diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..b7275d8 --- /dev/null +++ b/flake.lock @@ -0,0 +1,341 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "owner": "ryantm", + "repo": "agenix", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751589297, + "narHash": "sha256-3q35cq6BPuwIRL3IoVKYPc72r3OleeuRyf4YAPjEqzA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "83f978812c37511ef2ffaf75ffa72160483f738a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "ixx": { + "inputs": { + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748294338, + "narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.8", + "repo": "ixx", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1682134069, + "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fd901ef4bf93499374c5af385b2943f5801c0833", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixvim": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch", + "systems": "systems_3" + }, + "locked": { + "lastModified": 1751492444, + "narHash": "sha256-26NgRXwhNM2x4hrok0C3CqSf2v0vi9byONNON5PzbHQ=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "239d331bb48673dfd00d7187654892471cd60d44", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixvim", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils", + "ixx": "ixx", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749730855, + "narHash": "sha256-L3x2nSlFkXkM6tQPLJP3oCBMIsRifhIDPMQQdHO5xWo=", + "owner": "NuschtOS", + "repo": "search", + "rev": "8dfe5879dd009ff4742b668d9c699bc4b9761742", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "home-manager": "home-manager_2", + "nixpkgs": "nixpkgs", + "nixvim": "nixvim", + "vscode-server": "vscode-server" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "vscode-server": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1750353031, + "narHash": "sha256-Bx7DOPLhkr8Z60U9Qw4l0OidzHoqLDKQH5rDV5ef59A=", + "owner": "nix-community", + "repo": "nixos-vscode-server", + "rev": "4ec4859b12129c0436b0a471ed1ea6dd8a317993", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-vscode-server", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..a24ba54 --- /dev/null +++ b/flake.nix @@ -0,0 +1,51 @@ +{ + description = "NixOS configuration"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixvim = { + url = "github:nix-community/nixvim"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + vscode-server.url = "github:nix-community/nixos-vscode-server"; + }; + + outputs = + { nixpkgs, agenix, ... }@inputs: + let + commonSystem = + { + hostName ? "nixos", + userName ? "will", + system ? "x86_64-linux", + }: + nixpkgs.lib.nixosSystem { + modules = [ ./hosts/${hostName}/configuration.nix ]; + specialArgs = { + inherit inputs; + inherit hostName; + inherit userName; + inherit system; + }; + inherit system; + }; + in + { + nixosConfigurations = { + desktop = commonSystem { hostName = "desktop"; }; + laptop = commonSystem { hostName = "laptop"; }; + server = commonSystem { + hostName = "server"; + userName = "srv"; + }; + }; + }; +} diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix new file mode 100644 index 0000000..cac1170 --- /dev/null +++ b/hosts/desktop/configuration.nix @@ -0,0 +1,42 @@ +{ + pkgs, + hostName, + inputs, + userName, + ... +}: +{ + imports = [ + ../../modules/nixos/default.nix + ./hardware-configuration.nix + ]; + + # reusable modules + + amd-gpu.enable = true; + desktop.enable = true; + external-speakers.enable = true; + gaming.enable = true; + link2c.enable = true; + + # config + + boot.initrd.luks.devices."luks-b164af31-c1c3-4b4e-83c8-eb39802c2027".device = + "/dev/disk/by-uuid/b164af31-c1c3-4b4e-83c8-eb39802c2027"; + + services.btrfs.autoScrub.enable = true; + + system.stateVersion = "24.11"; + + i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8"; + + users.users.${userName} = { + extraGroups = [ + "networkmanager" + "wheel" + "scanner" + "lp" + ]; + isNormalUser = true; + }; +} diff --git a/hosts/desktop/hardware-configuration.nix b/hosts/desktop/hardware-configuration.nix new file mode 100644 index 0000000..c06a88e --- /dev/null +++ b/hosts/desktop/hardware-configuration.nix @@ -0,0 +1,66 @@ +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/8ac17d03-8db2-455f-b73a-06d73022a079"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-bf3ff3bf-7210-4c50-a6bc-feb5bdb6fa0d".device = + "/dev/disk/by-uuid/bf3ff3bf-7210-4c50-a6bc-feb5bdb6fa0d"; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/3854-4FAE"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + fileSystems."/media/games" = { + device = "/dev/disk/by-uuid/ea672712-282d-4421-bf34-c9a249a9b275"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=games" + ]; + }; + + fileSystems."/media/hoard" = { + device = "/dev/disk/by-uuid/ea672712-282d-4421-bf34-c9a249a9b275"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=hoard" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/000dc4be-b250-4870-9284-b761486e8cea"; } + ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix new file mode 100644 index 0000000..46cda65 --- /dev/null +++ b/hosts/desktop/home.nix @@ -0,0 +1,19 @@ +{ + userName, + ... +}: +{ + imports = [ ../../modules/home-manager/default.nix ]; + + # reusable modules + + desktop.enable = true; + + # config + + home = { + username = "${userName}"; + homeDirectory = "/home/will"; + stateVersion = "24.11"; + }; +} diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix new file mode 100644 index 0000000..70f66f6 --- /dev/null +++ b/hosts/laptop/configuration.nix @@ -0,0 +1,38 @@ +{ + pkgs, + hostName, + inputs, + userName, + ... +}: +{ + imports = [ + ../../modules/nixos/default.nix + ./hardware-configuration.nix + ]; + + # reusable modules + + amd-gpu.enable = true; + desktop.enable = true; + networkmanager.enable = true; + + # config + + boot.initrd.luks.devices."luks-433a5889-6f18-4c9a-8d99-db02af39bdee".device = + "/dev/disk/by-uuid/433a5889-6f18-4c9a-8d99-db02af39bdee"; + + system.stateVersion = "24.11"; + + i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8"; + + users.users.