From c1684a80f759d21be483eaeeca1765f76ce1171e Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 6 Mar 2026 16:24:53 -0600 Subject: [PATCH] Begin Dendritic rewrite --- .gitmodules | 3 - flake-parts.nix | 7 + flake.nix | 182 +------- homes/nathan/flake.nix | 40 -- homes/nathan/home-manager/default.nix | 188 ++++---- .../nathan/home-manager/dotfiles/default.nix | 21 +- .../nathan/home-manager/packages/default.nix | 127 +++--- .../home-manager/packages/scripts/default.nix | 251 +++++------ .../home-manager/programs/aurora/default.nix | 17 + .../programs/calcurse/default.nix | 23 +- .../nathan/home-manager/programs/default.nix | 21 +- .../home-manager/programs/firefox/default.nix | 79 ++-- .../home-manager/programs/git/default.nix | 71 +-- .../programs/hyprland/default.nix | 75 ++-- .../programs/hyprlock/default.nix | 85 ++-- .../programs/hyprpanel/default.nix | 21 +- .../home-manager/programs/nh/default.nix | 31 +- .../home-manager/programs/pywal/default.nix | 27 +- .../programs/quickshell/default.nix | 37 +- .../home-manager/programs/rofi/default.nix | 27 +- .../programs/terminal/bash/default.nix | 48 ++- .../programs/terminal/bat/default.nix | 27 +- .../programs/terminal/default.nix | 17 - .../programs/terminal/eza/default.nix | 23 +- .../programs/terminal/fzf/default.nix | 21 +- .../programs/terminal/kitty/default.nix | 61 +-- .../programs/terminal/lf/default.nix | 9 +- .../programs/terminal/ohmyposh/default.nix | 229 +++++----- .../programs/terminal/opencode/default.nix | 63 +-- .../programs/terminal/ssh/default.nix | 39 +- .../programs/terminal/tmux/default.nix | 39 +- .../programs/terminal/zoxide/default.nix | 19 +- .../programs/terminal/zsh/default.nix | 63 +-- .../nathan/home-manager/services/default.nix | 9 - .../home-manager/services/mpd/default.nix | 65 +-- homes/nathan/home.nix | 49 ++- machines/android | 1 - profiles/container/default.nix | 259 +++++------ profiles/homebox/default.nix | 199 ++++----- profiles/iso/default.nix | 173 ++++---- profiles/jesstop/default.nix | 215 ++++----- profiles/jesstop/hardware-configuration.nix | 68 +-- profiles/laptop/default.nix | 177 ++++---- profiles/live/default.nix | 199 ++++----- profiles/live/disko.nix | 129 +++--- profiles/pi4/default.nix | 239 +++++----- profiles/pi4/disko.nix | 129 +++--- profiles/pi4/hardware-configuration.nix | 42 +- system/default.nix | 181 ++++---- system/etc/default.nix | 6 +- system/packages/default.nix | 14 +- system/programs/default.nix | 9 - system/programs/hyprland/default.nix | 34 +- system/programs/hyprpanel/default.nix | 52 +-- system/programs/steam/default.nix | 22 +- system/services/avahi/default.nix | 42 +- system/services/default.nix | 9 - system/services/dynamicDNS/default.nix | 54 +-- system/services/kdePlasma6/default.nix | 54 +-- system/services/netbird/default.nix | 42 +- system/services/novnc/default.nix | 52 +-- system/services/ollama/default.nix | 42 +- system/services/openssh/default.nix | 32 +- system/services/pipewire/default.nix | 75 ++-- system/services/sddm/default.nix | 53 +-- system/services/wyoming/default.nix | 107 ++--- system/users/default.nix | 232 +++++----- system/users/nathan/default.nix | 39 +- .../containers/code-server/default.nix | 53 +-- system/virtualization/containers/default.nix | 32 -- .../containers/gitea/default.nix | 167 +++---- .../containers/gitlab/default.nix | 172 -------- .../containers/minecraft/default.nix | 108 ----- .../containers/nginx/default.nix | 61 +-- .../containers/novnc/default.nix | 73 ++-- .../containers/ntfy/default.nix | 57 +-- .../containers/rustdesk/default.nix | 143 +++--- .../containers/sandbox/default.nix | 135 +++--- .../containers/wyoming/default.nix | 191 ++++---- system/virtualization/default.nix | 9 - .../docker/authentik/default.nix | 405 ++++++++--------- system/virtualization/docker/default.nix | 93 ++-- .../virtualization/docker/gitea/default.nix | 265 ++++++------ .../docker/home-assistant/default.nix | 87 ++-- .../docker/jellyfin/default.nix | 211 ++++----- system/virtualization/docker/n8n/default.nix | 181 ++++---- .../virtualization/docker/netbird/default.nix | 407 +++++++++--------- .../docker/nextcloud/default.nix | 203 ++++----- .../virtualization/docker/ollama/default.nix | 107 ++--- .../docker/openwebui/default.nix | 165 +++---- ...ker-compose.nix => docker-compose.nix-txt} | 0 .../virtualization/docker/pihole/default.nix | 123 +++--- .../docker/portainer/default.nix | 93 ++-- ...ker-compose.nix => docker-compose.nix-txt} | 0 .../virtualization/docker/searxng/default.nix | 81 ++-- .../virtualization/docker/traefik/default.nix | 187 ++++---- .../virtual-machines/default.nix | 46 +- .../home-assistant/default.nix | 22 +- templates/default.nix | 46 ++ 99 files changed, 4375 insertions(+), 4643 deletions(-) create mode 100644 flake-parts.nix delete mode 100644 homes/nathan/flake.nix create mode 100644 homes/nathan/home-manager/programs/aurora/default.nix delete mode 100644 homes/nathan/home-manager/programs/terminal/default.nix delete mode 100644 homes/nathan/home-manager/services/default.nix delete mode 160000 machines/android delete mode 100644 system/programs/default.nix delete mode 100644 system/services/default.nix delete mode 100644 system/virtualization/containers/default.nix delete mode 100644 system/virtualization/containers/gitlab/default.nix delete mode 100644 system/virtualization/containers/minecraft/default.nix delete mode 100644 system/virtualization/default.nix rename system/virtualization/docker/passbolt/{docker-compose.nix => docker-compose.nix-txt} (100%) rename system/virtualization/docker/rustdesk/{docker-compose.nix => docker-compose.nix-txt} (100%) create mode 100644 templates/default.nix diff --git a/.gitmodules b/.gitmodules index 2f1f000..acad627 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,6 +4,3 @@ [submodule "machines/laptop"] path = machines/laptop url = ssh://gitea@gitea.esotericbytes.com:2222/Blunkall-Technologies/laptop -[submodule "machines/android"] - path = machines/android - url = ssh://gitea@gitea.esotericbytes.com:2222/Blunkall-Technologies/android diff --git a/flake-parts.nix b/flake-parts.nix new file mode 100644 index 0000000..b8b82ec --- /dev/null +++ b/flake-parts.nix @@ -0,0 +1,7 @@ +{ inputs, ... }: { + + imports = [ + inputs.home-manager.flakeModules.home-manager + inputs.disko.flakeModules.default + ]; +} diff --git a/flake.nix b/flake.nix index da4a809..384e33e 100644 --- a/flake.nix +++ b/flake.nix @@ -21,6 +21,9 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + flake-parts.url = "github:hercules-ci/flake-parts"; + + import-tree.url = "github:vic/import-tree"; firefox-addons = { url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; @@ -29,179 +32,22 @@ nix-minecraft.url = "github:Infinidoge/nix-minecraft"; - #simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11"; - hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; nixvim.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai"; + aurora.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora"; + self.submodules = true; }; - outputs = { self, nixpkgs, home-manager, ... } @ inputs: { - - profiles = let - dir = builtins.readDir ./profiles; - filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir); - in (builtins.listToAttrs - (builtins.map - (name: ({ - inherit name; - - value = { ... }: { - imports = [ - ./system - ./profiles/${name} - ]; - }; - })) filtered) - ); - - homes = let - dir = builtins.readDir ./homes; - filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir); - in (builtins.listToAttrs - (builtins.map - (name: ({ - inherit name; - - value = { ... } @ exputs: { - imports = [ (import ./homes/${name}/home-manager (exputs // inputs)) ]; - }; - - })) filtered) - ); - - iso = (nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inputs = inputs // { - nathan = self.homes.nathan; - inherit self; - }; - }; - modules = [ - self.profiles.iso - ]; - }).config.system.build.isoImage; - - templates = { - nixos = { - welcomeText = '' - #Welcome to Olympus! - Have Fun! - ''; - - description = '' - Generate this where you want your config. - ''; - - path = ./templates/nixos; - - }; - - home-manager = { - welcomeText = '' - #Welcome to Olympus! - Have Fun! - ''; - - description = '' - Generate this where you want your config. - ''; - - path = ./templates/home-manager; - - }; - - nix-on-droid = { - welcomeText = '' - #Welcome to Olympus! - Have Fun! - ''; - - description = '' - Generate this where you want your config. - ''; - - path = ./templates/nix-on-droid; - - }; - - machines = let - dir = builtins.readDir ./machines; - filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir); - in (builtins.listToAttrs - (builtins.map - (name: ({ - inherit name; - - value = { - welcomeText = '' - #Welcome to Olympus! - - ##Warning: - This is a config for ${name}, an established machine! - It may require significant alterations to be usable! - ''; - - description = '' - Generate this where you want your config. - ''; - - path = ./machines/${name}; - }; - - })) filtered) - ); - - homes = let - dir = builtins.readDir ./homes; - filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir); - in (builtins.listToAttrs - (builtins.map - (name: ({ - inherit name; - - value = { - welcomeText = '' - #Welcome home, ${name}! - Your config is right here. - ''; - - description = '' - Generate this where you want your config. - ''; - - path = ./homes/${name}; - }; - - })) filtered) - ); - - default = self.templates.nixos; - }; - - - nixosConfigurations = let - dir = builtins.readDir ./machines; - filtered = builtins.filter (x: dir.${x} == "directory" && x != "android") (builtins.attrNames dir); - in (builtins.listToAttrs - (builtins.map - (name: ({ - inherit name; - - value = nixpkgs.lib.nixosSystem { - specialArgs = inputs; - - modules = [ - { sysconfig.host = name; } - ./machines/${name} - self.profiles.${name} - ]; - }; - - })) filtered) - ); - }; + outputs = { ... } @ inputs: + inputs.flake-parts.lib.mkFlake { inherit inputs; } + (inputs.import-tree [ + ./profiles + ./homes + ./machines + ./system + ./templates/default.nix + ]); } diff --git a/homes/nathan/flake.nix b/homes/nathan/flake.nix deleted file mode 100644 index f4f2345..0000000 --- a/homes/nathan/flake.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - - description = "Home-Manager Configuration"; - - inputs = { - - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; - - home-manager = { - url = "github:nix-community/home-manager/release-25.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - olympus = { - url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Olympus"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.home-manager.follows = "home-manager"; - }; - }; - - outputs = { self, nixpkgs, home-manager, olympus, ... } @ inputs: { - - homeConfigurations = { - nathan = home-manager.lib.homeManagerConfiguration { - pkgs = import nixpkgs { - system = builtins.currentSystem; - }; - - modules = [ - olympus.homes.nathan - ./home.nix - ]; - - extraSpecialArgs = { - inherit inputs; - }; - }; - }; - }; -} diff --git a/homes/nathan/home-manager/default.nix b/homes/nathan/home-manager/default.nix index ef6aeed..8bb098f 100644 --- a/homes/nathan/home-manager/default.nix +++ b/homes/nathan/home-manager/default.nix @@ -1,114 +1,114 @@ -{ config, lib, pkgs, inputs, ... }: { +{ inputs, ... }: { - imports = let - dir = builtins.readDir ./.; - in (builtins.map (x: ./${x}) (builtins.filter - (file: (dir.${file} == "directory")) - (builtins.attrNames dir) - )) ++ [ - inputs.sops-nix.homeManagerModules.sops - ]; + flake.homeModules.nathan = { config, lib, pkgs, ... }: { - options.homeconfig = with lib; { + imports = [ + inputs.sops-nix.homeManagerModules.sops + ]; - name = mkOption { - type = with types; nullOr str; - default = null; - }; + options.homeconfig = with lib; { - graphical = mkOption { - type = with types; bool; - default = true; - }; + name = mkOption { + type = with types; nullOr str; + default = null; + }; - standalone = mkOption { - type = with types; bool; - default = false; - }; + graphical = mkOption { + type = with types; bool; + default = true; + }; - virtual-machines = mkOption { - type = with types; bool; - default = false; - }; - }; + standalone = mkOption { + type = with types; bool; + default = false; + }; - - config = { - - homeconfig = { - name = "nathan"; - - mpd.enable = lib.mkDefault true; - calcurse.enable = lib.mkDefault true; - git.enable = lib.mkDefault true; - nh.enable = lib.mkDefault true; - - minimal = lib.mkDefault false; - hyprland.enable = lib.mkDefault config.homeconfig.graphical; - hyprlock.enable = lib.mkDefault config.homeconfig.hyprland.enable; - wal.enable = lib.mkDefault config.homeconfig.graphical; - hyprpanel.enable = lib.mkDefault config.homeconfig.hyprland.enable; - rofi.enable = lib.mkDefault config.homeconfig.hyprland.enable; - firefox.enable = lib.mkDefault config.homeconfig.graphical; - }; - - home.username = lib.mkDefault config.homeconfig.name; - - home.homeDirectory = lib.mkDefault "/home/${config.home.username}"; - - home.stateVersion = "23.11"; - - home.pointerCursor = lib.mkIf config.homeconfig.graphical { - gtk.enable = true; - package = pkgs.bibata-cursors; - name = "Bibata-Modern-Classic"; - size = 16; - }; - - dconf.settings = lib.mkIf config.homeconfig.virtual-machines { - "org/virt-manager/virt-manager/connections" = { - autoconnect = ["qemu:///system"]; - uris = ["qemu:///system"]; + virtual-machines = mkOption { + type = with types; bool; + default = false; }; }; - gtk = lib.mkIf (config.homeconfig.graphical && config.homeconfig.hyprland.enable) { - enable = true; - theme.name = "Tokyonight-Dark"; - theme.package = pkgs.tokyonight-gtk-theme; - iconTheme.package = pkgs.rose-pine-icon-theme; - iconTheme.name = "rose-pine-moon"; - }; - sops = { - age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; - defaultSopsFile = ./secrets.yaml; - defaultSopsFormat = "yaml"; + config = { - #secrets."remoteBuildKey" = {}; - }; + homeconfig = { + name = "nathan"; - services.mpris-proxy.enable = true; + mpd.enable = lib.mkDefault true; + calcurse.enable = lib.mkDefault true; + git.enable = lib.mkDefault true; + nh.enable = lib.mkDefault true; - programs.ssh = { - enable = true; + minimal = lib.mkDefault false; + hyprland.enable = lib.mkDefault config.homeconfig.graphical; + hyprlock.enable = lib.mkDefault config.homeconfig.hyprland.enable; + wal.enable = lib.mkDefault config.homeconfig.graphical; +#hyprpanel.enable = lib.mkDefault config.homeconfig.hyprland.enable; + rofi.enable = lib.mkDefault config.homeconfig.hyprland.enable; + firefox.enable = lib.mkDefault config.homeconfig.graphical; - matchBlocks = { - "builder" = { - hostname = "esotericbytes.com"; - user = "remote-builder"; - identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519"; - port = 22; - }; - - "remote" = { - hostname = "esotericbytes.com"; - user = "nathan"; - identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519"; - port = 22; + aurora.enable = lib.mkDefault config.homeconfig.hyprland.enable; + }; + + home.username = lib.mkDefault config.homeconfig.name; + + home.homeDirectory = lib.mkDefault "/home/${config.home.username}"; + + home.stateVersion = "23.11"; + + home.pointerCursor = lib.mkIf config.homeconfig.graphical { + gtk.enable = true; + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Classic"; + size = 16; + }; + + dconf.settings = lib.mkIf config.homeconfig.virtual-machines { + "org/virt-manager/virt-manager/connections" = { + autoconnect = ["qemu:///system"]; + uris = ["qemu:///system"]; }; }; - }; + gtk = lib.mkIf (config.homeconfig.graphical && config.homeconfig.hyprland.enable) { + enable = true; + theme.name = "Tokyonight-Dark"; + theme.package = pkgs.tokyonight-gtk-theme; + iconTheme.package = pkgs.rose-pine-icon-theme; + iconTheme.name = "rose-pine-moon"; + }; + + sops = { + age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + defaultSopsFormat = "yaml"; + +#secrets."remoteBuildKey" = {}; + }; + + services.mpris-proxy.enable = true; + + programs.ssh = { + enable = true; + + matchBlocks = { + "builder" = { + hostname = "esotericbytes.com"; + user = "remote-builder"; + identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519"; + port = 22; + }; + + "remote" = { + hostname = "esotericbytes.com"; + user = "nathan"; + identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519"; + port = 22; + }; + }; + }; + + }; }; } diff --git a/homes/nathan/home-manager/dotfiles/default.nix b/homes/nathan/home-manager/dotfiles/default.nix index 9a4c194..3103f83 100644 --- a/homes/nathan/home-manager/dotfiles/default.nix +++ b/homes/nathan/home-manager/dotfiles/default.nix @@ -1,12 +1,15 @@ -{ config, lib, ... }: { +{ ... }: { - home.file = { - ".config/hypr" = lib.mkIf config.homeconfig.hyprland.enable { source = ./hypr; recursive = true; }; - ".config/hyprpanel" = lib.mkIf config.homeconfig.hyprpanel.enable { source = ./hyprpanel; recursive = true; }; - ".config/wal/templates" = lib.mkIf config.homeconfig.wal.enable { source = ./wal/templates; recursive = true; }; - ".config/ohmyposh" = { source = ./ohmyposh; recursive = true; }; - ".config/quickshell" = lib.mkIf config.homeconfig.quickshell.enable { source = ./quickshell; recursive = true; }; - "Pictures/Wallpaper" = lib.mkIf config.homeconfig.graphical { source = ./Wallpaper; recursive = true; }; - }; + flake.homeModules.nathan = { config, lib, ... }: { + home.file = { + ".config/hypr" = lib.mkIf config.homeconfig.hyprland.enable { source = ./hypr; recursive = true; }; + ".config/hyprpanel" = lib.mkIf config.homeconfig.hyprpanel.enable { source = ./hyprpanel; recursive = true; }; + ".config/wal/templates" = lib.mkIf config.homeconfig.wal.enable { source = ./wal/templates; recursive = true; }; + ".config/ohmyposh" = { source = ./ohmyposh; recursive = true; }; + ".config/quickshell" = lib.mkIf config.homeconfig.quickshell.enable { source = ./quickshell; recursive = true; }; + "Pictures/Wallpaper" = lib.mkIf config.homeconfig.graphical { source = ./Wallpaper; recursive = true; }; + }; + + }; } diff --git a/homes/nathan/home-manager/packages/default.nix b/homes/nathan/home-manager/packages/default.nix index 15d8def..5f1028b 100644 --- a/homes/nathan/home-manager/packages/default.nix +++ b/homes/nathan/home-manager/packages/default.nix @@ -1,23 +1,21 @@ -{ config, lib, pkgs, inputs, ... }: let - system = "x86_64-linux"; +{ inputs, ... }: { + + flake.homeModules.nathan = { config, lib, pkgs, ... }: let + system = pkgs.stdenv.hostPlatform; pkgs-us = import inputs.nixpkgs-us { - inherit system; - config.allowUnfree = true; + inherit system; + config.allowUnfree = true; }; in { - imports = [ - ./scripts - ]; + options.homeconfig.minimal = with lib; options.mkOption { + type = with types; bool; + default = false; + }; - options.homeconfig.minimal = with lib; options.mkOption { - type = with types; bool; - default = false; - }; - - config = with lib; mkMerge [ + config = with lib; mkMerge [ { home.packages = with pkgs; [ @@ -49,72 +47,73 @@ } (mkIf config.homeconfig.graphical { - home.packages = with pkgs; [ - - grim - slurp - xfce.thunar - wl-clipboard - blueberry - ]; - }) + home.packages = with pkgs; [ + + grim + slurp + xfce.thunar + wl-clipboard + blueberry + ]; + }) (mkIf (!config.homeconfig.minimal) { - home.packages = with pkgs; [ - cava - android-tools - neovim-remote - zulu - fastfetch - ncmpcpp - playerctl - mpc - ffmpeg - ]; - }) + home.packages = with pkgs; [ + cava + android-tools + neovim-remote + zulu + fastfetch + ncmpcpp + playerctl + mpc + ffmpeg + ]; + }) (mkIf (!config.homeconfig.minimal && config.homeconfig.graphical) { - nixpkgs.config = { - allowUnfree = true; - }; + nixpkgs.config = { + allowUnfree = true; + }; - home.packages = with pkgs; [ - - handbrake - quickemu - bottles + home.packages = with pkgs; [ - pkgs-us.runapp - brightnessctl - libdbusmenu-gtk3 - lmms + handbrake + quickemu + bottles + + pkgs-us.runapp + brightnessctl + libdbusmenu-gtk3 + lmms #unfree { - geogebra - spotify - discord + geogebra + spotify + discord #} - rustdesk-flutter - mpv - vlc - pavucontrol - rpi-imager - tigervnc - keepassxc - localsend + rustdesk-flutter + mpv + vlc + pavucontrol + rpi-imager + tigervnc + keepassxc + localsend #3D modeling/printing - blender - freecad-wayland - cura-appimage + blender + freecad-wayland + cura-appimage #productivity - libreoffice + libreoffice #games - prismlauncher - ]; + prismlauncher + ]; }) - ]; + ]; + }; } diff --git a/homes/nathan/home-manager/packages/scripts/default.nix b/homes/nathan/home-manager/packages/scripts/default.nix index 0078721..ec1ba0d 100644 --- a/homes/nathan/home-manager/packages/scripts/default.nix +++ b/homes/nathan/home-manager/packages/scripts/default.nix @@ -1,135 +1,138 @@ -{ config, lib, pkgs, inputs, ... }: let +{ ... }: { - system = "x86_64-linux"; + flake.homeModules.nathan = { config, lib, pkgs, inputs, ... }: let + + system = "x86_64-linux"; pkgs-us = import inputs.nixpkgs-us { - inherit system; - config.allowUnfree = true; + inherit system; + config.allowUnfree = true; }; in { - options = { - homeconfig.scripts.enable = lib.options.mkOption { - type = lib.types.bool; - default = true; + options = { + homeconfig.scripts.enable = lib.options.mkOption { + type = lib.types.bool; + default = true; + }; }; + + config = lib.mkMerge [ + (lib.mkIf (config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) { + home.packages = [ + (pkgs.writeShellScriptBin "hyprrun" '' + ${pkgs-us.runapp}/bin/runapp ''$@ +#uwsm app -- ''$@ + '') + ]; + }) + + (lib.mkIf (!config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) { + home.packages = [ + (pkgs.writeShellScriptBin "hyprrun" '' + eval "''$@" + '') + ]; + }) + + (lib.mkIf config.homeconfig.scripts.enable { + home.packages = [ + +#scripts + + (pkgs.writeShellScriptBin "randWallpaper" '' + file=''$(ls ${config.home.homeDirectory}/Pictures/Wallpaper/ | shuf -n 1) + setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/''$file + '') + + (pkgs.writeShellScriptBin "setWallpaper" '' + + if [[ ! -d /tmp/nathan ]]; then + mkdir /tmp/nathan + fi + + img=''$(realpath "''${1:-$(find ~/Pictures/Wallpaper/* | rofi -dmenu)}") + n=''$(basename "''$img") + ext="''${n''\#''\#*.}" + out=''${3:-/dev/null} + + if [[ ''$ext == "gif" || ''$ext == "mp4" ]]; then + yes | ${pkgs.ffmpeg}/bin/ffmpeg -i "''$img" -vframes 1 /tmp/nathan/tmp.jpg >> ''$out + cp /tmp/nathan/tmp.jpg /tmp/nathan/tmp2.jpg + pidof mpvpaper && pkill mpvpaper + ${pkgs.swww}/bin/swww img /tmp/nathan/tmp.jpg -t wipe >> ''$out + ${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp2.jpg >> ''$out + sleep 0.3 + hyprctl dispatch exec "${pkgs.mpvpaper}/bin/mpvpaper ALL ''$img -o loop" + ${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp.jpg >> ''$out + rm /tmp/nathan/tmp2.jpg + else + pidof mpvpaper && pkill mpvpaper + hyprctl dispatch exec "${pkgs.swww}/bin/swww img ''$img -t wipe" >> ''$out + ${pkgs.hyprpanel}/bin/hyprpanel sw "''$img" >> ''$out + fi + + changeColors "''$img" "''$2" >> ''$out + '') + + (pkgs.writeShellScriptBin "changeColors" '' + + img=''$(realpath "''$1") + alpha=''${2:-70} + + if [[ ''$alpha -lt 0 ]]; then + alpha=0 + elif [[ ''$alpha -gt 100 ]]; then + alpha=100 + fi + + if [[ -f ~/.config/wal/colorschemes/dark/''$(basename "''$img")-''$alpha.json ]]; then + ${pkgs.pywal16}/bin/wal -n -f "''$(basename "''$img")-''$alpha" + else + ${pkgs.pywal16}/bin/wal -n -i "''$img" -a "''$alpha" --cols16 -p "''$(basename "''$img")-''$alpha" + fi + + colorPrefix + '') + + (pkgs.writeShellScriptBin "colorPrefix" '' + pidof firefox > /dev/null && ${pkgs.pywalfox-native}/bin/pywalfox update & + pidof kitty > /dev/null && pkill -USR1 kitty + pidof cava > /dev/null && pkill -USR1 cava + for i in ''$(ls /run/user/1000 | grep nvim); do + ${pkgs.neovim-remote}/bin/nvr -s --servername /run/user/1000/''$i --remote-send 'colorscheme pywal'; + done + + eval "''$@" + '') + + (pkgs.writeShellScriptBin "onSystemStart" '' + + if [[ ! -d /tmp/nathan ]]; then + mkdir /tmp/nathan + fi + + if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then + rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid + fi + + hyprctl --batch "\ + dispatch exec ${pkgs.swww}/bin/swww-daemon ;\ + dispatch exec setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ;\ + dispatch exec ${pkgs.pyprland}/bin/pypr ;\ + dispatch exec ${pkgs.netbird-ui}/bin/netbird-ui ;\ + dispatch exec ${pkgs.hyprpolkitagent}/libexec/hyprpolkitagent ;\ + setcursor Bibata-Modern-Classic 16" + sleep 3 + hyprctl reload + hyprctl dispatch exec ${pkgs.pyprland}/bin/pypr toggle calendar +#tmux new-session -s hyprland + '') + + ]; + }) + ]; }; - - config = lib.mkMerge [ - (lib.mkIf (config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) { - home.packages = [ - (pkgs.writeShellScriptBin "hyprrun" '' - ${pkgs-us.runapp}/bin/runapp ''$@ - #uwsm app -- ''$@ - '') - ]; - }) - - (lib.mkIf (!config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) { - home.packages = [ - (pkgs.writeShellScriptBin "hyprrun" '' - eval "''$@" - '') - ]; - }) - - (lib.mkIf config.homeconfig.scripts.enable { - home.packages = [ - - #scripts - - (pkgs.writeShellScriptBin "randWallpaper" '' - file=''$(ls ${config.home.homeDirectory}/Pictures/Wallpaper/ | shuf -n 1) - setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/''$file - '') - - (pkgs.writeShellScriptBin "setWallpaper" '' - - if [[ ! -d /tmp/nathan ]]; then - mkdir /tmp/nathan - fi - - img=''$(realpath "''${1:-$(find ~/Pictures/Wallpaper/* | rofi -dmenu)}") - n=''$(basename "''$img") - ext="''${n''\#''\#*.}" - out=''${3:-/dev/null} - - if [[ ''$ext == "gif" || ''$ext == "mp4" ]]; then - yes | ${pkgs.ffmpeg}/bin/ffmpeg -i "''$img" -vframes 1 /tmp/nathan/tmp.jpg >> ''$out - cp /tmp/nathan/tmp.jpg /tmp/nathan/tmp2.jpg - pidof mpvpaper && pkill mpvpaper - ${pkgs.swww}/bin/swww img /tmp/nathan/tmp.jpg -t wipe >> ''$out - ${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp2.jpg >> ''$out - sleep 0.3 - hyprctl dispatch exec "${pkgs.mpvpaper}/bin/mpvpaper ALL ''$img -o loop" - ${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp.jpg >> ''$out - rm /tmp/nathan/tmp2.jpg - else - pidof mpvpaper && pkill mpvpaper - hyprctl dispatch exec "${pkgs.swww}/bin/swww img ''$img -t wipe" >> ''$out - ${pkgs.hyprpanel}/bin/hyprpanel sw "''$img" >> ''$out - fi - - changeColors "''$img" "''$2" >> ''$out - '') - - (pkgs.writeShellScriptBin "changeColors" '' - - img=''$(realpath "''$1") - alpha=''${2:-70} - - if [[ ''$alpha -lt 0 ]]; then - alpha=0 - elif [[ ''$alpha -gt 100 ]]; then - alpha=100 - fi - - if [[ -f ~/.config/wal/colorschemes/dark/''$(basename "''$img")-''$alpha.json ]]; then - ${pkgs.pywal16}/bin/wal -n -f "''$(basename "''$img")-''$alpha" - else - ${pkgs.pywal16}/bin/wal -n -i "''$img" -a "''$alpha" --cols16 -p "''$(basename "''$img")-''$alpha" - fi - - colorPrefix - '') - - (pkgs.writeShellScriptBin "colorPrefix" '' - pidof firefox > /dev/null && ${pkgs.pywalfox-native}/bin/pywalfox update & - pidof kitty > /dev/null && pkill -USR1 kitty - pidof cava > /dev/null && pkill -USR1 cava - for i in ''$(ls /run/user/1000 | grep nvim); do - ${pkgs.neovim-remote}/bin/nvr -s --servername /run/user/1000/''$i --remote-send 'colorscheme pywal'; - done - - eval "''$@" - '') - - (pkgs.writeShellScriptBin "onSystemStart" '' - - if [[ ! -d /tmp/nathan ]]; then - mkdir /tmp/nathan - fi - - if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then - rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid - fi - - hyprctl --batch "\ - dispatch exec ${pkgs.swww}/bin/swww-daemon ;\ - dispatch exec setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ;\ - dispatch exec ${pkgs.pyprland}/bin/pypr ;\ - dispatch exec ${pkgs.netbird-ui}/bin/netbird-ui ;\ - dispatch exec ${pkgs.hyprpolkitagent}/libexec/hyprpolkitagent ;\ - setcursor Bibata-Modern-Classic 16" - sleep 3 - hyprctl reload - hyprctl dispatch exec ${pkgs.pyprland}/bin/pypr toggle calendar - #tmux new-session -s hyprland - '') - - ]; - }) - ]; } diff --git a/homes/nathan/home-manager/programs/aurora/default.nix b/homes/nathan/home-manager/programs/aurora/default.nix new file mode 100644 index 0000000..6e4a1d7 --- /dev/null +++ b/homes/nathan/home-manager/programs/aurora/default.nix @@ -0,0 +1,17 @@ +{ ... }: { + + flake.homeModules.nathan = { config, lib, ... }: { + + options.homeconfig.aurora.enable = with lib; mkOption { + type = with types; bool; + default = false; + }; + + config = lib.mkIf config.homeconfig.aurora.enable { + + programs.aurora = { + enable = true; + }; + }; + }; +} diff --git a/homes/nathan/home-manager/programs/calcurse/default.nix b/homes/nathan/home-manager/programs/calcurse/default.nix index b63913b..36b1dc3 100644 --- a/homes/nathan/home-manager/programs/calcurse/default.nix +++ b/homes/nathan/home-manager/programs/calcurse/default.nix @@ -1,14 +1,17 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - options.homeconfig.calcurse.