will-holdsworth/dots
1
1
Fork 0
Code Issues 22 Pull requests Projects 1 Releases Packages Wiki Activity Actions 1

initial config commit

Browse source
This commit is contained in:
wi11-holdsworth 2025-07-11 16:57:21 +10:00
parent f8980b6805
commit f3dc1d15ff
79 changed files with 2725 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/home-manager/bundles/desktop.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, ... }:
let
feature = "desktop";
in
{
config = lib.mkIf config.${feature}.enable {
alacritty.enable = true;
zellij.enable = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

14
modules/home-manager/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, ... }:
let
featureBundler =
featuresDir:
map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir));
in
{
imports = (featureBundler ./bundles) ++ (featureBundler ./features);
bash.enable = lib.mkDefault true;
gh.enable = lib.mkDefault true;
git.enable = lib.mkDefault true;
zoxide.enable = lib.mkDefault true;
}

49
modules/home-manager/features/alacritty.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
lib,
...
}:
let
feature = "alacritty";
in
{
config = lib.mkIf config.${feature}.enable {
programs.alacritty = {
enable = true;
theme = "catppuccin_mocha";
settings = {
window.startup_mode = "fullscreen";
terminal.shell = {
program = "zellij";
args = [
"-l"
"welcome"
];
};
font = {
normal = {
family = "JetBrainsMono Nerd Font";
style = "Regular";
};
bold = {
family = "JetBrainsMono Nerd Font";
style = "Bold";
};
italic = {
family = "JetBrainsMono Nerd Font";
style = "italic";
};
bold_italic = {
family = "JetBrainsMono Nerd Font";
style = "bold_italic";
};
size = 13;
};
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

13
modules/home-manager/features/bash.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }:
let
feature = "bash";
in
{
config = lib.mkIf config.${feature}.enable {
programs.bash.enable = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

23
modules/home-manager/features/gh.nix Normal file
View file

@ -0,0 +1,23 @@
{
config,
lib,
...
}:
let
feature = "gh";
in
{
config = lib.mkIf config.${feature}.enable {
programs.gh = {
enable = true;
settings = {
git_protocol = "ssh";
editor = "nvim";
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

49
modules/home-manager/features/git.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
lib,
...
}:
let
feature = "git";
in
{
config = lib.mkIf config.${feature}.enable {
programs.${feature} = {
enable = true;
userName = "wi11-holdsworth";
userEmail = "83637728+wi11-holdsworth@users.noreply.github.com";
aliases = {
a = "add";
aa = "add .";
ap = "add -p";
c = "commit --verbose";
ca = "commit -a --verbose";
cm = "commit -m";
cam = "commit -a -m";
m = "commit --amend --verbose";
d = "diff";
ds = "diff --stat";
dc = "diff --cached";
s = "status -s";
co = "checkout";
cob = "checkout -b";
ps = "push";
pl = "pull";
};
extraConfig = {
init.defaultBranch = "main";
core.editor = "nvim";
push.autoSetupRemote = true;
pull.rebase = false;
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

23
modules/home-manager/features/zellij.nix Normal file
View file

@ -0,0 +1,23 @@
{
config,
lib,
...
}:
let
feature = "zellij";
in
{
config = lib.mkIf config.${feature}.enable {
programs.zellij = {
enable = true;
settings = {
theme = "catppuccin-mocha";
show_startup_tips = false;
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

23
modules/home-manager/features/zoxide.nix Normal file
View file

@ -0,0 +1,23 @@
{
config,
lib,
...
}:
let
feature = "zoxide";
in
{
config = lib.mkIf config.${feature}.enable {
programs.zoxide = {
enable = true;
enableBashIntegration = true;
options = [
"--cmd j"
];
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

42
modules/nixos/bundles/desktop.nix Normal file
View file

@ -0,0 +1,42 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "desktop";
in
{
config = lib.mkIf config.${feature}.enable {
pipewire.enable = true;
print-and-scan.enable = true;
plasma.enable = true;
environment.systemPackages =
with pkgs;
[
beeper
brave
calibre
cameractrls-gtk3
firefox
jellyfin-media-player
kiwix
libreoffice
nixfmt-rfc-style
obsidian
vlc
vscode
]
++ (with pkgs.kdePackages; [
skanlite
ktorrent
kzones
]);
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