${userName} = { + extraGroups = [ + "networkmanager" + "wheel" + "scanner" + "lp" + ]; + isNormalUser = true; + }; +} diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix new file mode 100644 index 0000000..d8603af --- /dev/null +++ b/hosts/laptop/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/cdb8d2dd-a466-4c53-8c42-f00af5e85d81"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-67930062-ceb2-4d9a-83d9-dfad48287a00".device = "/dev/disk/by-uuid/67930062-ceb2-4d9a-83d9-dfad48287a00"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/CFBE-B36B"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/7d677650-2504-4df0-8631-d7a7ff325e35"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/laptop/home.nix b/hosts/laptop/home.nix new file mode 100644 index 0000000..46cda65 --- /dev/null +++ b/hosts/laptop/home.nix @@ -0,0 +1,19 @@ +{ + userName, + ... +}: +{ + imports = [ ../../modules/home-manager/default.nix ]; + + # reusable modules + + desktop.enable = true; + + # config + + home = { + username = "${userName}"; + homeDirectory = "/home/will"; + stateVersion = "24.11"; + }; +} diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix new file mode 100644 index 0000000..61266f3 --- /dev/null +++ b/hosts/server/configuration.nix @@ -0,0 +1,42 @@ +{ + pkgs, + hostName, + inputs, + userName, + ... +}: +{ + imports = [ + ../../modules/nixos/default.nix + ./hardware-configuration.nix + ]; + + # reusable modules + + borgbackup-srv.enable = true; + intel-gpu.enable = true; + server.enable = true; + + # config + + networking.hostName = "${hostName}"; + + services.openssh.enable = true; + + system.stateVersion = "24.11"; + + users = { + groups.${userName} = { }; + users.${userName} = { + extraGroups = [ + "wheel" + "docker" + ]; + home = "/home/srv"; + isNormalUser = true; + shell = pkgs.bash; + }; + }; + + virtualisation.docker.enable = true; +} diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix new file mode 100644 index 0000000..e6c88fc --- /dev/null +++ b/hosts/server/hardware-configuration.nix @@ -0,0 +1,58 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "usbhid" + "sd_mod" + "sdhci_pci" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/f202dcb2-1af3-4841-b0a7-303b18e68421"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/E591-819C"; + fsType = "vfat"; + options = [ + "fmask=0767" + "dmask=0767" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/8e471996-8a5d-4782-b87f-83f2b3839f53"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/server/home.nix b/hosts/server/home.nix new file mode 100644 index 0000000..605d749 --- /dev/null +++ b/hosts/server/home.nix @@ -0,0 +1,13 @@ +{ + userName, + ... +}: +{ + imports = [ ../../modules/home-manager/default.nix ]; + + home = { + username = "${userName}"; + homeDirectory = "/home/srv"; + stateVersion = "24.11"; + }; +} diff --git a/modules/home-manager/bundles/desktop.nix b/modules/home-manager/bundles/desktop.nix new file mode 100644 index 0000000..ef6f517 --- /dev/null +++ b/modules/home-manager/bundles/desktop.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: +let + feature = "desktop"; +in +{ + config = lib.mkIf config.${feature}.enable { + alacritty.enable = true; + zellij.enable = true; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix new file mode 100644 index 0000000..13c63d4 --- /dev/null +++ b/modules/home-manager/default.nix @@ -0,0 +1,14 @@ +{ lib, ... }: +let + featureBundler = + featuresDir: + map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir)); +in +{ + imports = (featureBundler ./bundles) ++ (featureBundler ./features); + + bash.enable = lib.mkDefault true; + gh.enable = lib.mkDefault true; + git.enable = lib.mkDefault true; + zoxide.enable = lib.mkDefault true; +} diff --git a/modules/home-manager/features/alacritty.nix b/modules/home-manager/features/alacritty.nix new file mode 100644 index 0000000..7d7fb16 --- /dev/null +++ b/modules/home-manager/features/alacritty.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + ... +}: +let + feature = "alacritty"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.alacritty = { + enable = true; + theme = "catppuccin_mocha"; + settings = { + window.startup_mode = "fullscreen"; + terminal.shell = { + program = "zellij"; + args = [ + "-l" + "welcome" + ]; + }; + font = { + normal = { + family = "JetBrainsMono Nerd Font"; + style = "Regular"; + }; + bold = { + family = "JetBrainsMono Nerd Font"; + style = "Bold"; + }; + italic = { + family = "JetBrainsMono Nerd Font"; + style = "italic"; + }; + bold_italic = { + family = "JetBrainsMono Nerd Font"; + style = "bold_italic"; + }; + size = 13; + }; + }; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/home-manager/features/bash.nix b/modules/home-manager/features/bash.nix new file mode 100644 index 0000000..e5ff5fb --- /dev/null +++ b/modules/home-manager/features/bash.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: +let + feature = "bash"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.bash.enable = true; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/home-manager/features/gh.nix b/modules/home-manager/features/gh.nix new file mode 100644 index 0000000..226dd9c --- /dev/null +++ b/modules/home-manager/features/gh.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + ... +}: +let + feature = "gh"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.gh = { + enable = true; + settings = { + git_protocol = "ssh"; + editor = "nvim"; + }; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/home-manager/features/git.nix b/modules/home-manager/features/git.nix new file mode 100644 index 0000000..55fa380 --- /dev/null +++ b/modules/home-manager/features/git.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + ... +}: +let + feature = "git"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.${feature} = { + enable = true; + + userName = "wi11-holdsworth"; + userEmail = "83637728+wi11-holdsworth@users.noreply.github.com"; + + aliases = { + a = "add"; + aa = "add ."; + ap = "add -p"; + c = "commit --verbose"; + ca = "commit -a --verbose"; + cm = "commit -m"; + cam = "commit -a -m"; + m = "commit --amend --verbose"; + d = "diff"; + ds = "diff --stat"; + dc = "diff --cached"; + s = "status -s"; + co = "checkout"; + cob = "checkout -b"; + ps = "push"; + pl = "pull"; + }; + + extraConfig = { + init.defaultBranch = "main"; + + core.editor = "nvim"; + + push.autoSetupRemote = true; + + pull.rebase = false; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/home-manager/features/zellij.nix b/modules/home-manager/features/zellij.nix new file mode 100644 index 0000000..7141d04 --- /dev/null +++ b/modules/home-manager/features/zellij.