will-holdsworth/dots
1
1
Fork 0
Code Issues 22 Pull requests Projects 1 Releases Packages Wiki Activity Actions 1

Compare commits

base: will-holdsworth:main
Branches Tags
will-holdsworth:main
will-holdsworth:100
will-holdsworth:update_flake_lock_action
will-holdsworth:71
will-holdsworth:enhancement/32
will-holdsworth:enhancement/6
..
compare: will-holdsworth:enhancement/6
Branches Tags
will-holdsworth:main
will-holdsworth:100
will-holdsworth:update_flake_lock_action
will-holdsworth:71
will-holdsworth:enhancement/32
will-holdsworth:enhancement/6

3 commits
main ... enhancemen

Author SHA1 Message Date
wi11-holdsworth
306bf3ddb8 Merge branch 'enhancement/6' of github.com:wi11-holdsworth/dots into enhancement/6 2025-10-20 14:33:18 +11:00
wi11-holdsworth
13efb5b6f0 docs: add some todos describing program replacements 2025-10-20 14:33:07 +11:00
wi11-holdsworth
66df1182b1 docs: add some todos describing program replacements 2025-10-08 00:57:45 +11:00
134 changed files with 2687 additions and 4377 deletions
Download patch file Download diff file Expand all files Collapse all files

24
.github/workflows/main.yml vendored
View file

@ -1,24 +0,0 @@
name: "Flake.lock: update Nix dependencies"
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '0 16 * * *' # runs weekly on Sunday at 00:00
jobs:
nix-flake-update:
permissions:
contents: write
id-token: write
issues: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/determinate-nix-action@v3
- uses: DeterminateSystems/update-flake-lock@main
with:
pr-title: "Update Nix flake inputs"
pr-labels: |
dependencies
automated

338
flake.lock generated
View file

@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1770165109,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"lastModified": 1754433428,
"narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
"owner": "ryantm",
"repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
"type": "github"
},
"original": {
@ -29,11 +29,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1772965444,
"narHash": "sha256-VjcI4CozsowxGkZBzxQ6LYe49e9T1qfT1BzNrnc96y0=",
"lastModified": 1758493304,
"narHash": "sha256-A1xuSrELZIZhoKejIME0yemc9KlxZp/tKNxrF4LHrcw=",
"owner": "9001",
"repo": "copyparty",
"rev": "981a7cd9dda0acedbc7f53b2c44adb241c38cb84",
"rev": "1923a258797285ac75487d3d53665063a5bd67df",
"type": "github"
},
"original": {
@ -64,62 +64,7 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
@ -127,32 +72,11 @@
]
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github"
},
"original": {
@ -176,48 +100,21 @@
"type": "github"
}
},
"git-hooks": {
"flake-utils_2": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nix-gaming",
"nixpkgs"
]
"systems": "systems_2"
},
"locked": {
"lastModified": 1772893680,
"narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nix-gaming",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
@ -249,11 +146,11 @@
]
},
"locked": {
"lastModified": 1772985285,
"narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=",
"lastModified": 1758464306,
"narHash": "sha256-i56XRXqjwJRdVYmpzVUQ0ktqBBHqNzQHQMQvFRF/acQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85",
"rev": "939e91e1cff1f99736c5b02529658218ed819a2a",
"type": "github"
},
"original": {
@ -262,69 +159,52 @@
"type": "github"
}
},
"nix-citizen": {
"inputs": {
"flake-parts": "flake-parts",
"nix-gaming": [
"nix-gaming"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1772840927,
"narHash": "sha256-WdIuEJpH7eUP3ya8laJAYf71WilE4x7xetgMferL5Ko=",
"owner": "LovingMelody",
"repo": "nix-citizen",
"rev": "73c8d04ba69fb0bb5c4521c4b91a930a0ce283a5",
"type": "github"
},
"original": {
"owner": "LovingMelody",
"repo": "nix-citizen",
"type": "github"
}
},
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts_2",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1772937574,
"narHash": "sha256-Yw1tP/ASebNYuW2GcYDTgWf2Mg9qcUYo6MTagXyeFCs=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "d2b0b283deb24cdbb2750e658fa7001fee5ad586",
"type": "github"
},
"original": {
"owner": "fufexan",
"repo": "nix-gaming",
"type": "github"
}
},
"nix-github-actions": {
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nix-citizen",
"zen-browser",
"nixpkgs"
]
},
"locked": {
"lastModified": 1737420293,
"narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
"lastModified": 1752603129,
"narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
"repo": "home-manager",
"rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"repo": "home-manager",
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1754860581,
"narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.1.1",
"repo": "ixx",
"type": "github"
}
},
@ -343,60 +223,13 @@
"type": "indirect"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1772624091,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1772736753,
"narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "917fec990948658ef1ccd07cef2a1ef060786846",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1772773019,
"narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
"lastModified": 1758277210,
"narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
"rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
"type": "github"
},
"original": {
@ -408,18 +241,19 @@
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts_3",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_3"
},
"locked": {
"lastModified": 1772402258,
"narHash": "sha256-3DmCFOdmbkFML1/G9gj8Wb+rCCZFPOQtNoMCpqOF8SA=",
"lastModified": 1758459270,
"narHash": "sha256-r2VA33WYfxDJyWmJeo0TmPPrk9yGS9WWb/kld0e7X+I=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "21ae25e13b01d3b4cdc750b5f9e7bad68b150c10",
"rev": "92ba37a3e8c25d470f9affe8d5f36f2cfb21e5dd",
"type": "github"
},
"original": {
@ -428,24 +262,26 @@
"type": "github"
}
},
"nur": {
"nuschtosSearch": {
"inputs": {
"flake-parts": "flake-parts_4",
"flake-utils": "flake-utils_2",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772985100,
"narHash": "sha256-EXFbJvUZrElVq839MnMgJEDnyXWn84Zx+MiHcZiCQmg=",
"owner": "nix-community",
"repo": "NUR",
"rev": "407db2f6f4ba94992815f872ffce9a9d99ccc13c",
"lastModified": 1758272005,
"narHash": "sha256-1u3xTH+3kaHhztPmWtLAD8LF5pTYLR2CpsPFWTFnVtQ=",
"owner": "NuschtOS",
"repo": "search",
"rev": "aa975a3757f28ce862812466c5848787b868e116",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
@ -454,11 +290,9 @@
"agenix": "agenix",
"copyparty": "copyparty",
"home-manager": "home-manager_2",
"nix-citizen": "nix-citizen",
"nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_2",
"nixvim": "nixvim",
"nur": "nur"
"zen-browser": "zen-browser"
}
},
"systems": {
@ -506,24 +340,24 @@
"type": "github"
}
},
"treefmt-nix": {
"zen-browser": {
"inputs": {
"home-manager": "home-manager_3",
"nixpkgs": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772660329,
"narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3710e0e1218041bbad640352a0440114b1e10428",
"lastModified": 1759353433,
"narHash": "sha256-g3+737nvjYu3WrxLOiW6Wwtu4Ncdsy1KW9AGSTfzGOM=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "480746c469a2e14551c73940bd096aa9a9cc7cbd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"type": "github"
}
}

48
flake.nix
View file

@ -12,36 +12,24 @@
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-citizen = {
url = "github:LovingMelody/nix-citizen";
inputs.nix-gaming.follows = "nix-gaming";
};
nix-gaming.url = "github:fufexan/nix-gaming";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
nur = {
url = "github:nix-community/NUR";
zen-browser = {
url = "github:0xc000022070/zen-browser-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
# zen-browser = {
# url = "github:0xc000022070/zen-browser-flake";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# keep-sorted end
};
outputs =
{
# keep-sorted start
agenix,
home-manager,
nixpkgs,
nur,
# zen-browser,
# keep-sorted end
home-manager,
agenix,
zen-browser,
...
}@inputs:
let
@ -51,30 +39,21 @@
userName ? "will",
system ? "x86_64-linux",
}:
let
util = import ./util.nix;
in
nixpkgs.lib.nixosSystem {
modules = [
./hosts/${hostName}/configuration.nix
nur.modules.nixos.default
home-manager.nixosModules.home-manager
{
home-manager = {
users.${userName}.imports = [
./hosts/${hostName}/home.nix
agenix.homeManagerModules.default
# zen-browser.homeModules.twilight
zen-browser.homeModules.twilight
];
backupFileExtension = "backup";
extraSpecialArgs = {
inherit
inputs
hostName
userName
system
util
;
inherit userName;
inherit hostName;
};
useGlobalPkgs = true;
useUserPackages = true;
@ -82,13 +61,10 @@
}
];
specialArgs = {
inherit
inputs
hostName
userName
system
util
;
inherit inputs;
inherit hostName;
inherit userName;
inherit system;
};
inherit system;
};

35
hosts/desktop/configuration.nix
View file

@ -1,34 +1,25 @@
{
# keep-sorted start
userName,
util,
# keep-sorted end
...
}:
{
imports = [
# keep-sorted start
../../modules/nixos/default.nix
./hardware-configuration.nix
# keep-sorted end
]
++ (util.toImports ../../modules/nixos/features [
];
# reusable modules
# keep-sorted start
"amd-gpu"
"external-speakers"
"gaming"
"link2c"
"plasma"
"star-citizen"
amd-gpu.enable = true;
desktop.enable = true;
dev.enable = true;
external-speakers.enable = true;
gaming.enable = true;
link2c.enable = true;
plasma.enable = true;
# keep-sorted end
])
++ (util.toImports ../../modules/nixos/bundles [
# keep-sorted start
"desktop"
"dev"
"gui"
# keep-sorted end
]);
# config
boot.initrd.luks.devices."luks-b164af31-c1c3-4b4e-83c8-eb39802c2027".device =
"/dev/disk/by-uuid/b164af31-c1c3-4b4e-83c8-eb39802c2027";
@ -39,6 +30,8 @@
system.stateVersion = "24.11";
i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8";
users.users.${userName} = {
extraGroups = [
# keep-sorted start

19
hosts/desktop/home.nix
View file

@ -1,21 +1,18 @@
{
# keep-sorted start
userName,
util,
# keep-sorted end
...
}:
{
imports = [
../../modules/home-manager/default.nix
]
++ (util.toImports ../../modules/home-manager/bundles [
imports = [ ../../modules/home-manager/default.nix ];
# reusable modules
# keep-sorted start
"desktop"
"dev"
"gui"
desktop.enable = true;
dev.enable = true;
# keep-sorted end
]);
# config
age.secrets."protonmail-desktop-password".file = ../../secrets/protonmail-desktop-password.age;

40
hosts/laptop/configuration.nix
View file

@ -1,35 +1,31 @@
{
# keep-sorted start
userName,
util,
# keep-sorted end
...
}:
{
imports = [
# keep-sorted start
../../modules/nixos/default.nix
./hardware-configuration.nix
# keep-sorted end
]
++ (util.toImports ../../modules/nixos/features [
# keep-sorted start
"amd-gpu"
"gnome"
"tlp"
# keep-sorted end
])
++ (util.toImports ../../modules/nixos/bundles [
# keep-sorted start
"desktop"
"dev"
"gui"
# keep-sorted end
]);
];
boot.initrd.luks.devices."luks-c2f5123c-0be0-4357-b383-b3f422e99a34".device = "/dev/disk/by-uuid/c2f5123c-0be0-4357-b383-b3f422e99a34";
# reusable modules
system.stateVersion = "25.05";
# keep-sorted start
amd-gpu.enable = true;
desktop.enable = true;
dev.enable = true;
gnome.enable = true;
tlp.enable = true;
# keep-sorted end
# config
boot.initrd.luks.devices."luks-a7726a9d-535f-44bc-9c0e-adc501fad371".device =
"/dev/disk/by-uuid/a7726a9d-535f-44bc-9c0e-adc501fad371";
system.stateVersion = "24.11";
i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8";
users.users.${userName} = {
extraGroups = [

