will-holdsworth/dots
1
1
Fork 0
Code Issues 22 Pull requests Projects 1 Releases Packages Wiki Activity Actions 1

initial config commit

Browse source
This commit is contained in:
wi11-holdsworth 2025-07-11 16:57:21 +10:00
parent f8980b6805
commit f3dc1d15ff
79 changed files with 2725 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

341
flake.lock generated Normal file
View file

@ -0,0 +1,341 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1751589297,
"narHash": "sha256-3q35cq6BPuwIRL3IoVKYPc72r3OleeuRyf4YAPjEqzA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "83f978812c37511ef2ffaf75ffa72160483f738a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748294338,
"narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.8",
"repo": "ixx",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1751271578,
"narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1682134069,
"narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_3"
},
"locked": {
"lastModified": 1751492444,
"narHash": "sha256-26NgRXwhNM2x4hrok0C3CqSf2v0vi9byONNON5PzbHQ=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "239d331bb48673dfd00d7187654892471cd60d44",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749730855,
"narHash": "sha256-L3x2nSlFkXkM6tQPLJP3oCBMIsRifhIDPMQQdHO5xWo=",
"owner": "NuschtOS",
"repo": "search",
"rev": "8dfe5879dd009ff4742b668d9c699bc4b9761742",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs",
"nixvim": "nixvim",
"vscode-server": "vscode-server"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"vscode-server": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1750353031,
"narHash": "sha256-Bx7DOPLhkr8Z60U9Qw4l0OidzHoqLDKQH5rDV5ef59A=",
"owner": "nix-community",
"repo": "nixos-vscode-server",
"rev": "4ec4859b12129c0436b0a471ed1ea6dd8a317993",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-vscode-server",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

51
flake.nix Normal file
View file

@ -0,0 +1,51 @@
{
description = "NixOS configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
vscode-server.url = "github:nix-community/nixos-vscode-server";
};
outputs =
{ nixpkgs, agenix, ... }@inputs:
let
commonSystem =
{
hostName ? "nixos",
userName ? "will",
system ? "x86_64-linux",
}:
nixpkgs.lib.nixosSystem {
modules = [ ./hosts/${hostName}/configuration.nix ];
specialArgs = {
inherit inputs;
inherit hostName;
inherit userName;
inherit system;
};
inherit system;
};
in
{
nixosConfigurations = {
desktop = commonSystem { hostName = "desktop"; };
laptop = commonSystem { hostName = "laptop"; };
server = commonSystem {
hostName = "server";
userName = "srv";
};
};
};
}

42
hosts/desktop/configuration.nix Normal file
View file

@ -0,0 +1,42 @@
{
pkgs,
hostName,
inputs,
userName,
...
}:
{
imports = [
../../modules/nixos/default.nix
./hardware-configuration.nix
];
# reusable modules
amd-gpu.enable = true;
desktop.enable = true;
external-speakers.enable = true;
gaming.enable = true;
link2c.enable = true;
# config
boot.initrd.luks.devices."luks-b164af31-c1c3-4b4e-83c8-eb39802c2027".device =
"/dev/disk/by-uuid/b164af31-c1c3-4b4e-83c8-eb39802c2027";
services.btrfs.autoScrub.enable = true;
system.stateVersion = "24.11";
i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8";
users.users.${userName} = {
extraGroups = [
"networkmanager"
"wheel"
"scanner"
"lp"
];
isNormalUser = true;
};
}

66
hosts/desktop/hardware-configuration.nix Normal file
View file

@ -0,0 +1,66 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/8ac17d03-8db2-455f-b73a-06d73022a079";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-bf3ff3bf-7210-4c50-a6bc-feb5bdb6fa0d".device =
"/dev/disk/by-uuid/bf3ff3bf-7210-4c50-a6bc-feb5bdb6fa0d";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3854-4FAE";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
fileSystems."/media/games" = {
device = "/dev/disk/by-uuid/ea672712-282d-4421-bf34-c9a249a9b275";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=games"
];
};
fileSystems."/media/hoard" = {
device = "/dev/disk/by-uuid/ea672712-282d-4421-bf34-c9a249a9b275";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=hoard"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/000dc4be-b250-4870-9284-b761486e8cea"; }
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
hosts/desktop/home.nix Normal file
View file

@ -0,0 +1,19 @@
{
userName,
...
}:
{
imports = [ ../../modules/home-manager/default.nix ];
# reusable modules
desktop.enable = true;
# config
home = {
username = "${userName}";
homeDirectory = "/home/will";
stateVersion = "24.11";
};
}

38
hosts/laptop/configuration.nix Normal file
View file

@ -0,0 +1,38 @@
{
pkgs,
hostName,
inputs,
userName,
...
}:
{
imports = [
../../modules/nixos/default.nix
./hardware-configuration.nix
];
# reusable modules
amd-gpu.enable = true;
desktop.enable = true;
networkmanager.enable = true;
# config
boot.initrd.luks.devices."luks-433a5889-6f18-4c9a-8d99-db02af39bdee".device =
"/dev/disk/by-uuid/433a5889-6f18-4c9a-8d99-db02af39bdee";
system.stateVersion = "24.11";
i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8";
users.users.${userName} = {
extraGroups = [
"networkmanager"
"wheel"
"scanner"
"lp"
];
isNormalUser = true;
};
}

42
hosts/laptop/hardware-configuration.nix Normal file
View file

@ -0,0 +1,42 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/cdb8d2dd-a466-4c53-8c42-f00af5e85d81";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-67930062-ceb2-4d9a-83d9-dfad48287a00".device = "/dev/disk/by-uuid/67930062-ceb2-4d9a-83d9-dfad48287a00";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/CFBE-B36B";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/7d677650-2504-4df0-8631-d7a7ff325e35"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
hosts/laptop/home.nix Normal file
View file