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + ... +}: +let + feature = "zellij"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.zellij = { + enable = true; + settings = { + theme = "catppuccin-mocha"; + show_startup_tips = false; + }; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/home-manager/features/zoxide.nix b/modules/home-manager/features/zoxide.nix new file mode 100644 index 0000000..60afa1f --- /dev/null +++ b/modules/home-manager/features/zoxide.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + ... +}: +let + feature = "zoxide"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.zoxide = { + enable = true; + enableBashIntegration = true; + options = [ + "--cmd j" + ]; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/bundles/desktop.nix b/modules/nixos/bundles/desktop.nix new file mode 100644 index 0000000..1ad393c --- /dev/null +++ b/modules/nixos/bundles/desktop.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + pkgs, + ... +}: +let + feature = "desktop"; +in +{ + config = lib.mkIf config.${feature}.enable { + pipewire.enable = true; + print-and-scan.enable = true; + plasma.enable = true; + + environment.systemPackages = + with pkgs; + [ + beeper + brave + calibre + cameractrls-gtk3 + firefox + jellyfin-media-player + kiwix + libreoffice + nixfmt-rfc-style + obsidian + vlc + vscode + ] + ++ (with pkgs.kdePackages; [ + skanlite + ktorrent + kzones + ]); + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix new file mode 100644 index 0000000..9029ae2 --- /dev/null +++ b/modules/nixos/bundles/server.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: +let + feature = "server"; +in +{ + config = lib.mkIf config.${feature}.enable { + couchdb.enable = true; + flaresolverr.enable = true; + homepage-dashboard.enable = true; + immich.enable = true; + jellyfin.enable = true; + lidarr.enable = true; + miniflux.enable = true; + nginx.enable = true; + ntfy-sh.enable = true; + paperless.enable = true; + prowlarr.enable = true; + radarr.enable = true; + sonarr.enable = true; + stirling-pdf.enable = true; + transmission.enable = true; + vaultwarden.enable = true; + vscode-server.enable = true; + webdav.enable = true; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..0f6944e --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,39 @@ +{ + lib, + pkgs, + ... +}: +let + featureBundler = + featuresDir: + map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir)); +in +{ + imports = (featureBundler ./bundles) ++ (featureBundler ./features); + + agenix.enable = lib.mkDefault true; + direnv.enable = lib.mkDefault true; + fonts.enable = lib.mkDefault true; + home-manager.enable = lib.mkDefault true; + localisation.enable = lib.mkDefault true; + nh.enable = lib.mkDefault true; + nix-settings.enable = lib.mkDefault true; + nixpkgs.enable = lib.mkDefault true; + nixvim.enable = lib.mkDefault true; + shell.enable = lib.mkDefault true; + starship.enable = lib.mkDefault true; + systemd-boot.enable = lib.mkDefault true; + tailscale.enable = lib.mkDefault true; + + # cli utils + environment.systemPackages = with pkgs; [ + bat + dust + eza + fd + lazygit + nom + ripgrep-all + spotdl + ]; +} diff --git a/modules/nixos/features/agenix.nix b/modules/nixos/features/agenix.nix new file mode 100644 index 0000000..278933d --- /dev/null +++ b/modules/nixos/features/agenix.nix @@ -0,0 +1,21 @@ +{ + config, + inputs, + lib, + system, + userName, + ... +}: +let + feature = "agenix"; +in +{ + config = lib.mkIf config.${feature}.enable { + age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ]; + environment.systemPackages = [ inputs.agenix.packages.${system}.default ]; + }; + + imports = [ inputs.agenix.nixosModules.default ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/amd-gpu.nix b/modules/nixos/features/amd-gpu.nix new file mode 100644 index 0000000..7d52f28 --- /dev/null +++ b/modules/nixos/features/amd-gpu.nix @@ -0,0 +1,26 @@ +{ + config, + lib, + pkgs, + ... +}: +let + feature = "amd-gpu"; +in +{ + config = lib.mkIf config.${feature}.enable { + + # load graphics drivers before anything else + boot.initrd.kernelModules = [ "amdgpu" ]; + + hardware.graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ amdvlk ]; + }; + + services.xserver.videoDrivers = [ "amdgpu" ]; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/borgbackup-srv.nix b/modules/nixos/features/borgbackup-srv.nix new file mode 100644 index 0000000..40839df --- /dev/null +++ b/modules/nixos/features/borgbackup-srv.nix @@ -0,0 +1,104 @@ +{ + config, + lib, + pkgs, + ... +}: +let + feature = "borgbackup-srv"; + + secret = "borgbackup"; + notify = + { + tag, + msg, + location, + }: + '' + ${pkgs.curl}/bin/curl -H "X-Tags: ${tag},BorgBackup,Server,${location}" -d "${msg}" ${config.services.ntfy-sh.settings.base-url}/backups + ''; + notifySuccess = + location: + notify { + tag = "tada"; + msg = "Backup succeeded"; + inherit location; + }; + notifyFailure = + location: + notify { + tag = "tada"; + msg = "Backup failed, check logs"; + inherit location; + }; + +in +{ + config = lib.mkIf config.${feature}.enable { + services.borgbackup.jobs = + let + srv = location: { + paths = "/srv"; + + compression = "auto,zstd"; + + startAt = "*-*-* 04:00:00 Australia/Melbourne"; + + prune.keep = { + daily = 7; + weekly = 4; + monthly = 6; + }; + + postHook = '' + if [ $exitStatus -eq 0 ]; then + ${notifySuccess location} + else + ${notifyFailure location} + fi + ''; + }; + + in + { + onsite = srv "onsite" // { + repo = "/repo"; + exclude = [ "/srv/immich" ]; + + encryption.mode = "repokey-blake2"; + encryption.passCommand = "cat ${config.age.secrets.borgbackup-server-onsite.path}"; + + removableDevice = true; + }; + + offsite = srv "offsite" // { + repo = "vuc5c3xq@vuc5c3xq.repo.borgbase.com:repo"; + + encryption.mode = "repokey-blake2"; + encryption.passCommand = "cat ${config.age.secrets.borgbackup-server-offsite.path}"; + + environment.BORG_RSH = "ssh -i /home/srv/.ssh/id_ed25519"; + }; + }; + + # onsite drive + services.udisks2.enable = true; + + fileSystems."