTF-8"
"en_AU.UTF-8/UTF-8"
];
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
time.timeZone = "Australia/Melbourne";
}

60
modules/nixos/features/miniflux.nix
View file

@ -1,54 +1,36 @@
{
config,
lib,
...
}:
let
feature = "miniflux";
port = "5010";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets.miniflux-creds.path;
config = {
BASE_URL = "https://miniflux.fi33.buzz";
LISTEN_ADDR = "localhost:${port}";
};
};
# database backup
borgmatic.settings = {
postgresql_databases = [
{
name = "miniflux";
hostname = "localhost";
username = "root";
password = "{credential systemd borgmatic-pg}";
}
];
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
services = {
miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets.miniflux-creds.path;
config = {
BASE_URL = "https://miniflux.fi33.buzz";
LISTEN_ADDR = "localhost:${port}";
};
};
# secrets
age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age;
borgmatic.settings.postgresql_databases = [
{
name = "miniflux";
hostname = "localhost";
username = "root";
password = "{credential systemd borgmatic-pg}";
}
];
nginx.virtualHosts."miniflux.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age;
}

17
modules/nixos/features/network.nix
View file

@ -1,21 +1,10 @@
{
config,
lib,
hostName,
...
}:
let
feature = "network";
in
{
config = lib.mkIf config.${feature}.enable {
networking = {
hostName = "${hostName}";
networkmanager.enable = true;
};
networking = {
hostName = "${hostName}";
networkmanager.enable = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

63
modules/nixos/features/nginx.nix
View file

@ -1,48 +1,37 @@
{
config,
lib,
...
}:
let
feature = "nginx";
in
{
config = lib.mkIf config.${feature}.enable {
services.nginx = {
enable = true;
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts."*.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".index = "index.html";
};
virtualHosts."*.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".index = "index.html";
};
security.acme = {
acceptTerms = true;
defaults.email = "wi11@duck.com";
certs."fi33.buzz" = {
domain = "fi33.buzz";
extraDomainNames = [ "*.fi33.buzz" ];
group = "nginx";
dnsProvider = "porkbun";
dnsPropagationCheck = true;
credentialsFile = config.age.secrets."porkbun-api".path;
};
};
# secrets
age.secrets."porkbun-api" = {
file = ../../../secrets/porkbun-api.age;
};
users.users.nginx.extraGroups = [ "acme" ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
security.acme = {
acceptTerms = true;
defaults.email = "wi11@duck.com";
certs."fi33.buzz" = {
domain = "fi33.buzz";
extraDomainNames = [ "*.fi33.buzz" ];
group = "nginx";
dnsProvider = "porkbun";
dnsPropagationCheck = true;
credentialsFile = config.age.secrets."porkbun-api".path;
};
};
age.secrets."porkbun-api".file = ../../../secrets/porkbun-api.age;
users.users.nginx.extraGroups = [ "acme" ];
}

17
modules/nixos/features/nh.nix
View file

@ -1,20 +1,11 @@
{
config,
lib,
userName,
...
}:
let
feature = "nh";
in
{
config = lib.mkIf config.${feature}.enable {
programs.nh = {
enable = true;
# clean.enable = true;
flake = "/home/${userName}/.dots";
};
programs.nh = {
enable = true;
# clean.enable = true;
flake = "/home/${userName}/.dots";
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

50
modules/nixos/features/nix-settings.nix
View file

@ -1,34 +1,24 @@
{ config, lib, ... }:
let
feature = "nix-settings";
in
{
config = lib.mkIf config.${feature}.enable {
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 20d";
persistent = true;
};
optimise = {
automatic = true;
persistent = true;
};
settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"will"
"srv"
];
};
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 20d";
persistent = true;
};
optimise = {
automatic = true;
persistent = true;
};
settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"will"
"srv"
];
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

12
modules/nixos/features/nixpkgs.nix
View file

@ -1,13 +1,3 @@
{ config, lib, ... }:
let
feature = "nixpkgs";
in
{
config = lib.mkIf config.${feature}.enable {
nixpkgs.config.allowUnfree = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
nixpkgs.config.allowUnfree = true;
}