@ -0,0 +1,19 @@
{
userName,
...
}:
{
imports = [ ../../modules/home-manager/default.nix ];
# reusable modules
desktop.enable = true;
# config
home = {
username = "${userName}";
homeDirectory = "/home/will";
stateVersion = "24.11";
};
}

42
hosts/server/configuration.nix Normal file
View file

@ -0,0 +1,42 @@
{
pkgs,
hostName,
inputs,
userName,
...
}:
{
imports = [
../../modules/nixos/default.nix
./hardware-configuration.nix
];
# reusable modules
borgbackup-srv.enable = true;
intel-gpu.enable = true;
server.enable = true;
# config
networking.hostName = "${hostName}";
services.openssh.enable = true;
system.stateVersion = "24.11";
users = {
groups.${userName} = { };
users.${userName} = {
extraGroups = [
"wheel"
"docker"
];
home = "/home/srv";
isNormalUser = true;
shell = pkgs.bash;
};
};
virtualisation.docker.enable = true;
}

58
hosts/server/hardware-configuration.nix Normal file
View file

@ -0,0 +1,58 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/f202dcb2-1af3-4841-b0a7-303b18e68421";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E591-819C";
fsType = "vfat";
options = [
"fmask=0767"
"dmask=0767"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/8e471996-8a5d-4782-b87f-83f2b3839f53"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
hosts/server/home.nix Normal file
View file

@ -0,0 +1,13 @@
{
userName,
...
}:
{
imports = [ ../../modules/home-manager/default.nix ];
home = {
username = "${userName}";
homeDirectory = "/home/srv";
stateVersion = "24.11";
};
}

14
modules/home-manager/bundles/desktop.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, ... }:
let
feature = "desktop";
in
{
config = lib.mkIf config.${feature}.enable {
alacritty.enable = true;
zellij.enable = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

14
modules/home-manager/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, ... }:
let
featureBundler =
featuresDir:
map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir));
in
{
imports = (featureBundler ./bundles) ++ (featureBundler ./features);
bash.enable = lib.mkDefault true;
gh.enable = lib.mkDefault true;
git.enable = lib.mkDefault true;
zoxide.enable = lib.mkDefault true;
}

49
modules/home-manager/features/alacritty.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
lib,
...
}:
let
feature = "alacritty";
in
{
config = lib.mkIf config.${feature}.enable {
programs.alacritty = {
enable = true;
theme = "catppuccin_mocha";
settings = {
window.startup_mode = "fullscreen";
terminal.shell = {
program = "zellij";
args = [
"-l"
"welcome"
];
};
font = {
normal = {
family = "JetBrainsMono Nerd Font";
style = "Regular";
};
bold = {
family = "JetBrainsMono Nerd Font";
style = "Bold";
};
italic = {
family = "JetBrainsMono Nerd Font";
style = "italic";
};
bold_italic = {
family = "JetBrainsMono Nerd Font";
style = "bold_italic";
};
size = 13;
};
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

13
modules/home-manager/features/bash.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }:
let
feature = "bash";
in
{
config = lib.mkIf config.${feature}.enable {
programs.bash.enable = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

23
modules/home-manager/features/gh.nix Normal file
View file

@ -0,0 +1,23 @@
{
config,
lib,
...
}:
let
feature = "gh";
in
{
config = lib.mkIf config.${feature}.enable {
programs.gh = {
enable = true;
settings = {
git_protocol = "ssh";
editor = "nvim";
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

49
modules/home-manager/features/git.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
lib,
...
}:
let
feature = "git";
in
{
config = lib.mkIf config.${feature}.enable {
programs.${feature} = {
enable = true;
userName = "wi11-holdsworth";
userEmail = "83637728+wi11-holdsworth@users.noreply.github.com";
aliases = {
a = "add";
aa = "add .";
ap = "add -p";
c = "commit --verbose";
ca = "commit -a --verbose";
cm = "commit -m";
cam = "commit -a -m";
m = "commit --amend --verbose";
d = "diff";
ds = "diff --stat";
dc = "diff --cached";
s = "status -s";
co = "checkout";
cob = "checkout -b";
ps = "push";
pl = "pull";
};
extraConfig = {
init.defaultBranch = "main";
core.editor = "nvim";
push.autoSetupRemote = true;
pull.rebase = false;
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

23
modules/home-manager/features/zellij.nix Normal file
View file

@ -0,0 +1,23 @@
{
config,
lib,
...
}:
let
feature = "zellij";
in
{
config = lib.mkIf config.${feature}.enable {
programs.zellij = {
enable = true;
settings = {
theme = "catppuccin-mocha";
show_startup_tips = false;
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

23
modules/home-manager/features/zoxide.nix Normal file
View file

@ -0,0 +1,23 @@
{
config,
lib,
...
}:
let
feature = "zoxide";
in
{
config = lib.mkIf config.${feature}.enable {
programs.zoxide = {
enable = true;
enableBashIntegration = true;
options = [
"--cmd j"
];
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

42
modules/nixos/bundles/desktop.nix Normal file
View file

@ -0,0 +1,42 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "desktop";
in
{
config = lib.mkIf config.${feature}.enable {
pipewire.enable = true;
print-and-scan.enable = true;
plasma.enable = true;
environment.systemPackages =
with pkgs;
[
beeper
brave
calibre
cameractrls-gtk3
firefox
jellyfin-media-player
kiwix
libreoffice
nixfmt-rfc-style
obsidian
vlc
vscode
]
++ (with pkgs.kdePackages; [
skanlite
ktorrent
kzones
]);
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