/repo" = { + device = "/dev/sdb1"; + fsType = "vfat"; + }; + + # secrets + age.secrets = { + "${secret}-server-onsite" = { + file = ../../../secrets/${secret}-server-onsite.age; + }; + "${secret}-server-offsite" = { + file = ../../../secrets/${secret}-server-offsite.age; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/couchdb.nix b/modules/nixos/features/couchdb.nix new file mode 100644 index 0000000..5df60db --- /dev/null +++ b/modules/nixos/features/couchdb.nix @@ -0,0 +1,60 @@ +{ + config, + lib, + ... +}: +let + feature = "couchdb"; + port = "5984"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + databaseDir = "/srv/couchdb"; + viewIndexDir = "/srv/couchdb"; + configFile = "/srv/couchdb"; + port = lib.toInt port; + extraConfig = { + chttpd = { + require_valid_user = true; + enable_cors = true; + max_http_request_size = 4294967296; + }; + + chttpd_auth.require_valid_user = true; + + httpd = { + WWW-Authenticate = ''Basic realm="couchdb"''; + enable_cors = true; + }; + + couchdb.max_document_size = 50000000; + + cors = { + credentials = true; + origins = '' + app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz + ''; + }; + }; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/direnv.nix b/modules/nixos/features/direnv.nix new file mode 100644 index 0000000..12dbe12 --- /dev/null +++ b/modules/nixos/features/direnv.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + ... +}: +let + feature = "direnv"; +in +{ + config = lib.mkIf config.${feature}.enable { programs.${feature}.enable = true; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/external-speakers.nix b/modules/nixos/features/external-speakers.nix new file mode 100644 index 0000000..2b70586 --- /dev/null +++ b/modules/nixos/features/external-speakers.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + ... +}: +let + feature = "external-speakers"; +in +{ + config = lib.mkIf config.${feature}.enable { + boot.extraModprobeConfig = '' + options snd_hda_intel power_save=0 + ''; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/flaresolverr.nix b/modules/nixos/features/flaresolverr.nix new file mode 100644 index 0000000..de295e4 --- /dev/null +++ b/modules/nixos/features/flaresolverr.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: +let + feature = "flaresolverr"; + port = "5011"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + port = lib.toInt port; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/fonts.nix b/modules/nixos/features/fonts.nix new file mode 100644 index 0000000..d6051a7 --- /dev/null +++ b/modules/nixos/features/fonts.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + pkgs, + ... +}: +let + feature = "fonts"; +in +{ + config = lib.mkIf config.${feature}.enable { + fonts.packages = with pkgs; [ nerd-fonts.jetbrains-mono ]; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/gaming.nix b/modules/nixos/features/gaming.nix new file mode 100644 index 0000000..f4a0e34 --- /dev/null +++ b/modules/nixos/features/gaming.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + pkgs, + ... +}: +let + feature = "gaming"; +in +{ + config = lib.mkIf config.${feature}.enable { + environment.systemPackages = with pkgs; [ + heroic + lutris + mangohud + nexusmods-app + protonup-qt + wine + wine64 + winetricks + prismlauncher + ]; + + programs = { + gamemode.enable = true; + steam = { + enable = true; + gamescopeSession.enable = true; + }; + }; + + # latest kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/home-manager.nix b/modules/nixos/features/home-manager.nix new file mode 100644 index 0000000..f805586 --- /dev/null +++ b/modules/nixos/features/home-manager.nix @@ -0,0 +1,28 @@ +{ + config, + hostName, + inputs, + lib, + userName, + ... +}: +let + feature = "home-manager"; +in +{ + config = lib.mkIf config.${feature}.enable { + home-manager = { + users.${userName} = import ../../../hosts/${hostName}/home.nix; + backupFileExtension = "backup"; + extraSpecialArgs = { + inherit userName; + }; + useGlobalPkgs = true; + useUserPackages = true; + }; + }; + + imports = [ inputs.home-manager.nixosModules.home-manager ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix new file mode 100644 index 0000000..439ce4c --- /dev/null +++ b/modules/nixos/features/homepage-dashboard.nix @@ -0,0 +1,268 @@ +{ + config, + lib, + pkgs, + ... +}: +let + feature = "homepage-dashboard"; + port = "5004"; + genSecrets = + secrets: + lib.genAttrs secrets (secret: { + file = ../../../secrets/${secret}.age; + }); + insertSecrets = + secrets: + lib.genAttrs secrets (secret: '' + secret=$(cat "${config.age.secrets.${secret}.path}") + configFile=/etc/homepage-dashboard/services.yaml + ${pkgs.gnused}/bin/sed -i "s#@${secret}@#$secret#" "$configFile" + ''); + + secrets = [ + "immich" + "jellyfin" + "lidarr" + "miniflux" + "paperless" + "prowlarr" + "radarr" + "sonarr" + ]; +in +{ + config = lib.mkIf config.${feature}.enable { + system.activationScripts = insertSecrets secrets; + age.secrets = genSecrets secrets; + + services = { + # service + ${feature} = { + enable = true; + listenPort = lib.toInt port; + allowedHosts = "${feature}.fi33.buzz"; + services = [ + { + "Media Management" = [ + { + "Lidarr" = { + "icon" = "lidarr.png"; + "href" = "https://lidarr.fi33.buzz/"; + "widget" = { + "type" = "lidarr"; + "url" = "https://lidarr.fi33.buzz/"; + "key" = "@lidarr@"; + "enableQueue" = true; + }; + }; + } + { + "Prowlarr" = { + "icon" = "prowlarr.png"; + "href" = "https://prowlarr.fi33.buzz/"; + "widget" = { + "type" = "prowlarr"; + "url" = "https://prowlarr.fi33.buzz/"; + "key" = "@prowlarr@"; + }; + }; + } + { + "Radarr" = { + "icon" = "radarr.png"; + "href" = "https://radarr.fi33.buzz/"; + "widget" = { + "type" = "radarr"; + "url" = "https://radarr.fi33.buzz/"; + "key" = "@radarr@"; + "enableQueue" = true; + }; + }; + } + { + "Sonarr" = { + "icon" = "sonarr.png"; + "href" = "https://sonarr.fi33.buzz/"; + "widget" = { + "type" = "sonarr"; + "url" = "https://sonarr.fi33.buzz/"; + "key" = "@sonarr@"; + "enableQueue" = true; + }; + }; + } + ]; + } + { + "Media Streaming" = [ + { + "Immich" = { + "icon" = "immich.png"; + "href" = "https://immich.fi33.buzz/"; + "widget" = { + "type" = "immich"; + "fields" = [ + "users" + "photos" + "videos" + "storage" + ]; + "url" = "https://immich.fi33.buzz/"; + "version" = 