30
modules/nixos/bundles/server.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, ... }:
let
feature = "server";
in
{
config = lib.mkIf config.${feature}.enable {
couchdb.enable = true;
flaresolverr.enable = true;
homepage-dashboard.enable = true;
immich.enable = true;
jellyfin.enable = true;
lidarr.enable = true;
miniflux.enable = true;
nginx.enable = true;
ntfy-sh.enable = true;
paperless.enable = true;
prowlarr.enable = true;
radarr.enable = true;
sonarr.enable = true;
stirling-pdf.enable = true;
transmission.enable = true;
vaultwarden.enable = true;
vscode-server.enable = true;
webdav.enable = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

39
modules/nixos/default.nix Normal file
View file

@ -0,0 +1,39 @@
{
lib,
pkgs,
...
}:
let
featureBundler =
featuresDir:
map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir));
in
{
imports = (featureBundler ./bundles) ++ (featureBundler ./features);
agenix.enable = lib.mkDefault true;
direnv.enable = lib.mkDefault true;
fonts.enable = lib.mkDefault true;
home-manager.enable = lib.mkDefault true;
localisation.enable = lib.mkDefault true;
nh.enable = lib.mkDefault true;
nix-settings.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault true;
nixvim.enable = lib.mkDefault true;
shell.enable = lib.mkDefault true;
starship.enable = lib.mkDefault true;
systemd-boot.enable = lib.mkDefault true;
tailscale.enable = lib.mkDefault true;
# cli utils
environment.systemPackages = with pkgs; [
bat
dust
eza
fd
lazygit
nom
ripgrep-all
spotdl
];
}

21
modules/nixos/features/agenix.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
inputs,
lib,
system,
userName,
...
}:
let
feature = "agenix";
in
{
config = lib.mkIf config.${feature}.enable {
age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ];
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
};
imports = [ inputs.agenix.nixosModules.default ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

26
modules/nixos/features/amd-gpu.nix Normal file
View file

@ -0,0 +1,26 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "amd-gpu";
in
{
config = lib.mkIf config.${feature}.enable {
# load graphics drivers before anything else
boot.initrd.kernelModules = [ "amdgpu" ];
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [ amdvlk ];
};
services.xserver.videoDrivers = [ "amdgpu" ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

104
modules/nixos/features/borgbackup-srv.nix Normal file
View file

@ -0,0 +1,104 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "borgbackup-srv";
secret = "borgbackup";
notify =
{
tag,
msg,
location,
}:
''
${pkgs.curl}/bin/curl -H "X-Tags: ${tag},BorgBackup,Server,${location}" -d "${msg}" ${config.services.ntfy-sh.settings.base-url}/backups
'';
notifySuccess =
location:
notify {
tag = "tada";
msg = "Backup succeeded";
inherit location;
};
notifyFailure =
location:
notify {
tag = "tada";
msg = "Backup failed, check logs";
inherit location;
};
in
{
config = lib.mkIf config.${feature}.enable {
services.borgbackup.jobs =
let
srv = location: {
paths = "/srv";
compression = "auto,zstd";
startAt = "*-*-* 04:00:00 Australia/Melbourne";
prune.keep = {
daily = 7;
weekly = 4;
monthly = 6;
};
postHook = ''
if [ $exitStatus -eq 0 ]; then
${notifySuccess location}
else
${notifyFailure location}
fi
'';
};
in
{
onsite = srv "onsite" // {
repo = "/repo";
exclude = [ "/srv/immich" ];
encryption.mode = "repokey-blake2";
encryption.passCommand = "cat ${config.age.secrets.borgbackup-server-onsite.path}";
removableDevice = true;
};
offsite = srv "offsite" // {
repo = "vuc5c3xq@vuc5c3xq.repo.borgbase.com:repo";
encryption.mode = "repokey-blake2";
encryption.passCommand = "cat ${config.age.secrets.borgbackup-server-offsite.path}";
environment.BORG_RSH = "ssh -i /home/srv/.ssh/id_ed25519";
};
};
# onsite drive
services.udisks2.enable = true;
fileSystems."/repo" = {
device = "/dev/sdb1";
fsType = "vfat";
};
# secrets
age.secrets = {
"${secret}-server-onsite" = {
file = ../../../secrets/${secret}-server-onsite.age;
};
"${secret}-server-offsite" = {
file = ../../../secrets/${secret}-server-offsite.age;
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