30
modules/nixos/bundles/server.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, ... }:
let
feature = "server";
in
{
config = lib.mkIf config.${feature}.enable {
couchdb.enable = true;
flaresolverr.enable = true;
homepage-dashboard.enable = true;
immich.enable = true;
jellyfin.enable = true;
lidarr.enable = true;
miniflux.enable = true;
nginx.enable = true;
ntfy-sh.enable = true;
paperless.enable = true;
prowlarr.enable = true;
radarr.enable = true;
sonarr.enable = true;
stirling-pdf.enable = true;
transmission.enable = true;
vaultwarden.enable = true;
vscode-server.enable = true;
webdav.enable = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

39
modules/nixos/default.nix Normal file
View file

@ -0,0 +1,39 @@
{
lib,
pkgs,
...
}:
let
featureBundler =
featuresDir:
map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir));
in
{
imports = (featureBundler ./bundles) ++ (featureBundler ./features);
agenix.enable = lib.mkDefault true;
direnv.enable = lib.mkDefault true;
fonts.enable = lib.mkDefault true;
home-manager.enable = lib.mkDefault true;
localisation.enable = lib.mkDefault true;
nh.enable = lib.mkDefault true;
nix-settings.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault true;
nixvim.enable = lib.mkDefault true;
shell.enable = lib.mkDefault true;
starship.enable = lib.mkDefault true;
systemd-boot.enable = lib.mkDefault true;
tailscale.enable = lib.mkDefault true;
# cli utils
environment.systemPackages = with pkgs; [
bat
dust
eza
fd
lazygit
nom
ripgrep-all
spotdl
];
}

21
modules/nixos/features/agenix.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
inputs,
lib,
system,
userName,
...
}:
let
feature = "agenix";
in
{
config = lib.mkIf config.${feature}.enable {
age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ];
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
};
imports = [ inputs.agenix.nixosModules.default ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

26
modules/nixos/features/amd-gpu.nix Normal file
View file

@ -0,0 +1,26 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "amd-gpu";
in
{
config = lib.mkIf config.${feature}.enable {
# load graphics drivers before anything else
boot.initrd.kernelModules = [ "amdgpu" ];
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [ amdvlk ];
};
services.xserver.videoDrivers = [ "amdgpu" ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

104
modules/nixos/features/borgbackup-srv.nix Normal file
View file

@ -0,0 +1,104 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "borgbackup-srv";
secret = "borgbackup";
notify =
{
tag,
msg,
location,
}:
''
${pkgs.curl}/bin/curl -H "X-Tags: ${tag},BorgBackup,Server,${location}" -d "${msg}" ${config.services.ntfy-sh.settings.base-url}/backups
'';
notifySuccess =
location:
notify {
tag = "tada";
msg = "Backup succeeded";
inherit location;
};
notifyFailure =
location:
notify {
tag = "tada";
msg = "Backup failed, check logs";
inherit location;
};
in
{
config = lib.mkIf config.${feature}.enable {
services.borgbackup.jobs =
let
srv = location: {
paths = "/srv";
compression = "auto,zstd";
startAt = "*-*-* 04:00:00 Australia/Melbourne";
prune.keep = {
daily = 7;
weekly = 4;
monthly = 6;
};
postHook = ''
if [ $exitStatus -eq 0 ]; then
${notifySuccess location}
else
${notifyFailure location}
fi
'';
};
in
{
onsite = srv "onsite" // {
repo = "/repo";
exclude = [ "/srv/immich" ];
encryption.mode = "repokey-blake2";
encryption.passCommand = "cat ${config.age.secrets.borgbackup-server-onsite.path}";
removableDevice = true;
};
offsite = srv "offsite" // {
repo = "vuc5c3xq@vuc5c3xq.repo.borgbase.com:repo";
encryption.mode = "repokey-blake2";
encryption.passCommand = "cat ${config.age.secrets.borgbackup-server-offsite.path}";
environment.BORG_RSH = "ssh -i /home/srv/.ssh/id_ed25519";
};
};
# onsite drive
services.udisks2.enable = true;
fileSystems."/repo" = {
device = "/dev/sdb1";
fsType = "vfat";
};
# secrets
age.secrets = {
"${secret}-server-onsite" = {
file = ../../../secrets/${secret}-server-onsite.age;
};
"${secret}-server-offsite" = {
file = ../../../secrets/${secret}-server-offsite.age;
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

60
modules/nixos/features/couchdb.nix Normal file
View file

@ -0,0 +1,60 @@
{
config,
lib,
...
}:
let
feature = "couchdb";
port = "5984";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
databaseDir = "/srv/couchdb";
viewIndexDir = "/srv/couchdb";
configFile = "/srv/couchdb";
port = lib.toInt port;
extraConfig = {
chttpd = {
require_valid_user = true;
enable_cors = true;
max_http_request_size = 4294967296;
};
chttpd_auth.require_valid_user = true;
httpd = {
WWW-Authenticate = ''Basic realm="couchdb"'';
enable_cors = true;
};
couchdb.max_document_size = 50000000;
cors = {
credentials = true;
origins = ''
app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz
'';
};
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

13
modules/nixos/features/direnv.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
...
}:
let
feature = "direnv";
in
{
config = lib.mkIf config.${feature}.enable { programs.${feature}.enable = true; };
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

17
modules/nixos/features/external-speakers.nix Normal file
View file

@ -0,0 +1,17 @@
{
config,
lib,
...
}:
let
feature = "external-speakers";
in
{
config = lib.mkIf config.${feature}.enable {
boot.extraModprobeConfig = ''
options snd_hda_intel power_save=0
'';
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