2; + "key" = "@immich@"; + }; + }; + } + { + "Jellyfin" = { + "icon" = "jellyfin.png"; + "href" = "https://jellyfin.fi33.buzz/"; + "widget" = { + "type" = "jellyfin"; + "url" = "https://jellyfin.fi33.buzz/"; + "key" = "@jellyfin@"; + "enableBlocks" = true; + "enableNowPlaying" = true; + "enableUser" = true; + "showEpisodeNumber" = true; + "expandOneStreamToTwoRows" = false; + }; + }; + } + { + "Miniflux" = { + "icon" = "miniflux.png"; + "href" = "https://miniflux.fi33.buzz/"; + "widget" = { + "type" = "miniflux"; + "url" = "https://miniflux.fi33.buzz/"; + "key" = "@miniflux@"; + }; + }; + } + { + "Paperless" = { + "icon" = "paperless.png"; + "href" = "https://paperless.fi33.buzz/"; + "widget" = { + "type" = "paperlessngx"; + "url" = "https://paperless.fi33.buzz/"; + "username" = "admin"; + "password" = "@paperless@"; + }; + }; + } + ]; + } + { + "Cloud Services" = [ + { + "CouchDB" = { + "icon" = "couchdb.png"; + "href" = "https://couchdb.fi33.buzz/_utils/"; + }; + } + { + "Ntfy" = { + "icon" = "ntfy.png"; + "href" = "https://ntfy-sh.fi33.buzz/"; + }; + } + { + "Stirling PDF" = { + "icon" = "stirling-pdf.png"; + "href" = "https://stirling-pdf.fi33.buzz/"; + }; + } + { + "Transmission" = { + "icon" = "transmission.png"; + "href" = "https://transmission.fi33.buzz/"; + }; + } + { + "Vaultwarden" = { + "icon" = "vaultwarden.png"; + "href" = "https://vaultwarden.fi33.buzz/"; + }; + } + ]; + } + ]; + settings = { + title = "Mission Control"; + theme = "dark"; + color = "neutral"; + headerStyle = "clean"; + layout = [ + { + "Media Streaming" = { + style = "row"; + columns = 4; + useEqualHeights = true; + }; + } + { + "Media Management" = { + style = "row"; + columns = 4; + useEqualHeights = true; + }; + } + { + "Cloud Services" = { + style = "row"; + columns = 3; + }; + } + ]; + quicklaunch.searchDescriptions = true; + disableUpdateCheck = true; + showStats = true; + statusStyle = "dot"; + }; + widgets = [ + { + search = { + provider = [ + "duckduckgo" + "brave" + ]; + focus = true; + showSearchSuggestions = true; + target = "_blank"; + }; + } + { + resources = { + cpu = true; + memory = true; + disk = "/"; + cputemp = true; + tempmin = 0; + tempmax = 100; + units = "metric"; + network = true; + uptime = true; + }; + } + ]; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix new file mode 100644 index 0000000..0b66642 --- /dev/null +++ b/modules/nixos/features/immich.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: +let + feature = "immich"; + port = "2283"; +in +{ + config = lib.mkIf config.${feature}.enable { + services.${feature} = { + enable = true; + port = builtins.fromJSON "${port}"; + mediaLocation = "/srv/${feature}"; + }; + + # reverse proxy + services.nginx = { + clientMaxBodySize = "50000M"; + + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://[::1]:${port}"; + proxyWebsockets = true; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/intel-gpu.nix b/modules/nixos/features/intel-gpu.nix new file mode 100644 index 0000000..9ac8862 --- /dev/null +++ b/modules/nixos/features/intel-gpu.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + pkgs, + ... +}: +let + feature = "intel-gpu"; +in +{ + config = lib.mkIf config.${feature}.enable { + hardware = { + enableAllFirmware = true; + graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + libva-vdpau-driver + intel-compute-runtime + vpl-gpu-rt + intel-ocl + ]; + }; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix new file mode 100644 index 0000000..707bbaa --- /dev/null +++ b/modules/nixos/features/jellyfin.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + userName, + ... +}: +let + feature = "jellyfin"; + port = "8096"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + dataDir = "/srv/jellyfin"; + group = "media"; + }; + + # reverse proxy + nginx.virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; + }; + + # use intel iGP + systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; + environment.sessionVariables = { + LIBVA_DRIVER_NAME = "iHD"; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix new file mode 100644 index 0000000..71d3627 --- /dev/null +++ b/modules/nixos/features/lidarr.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: +let + feature = "lidarr"; + port = "5012"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + dataDir = "/srv/lidarr"; + settings.server.port = lib.toInt port; + group = "media"; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/link2c.nix b/modules/nixos/features/link2c.nix new file mode 100644 index 0000000..6a62718 --- /dev/null +++ b/modules/nixos/features/link2c.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + ... +}: +let + feature = "link2c"; +in +{ + config = lib.mkIf config.${feature}.enable { + services.udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="2e1a", ATTR{idProduct}=="4c03", TEST=="power/control", ATTR{power/control}="on" + ''; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/localisation.nix b/modules/nixos/features/localisation.nix new file mode 100644 index 0000000..e00fba5 --- /dev/null +++ b/modules/nixos/features/localisation.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: +let + feature = "localisation"; +in +{ + config = lib.mkIf config.${feature}.enable { + i18n = { + defaultLocale = "en_AU.UTF-8"; + supportedLocales = [ + "en_US.UTF-8/UTF-8" + "en_AU.UTF-8/UTF-8" + ]; + }; + + time.timeZone = "Australia/Melbourne"; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix new file mode 100644 index 0000000..782f104 --- /dev/null +++ b/modules/nixos/features/miniflux.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + ... +}: +let + feature = "miniflux"; + port = "5010"; +in +{ + config = lib.mkIf config.${feature}.enable { + age.secrets.miniflux-creds.file = ../../../secrets/miniflux-creds.age; + + services = { + # service + ${feature} = { + enable = true; + adminCredentialsFile = config.age.secrets.miniflux-creds.path; + config = { + BASE_URL = "https://miniflux.fi33.buzz"; + LISTEN_ADDR = "localhost:${port}"; + }; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/networkmanager.nix b/modules/nixos/features/networkmanager.nix new file mode 100644 index 0000000..894f484 --- /dev/null +++ b/modules/nixos/features/networkmanager.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + hostName, + ... +}: +let + feature = "networkmanager"; +in +{ + config = lib.mkIf config.