60
modules/nixos/features/couchdb.nix Normal file
View file

@ -0,0 +1,60 @@
{
config,
lib,
...
}:
let
feature = "couchdb";
port = "5984";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
databaseDir = "/srv/couchdb";
viewIndexDir = "/srv/couchdb";
configFile = "/srv/couchdb";
port = lib.toInt port;
extraConfig = {
chttpd = {
require_valid_user = true;
enable_cors = true;
max_http_request_size = 4294967296;
};
chttpd_auth.require_valid_user = true;
httpd = {
WWW-Authenticate = ''Basic realm="couchdb"'';
enable_cors = true;
};
couchdb.max_document_size = 50000000;
cors = {
credentials = true;
origins = ''
app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz
'';
};
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

13
modules/nixos/features/direnv.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
...
}:
let
feature = "direnv";
in
{
config = lib.mkIf config.${feature}.enable { programs.${feature}.enable = true; };
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

17
modules/nixos/features/external-speakers.nix Normal file
View file

@ -0,0 +1,17 @@
{
config,
lib,
...
}:
let
feature = "external-speakers";
in
{
config = lib.mkIf config.${feature}.enable {
boot.extraModprobeConfig = ''
options snd_hda_intel power_save=0
'';
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

34
modules/nixos/features/flaresolverr.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
lib,
...
}:
let
feature = "flaresolverr";
port = "5011";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
port = lib.toInt port;
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

18
modules/nixos/features/fonts.nix Normal file
View file

@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "fonts";
in
{
config = lib.mkIf config.${feature}.enable {
fonts.packages = with pkgs; [ nerd-fonts.jetbrains-mono ];
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

37
modules/nixos/features/gaming.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "gaming";
in
{
config = lib.mkIf config.${feature}.enable {
environment.systemPackages = with pkgs; [
heroic
lutris
mangohud
nexusmods-app
protonup-qt
wine
wine64
winetricks
prismlauncher
];
programs = {
gamemode.enable = true;
steam = {
enable = true;
gamescopeSession.enable = true;
};
};
# latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

28
modules/nixos/features/home-manager.nix Normal file
View file

@ -0,0 +1,28 @@
{
config,
hostName,
inputs,
lib,
userName,
...
}:
let
feature = "home-manager";
in
{
config = lib.mkIf config.${feature}.enable {
home-manager = {
users.${userName} = import ../../../hosts/${hostName}/home.nix;
backupFileExtension = "backup";
extraSpecialArgs = {
inherit userName;
};
useGlobalPkgs = true;
useUserPackages = true;
};
};
imports = [ inputs.home-manager.nixosModules.home-manager ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