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.homeModules.nathan = { config, lib, pkgs, ... }: { - config = lib.mkIf config.homeconfig.calcurse.enable { - home.packages = with pkgs; [ - calcurse - libnotify - ]; + options.homeconfig.calcurse.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + + config = lib.mkIf config.homeconfig.calcurse.enable { + home.packages = with pkgs; [ + calcurse + libnotify + ]; + }; }; } diff --git a/homes/nathan/home-manager/programs/default.nix b/homes/nathan/home-manager/programs/default.nix index cd11330..1088e57 100644 --- a/homes/nathan/home-manager/programs/default.nix +++ b/homes/nathan/home-manager/programs/default.nix @@ -1,19 +1,14 @@ -{ config, lib, pkgs, inputs, ... }: { +{ ... }: { - imports = let - dir = builtins.readDir ./.; - in builtins.map (x: ./${x}) (builtins.filter - (file: (dir.${file} == "directory")) - (builtins.attrNames dir) - ); + flake.homeModules.nathan = { config, lib, pkgs, inputs, ... }: { + config = { - config = { + home.packages = lib.mkIf (!config.homeconfig.wal.enable) [ + inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.default + ]; - home.packages = lib.mkIf (!config.homeconfig.wal.enable) [ - inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.default - ]; - - home.sessionVariables.EDITOR = "nvim"; + home.sessionVariables.EDITOR = "nvim"; + }; }; } diff --git a/homes/nathan/home-manager/programs/firefox/default.nix b/homes/nathan/home-manager/programs/firefox/default.nix index 05add99..fd13565 100644 --- a/homes/nathan/home-manager/programs/firefox/default.nix +++ b/homes/nathan/home-manager/programs/firefox/default.nix @@ -1,59 +1,62 @@ -{ config, lib, pkgs, inputs, ... }: { +{ ... }: { - options.homeconfig.firefox.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.homeModules.nathan = { config, lib, pkgs, inputs, ... }: { - config = lib.mkIf config.homeconfig.firefox.enable { + options.homeconfig.firefox.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; - home.sessionVariables.BROWSER = "${config.programs.firefox.package}/bin/firefox"; + config = lib.mkIf config.homeconfig.firefox.enable { - home.packages = lib.mkIf config.homeconfig.wal.enable [ - pkgs.pywalfox-native - ]; + home.sessionVariables.BROWSER = "${config.programs.firefox.package}/bin/firefox"; - home.file.".mozilla/native-messaging-hosts/pywalfox.json".text = let - pywalfox-wrapper = pkgs.writeShellScriptBin "pywalfox-wrapper" '' + home.packages = lib.mkIf config.homeconfig.wal.enable [ + pkgs.pywalfox-native + ]; + + home.file.".mozilla/native-messaging-hosts/pywalfox.json".text = let + pywalfox-wrapper = pkgs.writeShellScriptBin "pywalfox-wrapper" '' ${pkgs.pywalfox-native}/bin/pywalfox start - ''; - in lib.replaceStrings [ "" ] [ - "${pywalfox-wrapper}/bin/pywalfox-wrapper" - ] (lib.readFile "${pkgs.pywalfox-native}/lib/python3.13/site-packages/pywalfox/assets/manifest.json"); + ''; + in lib.replaceStrings [ "" ] [ + "${pywalfox-wrapper}/bin/pywalfox-wrapper" + ] (lib.readFile "${pkgs.pywalfox-native}/lib/python3.13/site-packages/pywalfox/assets/manifest.json"); - programs.firefox = { + programs.firefox = { - enable = true; - package = pkgs.firefox; + enable = true; + package = pkgs.firefox; - profiles.nathan = { - search = { - default = "ddg"; - privateDefault = "ddg"; - force = true; - }; - bookmarks = { - force = true; - settings = [ + profiles.nathan = { + search = { + default = "ddg"; + privateDefault = "ddg"; + force = true; + }; + bookmarks = { + force = true; + settings = [ { name = "toolbar"; toolbar = true; bookmarks = [ - { - name = "NixOS Search - Packages"; - url = "https://search.nixos.org/packages"; - } + { + name = "NixOS Search - Packages"; + url = "https://search.nixos.org/packages"; + } ]; } + ]; + }; + + extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ + ublock-origin + keepassxc-browser + pywalfox ]; }; - - extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ - ublock-origin - keepassxc-browser - pywalfox - ]; }; }; }; diff --git a/homes/nathan/home-manager/programs/git/default.nix b/homes/nathan/home-manager/programs/git/default.nix index 1689791..ddad58a 100644 --- a/homes/nathan/home-manager/programs/git/default.nix +++ b/homes/nathan/home-manager/programs/git/default.nix @@ -1,44 +1,47 @@ -{ config, lib, ... }: { +{ ... }: { - options.homeconfig.git.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.homeModules.nathan = { config, lib, ... }: { - config = lib.mkIf config.homeconfig.git.enable { - - sops = { - secrets = { - "git/username" = {}; - "git/email" = {}; - }; - - templates.gitconfig.content = '' - [user] - name = "${config.sops.placeholder."git/username"}" - email = "${config.sops.placeholder."git/email"}" - ''; + options.homeconfig.git.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; }; - - programs.git = { - enable = true; - includes = [ - { path = "${config.sops.templates.gitconfig.path}"; } - ]; - - settings = { - init = { - defaultBranch = "master"; + config = lib.mkIf config.homeconfig.git.enable { + + sops = { + secrets = { + "git/username" = {}; + "git/email" = {}; }; - safe.directory = "/etc/nixos"; + templates.gitconfig.content = '' + [user] + name = "${config.sops.placeholder."git/username"}" + email = "${config.sops.placeholder."git/email"}" + ''; + }; - url = { - "ssh://gitea@gitea.esotericbytes.com/" = { - insteadOf = [ - "server:" - ]; + programs.git = { + enable = true; + + includes = [ + { path = "${config.sops.templates.gitconfig.path}"; } + ]; + + settings = { + init = { + defaultBranch = "master"; + }; + + safe.directory = "/etc/nixos"; + + url = { + "ssh://gitea@gitea.esotericbytes.com/" = { + insteadOf = [ + "server:" + ]; + }; }; }; }; diff --git a/homes/nathan/home-manager/programs/hyprland/default.nix b/homes/nathan/home-manager/programs/hyprland/default.nix index 9f03e00..2c064e7 100644 --- a/homes/nathan/home-manager/programs/hyprland/default.nix +++ b/homes/nathan/home-manager/programs/hyprland/default.nix @@ -1,51 +1,54 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - options.homeconfig.hyprland.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.homeModules.nathan = { config, lib, pkgs, ... }: { - config = lib.mkIf config.homeconfig.hyprland.enable { + options.homeconfig.hyprland.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; - home.sessionVariables.NIX_OZONE_WL = "1"; + config = lib.mkIf config.homeconfig.hyprland.enable { - programs.kitty.enable = lib.mkDefault true; + home.sessionVariables.NIX_OZONE_WL = "1"; - home.packages = with pkgs; [ - pyprland - ]; + programs.kitty.enable = lib.mkDefault true; - home.activation.extraHyprFile = lib.hm.dag.entryAfter ["writeBoundary"] '' - if [[ ! -f ${config.home.homeDirectory}/.config/hypr/otf.conf ]]; then - touch ${config.home.homeDirectory}/.config/hypr/otf.conf - fi + home.packages = with pkgs; [ + pyprland + ]; - if [[ ! -f ${config.home.homeDirectory}/.config/background ]]; then - cp ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ${config.home.homeDirectory}/.config/background - chmod 600 ${config.home.homeDirectory}/.config/background - fi - ''; + home.activation.extraHyprFile = lib.hm.dag.entryAfter ["writeBoundary"] '' + if [[ ! -f ${config.home.homeDirectory}/.config/hypr/otf.conf ]]; then + touch ${config.home.homeDirectory}/.config/hypr/otf.conf + fi + + if [[ ! -f ${config.home.homeDirectory}/.config/background ]]; then + cp ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ${config.home.homeDirectory}/.config/background + chmod 600 ${config.home.homeDirectory}/.config/background + fi + ''; - wayland.windowManager.hyprland = { + wayland.windowManager.hyprland = { - enable = true; + enable = true; + + systemd = { + enable = false; + variables = [ "--all" ]; + }; + + extraConfig = (if config.homeconfig.hyprpanel.enable then '' + bind = , Print, exec, bash -c ${pkgs.hyprpanel}/share/scripts/screenshot.sh" + '' else '' + bind = , Print, exec, grim -g "$(slurp)" + '') + '' + source = ${config.home.homeDirectory}/.config/hypr/main.conf + + exec-shutdown = if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid; fi + ''; - systemd = { - enable = false; - variables = [ "--all" ]; }; - - extraConfig = (if config.homeconfig.hyprpanel.enable then '' - bind = , Print, exec, bash -c ${pkgs.hyprpanel}/share/scripts/screenshot.sh" - '' else '' - bind = , Print, exec, grim -g "$(slurp)" - '') + '' - source = ${config.home.homeDirectory}/.config/hypr/main.conf - - exec-shutdown = if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid; fi - ''; - }; }; } diff --git a/homes/nathan/home-manager/programs/hyprlock/default.nix b/homes/nathan/home-manager/programs/hyprlock/default.nix index fe5308c..39fddfa 100644 --- a/homes/nathan/home-manager/programs/hyprlock/default.nix +++ b/homes/nathan/home-manager/programs/hyprlock/default.nix @@ -1,51 +1,54 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - options.homeconfig.hyprlock.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.homeModules.nathan = { config, lib, pkgs, ... }: { - config = lib.mkIf config.homeconfig.hyprlock.enable { - - programs.hyprlock = { - enable = true; + options.homeconfig.hyprlock.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; }; - services.hypridle = { - enable = true; + config = lib.mkIf config.homeconfig.hyprlock.enable { - settings = { + programs.hyprlock = { + enable = true; + }; - general = { - lock_cmd = "pidof hyprlock || hyprlock"; # avoid starting multiple hyprlock instances. - before_sleep_cmd = "loginctl lock-session"; # lock before suspend. - after_sleep_cmd = "hyprctl --instance 0 dispatch dpms on"; # to avoid having to press a key twice to turn on the display. + services.hypridle = { + enable = true; + + settings = { + + general = { + lock_cmd = "pidof hyprlock || hyprlock"; # avoid starting multiple hyprlock instances. + before_sleep_cmd = "loginctl lock-session"; # lock before suspend. + after_sleep_cmd = "hyprctl --instance 0 dispatch dpms on"; # to avoid having to press a key twice to turn on the display. + }; + + listener = [ + + { + timeout = 150; # 2.5min. + on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor. + on-resume = "brightnessctl -r"; # monitor backlight restore. + } + + { + timeout = 300; # 5min + on-timeout = "loginctl lock-session"; # lock screen when timeout has passed + } + + { + timeout = 330; # 5.5min + on-timeout = "hyprctl --instance 0 dispatch dpms off"; # screen off when timeout has passed + on-resume = "hyprctl --instance 0 dispatch dpms on && brightnessctl -r"; # screen on when activity is detected after timeout has fired. + } + + { + timeout = 1800; # 30min + on-timeout = "systemctl suspend"; # suspend pc + } + ]; }; - - listener = [ - - { - timeout = 150; # 2.5min. - on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor. - on-resume = "brightnessctl -r"; # monitor backlight restore. - } - - { - timeout = 300; # 5min - on-timeout = "loginctl lock-session"; # lock screen when timeout has passed - } - - { - timeout = 330; # 5.5min - on-timeout = "hyprctl --instance 0 dispatch dpms off"; # screen off when timeout has passed - on-resume = "hyprctl --instance 0 dispatch dpms on && brightnessctl -r"; # screen on when activity is detected after timeout has fired. - } - - { - timeout = 1800; # 30min - on-timeout = "systemctl suspend"; # suspend pc - } - ]; }; }; }; diff --git a/homes/nathan/home-manager/programs/hyprpanel/default.nix b/homes/nathan/home-manager/programs/hyprpanel/default.nix index c3ed0b9..461e9c9 100644 --- a/homes/nathan/home-manager/programs/hyprpanel/default.nix +++ b/homes/nathan/home-manager/programs/hyprpanel/default.nix @@ -1,14 +1,17 @@ -{ config, lib, ... }: { +{ ... }: { - options.homeconfig.hyprpanel.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; + flake.homeModules.nathan = { config, lib, ... }: { - config = lib.mkIf config.homeconfig.hyprpanel.enable { - - programs.hyprpanel = { - enable = true; + options.homeconfig.hyprpanel.enable = with lib; mkOption { + type = with types; bool; + default = false; + }; + + config = lib.mkIf config.homeconfig.hyprpanel.enable { + + programs.hyprpanel = { + enable = true; + }; }; }; } diff --git a/homes/nathan/home-manager/programs/nh/default.nix b/homes/nathan/home-manager/programs/nh/default.nix index ef55cdb..1911c35 100644 --- a/homes/nathan/home-manager/programs/nh/default.nix +++ b/homes/nathan/home-manager/programs/nh/default.nix @@ -1,21 +1,24 @@ -{ config, lib, inputs, ... }: { +{ ... }: { - options.homeconfig.nh.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.homeModules.nathan = { config, lib, inputs, ... }: { - config = lib.mkIf config.homeconfig.nh.enable { - - programs.nh = { - enable = true; - package = let pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux"; }; in pkgs-us.nh; - #flake = "${config.home.homeDirectory}/Projects/Olympus"; + options.homeconfig.nh.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; - clean = { + config = lib.mkIf config.homeconfig.nh.enable { + + programs.nh = { enable = true; - dates = "weekly"; - extraArgs = "--keep 5 --keep-since 5d"; + package = let pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux"; }; in pkgs-us.nh; +#flake = "${config.home.homeDirectory}/Projects/Olympus"; + + clean = { + enable = true; + dates = "weekly"; + extraArgs = "--keep 5 --keep-since 5d"; + }; }; }; }; diff --git a/homes/nathan/home-manager/programs/pywal/default.nix b/homes/nathan/home-manager/programs/pywal/default.nix index 0833cba..9b316d6 100644 --- a/homes/nathan/home-manager/programs/pywal/default.nix +++ b/homes/nathan/home-manager/programs/pywal/default.nix @@ -1,19 +1,22 @@ -{ config, lib, pkgs, inputs, ... }: { +{ ... }: { - options.homeconfig.wal.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.homeModules.nathan = { config, lib, pkgs, inputs, ... }: { - config = lib.mkIf config.homeconfig.wal.enable { + options.homeconfig.wal.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; - home.packages = with pkgs; [ - inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.pywal + config = lib.mkIf config.homeconfig.wal.enable { - pywal16 - imagemagick - ]; + home.packages = with pkgs; [ + inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.pywal - + pywal16 + imagemagick + ]; + + + }; }; } diff --git a/homes/nathan/home-manager/programs/quickshell/default.nix b/homes/nathan/home-manager/programs/quickshell/default.nix index 733213e..1d8ad56 100644 --- a/homes/nathan/home-manager/programs/quickshell/default.nix +++ b/homes/nathan/home-manager/programs/quickshell/default.nix @@ -1,26 +1,29 @@ -{ config, lib, ... }: { +{ ... }: { - options.homeconfig.quickshell.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; + flake.homeModules.nathan = { config, lib, ... }: { - config = lib.mkIf config.homeconfig.quickshell.enable { - - programs.quickshell = { - enable = true; + options.homeconfig.quickshell.enable = with lib; mkOption { + type = with types; bool; + default = false; + }; - configs = { + config = lib.mkIf config.homeconfig.quickshell.enable { - default = config.homeDirectory + "/${config.home.file.".config/quickshell".target}"; - }; - - systemd = { + programs.quickshell = { enable = true; - target = lib.mkIf config.homeconfig.hyprland.enable "wayland-session@Hyprland.target"; - }; - activeConfig = "default"; + configs = { + + default = config.homeDirectory + "/${config.home.file.".config/quickshell".target}"; + }; + + systemd = { + enable = true; + target = lib.mkIf config.homeconfig.hyprland.enable "wayland-session@Hyprland.target"; + }; + + activeConfig = "default"; + }; }; }; } diff --git a/homes/nathan/home-manager/programs/rofi/default.nix b/homes/nathan/home-manager/programs/rofi/default.nix index 49c3b01..7c62c16 100644 --- a/homes/nathan/home-manager/programs/rofi/default.nix +++ b/homes/nathan/home-manager/programs/rofi/default.nix @@ -1,19 +1,22 @@ -{ config, lib, pkgs, ... }: { - - options.homeconfig.rofi.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; +{ ... }: { - config = lib.mkIf config.homeconfig.rofi.enable { - programs.rofi = { + flake.homeModules.nathan = { config, lib, pkgs, ... }: { - enable = true; - package = pkgs.rofi; + options.homeconfig.rofi.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; - cycle = true; + config = lib.mkIf config.homeconfig.rofi.enable { + programs.rofi = { - theme = "/home/nathan/.cache/wal/colors-rofi-dark.rasi"; + enable = true; + package = pkgs.rofi; + + cycle = true; + + theme = "/home/nathan/.cache/wal/colors-rofi-dark.rasi"; + }; }; }; } diff --git a/homes/nathan/home-manager/programs/terminal/bash/default.nix b/homes/nathan/home-manager/programs/terminal/bash/default.nix index da815da..d75d106 100644 --- a/homes/nathan/home-manager/programs/terminal/bash/default.nix +++ b/homes/nathan/home-manager/programs/terminal/bash/default.nix @@ -1,31 +1,35 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - home.packages = with pkgs; [ oh-my-posh ]; + flake.homeModules.nathan = { config, lib, pkgs, ... }: { - programs.bash = { - enable = true; - enableCompletion = true; + home.packages = with pkgs; [ oh-my-posh ]; - shellAliases = { - ls = "eza"; - ll = "ls -l"; + programs.bash = { + enable = true; + enableCompletion = true; - ksh = "kitten ssh"; + shellAliases = { + ls = "eza"; + ll = "ls -l"; - vi = "nvim"; - vim = "nvim"; + ksh = "kitten ssh"; + v = "nvim"; + vi = "nvim"; + vim = "nvim"; + + }; + + bashrcExtra = '' + source ${pkgs.blesh}/share/blesh/ble.sh + ''; + + initExtra = if config.homeconfig.wal.enable then (lib.mkBefore '' + cat ${config.home.homeDirectory}/.cache/wal/sequences + eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)" + '') else (lib.mkBefore '' + eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)" + ''); }; - - bashrcExtra = '' - source ${pkgs.blesh}/share/blesh/ble.sh - ''; - - initExtra = if config.homeconfig.wal.enable then (lib.mkBefore '' - cat ${config.home.homeDirectory}/.cache/wal/sequences - eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)" - '') else (lib.mkBefore '' - eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)" - ''); }; } diff --git a/homes/nathan/home-manager/programs/terminal/bat/default.nix b/homes/nathan/home-manager/programs/terminal/bat/default.nix index 2c1f101..8c37762 100644 --- a/homes/nathan/home-manager/programs/terminal/bat/default.nix +++ b/homes/nathan/home-manager/programs/terminal/bat/default.nix @@ -1,18 +1,21 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - programs.bat = { + flake.homeModules.nathan = { config, lib, pkgs, ... }: { - enable = true; + programs.bat = { - extraPackages = with pkgs.bat-extras; [ - batman - batpipe - batgrep - batdiff - batwatch - prettybat - ]; + enable = true; + + extraPackages = with pkgs.bat-extras; [ + batman + batpipe + batgrep + batdiff + batwatch + prettybat + ]; - }; + }; + }; } diff --git a/homes/nathan/home-manager/programs/terminal/default.nix b/homes/nathan/home-manager/programs/terminal/default.nix deleted file mode 100644 index 3ec423c..0000000 --- a/homes/nathan/home-manager/programs/terminal/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: { - - imports = [ - ./bat - ./bash - ./eza - ./fzf - ./lf - ./tmux - ./kitty - ./zoxide - ./zsh - ./ssh - ./ohmyposh - ./opencode - ]; -} diff --git a/homes/nathan/home-manager/programs/terminal/eza/default.nix b/homes/nathan/home-manager/programs/terminal/eza/default.nix index 3f6d4a9..025442f 100644 --- a/homes/nathan/home-manager/programs/terminal/eza/default.nix +++ b/homes/nathan/home-manager/programs/terminal/eza/default.nix @@ -1,17 +1,20 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - programs.eza = { + flake.homeModules.nathan = { config, lib, pkgs, ... }: { - enable = true; + programs.eza = { - enableZshIntegration = true; + enable = true; - extraOptions = [ - "--color=auto" - ]; + enableZshIntegration = true; - git = true; + extraOptions = [ + "--color=auto" + ]; - icons = "auto"; - }; + git = true; + + icons = "auto"; + }; + }; } diff --git a/homes/nathan/home-manager/programs/terminal/fzf/default.nix b/homes/nathan/home-manager/programs/terminal/fzf/default.nix index b9b7e6a..f9d2bd8 100644 --- a/homes/nathan/home-manager/programs/terminal/fzf/default.nix +++ b/homes/nathan/home-manager/programs/terminal/fzf/default.nix @@ -1,15 +1,18 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - programs.fzf = { - - enable = true; + flake.homeModules.nathan = { config, lib, pkgs, ... }: { - enableZshIntegration = true; + programs.fzf = { - tmux = { - #enableShellIntegration = true; + enable = true; - #shellIntegrationOptions = []; + enableZshIntegration = true; + + tmux = { +#enableShellIntegration = true; + +#shellIntegrationOptions = []; + }; + }; }; - }; } diff --git a/homes/nathan/home-manager/programs/terminal/kitty/default.nix b/homes/nathan/home-manager/programs/terminal/kitty/default.nix index 4c9d710..27d5af2 100644 --- a/homes/nathan/home-manager/programs/terminal/kitty/default.nix +++ b/homes/nathan/home-manager/programs/terminal/kitty/default.nix @@ -1,33 +1,36 @@ -{ config, ... }: { - - programs.kitty = { - - enable = true; +{ ... }: { - font = { - name = "FiraCode Nerd Font"; - size = 12; + flake.homeModules.nathan = { config, ... }: { + + programs.kitty = { + + enable = true; + + font = { + name = "FiraCode Nerd Font"; + size = 12; + }; + + extraConfig = '' + + confirm_os_window_close 0 + + include ${config.home.homeDirectory}/.cache/wal/colors-kitty.conf + + disable_ligatures never + + dynamic_background_opacity yes + + tab_bar_edge top + + map ctrl+shift+t new_tab + map ctrl+shift+w close_tab + + map ctrl+tab next_tab + map ctrl+shift+tab previous_tab + + ''; + }; }; - - extraConfig = '' - -confirm_os_window_close 0 - -include ${config.home.homeDirectory}/.cache/wal/colors-kitty.conf - -disable_ligatures never - -dynamic_background_opacity yes - -tab_bar_edge top - -map ctrl+shift+t new_tab -map ctrl+shift+w close_tab - -map ctrl+tab next_tab -map ctrl+shift+tab previous_tab - - ''; - }; } diff --git a/homes/nathan/home-manager/programs/terminal/lf/default.nix b/homes/nathan/home-manager/programs/terminal/lf/default.nix index 245f3f3..14814d0 100644 --- a/homes/nathan/home-manager/programs/terminal/lf/default.nix +++ b/homes/nathan/home-manager/programs/terminal/lf/default.nix @@ -1,7 +1,10 @@ { ... }: { - config = { - programs.lf = { - enable = true; + + flake.homeModules.nathan = { ... }: { + config = { + programs.lf = { + enable = true; + }; }; }; } diff --git a/homes/nathan/home-manager/programs/terminal/ohmyposh/default.nix b/homes/nathan/home-manager/programs/terminal/ohmyposh/default.nix index 26c4507..8333c23 100644 --- a/homes/nathan/home-manager/programs/terminal/ohmyposh/default.nix +++ b/homes/nathan/home-manager/programs/terminal/ohmyposh/default.nix @@ -1,136 +1,139 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - home.packages = with pkgs; [ - oh-my-posh - ]; - - programs.zsh = { - - initContent = with lib; mkMerge [ - (mkIf config.homeconfig.wal.enable (mkBefore '' - cat ${config.home.homeDirectory}/.cache/wal/sequences - eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)" - '')) + flake.homeModules.nathan = { config, lib, pkgs, ... }: { - (mkIf (!config.homeconfig.wal.enable) (mkBefore '' - eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)" - '')) - ]; + home.packages = with pkgs; [ + oh-my-posh + ]; - }; + programs.zsh = { - home.file.".config/wal/templates/ohmyposh.toml".text = '' + initContent = with lib; mkMerge [ + (mkIf config.homeconfig.wal.enable (mkBefore '' + cat ${config.home.homeDirectory}/.cache/wal/sequences + eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)" + '')) + + (mkIf (!config.homeconfig.wal.enable) (mkBefore '' + eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)" + '')) + ]; + + }; + + home.file.".config/wal/templates/ohmyposh.toml".text = '' #:schema https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json -version = 2 -final_space = true -console_title_template = '{{{{ .Shell }}}} in {{{{ .Folder }}}}' + version = 2 + final_space = true + console_title_template = '{{{{ .Shell }}}} in {{{{ .Folder }}}}' -[[blocks]] - type = 'prompt' - alignment = 'left' - newline = true + [[blocks]] + type = 'prompt' + alignment = 'left' + newline = true - [[blocks.segments]] - type = 'os' - style = 'diamond' - trailing_diamond = '' - background = 'p:c1' - foreground = 'p:c12' - template = ' {{{{ .Icon }}}} ' + [[blocks.segments]] + type = 'os' + style = 'diamond' + trailing_diamond = '' + background = 'p:c1' + foreground = 'p:c12' + template = ' {{{{ .Icon }}}} ' - [[blocks.segments]] - type = 'session' - style = 'diamond' - trailing_diamond = '' - background = 'p:c2' - foreground = 'p:c14' - template = '{{{{ .UserName }}}}@{{{{ .HostName }}}}' + [[blocks.segments]] + type = 'session' + style = 'diamond' + trailing_diamond = '' + background = 'p:c2' + foreground = 'p:c14' + template = '{{{{ .UserName }}}}@{{{{ .HostName }}}}' - [[blocks.segments]] - type = 'path' - style = 'diamond' - trailing_diamond = '' - background = 'p:c4' - foreground = 'p:c13' - template = '{{{{ .Path }}}}' + [[blocks.segments]] + type = 'path' + style = 'diamond' + trailing_diamond = '' + background = 'p:c4' + foreground = 'p:c13' + template = '{{{{ .Path }}}}' - [blocks.segments.properties] - style = 'full' + [blocks.segments.properties] + style = 'full' -[[blocks]] - type = 'prompt' - overflow = 'hidden' - alignment = 'right' + [[blocks]] + type = 'prompt' + overflow = 'hidden' + alignment = 'right' - [[blocks.segments]] - type = 'executiontime' - style = 'diamond' - leading_diamond = '' - background = 'p:c4' - foreground = 'p:c13' - template = '{{{{ .FormattedMs }}}}' + [[blocks.segments]] + type = 'executiontime' + style = 'diamond' + leading_diamond = '' + background = 'p:c4' + foreground = 'p:c13' + template = '{{{{ .FormattedMs }}}}' - [[blocks.segments]] - type = 'time' - style = 'diamond' - leading_diamond = '' - background = 'p:c2' - foreground = 'p:c14' + [[blocks.segments]] + type = 'time' + style = 'diamond' + leading_diamond = '' + background = 'p:c2' + foreground = 'p:c14' - [[blocks.segments]] - type = 'shell' - style = 'diamond' - leading_diamond = '' - background = 'p:c1' - foreground = 'p:c12' + [[blocks.segments]] + type = 'shell' + style = 'diamond' + leading_diamond = '' + background = 'p:c1' + foreground = 'p:c12' -[[blocks]] - type = 'prompt' - alignment = 'left' - newline = true + [[blocks]] + type = 'prompt' + alignment = 'left' + newline = true - [[blocks.segments]] - type = 'text' - style = 'plain' - background = 'transparent' - foreground_templates = [ - "{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}", - "{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}", - ] - template = "{{{{ if gt .Code 0 }}}}!❭ {{{{else}}}}❭ {{{{end}}}}" + [[blocks.segments]] + type = 'text' + style = 'plain' + background = 'transparent' + foreground_templates = [ + "{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}", + "{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}", + ] + template = "{{{{ if gt .Code 0 }}}}!❭ {{{{else}}}}❭ {{{{end}}}}" -[transient_prompt] - foreground_templates = [ - "{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}", - "{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}", - ] - background = 'transparent' - template = "{{{{ if gt .Code 0 }}}}!❭ {{{{else}}}}❭ {{{{end}}}}" + [transient_prompt] + foreground_templates = [ + "{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}", + "{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}", + ] + background = 'transparent' + template = "{{{{ if gt .Code 0 }}}}!