${feature}.enable { + networking = { + hostName = "${hostName}"; + networkmanager.enable = true; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/nginx.nix b/modules/nixos/features/nginx.nix new file mode 100644 index 0000000..cd8a6bf --- /dev/null +++ b/modules/nixos/features/nginx.nix @@ -0,0 +1,47 @@ +{ + config, + lib, + ... +}: +let + feature = "nginx"; +in +{ + config = lib.mkIf config.${feature}.enable { + age.secrets."api-porkbun" = { + file = ../../../secrets/api-porkbun.age; + }; + + services.${feature} = { + enable = true; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts."*.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".index = "index.html"; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "wi11@duck.com"; + certs."fi33.buzz" = { + domain = "fi33.buzz"; + extraDomainNames = [ "*.fi33.buzz" ]; + group = "${feature}"; + dnsProvider = "porkbun"; + dnsPropagationCheck = true; + credentialsFile = config.age.secrets."api-porkbun".path; + }; + }; + + users.users.${feature}.extraGroups = [ "acme" ]; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/nh.nix b/modules/nixos/features/nh.nix new file mode 100644 index 0000000..9bca7e6 --- /dev/null +++ b/modules/nixos/features/nh.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + userName, + ... +}: +let + feature = "nh"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.${feature} = { + enable = true; + # clean.enable = true; + flake = "/home/${userName}/.dots"; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/nix-settings.nix b/modules/nixos/features/nix-settings.nix new file mode 100644 index 0000000..17c6c71 --- /dev/null +++ b/modules/nixos/features/nix-settings.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: +let + feature = "nix-settings"; +in +{ + config = lib.mkIf config.${feature}.enable { + nix = { + optimise.automatic = true; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + trusted-users = [ + "will" + "srv" + ]; + }; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/nixpkgs.nix b/modules/nixos/features/nixpkgs.nix new file mode 100644 index 0000000..3bf6858 --- /dev/null +++ b/modules/nixos/features/nixpkgs.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: +let + feature = "nixpkgs"; +in +{ + config = lib.mkIf config.${feature}.enable { + nixpkgs.config.allowUnfree = true; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/nixvim.nix b/modules/nixos/features/nixvim.nix new file mode 100644 index 0000000..5328d8c --- /dev/null +++ b/modules/nixos/features/nixvim.nix @@ -0,0 +1,57 @@ +{ + config, + inputs, + lib, + ... +}: +let + feature = "nixvim"; +in +{ + config = lib.mkIf config.${feature}.enable { + environment.variables.EDITOR = "nvim"; + programs.${feature} = { + enable = true; + opts = { + shiftwidth = 2; + number = true; + relativenumber = true; + autoindent = true; + tabstop = 2; + expandtab = true; + }; + colorschemes.catppuccin = { + enable = true; + settings.background.dark = "mocha"; + }; + plugins = { + cmp = { + enable = true; + autoEnableSources = true; + }; + cmp-nvim-lsp.enable = true; + cmp_luasnip.enable = true; + cmp-treesitter.enable = true; + cmp-async-path.enable = true; + cmp-npm.enable = true; + cmp-emoji.enable = true; + cmp-dictionary.enable = true; + cmp-calc.enable = true; + lsp = { + enable = true; + servers.nixd.enable = true; + }; + lsp-format.enable = true; + autoclose.enable = true; + lualine.enable = true; + luasnip.enable = true; + treesitter.enable = true; + lastplace.enable = true; + }; + }; + }; + + imports = [ inputs.nixvim.nixosModules.nixvim ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix new file mode 100644 index 0000000..2102a12 --- /dev/null +++ b/modules/nixos/features/ntfy-sh.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + ... +}: +let + feature = "ntfy-sh"; + port = "5002"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + settings = { + base-url = "https://${feature}.fi33.buzz"; + listen-http = ":${port}"; + behind-proxy = true; + }; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix new file mode 100644 index 0000000..4efdbe5 --- /dev/null +++ b/modules/nixos/features/paperless.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + ... +}: +let + feature = "paperless"; + port = "5013"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + dataDir = "/srv/paperless"; + database.createLocally = true; + passwordFile = config.age.secrets.paperless.path; + port = lib.toInt port; + settings = { + PAPERLESS_URL = "https://paperless.fi33.buzz"; + }; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + + age.secrets.paperless.file = ../../../secrets/paperless.age; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/pipewire.nix b/modules/nixos/features/pipewire.nix new file mode 100644 index 0000000..0b342c7 --- /dev/null +++ b/modules/nixos/features/pipewire.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: +let + feature = "pipewire"; +in +{ + config = lib.mkIf config.${feature}.enable { + security.rtkit.enable = true; + + services.pipewire = { + alsa.enable = true; + alsa.support32Bit = true; + enable = true; + jack.enable = true; + pulse.enable = true; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/plasma.nix b/modules/nixos/features/plasma.nix new file mode 100644 index 0000000..4d949bc --- /dev/null +++ b/modules/nixos/features/plasma.nix @@ -0,0 +1,19 @@ +{ config, lib, ... }: +let + feature = "plasma"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + desktopManager.plasma6.enable = true; + displayManager.sddm = { + enable = true; + wayland.enable = true; + }; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/print-and-scan.nix b/modules/nixos/features/print-and-scan.nix new file mode 100644 index 0000000..626edb3 --- /dev/null +++ b/modules/nixos/features/print-and-scan.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + pkgs, + ... +}: +let + feature = "print-and-scan"; +in +{ + config = lib.mkIf config.${feature}.enable { + hardware.sane = { + enable = true; + extraBackends = [ pkgs.hplip ]; + }; + services = { + avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + printing = { + enable = true; + drivers = [ pkgs.hplip ]; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix new file mode 100644 index 0000000..9f66969 --- /dev/null +++ b/modules/nixos/features/prowlarr.