171
modules/nixos/features/nixvim.nix
View file

@ -1,108 +1,97 @@
{
config,
inputs,
lib,
...
}:
let
feature = "nixvim";
in
{
config = lib.mkIf config.${feature}.enable {
environment.variables.EDITOR = "nvim";
programs.nixvim = {
environment.variables.EDITOR = "nvim";
programs.nixvim = {
enable = true;
clipboard = {
providers.wl-copy.enable = true;
register = "unnamedplus";
};
colorschemes.catppuccin = {
enable = true;
clipboard = {
providers.wl-copy.enable = true;
register = "unnamedplus";
};
colorschemes.catppuccin = {
settings.background.dark = "mocha";
};
dependencies = {
tree-sitter.enable = true;
gcc.enable = true;
};
diagnostic.settings.virtual_lines = true;
opts = {
autoindent = true;
expandtab = true;
number = true;
relativenumber = true;
shiftwidth = 2;
tabstop = 2;
colorcolumn = "80";
};
plugins = {
# autoclose brackets
autoclose.enable = true;
# completion window
cmp = {
enable = true;
settings.background.dark = "mocha";
autoEnableSources = true;
settings = {
mapping = {
"<C-Space>" = "cmp.mapping.complete()";
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
"<C-e>" = "cmp.mapping.close()";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
};
sources = [
{ name = "nvim_lsp"; }
{ name = "path"; }
{ name = "buffer"; }
];
};
};
dependencies = {
tree-sitter.enable = true;
gcc.enable = true;
};
diagnostic.settings.virtual_lines = true;
opts = {
autoindent = true;
expandtab = true;
number = true;
relativenumber = true;
shiftwidth = 2;
tabstop = 2;
colorcolumn = "80";
};
plugins = {
# autoclose brackets
autoclose.enable = true;
# completion window
cmp = {
enable = true;
autoEnableSources = true;
settings = {
mapping = {
"<C-Space>" = "cmp.mapping.complete()";
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
"<C-e>" = "cmp.mapping.close()";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
};
sources = [
{ name = "nvim_lsp"; }
{ name = "path"; }
{ name = "buffer"; }
];
# git changes in margin
gitsigns.enable = true;
# opens last edit position
lastplace.enable = true;
# lsp servers
lsp = {
enable = true;
inlayHints = true;
servers = {
nixd.enable = true;
rust_analyzer = {
enable = true;
installCargo = true;
installRustc = true;
};
hls = {
enable = true;
installGhc = true;
};
};
# git changes in margin
gitsigns.enable = true;
# opens last edit position
lastplace.enable = true;
# lsp servers
lsp = {
enable = true;
inlayHints = true;
servers = {
nixd.enable = true;
}
// lib.optionalAttrs config.dev.enable {
rust_analyzer = {
enable = true;
installCargo = true;
installRustc = true;
};
hls = {
enable = true;
installGhc = true;
};
};
};
lsp-format.enable = true;
lsp-lines.enable = true;
lsp-signature.enable = true;
lspkind.enable = true;
# status bar
lualine.enable = true;
# perform file system operations inside of neovim
oil.enable = true;
# syntax highlighting
treesitter.enable = true;
};
lsp-format.enable = true;
lsp-lines.enable = true;
lsp-signature.enable = true;
lspkind.enable = true;
# status bar
lualine.enable = true;
# perform file system operations inside of neovim
oil.enable = true;
# syntax highlighting
treesitter.enable = true;
};
};
imports = [ inputs.nixvim.nixosModules.nixvim ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

42
modules/nixos/features/ntfy-sh.nix
View file

@ -1,38 +1,24 @@
{
config,
lib,
...
}:
let
feature = "ntfy-sh";
port = "5002";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
ntfy-sh = {
enable = true;
settings = {
base-url = "https://ntfy-sh.fi33.buzz";
listen-http = ":${port}";
behind-proxy = true;
};
services = {
ntfy-sh = {
enable = true;
settings = {
base-url = "https://ntfy-sh.fi33.buzz";
listen-http = ":${port}";
behind-proxy = true;
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
proxyWebsockets = true;
};
};
nginx.virtualHosts."ntfy-sh.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
proxyWebsockets = true;
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

69
modules/nixos/features/paperless.nix
View file

@ -4,54 +4,41 @@
...
}:
let
feature = "paperless";
port = "5013";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
paperless = {
enable = true;
dataDir = "/srv/paperless";
database.createLocally = true;
passwordFile = config.age.secrets.paperless.path;
port = lib.toInt port;
settings = {
PAPERLESS_URL = "https://paperless.fi33.buzz";
};
};
# database backup
borgmatic.settings = {
postgresql_databases = [
{
name = "paperless";
hostname = "localhost";
username = "root";
password = "{credential systemd borgmatic-pg}";
}
];
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
services = {
paperless = {
enable = true;
dataDir = "/srv/paperless";
database.createLocally = true;
passwordFile = config.age.secrets.paperless.path;
port = lib.toInt port;
settings = {
PAPERLESS_URL = "https://paperless.fi33.buzz";
};
};
age.secrets."paperless" = {
file = ../../../secrets/paperless.age;
owner = "paperless";
borgmatic.settings = {
postgresql_databases = [
{
name = "paperless";
hostname = "localhost";
username = "root";
password = "{credential systemd borgmatic-pg}";
}
];
};
nginx.virtualHosts."miniflux.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
age.secrets."paperless" = {
file = ../../../secrets/paperless.age;
owner = "paperless";
};
}