268
modules/nixos/features/homepage-dashboard.nix Normal file
View file

@ -0,0 +1,268 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "homepage-dashboard";
port = "5004";
genSecrets =
secrets:
lib.genAttrs secrets (secret: {
file = ../../../secrets/${secret}.age;
});
insertSecrets =
secrets:
lib.genAttrs secrets (secret: ''
secret=$(cat "${config.age.secrets.${secret}.path}")
configFile=/etc/homepage-dashboard/services.yaml
${pkgs.gnused}/bin/sed -i "s#@${secret}@#$secret#" "$configFile"
'');
secrets = [
"immich"
"jellyfin"
"lidarr"
"miniflux"
"paperless"
"prowlarr"
"radarr"
"sonarr"
];
in
{
config = lib.mkIf config.${feature}.enable {
system.activationScripts = insertSecrets secrets;
age.secrets = genSecrets secrets;
services = {
# service
${feature} = {
enable = true;
listenPort = lib.toInt port;
allowedHosts = "${feature}.fi33.buzz";
services = [
{
"Media Management" = [
{
"Lidarr" = {
"icon" = "lidarr.png";
"href" = "https://lidarr.fi33.buzz/";
"widget" = {
"type" = "lidarr";
"url" = "https://lidarr.fi33.buzz/";
"key" = "@lidarr@";
"enableQueue" = true;
};
};
}
{
"Prowlarr" = {
"icon" = "prowlarr.png";
"href" = "https://prowlarr.fi33.buzz/";
"widget" = {
"type" = "prowlarr";
"url" = "https://prowlarr.fi33.buzz/";
"key" = "@prowlarr@";
};
};
}
{
"Radarr" = {
"icon" = "radarr.png";
"href" = "https://radarr.fi33.buzz/";
"widget" = {
"type" = "radarr";
"url" = "https://radarr.fi33.buzz/";
"key" = "@radarr@";
"enableQueue" = true;
};
};
}
{
"Sonarr" = {
"icon" = "sonarr.png";
"href" = "https://sonarr.fi33.buzz/";
"widget" = {
"type" = "sonarr";
"url" = "https://sonarr.fi33.buzz/";
"key" = "@sonarr@";
"enableQueue" = true;
};
};
}
];
}
{
"Media Streaming" = [
{
"Immich" = {
"icon" = "immich.png";
"href" = "https://immich.fi33.buzz/";
"widget" = {
"type" = "immich";
"fields" = [
"users"
"photos"
"videos"
"storage"
];
"url" = "https://immich.fi33.buzz/";
"version" = 2;
"key" = "@immich@";
};
};
}
{
"Jellyfin" = {
"icon" = "jellyfin.png";
"href" = "https://jellyfin.fi33.buzz/";
"widget" = {
"type" = "jellyfin";
"url" = "https://jellyfin.fi33.buzz/";
"key" = "@jellyfin@";
"enableBlocks" = true;
"enableNowPlaying" = true;
"enableUser" = true;
"showEpisodeNumber" = true;
"expandOneStreamToTwoRows" = false;
};
};
}
{
"Miniflux" = {
"icon" = "miniflux.png";
"href" = "https://miniflux.fi33.buzz/";
"widget" = {
"type" = "miniflux";
"url" = "https://miniflux.fi33.buzz/";
"key" = "@miniflux@";
};
};
}
{
"Paperless" = {
"icon" = "paperless.png";
"href" = "https://paperless.fi33.buzz/";
"widget" = {
"type" = "paperlessngx";
"url" = "https://paperless.fi33.buzz/";
"username" = "admin";
"password" = "@paperless@";
};
};
}
];
}
{
"Cloud Services" = [
{
"CouchDB" = {
"icon" = "couchdb.png";
"href" = "https://couchdb.fi33.buzz/_utils/";
};
}
{
"Ntfy" = {
"icon" = "ntfy.png";
"href" = "https://ntfy-sh.fi33.buzz/";
};
}
{
"Stirling PDF" = {
"icon" = "stirling-pdf.png";
"href" = "https://stirling-pdf.fi33.buzz/";
};
}
{
"Transmission" = {
"icon" = "transmission.png";
"href" = "https://transmission.fi33.buzz/";
};
}
{
"Vaultwarden" = {
"icon" = "vaultwarden.png";
"href" = "https://vaultwarden.fi33.buzz/";
};
}
];
}
];
settings = {
title = "Mission Control";
theme = "dark";
color = "neutral";
headerStyle = "clean";
layout = [
{
"Media Streaming" = {
style = "row";
columns = 4;
useEqualHeights = true;
};
}
{
"Media Management" = {
style = "row";
columns = 4;
useEqualHeights = true;
};
}
{
"Cloud Services" = {
style = "row";
columns = 3;
};
}
];
quicklaunch.searchDescriptions = true;
disableUpdateCheck = true;
showStats = true;
statusStyle = "dot";
};
widgets = [
{
search = {
provider = [
"duckduckgo"
"brave"
];
focus = true;
showSearchSuggestions = true;
target = "_blank";
};
}
{
resources = {
cpu = true;
memory = true;
disk = "/";
cputemp = true;
tempmin = 0;
tempmax = 100;
units = "metric";
network = true;
uptime = true;
};
}
];
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