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + ... +}: +let + feature = "prowlarr"; + port = "5009"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + dataDir = "/srv/prowlarr"; + settings.server.port = lib.toInt port; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix new file mode 100644 index 0000000..ff0740a --- /dev/null +++ b/modules/nixos/features/radarr.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + ... +}: +let + feature = "radarr"; + port = "5007"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + dataDir = "/srv/radarr"; + settings.server.port = lib.toInt port; + group = "media"; + + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/shell.nix b/modules/nixos/features/shell.nix new file mode 100644 index 0000000..60a0932 --- /dev/null +++ b/modules/nixos/features/shell.nix @@ -0,0 +1,19 @@ +{ config, lib, ... }: +let + feature = "shell"; +in +{ + config = lib.mkIf config.${feature}.enable { + environment.shellAliases = { + g = "lazygit"; + ns = "nh os switch"; + rf = "nix flake init --template 'https://flakehub.com/f/the-nix-way/dev-templates/*#rust' && direnv allow"; + vi = "nvim"; + vim = "nvim"; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix new file mode 100644 index 0000000..75cc56a --- /dev/null +++ b/modules/nixos/features/sonarr.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + ... +}: +let + feature = "sonarr"; + port = "5006"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + dataDir = "/srv/sonarr"; + settings.server.port = lib.toInt port; + group = "media"; + + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/starship.nix b/modules/nixos/features/starship.nix new file mode 100644 index 0000000..b998cfa --- /dev/null +++ b/modules/nixos/features/starship.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + ... +}: +let + feature = "starship"; +in +{ + config = lib.mkIf config.${feature}.enable { + programs.starship = { + enable = true; + settings.character = { + success_symbol = "[%](bold green) "; + error_symbol = "[%](bold red) "; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/stirling-pdf.nix b/modules/nixos/features/stirling-pdf.nix new file mode 100644 index 0000000..a2a1bca --- /dev/null +++ b/modules/nixos/features/stirling-pdf.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: +let + feature = "stirling-pdf"; + port = "5003"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + environment = { + SERVER_PORT = lib.toInt port; + }; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/systemd-boot.nix b/modules/nixos/features/systemd-boot.nix new file mode 100644 index 0000000..423aab2 --- /dev/null +++ b/modules/nixos/features/systemd-boot.nix @@ -0,0 +1,16 @@ +{ config, lib, ... }: +let + feature = "systemd-boot"; +in +{ + config = lib.mkIf config.${feature}.enable { + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix new file mode 100644 index 0000000..943431d --- /dev/null +++ b/modules/nixos/features/tailscale.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + ... +}: +let + feature = "tailscale"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + ${feature}.enable = true; + nginx.tailscaleAuth.enable = true; + }; + + networking.firewall.trustedInterfaces = [ "tailscale0" ]; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/transmission.nix b/modules/nixos/features/transmission.nix new file mode 100644 index 0000000..f502082 --- /dev/null +++ b/modules/nixos/features/transmission.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + pkgs, + ... +}: +let + feature = "transmission"; + port = "5008"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + transmission = { + enable = true; + package = pkgs.transmission_4; + settings = { + download-dir = "/media/Downloads"; + rpc-host-whitelist-config.${feature}.enable = false; + rpc-port = lib.toInt port; + rpc-whitelist-enable = false; + }; + group = "media"; + webHome = pkgs.flood-for-transmission; + }; + + # reverse proxy + nginx.virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix new file mode 100644 index 0000000..710de3b --- /dev/null +++ b/modules/nixos/features/vaultwarden.nix @@ -0,0 +1,48 @@ +{ + config, + inputs, + lib, + ... +}: +let + feature = "vaultwarden"; + port = "5001"; +in +{ + config = lib.mkIf config.${feature}.enable { + services.${feature} = { + enable = true; + backupDir = "/srv/${feature}"; + config = { + rocketPort = "${port}"; + domain = "https://${feature}.fi33.buzz"; + signupsAllowed = false; + invitationsAllowed = false; + showPasswordHint = false; + useSyslog = true; + extendedLogging = true; + adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}"; + }; + }; + + # reverse proxy + services.nginx.virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + proxyWebsockets = true; + }; + }; + + # secrets + age.secrets = { + "vaultwarden-admin" = { + file = ../../../secrets/vaultwarden-admin.age; + owner = "${feature}"; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/nixos/features/vscode-server.nix b/modules/nixos/features/vscode-server.nix new file mode 100644 index 0000000..e7770ba --- /dev/null +++ b/modules/nixos/features/vscode-server.nix @@ -0,0 +1,16 @@ +{ + config, + inputs, + lib, + ... +}: +let + feature = "vscode-server"; +in +{ + config = lib.mkIf config.${feature}.enable { services.${feature}.enable = true; }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + + imports = [ inputs.${feature}.nixosModules.default ]; +} diff --git a/modules/nixos/features/webdav.nix b/modules/nixos/features/webdav.nix new file mode 100644 index 0000000..62ea793 --- /dev/null +++ b/modules/nixos/features/webdav.nix @@ -0,0 +1,47 @@ +{ + config, + lib, + ... +}: +let + feature = "webdav"; + port = "5000"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + settings = { + address = "127.0.0.1"; + port = lib.toInt port; + permissions = "R"; + directory = "/srv/webdav"; + modify = true; + users = [ + { + username = "admin"; + password = "{bcrypt}$2a$10$Buai6WtOhE7NoSNKNzcJ1OEJNFWyUzp6Y6b8i9pvdvIFNw8OaxCGm"; + permissions = "CRUD"; + } + ]; + }; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/templates/feature.nix b/modules/templates/feature.nix new file mode 100644 index 0000000..9b008e8 --- /dev/null +++ b/modules/templates/feature.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: +let + feature = "feature"; +in +{ + config = lib.mkIf config.