22
modules/nixos/features/pipewire.nix
View file

@ -1,19 +1,11 @@
{ config, lib, ... }:
let
feature = "pipewire";
in
{
config = lib.mkIf config.${feature}.enable {
security.rtkit.enable = true;
security.rtkit.enable = true;
services.pipewire = {
alsa.enable = true;
alsa.support32Bit = true;
enable = true;
jack.enable = true;
pulse.enable = true;
};
services.pipewire = {
alsa.enable = true;
alsa.support32Bit = true;
enable = true;
jack.enable = true;
pulse.enable = true;
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

45
modules/nixos/features/plasma.nix
View file

@ -1,36 +1,27 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "plasma";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
environment.systemPackages =
with pkgs.kdePackages;
[
# keep-sorted start
ktorrent
kzones
# keep-sorted end
]
++ (with pkgs; [
# keep-sorted start
haruna
# keep-sorted end
]);
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
environment.systemPackages =
with pkgs.kdePackages;
[
# keep-sorted start
ktorrent
kzones
# keep-sorted end
]
++ (with pkgs; [
# keep-sorted start
haruna
# keep-sorted end
]);
}

31
modules/nixos/features/print-and-scan.nix
View file

@ -1,30 +1,21 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "print-and-scan";
in
{
config = lib.mkIf config.${feature}.enable {
hardware.sane = {
hardware.sane = {
enable = true;
extraBackends = [ pkgs.hplip ];
};
services = {
avahi = {
enable = true;
extraBackends = [ pkgs.hplip ];
nssmdns4 = true;
openFirewall = true;
};
services = {
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
printing = {
enable = true;
drivers = [ pkgs.hplip ];
};
printing = {
enable = true;
drivers = [ pkgs.hplip ];
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

16
modules/nixos/features/protonmail-bridge.nix
View file

@ -1,17 +1,3 @@
{
config,
lib,
...
}:
let
feature = "protonmail-bridge";
in
{
config = lib.mkIf config.${feature}.enable {
services.protonmail-bridge.enable = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
services.protonmail-bridge.enable = true;
}

34
modules/nixos/features/prowlarr.nix
View file

@ -1,35 +1,27 @@
{
config,
lib,
...
}:
let
feature = "prowlarr";
port = "5009";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
prowlarr = {
enable = true;
dataDir = "/srv/prowlarr";
settings.server.port = lib.toInt port;
};
services = {
prowlarr = {
enable = true;
dataDir = "/srv/prowlarr";
settings.server.port = lib.toInt port;
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
nginx = {
virtualHosts."prowlarr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

47
modules/nixos/features/qbittorrent.nix
View file

@ -1,37 +1,28 @@
{ config, lib, ... }:
{
lib,
...
}:
let
feature = "qbittorrent";
port = "5005";
in
{
config = lib.mkIf config.${feature}.enable {
users.users.qbittorrent.extraGroups = [ "media" ];
services = {
qbittorrent = {
enable = true;
webuiPort = lib.toInt port;
profileDir = "/srv";
group = "media";
extraArgs = [
"--confirm-legal-notice"
];
};
services = {
# service
qbittorrent = {
enable = true;
webuiPort = lib.toInt port;
profileDir = "/srv";
group = "media";
extraArgs = [
"--confirm-legal-notice"
];
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
nginx.virtualHosts."qbittorrent.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
users.users.qbittorrent.extraGroups = [ "media" ];
}

36
modules/nixos/features/radarr.nix
View file

@ -1,37 +1,23 @@
{
config,
lib,
...
}:
let
feature = "radarr";
port = "5007";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
radarr = {
enable = true;
dataDir = "/srv/radarr";
settings.server.port = lib.toInt port;
group = "media";
services = {
radarr = {
enable = true;
dataDir = "/srv/radarr";
settings.server.port = lib.toInt port;
group = "media";
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
nginx.virtualHosts."radarr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

36
modules/nixos/features/sonarr.nix
View file

@ -1,37 +1,23 @@
{
config,
lib,
...
}:
let
feature = "sonarr";
port = "5006";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
sonarr = {
enable = true;
dataDir = "/srv/sonarr";
settings.server.port = lib.toInt port;
group = "media";
services = {
sonarr = {
enable = true;
dataDir = "/srv/sonarr";
settings.server.port = lib.toInt port;
group = "media";
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
nginx.virtualHosts."sonarr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