❭ {{{{else}}}}❭ {{{{end}}}}" -[secondary_prompt] - background = 'transparent' - forground = 'p:c14' - template = "❭❭ " + [secondary_prompt] + background = 'transparent' + forground = 'p:c14' + template = "❭❭ " -[palette] + [palette] -c0 = "{color0}" -c1 = "{color1}" -c2 = "{color2}" -c3 = "{color3}" -c4 = "{color4}" -c5 = "{color5}" -c6 = "{color6}" -c7 = "{color7}" -c8 = "{color8}" -c9 = "{color9}" -c10 = "{color10}" -c11 = "{color11}" -c12 = "{color12}" -c13 = "{color13}" -c14 = "{color14}" -c15 = "{color15}" - ''; + c0 = "{color0}" + c1 = "{color1}" + c2 = "{color2}" + c3 = "{color3}" + c4 = "{color4}" + c5 = "{color5}" + c6 = "{color6}" + c7 = "{color7}" + c8 = "{color8}" + c9 = "{color9}" + c10 = "{color10}" + c11 = "{color11}" + c12 = "{color12}" + c13 = "{color13}" + c14 = "{color14}" + c15 = "{color15}" + ''; + }; } diff --git a/homes/nathan/home-manager/programs/terminal/opencode/default.nix b/homes/nathan/home-manager/programs/terminal/opencode/default.nix index 30efe98..83148e6 100644 --- a/homes/nathan/home-manager/programs/terminal/opencode/default.nix +++ b/homes/nathan/home-manager/programs/terminal/opencode/default.nix @@ -1,48 +1,51 @@ -{ config, lib, ... }: { +{ ... }: { - options.homeconfig.opencode.enable = with lib; mkOption { - type = with types; bool; - default = true; - }; + flake.homeModules.nathan = { config, lib, ... }: { - config = lib.mkIf config.homeconfig.opencode.enable { + options.homeconfig.opencode.enable = with lib; mkOption { + type = with types; bool; + default = true; + }; - programs.opencode = { - enable = true; + config = lib.mkIf config.homeconfig.opencode.enable { - settings = { - theme = "system"; - model = "ollama-remote/qwen3:8b"; + programs.opencode = { + enable = true; - provider = { - ollama-local = { - name = "Ollama (local)"; + settings = { + theme = "system"; + model = "ollama-remote/qwen3:8b"; - npm = "@ai-sdk/openai-compatible"; + provider = { + ollama-local = { + name = "Ollama (local)"; - options.baseURL = "http://localhost:11434/v1"; + npm = "@ai-sdk/openai-compatible"; + + options.baseURL = "http://localhost:11434/v1"; + + models = { + "ministral-3:8b".name = "Ministral 3 8B"; + "llama3.2".name = "Llama 3.2"; + "qwen3:8b".name = "Qwen 3"; + }; - models = { - "ministral-3:8b".name = "Ministral 3 8B"; - "llama3.2".name = "Llama 3.2"; - "qwen3:8b".name = "Qwen 3"; }; - }; + ollama-remote = { + name = "Ollama (remote)"; - ollama-remote = { - name = "Ollama (remote)"; + npm = "@ai-sdk/openai-compatible"; - npm = "@ai-sdk/openai-compatible"; + options.baseURL = "https://ollama.esotericbytes.com/v1"; - options.baseURL = "https://ollama.esotericbytes.com/v1"; + models = { + "ministral-3:8b".name = "Ministral 3 8B"; + "llama3.2".name = "Llama 3.2"; + "qwen3:8b".name = "Qwen 3"; + }; - models = { - "ministral-3:8b".name = "Ministral 3 8B"; - "llama3.2".name = "Llama 3.2"; - "qwen3:8b".name = "Qwen 3"; }; - }; }; }; diff --git a/homes/nathan/home-manager/programs/terminal/ssh/default.nix b/homes/nathan/home-manager/programs/terminal/ssh/default.nix index e7ccdc5..74bf70b 100644 --- a/homes/nathan/home-manager/programs/terminal/ssh/default.nix +++ b/homes/nathan/home-manager/programs/terminal/ssh/default.nix @@ -1,24 +1,27 @@ { ... }: { - programs.ssh = { + flake.homeModules.nathan = { ... }: { - enable = true; + programs.ssh = { - # defaults as of 25.11 - matchBlocks."*" = { - forwardAgent = false; - addKeysToAgent = "no"; - compression = false; - serverAliveInterval = 0; - serverAliveCountMax = 3; - hashKnownHosts = false; - userKnownHostsFile = "~/.ssh/known_hosts"; - controlMaster = "no"; - controlPath = "~/.ssh/master-%r@%n:%p"; - controlPersist = "no"; + enable = true; + +# defaults as of 25.11 + matchBlocks."*" = { + forwardAgent = false; + addKeysToAgent = "no"; + compression = false; + serverAliveInterval = 0; + serverAliveCountMax = 3; + hashKnownHosts = false; + userKnownHostsFile = "~/.ssh/known_hosts"; + controlMaster = "no"; + controlPath = "~/.ssh/master-%r@%n:%p"; + controlPersist = "no"; + }; + enableDefaultConfig = false; + + + }; }; - enableDefaultConfig = false; - - - }; } diff --git a/homes/nathan/home-manager/programs/terminal/tmux/default.nix b/homes/nathan/home-manager/programs/terminal/tmux/default.nix index 62d73f7..02937c4 100644 --- a/homes/nathan/home-manager/programs/terminal/tmux/default.nix +++ b/homes/nathan/home-manager/programs/terminal/tmux/default.nix @@ -1,23 +1,26 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - programs.tmux = { - - enable = true; - - clock24 = true; - - mouse = true; - - baseIndex = 1; - - keyMode = "vi"; - - prefix = "C-b"; - - shell = "${pkgs.zsh}/bin/zsh"; - - }; + flake.homeModules.nathan = { config, lib, pkgs, ... }: { + programs.tmux = { + + enable = true; + + clock24 = true; + + mouse = true; + + baseIndex = 1; + + keyMode = "vi"; + + prefix = "C-b"; + + shell = "${pkgs.zsh}/bin/zsh"; + + }; + + }; } diff --git a/homes/nathan/home-manager/programs/terminal/zoxide/default.nix b/homes/nathan/home-manager/programs/terminal/zoxide/default.nix index afbf058..2e2db6e 100644 --- a/homes/nathan/home-manager/programs/terminal/zoxide/default.nix +++ b/homes/nathan/home-manager/programs/terminal/zoxide/default.nix @@ -1,13 +1,16 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - programs.zoxide = { + flake.homeModules.nathan = { ... }: { - enable = true; + programs.zoxide = { - enableZshIntegration = true; + enable = true; - options = [ - "--cmd cd" - ]; - }; + enableZshIntegration = true; + + options = [ + "--cmd cd" + ]; + }; + }; } diff --git a/homes/nathan/home-manager/programs/terminal/zsh/default.nix b/homes/nathan/home-manager/programs/terminal/zsh/default.nix index 9eecb72..2bf4776 100644 --- a/homes/nathan/home-manager/programs/terminal/zsh/default.nix +++ b/homes/nathan/home-manager/programs/terminal/zsh/default.nix @@ -1,37 +1,40 @@ -{ lib, ... }: { +{ ... }: { - programs.zsh = { - - enable = true; + flake.homeModules.nathan = { lib, ... }: { - initContent = lib.mkOrder 1200 '' - bindkey ' ' magic-space - ''; - - enableCompletion = true; - - autosuggestion.enable = true; - - syntaxHighlighting.enable = true; - - shellAliases = { - ls = "eza"; - ll = "ls -l"; + programs.zsh = { - ksh = "kitten ssh"; + enable = true; - vi = "nvim"; - vim = "nvim"; + initContent = lib.mkOrder 1200 '' + bindkey ' ' magic-space + ''; - python = "python3.13"; - python3 = "python3.13"; + enableCompletion = true; + + autosuggestion.enable = true; + + syntaxHighlighting.enable = true; + + shellAliases = { + ls = "eza"; + ll = "ls -l"; + + ksh = "kitten ssh"; + + vi = "nvim"; + vim = "nvim"; + + python = "python3.13"; + python3 = "python3.13"; + }; + + history = { + size = 5000; + ignoreAllDups = true; + ignoreSpace = true; + share = true; + }; + }; }; - - history = { - size = 5000; - ignoreAllDups = true; - ignoreSpace = true; - share = true; - }; - }; } diff --git a/homes/nathan/home-manager/services/default.nix b/homes/nathan/home-manager/services/default.nix deleted file mode 100644 index 8c32d01..0000000 --- a/homes/nathan/home-manager/services/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: { - - imports = let - dir = builtins.readDir ./.; - in builtins.map (x: ./${x}) (builtins.filter - (file: (dir.${file} == "directory")) - (builtins.attrNames dir) - ); -} diff --git a/homes/nathan/home-manager/services/mpd/default.nix b/homes/nathan/home-manager/services/mpd/default.nix index cc5f70b..e60c807 100644 --- a/homes/nathan/home-manager/services/mpd/default.nix +++ b/homes/nathan/home-manager/services/mpd/default.nix @@ -1,41 +1,44 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - options = { - homeconfig.mpd.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; + flake.homeModules.nathan = { config, lib, pkgs, ... }: { + + options = { + homeconfig.mpd.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; }; - }; - config = lib.mkIf config.homeconfig.mpd.enable { - services.mpd = { - enable = true; - network.startWhenNeeded = true; - network.port = 6600; - network.listenAddress = "127.0.0.1"; - musicDirectory = "/home/nathan/Music"; - extraConfig = '' - audio_output { - type "pipewire" - name "Audio1" - } + config = lib.mkIf config.homeconfig.mpd.enable { + services.mpd = { + enable = true; + network.startWhenNeeded = true; + network.port = 6600; + network.listenAddress = "127.0.0.1"; + musicDirectory = "/home/nathan/Music"; + extraConfig = '' + audio_output { + type "pipewire" + name "Audio1" + } audio_output { type "fifo" - name "visualizer" - path "/tmp/mpd.fifo" - format "44100:16:1" + name "visualizer" + path "/tmp/mpd.fifo" + format "44100:16:1" } - ''; + ''; + }; + + services.mpdris2 = { + enable = true; + mpd.host = "127.0.0.1"; + mpd.port = 6600; + package = pkgs.mpdris2; + mpd.musicDirectory = "/home/nathan/Music"; + notifications = true; + }; }; - services.mpdris2 = { - enable = true; - mpd.host = "127.0.0.1"; - mpd.port = 6600; - package = pkgs.mpdris2; - mpd.musicDirectory = "/home/nathan/Music"; - notifications = true; - }; }; - } diff --git a/homes/nathan/home.nix b/homes/nathan/home.nix index 757dbc3..2fcb425 100644 --- a/homes/nathan/home.nix +++ b/homes/nathan/home.nix @@ -1,25 +1,38 @@ -{ lib, inputs, ... }: +{ self, inputs, ... }: { -{ + flake.homeModules.nathan = { lib, ... }: - config = { - homeconfig = { - graphical = lib.mkDefault false; - minimal = lib.mkDefault false; + { - hyprland.enable = false; - }; + config = { + homeconfig = { + graphical = lib.mkDefault false; + minimal = lib.mkDefault false; - - nix = { - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - settings = { - experimental-features = [ "nix-command" "flakes" ]; - builders = "ssh://builder x86_64-linux,aarch64-linux /run/secrets/remoteBuildKey 1 1 nixos-test,benchmark,big-parallel,kvm - -"; - builders-use-substituters = true; + hyprland.enable = false; }; + + + nix = { + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + builders = "ssh://builder x86_64-linux,aarch64-linux /run/secrets/remoteBuildKey 1 1 nixos-test,benchmark,big-parallel,kvm - -"; + builders-use-substituters = true; + }; + }; + + programs.home-manager.enable = true; }; - - programs.home-manager.enable = true; }; - } + + flake.homeConfigurations.nathan = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = import inputs.nixpkgs { + system = builtins.currentSystem; + }; + + modules = [ + self.homeModules.nathan + ]; + }; +} diff --git a/machines/android b/machines/android deleted file mode 160000 index 4ba0746..0000000 --- a/machines/android +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 4ba07466f6b6b0248ea81d0422a9bc2aee32185b diff --git a/profiles/container/default.nix b/profiles/container/default.nix index a93f9a1..47da395 100644 --- a/profiles/container/default.nix +++ b/profiles/container/default.nix @@ -1,157 +1,160 @@ -{ config, pkgs, lib, inputs, ... }: +{ ... }: { -{ - imports = - [ - - inputs.home-manager.nixosModules.default - - ]; + flake.nixosModules.container = { config, pkgs, lib, inputs, ... }: - config = { - hardware.nvidia.open = true; + { + imports = + [ - boot.isContainer = true; + inputs.home-manager.nixosModules.default - services = { - xserver = { + ]; + + config = { + hardware.nvidia.open = true; + + boot.isContainer = true; + + services = { + xserver = { #enable = true; - videoDrivers = ["nvidia"]; - }; - displayManager = { - enable = true; - defaultSession = "plasma"; - autoLogin = { - enable = true; - user = "nathan"; + videoDrivers = ["nvidia"]; }; + displayManager = { + enable = true; + defaultSession = "plasma"; + autoLogin = { + enable = true; + user = "nathan"; + }; + }; + pulseaudio.enable = false; }; - pulseaudio.enable = false; - }; - systemd.extraConfig = "DefaultLimitNOFILE=2048"; - /* - environment.sessionVariables = { - WLR_BACKENDS = "headless"; - WLR_LIBINPUT_NO_DEVICES = "1"; - }; - */ - programs.zsh.enable = true; - environment.shells = with pkgs; [ zsh ]; - users.defaultUserShell = pkgs.zsh; + systemd.extraConfig = "DefaultLimitNOFILE=2048"; + /* + environment.sessionVariables = { + WLR_BACKENDS = "headless"; + WLR_LIBINPUT_NO_DEVICES = "1"; + }; + */ + programs.zsh.enable = true; + environment.shells = with pkgs; [ zsh ]; + users.defaultUserShell = pkgs.zsh; - nixpkgs = { - config.allowUnfree = true; - hostPlatform = "x86_64-linux"; - }; + nixpkgs = { + config.allowUnfree = true; + hostPlatform = "x86_64-linux"; + }; # Set your time zone. - time.timeZone = "America/Chicago"; + time.timeZone = "America/Chicago"; # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; + i18n.defaultLocale = "en_US.UTF-8"; - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; - services.displayManager.sddm.settings.AutoLogin = { - User = "nathan"; - Session = "plasmawayland.desktop"; - Relogin = true; - }; + services.displayManager.sddm.settings.AutoLogin = { + User = "nathan"; + Session = "plasmawayland.desktop"; + Relogin = true; + }; - networking = { - nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager.enable = true; - firewall.allowedTCPPorts = [ 80 ]; - }; + networking = { + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager.enable = true; + firewall.allowedTCPPorts = [ 80 ]; + }; - system.stateVersion = "25.05"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? - users.users."nathan" = { - isNormalUser = true; + users.users."nathan" = { + isNormalUser = true; - initialPassword = "7567"; + initialPassword = "7567"; #hashedPasswordFile = config.sops.secrets."nathan/pass".path; - extraGroups = [ - "wheel" - ]; # Enable ‘sudo’ for the user. + extraGroups = [ + "wheel" + ]; # Enable ‘sudo’ for the user. - /*openssh.authorizedKeys.keys = [ - ];*/ + /*openssh.authorizedKeys.keys = [ + ];*/ + }; + + nix = { + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + }; }; - nix = { - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - settings = { - experimental-features = [ "nix-command" "flakes" ]; + /*sops = { + age.keyFile = "/home/nathan/.config/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + defaultSopsFormat = "yaml"; + + secrets = { + "nathan/pass" = { + neededForUsers = true; + }; + }; + };*/ + + programs.fuse.userAllowOther = true; + + home-manager = { + backupFileExtension = "backup"; + extraSpecialArgs = {inherit inputs;}; + users = { + "nathan" = lib.mkMerge [ + inputs.nathan-home-manager + { + config.homeconfig = { + minimal = false; + hyprland.enable = false; + wal.enable = false; + hyprpanel.enable = false; + hyprlock.enable = false; + mpd.enable = true; + calcurse.enable = true; + rofi.enable = true; + firefox.enable = true; + }; + } + ]; + }; }; + + sysconfig = { + opts = { + novnc.enable = true; + sddm.enable = true; + openssh.enable = true; + pipewire.enable = true; + hyprpanel.enable = false; + hyprland.enable = false; + kdePlasma6.enable = true; + git.enable = true; + nh.enable = true; + netbird.enable = true; + }; + }; + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + }; - - /*sops = { - age.keyFile = "/home/nathan/.config/sops/age/keys.txt"; - defaultSopsFile = ./secrets.yaml; - defaultSopsFormat = "yaml"; - - secrets = { - "nathan/pass" = { - neededForUsers = true; - }; - }; - };*/ - - programs.fuse.userAllowOther = true; - - home-manager = { - backupFileExtension = "backup"; - extraSpecialArgs = {inherit inputs;}; - users = { - "nathan" = lib.mkMerge [ - inputs.nathan-home-manager - { - config.homeconfig = { - minimal = false; - hyprland.enable = false; - wal.enable = false; - hyprpanel.enable = false; - hyprlock.enable = false; - mpd.enable = true; - calcurse.enable = true; - rofi.enable = true; - firefox.enable = true; - }; - } - ]; - }; - }; - - sysconfig = { - opts = { - novnc.enable = true; - sddm.enable = true; - openssh.enable = true; - pipewire.enable = true; - hyprpanel.enable = false; - hyprland.enable = false; - kdePlasma6.enable = true; - git.enable = true; - nh.enable = true; - netbird.enable = true; - }; - }; - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - }; } diff --git a/profiles/homebox/default.nix b/profiles/homebox/default.nix index 9c056b3..52af4b0 100644 --- a/profiles/homebox/default.nix +++ b/profiles/homebox/default.nix @@ -1,116 +1,119 @@ -{ config, pkgs, lib, disko, sops-nix, home-manager, ... }: +{ ... }: { -{ - imports = - [ - disko.nixosModules.default - - sops-nix.nixosModules.sops - - home-manager.nixosModules.default - - ]; + flake.nixosModules.homebox = { config, pkgs, lib, disko, sops-nix, home-manager, ... }: - config = { - - boot = { - kernelPackages = pkgs.linuxKernel.packages.linux_6_18; - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; + { + imports = + [ + disko.nixosModules.default + + sops-nix.nixosModules.sops + + home-manager.nixosModules.default + + ]; + + config = { + + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_6_18; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ]; }; - binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ]; - }; - systemd.settings.Manager.DefaultLimitNOFILE = 2048; + systemd.settings.Manager.DefaultLimitNOFILE = 2048; - programs.zsh.enable = true; - environment.shells = with pkgs; [ zsh bashInteractive ]; + programs.zsh.enable = true; + environment.shells = with pkgs; [ zsh bashInteractive ]; - nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowUnfree = true; - networking = { - nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ]; - networkmanager = { - enable = true; - dns = "none"; - }; - useDHCP = false; - dhcpcd.enable = false; - - nftables = {}; - nat = { - enable = true; - internalInterfaces = [ "ve-.+" ]; - externalInterface = "wlp7s0"; # wifi - #externalInterface = "enp6s0"; # ethernet - }; - }; - - sysconfig = { - remoteBuildHost = true; - graphical = false; - - services = { - sddm.enable = false; - openssh.enable = true; - pipewire.enable = true; - netbird.enable = true; - - ollama.enable = false; - avahi.enable = true; - wyoming = { + networking = { + nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ]; + networkmanager = { enable = true; - piper = true; - openwakeword = true; - faster-whisper = true; + dns = "none"; + }; + useDHCP = false; + dhcpcd.enable = false; + + nftables = {}; + nat = { + enable = true; + internalInterfaces = [ "ve-.+" ]; + externalInterface = "wlp7s0"; # wifi +#externalInterface = "enp6s0"; # ethernet }; }; - programs = { - hyprland.enable = false; - hyprpanel.enable = false; - steam.enable = false; + sysconfig = { + remoteBuildHost = true; + graphical = false; + + services = { + sddm.enable = false; + openssh.enable = true; + pipewire.enable = true; + netbird.enable = true; + + ollama.enable = false; + avahi.enable = true; + wyoming = { + enable = true; + piper = true; + openwakeword = true; + faster-whisper = true; + }; + }; + + programs = { + hyprland.enable = false; + hyprpanel.enable = false; + steam.enable = false; + }; + + docker = { + enable = true; + + portainer.enable = true; + traefik.enable = true; + pihole.enable = true; + authentik.enable = true; + netbird.enable = true; + + openwebui.enable = true; + ollama.enable = true; + searxng.enable = true; + home-assistant.enable = true; + n8n.enable = true; + + nextcloud.enable = false; + jellyfin.enable = true; + }; + + containers = { + "esotericbytes.com".enable = true; + + gitea.enable = true; + + code-server.enable = true; + + minecraft.enable = true; + + sandbox.enable = false; + }; + + virtual-machines = { + enable = true; + }; }; - docker = { - enable = true; + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - portainer.enable = true; - traefik.enable = true; - pihole.enable = true; - authentik.enable = true; - netbird.enable = true; - - openwebui.enable = true; - ollama.enable = true; - searxng.enable = true; - home-assistant.enable = true; - n8n.enable = true; - - nextcloud.enable = false; - jellyfin.enable = true; - }; - - containers = { - "esotericbytes.com".enable = true; - - gitea.enable = true; - - code-server.enable = true; - - minecraft.enable = true; - - sandbox.enable = false; - }; - - virtual-machines = { - enable = true; - }; }; - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - }; - } diff --git a/profiles/iso/default.nix b/profiles/iso/default.nix index 5c8a1d9..2465701 100644 --- a/profiles/iso/default.nix +++ b/profiles/iso/default.nix @@ -1,106 +1,109 @@ -{ lib, pkgs, inputs, modulesPath, ... }: { +{ ... }: { - imports = with inputs; [ - - (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") - - home-manager.nixosModules.default + flake.nixosModules.iso = { lib, pkgs, inputs, modulesPath, ... }: { - ]; + imports = with inputs; [ - config = { + (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") - fonts.fontconfig.enable = lib.mkForce true; - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ]; - - system.stateVersion = "25.05"; + home-manager.nixosModules.default - nixpkgs.hostPlatform = "x86_64-linux"; + ]; - users.users."nathan" = { - hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; - packages = with pkgs; [ - git - nerd-fonts.fira-code - ]; - }; + config = { - users.users.nixos.enable = lib.mkForce false; + fonts.fontconfig.enable = lib.mkForce true; - services.getty.autologinUser = lib.mkForce null; + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ]; - networking = { - nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager.enable = true; - }; + system.stateVersion = "25.05"; - programs.zsh.enable = true; + nixpkgs.hostPlatform = "x86_64-linux"; - environment.shells = with pkgs; [ zsh bashInteractive ]; + users.users."nathan" = { + hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; + packages = with pkgs; [ + git + nerd-fonts.fira-code + ]; + }; - sysconfig = { - host = "iso"; - graphical = true; - users = { - nathan = { - extraGroups = [ "wheel" "networkmanager" ]; - shell = pkgs.zsh; - sshKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" - ]; - home-manager = { - enable = true; - standalone = false; - extraModules = [ - { - homeconfig = { - minimal = false; - hyprland.enable = true; - hyprlock.enable = true; - wal.enable = true; - mpd.enable = true; - hyprpanel.enable = true; - rofi.enable = true; - firefox.enable = true; - git.enable = false; - nh.enable = true; - }; - } + users.users.nixos.enable = lib.mkForce false; + + services.getty.autologinUser = lib.mkForce null; + + networking = { + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager.enable = true; + }; + + programs.zsh.enable = true; + + environment.shells = with pkgs; [ zsh bashInteractive ]; + + sysconfig = { + host = "iso"; + graphical = true; + users = { + nathan = { + extraGroups = [ "wheel" "networkmanager" ]; + shell = pkgs.zsh; + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" ]; + home-manager = { + enable = true; + standalone = false; + extraModules = [ + { + homeconfig = { + minimal = false; + hyprland.enable = true; + hyprlock.enable = true; + wal.enable = true; + mpd.enable = true; + hyprpanel.enable = true; + rofi.enable = true; + firefox.enable = true; + git.enable = false; + nh.enable = true; + }; + } + ]; + }; + }; + }; + + services = { + sddm.enable = true; + openssh.enable = true; + pipewire.enable = true; +#kdePlasma6.enable = true; + netbird.enable = true; +#ollama.enable = true; + }; + + programs = { +#steam.enable = true; + hyprpanel.enable = true; + hyprland.enable = true; + }; + + + virtualization = { + + wyoming = { + enable = false; + }; + + homeassistant = { + enable = false; }; }; }; - services = { - sddm.enable = true; - openssh.enable = true; - pipewire.enable = true; - #kdePlasma6.enable = true; - netbird.enable = true; - #ollama.enable = true; - }; - programs = { - #steam.enable = true; - hyprpanel.enable = true; - hyprland.enable = true; - }; - - - virtualization = { - - wyoming = { - enable = false; - }; - - homeassistant = { - enable = false; - }; - }; }; - - }; } diff --git a/profiles/jesstop/default.nix b/profiles/jesstop/default.nix index 9cb0990..84122e4 100644 --- a/profiles/jesstop/default.nix +++ b/profiles/jesstop/default.nix @@ -1,131 +1,134 @@ -{ config, pkgs, lib, inputs, ... }: +{ ... }: { -{ + flake.nixosModules.jesstop = { config, pkgs, lib, inputs, ... }: - imports = [ - ./hardware-configuration.nix + { - #inputs.home-manager.nixosModules.default + imports = [ + ./hardware-configuration.nix - inputs.sops-nix.nixosModules.sops - ]; +#inputs.home-manager.nixosModules.default - config = { - - nixpkgs.config = { - allowUnfree = true; - }; - -# Bootloader. - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; - - systemd.extraConfig = "DefaultLimitNOFILE=2048"; - - hardware = { - graphics.enable = true; - -#enable bluetooth - bluetooth.enable = true; - - }; - - services.pulseaudio.enable = false; - - environment.systemPackages = with pkgs; [ - alsa-utils + inputs.sops-nix.nixosModules.sops ]; - sysconfig.opts = { - sddm.enable = true; - openssh.enable = false; - steam.enable = true; - pipewire.enable = true; - hyprpanel.enable = false; - hyprland.enable = false; - git.enable = false; - nh.enable = true; + config = { - }; + nixpkgs.config = { + allowUnfree = true; + }; + +# Bootloader. + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + systemd.extraConfig = "DefaultLimitNOFILE=2048"; + + hardware = { + graphics.enable = true; + +#enable bluetooth + bluetooth.enable = true; + + }; + + services.pulseaudio.enable = false; + + environment.systemPackages = with pkgs; [ + alsa-utils + ]; + + sysconfig.opts = { + sddm.enable = true; + openssh.enable = false; + steam.enable = true; + pipewire.enable = true; + hyprpanel.enable = false; + hyprland.enable = false; + git.enable = false; + nh.enable = true; + + }; # Enable the X11 windowing system. - services.xserver = { - enable = true; - desktopManager.enlightenment.enable = true; - }; + services.xserver = { + enable = true; + desktopManager.enlightenment.enable = true; + }; - services.acpid.enable = true; + services.acpid.enable = true; - services.displayManager.enable = true; + services.displayManager.enable = true; # Enable CUPS to print documents. - services.printing.enable = true; + services.printing.enable = true; - system.stateVersion = "23.05"; # Did you read the comment? + system.stateVersion = "23.05"; # Did you read the comment? # Set your time zone. - time.timeZone = "America/Chicago"; + time.timeZone = "America/Chicago"; # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; + i18n.defaultLocale = "en_US.UTF-8"; - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - networking = { - hostName = "jesstop"; - nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager.enable = true; - }; - - - users.users."nickelback" = { - isNormalUser = true; - description = "Thomas Jefferson"; - initialPassword = "89453712"; -#hashedPasswordFile = config.sops.secrets."nathan/pass".path; - extraGroups = [ - "wheel" - "networkmanager" - ]; # Enable ‘sudo’ for the user. - openssh.authorizedKeys.keys = []; - - packages = with pkgs; [ - (writeShellScriptBin "beets" '' - bluetoothctl connect A4:16:C0:74:1F:55 - '') - - spotify - gnome-network-displays - discord - krita - rpcs3 - ]; - }; - - nix = { - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - settings = { - experimental-features = [ "nix-command" "flakes" ]; + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; }; + + networking = { + hostName = "jesstop"; + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager.enable = true; + }; + + + users.users."nickelback" = { + isNormalUser = true; + description = "Thomas Jefferson"; + initialPassword = "89453712"; +#hashedPasswordFile = config.sops.secrets."nathan/pass".path; + extraGroups = [ + "wheel" + "networkmanager" + ]; # Enable ‘sudo’ for the user. + openssh.authorizedKeys.keys = []; + + packages = with pkgs; [ + (writeShellScriptBin "beets" '' + bluetoothctl connect A4:16:C0:74:1F:55 + '') + + spotify + gnome-network-displays + discord + krita + rpcs3 + ]; + }; + + nix = { + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + + }; - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - - }; } diff --git a/profiles/jesstop/hardware-configuration.nix b/profiles/jesstop/hardware-configuration.nix index 36c3e32..b6e1ad4 100644 --- a/profiles/jesstop/hardware-configuration.nix +++ b/profiles/jesstop/hardware-configuration.nix @@ -1,39 +1,39 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ ... }: { -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + flake.nixosModules.jesstop = { config, lib, pkgs, modulesPath, ... }: - boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + { + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/d76defe1-149f-4ea2-a5a1-d9cc2804cf72"; - fsType = "ext4"; + boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/d76defe1-149f-4ea2-a5a1-d9cc2804cf72"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/D497-6455"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + +# Enables DHCP on each ethernet and wireless interface. In case of scripted networking +# (the default) this is the recommended approach. When using systemd-networkd it's +# still possible to use this option, but it's recommended to use it in conjunction +# with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; +# networking.interfaces.eno1.useDHCP = lib.mkDefault true; +# networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/D497-6455"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/profiles/laptop/default.nix