8
hosts/laptop/hardware-configuration.nix
View file

@ -14,20 +14,20 @@
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a240787a-6cc8-4c03-8a01-742adf305b1e";
{ device = "/dev/disk/by-uuid/b772799b-5434-4d5e-b0f9-ab425e36b9a1";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-f7d7a54f-d217-4260-8754-3cac7022e7d5".device = "/dev/disk/by-uuid/f7d7a54f-d217-4260-8754-3cac7022e7d5";
boot.initrd.luks.devices."luks-de6f14d8-8c7e-4e77-bfe5-264a39ef0bea".device = "/dev/disk/by-uuid/de6f14d8-8c7e-4e77-bfe5-264a39ef0bea";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/B3C9-7C0A";
{ device = "/dev/disk/by-uuid/3730-5237";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/b07c858a-2bd7-4b9a-aec3-3f9593c461c9"; }
[ { device = "/dev/disk/by-uuid/081de704-5e9a-4e6d-ae8d-df492d0f662c"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

19
hosts/laptop/home.nix
View file

@ -1,21 +1,18 @@
{
# keep-sorted start
userName,
util,
# keep-sorted end
...
}:
{
imports = [
../../modules/home-manager/default.nix
]
++ (util.toImports ../../modules/home-manager/bundles [
imports = [ ../../modules/home-manager/default.nix ];
# reusable modules
# keep-sorted start
"desktop"
"dev"
"gui"
desktop.enable = true;
dev.enable = true;
# keep-sorted end
]);
# config
age.secrets."protonmail-laptop-password".file = ../../secrets/protonmail-laptop-password.age;

54
hosts/server/configuration.nix
View file

@ -1,61 +1,27 @@
{
# keep-sorted start
hostName,
userName,
util,
# keep-sorted end
...
}:
{
imports = [
# keep-sorted start
../../modules/nixos/default.nix
./hardware-configuration.nix
# keep-sorted end
]
++ (util.toImports ../../modules/nixos/features [
];
# reusable modules
# keep-sorted start
"borgbackup"
"intel-gpu"
borgmatic.enable = true;
intel-gpu.enable = true;
server.enable = true;
# keep-sorted end
])
++ (util.toImports ../../modules/nixos/bundles [
"server"
]);
# external drive
services.udisks2.enable = true;
fileSystems."/mnt/external" = {
device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e";
fsType = "ext4";
options = [
"nofail"
];
};
# config
networking = {
hostName = "${hostName}";
firewall.interfaces."enp2s0".allowedTCPPorts = [
80
443
];
};
networking.hostName = "${hostName}";
# hardened openssh
services.openssh = {
allowSFTP = false;
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
};
services.openssh.enable = true;
system.stateVersion = "24.11";

4
hosts/server/home.nix
View file

@ -3,9 +3,7 @@
...
}:
{
imports = [
../../modules/home-manager/default.nix
];
imports = [ ../../modules/home-manager/default.nix ];
home = {
username = "${userName}";

23
modules/home-manager/bundles/desktop.nix
View file

@ -1,13 +1,24 @@
{
util,
config,
lib,
...
}:
let
feature = "desktop";
in
{
imports = util.toImports ../features [
config = lib.mkIf config.${feature}.enable {
# keep-sorted start
"aerc"
"mail"
"zellij"
aerc.enable = true;
kitty.enable = true;
mail.enable = true;
obsidian.enable = true;
zellij.enable = true;
zen-browser.enable = true;
# keep-sorted end
];
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

16
modules/home-manager/bundles/dev.nix
View file

@ -1,11 +1,19 @@
{
util,
config,
lib,
...
}:
let
feature = "dev";
in
{
imports = util.toImports ../features [
config = lib.mkIf config.${feature}.enable {
# keep-sorted start
"direnv"
zed-editor.enable = lib.mkDefault true;
# keep-sorted end
];
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

14
modules/home-manager/bundles/gui.nix
View file

@ -1,14 +0,0 @@
{
util,
...
}:
{
imports = util.toImports ../features [
# keep-sorted start
"alacritty"
"librewolf"
"obsidian"
# "zen-browser"
# keep-sorted end
];
}

37
modules/home-manager/default.nix
View file

@ -1,23 +1,22 @@
{ lib, ... }:
let
featureBundler =
featuresDir:
map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir));
in
{
util,
...
}:
{
imports = util.toImports ./features [
imports = (featureBundler ./bundles) ++ (featureBundler ./features);
# keep-sorted start
"agenix"
"bash"
"bat"
"bottom"
"delta"
"eza"
"fd"
"git"
"lazygit"
"shell-aliases"
"starship"
"yazi"
"zoxide"
agenix.enable = lib.mkDefault true;
bat.enable = lib.mkDefault true;
direnv.enable = lib.mkDefault true;
eza.enable = lib.mkDefault true;
fish.enable = lib.mkDefault true;
gh.enable = lib.mkDefault true;
git.enable = lib.mkDefault true;
starship.enable = lib.mkDefault true;
yazi.enable = lib.mkDefault true;
zoxide.enable = lib.mkDefault true;
# keep-sorted end
];
}

200
modules/home-manager/features/aerc.nix
View file

@ -1,4 +1,13 @@
{
config,
lib,
...
}:
let
feature = "aerc";
in
{
config = lib.mkIf config.${feature}.enable {
accounts.email.accounts.personal.aerc.enable = true;
programs.aerc = {
enable = true;
@ -18,164 +27,41 @@
sort = "-r date";
};
};
extraBinds = {
global = {
# keep-sorted start
"<C-n>" = ":next-tab <Enter>";
"<C-p>" = ":prev-tab<Enter>";
"<C-t>" = ":term<Enter>";
"?" = ":help keys<Enter>";
# keep-sorted end
};
messages = {
# keep-sorted start
"!" = ":term<space>";
"$" = ":term<space>";
"/" = ":search<space>-a<space>";
"<C-b>" = ":prev 100%<Enter>";
"<C-d>" = ":next 50%<Enter>";
"<C-f>" = ":next 100%<Enter>";
"<C-u>" = ":prev 50%<Enter>";
"<Down>" = ":next<Enter>";
"<Enter>" = ":view<Enter>";
"<Esc>" = ":clear<Enter>";
"<PgDn>" = ":next 100%<Enter>";
"<PgUp>" = ":prev 100%<Enter>";
"<Up>" = ":prev<Enter>";
"\\" = ":filter <space>";
"|" = ":pipe<space>";
A = ":archive flat<Enter>";
C = ":compose<Enter>";
D = ":move Trash<Enter>";
G = ":select -1<Enter>";
H = ":collapse-folder<Enter>";
I = ":read<Enter>";
J = ":next-folder <Enter>";
K = ":prev-folder<Enter>";
L = ":expand-folder<Enter>";
N = ":prev-result<Enter>";
Rq = ":reply -q<Enter>";
Rr = ":reply<Enter>";
T = ":toggle-threads<Enter>";
U = ":unread<Enter>";
V = ":mark -v<Enter>";
c = ":cf<space>";
d = ":prompt 'Really delete this message?' 'delete-message'<Enter>";
g = ":select 0 <Enter>";
j = ":next <Enter>";
k = ":prev <Enter>";
n = ":next-result<Enter>";
q = ":quit<Enter>";
rq = ":reply -aq<Enter>";
rr = ":reply -a<Enter>";
v = ":mark -t<Enter>";
# keep-sorted end
};
"messages:folder=Drafts" = {
"<Enter>" = ":recall<Enter>";
};
view = {
# keep-sorted start
"/" = ":toggle-key-passthrough <Enter> /";
"<C-j>" = ":next-part<Enter>";
"<C-k>" = ":prev-part<Enter>";
"<C-l>" = ":open-link <space>";
"|" = ":pipe<space>";
A = ":archive flat<Enter>";
D = ":move Trash<Enter>";
H = ":toggle-headers<Enter>";
J = ":next <Enter>";
K = ":prev<Enter>";
O = ":open<Enter>";
R = ":read<Enter>";
Rq = ":reply -q<Enter>";
Rr = ":reply<Enter>";
S = ":save<space>";
U = ":unread<Enter>";
f = ":forward <Enter>";
q = ":close<Enter>";
rq = ":reply -aq<Enter>";
rr = ":reply -a<Enter>";
# keep-sorted end
};
"view::passthrough" = {
# keep-sorted start
"$ex" = "<C-x>";
"$noinherit" = "true";
"<Esc>" = ":toggle-key-passthrough<Enter>";
# keep-sorted end
};
compose = {
# keep-sorted start
"$ex" = "<C-x>";
"$noinherit" = "true";
"<A-n>" = ":switch-account -n<Enter>";
"<A-p>" = ":switch-account -p<Enter>";
"<C-j>" = ":next-field<Enter>";
"<C-k>" = ":prev-field<Enter>";
"<C-n>" = ":next-tab<Enter>";
"<C-p>" = ":prev-tab<Enter>";
"<tab>" = ":next-field<Enter>";
# keep-sorted end
};
"compose::editor" = {
# keep-sorted start
"$ex" = "<C-x>";
"$noinherit" = "true";
"<C-j>" = ":next-field<Enter>";
"<C-k>" = ":prev-field<Enter>";
"<C-n>" = ":next-tab<Enter>";
"<C-p>" = ":prev-tab<Enter>";
# keep-sorted end
};
"compose::review" = {
# keep-sorted start
a = ":attach<space>";
d = ":detach<space>";
e = ":edit<Enter>";
n = ":abort<Enter>";
p = ":postpone<Enter>";
q = ":choose -o d discard abort -o p postpone postpone<Enter>";
y = ":send <Enter>";
# keep-sorted end
};
terminal = {
# keep-sorted start
"$ex" = "<C-x>";
"$noinherit" = "true";
"<C-n>" = ":next-tab<Enter>";
"<C-p>" = ":prev-tab<Enter>";
# keep-sorted end
stylesets = {
catppuccin-mocha = {
"*.default" = true;
"*.normal" = true;
"default.fg" = "#cdd6f4";
"error.fg" = "#f38ba8";
"warning.fg" = "#fab387";
"success.fg" = "#a6e3a1";
"tab.fg" = "#6c7086";
"tab.bg" = "#181825";
"tab.selected.fg" = "#cdd6f4";
"tab.selected.bg" = "#1e1e2e";
"tab.selected.bold" = true;
"border.fg" = "#11111b";
"border.bold" = true;
"msglist_unread.bold" = true;
"msglist_flagged.fg" = "#f9e2af";
"msglist_flagged.bold" = true;
"msglist_result.fg" = "#89b4fa";
"msglist_result.bold" = true;
"msglist_*.selected.bold" = true;
"msglist_*.selected.bg" = "#313244";
"dirlist_*.selected.bold" = true;
"dirlist_*.selected.bg" = "#313244";
"statusline_default.fg" = "#9399b2";
"statusline_default.bg" = "#313244";
"statusline_error.bold" = true;
"statusline_success.bold" = true;
"completion_default.selected.bg" = "#313244";
};
};
stylesets.catppuccin-mocha = ''
"*.default" = true
"*.normal" = true
"default.fg" = "#cdd6f4"
"error.fg" = "#f38ba8"
"warning.fg" = "#fab387"
"success.fg" = "#a6e3a1"
"tab.fg" = "#6c7086"
"tab.bg" = "#181825"
"tab.selected.fg" = "#cdd6f4"
"tab.selected.bg" = "#1e1e2e"
"tab.selected.bold" = true
"border.fg" = "#11111b"
"border.bold" = true
"msglist_unread.bold" = true
"msglist_flagged.fg" = "#f9e2af"
"msglist_flagged.bold" = true
"msglist_result.fg" = "#89b4fa"
"msglist_result.bold" = true
"msglist_*.selected.bold" = true
"msglist_*.selected.bg" = "#313244"
"dirlist_*.selected.bold" = true
"dirlist_*.selected.bg" = "#313244"
"statusline_default.fg" = "#9399b2"
"statusline_default.bg" = "#313244"
"statusline_error.bold" = true
"statusline_success.bold" = true
"completion_default.selected.bg" = "#313244"
'';
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

8
modules/home-manager/features/agenix.nix
View file

@ -1,8 +1,16 @@
{
config,
lib,
userName,
...
}:
let
feature = "agenix";
in
{
config = lib.mkIf config.${feature}.enable {
age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