34
modules/nixos/features/flaresolverr.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
lib,
...
}:
let
feature = "flaresolverr";
port = "5011";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
port = lib.toInt port;
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

18
modules/nixos/features/fonts.nix Normal file
View file

@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "fonts";
in
{
config = lib.mkIf config.${feature}.enable {
fonts.packages = with pkgs; [ nerd-fonts.jetbrains-mono ];
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

37
modules/nixos/features/gaming.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "gaming";
in
{
config = lib.mkIf config.${feature}.enable {
environment.systemPackages = with pkgs; [
heroic
lutris
mangohud
nexusmods-app
protonup-qt
wine
wine64
winetricks
prismlauncher
];
programs = {
gamemode.enable = true;
steam = {
enable = true;
gamescopeSession.enable = true;
};
};
# latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

28
modules/nixos/features/home-manager.nix Normal file
View file

@ -0,0 +1,28 @@
{
config,
hostName,
inputs,
lib,
userName,
...
}:
let
feature = "home-manager";
in
{
config = lib.mkIf config.${feature}.enable {
home-manager = {
users.${userName} = import ../../../hosts/${hostName}/home.nix;
backupFileExtension = "backup";
extraSpecialArgs = {
inherit userName;
};
useGlobalPkgs = true;
useUserPackages = true;
};
};
imports = [ inputs.home-manager.nixosModules.home-manager ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

268
modules/nixos/features/homepage-dashboard.nix Normal file
View file

@ -0,0 +1,268 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "homepage-dashboard";
port = "5004";
genSecrets =
secrets:
lib.genAttrs secrets (secret: {
file = ../../../secrets/${secret}.age;
});
insertSecrets =
secrets:
lib.genAttrs secrets (secret: ''
secret=$(cat "${config.age.secrets.${secret}.path}")
configFile=/etc/homepage-dashboard/services.yaml
${pkgs.gnused}/bin/sed -i "s#@${secret}@#$secret#" "$configFile"
'');
secrets = [
"immich"
"jellyfin"
"lidarr"
"miniflux"
"paperless"
"prowlarr"
"radarr"
"sonarr"
];
in
{
config = lib.mkIf config.${feature}.enable {
system.activationScripts = insertSecrets secrets;
age.secrets = genSecrets secrets;
services = {
# service
${feature} = {
enable = true;
listenPort = lib.toInt port;
allowedHosts = "${feature}.fi33.buzz";
services = [
{
"Media Management" = [
{
"Lidarr" = {
"icon" = "lidarr.png";
"href" = "https://lidarr.fi33.buzz/";
"widget" = {
"type" = "lidarr";
"url" = "https://lidarr.fi33.buzz/";
"key" = "@lidarr@";
"enableQueue" = true;
};
};
}
{
"Prowlarr" = {
"icon" = "prowlarr.png";
"href" = "https://prowlarr.fi33.buzz/";
"widget" = {
"type" = "prowlarr";
"url" = "https://prowlarr.fi33.buzz/";
"key" = "@prowlarr@";
};
};
}
{
"Radarr" = {
"icon" = "radarr.png";
"href" = "https://radarr.fi33.buzz/";
"widget" = {
"type" = "radarr";
"url" = "https://radarr.fi33.buzz/";
"key" = "@radarr@";
"enableQueue" = true;
};
};
}
{
"Sonarr" = {
"icon" = "sonarr.png";
"href" = "https://sonarr.fi33.buzz/";
"widget" = {
"type" = "sonarr";
"url" = "https://sonarr.fi33.buzz/";
"key" = "@sonarr@";
"enableQueue" = true;
};
};
}
];
}
{
"Media Streaming" = [
{
"Immich" = {
"icon" = "immich.png";
"href" = "https://immich.fi33.buzz/";
"widget" = {
"type" = "immich";
"fields" = [
"users"
"photos"
"videos"
"storage"
];
"url" = "https://immich.fi33.buzz/";
"version" = 2;
"key" = "@immich@";
};
};
}
{
"Jellyfin" = {
"icon" = "jellyfin.png";
"href" = "https://jellyfin.fi33.buzz/";
"widget" = {
"type" = "jellyfin";
"url" = "https://jellyfin.fi33.buzz/";
"key" = "@jellyfin@";
"enableBlocks" = true;
"enableNowPlaying" = true;
"enableUser" = true;
"showEpisodeNumber" = true;
"expandOneStreamToTwoRows" = false;
};
};
}
{
"Miniflux" = {
"icon" = "miniflux.png";
"href" = "https://miniflux.fi33.buzz/";
"widget" = {
"type" = "miniflux";
"url" = "https://miniflux.fi33.buzz/";
"key" = "@miniflux@";
};
};
}
{
"Paperless" = {
"icon" = "paperless.png";
"href" = "https://paperless.fi33.buzz/";
"widget" = {
"type" = "paperlessngx";
"url" = "https://paperless.fi33.buzz/";
"username" = "admin";
"password" = "@paperless@";
};
};
}
];
}
{
"Cloud Services" = [
{
"CouchDB" = {
"icon" = "couchdb.png";
"href" = "https://couchdb.fi33.buzz/_utils/";
};
}
{
"Ntfy" = {
"icon" = "ntfy.png";
"href" = "https://ntfy-sh.fi33.buzz/";
};
}
{
"Stirling PDF" = {
"icon" = "stirling-pdf.png";
"href" = "https://stirling-pdf.fi33.buzz/";
};
}
{
"Transmission" = {
"icon" = "transmission.png";
"href" = "https://transmission.fi33.buzz/";
};
}
{
"Vaultwarden" = {
"icon" = "vaultwarden.png";
"href" = "https://vaultwarden.fi33.buzz/";
};
}
];
}
];
settings = {
title = "Mission Control";
theme = "dark";
color = "neutral";
headerStyle = "clean";
layout = [
{
"Media Streaming" = {
style = "row";
columns = 4;
useEqualHeights = true;
};
}
{
"Media Management" = {
style = "row";
columns = 4;
useEqualHeights = true;
};
}
{
"Cloud Services" = {
style = "row";
columns = 3;
};
}
];
quicklaunch.searchDescriptions = true;
disableUpdateCheck = true;
showStats = true;
statusStyle = "dot";
};
widgets = [
{
search = {
provider = [
"duckduckgo"
"brave"
];
focus = true;
showSearchSuggestions = true;
target = "_blank";
};
}
{
resources = {
cpu = true;
memory = true;
disk = "/";
cputemp = true;
tempmin = 0;
tempmax = 100;
units = "metric";
network = true;
uptime = true;
};
}
];
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