b/profiles/laptop/default.nix index f829c7b..0b8d8dd 100644 --- a/profiles/laptop/default.nix +++ b/profiles/laptop/default.nix @@ -1,115 +1,118 @@ -{ config, pkgs, lib, home-manager, sops-nix, ... }: +{ ... }: { -{ + flake.nixosModules.laptop = { config, pkgs, lib, home-manager, sops-nix, ... }: - imports = [ - home-manager.nixosModules.default + { - sops-nix.nixosModules.sops - ]; + imports = [ + home-manager.nixosModules.default - config = { - - nixpkgs.config = { - allowUnfree = true; - }; - -# Bootloader. - boot = { - kernelPackages = pkgs.linuxKernel.packages.linux_6_18; - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - timeout = null; - }; - }; - - systemd.settings.Manager.DefaultLimitNOFILE = 2048; - - hardware = { - graphics.enable = true; - - firmware = with pkgs; [ - sof-firmware - ]; - -#enable bluetooth - bluetooth.enable = true; - - }; - - services.pulseaudio.enable = false; - - environment.systemPackages = with pkgs; [ - alsa-utils + sops-nix.nixosModules.sops ]; - sysconfig = with lib; { - remoteBuildClient = mkDefault true; - graphical = mkDefault true; - - services = { - sddm.enable = mkDefault true; - openssh.enable = mkDefault false; - pipewire.enable = mkDefault true; - netbird.enable = mkDefault true; - ollama.enable = mkDefault true; - avahi.enable = mkDefault true; + config = { + + nixpkgs.config = { + allowUnfree = true; }; - programs = { - steam.enable = mkDefault true; - hyprpanel.enable = mkDefault true; - hyprland.enable = mkDefault true; - }; - - - containers = { - - wyoming = { - enable = mkDefault false; +# Bootloader. + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_6_18; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + timeout = null; }; }; - virtual-machines = { - enable = true; + systemd.settings.Manager.DefaultLimitNOFILE = 2048; + + hardware = { + graphics.enable = true; + + firmware = with pkgs; [ + sof-firmware + ]; + +#enable bluetooth + bluetooth.enable = true; + + }; + + services.pulseaudio.enable = false; + + environment.systemPackages = with pkgs; [ + alsa-utils + ]; + + sysconfig = with lib; { + remoteBuildClient = mkDefault true; + graphical = mkDefault true; + + services = { + sddm.enable = mkDefault true; + openssh.enable = mkDefault false; + pipewire.enable = mkDefault true; + netbird.enable = mkDefault true; + ollama.enable = mkDefault true; + avahi.enable = mkDefault true; + }; + + programs = { + steam.enable = mkDefault true; + hyprpanel.enable = mkDefault true; + hyprland.enable = mkDefault true; + }; + + + containers = { + + wyoming = { + enable = mkDefault false; + }; + }; + + virtual-machines = { + enable = true; + }; }; - }; # Enable the X11 windowing system. - services.xserver = { - enable = true; - }; + services.xserver = { + enable = true; + }; - services.displayManager.enable = true; + services.displayManager.enable = true; - environment.shells = with pkgs; [ zsh bashInteractive ]; + environment.shells = with pkgs; [ zsh bashInteractive ]; # Enable CUPS to print documents. - services.printing.enable = true; + services.printing.enable = true; - programs.adb.enable = true; + programs.adb.enable = true; - programs.zsh.enable = true; + programs.zsh.enable = true; - networking = { - nameservers = [ - "1.1.1.1" - "1.0.0.1" - ]; - networkmanager = { - enable = true; - dns = "none"; + networking = { + nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; + networkmanager = { + enable = true; + dns = "none"; + }; + useDHCP = false; + dhcpcd.enable = false; }; - useDHCP = false; - dhcpcd.enable = false; + + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + }; - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - }; - } diff --git a/profiles/live/default.nix b/profiles/live/default.nix index 3f33004..8d546e3 100644 --- a/profiles/live/default.nix +++ b/profiles/live/default.nix @@ -1,121 +1,124 @@ -{ pkgs, inputs, ... }: { +{ ... }: { - imports = with inputs; [ - - disko.nixosModules.default + flake.nixosModules.live = { pkgs, inputs, ... }: { - (import ./disko.nix { device = "/dev/mmcblk0"; }) + imports = with inputs; [ - sops-nix.nixosModules.sops + disko.nixosModules.default - home-manager.nixosModules.default + (import ./disko.nix { device = "/dev/mmcblk0"; }) - ]; + sops-nix.nixosModules.sops - config = { + home-manager.nixosModules.default - hardware.enableRedistributableFirmware = true; - hardware.enableAllHardware = true; - - programs.zsh.enable = true; + ]; - environment.shells = with pkgs; [ zsh bashInteractive ]; + config = { - networking = { - nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager.enable = true; - }; + hardware.enableRedistributableFirmware = true; + hardware.enableAllHardware = true; - nixpkgs.hostPlatform = "x86_64-linux"; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; + programs.zsh.enable = true; + + environment.shells = with pkgs; [ zsh bashInteractive ]; + + networking = { + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager.enable = true; }; - }; - users.users."nathan" = { - hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; - packages = with pkgs; [ - git - nerd-fonts.fira-code - ]; - }; + nixpkgs.hostPlatform = "x86_64-linux"; - sops = { - age.keyFile = "/var/lib/sops/age/keys.txt"; - defaultSopsFile = ./secrets.yaml; - defaultSopsFormat = "yaml"; - #secrets."nathan/pass".neededForUsers = true; - }; + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; - sysconfig = { - #remoteBuildClient = true; - host = "live"; - graphical = true; - users = { - nathan = { - extraGroups = [ "wheel" "networkmanager" ]; - #hashedPasswordFile = config.sops.secrets."nathan/pass".path; - shell = pkgs.zsh; - sshKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" - ]; - home-manager = { - enable = true; - standalone = false; - extraModules = [ - { - homeconfig = { - minimal = false; - hyprland.enable = true; - hyprlock.enable = true; - wal.enable = true; - mpd.enable = true; - hyprpanel.enable = true; - calcurse.enable = true; - rofi.enable = true; - firefox.enable = true; - #git.enable = true; - nh.enable = true; - }; - } + users.users."nathan" = { + hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; + packages = with pkgs; [ + git + nerd-fonts.fira-code + ]; + }; + + sops = { + age.keyFile = "/var/lib/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + defaultSopsFormat = "yaml"; +#secrets."nathan/pass".neededForUsers = true; + }; + + sysconfig = { +#remoteBuildClient = true; + host = "live"; + graphical = true; + users = { + nathan = { + extraGroups = [ "wheel" "networkmanager" ]; +#hashedPasswordFile = config.sops.secrets."nathan/pass".path; + shell = pkgs.zsh; + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" ]; + home-manager = { + enable = true; + standalone = false; + extraModules = [ + { + homeconfig = { + minimal = false; + hyprland.enable = true; + hyprlock.enable = true; + wal.enable = true; + mpd.enable = true; + hyprpanel.enable = true; + calcurse.enable = true; + rofi.enable = true; + firefox.enable = true; +#git.enable = true; + nh.enable = true; + }; + } + ]; + }; + }; + }; + + services = { + sddm.enable = true; + openssh.enable = true; + pipewire.enable = true; +#kdePlasma6.enable = true; + netbird.enable = true; +#ollama.enable = true; + }; + + programs = { +#steam.enable = true; + hyprpanel.enable = true; + hyprland.enable = true; + }; + + + virtualization = { + + wyoming = { + enable = false; + }; + + homeassistant = { + enable = false; }; }; }; - services = { - sddm.enable = true; - openssh.enable = true; - pipewire.enable = true; - #kdePlasma6.enable = true; - netbird.enable = true; - #ollama.enable = true; - }; + system.stateVersion = "25.05"; - programs = { - #steam.enable = true; - hyprpanel.enable = true; - hyprland.enable = true; - }; - - - virtualization = { - - wyoming = { - enable = false; - }; - - homeassistant = { - enable = false; - }; - }; + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; }; - - system.stateVersion = "25.05"; - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; }; } diff --git a/profiles/live/disko.nix b/profiles/live/disko.nix index b2fb02c..ed929e3 100644 --- a/profiles/live/disko.nix +++ b/profiles/live/disko.nix @@ -1,66 +1,69 @@ -{ - device1 ? throw "Set this to your disk device, e.g. /dev/sda", - ... -}: { - disko.devices = { - disk = { - main = { - device = device1; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "root_vg"; - }; - }; - }; - }; - }; - }; - lvm_vg = { - root_vg = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%FREE"; - content = { - type = "btrfs"; - extraArgs = ["-f"]; +{ ... }: { - subvolumes = { - "/root" = { - mountpoint = "/"; - }; + flake.diskoConfigurations.live = { + device1 ? throw "Set this to your disk device, e.g. /dev/sda", + ... + }: { + disko.devices = { + disk = { + main = { + device = device1; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "root_vg"; + }; + }; + }; + }; + }; + }; + lvm_vg = { + root_vg = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; - "/nix" = { - mountOptions = ["subvol=nix" "noatime"]; - mountpoint = "/nix"; - }; - }; - }; - }; - }; - }; - }; - }; + subvolumes = { + "/root" = { + mountpoint = "/"; + }; + + "/nix" = { + mountOptions = ["subvol=nix" "noatime"]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + }; + } } diff --git a/profiles/pi4/default.nix b/profiles/pi4/default.nix index 02a4ec9..5dacfe3 100644 --- a/profiles/pi4/default.nix +++ b/profiles/pi4/default.nix @@ -1,135 +1,138 @@ -{ config, pkgs, inputs, ... }: { +{ ... }: { - imports = [ - ./hardware-configuration.nix - - inputs.disko.nixosModules.default - - (import ./disko.nix { device1 = "/dev/mmcblk0"; }) - - inputs.home-manager.nixosModules.default - - inputs.sops-nix.nixosModules.sops - ]; + flake.nixosModules.pi4 = { config, pkgs, inputs, ... }: { - config = { + imports = [ + ./hardware-configuration.nix - sysconfig = { - remoteBuildClient = true; + inputs.disko.nixosModules.default - users = { - nathan = { - hashedPasswordFile = config.sops.secrets."nathan/pass".path; - shell = pkgs.zsh; - sshKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost" - ]; - extraGroups = [ - "wheel" - "networkmanager" - "gpio" - "spi" - "audio" - "pulse" - "pulse-access" - ]; - home-manager = { - enable = true; - standalone = false; - extraModules = [ - { - homeconfig = { - scripts.enable = false; - minimal = true; - mpd.enable = true; - git.enable = true; - nh.enable = true; - }; - } + (import ./disko.nix { device1 = "/dev/mmcblk0"; }) + + inputs.home-manager.nixosModules.default + + inputs.sops-nix.nixosModules.sops + ]; + + config = { + + sysconfig = { + remoteBuildClient = true; + + users = { + nathan = { + hashedPasswordFile = config.sops.secrets."nathan/pass".path; + shell = pkgs.zsh; + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost" ]; + extraGroups = [ + "wheel" + "networkmanager" + "gpio" + "spi" + "audio" + "pulse" + "pulse-access" + ]; + home-manager = { + enable = true; + standalone = false; + extraModules = [ + { + homeconfig = { + scripts.enable = false; + minimal = true; + mpd.enable = true; + git.enable = true; + nh.enable = true; + }; + } + ]; + }; }; }; + + services = { + openssh.enable = true; +#pipewire.enable = true; + netbird.enable = true; + }; + }; + + boot = { + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + + networking = { + hostName = "pi4"; + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager.enable = true; + }; + + time.timeZone = "America/Chicago"; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + hardware = { + bluetooth.enable = true; + + }; + + programs.zsh.enable = true; + + environment.shells = with pkgs; [ zsh ]; + + users = { + groups.gpio = {}; }; services = { - openssh.enable = true; - #pipewire.enable = true; - netbird.enable = true; - }; - }; + udev.extraRules = '' + SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" + SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" + SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" + ''; - boot = { - loader = { - grub.enable = false; - generic-extlinux-compatible.enable = true; - }; - }; + pulseaudio = { + enable = true; + extraConfig = '' + load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 + ''; + }; - networking = { - hostName = "pi4"; - nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager.enable = true; - }; - - time.timeZone = "America/Chicago"; - - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - hardware = { - bluetooth.enable = true; - - }; - - programs.zsh.enable = true; - - environment.shells = with pkgs; [ zsh ]; - - users = { - groups.gpio = {}; - }; - - services = { - udev.extraRules = '' - SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" - SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" - SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" - ''; - - pulseaudio = { - enable = true; - extraConfig = '' - load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 - ''; }; + sops = { + age.keyFile = "/var/lib/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + defaultSopsFormat = "yaml"; + }; + + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + + sound.enable = true; + + security.rtkit.enable = true; + + system.stateVersion = "25.05"; }; - - sops = { - age.keyFile = "/var/lib/sops/age/keys.txt"; - defaultSopsFile = ./secrets.yaml; - defaultSopsFormat = "yaml"; - }; - - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - - sound.enable = true; - - security.rtkit.enable = true; - - system.stateVersion = "25.05"; }; } diff --git a/profiles/pi4/disko.nix b/profiles/pi4/disko.nix index b2fb02c..452a804 100644 --- a/profiles/pi4/disko.nix +++ b/profiles/pi4/disko.nix @@ -1,66 +1,69 @@ -{ - device1 ? throw "Set this to your disk device, e.g. /dev/sda", - ... -}: { - disko.devices = { - disk = { - main = { - device = device1; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "root_vg"; - }; - }; - }; - }; - }; - }; - lvm_vg = { - root_vg = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%FREE"; - content = { - type = "btrfs"; - extraArgs = ["-f"]; +{ ... }: { - subvolumes = { - "/root" = { - mountpoint = "/"; - }; + flake.diskoConfigurations.pi4 = { + device1 ? throw "Set this to your disk device, e.g. /dev/sda", + ... + }: { + disko.devices = { + disk = { + main = { + device = device1; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "root_vg"; + }; + }; + }; + }; + }; + }; + lvm_vg = { + root_vg = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; - "/nix" = { - mountOptions = ["subvol=nix" "noatime"]; - mountpoint = "/nix"; - }; - }; - }; - }; - }; - }; - }; - }; + subvolumes = { + "/root" = { + mountpoint = "/"; + }; + + "/nix" = { + mountOptions = ["subvol=nix" "noatime"]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + }; + }; } diff --git a/profiles/pi4/hardware-configuration.nix b/profiles/pi4/hardware-configuration.nix index 12cfbb5..0b6dd91 100644 --- a/profiles/pi4/hardware-configuration.nix +++ b/profiles/pi4/hardware-configuration.nix @@ -1,27 +1,27 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ ... }: { -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + flake.nixosModules.pi4 = { config, lib, pkgs, modulesPath, ... }: - boot.initrd.availableKernelModules = [ "xhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + { + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - swapDevices = [ ]; + boot.initrd.availableKernelModules = [ "xhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.end0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + swapDevices = [ ]; - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +# Enables DHCP on each ethernet and wireless interface. In case of scripted networking +# (the default) this is the recommended approach. When using systemd-networkd it's +# still possible to use this option, but it's recommended to use it in conjunction +# with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; +# networking.interfaces.end0.useDHCP = lib.mkDefault true; +# networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + }; } diff --git a/system/default.nix b/system/default.nix index bb0a6ce..99d64f4 100644 --- a/system/default.nix +++ b/system/default.nix @@ -1,115 +1,112 @@ -{ config, lib, pkgs, nixpkgs, ... }: { +{ ... }: { - imports = let - dir = builtins.readDir ./.; - in builtins.map (x: ./${x}) (builtins.filter - (file: (dir.${file} == "directory")) - (builtins.attrNames dir) - ); + flake.nixosModules.default = { config, lib, pkgs, nixpkgs, ... }: { - options.sysconfig = with lib; { - host = mkOption { - type = with types; nullOr str; - default = null; - }; - graphical = mkOption { - type = with types; bool; - default = config.hardware.graphics.enable; - }; - remoteBuildHost = mkOption { - type = with types; bool; - default = false; - }; - remoteBuildClient = mkOption { - type = with types; bool; - default = false; - }; - }; - - config = { - - networking.hostName = lib.mkDefault config.sysconfig.host; - - nix = { - nixPath = [ "nixpkgs=${nixpkgs}" ]; - channel.enable = false; - settings = { - experimental-features = [ "nix-command" "flakes" ]; - builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true; - trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ]; - - substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"]; - trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"]; - trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; + options.sysconfig = with lib; { + host = mkOption { + type = with types; nullOr str; + default = null; }; + graphical = mkOption { + type = with types; bool; + default = config.hardware.graphics.enable; + }; + remoteBuildHost = mkOption { + type = with types; bool; + default = false; + }; + remoteBuildClient = mkOption { + type = with types; bool; + default = false; + }; + }; - distributedBuilds = config.sysconfig.remoteBuildClient; - buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [ + config = { + + networking.hostName = lib.mkDefault config.sysconfig.host; + + nix = { + nixPath = [ "nixpkgs=${nixpkgs}" ]; + channel.enable = false; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true; + trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ]; + + substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"]; + trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"]; + trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; + }; + + distributedBuilds = config.sysconfig.remoteBuildClient; + buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [ { hostName = "esotericbytes.com"; sshUser = "remote-builder"; sshKey = config.sops.secrets."remoteBuildKey".path; supportedFeatures = [ "nixos-test" - "benchmark" - "big-parallel" - "kvm" + "benchmark" + "big-parallel" + "kvm" ]; systems = [ "x86_64-linux" "aarch64-linux" ]; } - ]; - }; + ]; + }; - users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost { - isNormalUser = true; - createHome = false; - }; + users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost { + isNormalUser = true; + createHome = false; + }; - sops.secrets = let - dir = builtins.readDir ../machines; - in lib.mkIf config.sysconfig.remoteBuildHost (builtins.listToAttrs - (builtins.map - (y: { name = "remoteBuildClientKeys/${y}"; value = { sopsFile = ./secrets.yaml; }; }) - (builtins.filter - (x: dir.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient) - (builtins.attrNames dir) - ) - ) - ); - - sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost { - content = builtins.concatStringsSep ''''\n'' (builtins.map - (y: config.sops.placeholder.${y}) - (builtins.filter - (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) - (builtins.attrNames config.sops.secrets) + sops.secrets = let + dir = builtins.readDir ../machines; + in lib.mkIf config.sysconfig.remoteBuildHost (builtins.listToAttrs + (builtins.map + (y: { name = "remoteBuildClientKeys/${y}"; value = { sopsFile = ./secrets.yaml; }; }) + (builtins.filter + (x: dir.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient) + (builtins.attrNames dir) + ) ) ); - path = "/etc/ssh/authorized_keys.d/remote-builder"; - owner = "remote-builder"; - }; - - sops = { - age.keyFile = "/var/lib/sops/age/keys.txt"; - defaultSopsFormat = "yaml"; - }; - time.timeZone = lib.mkDefault "America/Chicago"; + sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost { + content = builtins.concatStringsSep ''''\n'' (builtins.map + (y: config.sops.placeholder.${y}) + (builtins.filter + (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) + (builtins.attrNames config.sops.secrets) + ) + ); + path = "/etc/ssh/authorized_keys.d/remote-builder"; + owner = "remote-builder"; + }; - i18n = lib.mkDefault { - defaultLocale = "en_US.UTF-8"; + sops = { + age.keyFile = "/var/lib/sops/age/keys.txt"; + defaultSopsFormat = "yaml"; + }; - extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; + time.timeZone = lib.mkDefault "America/Chicago"; + + i18n = lib.mkDefault { + defaultLocale = "en_US.UTF-8"; + + extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; }; }; }; -} +}; + diff --git a/system/etc/default.nix b/system/etc/default.nix index 3620852..346e0ae 100644 --- a/system/etc/default.nix +++ b/system/etc/default.nix @@ -1,6 +1,10 @@ { ... }: { + - config = { + flake.nixosModules.default = { ... }: { + config = { + + }; }; } diff --git a/system/packages/default.nix b/system/packages/default.nix index a9e7dd7..019ad30 100644 --- a/system/packages/default.nix +++ b/system/packages/default.nix @@ -1,7 +1,11 @@ -{ pkgs, disko, ... }: { +{ inputs, ... }: { - environment.systemPackages = with pkgs; [ - sops - disko.packages.${pkgs.stdenv.hostPlatform.system}.disko-install - ]; + flake.nixosModules.default = { pkgs, ... }: { + + environment.systemPackages = with pkgs; [ + sops + inputs.disko.packages.${pkgs.stdenv.hostPlatform.system}.disko-install + ]; + }; } + diff --git a/system/programs/default.nix b/system/programs/default.nix deleted file mode 100644 index c9ee5d3..0000000 --- a/system/programs/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: { - - imports = [ - ./hyprland - ./hyprpanel - ./steam - ]; -} - diff --git a/system/programs/hyprland/default.nix b/system/programs/hyprland/default.nix index 5ac7f68..b29ee51 100644 --- a/system/programs/hyprland/default.nix +++ b/system/programs/hyprland/default.nix @@ -1,28 +1,32 @@ -{ config, lib, pkgs, hyprland, ... }: { +{ ... }: { - options.sysconfig.programs.hyprland.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.nixosModules.default = { config, lib, pkgs, hyprland, ... }: { - config = lib.mkIf config.sysconfig.programs.hyprland.enable { + options.sysconfig.programs.hyprland.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; - sysconfig.services.sddm.enable = lib.mkDefault true; + config = lib.mkIf config.sysconfig.programs.hyprland.enable { - environment.sessionVariables.NIXOS_OZONE_WL = "1"; + sysconfig.services.sddm.enable = lib.mkDefault true; - programs.hyprland = { - enable = true; + environment.sessionVariables.NIXOS_OZONE_WL = "1"; - withUWSM = true; + programs.hyprland = { + enable = true; - xwayland.enable = true; + withUWSM = true; - systemd.setPath.enable = true; + xwayland.enable = true; - package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; + systemd.setPath.enable = true; - portalPackage = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; + package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; + + portalPackage = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; + }; }; }; } + diff --git a/system/programs/hyprpanel/default.nix b/system/programs/hyprpanel/default.nix index 6ff47e9..06deda3 100644 --- a/system/programs/hyprpanel/default.nix +++ b/system/programs/hyprpanel/default.nix @@ -1,30 +1,34 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - options.sysconfig.programs.hyprpanel.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.nixosModules.default = { config, lib, pkgs, ... }: { - config = lib.mkIf config.sysconfig.programs.hyprpanel.enable { - services = { - upower.enable = true; - gvfs.enable = true; - power-profiles-daemon.enable = true; + options.sysconfig.programs.hyprpanel.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; }; - environment.systemPackages = with pkgs; [ - bluez - bluez-tools - libgtop - dart-sass - wl-clipboard - gtksourceview - libsoup_3 - brightnessctl - swww - hyprpicker - hyprsunset - wf-recorder - ]; + config = lib.mkIf config.sysconfig.programs.hyprpanel.enable { + services = { + upower.enable = true; + gvfs.enable = true; + power-profiles-daemon.enable = true; + }; + + environment.systemPackages = with pkgs; [ + bluez + bluez-tools + libgtop + dart-sass + wl-clipboard + gtksourceview + libsoup_3 + brightnessctl + swww + hyprpicker + hyprsunset + wf-recorder + ]; + }; }; } + diff --git a/system/programs/steam/default.nix b/system/programs/steam/default.nix index 3d9ee48..0473cbe 100644 --- a/system/programs/steam/default.nix +++ b/system/programs/steam/default.nix @@ -1,14 +1,18 @@ -{ config, lib, ... }: { +{ ... }: { - options.sysconfig.programs.steam.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.nixosModules.default = { config, lib, ... }: { - config = lib.mkIf config.sysconfig.programs.steam.enable { - - programs.steam = { - enable = true; + options.sysconfig.programs.steam.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + + config = lib.mkIf config.sysconfig.programs.steam.enable { + + programs.steam = { + enable = true; + }; }; }; } + diff --git a/system/services/avahi/default.nix b/system/services/avahi/default.nix index a4b4b1a..db0c182 100644 --- a/system/services/avahi/default.nix +++ b/system/services/avahi/default.nix @@ -1,23 +1,27 @@ -{ config, lib, ... }: { +{ ... }: { - options = { - sysconfig.services.avahi.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; + flake.nixosModules.default = { config, lib, ... }: { + + options = { + sysconfig.services.avahi.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + }; + + config = lib.mkIf config.sysconfig.services.avahi.enable { + + services.avahi = { + + enable = true; + ipv4 = true; + ipv6 = true; + openFirewall = true; + nssmdns4 = true; + wideArea = true; + + }; }; }; - - config = lib.mkIf config.sysconfig.services.avahi.enable { - - services.avahi = { - - enable = true; - ipv4 = true; - ipv6 = true; - openFirewall = true; - nssmdns4 = true; - wideArea = true; - - }; - }; } + diff --git a/system/services/default.nix b/system/services/default.nix deleted file mode 100644 index 8c32d01..0000000 --- a/system/services/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: { - - imports = let - dir = builtins.readDir ./.; - in builtins.map (x: ./${x}) (builtins.filter - (file: (dir.${file} == "directory")) - (builtins.attrNames dir) - ); -} diff --git a/system/services/dynamicDNS/default.nix b/system/services/dynamicDNS/default.nix index 04ceb2a..a9df512 100644 --- a/system/services/dynamicDNS/default.nix +++ b/system/services/dynamicDNS/default.nix @@ -1,40 +1,44 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - options.sysconfig.services.dynamicDNS.enable = with lib; mkOption { + flake.nixosModules.default = { config, lib, pkgs, ... }: { - type = with types; bool; - default = false; - }; + options.sysconfig.services.dynamicDNS.enable = with lib; mkOption { - config = lib.mkIf config.sysconfig.services.dynamicDNS.enable { - - systemd.timers.dynamicDNS = { - - wantedBy = [ "timers.target" ]; - - timerConfig = { - - OnBootSec = "5m"; - - OnUnitActiveSec = "1h"; - - Unit = "dynamicDNS.service"; - }; + type = with types; bool; + default = false; }; - systemd.services.dynamicDNS = { + config = lib.mkIf config.sysconfig.services.dynamicDNS.enable { - name = "dynamicDNS.service"; + systemd.timers.dynamicDNS = { - serviceConfig = { + wantedBy = [ "timers.target" ]; - Type = "oneshot"; + timerConfig = { - LoadCredential = [ "cloudflare-api-key" ]; + OnBootSec = "5m"; + OnUnitActiveSec = "1h"; + + Unit = "dynamicDNS.service"; + }; }; - script = ''''; + systemd.services.dynamicDNS = { + + name = "dynamicDNS.service"; + + serviceConfig = { + + Type = "oneshot"; + + LoadCredential = [ "cloudflare-api-key" ]; + + }; + + script = ''''; + }; }; }; } + diff --git a/system/services/kdePlasma6/default.nix b/system/services/kdePlasma6/default.nix index d387e26..754ed7f 100644 --- a/system/services/kdePlasma6/default.nix +++ b/system/services/kdePlasma6/default.nix @@ -1,31 +1,35 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - options.sysconfig.services.kdePlasma6.