27
modules/home-manager/features/alacritty.nix
View file

@ -1,27 +0,0 @@
{
# keep-sorted start
lib,
pkgs,
# keep-sorted end
...
}:
{
programs.alacritty = {
enable = true;
settings = {
font = {
normal = {
family = "JetBrainsMono Nerd Font";
style = "Regular";
};
size = 13;
};
window.startup_mode = "Maximized";
terminal.shell = {
program = "${lib.getExe pkgs.zellij}";
args = [ "-l=welcome" ];
};
};
theme = "catppuccin_mocha";
};
}

4
modules/home-manager/features/bash.nix
View file

@ -1,4 +0,0 @@
{
home.shell.enableBashIntegration = true;
programs.bash.enable = true;
}

14
modules/home-manager/features/bat.nix
View file

@ -1,8 +1,22 @@
{
config,
lib,
...
}:
let
feature = "bat";
in
{
config = lib.mkIf config.${feature}.enable {
programs.bat = {
enable = true;
config = {
theme = "Dracula";
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

78
modules/home-manager/features/bottom.nix
View file

@ -1,78 +0,0 @@
{
programs.bottom = {
enable = true;
settings = {
flags = {
group_processes = true;
process_memory_as_value = true;
};
styles = {
cpu = {
all_entry_color = "#f5e0dc";
avg_entry_color = "#eba0ac";
cpu_core_colors = [
"#f38ba8"
"#fab387"
"#f9e2af"
"#a6e3a1"
"#74c7ec"
"#cba6f7"
];
};
memory = {
ram_color = "#a6e3a1";
cache_color = "#f38ba8";
swap_color = "#fab387";
gpu_colors = [
"#74c7ec"
"#cba6f7"
"#f38ba8"
"#fab387"
"#f9e2af"
"#a6e3a1"
];
arc_color = "#89dceb";
};
network = {
rx_color = "#a6e3a1";
tx_color = "#f38ba8";
rx_total_color = "#89dceb";
tx_total_color = "#a6e3a1";
};
battery = {
high_battery_color = "#a6e3a1";
medium_battery_color = "#f9e2af";
low_battery_color = "#f38ba8";
};
tables = {
headers = {
color = "#f5e0dc";
};
};
graphs = {
graph_color = "#a6adc8";
legend_text = {
color = "#a6adc8";
};
};
widgets = {
border_color = "#585b70";
selected_border_color = "#f5c2e7";
widget_title = {
color = "#f2cdcd";
};
text = {
color = "#cdd6f4";
};
selected_text = {
color = "#11111b";
bg_color = "#cba6f7";
};
disabled_text = {
color = "#1e1e2e";
};
};
};
};
};
}

6
modules/home-manager/features/delta.nix
View file

@ -1,6 +0,0 @@
{
programs.delta = {
enable = true;
options.theme = "Dracula";
};
}

12
modules/home-manager/features/direnv.nix
View file

@ -1,3 +1,13 @@
{
programs.direnv.enable = true;
config,
lib,
...
}:
let
feature = "direnv";
in
{
config = lib.mkIf config.${feature}.enable { programs.direnv.enable = true; };
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

14
modules/home-manager/features/espanso.nix
View file

@ -1,6 +1,20 @@
{
config,
lib,
...
}:
let
feature = "espanso";
in
{
config = lib.mkIf config.${feature}.enable {
services.espanso = {
enable = true;
configs = { };
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

14
modules/home-manager/features/eza.nix
View file

@ -1,4 +1,13 @@
{
config,
lib,
...
}:
let
feature = "eza";
in
{
config = lib.mkIf config.${feature}.enable {
programs.eza = {
enable = true;
extraOptions = [
@ -280,4 +289,9 @@
};
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

6
modules/home-manager/features/fd.nix
View file

@ -1,6 +0,0 @@
{
programs.fd = {
enable = true;
hidden = true;
};
}

254
modules/home-manager/features/firefox.nix
View file

@ -1,254 +0,0 @@
{
pkgs,
...
}:
{
programs.firefox = {
enable = true;
languagePacks = [ "en-GB" ];
profiles.will = {
settings = {
# keep-sorted start
"browser.aboutwelcome.enabled" = false;
"browser.bookmarks.addedImportButton" = false;
"browser.bookmarks.restore_default_bookmarks" = false;
"browser.download.useDownloadDir" = true;
"browser.newtabpage.enabled" = false;
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.remote.block_uncommon" = false;
"browser.search.suggest.enabled" = false;
"browser.startup.homepage" = "chrome://browser/content/blanktab.html";
"browser.startup.page" = 3;
"browser.tabs.groups.smart.userEnabled" = false;
"browser.tabs.warnOnClose" = true;
"browser.tabs.warnOnOpen" = false;
"browser.toolbars.bookmarks.visibility" = "never";
"browser.urlbar.suggest.searches" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.usage.uploadEnabled" = false;
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.formautofill.creditCards.enabled" = false;
"general.autoScroll" = true;
"intl.locale.requested" = "en-GB";
"network.trr.mode" = 3;
"network.trr.uri" = "https://firefox.dns.nextdns.io/";
"privacy.annotate_channels.strict_list.enabled" = true;
"privacy.bounceTrackingProtection.mode" = 1;
"privacy.fingerprintingProtection" = true;
"privacy.globalprivacycontrol.enabled" = true;
"privacy.globalprivacycontrol.was_ever_enabled" = true;
"privacy.history.custom" = false;
"privacy.query_stripping.enabled " = true;
"privacy.query_stripping.enabled.pbmode" = true;
"privacy.sanitize.sanitizeOnShutdown" = false;
"privacy.trackingprotection.allow_list.baseline.enabled" = true;
"privacy.trackingprotection.allow_list.convenience.enabled" = false;
"privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false;
"privacy.trackingprotection.emailtracking.enabled" = true;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
"services.sync.engine.passwords" = false;
"sidebar.main.tools" = "syncedtabs,history,bookmarks";
"sidebar.new-sidebar.has-used" = true;
"sidebar.position_start" = false;
"sidebar.revamp" = true;
"sidebar.verticalTabs" = true;
"sidebar.verticalTabs.dragToPinPromo.dismissed" = true;
"signon.autofillForms" = false;
"signon.firefoxRelay.feature" = "disabled";
"signon.generation.enabled" = false;
"signon.management.page.breach-alerts.enabled" = false;
"signon.rememberSignons" = false;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
# keep-sorted end
};
search = {
default = "ddg";
privateDefault = "ddg";
engines = { };
order = [ ];
force = true;
};
extensions = {
force = true;
packages = with pkgs.nur.repos.rycee.firefox-addons; [
# keep-sorted start sticky_comments=no
# detect-cloudflare
bitwarden
dearrow
nixpkgs-pr-tracker
react-devtools
return-youtube-dislikes
sponsorblock
ublock-origin
# keep-sorted end
];
settings = {
# keep-sorted start block=yes
# sponsorblock
"sponsorBlocker@ajay.app".settings = {
hideSegmentCreationInPopup = false;
autoSkipOnMusicVideosUpdate = true;
changeChapterColor = true;
autoSkipOnMusicVideos = false;
hideVideoPlayerControls = false;
useVirtualTime = true;
categoryPillColors = { };
payments = {
chaptersAllowed = false;
freeAccess = false;
lastCheck = 0;
lastFreeCheck = 0;
licenseKey = null;
};
allowExpirements = true;
allowScrollingToEdit = true;
audioNotificationOnSkip = false;
autoHideInfoButton = true;
categoryPillUpdate = true;
chapterCategoryAdded = true;
checkForUnlistedVideos = false;
cleanPopup = false;
darkMode = true;
deArrowInstalled = true;
defaultCategory = "chooseACategory";
disableSkipping = false;
donateClicked = 0;
dontShowNotice = false;
forceChannelCheck = false;
fullVideoLabelsOnThumbnails = true;
fullVideoSegments = true;
hideDeleteButtonPlayerControls = false;
hideDiscordLaunches = 0;
hideDiscordLink = false;
hideInfoButtonPlayerControls = false;
hideSkipButtonPlayerControls = false;
hideUploadButtonPlayerControls = false;
categorySelections = [
{
name = "sponsor";
option = 2;
}
{
name = "poi_highlight";
option = 1;
}
{
name = "exclusive_access";
option = 0;
}
{
name = "chapter";
option = 0;
}
{
name = "selfpromo";
option = 1;
}
{
name = "interaction";
option = 1;
}
{
name = "intro";
option = 1;
}
{
name = "outro";
option = 1;
}
{
name = "preview";
option = 1;
}
{
name = "filler";
option = 1;
}
{
name = "music_offtopic";
option = 2;
}
{
name = "hook";
option = 1;
}
];
manualSkipOnFullVideo = false;
minDuration = 0;
isVip = false;
muteSegments = false;
noticeVisibilityMode = 3;
renderSegmentsAsChapters = false;
scrollToEditTimeUpdate = false;
serverAddress = "https://sponsor.ajay.app";
showAutogeneratedChapters = false;
showCategoryGuidelines = true;
showCategoryWithoutPermission = false;
showChapterInfoMessage = true;
showDeArrowInSettings = true;
showDeArrowPromotion = true;
showDonationLink = false;
showNewFeaturePopups = false;
showSegmentFailedToFetchWarning = true;
showSegmentNameInChapterBar = true;
showTimeWithSkips = true;
showUpcomingNotice = false;
showUpsells = false;
minutesSaved = 67.630516;
shownDeArrowPromotion = false;
showZoomToFillError2 = false;
skipNoticeDuration = 4;
sponsorTimesContributed = 0;
testingServer = false;
trackDownvotes = false;
trackDownvotesInPrivate = false;
trackViewCount = false;
trackViewCountInPrivate = false;
ytInfoPermissionGranted = false;
skipNonMusicOnlyOnYoutubeMusic = false;
hookUpdate = false;
permissions = {
sponsor = true;
selfpromo = true;
exclusive_access = true;
interaction = true;
intro = true;
outro = true;
preview = true;
hook = true;
music_offtopic = true;
filler = true;
poi_highlight = true;
chapter = false;
};
segmentListDefaultTab = 0;
prideTheme = false;
};
# ublock-origin
"uBlock0@raymondhill.net".settings = {
advancedUserEnabled = true;
selectedFilterLists = [
"user-filters"
"ublock-filters"
"ublock-badware"
"ublock-privacy"
"ublock-quick-fixes"
"ublock-unbreak"
"easylist"
"easyprivacy"
"adguard-spyware-url"
"urlhaus-1"
"plowe-0"
];
};
# keep-sorted end
};
};
};
};
}

35
modules/home-manager/features/fish.nix
View file

@ -1,14 +1,44 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "fish";
in
{
config = lib.mkIf config.${feature}.enable {
home.shell.enableFishIntegration = true;
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
'';
shellAliases = {
# keep-sorted start
cat = "bat";
# cd = "j";
cut = "choose";
df = "duf";
du = "dua";
# find = "fd";
g = "lazygit";
l = "eza";
la = "eza -a";
ls = "eza";
ns = "nh os switch";
# curl = "xh";
ping = "gping";
ps = "procs";
# sed = "sd";
# grep = "rga";
top = "btm";
unzip = "ripunzip";
vi = "nvim";
vim = "nvim";
# keep-sorted end
};
plugins = [
# INFO: Using this to get shell completion for programs added to the path through nix+direnv.
# Issue to upstream into direnv:Add commentMore actions
@ -36,4 +66,9 @@
fi
'';
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

14
modules/home-manager/features/gh.nix
View file

@ -1,4 +1,13 @@
{
config,
lib,
...
}:
let
feature = "gh";
in
{
config = lib.mkIf config.${feature}.enable {
programs.gh = {
enable = true;
settings = {
@ -6,4 +15,9 @@
editor = "nvim";
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

42
modules/home-manager/features/git.nix
View file

@ -1,12 +1,24 @@
{
userName,
config,
lib,
...
}:
let
feature = "git";
in
{
programs.git = {
config = lib.mkIf config.${feature}.enable {
programs.${feature} = {
enable = true;
settings = {
# keep-sorted start block=yes
delta = {
enable = true;
options.theme = "Dracula";
};
userName = "wi11-holdsworth";
userEmail = "83637728+wi11-holdsworth@users.noreply.github.com";
aliases = {
# keep-sorted start
a = "add";
@ -27,20 +39,18 @@
s = "status -s";
# keep-sorted end
};
core.editor = "nvim";
extraConfig = {
init.defaultBranch = "main";
pull.rebase = true;
core.editor = "nvim";
push.autoSetupRemote = true;
user = {
name = "Will Holdsworth";
email = "me@fi33.buzz";
};
# keep-sorted end
};
signing = {
key = "/home/${userName}/.ssh/git_signature.pub";
format = "ssh";
signByDefault = true;
pull.rebase = false;
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