34
modules/nixos/features/immich.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
lib,
...
}:
let
feature = "immich";
port = "2283";
in
{
config = lib.mkIf config.${feature}.enable {
services.${feature} = {
enable = true;
port = builtins.fromJSON "${port}";
mediaLocation = "/srv/${feature}";
};
# reverse proxy
services.nginx = {
clientMaxBodySize = "50000M";
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://[::1]:${port}";
proxyWebsockets = true;
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

30
modules/nixos/features/intel-gpu.nix Normal file
View file

@ -0,0 +1,30 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "intel-gpu";
in
{
config = lib.mkIf config.${feature}.enable {
hardware = {
enableAllFirmware = true;
graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
libva-vdpau-driver
intel-compute-runtime
vpl-gpu-rt
intel-ocl
];
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

37
modules/nixos/features/jellyfin.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
userName,
...
}:
let
feature = "jellyfin";
port = "8096";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/jellyfin";
group = "media";
};
# reverse proxy
nginx.virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
# use intel iGP
systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD";
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

36
modules/nixos/features/lidarr.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
lib,
...
}:
let
feature = "lidarr";
port = "5012";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/lidarr";
settings.server.port = lib.toInt port;
group = "media";
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

17
modules/nixos/features/link2c.nix Normal file
View file

@ -0,0 +1,17 @@
{
config,
lib,
...
}:
let
feature = "link2c";
in
{
config = lib.mkIf config.${feature}.enable {
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="2e1a", ATTR{idProduct}=="4c03", TEST=="power/control", ATTR{power/control}="on"
'';
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

21
modules/nixos/features/localisation.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, ... }:
let
feature = "localisation";
in
{
config = lib.mkIf config.${feature}.enable {
i18n = {
defaultLocale = "en_AU.UTF-8";
supportedLocales = [
"en_US.UTF-8/UTF-8"
"en_AU.UTF-8/UTF-8"
];
};
time.timeZone = "Australia/Melbourne";
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

40
modules/nixos/features/miniflux.nix Normal file
View file

@ -0,0 +1,40 @@
{
config,
lib,
...
}:
let
feature = "miniflux";
port = "5010";
in
{
config = lib.mkIf config.${feature}.enable {
age.secrets.miniflux-creds.file = ../../../secrets/miniflux-creds.age;
services = {
# service
${feature} = {
enable = true;
adminCredentialsFile = config.age.secrets.miniflux-creds.path;
config = {
BASE_URL = "https://miniflux.fi33.buzz";
LISTEN_ADDR = "localhost:${port}";
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

21
modules/nixos/features/networkmanager.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
hostName,
...
}:
let
feature = "networkmanager";
in
{
config = lib.mkIf config.${feature}.enable {
networking = {
hostName = "${hostName}";
networkmanager.enable = true;
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

47
modules/nixos/features/nginx.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
lib,
...
}:
let
feature = "nginx";
in
{
config = lib.mkIf config.${feature}.enable {
age.secrets."api-porkbun" = {
file = ../../../secrets/api-porkbun.age;
};
services.${feature} = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts."*.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".index = "index.html";
};
};
security.acme = {
acceptTerms = true;
defaults.email = "wi11@duck.com";
certs."fi33.buzz" = {
domain = "fi33.buzz";
extraDomainNames = [ "*.fi33.buzz" ];
group = "${feature}";
dnsProvider = "porkbun";
dnsPropagationCheck = true;
credentialsFile = config.age.secrets."api-porkbun".path;
};
};
users.users.${feature}.extraGroups = [ "acme" ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

20
modules/nixos/features/nh.nix Normal file
View file

@ -0,0 +1,20 @@
{
config,
lib,
userName,
...
}:
let
feature = "nh";
in
{
config = lib.mkIf config.${feature}.enable {
programs.${feature} = {
enable = true;
# clean.enable = true;
flake = "/home/${userName}/.dots";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

25
modules/nixos/features/nix-settings.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, ... }:
let
feature = "nix-settings";
in
{
config = lib.mkIf config.${feature}.enable {
nix = {
optimise.automatic = true;
settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"will"
"srv"
];
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

13
modules/nixos/features/nixpkgs.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }:
let
feature = "nixpkgs";
in
{
config = lib.mkIf config.${feature}.enable {
nixpkgs.config.allowUnfree = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