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.nixosModules.default = { config, lib, pkgs, ... }: { - config = lib.mkIf config.sysconfig.services.kdePlasma6.enable { - - services.desktopManager.plasma6.enable = true; + options.sysconfig.services.kdePlasma6.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; - sysconfig.services.sddm.enable = lib.mkDefault true; + config = lib.mkIf config.sysconfig.services.kdePlasma6.enable { - environment.systemPackages = with pkgs; [ - kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice - kdePackages.kcalc # Calculator - kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts - kdePackages.kcolorchooser # A small utility to select a color - kdePackages.kolourpaint # Easy-to-use paint program - kdePackages.ksystemlog # KDE SystemLog Application - kdePackages.sddm-kcm # Configuration module for SDDM - kdiff3 # Compares and merges 2 or 3 files or directories - kdePackages.isoimagewriter # Optional: Program to write hybrid ISO files onto USB disks - kdePackages.partitionmanager # Optional Manage the disk devices, partitions and file systems on your computer - hardinfo2 # System information and benchmarks for Linux systems - haruna # Open source video player built with Qt/QML and libmpv - wayland-utils # Wayland utilities - wl-clipboard # Command-line copy/paste utilities for Wayland - ]; + services.desktopManager.plasma6.enable = true; + + sysconfig.services.sddm.enable = lib.mkDefault true; + + environment.systemPackages = with pkgs; [ + kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice + kdePackages.kcalc # Calculator + kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts + kdePackages.kcolorchooser # A small utility to select a color + kdePackages.kolourpaint # Easy-to-use paint program + kdePackages.ksystemlog # KDE SystemLog Application + kdePackages.sddm-kcm # Configuration module for SDDM + kdiff3 # Compares and merges 2 or 3 files or directories + kdePackages.isoimagewriter # Optional: Program to write hybrid ISO files onto USB disks + kdePackages.partitionmanager # Optional Manage the disk devices, partitions and file systems on your computer + hardinfo2 # System information and benchmarks for Linux systems + haruna # Open source video player built with Qt/QML and libmpv + wayland-utils # Wayland utilities + wl-clipboard # Command-line copy/paste utilities for Wayland + ]; + }; }; } + diff --git a/system/services/netbird/default.nix b/system/services/netbird/default.nix index 9683430..c2dd24f 100644 --- a/system/services/netbird/default.nix +++ b/system/services/netbird/default.nix @@ -1,26 +1,30 @@ -{ config, lib, nixpkgs-us, ... }: { +{ ... }: { - options.sysconfig = { - - services.netbird.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; + flake.nixosModules.default = { config, lib, nixpkgs-us, ... }: { - config = let - pkgs-us = import nixpkgs-us { - system = "x86_64-linux"; - }; - in lib.mkIf config.sysconfig.services.netbird.enable { + options.sysconfig = { - services.netbird = { - enable = config.sysconfig.services.netbird.enable; - ui = { - enable = true; - package = pkgs-us.netbird-ui; + services.netbird.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + }; + + config = let + pkgs-us = import nixpkgs-us { + system = "x86_64-linux"; + }; + in lib.mkIf config.sysconfig.services.netbird.enable { + + services.netbird = { + enable = config.sysconfig.services.netbird.enable; + ui = { + enable = true; + package = pkgs-us.netbird-ui; + }; + package = pkgs-us.netbird; }; - package = pkgs-us.netbird; }; }; } + diff --git a/system/services/novnc/default.nix b/system/services/novnc/default.nix index a16bfad..a8555d2 100644 --- a/system/services/novnc/default.nix +++ b/system/services/novnc/default.nix @@ -1,30 +1,34 @@ -{ config, lib, pkgs, ... }: { - - options.sysconfig.services.novnc.enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; +{ ... }: { - config = lib.mkIf config.sysconfig.services.novnc.enable { - systemd.services.novnc = { - enable = true; + flake.nixosModules.default = { config, lib, pkgs, ... }: { - path = with pkgs; [ - novnc - ps - ]; - - script = '' - novnc --listen 80 --vnc 127.0.0.1:5900 - ''; - - serviceConfig = { - Type = "exec"; - }; - - wantedBy = [ "multi-user.target" ]; + options.sysconfig.services.novnc.enable = lib.mkOption { + type = lib.types.bool; + default = false; }; - networking.firewall.allowedTCPPorts = [ 80 ]; + config = lib.mkIf config.sysconfig.services.novnc.enable { + systemd.services.novnc = { + enable = true; + + path = with pkgs; [ + novnc + ps + ]; + + script = '' + novnc --listen 80 --vnc 127.0.0.1:5900 + ''; + + serviceConfig = { + Type = "exec"; + }; + + wantedBy = [ "multi-user.target" ]; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + }; }; } + diff --git a/system/services/ollama/default.nix b/system/services/ollama/default.nix index f236d0a..29dbeaa 100644 --- a/system/services/ollama/default.nix +++ b/system/services/ollama/default.nix @@ -1,25 +1,29 @@ -{ config, lib, nixpkgs-us, ... }: { +{ ... }: { - options = { - sysconfig.services.ollama.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; + flake.nixosModules.default = { config, lib, nixpkgs-us, ... }: { - config = lib.mkIf config.sysconfig.services.ollama.enable { - services.ollama = { - enable = true; - acceleration = "cuda"; - environmentVariables = { - OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000"; + options = { + sysconfig.services.ollama.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + }; + + config = lib.mkIf config.sysconfig.services.ollama.enable { + services.ollama = { + enable = true; + acceleration = "cuda"; + environmentVariables = { + OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000"; + }; + package = let + pkgs-us = import nixpkgs-us { + system = "x86_64-linux"; + config.allowUnfree = true; + }; + in pkgs-us.ollama-cuda; }; - package = let - pkgs-us = import nixpkgs-us { - system = "x86_64-linux"; - config.allowUnfree = true; - }; - in pkgs-us.ollama-cuda; }; }; } + diff --git a/system/services/openssh/default.nix b/system/services/openssh/default.nix index d754b03..6945529 100644 --- a/system/services/openssh/default.nix +++ b/system/services/openssh/default.nix @@ -1,22 +1,26 @@ -{ config, lib, ... }: { +{ ... }: { - options = { - sysconfig.services.openssh.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; + flake.nixosModules.default = { config, lib, ... }: { + + options = { + sysconfig.services.openssh.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; }; - }; - config = lib.mkIf (config.sysconfig.services.openssh.enable || config.sysconfig.remoteBuildHost) { + config = lib.mkIf (config.sysconfig.services.openssh.enable || config.sysconfig.remoteBuildHost) { - services.openssh = { - enable = true; - openFirewall = lib.mkDefault true; - settings = { - PermitRootLogin = lib.mkForce "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; + services.openssh = { + enable = true; + openFirewall = lib.mkDefault true; + settings = { + PermitRootLogin = lib.mkForce "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; }; }; }; } + diff --git a/system/services/pipewire/default.nix b/system/services/pipewire/default.nix index 2a7fd10..f0c5c6e 100644 --- a/system/services/pipewire/default.nix +++ b/system/services/pipewire/default.nix @@ -1,51 +1,54 @@ -{ config, lib, pkgs, ... }: { - - options = { - sysconfig.services.pipewire.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; +{ ... }: { - config = lib.mkIf config.sysconfig.services.pipewire.enable { + flake.nixosModules.default = { config, lib, pkgs, ... }: { + + options = { + sysconfig.services.pipewire.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + }; + + config = lib.mkIf config.sysconfig.services.pipewire.enable { # Enable sound with pipewire. - #sound.enable = true; +#sound.enable = true; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - package = pkgs.pipewire; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - extraConfig.pipewire-pulse."92-low-latency" = { - context.modules = [ - { - name = "libpipewire-module-protocol-pulse"; - args = { - pulse.min.req = "32/48000"; - pulse.default.req = "32/48000"; - pulse.max.req = "32/48000"; - pulse.min.quantum = "32/48000"; - pulse.max.quantum = "32/48000"; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + package = pkgs.pipewire; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + extraConfig.pipewire-pulse."92-low-latency" = { + context.modules = [ + { + name = "libpipewire-module-protocol-pulse"; + args = { + pulse.min.req = "32/48000"; + pulse.default.req = "32/48000"; + pulse.max.req = "32/48000"; + pulse.min.quantum = "32/48000"; + pulse.max.quantum = "32/48000"; + }; + } + ]; + stream.properties = { + node.latency = "32/48000"; + resample.quality = 1; }; - } - ]; - stream.properties = { - node.latency = "32/48000"; - resample.quality = 1; }; - }; # If you want to use JACK applications, uncomment this #jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) - wireplumber.enable = true; + wireplumber.enable = true; + }; }; + + }; - - } diff --git a/system/services/sddm/default.nix b/system/services/sddm/default.nix index 8d3d1fb..3b72d64 100644 --- a/system/services/sddm/default.nix +++ b/system/services/sddm/default.nix @@ -1,34 +1,37 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - options.sysconfig.services.sddm.enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; + flake.nixosModules.default = { config, lib, pkgs, ... }: { - config = lib.mkIf config.sysconfig.services.sddm.enable { + options.sysconfig.services.sddm.enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; - qt.enable = true; + config = lib.mkIf config.sysconfig.services.sddm.enable { - environment.systemPackages = with pkgs; [ (sddm-astronaut.override { embeddedTheme = "pixel_sakura"; }) ]; + qt.enable = true; - services.displayManager.sddm = { - enable = true; - wayland.enable = true; - autoNumlock = true; - theme = "sddm-astronaut-theme"; #"${inputs.tokyo-night-sddm-theme { inherit pkgs; }}"; - enableHidpi = true; - /*extraPackages = with pkgs; [ - libsForQt5.qtsvg - libsForQt5.qtquickcontrols2 - libsForQt5.qtgraphicaleffects - ];*/ + environment.systemPackages = with pkgs; [ (sddm-astronaut.override { embeddedTheme = "pixel_sakura"; }) ]; - package = lib.mkDefault pkgs.kdePackages.sddm; - extraPackages = with pkgs; [ - kdePackages.qtsvg - kdePackages.qtvirtualkeyboard - kdePackages.qtmultimedia - ]; + services.displayManager.sddm = { + enable = true; + wayland.enable = true; + autoNumlock = true; + theme = "sddm-astronaut-theme"; #"${inputs.tokyo-night-sddm-theme { inherit pkgs; }}"; + enableHidpi = true; + /*extraPackages = with pkgs; [ + libsForQt5.qtsvg + libsForQt5.qtquickcontrols2 + libsForQt5.qtgraphicaleffects + ];*/ + + package = lib.mkDefault pkgs.kdePackages.sddm; + extraPackages = with pkgs; [ + kdePackages.qtsvg + kdePackages.qtvirtualkeyboard + kdePackages.qtmultimedia + ]; + }; }; }; } diff --git a/system/services/wyoming/default.nix b/system/services/wyoming/default.nix index 907626c..0cd121f 100644 --- a/system/services/wyoming/default.nix +++ b/system/services/wyoming/default.nix @@ -1,66 +1,69 @@ -{ config, lib, ... }: { +{ ... }: { - options.sysconfig.services.wyoming = { - enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - piper = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - openwakeword = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - faster-whisper = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - satellite = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; + flake.nixosModules.default = { config, lib, ... }: { - config = lib.mkIf config.sysconfig.services.wyoming.enable { - - services.wyoming = { - - piper = lib.mkIf config.sysconfig.services.wyoming.piper { - - servers.piper = { - enable = true; - voice = "en-us-ryan-medium"; - uri = "tcp://0.0.0.0:11435"; - }; + options.sysconfig.services.wyoming = { + enable = lib.options.mkOption { + type = lib.types.bool; + default = false; }; + piper = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + openwakeword = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + faster-whisper = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + satellite = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + }; - openwakeword = lib.mkIf config.sysconfig.services.wyoming.openwakeword { - enable = true; - uri = "tcp://0.0.0.0:11432"; + config = lib.mkIf config.sysconfig.services.wyoming.enable { - threshold = 0.5; - customModelsDirectories = [ + services.wyoming = { + + piper = lib.mkIf config.sysconfig.services.wyoming.piper { + + servers.piper = { + enable = true; + voice = "en-us-ryan-medium"; + uri = "tcp://0.0.0.0:11435"; + }; + }; + + openwakeword = lib.mkIf config.sysconfig.services.wyoming.openwakeword { + enable = true; + uri = "tcp://0.0.0.0:11432"; + + threshold = 0.5; + customModelsDirectories = [ #./wake_words - ]; - }; + ]; + }; - faster-whisper = lib.mkIf config.sysconfig.services.wyoming.faster-whisper { - servers.whisper = { + faster-whisper = lib.mkIf config.sysconfig.services.wyoming.faster-whisper { + servers.whisper = { + enable = true; + device = "auto"; + language = "en"; + model = "medium.en"; + uri = "tcp://0.0.0.0:11433"; + }; + }; + + satellite = lib.mkIf config.sysconfig.services.wyoming.satellite { enable = true; - device = "auto"; - language = "en"; - model = "medium.en"; - uri = "tcp://0.0.0.0:11433"; + uri = "tcp://0.0.0.0:11431"; }; }; - satellite = lib.mkIf config.sysconfig.services.wyoming.satellite { - enable = true; - uri = "tcp://0.0.0.0:11431"; - }; }; - }; } diff --git a/system/users/default.nix b/system/users/default.nix index b4de9d8..edaf8db 100644 --- a/system/users/default.nix +++ b/system/users/default.nix @@ -1,144 +1,140 @@ -{ config, lib, pkgs, ... } @ inputs: { +{ ... }: { - imports = let - dir = builtins.readDir ./.; - in builtins.map (x: ./${x}) (builtins.filter - (file: (dir.${file} == "directory")) - (builtins.attrNames dir) - ); - - options.sysconfig = with lib; { - - sshHostKeys = lib.mkOption { - type = with lib.types; attrsOf str; - default = {}; - }; + flake.nixosModules.default = { config, lib, pkgs, ... } @ inputs: { - users = let + options.sysconfig = with lib; { - userType = types.submodule ({ name, ... }: { - options = with lib; { - name = mkOption { + sshHostKeys = lib.mkOption { + type = with lib.types; attrsOf str; + default = {}; + }; + + users = let + + userType = types.submodule ({ name, ... }: { + options = with lib; { + name = mkOption { type = with types; passwdEntry str; default = name; - }; + }; - home-manager = { + home-manager = { enable = mkOption { - type = with types; bool; - default = false; + type = with types; bool; + default = false; }; standalone = mkOption { - type = with types; bool; - default = true; - description = "is this home-manager standalone?"; + type = with types; bool; + default = true; + description = "is this home-manager standalone?"; }; extraModules = mkOption { - type = with types; listOf raw; - default = []; - }; - }; - - isSuperuser = mkOption { - type = with types; bool; - default = false; - description = "sudo?"; - }; - - usePresets = mkOption { - type = with types; bool; - default = true; - description = "search for predefined settings?"; - }; - - ssh = { - keys = mkOption { - type = with types; listOf str; - default = []; - description = "public keys used to login as this user"; - }; - - hosts = mkOption { - type = with types; listOf str; - default = []; - description = "user@host's used to login as this user"; - }; - }; - - - uid = mkOption { - type = with types; nullOr int; - default = null; - }; - - hashedPasswordFile = mkOption { - type = with types; nullOr str; - default = null; - }; - - extraGroups = mkOption { - type = with types; listOf str; + type = with types; listOf raw; default = []; - }; + }; + }; - shell = mkOption { - type = with types; package; - default = pkgs.shadow; - }; - }; - }); + isSuperuser = mkOption { + type = with types; bool; + default = false; + description = "sudo?"; + }; - in lib.mkOption { - type = with lib.types; attrsOf userType; - default = {}; + usePresets = mkOption { + type = with types; bool; + default = true; + description = "search for predefined settings?"; + }; + + ssh = { + keys = mkOption { + type = with types; listOf str; + default = []; + description = "public keys used to login as this user"; + }; + + hosts = mkOption { + type = with types; listOf str; + default = []; + description = "user@host's used to login as this user"; + }; + }; + + + uid = mkOption { + type = with types; nullOr int; + default = null; + }; + + hashedPasswordFile = mkOption { + type = with types; nullOr str; + default = null; + }; + + extraGroups = mkOption { + type = with types; listOf str; + default = []; + }; + + shell = mkOption { + type = with types; package; + default = pkgs.shadow; + }; + }; + }); + + in lib.mkOption { + type = with lib.types; attrsOf userType; + default = {}; + }; }; - }; - config = lib.mkIf (config.sysconfig.host != "android") { - users.users = builtins.mapAttrs (x: y: let - cfg = config.sysconfig.users.${x}; - in { - name = cfg.name; - isNormalUser = true; - uid = cfg.uid; - hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile; - shell = cfg.shell; - extraGroups = cfg.extraGroups ++ (if cfg.isSuperuser then [ "wheel" ] else []); - openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable (cfg.ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) cfg.ssh.hosts)); - packages = with pkgs; lib.mkIf (cfg.home-manager.enable && cfg.home-manager.standalone) [ home-manager ]; - }) config.sysconfig.users; - - programs.fuse.userAllowOther = true; + config = lib.mkIf (config.sysconfig.host != "android") { + users.users = builtins.mapAttrs (x: y: let + cfg = config.sysconfig.users.${x}; + in { + name = cfg.name; + isNormalUser = true; + uid = cfg.uid; + hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile; + shell = cfg.shell; + extraGroups = cfg.extraGroups ++ (if cfg.isSuperuser then [ "wheel" ] else []); + openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable (cfg.ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) cfg.ssh.hosts)); + packages = with pkgs; lib.mkIf (cfg.home-manager.enable && cfg.home-manager.standalone) [ home-manager ]; + }) config.sysconfig.users; - home-manager = { - backupFileExtension = "backup"; - extraSpecialArgs = { inherit inputs; }; - useUserPackages = true; - sharedModules = []; - users = builtins.listToAttrs (builtins.map - (x: { - name = x; - value = (lib.mkMerge ([ + programs.fuse.userAllowOther = true; - (if let - dir = builtins.readDir ./.; - in dir ? ${x} && dir.${x} == "directory" then - import ../../homes/${x}/home-manager - else {}) + home-manager = { + backupFileExtension = "backup"; + extraSpecialArgs = { inherit inputs; }; + useUserPackages = true; + sharedModules = []; + users = builtins.listToAttrs (builtins.map + (x: { + name = x; + value = (lib.mkMerge ([ - (if inputs ? ${x} then inputs.${x} else {}) + (if let + dir = builtins.readDir ./.; + in dir ? ${x} && dir.${x} == "directory" then + import ../../homes/${x}/home-manager + else {}) - ] ++ config.sysconfig.users.${x}.home-manager.extraModules)); - }) - (builtins.filter - (y: (config.sysconfig.users.${y}.home-manager.enable && !config.sysconfig.users.${y}.home-manager.standalone)) - (builtins.attrNames config.sysconfig.users) - ) - ); - + (if inputs ? ${x} then inputs.${x} else {}) + + ] ++ config.sysconfig.users.${x}.home-manager.extraModules)); + }) + (builtins.filter + (y: (config.sysconfig.users.${y}.home-manager.enable && !config.sysconfig.users.${y}.home-manager.standalone)) + (builtins.attrNames config.sysconfig.users) + ) + ); + + }; }; }; } diff --git a/system/users/nathan/default.nix b/system/users/nathan/default.nix index fb43edd..5dfab8e 100644 --- a/system/users/nathan/default.nix +++ b/system/users/nathan/default.nix @@ -1,24 +1,27 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - config = lib.mkIf ( - config.sysconfig.users ? nathan && config.sysconfig.users.nathan.usePresets - ) { - - sops.secrets."nathan/pass".neededForUsers = true; + flake.nixosModules.default = { config, lib, pkgs, ... }: { - users.users.nathan = { - shell = lib.mkDefault pkgs.zsh; - name = lib.mkDefault "nathan"; - isNormalUser = lib.mkDefault true; - #hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile; - extraGroups = [ "networkmanager" "docker" "libvirtd" ]; - openssh.authorizedKeys.keys = with config.sysconfig.users.nathan; lib.mkIf config.sysconfig.services.openssh.enable ( - ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) ssh.hosts) - ); - packages = lib.mkIf ( - config.sysconfig.users.nathan.home-manager.enable && config.sysconfig.users.nathan.home-manager.standalone - ) [ pkgs.home-manager ]; + config = lib.mkIf ( + config.sysconfig.users ? nathan && config.sysconfig.users.nathan.usePresets + ) { + sops.secrets."nathan/pass".neededForUsers = true; + + users.users.nathan = { + shell = lib.mkDefault pkgs.zsh; + name = lib.mkDefault "nathan"; + isNormalUser = lib.mkDefault true; +#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile; + extraGroups = [ "networkmanager" "docker" "libvirtd" ]; + openssh.authorizedKeys.keys = with config.sysconfig.users.nathan; lib.mkIf config.sysconfig.services.openssh.enable ( + ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) ssh.hosts) + ); + packages = lib.mkIf ( + config.sysconfig.users.nathan.home-manager.enable && config.sysconfig.users.nathan.home-manager.standalone + ) [ pkgs.home-manager ]; + + }; }; }; } diff --git a/system/virtualization/containers/code-server/default.nix b/system/virtualization/containers/code-server/default.nix index 3e5570c..d45bb04 100644 --- a/system/virtualization/containers/code-server/default.nix +++ b/system/virtualization/containers/code-server/default.nix @@ -1,40 +1,43 @@ -{ config, lib, ... }: { +{ ... }: { - options.sysconfig.containers.code-server.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.nixosModules.default = { config, lib, ... }: { - config = lib.mkIf config.sysconfig.containers.code-server.enable { + options.sysconfig.containers.code-server.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; - containers.code-server = { + config = lib.mkIf config.sysconfig.containers.code-server.enable { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.31"; + containers.code-server = { - config = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.31"; - services.code-server = { - enable = true; - - hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI"; + config = { - disableUpdateCheck = true; + services.code-server = { + enable = true; - disableTelemetry = true; + hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI"; - disableGettingStartedOverride = true; + disableUpdateCheck = true; - auth = "none"; + disableTelemetry = true; - host = "0.0.0.0"; + disableGettingStartedOverride = true; + + auth = "none"; + + host = "0.0.0.0"; + }; + + networking.firewall.allowedTCPPorts = [ 4444 ]; + + system.stateVersion = "25.05"; }; - - networking.firewall.allowedTCPPorts = [ 4444 ]; - - system.stateVersion = "25.05"; }; }; }; diff --git a/system/virtualization/containers/default.nix b/system/virtualization/containers/default.nix deleted file mode 100644 index ba341b5..0000000 --- a/system/virtualization/containers/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ ... }: { - - imports = let - dir = builtins.readDir ./.; - in builtins.map (x: ./${x}) (builtins.filter - (file: (dir.${file} == "directory")) - (builtins.attrNames dir) - ); - - /*imports = [ - ./gitlab - ./gitea - ./traefik - ./nginx - ./jellyfin - ./pihole - ./nextcloud - ./ntfy - ./homeassistant - ./rustdesk - ./netbird - ./keycloak - ./ollama - ./openwebui - ./n8n - ./wyoming - ./code-server - ./novnc - ./minecraft - #./sandbox - ];*/ -} diff --git a/system/virtualization/containers/gitea/default.nix b/system/virtualization/containers/gitea/default.nix index c839643..ffb86f0 100644 --- a/system/virtualization/containers/gitea/default.nix +++ b/system/virtualization/containers/gitea/default.nix @@ -1,105 +1,110 @@ -{ config, lib, ... }: { +{ ... }: { - options.sysconfig.containers.gitea.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.nixosModules.default = { config, lib, ... }: { - config = lib.mkIf config.sysconfig.containers.gitea.enable { - - networking = { - nat.internalInterfaces = [ "ve-gitea" ]; - }; - - sops.secrets = { - "gitea/dbpass" = {}; + options.sysconfig.containers.gitea.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; }; - containers.gitea = { + config = lib.mkIf config.sysconfig.containers.gitea.enable { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.20"; - - bindMounts = { - "/etc/gitea/data" = { - hostPath = "/ssd1/Gitea/data"; - isReadOnly = false; - }; + networking = { + nat.internalInterfaces = [ "ve-gitea" ]; }; - extraFlags = [ - "--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}" - ]; - config = { + sops.secrets = { + "gitea/dbpass" = {}; + }; - systemd.services.secrets_setup = { - wantedBy = [ "gitea.service" ]; + containers.gitea = { - serviceConfig = { - LoadCredential = [ - "dbpass" - ]; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.20"; + + bindMounts = { + "/etc/gitea/data" = { + hostPath = "/ssd1/Gitea/data"; + isReadOnly = false; }; - - script = '' - cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass - chown gitea:gitea /etc/gitea/* - ''; }; + + extraFlags = [ + "--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}" + ]; - services.gitea = { - enable = true; + config = { - stateDir = "/etc/gitea/data"; + systemd.services.secrets_setup = { + wantedBy = [ "gitea.service" ]; - dump.enable = false; - - appName = "Gitea"; - - settings = { - server = { - DOMAIN = "gitea.esotericbytes.com"; - HTTP_PORT = 3000; - ROOT_URL = "https://gitea.esotericbytes.com/"; + serviceConfig = { + LoadCredential = [ + "dbpass" + ]; }; - service = { - DISABLE_REGISTRATION = false; - ALLOW_ONLY_EXTERNAL_REGISTRATION = true; - REQUIRE_SIGNIN_VIEW = false; - }; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - }; - session.COOKIE_SECURE = true; - cron = { - ENABLED = true; - RUN_AT_START = true; - }; + script = '' + cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass + chown gitea:gitea /etc/gitea/* + ''; }; - database = { - passwordFile = "/etc/gitea/dbpass"; - type = "postgres"; + services.gitea = { + enable = true; + + stateDir = "/etc/gitea/data"; + + dump.enable = false; + + appName = "Gitea"; + + settings = { + server = { + DOMAIN = "gitea.esotericbytes.com"; + HTTP_PORT = 3000; + ROOT_URL = "https://gitea.esotericbytes.com/"; + }; + service = { + DISABLE_REGISTRATION = false; + ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + REQUIRE_SIGNIN_VIEW = false; + }; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + }; + session.COOKIE_SECURE = true; + + cron = { + ENABLED = true; + RUN_AT_START = true; + }; + }; + + database = { + passwordFile = "/etc/gitea/dbpass"; + type = "postgres"; + }; + }; + services.openssh = { + enable = true; + openFirewall = true; + settings = { + PermitRootLogin = lib.mkForce "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + ports = [ 2222 ]; + }; + + networking.firewall.allowedTCPPorts = [ 3000 ]; + + system.stateVersion = "24.11"; }; - services.openssh = { - enable = true; - openFirewall = true; - settings = { - PermitRootLogin = lib.mkForce "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - ports = [ 2222 ]; - }; - - networking.firewall.allowedTCPPorts = [ 3000 ]; - - system.stateVersion = "24.11"; }; }; }; diff --git a/system/virtualization/containers/gitlab/default.nix b/system/virtualization/containers/gitlab/default.nix deleted file mode 100644 index 8d1089a..0000000 --- a/system/virtualization/containers/gitlab/default.nix +++ /dev/null @@ -1,172 +0,0 @@ -{ config, lib, ... }: { - - options.sysconfig.containers.gitlab.