34
modules/nixos/features/immich.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
lib,
...
}:
let
feature = "immich";
port = "2283";
in
{
config = lib.mkIf config.${feature}.enable {
services.${feature} = {
enable = true;
port = builtins.fromJSON "${port}";
mediaLocation = "/srv/${feature}";
};
# reverse proxy
services.nginx = {
clientMaxBodySize = "50000M";
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://[::1]:${port}";
proxyWebsockets = true;
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

30
modules/nixos/features/intel-gpu.nix Normal file
View file

@ -0,0 +1,30 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "intel-gpu";
in
{
config = lib.mkIf config.${feature}.enable {
hardware = {
enableAllFirmware = true;
graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
libva-vdpau-driver
intel-compute-runtime
vpl-gpu-rt
intel-ocl
];
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

37
modules/nixos/features/jellyfin.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
userName,
...
}:
let
feature = "jellyfin";
port = "8096";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/jellyfin";
group = "media";
};
# reverse proxy
nginx.virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
# use intel iGP
systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD";
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

36
modules/nixos/features/lidarr.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
lib,
...
}:
let
feature = "lidarr";
port = "5012";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/lidarr";
settings.server.port = lib.toInt port;
group = "media";
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

17
modules/nixos/features/link2c.nix Normal file
View file

@ -0,0 +1,17 @@
{
config,
lib,
...
}:
let
feature = "link2c";
in
{
config = lib.mkIf config.${feature}.enable {
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="2e1a", ATTR{idProduct}=="4c03", TEST=="power/control", ATTR{power/control}="on"
'';
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

21
modules/nixos/features/localisation.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, ... }:
let
feature = "localisation";
in
{
config = lib.mkIf config.${feature}.enable {
i18n = {
defaultLocale = "en_AU.UTF-8";
supportedLocales = [
"en_US.UTF-8/UTF-8"
"en_AU.UTF-8/UTF-8"
];
};
time.timeZone = "Australia/Melbourne";
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

40
modules/nixos/features/miniflux.nix Normal file
View file

@ -0,0 +1,40 @@
{
config,
lib,
...
}:
let
feature = "miniflux";
port = "5010";
in
{
config = lib.mkIf config.${feature}.enable {
age.secrets.miniflux-creds.file = ../../../secrets/miniflux-creds.age;
services = {
# service
${feature} = {
enable = true;
adminCredentialsFile = config.age.secrets.miniflux-creds.path;
config = {
BASE_URL = "https://miniflux.fi33.buzz";
LISTEN_ADDR = "localhost:${port}";
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

21
modules/nixos/features/networkmanager.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
hostName,
...
}:
let
feature = "networkmanager";
in
{
config = lib.mkIf config.${feature}.enable {
networking = {
hostName = "${hostName}";
networkmanager.enable = true;
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

47
modules/nixos/features/nginx.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
lib,
...
}:
let
feature = "nginx";
in
{
config = lib.mkIf config.${feature}.enable {
age.secrets."api-porkbun" = {
file = ../../../secrets/api-porkbun.age;
};
services.${feature} = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts."*.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".index = "index.html";
};
};
security.acme = {
acceptTerms = true;
defaults.email = "wi11@duck.com";
certs."fi33.buzz" = {
domain = "fi33.buzz";
extraDomainNames = [ "*.fi33.buzz" ];
group = "${feature}";
dnsProvider = "porkbun";
dnsPropagationCheck = true;
credentialsFile = config.age.secrets."api-porkbun".path;
};
};
users.users.${feature}.extraGroups = [ "acme" ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