57
modules/nixos/features/nixvim.nix Normal file
View file

@ -0,0 +1,57 @@
{
config,
inputs,
lib,
...
}:
let
feature = "nixvim";
in
{
config = lib.mkIf config.${feature}.enable {
environment.variables.EDITOR = "nvim";
programs.${feature} = {
enable = true;
opts = {
shiftwidth = 2;
number = true;
relativenumber = true;
autoindent = true;
tabstop = 2;
expandtab = true;
};
colorschemes.catppuccin = {
enable = true;
settings.background.dark = "mocha";
};
plugins = {
cmp = {
enable = true;
autoEnableSources = true;
};
cmp-nvim-lsp.enable = true;
cmp_luasnip.enable = true;
cmp-treesitter.enable = true;
cmp-async-path.enable = true;
cmp-npm.enable = true;
cmp-emoji.enable = true;
cmp-dictionary.enable = true;
cmp-calc.enable = true;
lsp = {
enable = true;
servers.nixd.enable = true;
};
lsp-format.enable = true;
autoclose.enable = true;
lualine.enable = true;
luasnip.enable = true;
treesitter.enable = true;
lastplace.enable = true;
};
};
};
imports = [ inputs.nixvim.nixosModules.nixvim ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

38
modules/nixos/features/ntfy-sh.nix Normal file
View file

@ -0,0 +1,38 @@
{
config,
lib,
...
}:
let
feature = "ntfy-sh";
port = "5002";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
settings = {
base-url = "https://${feature}.fi33.buzz";
listen-http = ":${port}";
behind-proxy = true;
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

42
modules/nixos/features/paperless.nix Normal file
View file

@ -0,0 +1,42 @@
{
config,
lib,
...
}:
let
feature = "paperless";
port = "5013";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/paperless";
database.createLocally = true;
passwordFile = config.age.secrets.paperless.path;
port = lib.toInt port;
settings = {
PAPERLESS_URL = "https://paperless.fi33.buzz";
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
age.secrets.paperless.file = ../../../secrets/paperless.age;
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

21
modules/nixos/features/pipewire.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, ... }:
let
feature = "pipewire";
in
{
config = lib.mkIf config.${feature}.enable {
security.rtkit.enable = true;
services.pipewire = {
alsa.enable = true;
alsa.support32Bit = true;
enable = true;
jack.enable = true;
pulse.enable = true;
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

19
modules/nixos/features/plasma.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, ... }:
let
feature = "plasma";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

30
modules/nixos/features/print-and-scan.nix Normal file
View file

@ -0,0 +1,30 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "print-and-scan";
in
{
config = lib.mkIf config.${feature}.enable {
hardware.sane = {
enable = true;
extraBackends = [ pkgs.hplip ];
};
services = {
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
printing = {
enable = true;
drivers = [ pkgs.hplip ];
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

35
modules/nixos/features/prowlarr.nix Normal file
View file

@ -0,0 +1,35 @@
{
config,
lib,
...
}:
let
feature = "prowlarr";
port = "5009";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/prowlarr";
settings.server.port = lib.toInt port;
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

37
modules/nixos/features/radarr.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
...
}:
let
feature = "radarr";
port = "5007";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/radarr";
settings.server.port = lib.toInt port;
group = "media";
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

19
modules/nixos/features/shell.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, ... }:
let
feature = "shell";
in
{
config = lib.mkIf config.${feature}.enable {
environment.shellAliases = {
g = "lazygit";
ns = "nh os switch";
rf = "nix flake init --template 'https://flakehub.com/f/the-nix-way/dev-templates/*#rust' && direnv allow";
vi = "nvim";
vim = "nvim";
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

37
modules/nixos/features/sonarr.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
...
}:
let
feature = "sonarr";
port = "5006";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
dataDir = "/srv/sonarr";
settings.server.port = lib.toInt port;
group = "media";
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

21
modules/nixos/features/starship.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
...
}:
let
feature = "starship";
in
{
config = lib.mkIf config.${feature}.enable {
programs.starship = {
enable = true;
settings.character = {
success_symbol = "[%](bold green) ";
error_symbol = "[%](bold red) ";
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

36
modules/nixos/features/stirling-pdf.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
lib,
...
}:
let
feature = "stirling-pdf";
port = "5003";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
environment = {
SERVER_PORT = lib.toInt port;
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

16
modules/nixos/features/systemd-boot.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, lib, ... }:
let
feature = "systemd-boot";
in
{
config = lib.mkIf config.${feature}.enable {
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

20
modules/nixos/features/tailscale.nix Normal file
View file

@ -0,0 +1,20 @@
{
config,
lib,
...
}:
let
feature = "tailscale";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
${feature}.enable = true;
nginx.tailscaleAuth.enable = true;
};
networking.firewall.trustedInterfaces = [ "tailscale0" ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

37
modules/nixos/features/transmission.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "transmission";
port = "5008";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
transmission = {
enable = true;
package = pkgs.transmission_4;
settings = {
download-dir = "/media/Downloads";
rpc-host-whitelist-config.${feature}.enable = false;
rpc-port = lib.toInt port;
rpc-whitelist-enable = false;
};
group = "media";
webHome = pkgs.flood-for-transmission;
};
# reverse proxy
nginx.virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

48
modules/nixos/features/vaultwarden.nix Normal file
View file

@ -0,0 +1,48 @@
{
config,
inputs,
lib,
...
}:
let
feature = "vaultwarden";
port = "5001";
in
{
config = lib.mkIf config.${feature}.enable {
services.${feature} = {
enable = true;
backupDir = "/srv/${feature}";
config = {
rocketPort = "${port}";
domain = "https://${feature}.fi33.buzz";
signupsAllowed = false;
invitationsAllowed = false;
showPasswordHint = false;
useSyslog = true;
extendedLogging = true;
adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}";
};
};
# reverse proxy
services.nginx.virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
proxyWebsockets = true;
};
};
# secrets
age.secrets = {
"vaultwarden-admin" = {
file = ../../../secrets/vaultwarden-admin.age;
owner = "${feature}";
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