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - - config = lib.mkIf config.sysconfig.containers.gitlab.enable { - - sops.secrets = { - "gitlab/db_pass" = {}; - "gitlab/root_pass" = {}; - "gitlab/secrets/secret" = {}; - "gitlab/secrets/otp" = {}; - "gitlab/secrets/db" = {}; - "gitlab/secrets/jws" = {}; - "gitlab/oidc/id" = {}; - "gitlab/oidc/secret" = {}; - }; - - services.openssh.ports = [ - 2222 - ]; - - networking.firewall.allowedTCPPorts = [ - 22 - 2222 - ]; - - containers.gitlab = { - - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.16"; - - forwardPorts = [ - { - containerPort = 22; - hostPort = 22; - } - ]; - - bindMounts = { - "/etc/gitlab/data" = { - hostPath = "/ssd1/Gitlab/data"; - isReadOnly = false; - }; - }; - - extraFlags = [ - "--load-credential=dbpass:${config.sops.secrets."gitlab/db_pass".path}" - "--load-credential=rootpass:${config.sops.secrets."gitlab/root_pass".path}" - "--load-credential=secret:${config.sops.secrets."gitlab/secrets/secret".path}" - "--load-credential=otp:${config.sops.secrets."gitlab/secrets/otp".path}" - "--load-credential=db:${config.sops.secrets."gitlab/secrets/db".path}" - "--load-credential=jws:${config.sops.secrets."gitlab/secrets/jws".path}" - "--load-credential=oidc_id:${config.sops.secrets."gitlab/oidc/id".path}" - "--load-credential=oidc_secret:${config.sops.secrets."gitlab/oidc/secret".path}" - ]; - config = { - - systemd.services.secrets_setup = { - wantedBy = [ "gitlab.service" ]; - - serviceConfig = { - LoadCredential = [ - "dbpass" - "rootpass" - "secret" - "db" - "otp" - "jws" - "oidc_id" - "oidc_secret" - ]; - }; - - script = '' - cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitlab/dbpass - cat ''${CREDENTIALS_DIRECTORY}/rootpass > /etc/gitlab/rootpass - cat ''${CREDENTIALS_DIRECTORY}/secret > /etc/gitlab/secret - cat ''${CREDENTIALS_DIRECTORY}/db > /etc/gitlab/db - cat ''${CREDENTIALS_DIRECTORY}/otp > /etc/gitlab/otp - cat ''${CREDENTIALS_DIRECTORY}/jws > /etc/gitlab/jws - cat ''${CREDENTIALS_DIRECTORY}/oidc_id > /etc/gitlab/oidc-id - cat ''${CREDENTIALS_DIRECTORY}/oidc_secret > /etc/gitlab/oidc-secret - - chown gitlab:gitlab /etc/gitlab/* - ''; - }; - - services.gitlab = { - enable = true; - #https = true; - #port = 443; - host = "gitlab.blunkall.us"; - databasePasswordFile = "/etc/gitlab/dbpass"; - initialRootPasswordFile = "/etc/gitlab/rootpass"; - - statePath = "/etc/gitlab/data"; - - secrets = { - secretFile = "/etc/gitlab/secret"; - otpFile = "/etc/gitlab/otp"; - dbFile = "/etc/gitlab/db"; - jwsFile = "/etc/gitlab/jws"; - }; - - extraConfig = { - gitlab = { - default_project_features = { - builds = false; - }; - }; - omniauth = { - enabled = true; - auto_sign_in_with_provider = "openid_connect"; - allow_single_sign_on = [ "openid_connect" ]; - sync_email_from_provider = "openid_connect"; - sync_profile_from_provider = [ "openid_connect" ]; - sync_profile_attributes = [ "email" ]; - auto_link_saml_user = true; - auto_link_user = [ "openid_connect" ]; - block_auto_created_users = false; - providers = [ - { - name = "openid_connect"; - label = "Authentik SSO"; - args = { - name = "openid_connect"; - scope = [ "openid" "profile" "email" ]; - response_type = "code"; - issuer = "https://auth.blunkall.us/application/o/gitlab/"; - discovery = true; - client_auth_method = "query"; - uid_field = "preferred_username"; - send_scope_to_token_endpoint = true; - pkce = true; - client_options = { - identifier = { _secret = "/etc/gitlab/oidc-id"; }; - secret = { _secret = "/etc/gitlab/oidc-secret"; }; - redirect_uri = "https://gitlab.blunkall.us/users/auth/openid_connect/callback"; - }; - }; - } - ]; - }; - }; - }; - services.nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts = { - "gitlab.blunkall.us" = { - locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; - }; - }; - }; - - services.openssh.enable = true; - - systemd.services.gitlab-backup.environment.BACKUP = "dump"; - - - networking.firewall.allowedTCPPorts = [ 22 80 ]; - - system.stateVersion = "24.05"; - }; - }; - }; -} diff --git a/system/virtualization/containers/minecraft/default.nix b/system/virtualization/containers/minecraft/default.nix deleted file mode 100644 index 116808a..0000000 --- a/system/virtualization/containers/minecraft/default.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ config, lib, pkgs, nix-minecraft, ... }: { - - options.sysconfig = { - containers.minecraft.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; - - config = lib.mkIf config.sysconfig.containers.minecraft.enable { - - networking = { - firewall = { - allowedTCPPorts = [ 25565 ]; - allowedUDPPorts = [ 25565 ]; - }; - }; - - nixpkgs.overlays = [ nix-minecraft.overlay ]; - - containers.minecraft = { - - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.29"; - - forwardPorts = [ - { - containerPort = 25565; - hostPort = 25565; - protocol = "tcp"; - } - { - containerPort = 25565; - hostPort = 25565; - protocol = "udp"; - } - ]; - - - config = { - - imports = [ - nix-minecraft.nixosModules.minecraft-servers - ]; - - environment.systemPackages = with pkgs; [ tmux ]; - - services.minecraft-servers = { - - enable = true; - eula = true; - openFirewall = true; - dataDir = "/var/lib/mcservers"; - - managementSystem.systemd-socket.enable = true; #temp - - servers = { - - vanilla = { - enable = true; - package = pkgs.fabricServers.fabric-1_21_8; - serverProperties = { - server-port = 25565; - gamemode = "survival"; - difficulty = 2; - white-list = true; - motd = "Didn't see that coming huh?"; - }; - whitelist = { - "MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb"; - "651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc"; - "Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3"; - }; - autoStart = true; - }; - - modded = { - enable = false; -#package = pkgs.fabricServers.fabric-1_21_1.override { loaderVersion = "0.16.14"; }; - package = pkgs.fabricServers.fabric-1_21_1; - jvmOpts = [ "-Xms8000M" "-Xmx12000M" ]; - serverProperties = { - server-port = 25566; - gamemode = "survival"; - white-list = true; - allow-flight = true; - motd = "Ex-plo-sion!!!"; - }; - whitelist = { - "MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb"; - "651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc"; - "Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3"; - }; - autoStart = true; - symlinks = { - "mods" = ./mods; - }; - }; - }; - }; - - system.stateVersion = "25.05"; - }; - }; - }; -} diff --git a/system/virtualization/containers/nginx/default.nix b/system/virtualization/containers/nginx/default.nix index 9db98ba..53fb43d 100644 --- a/system/virtualization/containers/nginx/default.nix +++ b/system/virtualization/containers/nginx/default.nix @@ -1,42 +1,45 @@ -{ config, lib, ... }: { - - options.sysconfig.containers."esotericbytes.com".enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; +{ ... }: { - config = lib.mkIf config.sysconfig.containers."esotericbytes.com".enable { + flake.nixosModules.default = { config, lib, ... }: { - containers.esotericbytes-com = { + options.sysconfig.containers."esotericbytes.com".enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.13"; + config = lib.mkIf config.sysconfig.containers."esotericbytes.com".enable { - bindMounts = { - "/var/www/data" = { - hostPath = "/ssd1/esotericbytes-com/data"; - isReadOnly = false; - }; - }; + containers.esotericbytes-com = { - config = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.13"; - services.nginx = { - enable = true; - virtualHosts = { - "esotericbytes.com" = { - enableACME = false; - forceSSL = false; - root = "/var/www/data"; - }; + bindMounts = { + "/var/www/data" = { + hostPath = "/ssd1/esotericbytes-com/data"; + isReadOnly = false; }; }; - networking.firewall.allowedTCPPorts = [ 80 ]; + config = { - system.stateVersion = "24.05"; + services.nginx = { + enable = true; + virtualHosts = { + "esotericbytes.com" = { + enableACME = false; + forceSSL = false; + root = "/var/www/data"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + + system.stateVersion = "24.05"; + }; }; }; }; diff --git a/system/virtualization/containers/novnc/default.nix b/system/virtualization/containers/novnc/default.nix index 3f66b29..d4d3105 100644 --- a/system/virtualization/containers/novnc/default.nix +++ b/system/virtualization/containers/novnc/default.nix @@ -1,51 +1,54 @@ -{ config, lib, pkgs, ... }: { - - options.sysconfig.containers.novnc.enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; +{ ... }: { - config = lib.mkIf config.sysconfig.containers.novnc.enable { + flake.nixosModules.default = { config, lib, pkgs, ... }: { - networking = { - firewall.interfaces."ve-novnc" = { - allowedTCPPorts = [ 5900 ]; - allowedUDPPorts = [ 5900 ]; - }; + options.sysconfig.containers.novnc.enable = lib.mkOption { + type = lib.types.bool; + default = false; }; - containers.novnc = { + config = lib.mkIf config.sysconfig.containers.novnc.enable { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.30"; + networking = { + firewall.interfaces."ve-novnc" = { + allowedTCPPorts = [ 5900 ]; + allowedUDPPorts = [ 5900 ]; + }; + }; - config = { + containers.novnc = { - systemd.services.novnc = { - enable = true; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.30"; - path = with pkgs; [ - novnc - ps - ]; + config = { - script = '' - novnc --listen 80 --vnc 192.168.100.10:5900 - ''; + systemd.services.novnc = { + enable = true; - serviceConfig = { - Type = "exec"; + path = with pkgs; [ + novnc + ps + ]; + + script = '' + novnc --listen 80 --vnc 192.168.100.10:5900 + ''; + + serviceConfig = { + Type = "exec"; + }; + + wantedBy = [ "multi-user.target" ]; }; - wantedBy = [ "multi-user.target" ]; + + networking.firewall.allowedTCPPorts = [ 80 ]; + + system.stateVersion = "25.05"; }; - - - networking.firewall.allowedTCPPorts = [ 80 ]; - - system.stateVersion = "25.05"; }; }; }; diff --git a/system/virtualization/containers/ntfy/default.nix b/system/virtualization/containers/ntfy/default.nix index c3c8305..7ae67bd 100644 --- a/system/virtualization/containers/ntfy/default.nix +++ b/system/virtualization/containers/ntfy/default.nix @@ -1,42 +1,45 @@ -{ config, lib, ... }: { +{ ... }: { - options.sysconfig.containers.ntfy.enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; + flake.nixosModules.default = { config, lib, ... }: { - config = lib.mkIf config.sysconfig.containers.ntfy.enable { + options.sysconfig.containers.ntfy.enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; - containers.ntfy = { + config = lib.mkIf config.sysconfig.containers.ntfy.enable { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.19"; + containers.ntfy = { - config = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.19"; - services.ntfy-sh = { - - enable = true; - - settings = { - - base-url = "https://ntfy.esotericbytes.com"; + config = { - listen-http = ":80"; + services.ntfy-sh = { - behind-proxy = true; + enable = true; - upstream-base-url = "https://ntfy.sh"; + settings = { - auth-default-access = "deny-all"; + base-url = "https://ntfy.esotericbytes.com"; + + listen-http = ":80"; + + behind-proxy = true; + + upstream-base-url = "https://ntfy.sh"; + + auth-default-access = "deny-all"; + }; }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + + system.stateVersion = "24.05"; }; - - networking.firewall.allowedTCPPorts = [ 80 ]; - - system.stateVersion = "24.05"; }; }; }; diff --git a/system/virtualization/containers/rustdesk/default.nix b/system/virtualization/containers/rustdesk/default.nix index 536bfde..54c2a1c 100644 --- a/system/virtualization/containers/rustdesk/default.nix +++ b/system/virtualization/containers/rustdesk/default.nix @@ -1,84 +1,87 @@ -{ config, lib, ... }: { +{ ... }: { - options.sysconfig.containers.rustdesk.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; + flake.nixosModules.default = { config, lib, ... }: { - config = lib.mkIf config.sysconfig.containers.rustdesk.enable { + options.sysconfig.containers.rustdesk.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; - /*networking = { - firewall.allowedTCPPorts = [ 21115 21116 21117 21118 21119 ]; - firewall.allowedUDPPorts = [ 21116 ]; - };*/ - containers.rustdesk = { - - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.27"; -/* forwardPorts = [ - { - containerPort = 21115; - hostPort = 21115; - protocol = "tcp"; - } - { - containerPort = 21116; - hostPort = 21116; - protocol = "tcp"; - } - { - containerPort = 21116; - hostPort = 21116; - protocol = "udp"; - } - { - containerPort = 21117; - hostPort = 21117; - protocol = "tcp"; - } - { - containerPort = 21118; - hostPort = 21118; - protocol = "tcp"; - } + config = lib.mkIf config.sysconfig.containers.rustdesk.enable { - { - containerPort = 21119; - hostPort = 21119; - protocol = "tcp"; - } + /*networking = { + firewall.allowedTCPPorts = [ 21115 21116 21117 21118 21119 ]; + firewall.allowedUDPPorts = [ 21116 ]; + };*/ + containers.rustdesk = { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.27"; + /* forwardPorts = [ + { + containerPort = 21115; + hostPort = 21115; + protocol = "tcp"; + } + { + containerPort = 21116; + hostPort = 21116; + protocol = "tcp"; + } + { + containerPort = 21116; + hostPort = 21116; + protocol = "udp"; + } + { + containerPort = 21117; + hostPort = 21117; + protocol = "tcp"; + } + { + containerPort = 21118; + hostPort = 21118; + protocol = "tcp"; + } + + { + containerPort = 21119; + hostPort = 21119; + protocol = "tcp"; + } - ];*/ - config = { + ];*/ + config = { - services.rustdesk-server = { - enable = true; - - openFirewall = true; - - relay = { + services.rustdesk-server = { enable = true; - extraArgs = [ - "-k" - "AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA" - ]; + + openFirewall = true; + + relay = { + enable = true; + extraArgs = [ + "-k" + "AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA" + ]; + }; + + signal = { + enable = true; +#relayHosts = [ "esotericbytes.com" ]; + relayHosts = [ "192.168.100.27" ]; + extraArgs = [ + "-k" + "AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA" + ]; + }; }; - signal = { - enable = true; - #relayHosts = [ "esotericbytes.com" ]; - relayHosts = [ "192.168.100.27" ]; - extraArgs = [ - "-k" - "AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA" - ]; - }; + system.stateVersion = "24.05"; }; - - system.stateVersion = "24.05"; }; }; }; diff --git a/system/virtualization/containers/sandbox/default.nix b/system/virtualization/containers/sandbox/default.nix index d745bc4..c5679a0 100644 --- a/system/virtualization/containers/sandbox/default.nix +++ b/system/virtualization/containers/sandbox/default.nix @@ -1,79 +1,82 @@ -{ config, lib, self, ... }: { - - options.sysconfig.containers.sandbox.enable = lib.mkOption { - type = lib.types.bool; - default = false; - }; +{ ... }: { - config = lib.mkIf config.sysconfig.containers.sandbox.enable { + flake.nixosModules.default = { config, lib, self, ... }: { - networking = { - - nat.internalInterfaces = [ "ve-sandbox" ]; + options.sysconfig.containers.sandbox.enable = lib.mkOption { + type = lib.types.bool; + default = false; }; - containers.sandbox = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.32"; + config = lib.mkIf config.sysconfig.containers.sandbox.enable { - ephemeral = true; + networking = { - timeoutStartSec = "3min"; - - flake = "${self}"; - - /*bindMounts = { - "/dev/nvidia0" = { - hostPath = "/dev/nvidia0"; - isReadOnly = false; - }; - "/dev/nvidiactl" = { - hostPath = "/dev/nvidiactl"; - isReadOnly = false; - }; - "/dev/nvidia-uvm" = { - hostPath = "/dev/nvidia-uvm"; - isReadOnly = false; - }; - "/dev/nvidia-modeset" = { - hostPath = "/dev/nvidia-modeset"; - isReadOnly = false; - }; - "/dev/nvidia-uvm-tools" = { - hostPath = "/dev/nvidia-uvm-tools"; - isReadOnly = false; - }; + nat.internalInterfaces = [ "ve-sandbox" ]; }; + containers.sandbox = { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.32"; + + ephemeral = true; + + timeoutStartSec = "3min"; + + flake = "${self}"; + + /*bindMounts = { + "/dev/nvidia0" = { + hostPath = "/dev/nvidia0"; + isReadOnly = false; + }; + "/dev/nvidiactl" = { + hostPath = "/dev/nvidiactl"; + isReadOnly = false; + }; + "/dev/nvidia-uvm" = { + hostPath = "/dev/nvidia-uvm"; + isReadOnly = false; + }; + "/dev/nvidia-modeset" = { + hostPath = "/dev/nvidia-modeset"; + isReadOnly = false; + }; + "/dev/nvidia-uvm-tools" = { + hostPath = "/dev/nvidia-uvm-tools"; + isReadOnly = false; + }; + }; + + allowedDevices = [ + { + node = "/dev/nvidia0"; + modifier = "rw"; + } + { + node = "/dev/nvidiactl"; + modifier = "rw"; + } + { + node = "/dev/nvidia-uvm"; + modifier = "rw"; + } + { + node = "/dev/nvidia-modeset"; + modifier = "rw"; + } + { + node = "/dev/nvidia-uvm-tools"; + modifier = "rw"; + } + ];*/ + + config = { + }; - allowedDevices = [ - { - node = "/dev/nvidia0"; - modifier = "rw"; - } - { - node = "/dev/nvidiactl"; - modifier = "rw"; - } - { - node = "/dev/nvidia-uvm"; - modifier = "rw"; - } - { - node = "/dev/nvidia-modeset"; - modifier = "rw"; - } - { - node = "/dev/nvidia-uvm-tools"; - modifier = "rw"; - } - ];*/ - config = { }; - - }; }; } diff --git a/system/virtualization/containers/wyoming/default.nix b/system/virtualization/containers/wyoming/default.nix index 0f4275d..e604b3d 100644 --- a/system/virtualization/containers/wyoming/default.nix +++ b/system/virtualization/containers/wyoming/default.nix @@ -1,61 +1,63 @@ -{ config, lib, ... }: { +{ ... }: { - options.sysconfig.containers.wyoming = { - enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - piper = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - openwakeword = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - faster-whisper = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - satellite = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; + flake.nixosModules.default = { config, lib, ... }: { - config = lib.mkIf config.sysconfig.containers.wyoming.enable { - - containers.wyoming = { - - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.26"; - - bindMounts = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper { - "/dev/nvidia0" = { - hostPath = "/dev/nvidia0"; - isReadOnly = false; - }; - "/dev/nvidiactl" = { - hostPath = "/dev/nvidiactl"; - isReadOnly = false; - }; - "/dev/nvidia-uvm" = { - hostPath = "/dev/nvidia-uvm"; - isReadOnly = false; - }; - "/dev/nvidia-modeset" = { - hostPath = "/dev/nvidia-modeset"; - isReadOnly = false; - }; - "/dev/nvidia-uvm-tools" = { - hostPath = "/dev/nvidia-uvm-tools"; - isReadOnly = false; - }; + options.sysconfig.containers.wyoming = { + enable = lib.options.mkOption { + type = lib.types.bool; + default = false; }; + piper = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + openwakeword = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + faster-whisper = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + satellite = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + }; - allowedDevices = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper [ + config = lib.mkIf config.sysconfig.containers.wyoming.enable { + + containers.wyoming = { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.26"; + + bindMounts = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper { + "/dev/nvidia0" = { + hostPath = "/dev/nvidia0"; + isReadOnly = false; + }; + "/dev/nvidiactl" = { + hostPath = "/dev/nvidiactl"; + isReadOnly = false; + }; + "/dev/nvidia-uvm" = { + hostPath = "/dev/nvidia-uvm"; + isReadOnly = false; + }; + "/dev/nvidia-modeset" = { + hostPath = "/dev/nvidia-modeset"; + isReadOnly = false; + }; + "/dev/nvidia-uvm-tools" = { + hostPath = "/dev/nvidia-uvm-tools"; + isReadOnly = false; + }; + }; + + allowedDevices = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper [ { node = "/dev/nvidia0"; modifier = "rw"; @@ -76,56 +78,57 @@ node = "/dev/nvidia-uvm-tools"; modifier = "rw"; } - ]; + ]; - config = { + config = { - networking.firewall = { - allowedTCPPorts = [ 11431 11432 11433 11435 ]; - }; - - services.wyoming = { + networking.firewall = { + allowedTCPPorts = [ 11431 11432 11433 11435 ]; + }; - piper = lib.mkIf config.sysconfig.containers.wyoming.piper { + services.wyoming = { - servers.piper = { + piper = lib.mkIf config.sysconfig.containers.wyoming.piper { + + servers.piper = { + enable = true; + voice = "en-us-ryan-medium"; + uri = "tcp://0.0.0.0:11435"; + }; + }; + + openwakeword = lib.mkIf config.sysconfig.containers.wyoming.openwakeword { enable = true; - voice = "en-us-ryan-medium"; - uri = "tcp://0.0.0.0:11435"; + uri = "tcp://0.0.0.0:11432"; + + threshold = 0.5; + customModelsDirectories = [ +#./wake_words + ]; + }; + + faster-whisper = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper { + servers.whisper = { + enable = true; + device = "auto"; + language = "en"; + model = "medium.en"; + uri = "tcp://0.0.0.0:11433"; + }; + }; + + satellite = lib.mkIf config.sysconfig.containers.wyoming.satellite { + enable = true; + uri = "tcp://0.0.0.0:11431"; +#user = "nathan"; + vad.enable = false; }; }; - openwakeword = lib.mkIf config.sysconfig.containers.wyoming.openwakeword { - enable = true; - uri = "tcp://0.0.0.0:11432"; - - threshold = 0.5; - customModelsDirectories = [ - #./wake_words - ]; - }; - - faster-whisper = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper { - servers.whisper = { - enable = true; - device = "auto"; - language = "en"; - model = "medium.en"; - uri = "tcp://0.0.0.0:11433"; - }; - }; - - satellite = lib.mkIf config.sysconfig.containers.wyoming.satellite { - enable = true; - uri = "tcp://0.0.0.0:11431"; - #user = "nathan"; - vad.enable = false; - }; + system.stateVersion = "25.05"; }; - - system.stateVersion = "25.05"; }; - }; + }; }; } diff --git a/system/virtualization/default.nix b/system/virtualization/default.nix deleted file mode 100644 index 8c32d01..0000000 --- a/system/virtualization/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: { - - imports = let - dir = builtins.readDir ./.; - in builtins.map (x: ./${x}) (builtins.filter - (file: (dir.${file} == "directory")) - (builtins.attrNames dir) - ); -} diff --git a/system/virtualization/docker/authentik/default.nix b/system/virtualization/docker/authentik/default.nix index d189d17..8af6420 100644 --- a/system/virtualization/docker/authentik/default.nix +++ b/system/virtualization/docker/authentik/default.nix @@ -1,4 +1,6 @@ -{ config, lib, pkgs, ... }: let +{ ... }: { + + flake.nixosModules.default = { config, lib, pkgs, ... }: let hostPort = 9005; @@ -6,232 +8,233 @@ name = "authentik"; -in { + in { - options.sysconfig.docker.authentik.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; + options.sysconfig.docker.authentik.enable = with lib; mkOption { + type = with types; bool; + default = false; + }; - config = lib.mkIf (config.sysconfig.docker.authentik.enable && config.sysconfig.docker.enable) { - - networking.firewall.interfaces = { - "ve-traefik" = { - allowedTCPPorts = [ hostPort ]; + config = lib.mkIf (config.sysconfig.docker.authentik.enable && config.sysconfig.docker.enable) { + + networking.firewall.interfaces = { + "ve-traefik" = { + allowedTCPPorts = [ hostPort ]; + }; }; - }; - sops.secrets = { - "authentik/pass" = {}; - "authentik/secret_key" = {}; - }; + sops.secrets = { + "authentik/pass" = {}; + "authentik/secret_key" = {}; + }; - sops.templates."authentik.env" = { - content = '' - PG_PASS=${config.sops.placeholder."authentik/pass"} + sops.templates."authentik.env" = { + content = '' + PG_PASS=${config.sops.placeholder."authentik/pass"} SECRET_KEY=${config.sops.placeholder."authentik/secret_key"} - ''; - }; + ''; + }; - virtualisation.oci-containers.containers."authentik-postgresql" = { - image = "docker.io/library/postgres:16-alpine"; - environment = { - "POSTGRES_DB" = "authentik"; - "POSTGRES_PASSWORD" = "\${PG_PASS}"; - "POSTGRES_USER" = "authentik"; + virtualisation.oci-containers.containers."authentik-postgresql" = { + image = "docker.io/library/postgres:16-alpine"; + environment = { + "POSTGRES_DB" = "authentik"; + "POSTGRES_PASSWORD" = "\${PG_PASS}"; + "POSTGRES_USER" = "authentik"; + }; + environmentFiles = [ config.sops.templates."authentik.env".path ]; + volumes = [ + "authentik_database:/var/lib/postgresql/data:rw" + ]; + log-driver = "journald"; + extraOptions = [ + "--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}" + "--health-interval=30s" + "--health-retries=5" + "--health-start-period=20s" + "--health-timeout=5s" + "--network-alias=postgresql" + "--network=authentik_default" + ]; }; - environmentFiles = [ config.sops.templates."authentik.env".path ]; - volumes = [ - "authentik_database:/var/lib/postgresql/data:rw" - ]; - log-driver = "journald"; - extraOptions = [ - "--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}" - "--health-interval=30s" - "--health-retries=5" - "--health-start-period=20s" - "--health-timeout=5s" - "--network-alias=postgresql" - "--network=authentik_default" - ]; - }; - systemd.services."docker-authentik-postgresql" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; + systemd.services."docker-authentik-postgresql" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-authentik_default.service" + "docker-volume-authentik_database.service" + ]; + requires = [ + "docker-network-authentik_default.service" + "docker-volume-authentik_database.service" + ]; + partOf = [ + "docker-compose-authentik-root.target" + ]; + wantedBy = [ + "docker-compose-authentik-root.target" + ]; }; - after = [ - "docker-network-authentik_default.service" - "docker-volume-authentik_database.service" - ]; - requires = [ - "docker-network-authentik_default.service" - "docker-volume-authentik_database.service" - ]; - partOf = [ - "docker-compose-authentik-root.target" - ]; - wantedBy = [ - "docker-compose-authentik-root.target" - ]; - }; - virtualisation.oci-containers.containers."authentik-server" = { - image = "ghcr.io/goauthentik/server:2025.12.2"; - environment = { - "AUTHENTIK_POSTGRESQL__HOST" = "postgresql"; - "AUTHENTIK_POSTGRESQL__NAME" = "authentik"; - "AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}"; - "AUTHENTIK_POSTGRESQL__USER" = "authentik"; - "AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}"; - }; - environmentFiles = [ config.sops.templates."authentik.env".path ]; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "websecure,localsecure"; - "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; - "traefik.http.routers.${name}.service" = "${name}"; - "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - - "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}"; - + virtualisation.oci-containers.containers."authentik-server" = { + image = "ghcr.io/goauthentik/server:2025.12.2"; + environment = { + "AUTHENTIK_POSTGRESQL__HOST" = "postgresql"; + "AUTHENTIK_POSTGRESQL__NAME" = "authentik"; + "AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}"; + "AUTHENTIK_POSTGRESQL__USER" = "authentik"; + "AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}"; + }; + environmentFiles = [ config.sops.templates."authentik.env".path ]; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.entrypoints" = "websecure,localsecure"; + "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; + "traefik.http.routers.