${feature}.enable { + + }; + + imports = [ ]; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix new file mode 100644 index 0000000..eb17460 --- /dev/null +++ b/modules/templates/web-feature.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: +let + feature = "feature"; + port = "port"; +in +{ + config = lib.mkIf config.${feature}.enable { + services = { + # service + ${feature} = { + enable = true; + }; + + # reverse proxy + nginx = { + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; + }; + }; + }; + }; + }; + + options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; +} diff --git a/secrets/api-porkbun.age b/secrets/api-porkbun.age new file mode 100644 index 0000000..d9c3208 --- /dev/null +++ b/secrets/api-porkbun.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 LtK9yQ 3IfuOhEd6O3fwpovZNGe5phUxEyawaNLQaghm2CMICs +F7V16p9va1ghnBlPxeRgzub2YdGnw0vv8Kb5WfPtl6Y +-> ssh-ed25519 qLT+DQ cL8BORJ2yfk0KFFDNagXi1W7XYZVdKj0cU/XsW7chCs +fJ0Qd5pH7+i82OAtBUA0WthOOAA8pEaqnxKhpkwCH00 +--- sHXToVDlsHDq/eZERrUOAkM+u1tIRpNGzOLjrk1nnYg +#t/!7e6'G9[,:c$ʠ -ץ+b6Ѻ8j9U-e䝉޻p7ilER >wؗQVq>#uν%}PXLO迵!~E'hIGqN'jQDZr&%+ +Digf~n55 \ No newline at end of file diff --git a/secrets/borgbackup-server-offsite.age b/secrets/borgbackup-server-offsite.age new file mode 100644 index 0000000..0b5d688 --- /dev/null +++ b/secrets/borgbackup-server-offsite.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 LtK9yQ 3edXTIF3R9FV6nFioGmKfQj3KUhgHcBiLZqWvGYHTHA +whktnDd+FVRedb24p115Es/Z9VRHGUfuKP0ZnZckcH8 +-> ssh-ed25519 qLT+DQ RFxxvDwvEzCYWce3sgFpwpuMucStRCxcZJVl8IaCVl4 +KdhOmU1bdunFZaEZ/rNEXz0USSKpQJefYQkaKmQwPy0 +--- Xqxy50Tk669XG4bJFo+Jn4iM3q5r43WykXJRPjGaRRo +*phž h@]jU + Yco;R]V7@(_QZVDHh*f \ No newline at end of file diff --git a/secrets/borgbackup-server-onsite.age b/secrets/borgbackup-server-onsite.age new file mode 100644 index 0000000..b105354 Binary files /dev/null and b/secrets/borgbackup-server-onsite.age differ diff --git a/secrets/immich.age b/secrets/immich.age new file mode 100644 index 0000000..7a3afcb Binary files /dev/null and b/secrets/immich.age differ diff --git a/secrets/jellyfin.age b/secrets/jellyfin.age new file mode 100644 index 0000000..d3125f0 --- /dev/null +++ b/secrets/jellyfin.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 LtK9yQ 5qUkcfVKMNSjnj55IEE50uzBq4+nnttmZTiTKhgvBgc +QacHV/T7u4mxq34XOtRNT2vK5ETKqBd7YGlaYC3hWuY +-> ssh-ed25519 qLT+DQ iHIJ4YA/0hQ10X2lKYCWmzJWgcD3WtMEMcAmEN/KV0Y +aMzsYlzcJTRTaA8qfynGaEtwAj727UCJC/vERY8R+Fo +--- WmYMmCznOaPQJzltI7W77lJZr6UQ+z8AMlxSCo/flsc +kV !JR>h@G}* Ǜ3Zrh8GT$3yb u< yh \ No newline at end of file diff --git a/secrets/lidarr.age b/secrets/lidarr.age new file mode 100644 index 0000000..baded88 --- /dev/null +++ b/secrets/lidarr.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 LtK9yQ aofrkfDuwx1bcL0LS0MnuXCUceWSYa6++idgsymaBzM +LBopXJq9soUEpXKx40FVdauI9czX3myTUozOTpn9ftQ +-> ssh-ed25519 qLT+DQ 5VVHAXAB1jLcjEfDDMZG9ydkiXTbtV39C/yvPwqz2wk +81MdOmmwlnuKYqUrFhOuumuvcg8IiatpQw+FSxVFMPU +--- EZKJh4tnM2BIm2sJg3qXedcMWkwrDXY3zsaleD55/J4 +{s ssh-ed25519 LtK9yQ 9i8bOq3woX+NlmieWSmeoelNqN08i4ad2mGSCPjjlxk +GeEpaT+tQJe6Eqg9jdLkYUtMuWedB3oE8RsOw4ZtMrA +-> ssh-ed25519 qLT+DQ AsPmSML5ZJMt80pCK4MQGLJ5y1ZXHkroEIWKdz6u4j0 +OZoIeyoaVTg49UoEZIE8kwW44GsOp9vNAgf+FYFcuzM +--- EwP5WtBaG4lRoXtufF7P+arMMM1+012GjQCfWNnUG08 +JB:+y Qv J-FbHk*Yap=㧮mQ]W E\W58Y_AfO/?ef(f[ڈ=`݂6N: \ No newline at end of file diff --git a/secrets/prowlarr.age b/secrets/prowlarr.age new file mode 100644 index 0000000..e28efa5 --- /dev/null +++ b/secrets/prowlarr.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 LtK9yQ gydFv7SFOTuqfbV/QK56L6paj9dVOHmMYxKzUfDD3mw +8Z20yv4cN75PJNsHE8dUGmLHi0c70GHskBd+TohSgLo +-> ssh-ed25519 qLT+DQ 6xlhv9/VqZjYaFM7FveP0DGnBcWUlvqRAQIAg0cLED8 +YLQ/q4kb3H8aNfsH+fzPfNw/WSOfUg7+VVw3ak7s2tk +--- 2w8MZjzFiUgK8kS8bcpz/AzqzGe+lwXVDZkhXU7qGwM +UxZP7, + ;W&= kaMĵeZp9gq8N \ No newline at end of file diff --git a/secrets/radarr.age b/secrets/radarr.age new file mode 100644 index 0000000..318d78d --- /dev/null +++ b/secrets/radarr.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 LtK9yQ g0eAUUsmYBJ8Ir+ECB9DM2KixJ7DIdOKneM77753mmE +qrV3Kc4QW/qOZgzMsSbDP0UD0tvhU+Nh7lb6++Dl9BA +-> ssh-ed25519 qLT+DQ i4kT7QhcHmg2J3ga1X4sPbIhXUUoojifVBtD1QGN/xA +993ZM4b4Kd+KAECzEsZ6nusH3u04Kb7AgMbaGNRuhfc +--- MUcReVbWsOjhsPZYioCIggNQ3gG2DItj5O+ZXNl5JHE +:<>Y$9n]l =w~RgY(Ǐwfт#Uٰ߽7 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..1a3ff42 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,23 @@ +let + srv = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeV0NxqIGIXXgLYE6ntkHE4PARceZBp1FTI7kKLBbk8"; + will = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHAnTQP77HQ/8nbf1oX7xftfKYtbH6MSh83wic0qdBy"; + users = [ + srv will]; + +in +{ + "api-porkbun.age".publicKeys = users; + "api-miniflux.age".publicKeys = users; + "borgbackup-server-offsite.age".publicKeys = users; + "borgbackup-server-onsite.age".publicKeys = users; + "immich.age".publicKeys = users; + "jellyfin.age".publicKeys = users; + "jellyseerr.age".publicKeys = users; + "lidarr.age".publicKeys = users; + "miniflux-creds.age".publicKeys = users; + "paperless.age".publicKeys = users; + "prowlarr.age".publicKeys = users; + "radarr.age".publicKeys = users; + "sonarr.age".publicKeys = users; + "vaultwarden-admin.age".publicKeys = users; +} diff --git a/secrets/sonarr.age b/secrets/sonarr.age new file mode 100644 index 0000000..162407f --- /dev/null +++ b/secrets/sonarr.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 LtK9yQ DlFSpGarWh5dC0MoHatf1qNojLzoOLXIifmBBYwxxGA +dwlHzXfNnCx8cpzPdYI3/sfB4upMGccm+MGfi7L9JCQ +-> ssh-ed25519 qLT+DQ k9u/7jfgXO8KbtbZkR0p3iB7hsK54Xb7CEpBLAD9tQM +XQf+ChnVB0G4uE2SoBdr8wfGg1SAbml2I0zVsw0/hrQ +--- 1/KKI5MPgjg/5A9sKHAn22f7u78Jb6i0HjkIdVwPV6I +)ȠfMO86;l̆CjI8K!HyAK3'~ \ No newline at end of file diff --git a/secrets/vaultwarden-admin.age b/secrets/vaultwarden-admin.age new file mode 100644 index 0000000..c4a724e --- /dev/null +++ b/secrets/vaultwarden-admin.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 LtK9yQ 5Z2mArRLMaq8n3kGmFj9R5fsKjy0AiQNjZYgmET6Yxs +3eoWHlMxHOtCg6AB5ukISj8QMTw/pt6LEJbu0WeArlw +-> ssh-ed25519 qLT+DQ 7PZMhnh3+wLwd8CAEPMe6IfdQ7SA0880DHbTFRIKhVw +IpZw5NiQILBxZLlsp7jV+aigvpHE4PFSfAgZJHe5Kz8 +--- jstgcHlkJkaS9g047sPIgiaOK3uuBKt9jhPN3XyUxLo +`YJ+U Z\Na}n 0oa[7H˕1Snjg枆6t4G,F%^ݔ!3=7\0UG0;(1崼-*6=b~j[;gs/ +SuE}ørT< \ No newline at end of file