16
modules/nixos/features/vscode-server.nix Normal file
View file

@ -0,0 +1,16 @@
{
config,
inputs,
lib,
...
}:
let
feature = "vscode-server";
in
{
config = lib.mkIf config.${feature}.enable { services.${feature}.enable = true; };
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
imports = [ inputs.${feature}.nixosModules.default ];
}

47
modules/nixos/features/webdav.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
lib,
...
}:
let
feature = "webdav";
port = "5000";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
settings = {
address = "127.0.0.1";
port = lib.toInt port;
permissions = "R";
directory = "/srv/webdav";
modify = true;
users = [
{
username = "admin";
password = "{bcrypt}$2a$10$Buai6WtOhE7NoSNKNzcJ1OEJNFWyUzp6Y6b8i9pvdvIFNw8OaxCGm";
permissions = "CRUD";
}
];
};
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

13
modules/templates/feature.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }:
let
feature = "feature";
in
{
config = lib.mkIf config.${feature}.enable {
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

29
modules/templates/web-feature.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, lib, ... }:
let
feature = "feature";
port = "port";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
${feature} = {
enable = true;
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

8
secrets/api-porkbun.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 LtK9yQ 3IfuOhEd6O3fwpovZNGe5phUxEyawaNLQaghm2CMICs
F7V16p9va1ghnBlPxeRgzub2YdGnw0vv8Kb5WfPtl6Y
-> ssh-ed25519 qLT+DQ cL8BORJ2yfk0KFFDNagXi1W7XYZVdKj0cU/XsW7chCs
fJ0Qd5pH7+i82OAtBUA0WthOOAA8pEaqnxKhpkwCH00
--- sHXToVDlsHDq/eZERrUOAkM+u1tIRpNGzOLjrk1nnYg
®ÂôÙ#tñ/!í7eß6¹'G„ü9[,À§„½:ÿÁcä$ŽÊ  è-×¥+b”6£ÁѺÕ×8jÜ×9”º©U-e°ä<C2B0>‰ÛÂÈÂÞ»p¨õ­Š7ilE¼ºR± wûØ—QüV˜q<CB9C>Û×Í>#óuÍâåÓêν%}ÊPXLO迵!~êEì'¢h´IGqãÑÌûÿÌNéÉð±<C3B0>'jQšçDZœr&´%+
°i¦gÝf»Ôê¨ÚÇ~nðõ55ÂÏÚ

8
secrets/borgbackup-server-offsite.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 LtK9yQ 3edXTIF3R9FV6nFioGmKfQj3KUhgHcBiLZqWvGYHTHA
whktnDd+FVRedb24p115Es/Z9VRHGUfuKP0ZnZckcH8
-> ssh-ed25519 qLT+DQ RFxxvDwvEzCYWce3sgFpwpuMucStRCxcZJVl8IaCVl4
KdhOmU1bdunFZaEZ/rNEXz0USSKpQJefYQkaKmQwPy0
--- Xqxy50Tk669XG4bJFo+Jn4iM3q5r43WykXJRPjGaRRo
*—phž<C382> ÜhÁª<C381>„Ÿ@†]jU£à
öªã„ £¦Y£¡c½òˆoŒíÕ÷;R]ÙVë7@—Üä(Ê_QZ<>VDH¬hÜ*f¿

BIN
secrets/borgbackup-server-onsite.age Normal file
View file

Binary file not shown.

BIN
secrets/immich.age Normal file
View file

Binary file not shown.

7
secrets/jellyfin.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 LtK9yQ 5qUkcfVKMNSjnj55IEE50uzBq4+nnttmZTiTKhgvBgc
QacHV/T7u4mxq34XOtRNT2vK5ETKqBd7YGlaYC3hWuY
-> ssh-ed25519 qLT+DQ iHIJ4YA/0hQ10X2lKYCWmzJWgcD3WtMEMcAmEN/KV0Y
aMzsYlzcJTRTaA8qfynGaEtwAj727UCJC/vERY8R+Fo
--- WmYMmCznOaPQJzltI7W77lJZr6UQ+z8AMlxSCo/flsc
ËkùV !JR¶€>¹Üh¡@G®þß}* ¸ÈÇ3ðZÂÜrhò8GÏT$3yb <0B>u< œâ™ôíy÷î÷¿h

7
secrets/lidarr.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 LtK9yQ aofrkfDuwx1bcL0LS0MnuXCUceWSYa6++idgsymaBzM
LBopXJq9soUEpXKx40FVdauI9czX3myTUozOTpn9ftQ
-> ssh-ed25519 qLT+DQ 5VVHAXAB1jLcjEfDDMZG9ydkiXTbtV39C/yvPwqz2wk
81MdOmmwlnuKYqUrFhOuumuvcg8IiatpQw+FSxVFMPU
--- EZKJh4tnM2BIm2sJg3qXedcMWkwrDXY3zsaleD55/J4
þ{ƒs°¢<W %oWs««¦jáñ&¤Î”žKèÓk³<6B>®Nm«"QÚøÆ_×­}Áq`j9«C×Ë2ZÓñÒ

BIN
secrets/miniflux-creds.age Normal file
View file

Binary file not shown.

BIN
secrets/miniflux.age Normal file
View file

Binary file not shown.