${name}.service" = "${name}"; + "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - "traefik.http.middlewares.authentik.forwardauth.address" = "https://auth.esotericbytes.com/outpost.goauthentik.io/auth/traefik"; - "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true"; - "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"; + "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}"; + + "traefik.http.middlewares.authentik.forwardauth.address" = "https://auth.esotericbytes.com/outpost.goauthentik.io/auth/traefik"; + "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true"; + "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"; + + }; + volumes = [ + "/etc/Authentik/custom-templates:/templates:rw" + "/etc/Authentik/data:/data:rw" + ]; + ports = [ + "${builtins.toString hostPort}:9000/tcp" +#"9443:9443/tcp" + ]; + cmd = [ "server" ]; + dependsOn = [ + "authentik-postgresql" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=server" + "--network-alias=authentik-server" + "--network-alias=${name}" + ]; + networks = [ + "docker-main" + "authentik_default" + ]; }; - volumes = [ - "/etc/Authentik/custom-templates:/templates:rw" - "/etc/Authentik/data:/data:rw" - ]; - ports = [ - "${builtins.toString hostPort}:9000/tcp" - #"9443:9443/tcp" - ]; - cmd = [ "server" ]; - dependsOn = [ - "authentik-postgresql" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=server" - "--network-alias=authentik-server" - "--network-alias=${name}" - ]; - networks = [ - "docker-main" - "authentik_default" - ]; - }; - systemd.services."docker-authentik-server" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; + systemd.services."docker-authentik-server" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-authentik_default.service" + "docker-network-setup.service" + ]; + requires = [ + "docker-network-authentik_default.service" + "docker-network-setup.service" + ]; + partOf = [ + "docker-compose-authentik-root.target" + ]; + wantedBy = [ + "docker-compose-authentik-root.target" + ]; }; - after = [ - "docker-network-authentik_default.service" - "docker-network-setup.service" - ]; - requires = [ - "docker-network-authentik_default.service" - "docker-network-setup.service" - ]; - partOf = [ - "docker-compose-authentik-root.target" - ]; - wantedBy = [ - "docker-compose-authentik-root.target" - ]; - }; - virtualisation.oci-containers.containers."authentik-worker" = { - image = "ghcr.io/goauthentik/server:2025.12.2"; - environment = { - "AUTHENTIK_POSTGRESQL__HOST" = "postgresql"; - "AUTHENTIK_POSTGRESQL__NAME" = "authentik"; - "AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}"; - "AUTHENTIK_POSTGRESQL__USER" = "authentik"; - "AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}"; + virtualisation.oci-containers.containers."authentik-worker" = { + image = "ghcr.io/goauthentik/server:2025.12.2"; + environment = { + "AUTHENTIK_POSTGRESQL__HOST" = "postgresql"; + "AUTHENTIK_POSTGRESQL__NAME" = "authentik"; + "AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}"; + "AUTHENTIK_POSTGRESQL__USER" = "authentik"; + "AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}"; + }; + environmentFiles = [ config.sops.templates."authentik.env".path ]; + volumes = [ + "/etc/Authentik/certs:/certs:rw" + "/etc/Authentik/custom-templates:/templates:rw" + "/etc/Authentik/data:/data:rw" + "/var/run/docker.sock:/var/run/docker.sock:rw" + ]; + cmd = [ "worker" ]; + dependsOn = [ + "authentik-postgresql" + ]; + user = "root"; + log-driver = "journald"; + extraOptions = [ + "--network-alias=worker" + "--network=authentik_default" + ]; }; - environmentFiles = [ config.sops.templates."authentik.env".path ]; - volumes = [ - "/etc/Authentik/certs:/certs:rw" - "/etc/Authentik/custom-templates:/templates:rw" - "/etc/Authentik/data:/data:rw" - "/var/run/docker.sock:/var/run/docker.sock:rw" - ]; - cmd = [ "worker" ]; - dependsOn = [ - "authentik-postgresql" - ]; - user = "root"; - log-driver = "journald"; - extraOptions = [ - "--network-alias=worker" - "--network=authentik_default" - ]; - }; - systemd.services."docker-authentik-worker" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; + systemd.services."docker-authentik-worker" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-authentik_default.service" + ]; + requires = [ + "docker-network-authentik_default.service" + ]; + partOf = [ + "docker-compose-authentik-root.target" + ]; + wantedBy = [ + "docker-compose-authentik-root.target" + ]; }; - after = [ - "docker-network-authentik_default.service" - ]; - requires = [ - "docker-network-authentik_default.service" - ]; - partOf = [ - "docker-compose-authentik-root.target" - ]; - wantedBy = [ - "docker-compose-authentik-root.target" - ]; - }; # Networks - systemd.services."docker-network-authentik_default" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "docker network rm -f authentik_default"; + systemd.services."docker-network-authentik_default" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "docker network rm -f authentik_default"; + }; + script = '' + docker network inspect authentik_default || docker network create authentik_default + ''; + partOf = [ "docker-compose-authentik-root.target" ]; + wantedBy = [ "docker-compose-authentik-root.target" ]; }; - script = '' - docker network inspect authentik_default || docker network create authentik_default - ''; - partOf = [ "docker-compose-authentik-root.target" ]; - wantedBy = [ "docker-compose-authentik-root.target" ]; - }; # Volumes - systemd.services."docker-volume-authentik_database" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; + systemd.services."docker-volume-authentik_database" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + docker volume inspect authentik_database || docker volume create authentik_database --driver=local + ''; + partOf = [ "docker-compose-authentik-root.target" ]; + wantedBy = [ "docker-compose-authentik-root.target" ]; }; - script = '' - docker volume inspect authentik_database || docker volume create authentik_database --driver=local - ''; - partOf = [ "docker-compose-authentik-root.target" ]; - wantedBy = [ "docker-compose-authentik-root.target" ]; - }; # Root service # When started, this will automatically create all resources and start # the containers. When stopped, this will teardown all resources. - systemd.targets."docker-compose-authentik-root" = { - unitConfig = { - Description = "Root target generated by compose2nix."; + systemd.targets."docker-compose-authentik-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; }; - wantedBy = [ "multi-user.target" ]; }; }; } diff --git a/system/virtualization/docker/default.nix b/system/virtualization/docker/default.nix index 3fd24d3..49bafe4 100644 --- a/system/virtualization/docker/default.nix +++ b/system/virtualization/docker/default.nix @@ -1,61 +1,58 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - options.sysconfig.docker = { - enable = with lib; mkOption { - type = with types; bool; - default = false; - }; + flake.nixosModules.default = { config, lib, pkgs, ... }: { - nvidia = with lib; mkOption { - type = with types; bool; - default = false; - }; - }; - - imports = let - dir = builtins.readDir ./.; - in builtins.map (x: ./${x}) (builtins.filter - (file: (dir.${file} == "directory")) - (builtins.attrNames dir) - ); - - config = lib.mkIf config.sysconfig.docker.enable { - - networking.nat.internalInterfaces = [ "docker0" "docker-main" ]; - - virtualisation = { - docker = { - enable = true; - storageDriver = "btrfs"; + options.sysconfig.docker = { + enable = with lib; mkOption { + type = with types; bool; + default = false; }; - oci-containers = { - backend = "docker"; + nvidia = with lib; mkOption { + type = with types; bool; + default = false; }; }; - hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia; + config = lib.mkIf config.sysconfig.docker.enable { - systemd.services."docker-network-setup" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "docker network rm -f docker-main"; + networking.nat.internalInterfaces = [ "docker0" "docker-main" ]; + + virtualisation = { + docker = { + enable = true; + storageDriver = "btrfs"; + }; + + oci-containers = { + backend = "docker"; + }; }; - script = '' - docker network inspect docker-main || - docker network create -d bridge docker-main \ - --attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \ - --gateway 192.168.101.1 \ - -o "com.docker.network.bridge.name"="docker-main" \ - -o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik" - ''; - wantedBy = [ "docker-net.target" ]; - }; - systemd.targets."docker-net" = { - wantedBy = [ "multi-user.target" ]; + hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia; + + systemd.services."docker-network-setup" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "docker network rm -f docker-main"; + }; + script = '' + docker network inspect docker-main || + docker network create -d bridge docker-main \ + --attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \ + --gateway 192.168.101.1 \ + -o "com.docker.network.bridge.name"="docker-main" \ + -o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik" + ''; + wantedBy = [ "docker-net.target" ]; + }; + + systemd.targets."docker-net" = { + wantedBy = [ "multi-user.target" ]; + }; }; }; } + diff --git a/system/virtualization/docker/gitea/default.nix b/system/virtualization/docker/gitea/default.nix index f282129..6c666a4 100644 --- a/system/virtualization/docker/gitea/default.nix +++ b/system/virtualization/docker/gitea/default.nix @@ -1,151 +1,154 @@ -{ config, lib, pkgs, ... }: let +{ ... }: { + + flake.nixosModules.default = { config, lib, pkgs, ... }: let subdomain = "gitea"; name = "gitea"; -in { + in { - options.sysconfig.docker."${name}".enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) { - - - virtualisation.oci-containers.containers."${name}" = { - image = "docker.gitea.com/gitea:1.25.4"; - - # unstable, waiting for 26.05 - #pull = "newer"; - - hostname = "${subdomain}.esotericbytes.com"; - - networks = [ - "docker-main" - ]; - - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "localsecure"; - "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; - "traefik.http.routers.${name}.service" = "${name}"; - "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - - "traefik.http.services.${name}.loadbalancer.server.port" = "3000"; - - - "traefik.tcp.routers.${name}-ssh.entrypoints" = "gitea-ssh"; - "traefik.tcp.routers.${name}-ssh.rule" = "HostSNI(`*`)"; - "traefik.tcp.routers.${name}-ssh.service" = "${name}-ssh"; - - "traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "22"; - }; - - ports = [ - ]; - - extraOptions = [ - "--ip=192.168.101.20" - ]; - - volumes = [ - "vol_gitea:/data" - ]; - - environment = { - }; + options.sysconfig.docker."${name}".enable = with lib; mkOption { + type = with types; bool; + default = false; }; - virtualisation.oci-containers.containers."${name}-db" = { - image = "docker.io/library/postgres:14"; + config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) { - # unstable, waiting for 26.05 - #pull = "newer"; - hostname = "${name}-db"; + virtualisation.oci-containers.containers."${name}" = { + image = "docker.gitea.com/gitea:1.25.4"; - networks = [ - "docker-main" - ]; +# unstable, waiting for 26.05 +#pull = "newer"; - labels = { + hostname = "${subdomain}.esotericbytes.com"; + + networks = [ + "docker-main" + ]; + + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.entrypoints" = "localsecure"; + "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; + "traefik.http.routers.${name}.service" = "${name}"; + "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; + + "traefik.http.services.${name}.loadbalancer.server.port" = "3000"; + + + "traefik.tcp.routers.${name}-ssh.entrypoints" = "gitea-ssh"; + "traefik.tcp.routers.${name}-ssh.rule" = "HostSNI(`*`)"; + "traefik.tcp.routers.${name}-ssh.service" = "${name}-ssh"; + + "traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "22"; + }; + + ports = [ + ]; + + extraOptions = [ + "--ip=192.168.101.20" + ]; + + volumes = [ + "vol_gitea:/data" + ]; + + environment = { + }; }; - ports = [ - ]; - - extraOptions = [ - "--ip=192.168.101.21" - ]; + virtualisation.oci-containers.containers."${name}-db" = { + image = "docker.io/library/postgres:14"; - volumes = [ - "/etc/gitea/db:/var/lib/postgresql/data" - ]; +# unstable, waiting for 26.05 +#pull = "newer"; - environment = { + hostname = "${name}-db"; + + networks = [ + "docker-main" + ]; + + labels = { + }; + + ports = [ + ]; + + extraOptions = [ + "--ip=192.168.101.21" + ]; + + volumes = [ + "/etc/gitea/db:/var/lib/postgresql/data" + ]; + + environment = { + }; }; + + systemd.services."docker-gitea" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-setup.service" + "docker-volume-gitea.service" + "docker-gitea-db.service" + ]; + requires = [ + "docker-network-setup.service" + "docker-volume-gitea.service" + "docker-gitea-db.service" + ]; + partOf = [ + "docker-compose-gitea-root.target" + ]; + wantedBy = [ + "docker-compose-gitea-root.target" + ]; + }; + + systemd.services."docker-gitea-db" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-setup.service" + ]; + requires = [ + "docker-network-setup.service" + ]; + partOf = [ + "docker-compose-gitea-root.target" + ]; + wantedBy = [ + "docker-compose-gitea-root.target" + ]; + }; + + systemd.services."docker-volume-gitea" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local + ''; + partOf = [ "docker-compose-gitea-root.target" ]; + wantedBy = [ "docker-compose-gitea-root.target" ]; + }; + }; - - systemd.services."docker-gitea" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-network-setup.service" - "docker-volume-gitea.service" - "docker-gitea-db.service" - ]; - requires = [ - "docker-network-setup.service" - "docker-volume-gitea.service" - "docker-gitea-db.service" - ]; - partOf = [ - "docker-compose-gitea-root.target" - ]; - wantedBy = [ - "docker-compose-gitea-root.target" - ]; - }; - - systemd.services."docker-gitea-db" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-network-setup.service" - ]; - requires = [ - "docker-network-setup.service" - ]; - partOf = [ - "docker-compose-gitea-root.target" - ]; - wantedBy = [ - "docker-compose-gitea-root.target" - ]; - }; - - systemd.services."docker-volume-gitea" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local - ''; - partOf = [ "docker-compose-gitea-root.target" ]; - wantedBy = [ "docker-compose-gitea-root.target" ]; - }; - }; } diff --git a/system/virtualization/docker/home-assistant/default.nix b/system/virtualization/docker/home-assistant/default.nix index f48c4f7..320807c 100644 --- a/system/virtualization/docker/home-assistant/default.nix +++ b/system/virtualization/docker/home-assistant/default.nix @@ -1,58 +1,61 @@ -{ config, lib, ... }: let +{ ... }: { + + flake.nixosModules.default = { config, lib, ... }: let subdomain = "hass"; name = "home-assistant"; -in { + in { - options.sysconfig.docker.home-assistant.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; + options.sysconfig.docker.home-assistant.enable = with lib; mkOption { + type = with types; bool; + default = false; + }; - config = lib.mkIf (config.sysconfig.docker.home-assistant.enable && config.sysconfig.docker.enable) { - - environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml; + config = lib.mkIf (config.sysconfig.docker.home-assistant.enable && config.sysconfig.docker.enable) { - virtualisation.oci-containers.containers.home-assistant = { - image = "ghcr.io/home-assistant/home-assistant:stable"; + environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml; - # unstable, waiting for 26.05 - #pull = "newer"; + virtualisation.oci-containers.containers.home-assistant = { + image = "ghcr.io/home-assistant/home-assistant:stable"; - hostname = "${subdomain}.esotericbytes.com"; +# unstable, waiting for 26.05 +#pull = "newer"; - networks = [ - "docker-main" - ]; + hostname = "${subdomain}.esotericbytes.com"; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "localsecure"; - "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; - "traefik.http.routers.${name}.service" = "${name}"; - "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - - #"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; - "traefik.http.services.${name}.loadbalancer.server.port" = "8123"; + networks = [ + "docker-main" + ]; + + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.entrypoints" = "localsecure"; + "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; + "traefik.http.routers.${name}.service" = "${name}"; + "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; + +#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; + "traefik.http.services.${name}.loadbalancer.server.port" = "8123"; + }; + + environment = { + TZ = "America/Chicago"; + }; + + extraOptions = [ + "--ip=192.168.101.13" + ]; + + ports = [ + ]; + + volumes = [ + "vol_home-assistant:/config/" + "/etc/home-assistant/configuration.yaml:/config/configuration.yaml" + ]; }; - - environment = { - TZ = "America/Chicago"; - }; - - extraOptions = [ - "--ip=192.168.101.13" - ]; - - ports = [ - ]; - - volumes = [ - "vol_home-assistant:/config/" - "/etc/home-assistant/configuration.yaml:/config/configuration.yaml" - ]; }; }; } diff --git a/system/virtualization/docker/jellyfin/default.nix b/system/virtualization/docker/jellyfin/default.nix index 2219716..28976dd 100644 --- a/system/virtualization/docker/jellyfin/default.nix +++ b/system/virtualization/docker/jellyfin/default.nix @@ -1,117 +1,120 @@ -{ config, lib, pkgs, ... }: let +{ ... }: { + + flake.nixosModules.default = { config, lib, pkgs, ... }: let subdomain = "watch"; name = "jellyfin"; -in { + in { - options.sysconfig.docker.jellyfin.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.jellyfin.enable && config.sysconfig.docker.enable) { - - networking.firewall.allowedUDPPorts = [ 7359 ]; - - virtualisation.oci-containers.containers.jellyfin = { - image = "jellyfin/jellyfin:10.11.6"; - - # unstable, waiting for 26.05 - #pull = "newer"; - - hostname = "${subdomain}.esotericbytes.com"; - - networks = [ - "docker-main" - ]; - - ports = [ - "7359:7359/udp" - ]; - - volumes = [ - "vol_jellyfin-config:/config" - "vol_jellyfin-cache:/cache" - - "/etc/jellyfin/media:/media" - ]; - - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "websecure,localsecure"; - "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; - "traefik.http.routers.${name}.service" = "${name}"; - "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - - "traefik.http.services.${name}.loadbalancer.server.port" = "8096"; - }; - - extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ - "--device=nvidia.com/gpu=all" - "--ip=192.168.101.21" - ]; - - environment = { - JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com"; - }; + options.sysconfig.docker.jellyfin.enable = with lib; mkOption { + type = with types; bool; + default = false; }; - systemd.services."docker-jellyfin" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-network-setup.service" - "docker-volume-jellyfin-config.service" - "docker-volume-jellyfin-cache.service" - ]; - requires = [ - "docker-network-setup.service" - "docker-volume-jellyfin-config.service" - "docker-volume-jellyfin-cache.service" - ]; - partOf = [ - "docker-compose-jellyfin-root.target" - ]; - wantedBy = [ - "docker-compose-jellyfin-root.target" - ]; - }; + config = lib.mkIf (config.sysconfig.docker.jellyfin.enable && config.sysconfig.docker.enable) { - systemd.services."docker-volume-jellyfin-config" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local - ''; - partOf = [ "docker-compose-jellyfin-root.target" ]; - wantedBy = [ "docker-compose-jellyfin-root.target" ]; - }; - - systemd.services."docker-volume-jellyfin-cache" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local - ''; - partOf = [ "docker-compose-jellyfin-root.target" ]; - wantedBy = [ "docker-compose-jellyfin-root.target" ]; - }; + networking.firewall.allowedUDPPorts = [ 7359 ]; - systemd.targets."docker-compose-jellyfin-root" = { - wantedBy = [ "multi-user.target" ]; - }; + virtualisation.oci-containers.containers.jellyfin = { + image = "jellyfin/jellyfin:10.11.6"; +# unstable, waiting for 26.05 +#pull = "newer"; + + hostname = "${subdomain}.esotericbytes.com"; + + networks = [ + "docker-main" + ]; + + ports = [ + "7359:7359/udp" + ]; + + volumes = [ + "vol_jellyfin-config:/config" + "vol_jellyfin-cache:/cache" + + "/etc/jellyfin/media:/media" + ]; + + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.entrypoints" = "websecure,localsecure"; + "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; + "traefik.http.routers.${name}.service" = "${name}"; + "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; + + "traefik.http.services.${name}.loadbalancer.server.port" = "8096"; + }; + + extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ + "--device=nvidia.com/gpu=all" + "--ip=192.168.101.21" + ]; + + environment = { + JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com"; + }; + }; + + systemd.services."docker-jellyfin" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-setup.service" + "docker-volume-jellyfin-config.service" + "docker-volume-jellyfin-cache.service" + ]; + requires = [ + "docker-network-setup.service" + "docker-volume-jellyfin-config.service" + "docker-volume-jellyfin-cache.service" + ]; + partOf = [ + "docker-compose-jellyfin-root.target" + ]; + wantedBy = [ + "docker-compose-jellyfin-root.target" + ]; + }; + + systemd.services."docker-volume-jellyfin-config" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local + ''; + partOf = [ "docker-compose-jellyfin-root.target" ]; + wantedBy = [ "docker-compose-jellyfin-root.target" ]; + }; + + systemd.services."docker-volume-jellyfin-cache" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local + ''; + partOf = [ "docker-compose-jellyfin-root.target" ]; + wantedBy = [ "docker-compose-jellyfin-root.target" ]; + }; + + systemd.targets."docker-compose-jellyfin-root" = { + wantedBy = [ "multi-user.target" ]; + }; + + }; }; } diff --git a/system/virtualization/docker/n8n/default.nix b/system/virtualization/docker/n8n/default.nix index bd209f2..b6650b0 100644 --- a/system/virtualization/docker/n8n/default.nix +++ b/system/virtualization/docker/n8n/default.nix @@ -1,102 +1,105 @@ -{ config, lib, pkgs, ... }: let +{ ... }: { + + flake.nixosModules.default = { config, lib, pkgs, ... }: let subdomain = "n8n"; name = "n8n"; -in { + in { - options.sysconfig.docker."${name}".enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) { - - - virtualisation.oci-containers.containers."${name}" = { - image = "docker.n8n.io/n8nio/n8n"; - - # unstable, waiting for 26.05 - #pull = "newer"; - - hostname = "${subdomain}.esotericbytes.com"; - - networks = [ - "docker-main" - ]; - - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "localsecure"; - "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; - "traefik.http.routers.${name}.service" = "${name}"; - "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - - "traefik.http.services.${name}.loadbalancer.server.port" = "5678"; - }; - - ports = [ - ]; - - extraOptions = [ - "--ip=192.168.101.2" - ]; - - volumes = [ - "vol_n8n:/etc/n8n" - ]; - - environment = { - GENERIC_TIMEZONE = "America/Chicago"; - TZ = "America/Chicago"; - N8N_DIAGNOSTICS_ENABLED = "false"; - N8N_VERSION_NOTIFICATIONS_ENABLED = "false"; - N8N_TEMPLATES_ENABLED = "false"; - - EXTERNAL_FRONTEND_HOOKS_URLS = ""; - N8N_DIAGNOSTICS_CONFIG_FRONTEND = ""; - N8N_DIAGNOSTICS_CONFIG_BACKEND = ""; - - N8N_SECURE_COOKIE = "false"; - }; + options.sysconfig.docker."${name}".enable = with lib; mkOption { + type = with types; bool; + default = false; }; - systemd.services."docker-n8n" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-network-setup.service" - "docker-volume-n8n.service" - ]; - requires = [ - "docker-network-setup.service" - "docker-volume-n8n.service" - ]; - partOf = [ - "docker-compose-n8n-root.target" - ]; - wantedBy = [ - "docker-compose-n8n-root.target" - ]; - }; + config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) { - systemd.services."docker-volume-n8n" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; + + virtualisation.oci-containers.containers."${name}" = { + image = "docker.n8n.io/n8nio/n8n"; + +# unstable, waiting for 26.05 +#pull = "newer"; + + hostname = "${subdomain}.esotericbytes.com"; + + networks = [ + "docker-main" + ]; + + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.entrypoints" = "localsecure"; + "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; + "traefik.http.routers.${name}.service" = "${name}"; + "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; + + "traefik.http.services.${name}.loadbalancer.server.port" = "5678"; + }; + + ports = [ + ]; + + extraOptions = [ + "--ip=192.168.101.2" + ]; + + volumes = [ + "vol_n8n:/etc/n8n" + ]; + + environment = { + GENERIC_TIMEZONE = "America/Chicago"; + TZ = "America/Chicago"; + N8N_DIAGNOSTICS_ENABLED = "false"; + N8N_VERSION_NOTIFICATIONS_ENABLED = "false"; + N8N_TEMPLATES_ENABLED = "false"; + + EXTERNAL_FRONTEND_HOOKS_URLS = ""; + N8N_DIAGNOSTICS_CONFIG_FRONTEND = ""; + N8N_DIAGNOSTICS_CONFIG_BACKEND = ""; + + N8N_SECURE_COOKIE = "false"; + }; }; - script = '' - docker volume inspect vol_n8n || docker volume create vol_n8n --driver=local - ''; - partOf = [ "docker-compose-n8n-root.target" ]; - wantedBy = [ "docker-compose-n8n-root.target" ]; + + systemd.services."docker-n8n" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-setup.service" + "docker-volume-n8n.service" + ]; + requires = [ + "docker-network-setup.service" + "docker-volume-n8n.service" + ]; + partOf = [ + "docker-compose-n8n-root.target" + ]; + wantedBy = [ + "docker-compose-n8n-root.target" + ]; + }; + + systemd.services."docker-volume-n8n" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + docker volume inspect vol_n8n || docker volume create vol_n8n --driver=local + ''; + partOf = [ "docker-compose-n8n-root.target" ]; + wantedBy = [ "docker-compose-n8n-root.target" ]; + }; + }; - }; } diff --git a/system/virtualization/docker/netbird/default.nix b/system/virtualization/docker/netbird/default.nix index 0dee4f5..4d88ec3 100644 --- a/system/virtualization/docker/netbird/default.nix +++ b/system/virtualization/docker/netbird/default.nix @@ -1,229 +1,232 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - options.sysconfig.docker.netbird.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; + flake.nixosModules.default = { config, lib, pkgs, ... }: { - config = lib.mkIf (config.sysconfig.docker.netbird.enable && config.sysconfig.docker.enable) { - - networking.firewall.allowedUDPPorts = [ 3478 ]; - - sops.secrets."netbird/secret_key" = {}; - - sops.templates."netbird-relay.env" = { - content = '' - NB_AUTH_SECRET=${config.sops.placeholder."netbird/secret_key"} - NB_LOG_LEVEL=info - NB_LISTEN_ADDRESS=:80 - NB_EXPOSED_ADDRESS=rels://vpn.esotericbytes.com:443 - NB_ENABLE_STUN=true - NB_STUN_LOG_LEVEL=info - NB_STUN_PORTS=3478 - ''; + options.sysconfig.docker.netbird.enable = with lib; mkOption { + type = with types; bool; + default = false; }; - environment.etc."netbird/management.json".source = ./config/management.json; + config = lib.mkIf (config.sysconfig.docker.netbird.enable && config.sysconfig.docker.enable) { + + networking.firewall.allowedUDPPorts = [ 3478 ]; + + sops.secrets."netbird/secret_key" = {}; + + sops.templates."netbird-relay.env" = { + content = '' + NB_AUTH_SECRET=${config.sops.placeholder."netbird/secret_key"} + NB_LOG_LEVEL=info + NB_LISTEN_ADDRESS=:80 + NB_EXPOSED_ADDRESS=rels://vpn.esotericbytes.com:443 + NB_ENABLE_STUN=true + NB_STUN_LOG_LEVEL=info + NB_STUN_PORTS=3478 + ''; + }; + + environment.etc."netbird/management.json".source = ./config/management.json; # Containers - virtualisation.oci-containers.containers."netbird-dashboard" = { - image = "netbirdio/dashboard:v2.30.1"; - environment = { - "AUTH_AUDIENCE" = "netbird-dashboard"; - "AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2"; - "AUTH_CLIENT_ID" = "netbird-dashboard"; - "AUTH_CLIENT_SECRET" = ""; - "AUTH_REDIRECT_URI" = "/nb-auth"; - "AUTH_SILENT_REDIRECT_URI" = "/nb-silent-auth"; - "AUTH_SUPPORTED_SCOPES" = "openid profile email groups"; - "LETSENCRYPT_DOMAIN" = "none"; - "NETBIRD_MGMT_API_ENDPOINT" = "https://vpn.esotericbytes.com"; - "NETBIRD_MGMT_GRPC_API_ENDPOINT" = "https://vpn.esotericbytes.com"; - "NGINX_SSL_PORT" = "443"; - "USE_AUTH0" = "false"; + virtualisation.oci-containers.containers."netbird-dashboard" = { + image = "netbirdio/dashboard:v2.30.1"; + environment = { + "AUTH_AUDIENCE" = "netbird-dashboard"; + "AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2"; + "AUTH_CLIENT_ID" = "netbird-dashboard"; + "AUTH_CLIENT_SECRET" = ""; + "AUTH_REDIRECT_URI" = "/nb-auth"; + "AUTH_SILENT_REDIRECT_URI" = "/nb-silent-auth"; + "AUTH_SUPPORTED_SCOPES" = "openid profile email groups"; + "LETSENCRYPT_DOMAIN" = "none"; + "NETBIRD_MGMT_API_ENDPOINT" = "https://vpn.esotericbytes.com"; + "NETBIRD_MGMT_GRPC_API_ENDPOINT" = "https://vpn.esotericbytes.com"; + "NGINX_SSL_PORT" = "443"; + "USE_AUTH0" = "false"; + }; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.netbird-dashboard.entrypoints" = "websecure"; + "traefik.http.routers.netbird-dashboard.priority" = "1"; + "traefik.http.routers.netbird-dashboard.rule" = "Host(`vpn.esotericbytes.com`)"; + "traefik.http.routers.netbird-dashboard.tls" = "true"; + "traefik.http.services.netbird-dashboard.loadbalancer.server.port" = "80"; + }; + log-driver = "journald"; + extraOptions = [ + "--network-alias=dashboard" + "--network=docker-main" + "--ip=192.168.101.5" + ]; }; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.netbird-dashboard.entrypoints" = "websecure"; - "traefik.http.routers.netbird-dashboard.priority" = "1"; - "traefik.http.routers.netbird-dashboard.rule" = "Host(`vpn.esotericbytes.com`)"; - "traefik.http.routers.netbird-dashboard.tls" = "true"; - "traefik.http.services.netbird-dashboard.loadbalancer.server.port" = "80"; + systemd.services."docker-netbird-dashboard" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + partOf = [ + "docker-compose-netbird-root.target" + ]; + wantedBy = [ + "docker-compose-netbird-root.target" + ]; }; - log-driver = "journald"; - extraOptions = [ - "--network-alias=dashboard" - "--network=docker-main" - "--ip=192.168.101.5" - ]; - }; - systemd.services."docker-netbird-dashboard" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; + virtualisation.oci-containers.containers."netbird-management" = { + image = "netbirdio/management:0.64.4"; + volumes = [ + "/etc/netbird/management.json:/etc/netbird/management.json:rw" + "netbird_netbird_management:/var/lib/netbird:rw" + ]; + cmd = [ "--port" "80" "--log-file" "console" "--log-level" "info" "--disable-anonymous-metrics=false" "--single-account-mode-domain=netbird.selfhosted" "--dns-domain=netbird.selfhosted" "--idp-sign-key-refresh-enabled" ]; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.netbird-api.entrypoints" = "websecure"; + "traefik.http.routers.netbird-api.