11
modules/home-manager/features/kitty.nix
View file

@ -1,8 +1,14 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "kitty";
in
{
config = lib.mkIf config.${feature}.enable {
programs.kitty = {
enable = true;
enableGitIntegration = true;
@ -18,4 +24,9 @@
confirm_os_window_close = 0;
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

15
modules/home-manager/features/lazygit.nix
View file

@ -1,15 +0,0 @@
{
...
}:
{
programs.lazygit = {
enable = true;
settings = {
git.overrideGpg = true;
log = {
localBranchSortOrder = "recency";
remoteBranchSortOrder = "recency";
};
};
};
}

255
modules/home-manager/features/librewolf.nix
View file

@ -1,255 +0,0 @@
{
pkgs,
...
}:
{
programs.librewolf = {
enable = true;
languagePacks = [ "en-GB" ];
profiles.will = {
settings = {
# keep-sorted start
"browser.aboutwelcome.enabled" = false;
"browser.bookmarks.addedImportButton" = false;
"browser.bookmarks.restore_default_bookmarks" = false;
"browser.download.useDownloadDir" = true;
"browser.newtabpage.enabled" = false;
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.remote.block_uncommon" = false;
"browser.search.suggest.enabled" = false;
"browser.startup.homepage" = "chrome://browser/content/blanktab.html";
"browser.startup.page" = 3;
"browser.tabs.groups.smart.userEnabled" = false;
"browser.tabs.warnOnClose" = true;
"browser.tabs.warnOnOpen" = false;
"browser.toolbars.bookmarks.visibility" = "never";
"browser.urlbar.suggest.searches" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.usage.uploadEnabled" = false;
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.formautofill.creditCards.enabled" = false;
"general.autoScroll" = true;
"identity.fxaccounts.enabled" = true;
"intl.locale.requested" = "en-GB";
"network.trr.mode" = 3;
"network.trr.uri" = "https://firefox.dns.nextdns.io/";
"privacy.annotate_channels.strict_list.enabled" = true;
"privacy.bounceTrackingProtection.mode" = 1;
"privacy.fingerprintingProtection" = true;
"privacy.globalprivacycontrol.enabled" = true;
"privacy.globalprivacycontrol.was_ever_enabled" = true;
"privacy.history.custom" = false;
"privacy.query_stripping.enabled " = true;
"privacy.query_stripping.enabled.pbmode" = true;
"privacy.sanitize.sanitizeOnShutdown" = false;
"privacy.trackingprotection.allow_list.baseline.enabled" = true;
"privacy.trackingprotection.allow_list.convenience.enabled" = false;
"privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false;
"privacy.trackingprotection.emailtracking.enabled" = true;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
"services.sync.engine.passwords" = false;
"sidebar.main.tools" = "syncedtabs,history,bookmarks";
"sidebar.new-sidebar.has-used" = true;
"sidebar.position_start" = false;
"sidebar.revamp" = true;
"sidebar.verticalTabs" = true;
"sidebar.verticalTabs.dragToPinPromo.dismissed" = true;
"signon.autofillForms" = false;
"signon.firefoxRelay.feature" = "disabled";
"signon.generation.enabled" = false;
"signon.management.page.breach-alerts.enabled" = false;
"signon.rememberSignons" = false;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
# keep-sorted end
};
search = {
default = "ddg";
privateDefault = "ddg";
engines = { };
order = [ ];
force = true;
};
extensions = {
force = true;
packages = with pkgs.nur.repos.rycee.firefox-addons; [
# keep-sorted start sticky_comments=no
# detect-cloudflare
bitwarden
dearrow
nixpkgs-pr-tracker
react-devtools
return-youtube-dislikes
sponsorblock
ublock-origin
# keep-sorted end
];
settings = {
# keep-sorted start block=yes
# sponsorblock
"sponsorBlocker@ajay.app".settings = {
hideSegmentCreationInPopup = false;
autoSkipOnMusicVideosUpdate = true;
changeChapterColor = true;
autoSkipOnMusicVideos = false;
hideVideoPlayerControls = false;
useVirtualTime = true;
categoryPillColors = { };
payments = {
chaptersAllowed = false;
freeAccess = false;
lastCheck = 0;
lastFreeCheck = 0;
licenseKey = null;
};
allowExpirements = true;
allowScrollingToEdit = true;
audioNotificationOnSkip = false;
autoHideInfoButton = true;
categoryPillUpdate = true;
chapterCategoryAdded = true;
checkForUnlistedVideos = false;
cleanPopup = false;
darkMode = true;
deArrowInstalled = true;
defaultCategory = "chooseACategory";
disableSkipping = false;
donateClicked = 0;
dontShowNotice = false;
forceChannelCheck = false;
fullVideoLabelsOnThumbnails = true;
fullVideoSegments = true;
hideDeleteButtonPlayerControls = false;
hideDiscordLaunches = 0;
hideDiscordLink = false;
hideInfoButtonPlayerControls = false;
hideSkipButtonPlayerControls = false;
hideUploadButtonPlayerControls = false;
categorySelections = [
{
name = "sponsor";
option = 2;
}
{
name = "poi_highlight";
option = 1;
}
{
name = "exclusive_access";
option = 0;
}
{
name = "chapter";
option = 0;
}
{
name = "selfpromo";
option = 1;
}
{
name = "interaction";
option = 1;
}
{
name = "intro";
option = 1;
}
{
name = "outro";
option = 1;
}
{
name = "preview";
option = 1;
}
{
name = "filler";
option = 1;
}
{
name = "music_offtopic";
option = 2;
}
{
name = "hook";
option = 1;
}
];
manualSkipOnFullVideo = false;
minDuration = 0;
isVip = false;
muteSegments = false;
noticeVisibilityMode = 3;
renderSegmentsAsChapters = false;
scrollToEditTimeUpdate = false;
serverAddress = "https://sponsor.ajay.app";
showAutogeneratedChapters = false;
showCategoryGuidelines = true;
showCategoryWithoutPermission = false;
showChapterInfoMessage = true;
showDeArrowInSettings = true;
showDeArrowPromotion = true;
showDonationLink = false;
showNewFeaturePopups = false;
showSegmentFailedToFetchWarning = true;
showSegmentNameInChapterBar = true;
showTimeWithSkips = true;
showUpcomingNotice = false;
showUpsells = false;
minutesSaved = 67.630516;
shownDeArrowPromotion = false;
showZoomToFillError2 = false;
skipNoticeDuration = 4;
sponsorTimesContributed = 0;
testingServer = false;
trackDownvotes = false;
trackDownvotesInPrivate = false;
trackViewCount = false;
trackViewCountInPrivate = false;
ytInfoPermissionGranted = false;
skipNonMusicOnlyOnYoutubeMusic = false;
hookUpdate = false;
permissions = {
sponsor = true;
selfpromo = true;
exclusive_access = true;
interaction = true;
intro = true;
outro = true;
preview = true;
hook = true;
music_offtopic = true;
filler = true;
poi_highlight = true;
chapter = false;
};
segmentListDefaultTab = 0;
prideTheme = false;
};
# ublock-origin
"uBlock0@raymondhill.net".settings = {
advancedUserEnabled = true;
selectedFilterLists = [
"user-filters"
"ublock-filters"
"ublock-badware"
"ublock-privacy"
"ublock-quick-fixes"
"ublock-unbreak"
"easylist"
"easyprivacy"
"adguard-spyware-url"
"urlhaus-1"
"plowe-0"
];
};
# keep-sorted end
};
};
};
};
}

12
modules/home-manager/features/mail.nix
View file

@ -1,11 +1,14 @@
{
# keep-sorted start
config,
lib,
hostName,
# keep-sorted end
...
}:
let
feature = "mail";
in
{
config = lib.mkIf config.${feature}.enable {
accounts.email =
let
certificatesFile = config.age.secrets.protonmail-cert.path;
@ -51,4 +54,9 @@
};
};
age.secrets."protonmail-cert".file = ../../../secrets/protonmail-cert.age;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

10
modules/home-manager/features/obsidian.nix
View file

@ -1,4 +1,9 @@
{ config, lib, ... }:
let
feature = "obsidian";
in
{
config = lib.mkIf config.${feature}.enable {
programs.obsidian = {
enable = true;
defaultSettings = {
@ -113,4 +118,9 @@
};
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

27
modules/home-manager/features/shell-aliases.nix
View file

@ -1,27 +0,0 @@
{
home.shellAliases = {
# keep-sorted start
",cat" = "bat";
",curl" = "xh";
",cut" = "choose";
",df" = "duf";
",diff" = "delta";
",du" = "dua";
",find" = "fd";
",grep" = "rga";
",ping" = "gping";
",ps" = "procs";
",sed" = "sd";
",ss" = "snitch";
",top" = "btm";
",unzip" = "ripunzip";
"g" = "lazygit";
"l" = "eza";
"la" = "eza -a";
"ls" = "eza";
"ns" = "nh os switch";
"vi" = "nvim";
"vim" = "nvim";
# keep-sorted end
};
}

12
modules/home-manager/features/starship.nix
View file

@ -1,4 +1,13 @@
{
config,
lib,
...
}:
let
feature = "starship";
in
{
config = lib.mkIf config.${feature}.enable {
programs.starship = {
enable = true;
settings.character = {
@ -6,4 +15,7 @@
error_symbol = "[%](bold red) ";
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

12
modules/home-manager/features/yazi.nix
View file

@ -1,11 +1,16 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "yazi";
in
{
config = lib.mkIf config.${feature}.enable {
programs.yazi = {
enable = true;
shellWrapperName = "y";
plugins = {
# keep-sorted start
diff = pkgs.yaziPlugins.diff;
@ -22,4 +27,9 @@
# keep-sorted end
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

12
modules/home-manager/features/zed-editor.nix
View file

@ -1,11 +1,14 @@
{
# keep-sorted start
config,
lib,
pkgs,
# keep-sorted end
...
}:
let
feature = "zed-editor";
in
{
config = lib.mkIf config.${feature}.enable {
programs.zed-editor = {
enable = true;
package = pkgs.zed-editor-fhs;
@ -86,4 +89,9 @@
# keep-sorted end
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

15
modules/home-manager/features/zellij.nix
View file

@ -1,9 +1,24 @@
{
config,
lib,
...
}:
let
feature = "zellij";
in
{
config = lib.mkIf config.${feature}.enable {
programs.zellij = {
enable = true;
settings = {
theme = "catppuccin-mocha";
show_startup_tips = false;
default_shell = "fish";
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

15
modules/home-manager/features/zen-browser.nix
View file

@ -1,13 +1,15 @@
{
programs.zen-browser =
config,
lib,
...
}:
let
profileName = "fmnikwnj.Default Profile";
feature = "zen-browser";
in
{
config = lib.mkIf config.${feature}.enable {
programs.zen-browser = {
enable = true;
profiles.${profileName}.settings = {
zen.tabs.vertical.right-side = true;
};
policies =
let
mkLockedAttrs = builtins.mapAttrs (
@ -64,4 +66,7 @@
# keep-sorted end
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

15
modules/home-manager/features/zoxide.nix
View file

@ -1,8 +1,23 @@
{
config,
lib,
...
}:
let
feature = "zoxide";
in
{
config = lib.mkIf config.${feature}.enable {
programs.zoxide = {
enable = true;
enableBashIntegration = true;
options = [
"--cmd j"
];
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

33
modules/nixos/bundles/desktop.nix
View file

@ -1,13 +1,36 @@
{
util,
config,
lib,
pkgs,
...
}:
let
feature = "desktop";
in
{
imports = util.toImports ../features [
config = lib.mkIf config.${feature}.enable {
# keep-sorted start
"pipewire"
"print-and-scan"
"protonmail-bridge"
pipewire.enable = true;
print-and-scan.enable = true;
protonmail-bridge.enable = true;
# keep-sorted end
environment.systemPackages = with pkgs; [
# keep-sorted start
beeper
# TODO: replace with lue/epy
calibre
cameractrls-gtk3
# https://github.com/NixOS/nixpkgs/issues/437865
# jellyfin-media-player
# TODO: replace with sc-im/visidata
onlyoffice-desktopeditors
textsnatcher
# keep-sorted end
];
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