71
modules/nixos/features/syncthing.nix
View file

@ -1,15 +1,10 @@
{
config,
lib,
pkgs,
userName,
hostName,
...
}:
let
feature = "syncthing";
port = "5008";
devicesList = [
# keep-sorted start block=yes
{
@ -30,7 +25,6 @@ let
}
# keep-sorted end
];
devices = builtins.listToAttrs (
map (
{ device, id }:
@ -48,45 +42,34 @@ let
);
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
syncthing = {
enable = true;
guiAddress = "0.0.0.0:${port}";
openDefaultPorts = true;
user = "${userName}";
dataDir = "/home/${userName}";
overrideDevices = true;
settings = {
inherit devices;
};
};
borgmatic.settings =
if userName == "srv" then
{
source_directories = [
"/home/srv/.config/syncthing"
"/home/srv/Sync"
];
}
else
null;
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
services = {
syncthing = {
enable = true;
guiAddress = "0.0.0.0:${port}";
openDefaultPorts = true;
user = "${userName}";
dataDir = "/home/${userName}";
overrideDevices = true;
settings = {
inherit devices;
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
borgmatic.settings =
if userName == "srv" then
{
source_directories = [
"/home/srv/.config/syncthing"
"/home/srv/Sync"
];
}
else
null;
nginx.virtualHosts."syncthing.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
}

14
modules/nixos/features/systemd-boot.nix
View file

@ -1,14 +1,6 @@
{ config, lib, ... }:
let
feature = "systemd-boot";
in
{
config = lib.mkIf config.${feature}.enable {
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

24
modules/nixos/features/tailscale.nix
View file

@ -1,22 +1,10 @@
{
config,
lib,
...
}:
let
feature = "tailscale";
in
{
config = lib.mkIf config.${feature}.enable {
services.tailscale = {
enable = true;
extraSetFlags = [
"--accept-dns=true"
];
};
networking.firewall.trustedInterfaces = [ "tailscale0" ];
services.tailscale = {
enable = true;
extraSetFlags = [
"--accept-dns=true"
];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
networking.firewall.trustedInterfaces = [ "tailscale0" ];
}

38
modules/nixos/features/tlp.nix
View file

@ -1,29 +1,19 @@
{ config, lib, ... }:
let
feature = "tlp";
in
{
config = lib.mkIf config.${feature}.enable {
# Disable if devices take long to unsuspend (keyboard, mouse, etc)
powerManagement.powertop.enable = true;
services = {
power-profiles-daemon.enable = false;
tlp = {
enable = true;
settings = {
# keep-sorted start
CPU_BOOST_ON_AC = 1;
CPU_BOOST_ON_BAT = 0;
CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
STOP_CHARGE_THRESH_BAT0 = 95;
# keep-sorted end
};
# Disable if devices take long to unsuspend (keyboard, mouse, etc)
powerManagement.powertop.enable = true;
services = {
power-profiles-daemon.enable = false;
tlp = {
enable = true;
settings = {
# keep-sorted start
CPU_BOOST_ON_AC = 1;
CPU_BOOST_ON_BAT = 0;
CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
STOP_CHARGE_THRESH_BAT0 = 95;
# keep-sorted end
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

44
modules/nixos/features/vaultwarden.nix
View file

@ -1,33 +1,28 @@
{
config,
lib,
...
}:
let
feature = "vaultwarden";
port = "5001";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
vaultwarden = {
enable = true;
backupDir = "/srv/vaultwarden";
config = {
rocketPort = "${port}";
domain = "https://vaultwarden.fi33.buzz";
signupsAllowed = false;
invitationsAllowed = false;
showPasswordHint = false;
useSyslog = true;
extendedLogging = true;
adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}";
};
services = {
vaultwarden = {
enable = true;
backupDir = "/srv/vaultwarden";
config = {
rocketPort = "${port}";
domain = "https://vaultwarden.fi33.buzz";
signupsAllowed = false;
invitationsAllowed = false;
showPasswordHint = false;
useSyslog = true;
extendedLogging = true;
adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}";
};
};
# reverse proxy
services.nginx.virtualHosts."${feature}.fi33.buzz" = {
nginx.virtualHosts."vaultwarden.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
@ -35,13 +30,10 @@ in
proxyWebsockets = true;
};
};
# secrets
age.secrets."vaultwarden-admin" = {
file = ../../../secrets/vaultwarden-admin.age;
owner = "vaultwarden";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
age.secrets."vaultwarden-admin" = {
file = ../../../secrets/vaultwarden-admin.age;
owner = "vaultwarden";
};
}