7
secrets/paperless.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 LtK9yQ 9i8bOq3woX+NlmieWSmeoelNqN08i4ad2mGSCPjjlxk
GeEpaT+tQJe6Eqg9jdLkYUtMuWedB3oE8RsOw4ZtMrA
-> ssh-ed25519 qLT+DQ AsPmSML5ZJMt80pCK4MQGLJ5y1ZXHkroEIWKdz6u4j0
OZoIeyoaVTg49UoEZIE8kwW44GsOp9vNAgf+FYFcuzM
--- EwP5WtBaG4lRoXtufF7P+arMMM1+012GjQCfWNnUG08
<EFBFBD>×JB:+žyË ¡QÕv ÛJ-FËbH¬öûk…à*Y±a™p=㧮mŸQŸÞ]íéíßþêÓW žE\W58îY_AfO¼¼¢í¦<C3AD>™ýþ/?ef(f[Úˆ=`”ÝÉ6N:

8
secrets/prowlarr.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 LtK9yQ gydFv7SFOTuqfbV/QK56L6paj9dVOHmMYxKzUfDD3mw
8Z20yv4cN75PJNsHE8dUGmLHi0c70GHskBd+TohSgLo
-> ssh-ed25519 qLT+DQ 6xlhv9/VqZjYaFM7FveP0DGnBcWUlvqRAQIAg0cLED8
YLQ/q4kb3H8aNfsH+fzPfNw/WSOfUg7+VVw3ak7s2tk
--- 2w8MZjzFiUgK8kS8bcpz/AzqzGe+lwXVDZkhXU7qGwM
U»xZP7,«ã
Ø Ã;‚£ÁÎÈ®šµåW&=<3D>Œ <0C>kaMò¯Äµe©Zp gqÅä‰8íN

7
secrets/radarr.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 LtK9yQ g0eAUUsmYBJ8Ir+ECB9DM2KixJ7DIdOKneM77753mmE
qrV3Kc4QW/qOZgzMsSbDP0UD0tvhU+Nh7lb6++Dl9BA
-> ssh-ed25519 qLT+DQ i4kT7QhcHmg2J3ga1X4sPbIhXUUoojifVBtD1QGN/xA
993ZM4b4Kd+KAECzEsZ6nusH3u04Kb7AgMbaGNRuhfc
--- MUcReVbWsOjhsPZYioCIggNQ3gG2DItj5O+ZXNl5JHE
œ:Î<>¯ÐY¥<59>·$9nÃ]‰lزø ³=³áwÄ~RgÎûàY¬(“Ç<E2809C>¹ùwf°½Ñ#Uß½ôí«‡Ù°7õ

23
secrets/secrets.nix Normal file
View file

@ -0,0 +1,23 @@
let
srv = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeV0NxqIGIXXgLYE6ntkHE4PARceZBp1FTI7kKLBbk8";
will = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHAnTQP77HQ/8nbf1oX7xftfKYtbH6MSh83wic0qdBy";
users = [
srv will];
in
{
"api-porkbun.age".publicKeys = users;
"api-miniflux.age".publicKeys = users;
"borgbackup-server-offsite.age".publicKeys = users;
"borgbackup-server-onsite.age".publicKeys = users;
"immich.age".publicKeys = users;
"jellyfin.age".publicKeys = users;
"jellyseerr.age".publicKeys = users;
"lidarr.age".publicKeys = users;
"miniflux-creds.age".publicKeys = users;
"paperless.age".publicKeys = users;
"prowlarr.age".publicKeys = users;
"radarr.age".publicKeys = users;
"sonarr.age".publicKeys = users;
"vaultwarden-admin.age".publicKeys = users;
}

7
secrets/sonarr.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 LtK9yQ DlFSpGarWh5dC0MoHatf1qNojLzoOLXIifmBBYwxxGA
dwlHzXfNnCx8cpzPdYI3/sfB4upMGccm+MGfi7L9JCQ
-> ssh-ed25519 qLT+DQ k9u/7jfgXO8KbtbZkR0p3iB7hsK54Xb7CEpBLAD9tQM
XQf+ChnVB0G4uE2SoBdr8wfGg1SAbml2I0zVsw0/hrQ
--- 1/KKI5MPgjg/5A9sKHAn22f7u78Jb6i0HjkIdVwPV6I
)ŸÛÈ ¦fÌÇMúOÆÂ8Á²ž¡õÎ6;¼¨l̆ÎËCjÙI8KßÝ!Hõ¶yAÐã…ÓêKž3'ü

8
secrets/vaultwarden-admin.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 LtK9yQ 5Z2mArRLMaq8n3kGmFj9R5fsKjy0AiQNjZYgmET6Yxs
3eoWHlMxHOtCg6AB5ukISj8QMTw/pt6LEJbu0WeArlw
-> ssh-ed25519 qLT+DQ 7PZMhnh3+wLwd8CAEPMe6IfdQ7SA0880DHbTFRIKhVw
IpZw5NiQILBxZLlsp7jV+aigvpHE4PFSfAgZJHe5Kz8
--- jstgcHlkJkaS9g047sPIgiaOK3uuBKt9jhPN3XyUxLo
`Y°JèÒ+U ZÝ\áNa}•ÿ¦nüð<C3BC> 0ðo<C3B0>¸Á[7Í×Ë•1SãÎõÇŒg枆6½t4ãGš,ÞF<C39E>€%^Ý”ËÚˆ»!ß3=í¸À7“Ü\Ü0ÅUG0;(´¼± …-*6¤=b•Ô¬Ž~”jäð[;<3B>é‡ÊgÍÜsÄ/òØ
ÆSu‡ÑE}óÕøÐrTÛÔÜî<É