13
modules/nixos/bundles/dev.nix
View file

@ -1,13 +1,26 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "dev";
in
{
config = lib.mkIf config.${feature}.enable {
environment.systemPackages = with pkgs; [
# keep-sorted start
bacon
cargo-info
devenv
just
mask
rusty-man
vscode
# keep-sorted end
];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

24
modules/nixos/bundles/gui.nix
View file

@ -1,24 +0,0 @@
{
# keep-sorted start
pkgs,
util,
# keep-sorted end
...
}:
{
imports = util.toImports ../features [
# keep-sorted start
"fonts"
# keep-sorted end
];
environment.systemPackages = with pkgs; [
# keep-sorted start
cameractrls-gtk3
jellyfin-desktop
libreoffice
signal-desktop
textsnatcher
# keep-sorted end
];
}

62
modules/nixos/bundles/server.nix
View file

@ -1,41 +1,39 @@
{
util,
config,
lib,
...
}:
let
feature = "server";
in
{
imports = util.toImports ../features [
config = lib.mkIf config.${feature}.enable {
# keep-sorted start
"bazarr"
"caddy"
"copyparty"
"couchdb"
"cryptpad"
"fi33.buzz"
"gatus"
"homepage-dashboard"
"immich"
"jellyfin"
"kavita"
"libretranslate"
"lidarr"
"mealie"
"miniflux"
"ntfy-sh"
"nzbget"
"paperless"
"prowlarr"
"qbittorrent"
"radarr"
"radicale"
"readarr"
"send"
"sonarr"
"vaultwarden"
copyparty.enable = true;
couchdb.enable = true;
flaresolverr.enable = true;
homepage-dashboard.enable = true;
immich.enable = true;
jellyfin.enable = true;
lidarr.enable = true;
miniflux.enable = true;
nginx.enable = true;
ntfy-sh.enable = true;
paperless.enable = true;
prowlarr.enable = true;
qbittorrent.enable = true;
radarr.enable = true;
sonarr.enable = true;
syncthing.enable = true;
vaultwarden.enable = true;
# keep-sorted end
];
services.borgbackup.jobs = {
onsite.paths = [ "/srv" ];
offsite.paths = [ "/srv" ];
users.groups.media = { };
services.borgmatic.settings.source_directories = [ "/srv" ];
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

43
modules/nixos/default.nix
View file

@ -1,35 +1,44 @@
{
# keep-sorted start
lib,
pkgs,
util,
# keep-sorted end
...
}:
let
featureBundler =
featuresDir:
map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir));
in
{
imports = util.toImports ./features [
imports = (featureBundler ./bundles) ++ (featureBundler ./features);
# keep-sorted start
"agenix"
"localisation"
"network"
"nh"
"nix"
"nixvim"
"syncthing"
"systemd-boot"
agenix.enable = lib.mkDefault true;
fonts.enable = lib.mkDefault true;
localisation.enable = lib.mkDefault true;
network.enable = lib.mkDefault true;
nh.enable = lib.mkDefault true;
nix-settings.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault true;
nixvim.enable = lib.mkDefault true;
syncthing.enable = lib.mkDefault true;
systemd-boot.enable = lib.mkDefault true;
tailscale.enable = lib.mkDefault true;
# keep-sorted end
];
environment.systemPackages =
with pkgs;
[
# keep-sorted start
bottom # top
broot # large directory browser
choose # cut
circumflex # hacker news browsing
cointop # crypto ticker
ddgr # web search
doggo # dns
dogdns # dns
dua # du
duf # df
epy # ebook reading
fd # find
fselect # find with sql syntax
fx # json processor and viewer
fzf # fuzzy finder
@ -39,12 +48,13 @@
hexyl # hexadecimal viewer
hyperfine # benchmarking tool
keep-sorted # alphabetical formatter
lazygit # git tui
mprocs # run long running commands and monitor output
navi # cheatsheet browser
nb # note taking
nil # nix language server
nixd # nix language server
nixfmt # nix file formatting
nixfmt-rfc-style # nix file formatting
nom # stylistic nix dependency graphs
pastel # colour generation
pdd # datetime calculations
@ -56,11 +66,10 @@
ripunzip # unzip
sd # sed
slides # presentations
snitch # netstat
ticker # stock ticker
tldr # cheat sheets
tmpmail # temporary email address
# topydo # todo.txt helper tool
topydo # todo.txt helper tool
tt # typing test
wtfutil # terminal homepage
xh # curl

11
modules/nixos/features/agenix.nix
View file

@ -1,14 +1,21 @@
{
# keep-sorted start
config,
inputs,
lib,
system,
userName,
# keep-sorted end
...
}:
let
feature = "agenix";
in
{
config = lib.mkIf config.${feature}.enable {
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ];
};
imports = [ inputs.agenix.nixosModules.default ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

15
modules/nixos/features/amd-gpu.nix
View file

@ -1,11 +1,26 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "amd-gpu";
in
{
config = lib.mkIf config.${feature}.enable {
# load graphics drivers before anything else
boot.initrd.kernelModules = [ "amdgpu" ];
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [ amdvlk ];
};
services.xserver.videoDrivers = [ "amdgpu" ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

38
modules/nixos/features/bazarr.nix
View file

@ -1,38 +0,0 @@
let
port = 5017;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "subtitles.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
bazarr = {
enable = true;
dataDir = "/srv/bazarr";
group = "srv";
listenPort = port;
};
gatus.settings.endpoints = [
{
name = "Bazarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

57
modules/nixos/features/borgbackup.nix
View file

@ -1,57 +0,0 @@
{
config,
pkgs,
...
}:
let
jobConfig = {
compression = "auto,zlib";
doInit = false;
preHook = ''
/run/wrappers/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dumpall > /srv/backup/database/postgres/dump.sql
'';
postHook = ''
rm /srv/backup/database/postgres/dump.sql
'';
prune.keep = {
daily = 7;
weekly = 4;
monthly = 6;
yearly = 1;
};
readWritePaths = [
"/srv/backup"
];
startAt = "*-*-* 03:00:00";
extraCreateArgs = [ "-v" ];
};
in
{
services.borgbackup = {
jobs = {
onsite = {
encryption = {
passCommand = "cat ${config.age.secrets.borgbackup-onsite.path}";
mode = "repokey-blake2";
};
removableDevice = true;
repo = "/mnt/external/backup/take2";
}
// jobConfig;
offsite = {
encryption = {
passCommand = "cat ${config.age.secrets.borgbackup-offsite.path}";
mode = "repokey-blake2";
};
environment.BORG_RSH = "ssh -i /home/srv/.ssh/id_ed25519";
repo = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo";
}
// jobConfig;
};
};
age.secrets = {
borgbackup-onsite.file = ../../../secrets/borgbackup-onsite.age;
borgbackup-offsite.file = ../../../secrets/borgbackup-offsite.age;
};
}

24
modules/nixos/features/borgmatic.nix
View file

@ -1,11 +1,13 @@
{
# keep-sorted start
config,
lib,
# keep-sorted end
...
}:
let
feature = "borgmatic";
in
{
config = lib.mkIf config.${feature}.enable {
# service
services.borgmatic = {
enable = true;
@ -20,8 +22,6 @@
ntfy = {
topic = "backups";
server = config.services.ntfy-sh.settings.base-url;
username = "borgmatic";
password = "{credential file ${config.age.secrets.borgmatic-ntfy.path}}";
finish = {
title = "Ping!";
message = "Your backups have succeeded :)";
@ -37,15 +37,16 @@
"fail"
];
};
relocated_repo_access_is_ok = true;
repositories = [
{
path = "/mnt/external/backup/repo";
path = "/backup/repo";
label = "onsite";
# encryption = "repokey-blake2";
}
{
path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo";
label = "offsite";
# encryption = "repokey-blake2";
}
];
retries = 3;
@ -73,10 +74,19 @@
"borgmatic-pg:${config.age.secrets.borgmatic-pg.path}"
];
# onsite drive
services.udisks2.enable = true;
fileSystems."/backup" = {
device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e";
fsType = "ext4";
};
# secrets
age.secrets = {
"borgmatic".file = ../../../secrets/borgmatic.age;
"borgmatic-ntfy".file = ../../../secrets/borgmatic-ntfy.age;
"borgmatic-pg".file = ../../../secrets/borgmatic-pg.age;
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

29
modules/nixos/features/caddy.nix
View file

@ -1,29 +0,0 @@
{
config,
...
}:
{
services.caddy = {
enable = true;
dataDir = "/srv/caddy";
globalConfig = ''
auto_https disable_redirects
'';
openFirewall = true;
};
security.acme = {
acceptTerms = true;
defaults.email = "festive-steed-fit@duck.com";
certs."fi33.buzz" = {
group = config.services.caddy.group;
domain = "fi33.buzz";
extraDomainNames = [ "*.fi33.buzz" ];
dnsProvider = "porkbun";
dnsPropagationCheck = true;
credentialsFile = config.age.secrets."porkbun-api".path;
};
};
age.secrets."porkbun-api".file = ../../../secrets/porkbun-api.age;
}

67
modules/nixos/features/copyparty.nix
View file

@ -1,20 +1,19 @@
{
# keep-sorted start
config,
lib,
inputs,
# keep-sorted end
...
}:
let
port = 5000;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "files.fi33.buzz";
url = "https://${hostname}";
feature = "copyparty";
port = "5000";
in
{
imports = [ inputs.copyparty.nixosModules.default ];
config = lib.mkIf config.${feature}.enable {
services = {
# service
copyparty = {
enable = true;
settings = {
@ -22,49 +21,47 @@ in
e2dsa = true;
e2ts = true;
e2vu = true;
p = port;
xff-hdr = "x-forwarded-for";
rproxy = 1;
p = lib.toInt port;
};
accounts.Impatient7119.passwordFile = config.age.secrets.copyparty.path;
accounts = {
will = {
passwordFile = config.age.secrets.copyparty-will.path;
};
};
volumes."/" = {
volumes = {
"/" = {
path = "/srv/copyparty";
access = {
A = [ "Impatient7119" ];
r = "*";
A = [ "will" ];
};
};
};
};
gatus.settings.endpoints = [
{
name = "copyparty";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
# secrets
age.secrets."copyparty" = {
file = ../../../secrets/copyparty.age;
age.secrets."copyparty-will" = {
file = ../../../secrets/copyparty-will.age;
owner = "copyparty";
};
nixpkgs.overlays = [ inputs.copyparty.overlays.default ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

52
modules/nixos/features/couchdb.nix
View file

@ -1,17 +1,22 @@
{
config,
lib,
...
}:
let
port = 5984;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "couchdb.fi33.buzz";
url = "https://${hostname}";
feature = "couchdb";
port = "5984";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
couchdb = {
enable = true;
databaseDir = "/srv/couchdb";
viewIndexDir = "/srv/couchdb";
configFile = "/srv/couchdb";
inherit port;
port = lib.toInt port;
extraConfig = {
chttpd = {
require_valid_user = true;
@ -31,32 +36,25 @@ in
cors = {
credentials = true;
origins = ''
app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://${hostname},http://${hostname},${url}
app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz
'';
};
};
};
gatus.settings.endpoints = [
{
name = "CouchDB";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 401"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

66
modules/nixos/features/cryptpad.nix
View file

@ -1,66 +0,0 @@
let
httpPort = 5022;
websocketPort = 5024;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "cryptpad.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
cryptpad = {
enable = true;
settings = {
inherit httpPort;
inherit websocketPort;
httpUnsafeOrigin = url;
httpSafeOrigin = "https://cryptpad-ui.fi33.buzz";
inactiveTime = 7;
archiveRetentionTime = 7;
accountRetentionTime = 7;
};
};
gatus.settings.endpoints = [
{
name = "CryptPad";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts."${hostname} cryptpad-ui.fi33.buzz".extraConfig = ''
header Strict-Transport-Security "includeSubDomains; preload"
handle /cryptpad_websocket* {
reverse_proxy localhost:${toString websocketPort} {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
handle {
reverse_proxy localhost:${toString httpPort} {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
@register {
host ${hostname}
path /register*
}
respond @register 403
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