20
modules/nixos/features/nh.nix Normal file
View file

@ -0,0 +1,20 @@
{
config,
lib,
userName,
...
}:
let
feature = "nh";
in
{
config = lib.mkIf config.${feature}.enable {
programs.${feature} = {
enable = true;
# clean.enable = true;
flake = "/home/${userName}/.dots";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

25
modules/nixos/features/nix-settings.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, ... }:
let
feature = "nix-settings";
in
{
config = lib.mkIf config.${feature}.enable {
nix = {
optimise.automatic = true;
settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"will"
"srv"
];
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

13
modules/nixos/features/nixpkgs.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }:
let
feature = "nixpkgs";
in
{
config = lib.mkIf config.${feature}.enable {
nixpkgs.config.allowUnfree = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

57
modules/nixos/features/nixvim.nix Normal file
View file

@ -0,0 +1,57 @@
{
config,
inputs,
lib,
...
}:
let
feature = "nixvim";
in
{
config = lib.mkIf config.${feature}.enable {
environment.variables.EDITOR = "nvim";
programs.${feature} = {
enable = true;
opts = {
shiftwidth = 2;
number = true;
relativenumber = true;
autoindent = true;
tabstop = 2;
expandtab = true;
};
colorschemes.catppuccin = {
enable = true;
settings.background.dark = "mocha";
};
plugins = {
cmp = {
enable = true;
autoEnableSources = true;
};
cmp-nvim-lsp.enable = true;
cmp_luasnip.enable = true;
cmp-treesitter.enable = true;
cmp-async-path.enable = true;
cmp-npm.enable = true;
cmp-emoji.enable = true;
cmp-dictionary.enable = true;
cmp-calc.enable = true;
lsp = {
enable = true;
servers.nixd.enable = true;
};
lsp-format.enable = true;
autoclose.enable = true;
lualine.enable = true;
luasnip.enable = true;
treesitter.enable = true;
lastplace.enable = true;
};
};
};
imports = [ inputs.nixvim.nixosModules.nixvim ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

38
modules/nixos/features/ntfy-sh.nix Normal file
View file

@ -0,0 +1,38 @@
{
config,
lib,
...
}:
let
feature = "ntfy-sh";
port = "5002";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
settings = {
base-url = "https://${feature}.fi33.buzz";
listen-http = ":${port}";
behind-proxy = true;
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

42
modules/nixos/features/paperless.nix Normal file
View file

@ -0,0 +1,42 @@
{
config,
lib,
...
}:
let
feature = "paperless";
port = "5013";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/paperless";
database.createLocally = true;
passwordFile = config.age.secrets.paperless.path;
port = lib.toInt port;
settings = {
PAPERLESS_URL = "https://paperless.fi33.buzz";
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
age.secrets.paperless.file = ../../../secrets/paperless.age;
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

21
modules/nixos/features/pipewire.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, ... }:
let
feature = "pipewire";
in
{
config = lib.mkIf config.${feature}.enable {
security.rtkit.enable = true;
services.pipewire = {
alsa.enable = true;
alsa.support32Bit = true;
enable = true;
jack.enable = true;
pulse.enable = true;
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

19
modules/nixos/features/plasma.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, ... }:
let
feature = "plasma";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

30
modules/nixos/features/print-and-scan.nix Normal file
View file

@ -0,0 +1,30 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "print-and-scan";
in
{
config = lib.mkIf config.${feature}.enable {
hardware.sane = {
enable = true;
extraBackends = [ pkgs.hplip ];
};
services = {
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
printing = {
enable = true;
drivers = [ pkgs.hplip ];
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

35
modules/nixos/features/prowlarr.nix Normal file
View file

@ -0,0 +1,35 @@
{
config,
lib,
...
}:
let
feature = "prowlarr";
port = "5009";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/prowlarr";
settings.server.port = lib.toInt port;
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