12
modules/nixos/features/external-speakers.nix
View file

@ -1,5 +1,17 @@
{
config,
lib,
...
}:
let
feature = "external-speakers";
in
{
config = lib.mkIf config.${feature}.enable {
boot.extraModprobeConfig = ''
options snd_hda_intel power_save=0
'';
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

19
modules/nixos/features/fi33.buzz.nix
View file

@ -1,19 +0,0 @@
let
certloc = "/var/lib/acme/fi33.buzz";
hostname = "www.fi33.buzz";
in
{
# TODO why can't I serve content on fi33.buzz? dns propagation issue?
services.caddy.virtualHosts = {
"fi33.buzz".extraConfig = ''
redir https://www.fi33.buzz{uri} permanent
'';
${hostname}.extraConfig = ''
root * /srv/fi33.buzz/public
file_server
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

50
modules/nixos/features/firefly.nix
View file

@ -1,50 +0,0 @@
{
config,
...
}:
let
certloc = "/var/lib/acme/fi33.buzz";
in
{
services = {
firefly-iii = {
enable = true;
dataDir = "/srv/firefly";
group = config.services.caddy.group;
settings = {
# keep-sorted start
ALLOW_WEBHOOKS = "true";
APP_KEY_FILE = config.age.secrets.firefly.path;
APP_URL = "https://firefly.fi33.buzz";
DEFAULT_LANGUAGE = "en_GB";
REPORT_ERRORS_ONLINE = "false";
TRUSTED_PROXIES = "**";
TZ = "Australia/Melbourne";
# keep-sorted end
};
};
caddy.virtualHosts."firefly.fi33.buzz".extraConfig = ''
root * ${config.services.firefly-iii.package}/public
php_fastcgi unix//${config.services.phpfpm.pools.firefly-iii.socket}
try_files {path} {path}/ /index.php?{query}
file_server {
index index.php
}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
age.secrets = {
firefly = {
file = ../../../secrets/firefly.age;
owner = "firefly-iii";
};
firefly-db = {
file = ../../../secrets/firefly-db.age;
owner = "firefly-iii";
};
};
}

34
modules/nixos/features/flaresolverr.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
lib,
...
}:
let
feature = "flaresolverr";
port = "5011";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
flaresolverr = {
enable = true;
port = lib.toInt port;
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

11
modules/nixos/features/fonts.nix
View file

@ -1,10 +1,21 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "fonts";
in
{
config = lib.mkIf config.${feature}.enable {
fonts.packages = with pkgs; [
nerd-fonts.jetbrains-mono
inter-nerdfont
];
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

14
modules/nixos/features/gaming.nix
View file

@ -1,12 +1,20 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "gaming";
in
{
config = lib.mkIf config.${feature}.enable {
environment.systemPackages = with pkgs; [
# keep-sorted start
heroic
lutris
mangohud
nexusmods-app
prismlauncher
protonup-qt
wine
@ -17,7 +25,6 @@
programs = {
gamemode.enable = true;
gamescope.enable = true;
steam = {
enable = true;
gamescopeSession.enable = true;
@ -30,5 +37,8 @@
};
# latest kernel
# boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelPackages = pkgs.linuxPackages_latest;
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

55
modules/nixos/features/gatus.nix
View file

@ -1,55 +0,0 @@
{
config,
...
}:
let
port = 5025;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "status.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
gatus = {
enable = true;
environmentFile = config.age.secrets.gatus.path;
settings = {
alerting = {
ntfy = {
topic = "services";
url = config.services.ntfy-sh.settings.base-url;
token = "$NTFY_TOKEN";
click = url;
default-alert = {
description = "Health Check Failed";
send-on-resolved = true;
};
};
};
connectivity.checker = {
target = "1.1.1.1:53";
interval = "60s";
};
ui = {
title = "Health Dashboard | Fi33Buzz";
description = "Fi33Buzz health dashboard";
dashboard-heading = "";
dashboard-subheading = "";
header = "Fi33Buzz Status";
link = "https://home.fi33.buzz/";
default-sort-by = "group";
};
web.port = port;
};
};
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
age.secrets.gatus.file = ../../../secrets/gatus.age;
}

9
modules/nixos/features/gnome.nix
View file

@ -1,8 +1,14 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "gnome";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
desktopManager.gnome.enable = true;
displayManager.gdm.enable = true;
@ -47,4 +53,7 @@
bibata-cursors
];
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

446
modules/nixos/features/homepage-dashboard.nix
View file

@ -1,13 +1,12 @@
{
# keep-sorted start
config,
lib,
pkgs,
# keep-sorted end
...
}:
let
port = 5004;
feature = "homepage-dashboard";
port = "5004";
genSecrets =
secrets:
lib.genAttrs secrets (secret: {
@ -25,54 +24,67 @@ let
# keep-sorted start
"immich"
"jellyfin"
"kavita-api"
"lidarr"
"mealie"
"miniflux"
"nzbget"
"paperless"
"prowlarr"
"radarr"
"readarr"
"sonarr"
"subtitles"
# keep-sorted end
];
certloc = "/var/lib/acme/fi33.buzz";
hostname = "home.fi33.buzz";
url = "https://${hostname}";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
homepage-dashboard = {
enable = true;
listenPort = port;
allowedHosts = hostname;
listenPort = lib.toInt port;
allowedHosts = "homepage-dashboard.fi33.buzz";
services = [
# keep-sorted start block=yes
{
"Public Services" = [
"Cloud Services" = [
{
CryptPad = {
description = "Collaborative office suite";
icon = "cryptpad.svg";
href = "https://cryptpad.fi33.buzz/";
siteMonitor = "https://cryptpad.fi33.buzz/";
"copyparty" = {
"description" = "Cloud file manager";
"icon" = "sh-copyparty.svg";
"href" = "https://copyparty.fi33.buzz/";
};
}
{
LibreTranslate = {
description = "Machine Translation API";
icon = "libretranslate.svg";
href = "https://translate.fi33.buzz/";
siteMonitor = "https://translate.fi33.buzz/";
"CouchDB" = {
"description" = "Obsidian sync database";
"icon" = "couchdb.svg";
"href" = "https://couchdb.fi33.buzz/_utils/";
};
}
{
Send = {
description = "Simple, private file sharing";
icon = "send.svg";
href = "https://send.fi33.buzz/";
siteMonitor = "https://send.fi33.buzz/";
"ntfy" = {
"description" = "Notification service";
"icon" = "ntfy.svg";
"href" = "https://ntfy-sh.fi33.buzz/";
};
}
{
"Syncthing" = {
"description" = "Decentralised file synchronisation";
"icon" = "syncthing.svg";
"href" = "https://syncthing.fi33.buzz/";
};
}
{
"qBittorrent" = {
"description" = "BitTorrent client";
"icon" = "qbittorrent.svg";
"href" = "https://qbittorrent.fi33.buzz/";
};
}
{
"Vaultwarden" = {
"description" = "Password manager";
"icon" = "vaultwarden.svg";
"href" = "https://vaultwarden.fi33.buzz/";
};
}
];
@ -80,330 +92,173 @@ in
{
"Media Management" = [
{
Radarr = {
description = "Movie organizer/manager";
icon = "radarr.svg";
href = "https://movies.fi33.buzz/";
siteMonitor = "https://movies.fi33.buzz/";
widget = {
type = "radarr";
url = "https://movies.fi33.buzz/";
key = "@radarr@";
enableQueue = true;
"Lidarr" = {
"description" = "Music collection manager";
"icon" = "lidarr.svg";
"href" = "https://lidarr.fi33.buzz/";
"widget" = {
"type" = "lidarr";
"url" = "https://lidarr.fi33.buzz/";
"key" = "@lidarr@";
"enableQueue" = true;
};
};
}
{
Sonarr = {
description = "Smart PVR";
icon = "sonarr.svg";
href = "https://shows.fi33.buzz/";
siteMonitor = "https://shows.fi33.buzz/";
widget = {
type = "sonarr";
url = "https://shows.fi33.buzz/";
key = "@sonarr@";
enableQueue = true;
"Prowlarr" = {
"description" = "Indexer management tool";
"icon" = "prowlarr.svg";
"href" = "https://prowlarr.fi33.buzz/";
"widget" = {
"type" = "prowlarr";
"url" = "https://prowlarr.fi33.buzz/";
"key" = "@prowlarr@";
};
};
}
{
Lidarr = {
description = "Like Sonarr but made for music";
icon = "lidarr.svg";
href = "https://music.fi33.buzz/";
siteMonitor = "https://music.fi33.buzz/";
widget = {
type = "lidarr";
url = "https://music.fi33.buzz/";
key = "@lidarr@";
enableQueue = true;
"Radarr" = {
"description" = "Movie collection manager";
"icon" = "radarr.svg";
"href" = "https://radarr.fi33.buzz/";
"widget" = {
"type" = "radarr";
"url" = "https://radarr.fi33.buzz/";
"key" = "@radarr@";
"enableQueue" = true;
};
};
}
{
Readarr = {
description = "Book Manager and Automation";
icon = "readarr.svg";
href = "https://books.fi33.buzz/";
siteMonitor = "https://books.fi33.buzz/";
widget = {
type = "readarr";
url = "https://books.fi33.buzz/";
key = "@readarr@";
enableQueue = true;
"Sonarr" = {
"description" = "TV show collection manager";
"icon" = "sonarr.svg";
"href" = "https://sonarr.fi33.buzz/";
"widget" = {
"type" = "sonarr";
"url" = "https://sonarr.fi33.buzz/";
"key" = "@sonarr@";
"enableQueue" = true;
};
};
}
{
Bazarr = {
description = "Subtitle manager and downloader";
icon = "bazarr.svg";
href = "https://subtitles.fi33.buzz/";
siteMonitor = "https://subtitles.fi33.buzz/";
widget = {
type = "bazarr";
url = "https://subtitles.fi33.buzz/";
key = "@subtitles@";
};
};
}
{
Prowlarr = {
description = "Indexer manager/proxy";
icon = "prowlarr.svg";
href = "https://prowlarr.fi33.buzz/";
siteMonitor = "https://prowlarr.fi33.buzz/";
widget = {
type = "prowlarr";
url = "https://prowlarr.fi33.buzz/";
key = "@prowlarr@";
};
};
}
{
NZBget = {
description = "Usenet Downloader";
icon = "nzbget.svg";
href = "https://usenet.fi33.buzz/";
siteMonitor = "https://usenet.fi33.buzz/";
widget = {
type = "nzbget";
url = "https://usenet.fi33.buzz/";
username = "nzbget";
password = "@nzbget@";
};
};
}
{
qBittorrent = {
description = "BitTorrent client";
icon = "qbittorrent.svg";
href = "https://bittorrent.fi33.buzz/";
siteMonitor = "https://bittorrent.fi33.buzz/";
};
}
];
}
{
"Private Services" = [
{
copyparty = {
description = "Portable file server";
icon = "sh-copyparty.svg";
href = "https://files.fi33.buzz/";
siteMonitor = "https://files.fi33.buzz/";
};
}
{
CouchDB = {
description = "Syncing database";
icon = "couchdb.svg";
href = "https://couchdb.fi33.buzz/_utils/";
siteMonitor = "https://couchdb.fi33.buzz/_utils/";
};
}
{
Mealie = {
description = "Recipe manager and meal planner";
icon = "mealie.svg";
href = "https://mealie.fi33.buzz/";
siteMonitor = "https://mealie.fi33.buzz/";
widget = {
type = "mealie";
url = "https://mealie.fi33.buzz/";
version = 2;
key = "@mealie@";
};
};
}
{
ntfy = {
description = "Send push notifications using PUT/POST";
icon = "ntfy.svg";
href = "https://notify.fi33.buzz/";
siteMonitor = "https://notify.fi33.buzz/";
};
}
{
Radicale = {
description = "A simple CalDAV (calendar) and CardDAV (contact) server";
icon = "radicale.svg";
href = "https://caldav.fi33.buzz";
siteMonitor = "https://caldav.fi33.buzz";
};
}
{
Syncthing = {
description = "Open Source Continuous File Synchronization";
icon = "syncthing.svg";
href = "https://sync.fi33.buzz/";
siteMonitor = "https://sync.fi33.buzz/";
};
}
{
Vaultwarden = {
description = "Unofficial Bitwarden compatible server";
icon = "vaultwarden.svg";
href = "https://vault.fi33.buzz/";
siteMonitor = "https://vault.fi33.buzz/";
};
}
];
}
{
"Media Streaming" = [
{
Immich = {
description = "Photo and video management solution";
icon = "immich.svg";
href = "https://photos.fi33.buzz/";
siteMonitor = "https://photos.fi33.buzz/";
widget = {
type = "immich";
fields = [
"Immich" = {
"description" = "Photo backup";
"icon" = "immich.svg";
"href" = "https://immich.fi33.buzz/";
"widget" = {
"type" = "immich";
"fields" = [
"users"
"photos"
"videos"
"storage"
];
url = "https://photos.fi33.buzz/";
version = 2;
key = "@immich@";
"url" = "https://immich.fi33.buzz/";
"version" = 2;
"key" = "@immich@";
};
};
}
{
Jellyfin = {
description = "Media System";
icon = "jellyfin.svg";
href = "https://media.fi33.buzz/";
siteMonitor = "https://media.fi33.buzz/";
widget = {
type = "jellyfin";
url = "https://media.fi33.buzz/";
key = "@jellyfin@";
enableBlocks = true;
enableNowPlaying = true;
enableUser = true;
showEpisodeNumber = true;
expandOneStreamToTwoRows = false;
"Jellyfin" = {
"description" = "Media streaming";
"icon" = "jellyfin.svg";
"href" = "https://jellyfin.fi33.buzz/";
"widget" = {
"type" = "jellyfin";
"url" = "https://jellyfin.fi33.buzz/";
"key" = "@jellyfin@";
"enableBlocks" = true;
"enableNowPlaying" = true;
"enableUser" = true;
"showEpisodeNumber" = true;
"expandOneStreamToTwoRows" = false;
};
};
}
{
Kavita = {
description = "Reading server";
icon = "kavita.svg";
href = "https://library.fi33.buzz/";
siteMonitor = "https://library.fi33.buzz/";
widget = {
type = "kavita";
url = "https://library.fi33.buzz/";
key = "@kavita-api@";
"Miniflux" = {
"description" = "RSS aggregator";
"icon" = "miniflux.svg";
"href" = "https://miniflux.fi33.buzz/";
"widget" = {
"type" = "miniflux";
"url" = "https://miniflux.fi33.buzz/";
"key" = "@miniflux@";
};
};
}
{
Miniflux = {
description = "Feed reader";
icon = "miniflux.svg";
href = "https://feeds.fi33.buzz/";
siteMonitor = "https://feeds.fi33.buzz/";
widget = {
type = "miniflux";
url = "https://feeds.fi33.buzz/";
key = "@miniflux@";
};
};
}
{
Paperless = {
description = "Document management system";
icon = "paperless.svg";
href = "https://documents.fi33.buzz/";
siteMonitor = "https://documents.fi33.buzz/";
widget = {
type = "paperlessngx";
url = "https://documents.fi33.buzz/";
username = "admin";
password = "@paperless@";
"Paperless" = {
"description" = "Digital filing cabinet";
"icon" = "paperless.svg";
"href" = "https://paperless.fi33.buzz/";
"widget" = {
"type" = "paperlessngx";
"url" = "https://paperless.fi33.buzz/";
"username" = "admin";
"password" = "@paperless@";
};
};
}
];
}
{
Utilities = [
"Utilities" = [
{
Gatus = {
description = "Status page";
icon = "gatus.svg";
href = "https://status.fi33.buzz/";
siteMonitor = "https://status.fi33.buzz/";
widget = {
type = "gatus";
url = "https://status.fi33.buzz/";
};
};
}
{
NanoKVM = {
description = "Remote KVM switch";
icon = "mdi-console.svg";
href = "http://nano-kvm/";
"NanoKVM" = {
"description" = "Remote KVM switch";
"icon" = "mdi-console.svg";
"href" = "http://nano-kvm/";
};
}
];
}
# keep-sorted end
];
settings = {
title = "Mission Control";
theme = "dark";
color = "neutral";
headerStyle = "clean";
hideVersion = true;
layout = [
{
"Public Services" = {
style = "row";
columns = 3;
useEqualHeights = true;
};
}
{
"Private Services" = {
style = "row";
columns = 3;
useEqualHeights = true;
};
}
{
"Media Streaming" = {
style = "row";
columns = 3;
columns = 4;
useEqualHeights = true;
};
}
{
"Media Management" = {
style = "row";
columns = 3;
columns = 4;
useEqualHeights = true;
};
}
{
Utilities = {
"Cloud Services" = {
style = "row";
columns = 3;
};
}
{
"Utilities" = {
style = "row";
columns = 3;
useEqualHeights = true;
initiallyCollapsed = true;
};
}
];
quicklaunch.searchDescriptions = true;
disableUpdateCheck = true;
showStats = true;
statusStyle = "dot";
};
widgets = [
{
@ -423,7 +278,7 @@ in
memory = true;
disk = [
"/"
"/mnt/external"
"/backup"
];
cputemp = true;
tempmin = 0;
@ -436,30 +291,23 @@ in
];
};
gatus.settings.endpoints = [
{
name = "Homepage Dashboard";
group = "Utilities";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
# secrets
age.secrets = genSecrets secrets;
system.activationScripts = insertSecrets secrets;
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

55
modules/nixos/features/immich.nix
View file

@ -1,37 +1,46 @@
{
config,
lib,
...
}:
let
port = 2283;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "photos.fi33.buzz";
url = "https://${hostname}";
feature = "immich";
port = "2283";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
immich = {
enable = true;
inherit port;
port = builtins.fromJSON "${port}";
mediaLocation = "/srv/immich";
};
gatus.settings.endpoints = [
# database backup
borgmatic.settings = {
postgresql_databases = [
{
name = "Immich";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
name = "immich";
hostname = "localhost";
username = "root";
password = "{credential systemd borgmatic-pg}";
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
nginx = {
clientMaxBodySize = "50000M";
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://[::1]:${port}";
proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

11
modules/nixos/features/intel-gpu.nix
View file

@ -1,8 +1,14 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "intel-gpu";
in
{
config = lib.mkIf config.${feature}.enable {
hardware = {
enableAllFirmware = true;
graphics = {
@ -18,4 +24,9 @@
];
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

45
modules/nixos/features/jellyfin.nix
View file

@ -1,38 +1,28 @@
{
config,
lib,
...
}:
let
port = 8096;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "media.fi33.buzz";
url = "https://${hostname}";
feature = "jellyfin";
port = "8096";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
jellyfin = {
enable = true;
dataDir = "/srv/jellyfin";
group = "srv";
group = "media";
};
gatus.settings.endpoints = [
{
name = "Jellyfin";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
# reverse proxy
nginx.virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
# use intel iGP
@ -40,4 +30,7 @@ in
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

22
modules/nixos/features/karakeep.nix
View file

@ -1,22 +0,0 @@
let
port = 5014;
certloc = "/var/lib/acme/fi33.buzz";
in
{
services = {
karakeep = {
enable = true;
extraEnvironment = {
PORT = toString port;
DISABLE_NEW_RELEASE_CHECK = "true";
};
};
caddy.virtualHosts."karakeep.fi33.buzz".extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

44
modules/nixos/features/kavita.nix
View file

@ -1,44 +0,0 @@
{
config,
...
}:
let
port = 5015;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "library.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
kavita = {
enable = true;
dataDir = "/srv/kavita";
settings.Port = port;
tokenKeyFile = config.age.secrets.kavita.path;
};
gatus.settings.endpoints = [
{
name = "Kavita";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
age.secrets.kavita.file = ../../../secrets/kavita.age;
}

37
modules/nixos/features/libretranslate.nix
View file

@ -1,37 +0,0 @@
let
port = 5023;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "translate.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
libretranslate = {
enable = true;
inherit port;
updateModels = true;
};
gatus.settings.endpoints = [
{
name = "LibreTranslate";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

54
modules/nixos/features/lidarr.nix
View file

@ -1,40 +1,36 @@
{
config,
lib,
...
}:
let
port = 5012;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "music.fi33.buzz";
url = "https://${hostname}";
feature = "lidarr";
port = "5012";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
lidarr = {
enable = true;
dataDir = "/srv/lidarr";
settings.server = {
inherit port;
};
group = "srv";
settings.server.port = lib.toInt port;
group = "media";
};
gatus.settings.endpoints = [
{
name = "Lidarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

12
modules/nixos/features/link2c.nix
View file

@ -1,5 +1,17 @@
{
config,
lib,
...
}:
let
feature = "link2c";
in
{
config = lib.mkIf config.${feature}.enable {
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="2e1a", ATTR{idProduct}=="4c03", TEST=="power/control", ATTR{power/control}="on"
'';
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

46
modules/nixos/features/llm.nix
View file

@ -1,46 +0,0 @@
{
pkgs,
...
}:
{
environment.systemPackages = [ pkgs.ollama-rocm ];
services = {
open-webui.enable = true;
ollama = {
enable = true;
package = pkgs.ollama-rocm;
loadModels = [
# small
# keep-sorted start
"deepseek-r1:1.5b"
"gemma3:1b"
"gemma3:270m"
"gemma3:4b"
"llama3.2:1b"
"llama3.2:3b"
"ministral-3:3b"
"qwen3:0.6b"
"qwen3:1.7b"
"qwen3:4b"
# keep-sorted end
# medium
# keep-sorted start
"deepseek-r1:7b"
"deepseek-r1:8b"
"llama3.1:8b"
"ministral-3:8b"
"qwen3:8b"
# keep-sorted end
# large
# keep-sorted start
"deepseek-r1:14b"
"gemma3:12b"
"ministral-3:14b"
"qwen3:14b"
# keep-sorted end
];
};
};
}

15
modules/nixos/features/localisation.nix
View file

@ -1,12 +1,21 @@
{ config, lib, ... }:
let
feature = "localisation";
in
{
config = lib.mkIf config.${feature}.enable {
i18n = {
defaultLocale = "en_AU.UTF-8";
extraLocales = [
"en_GB.UTF-8/UTF-8"
supportedLocales = [
"en_US.UTF-8/UTF-8"
"en_AU.UTF-8/UTF-8"
];
extraLocaleSettings.LC_ALL = "en_GB.UTF-8";
};
time.timeZone = "Australia/Melbourne";
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

53
modules/nixos/features/mealie.nix
View file

@ -1,53 +0,0 @@
{
pkgs,
...
}:
let
port = 5026;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "mealie.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
mealie = {
enable = true;
inherit port;
settings = {
TZ = "Australia/Melbourne";
ALLOW_SIGNUP = "false";
};
};
gatus.settings.endpoints = [
{
name = "Mealie";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
borgbackup.jobs = {
onsite = {
paths = [ "/var/lib/mealie" ];
};
offsite = {
paths = [ "/var/lib/mealie" ];
};
};
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

56
modules/nixos/features/miniflux.nix
View file

@ -1,46 +1,54 @@
{
config,
lib,
...
}:
let
port = 5010;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "feeds.fi33.buzz";
url = "https://${hostname}";
feature = "miniflux";
port = "5010";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets.miniflux-creds.path;
config = {
BASE_URL = url;
LISTEN_ADDR = "localhost:${toString port}";
BASE_URL = "https://miniflux.fi33.buzz";
LISTEN_ADDR = "localhost:${port}";
};
};
gatus.settings.endpoints = [
# database backup
borgmatic.settings = {
postgresql_databases = [
{
name = "Miniflux";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
name = "miniflux";
hostname = "localhost";
username = "root";
password = "{credential systemd borgmatic-pg}";
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
# secrets
age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age;
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

12
modules/nixos/features/network.nix
View file

@ -1,11 +1,21 @@
{
config,
lib,
hostName,
...
}:
let
feature = "network";
in
{
config = lib.mkIf config.${feature}.enable {
networking = {
hostName = "${hostName}";
networkmanager.enable = true;
firewall.enable = true;
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