37
modules/nixos/features/radarr.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
...
}:
let
feature = "radarr";
port = "5007";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/radarr";
settings.server.port = lib.toInt port;
group = "media";
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

19
modules/nixos/features/shell.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, ... }:
let
feature = "shell";
in
{
config = lib.mkIf config.${feature}.enable {
environment.shellAliases = {
g = "lazygit";
ns = "nh os switch";
rf = "nix flake init --template 'https://flakehub.com/f/the-nix-way/dev-templates/*#rust' && direnv allow";
vi = "nvim";
vim = "nvim";
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

37
modules/nixos/features/sonarr.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
...
}:
let
feature = "sonarr";
port = "5006";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/sonarr";
settings.server.port = lib.toInt port;
group = "media";
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

21
modules/nixos/features/starship.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
...
}:
let
feature = "starship";
in
{
config = lib.mkIf config.${feature}.enable {
programs.starship = {
enable = true;
settings.character = {
success_symbol = "[%](bold green) ";
error_symbol = "[%](bold red) ";
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

36
modules/nixos/features/stirling-pdf.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
lib,
...
}:
let
feature = "stirling-pdf";
port = "5003";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
environment = {
SERVER_PORT = lib.toInt port;
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

16
modules/nixos/features/systemd-boot.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, lib, ... }:
let
feature = "systemd-boot";
in
{
config = lib.mkIf config.${feature}.enable {
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

20
modules/nixos/features/tailscale.nix Normal file
View file

@ -0,0 +1,20 @@
{
config,
lib,
...
}:
let
feature = "tailscale";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
${feature}.enable = true;
nginx.tailscaleAuth.enable = true;
};
networking.firewall.trustedInterfaces = [ "tailscale0" ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

37
modules/nixos/features/transmission.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "transmission";
port = "5008";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
transmission = {
enable = true;
package = pkgs.transmission_4;
settings = {
download-dir = "/media/Downloads";
rpc-host-whitelist-config.${feature}.enable = false;
rpc-port = lib.toInt port;
rpc-whitelist-enable = false;
};
group = "media";
webHome = pkgs.flood-for-transmission;
};
# reverse proxy
nginx.virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

48
modules/nixos/features/vaultwarden.nix Normal file
View file

@ -0,0 +1,48 @@
{
config,
inputs,
lib,
...
}:
let
feature = "vaultwarden";
port = "5001";
in
{
config = lib.mkIf config.${feature}.enable {
services.${feature} = {
enable = true;
backupDir = "/srv/${feature}";
config = {
rocketPort = "${port}";
domain = "https://${feature}.fi33.buzz";
signupsAllowed = false;
invitationsAllowed = false;
showPasswordHint = false;
useSyslog = true;
extendedLogging = true;
adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}";
};
};
# reverse proxy
services.nginx.virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
proxyWebsockets = true;
};
};
# secrets
age.secrets = {
"vaultwarden-admin" = {
file = ../../../secrets/vaultwarden-admin.age;
owner = "${feature}";
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

16
modules/nixos/features/vscode-server.nix Normal file
View file

@ -0,0 +1,16 @@
{
config,
inputs,
lib,
...
}:
let
feature = "vscode-server";
in
{
config = lib.mkIf config.${feature}.enable { services.${feature}.enable = true; };
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
imports = [ inputs.${feature}.nixosModules.default ];
}

47
modules/nixos/features/webdav.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
lib,
...
}:
let
feature = "webdav";
port = "5000";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
settings = {
address = "127.0.0.1";
port = lib.toInt port;
permissions = "R";
directory = "/srv/webdav";
modify = true;
users = [
{
username = "admin";
password = "{bcrypt}$2a$10$Buai6WtOhE7NoSNKNzcJ1OEJNFWyUzp6Y6b8i9pvdvIFNw8OaxCGm";
permissions = "CRUD";
}
];
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

13
modules/templates/feature.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }:
let
feature = "feature";
in
{
config = lib.mkIf config.${feature}.enable {
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

29
modules/templates/web-feature.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, lib, ... }:
let
feature = "feature";
port = "port";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}