13
modules/nixos/features/nginx.nix
View file

@ -1,8 +1,13 @@
{
config,
lib,
...
}:
let
feature = "nginx";
in
{
config = lib.mkIf config.${feature}.enable {
services.nginx = {
enable = true;
@ -31,7 +36,13 @@
};
};
age.secrets."porkbun-api".file = ../../../secrets/porkbun-api.age;
# secrets
age.secrets."porkbun-api" = {
file = ../../../secrets/porkbun-api.age;
};
users.users.nginx.extraGroups = [ "acme" ];
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

9
modules/nixos/features/nh.nix
View file

@ -1,11 +1,20 @@
{
config,
lib,
userName,
...
}:
let
feature = "nh";
in
{
config = lib.mkIf config.${feature}.enable {
programs.nh = {
enable = true;
# clean.enable = true;
flake = "/home/${userName}/.dots";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

34
modules/nixos/features/nix-settings.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, lib, ... }:
let
feature = "nix-settings";
in
{
config = lib.mkIf config.${feature}.enable {
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 20d";
persistent = true;
};
optimise = {
automatic = true;
persistent = true;
};
settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"will"
"srv"
];
};
};
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

35
modules/nixos/features/nix.nix
View file

@ -1,35 +0,0 @@
{
lib,
...
}:
{
# rip out default packages
environment.defaultPackages = lib.mkForce [ ];
# allow packages with non-free licenses
nixpkgs.config.allowUnfree = true;
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 20d";
persistent = true;
};
optimise = {
automatic = true;
persistent = true;
};
settings = {
allowed-users = [ "@wheel" ];
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"will"
"srv"
];
};
};
}

13
modules/nixos/features/nixpkgs.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }:
let
feature = "nixpkgs";
in
{
config = lib.mkIf config.${feature}.enable {
nixpkgs.config.allowUnfree = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

18
modules/nixos/features/nixvim.nix
View file

@ -1,8 +1,14 @@
{
config,
inputs,
lib,
...
}:
let
feature = "nixvim";
in
{
config = lib.mkIf config.${feature}.enable {
environment.variables.EDITOR = "nvim";
programs.nixvim = {
enable = true;
@ -20,18 +26,13 @@
};
diagnostic.settings.virtual_lines = true;
opts = {
# keep-sorted start
autoindent = true;
colorcolumn = "80";
expandtab = true;
number = true;
relativenumber = true;
shiftwidth = 2;
# get suggestions by typing z=
spell = true;
spelllang = "en_au";
tabstop = 2;
# keep-sorted end
colorcolumn = "80";
};
plugins = {
# autoclose brackets
@ -71,6 +72,8 @@
inlayHints = true;
servers = {
nixd.enable = true;
}
// lib.optionalAttrs config.dev.enable {
rust_analyzer = {
enable = true;
installCargo = true;
@ -97,6 +100,9 @@
treesitter.enable = true;
};
};
};
imports = [ inputs.nixvim.nixosModules.nixvim ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

65
modules/nixos/features/ntfy-sh.nix
View file

@ -1,59 +1,38 @@
{
config,
lib,
...
}:
let
port = 5002;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "notify.fi33.buzz";
url = "https://${hostname}";
feature = "ntfy-sh";
port = "5002";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
ntfy-sh = {
enable = true;
environmentFile = config.age.secrets.ntfy.path;
settings = {
base-url = url;
listen-http = ":${toString port}";
base-url = "https://ntfy-sh.fi33.buzz";
listen-http = ":${port}";
behind-proxy = true;
auth-default-access = "deny-all";
auth-users = [
"Debit3885:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:admin"
"gatus:$2a$12$OswG3sB8oDaB.KpawKM3P.78dID.Tj/0y5qeVD5BE6EH5bpGKe.na:user"
];
auth-access = [
"gatus:services:wo"
];
};
};
gatus.settings.endpoints = [
{
name = "ntfy";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
borgbackup.jobs = {
onsite.paths = [ "/var/lib/ntfy-sh" ];
offsite.paths = [ "/var/lib/ntfy-sh" ];
};
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
age.secrets.ntfy.file = ../../../secrets/ntfy.age;
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

46
modules/nixos/features/nzbget.nix
View file

@ -1,46 +0,0 @@
{
pkgs,
...
}:
let
port = 5018;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "usenet.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
nzbget = {
enable = true;
settings = {
MainDir = "/srv/nzbget";
ControlPort = port;
};
group = "srv";
};
gatus.settings.endpoints = [
{
name = "NZBget";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 401"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
environment.systemPackages = with pkgs; [ unrar ];
}

52
modules/nixos/features/paperless.nix
View file

@ -1,51 +1,57 @@
{
config,
lib,
...
}:
let
port = 5013;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "documents.fi33.buzz";
url = "https://${hostname}";
feature = "paperless";
port = "5013";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
paperless = {
enable = true;
dataDir = "/srv/paperless";
database.createLocally = true;
passwordFile = config.age.secrets.paperless.path;
inherit port;
port = lib.toInt port;
settings = {
PAPERLESS_URL = url;
PAPERLESS_URL = "https://paperless.fi33.buzz";
};
};
gatus.settings.endpoints = [
# database backup
borgmatic.settings = {
postgresql_databases = [
{
name = "Paperless";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
name = "paperless";
hostname = "localhost";
username = "root";
password = "{credential systemd borgmatic-pg}";
}
];
};
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
age.secrets."paperless" = {
file = ../../../secrets/paperless.age;
owner = "paperless";
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

8
modules/nixos/features/pipewire.nix
View file

@ -1,4 +1,9 @@
{ config, lib, ... }:
let
feature = "pipewire";
in
{
config = lib.mkIf config.${feature}.enable {
security.rtkit.enable = true;
services.pipewire = {
@ -8,4 +13,7 @@
jack.enable = true;
pulse.enable = true;
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

12
modules/nixos/features/plasma.nix
View file

@ -1,8 +1,14 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "plasma";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm = {
@ -15,6 +21,9 @@
with pkgs.kdePackages;
[
# keep-sorted start
kget
kontact
# TODO: replace with transmission
ktorrent
kzones
# keep-sorted end
@ -24,4 +33,7 @@
haruna
# keep-sorted end
]);
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

9
modules/nixos/features/print-and-scan.nix
View file

@ -1,8 +1,14 @@
{
config,
lib,
pkgs,
...
}:
let
feature = "print-and-scan";
in
{
config = lib.mkIf config.${feature}.enable {
hardware.sane = {
enable = true;
extraBackends = [ pkgs.hplip ];
@ -18,4 +24,7 @@
drivers = [ pkgs.hplip ];
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

14
modules/nixos/features/protonmail-bridge.nix
View file

@ -1,3 +1,17 @@
{
config,
lib,
...
}:
let
feature = "protonmail-bridge";
in
{
config = lib.mkIf config.${feature}.enable {
services.protonmail-bridge.enable = true;
};
imports = [ ];
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

60
modules/nixos/features/prowlarr.nix
View file

@ -1,51 +1,35 @@
{
pkgs,
config,
lib,
...
}:
let
port = 5009;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "prowlarr.fi33.buzz";
url = "https://${hostname}";
feature = "prowlarr";
port = "5009";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
prowlarr = {
enable = true;
settings.server = {
inherit port;
dataDir = "/srv/prowlarr";
settings.server.port = lib.toInt port;
};
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
gatus.settings.endpoints = [
{
name = "Prowlarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
borgbackup.jobs = {
onsite = {
paths = [ "/var/lib/prowlarr" ];
};
offsite = {
paths = [ "/var/lib/prowlarr" ];
};
};
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

50
modules/nixos/features/qbittorrent.nix
View file

@ -1,41 +1,37 @@
{ config, lib, ... }:
let
port = 5005;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "bittorrent.fi33.buzz";
url = "https://${hostname}";
feature = "qbittorrent";
port = "5005";
in
{
config = lib.mkIf config.${feature}.enable {
users.users.qbittorrent.extraGroups = [ "media" ];
services = {
# service
qbittorrent = {
enable = true;
webuiPort = port;
webuiPort = lib.toInt port;
profileDir = "/srv";
group = "srv";
group = "media";
extraArgs = [
"--confirm-legal-notice"
];
};
gatus.settings.endpoints = [
{
name = "qBittorrent";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

32
modules/nixos/features/qui.nix
View file

@ -1,32 +0,0 @@
{
# keep-sorted start
lib,
pkgs,
# keep-sorted end
...
}:
let
port = 5019;
certloc = "/var/lib/acme/fi33.buzz";
in
{
environment.systemPackages = [ pkgs.qui ];
systemd.user.services.qui = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${lib.getExe pkgs.qui} serve";
environment = {
QUI__PORT = toString port;
QUI__DATA_DIR = "/srv/qui";
};
};
services.caddy.virtualHosts."qui.fi33.buzz".extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}

55
modules/nixos/features/radarr.nix
View file

@ -1,40 +1,37 @@
{
config,
lib,
...
}:
let
port = 5007;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "movies.fi33.buzz";
url = "https://${hostname}";
feature = "radarr";
port = "5007";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
radarr = {
enable = true;
dataDir = "/srv/radarr";
settings.server = {
inherit port;
};
group = "srv";
settings.server.port = lib.toInt port;
group = "media";
};
gatus.settings.endpoints = [
{
name = "Radarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

61
modules/nixos/features/radicale.nix
View file

@ -1,61 +0,0 @@
{
config,
...
}:
let
port = 5003;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "caldav.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
radicale = {
enable = true;
settings = {
server = {
hosts = [
"0.0.0.0:${toString port}"
"[::]:${toString port}"
];
};
auth = {
type = "htpasswd";
htpasswd_filename = config.age.secrets.radicale.path;
htpasswd_encryption = "plain";
};
storage = {
filesystem_folder = "/srv/radicale";
};
};
};
gatus.settings.endpoints = [
{
name = "Radicale";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
# secrets
age.secrets."radicale" = {
file = ../../../secrets/radicale.age;
owner = "radicale";
};
}

40
modules/nixos/features/readarr.nix
View file

@ -1,40 +0,0 @@
let
port = 5016;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "books.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
readarr = {
enable = true;
dataDir = "/srv/readarr";
settings.server = {
inherit port;
};
group = "srv";
};
gatus.settings.endpoints = [
{
name = "Readarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

45
modules/nixos/features/send.nix
View file

@ -1,45 +0,0 @@
let
port = 5020;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "send.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
send = {
enable = true;
inherit port;
baseUrl = url;
environment = {
DEFAULT_EXPIRE_SECONDS = 360;
EXPIRE_TIMES_SECONDS = "360";
DOWNLOAD_COUNTS = "1";
MAX_DOWNLOADS = 1;
MAX_EXPIRE_SECONDS = 1024;
MAX_FILE_SIZE = 134217728;
};
};
gatus.settings.endpoints = [
{
name = "Send";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

55
modules/nixos/features/sonarr.nix
View file

@ -1,40 +1,37 @@
{
config,
lib,
...
}:
let
port = 5006;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "shows.fi33.buzz";
url = "https://${hostname}";
feature = "sonarr";
port = "5006";
in
{
config = lib.mkIf config.${feature}.enable {
services = {
# service
sonarr = {
enable = true;
dataDir = "/srv/sonarr";
settings.server = {
inherit port;
};
group = "srv";
settings.server.port = lib.toInt port;
group = "media";
};
gatus.settings.endpoints = [
{
name = "Sonarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
# reverse proxy
nginx = {
virtualHosts."${feature}.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
};
};
};
};
options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
}

23
modules/nixos/features/star-citizen.nix
View file

@ -1,23 +0,0 @@
{
# keep-sorted start
inputs,
system,
# keep-sorted end
...
}:
{
nix.settings = {
substituters = [ "https://nix-citizen.cachix.org" ];
trusted-public-keys = [ "nix-citizen.cachix.org-1:lPMkWc2X8XD4/7YPEEwXKKBg+SVbYTVrAaLA2wQTKCo=" ];
};
environment.systemPackages = [
inputs.nix-citizen.packages.${system}.rsi-launcher
];
zramSwap = {
enable = true;
memoryPercent = 100;
writebackDevice = "/dev/sda1";
};
}

6
modules/nixos/features/sudo.nix
View file

@ -1,6 +0,0 @@
{
...
}:
{
security.sudo.execWheelOnly = true;
}

Some files were not shown because too many files have changed in this diff Show more