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/api`)"; + "traefik.http.routers.netbird-api.service" = "netbird-api"; + "traefik.http.routers.netbird-api.tls" = "true"; + "traefik.http.routers.netbird-mgmt-grpc.entrypoints" = "websecure"; + "traefik.http.routers.netbird-mgmt-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/management.ManagementService/`)"; + "traefik.http.routers.netbird-mgmt-grpc.service" = "netbird-mgmt-grpc"; + "traefik.http.routers.netbird-mgmt-grpc.tls" = "true"; + "traefik.http.routers.netbird-mgmt-ws.entrypoints" = "websecure"; + "traefik.http.routers.netbird-mgmt-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/management`)"; + "traefik.http.routers.netbird-mgmt-ws.service" = "netbird-mgmt-ws"; + "traefik.http.routers.netbird-mgmt-ws.tls" = "true"; + "traefik.http.routers.netbird-oauth2.entrypoints" = "websecure"; + "traefik.http.routers.netbird-oauth2.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/oauth2`)"; + "traefik.http.routers.netbird-oauth2.service" = "netbird-oauth2"; + "traefik.http.routers.netbird-oauth2.tls" = "true"; + "traefik.http.services.netbird-api.loadbalancer.server.port" = "80"; + "traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.port" = "80"; + "traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.scheme" = "h2c"; + "traefik.http.services.netbird-mgmt-ws.loadbalancer.server.port" = "80"; + "traefik.http.services.netbird-oauth2.loadbalancer.server.port" = "80"; + }; + log-driver = "journald"; + extraOptions = [ + "--network-alias=management" + "--network=docker-main" + "--ip=192.168.101.4" + ]; }; - partOf = [ - "docker-compose-netbird-root.target" - ]; - wantedBy = [ - "docker-compose-netbird-root.target" - ]; - }; - virtualisation.oci-containers.containers."netbird-management" = { - image = "netbirdio/management:0.64.4"; - volumes = [ - "/etc/netbird/management.json:/etc/netbird/management.json:rw" - "netbird_netbird_management:/var/lib/netbird:rw" - ]; - cmd = [ "--port" "80" "--log-file" "console" "--log-level" "info" "--disable-anonymous-metrics=false" "--single-account-mode-domain=netbird.selfhosted" "--dns-domain=netbird.selfhosted" "--idp-sign-key-refresh-enabled" ]; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.netbird-api.entrypoints" = "websecure"; - "traefik.http.routers.netbird-api.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/api`)"; - "traefik.http.routers.netbird-api.service" = "netbird-api"; - "traefik.http.routers.netbird-api.tls" = "true"; - "traefik.http.routers.netbird-mgmt-grpc.entrypoints" = "websecure"; - "traefik.http.routers.netbird-mgmt-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/management.ManagementService/`)"; - "traefik.http.routers.netbird-mgmt-grpc.service" = "netbird-mgmt-grpc"; - "traefik.http.routers.netbird-mgmt-grpc.tls" = "true"; - "traefik.http.routers.netbird-mgmt-ws.entrypoints" = "websecure"; - "traefik.http.routers.netbird-mgmt-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/management`)"; - "traefik.http.routers.netbird-mgmt-ws.service" = "netbird-mgmt-ws"; - "traefik.http.routers.netbird-mgmt-ws.tls" = "true"; - "traefik.http.routers.netbird-oauth2.entrypoints" = "websecure"; - "traefik.http.routers.netbird-oauth2.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/oauth2`)"; - "traefik.http.routers.netbird-oauth2.service" = "netbird-oauth2"; - "traefik.http.routers.netbird-oauth2.tls" = "true"; - "traefik.http.services.netbird-api.loadbalancer.server.port" = "80"; - "traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.port" = "80"; - "traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.scheme" = "h2c"; - "traefik.http.services.netbird-mgmt-ws.loadbalancer.server.port" = "80"; - "traefik.http.services.netbird-oauth2.loadbalancer.server.port" = "80"; + systemd.services."docker-netbird-management" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-volume-netbird_netbird_management.service" + ]; + requires = [ + "docker-volume-netbird_netbird_management.service" + ]; + partOf = [ + "docker-compose-netbird-root.target" + ]; + wantedBy = [ + "docker-compose-netbird-root.target" + ]; }; - log-driver = "journald"; - extraOptions = [ - "--network-alias=management" - "--network=docker-main" - "--ip=192.168.101.4" - ]; - }; - systemd.services."docker-netbird-management" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-volume-netbird_netbird_management.service" - ]; - requires = [ - "docker-volume-netbird_netbird_management.service" - ]; - partOf = [ - "docker-compose-netbird-root.target" - ]; - wantedBy = [ - "docker-compose-netbird-root.target" - ]; - }; - virtualisation.oci-containers.containers."netbird-relay" = { - image = "netbirdio/relay:0.64.4"; + virtualisation.oci-containers.containers."netbird-relay" = { + image = "netbirdio/relay:0.64.4"; - environmentFiles = [ config.sops.templates."netbird-relay.env".path ]; + environmentFiles = [ config.sops.templates."netbird-relay.env".path ]; - ports = [ - "3478:3478/udp" - ]; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.netbird-relay.entrypoints" = "websecure"; - "traefik.http.routers.netbird-relay.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/relay`)"; - "traefik.http.routers.netbird-relay.tls" = "true"; - "traefik.http.services.netbird-relay.loadbalancer.server.port" = "80"; + ports = [ + "3478:3478/udp" + ]; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.netbird-relay.entrypoints" = "websecure"; + "traefik.http.routers.netbird-relay.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/relay`)"; + "traefik.http.routers.netbird-relay.tls" = "true"; + "traefik.http.services.netbird-relay.loadbalancer.server.port" = "80"; + }; + log-driver = "journald"; + extraOptions = [ + "--network-alias=relay" + "--network=docker-main" + "--ip=192.168.101.3" + ]; }; - log-driver = "journald"; - extraOptions = [ - "--network-alias=relay" - "--network=docker-main" - "--ip=192.168.101.3" - ]; - }; - systemd.services."docker-netbird-relay" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; + systemd.services."docker-netbird-relay" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + partOf = [ + "docker-compose-netbird-root.target" + ]; + wantedBy = [ + "docker-compose-netbird-root.target" + ]; }; - partOf = [ - "docker-compose-netbird-root.target" - ]; - wantedBy = [ - "docker-compose-netbird-root.target" - ]; - }; - virtualisation.oci-containers.containers."netbird-signal" = { - image = "netbirdio/signal:0.64.4"; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure"; - "traefik.http.routers.netbird-signal-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/signalexchange.SignalExchange/`)"; - "traefik.http.routers.netbird-signal-grpc.service" = "netbird-signal-grpc"; - "traefik.http.routers.netbird-signal-grpc.tls" = "true"; - "traefik.http.routers.netbird-signal-ws.entrypoints" = "websecure"; - "traefik.http.routers.netbird-signal-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/signal`)"; - "traefik.http.routers.netbird-signal-ws.service" = "netbird-signal-ws"; - "traefik.http.routers.netbird-signal-ws.tls" = "true"; - "traefik.http.services.netbird-signal-grpc.loadbalancer.server.port" = "10000"; - "traefik.http.services.netbird-signal-grpc.loadbalancer.server.scheme" = "h2c"; - "traefik.http.services.netbird-signal-ws.loadbalancer.server.port" = "80"; + virtualisation.oci-containers.containers."netbird-signal" = { + image = "netbirdio/signal:0.64.4"; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure"; + "traefik.http.routers.netbird-signal-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/signalexchange.SignalExchange/`)"; + "traefik.http.routers.netbird-signal-grpc.service" = "netbird-signal-grpc"; + "traefik.http.routers.netbird-signal-grpc.tls" = "true"; + "traefik.http.routers.netbird-signal-ws.entrypoints" = "websecure"; + "traefik.http.routers.netbird-signal-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/signal`)"; + "traefik.http.routers.netbird-signal-ws.service" = "netbird-signal-ws"; + "traefik.http.routers.netbird-signal-ws.tls" = "true"; + "traefik.http.services.netbird-signal-grpc.loadbalancer.server.port" = "10000"; + "traefik.http.services.netbird-signal-grpc.loadbalancer.server.scheme" = "h2c"; + "traefik.http.services.netbird-signal-ws.loadbalancer.server.port" = "80"; + }; + log-driver = "journald"; + extraOptions = [ + "--network-alias=signal" + "--network=docker-main" + ]; }; - log-driver = "journald"; - extraOptions = [ - "--network-alias=signal" - "--network=docker-main" - ]; - }; - systemd.services."docker-netbird-signal" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; + systemd.services."docker-netbird-signal" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + partOf = [ + "docker-compose-netbird-root.target" + ]; + wantedBy = [ + "docker-compose-netbird-root.target" + ]; }; - partOf = [ - "docker-compose-netbird-root.target" - ]; - wantedBy = [ - "docker-compose-netbird-root.target" - ]; - }; # Volumes - systemd.services."docker-volume-netbird_netbird_management" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; + systemd.services."docker-volume-netbird_netbird_management" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + docker volume inspect netbird_netbird_management || docker volume create netbird_netbird_management + ''; + partOf = [ "docker-compose-netbird-root.target" ]; + wantedBy = [ "docker-compose-netbird-root.target" ]; }; - script = '' - docker volume inspect netbird_netbird_management || docker volume create netbird_netbird_management - ''; - partOf = [ "docker-compose-netbird-root.target" ]; - wantedBy = [ "docker-compose-netbird-root.target" ]; - }; # Root service # When started, this will automatically create all resources and start # the containers. When stopped, this will teardown all resources. - systemd.targets."docker-compose-netbird-root" = { - unitConfig = { - Description = "Root target generated by compose2nix."; + systemd.targets."docker-compose-netbird-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; }; - wantedBy = [ "multi-user.target" ]; }; }; } diff --git a/system/virtualization/docker/nextcloud/default.nix b/system/virtualization/docker/nextcloud/default.nix index b2dd8b0..219205d 100644 --- a/system/virtualization/docker/nextcloud/default.nix +++ b/system/virtualization/docker/nextcloud/default.nix @@ -1,115 +1,118 @@ -{ config, lib, pkgs, ... }: let +{ ... }: { + + flake.nixosModules.default = { config, lib, pkgs, ... }: let subdomain = "cloud"; name = "nextcloud"; -in { + in { - options.sysconfig.docker.nextcloud.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.nextcloud.enable && config.sysconfig.docker.enable) { - - virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = { - image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751"; - - serviceName = "docker-nextcloud"; - - # unstable, waiting for 26.05 - #pull = "newer"; - - hostname = "${subdomain}.esotericbytes.com"; - - networks = [ - "docker-main" - ]; - - ports = [ - ]; - - volumes = [ - "nextcloud_aio_mastercontainer:/mnt/docker-aio-config" - "/run/docker.sock:/var/run/docker.sock:ro" - ]; - - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "websecure,localsecure"; - "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; - "traefik.http.routers.${name}.service" = "${name}"; - "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - - "traefik.http.routers.${name}.middlewares" = "nextcloud-chain"; - - "traefik.http.middlewares.https-redirect.redirectScheme.scheme" = "https"; - - "traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders" = "X-Forwarded-Host"; - "traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy" = "same-origin"; - - "traefik.http.middlewares.nextcloud-chain.chain.middlewares" = "https-redirect,nextcloud-secure-headers"; - - - #"traefik.http.services.${name}.loadbalancer.server.port" = "11000"; - "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:11000"; - }; - - extraOptions = [ - "--ip=192.168.101.17" - ]; - - environment = { - APACHE_PORT = "11000"; - APACHE_IP = "0.0.0.0"; - APACHE_ADDITIONAL_NETWORK = "docker-main"; - - SKIP_DOMAIN_VALIDATION = "true"; - - TALK_PORT = "3479"; - }; + options.sysconfig.docker.nextcloud.enable = with lib; mkOption { + type = with types; bool; + default = false; }; - systemd.services."docker-nextcloud" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; + config = lib.mkIf (config.sysconfig.docker.nextcloud.enable && config.sysconfig.docker.enable) { + + virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = { + image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751"; + + serviceName = "docker-nextcloud"; + +# unstable, waiting for 26.05 +#pull = "newer"; + + hostname = "${subdomain}.esotericbytes.com"; + + networks = [ + "docker-main" + ]; + + ports = [ + ]; + + volumes = [ + "nextcloud_aio_mastercontainer:/mnt/docker-aio-config" + "/run/docker.sock:/var/run/docker.sock:ro" + ]; + + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.entrypoints" = "websecure,localsecure"; + "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; + "traefik.http.routers.${name}.service" = "${name}"; + "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; + + "traefik.http.routers.${name}.middlewares" = "nextcloud-chain"; + + "traefik.http.middlewares.https-redirect.redirectScheme.scheme" = "https"; + + "traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders" = "X-Forwarded-Host"; + "traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy" = "same-origin"; + + "traefik.http.middlewares.nextcloud-chain.chain.middlewares" = "https-redirect,nextcloud-secure-headers"; + + +#"traefik.http.services.${name}.loadbalancer.server.port" = "11000"; + "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:11000"; + }; + + extraOptions = [ + "--ip=192.168.101.17" + ]; + + environment = { + APACHE_PORT = "11000"; + APACHE_IP = "0.0.0.0"; + APACHE_ADDITIONAL_NETWORK = "docker-main"; + + SKIP_DOMAIN_VALIDATION = "true"; + + TALK_PORT = "3479"; + }; }; - after = [ - "docker-network-setup.service" - "docker-volume-nextcloud.service" - ]; - requires = [ - "docker-network-setup.service" - "docker-volume-nextcloud.service" - ]; - partOf = [ - "docker-compose-nextcloud-root.target" - ]; - wantedBy = [ - "docker-compose-nextcloud-root.target" - ]; - }; - systemd.services."docker-volume-nextcloud" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; + systemd.services."docker-nextcloud" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-setup.service" + "docker-volume-nextcloud.service" + ]; + requires = [ + "docker-network-setup.service" + "docker-volume-nextcloud.service" + ]; + partOf = [ + "docker-compose-nextcloud-root.target" + ]; + wantedBy = [ + "docker-compose-nextcloud-root.target" + ]; }; - script = '' - docker volume inspect nextcloud_aio_mastercontainer || docker volume create nextcloud_aio_mastercontainer --driver=local - ''; - partOf = [ "docker-compose-nextcloud-root.target" ]; - wantedBy = [ "docker-compose-nextcloud-root.target" ]; - }; - systemd.targets."docker-compose-nextcloud-root" = { - wantedBy = [ "multi-user.target" ]; - }; + systemd.services."docker-volume-nextcloud" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + docker volume inspect nextcloud_aio_mastercontainer || docker volume create nextcloud_aio_mastercontainer --driver=local + ''; + partOf = [ "docker-compose-nextcloud-root.target" ]; + wantedBy = [ "docker-compose-nextcloud-root.target" ]; + }; + systemd.targets."docker-compose-nextcloud-root" = { + wantedBy = [ "multi-user.target" ]; + }; + + }; }; } diff --git a/system/virtualization/docker/ollama/default.nix b/system/virtualization/docker/ollama/default.nix index 8de7168..08270cc 100644 --- a/system/virtualization/docker/ollama/default.nix +++ b/system/virtualization/docker/ollama/default.nix @@ -1,4 +1,6 @@ -{ config, lib, pkgs, ... }: let +{ ... }: { + + flake.nixosModules.default = { config, lib, pkgs, ... }: let hostPort = 11434; @@ -6,67 +8,68 @@ name = "ollama"; -in { + in { - options.sysconfig.docker.ollama.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.ollama.enable && config.sysconfig.docker.enable) { - - environment.systemPackages = with pkgs; [ - ollama - ]; - - networking.firewall.interfaces = { - "ve-traefik" = { - allowedTCPPorts = [ hostPort ]; - }; - - "ve-openwebui" = { - allowedTCPPorts = [ hostPort ]; - }; + options.sysconfig.docker.ollama.enable = with lib; mkOption { + type = with types; bool; + default = false; }; - virtualisation.oci-containers.containers.ollama = { - image = "ollama/ollama:latest"; + config = lib.mkIf (config.sysconfig.docker.ollama.enable && config.sysconfig.docker.enable) { - # unstable, waiting for 26.05 - #pull = "newer"; - - hostname = "${subdomain}.esotericbytes.com"; - - networks = [ - "docker-main" + environment.systemPackages = with pkgs; [ + ollama ]; - ports = [ - "${builtins.toString hostPort}:11434" - ]; + networking.firewall.interfaces = { + "ve-traefik" = { + allowedTCPPorts = [ hostPort ]; + }; - volumes = [ - "vol_ollama:/root/.ollama" - ]; - - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "localsecure"; - "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; - "traefik.http.routers.${name}.service" = "${name}"; - "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - - #"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; - "traefik.http.services.${name}.loadbalancer.server.port" = "11434"; + "ve-openwebui" = { + allowedTCPPorts = [ hostPort ]; + }; }; - extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ - "--device=nvidia.com/gpu=all" - "--ip=192.168.101.22" - ]; + virtualisation.oci-containers.containers.ollama = { + image = "ollama/ollama:latest"; - environment = { - OLLAMA_CONTEXT_LENGTH = lib.mkDefault "32000"; +# unstable, waiting for 26.05 +#pull = "newer"; + + hostname = "${subdomain}.esotericbytes.com"; + + networks = [ + "docker-main" + ]; + + ports = [ + "${builtins.toString hostPort}:11434" + ]; + + volumes = [ + "vol_ollama:/root/.ollama" + ]; + + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.entrypoints" = "localsecure"; + "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; + "traefik.http.routers.${name}.service" = "${name}"; + "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; + +#"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; + "traefik.http.services.${name}.loadbalancer.server.port" = "11434"; + }; + + extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ + "--device=nvidia.com/gpu=all" + "--ip=192.168.101.22" + ]; + + environment = { + OLLAMA_CONTEXT_LENGTH = lib.mkDefault "32000"; + }; }; }; }; diff --git a/system/virtualization/docker/openwebui/default.nix b/system/virtualization/docker/openwebui/default.nix index 8b47e36..3d87d1f 100644 --- a/system/virtualization/docker/openwebui/default.nix +++ b/system/virtualization/docker/openwebui/default.nix @@ -1,96 +1,99 @@ -{ config, lib, pkgs, ... }: let +{ ... }: { + + flake.nixosModules.default = { config, lib, pkgs, ... }: let subdomain = "ai"; name = "openwebui"; -in { + in { - options.sysconfig.docker.openwebui.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.openwebui.enable && config.sysconfig.docker.enable) { - - virtualisation.oci-containers.containers.openwebui = { - image = "ghcr.io/open-webui/open-webui:v0.7.2"; - - # unstable, waiting for 26.05 - #pull = "newer"; - - hostname = "${subdomain}.esotericbytes.com"; - - networks = [ - "docker-main" - ]; - - /*ports = [ - "${builtins.toString hostPort}:8080" - ];*/ - - volumes = [ - "vol_openwebui:/app/backend/data" - ]; - - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "localsecure"; - "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; - "traefik.http.routers.${name}.service" = "${name}"; - "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - - "traefik.http.services.${name}.loadbalancer.server.port" = "8080"; - }; - - extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ - "--device=nvidia.com/gpu=all" - "--ip=192.168.101.8" - ]; - - environment = { - }; + options.sysconfig.docker.openwebui.enable = with lib; mkOption { + type = with types; bool; + default = false; }; - systemd.services."docker-openwebui" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; + config = lib.mkIf (config.sysconfig.docker.openwebui.enable && config.sysconfig.docker.enable) { + + virtualisation.oci-containers.containers.openwebui = { + image = "ghcr.io/open-webui/open-webui:v0.7.2"; + +# unstable, waiting for 26.05 +#pull = "newer"; + + hostname = "${subdomain}.esotericbytes.com"; + + networks = [ + "docker-main" + ]; + + /*ports = [ + "${builtins.toString hostPort}:8080" + ];*/ + + volumes = [ + "vol_openwebui:/app/backend/data" + ]; + + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.entrypoints" = "localsecure"; + "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; + "traefik.http.routers.${name}.service" = "${name}"; + "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; + + "traefik.http.services.${name}.loadbalancer.server.port" = "8080"; + }; + + extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ + "--device=nvidia.com/gpu=all" + "--ip=192.168.101.8" + ]; + + environment = { + }; }; - after = [ - "docker-network-setup.service" - "docker-volume-openwebui.service" - ]; - requires = [ - "docker-network-setup.service" - "docker-volume-openwebui.service" - ]; - partOf = [ - "docker-compose-openwebui-root.target" - ]; - wantedBy = [ - "docker-compose-openwebui-root.target" - ]; - }; - systemd.services."docker-volume-openwebui" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; + systemd.services."docker-openwebui" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-setup.service" + "docker-volume-openwebui.service" + ]; + requires = [ + "docker-network-setup.service" + "docker-volume-openwebui.service" + ]; + partOf = [ + "docker-compose-openwebui-root.target" + ]; + wantedBy = [ + "docker-compose-openwebui-root.target" + ]; }; - script = '' - docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=local - ''; - partOf = [ "docker-compose-openwebui-root.target" ]; - wantedBy = [ "docker-compose-openwebui-root.target" ]; - }; - systemd.targets."docker-compose-openwebui-root" = { - wantedBy = [ "multi-user.target" ]; - }; + systemd.services."docker-volume-openwebui" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=local + ''; + partOf = [ "docker-compose-openwebui-root.target" ]; + wantedBy = [ "docker-compose-openwebui-root.target" ]; + }; + systemd.targets."docker-compose-openwebui-root" = { + wantedBy = [ "multi-user.target" ]; + }; + + }; }; } diff --git a/system/virtualization/docker/passbolt/docker-compose.nix b/system/virtualization/docker/passbolt/docker-compose.nix-txt similarity index 100% rename from system/virtualization/docker/passbolt/docker-compose.nix rename to system/virtualization/docker/passbolt/docker-compose.nix-txt diff --git a/system/virtualization/docker/pihole/default.nix b/system/virtualization/docker/pihole/default.nix index 4fadce2..7ea0cfa 100644 --- a/system/virtualization/docker/pihole/default.nix +++ b/system/virtualization/docker/pihole/default.nix @@ -1,4 +1,6 @@ -{ config, lib, ... }: let +{ ... }: { + + flake.nixosModules.default = { config, lib, ... }: let hostPort = 9001; @@ -6,76 +8,77 @@ name = "pihole"; -in { + in { - options.sysconfig.docker.pihole.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; - - config = lib.mkIf (config.sysconfig.docker.pihole.enable && config.sysconfig.docker.enable) { - - virtualisation.docker.daemon.settings.dns = [ "192.168.101.12" ]; - - environment.etc."resolv.conf" = { - enable = true; - text = '' - nameserver 127.0.0.1 - nameserver 1.1.1.1 - nameserver 1.0.0.1 - options edns0 - ''; - - user = "root"; - mode = "0664"; - }; - - networking.firewall.interfaces = { - "ve-traefik" = { - allowedTCPPorts = [ hostPort ]; - }; + options.sysconfig.docker.pihole.enable = with lib; mkOption { + type = with types; bool; + default = false; }; - virtualisation.oci-containers.containers.pihole = { - image = "pihole/pihole:latest"; + config = lib.mkIf (config.sysconfig.docker.pihole.enable && config.sysconfig.docker.enable) { - # unstable, waiting for 26.05 - #pull = "newer"; + virtualisation.docker.daemon.settings.dns = [ "192.168.101.12" ]; - hostname = "${subdomain}.esotericbytes.com"; + environment.etc."resolv.conf" = { + enable = true; + text = '' + nameserver 127.0.0.1 + nameserver 1.1.1.1 + nameserver 1.0.0.1 + options edns0 + ''; - networks = [ - "docker-main" - ]; - - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "localsecure"; - "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; - "traefik.http.routers.${name}.service" = "${name}"; - "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - - #"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; - "traefik.http.services.${name}.loadbalancer.server.port" = "80"; + user = "root"; + mode = "0664"; }; - extraOptions = [ - "--ip=192.168.101.12" - ]; + networking.firewall.interfaces = { + "ve-traefik" = { + allowedTCPPorts = [ hostPort ]; + }; + }; - ports = [ - "${builtins.toString hostPort}:80" - "127.0.0.1:53:53/tcp" - "127.0.0.1:53:53/udp" - ]; + virtualisation.oci-containers.containers.pihole = { + image = "pihole/pihole:latest"; - volumes = [ - "vol_pihole:/etc/pihole" - ]; +# unstable, waiting for 26.05 +#pull = "newer"; - environment = { - FTLCONF_webserver_api_password = "7567"; - FTLCONF_dns_listeningMode = "ALL"; + hostname = "${subdomain}.esotericbytes.com"; + + networks = [ + "docker-main" + ]; + + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.entrypoints" = "localsecure"; + "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; + "traefik.http.routers.${name}.service" = "${name}"; + "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; + +#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; + "traefik.http.services.${name}.loadbalancer.server.port" = "80"; + }; + + extraOptions = [ + "--ip=192.168.101.12" + ]; + + ports = [ + "${builtins.toString hostPort}:80" + "127.0.0.1:53:53/tcp" + "127.0.0.1:53:53/udp" + ]; + + volumes = [ + "vol_pihole:/etc/pihole" + ]; + + environment = { + FTLCONF_webserver_api_password = "7567"; + FTLCONF_dns_listeningMode = "ALL"; + }; }; }; }; diff --git a/system/virtualization/docker/portainer/default.nix b/system/virtualization/docker/portainer/default.nix index e81188e..51b17c5 100644 --- a/system/virtualization/docker/portainer/default.nix +++ b/system/virtualization/docker/portainer/default.nix @@ -1,4 +1,6 @@ -{ config, lib, ... }: let +{ ... }: { + + flake.nixosModules.default = { config, lib, ... }: let hostPort = 9000; @@ -6,57 +8,58 @@ name = "portainer"; -in { + in { - options.sysconfig.docker.portainer.enable = with lib; mkOption { - type = with types; bool; - default = true; - }; - - config = lib.mkIf (config.sysconfig.docker.portainer.enable && config.sysconfig.docker.enable) { - - networking.firewall.interfaces = { - "ve-traefik" = { - allowedTCPPorts = [ hostPort ]; - }; + options.sysconfig.docker.portainer.enable = with lib; mkOption { + type = with types; bool; + default = true; }; - virtualisation.oci-containers.containers.portainer = { - image = "portainer/portainer-ce:latest"; + config = lib.mkIf (config.sysconfig.docker.portainer.enable && config.sysconfig.docker.enable) { - # unstable, waiting for 26.05 - #pull = "newer"; - - hostname = "${subdomain}.esotericbytes.com"; - - networks = [ - "docker-main" - ]; - - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "localsecure"; - "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; - "traefik.http.routers.${name}.service" = "${name}"; - "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - - #"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; - "traefik.http.services.${name}.loadbalancer.server.port" = "9000"; + networking.firewall.interfaces = { + "ve-traefik" = { + allowedTCPPorts = [ hostPort ]; + }; }; - ports = [ - "127.0.0.1:8000:8000" - "${builtins.toString hostPort}:9000" - ]; - - extraOptions = [ - "--ip=192.168.101.10" - ]; + virtualisation.oci-containers.containers.portainer = { + image = "portainer/portainer-ce:latest"; - volumes = [ - "vol_portainer:/data" - "/run/docker.sock:/var/run/docker.sock" - ]; +# unstable, waiting for 26.05 +#pull = "newer"; + + hostname = "${subdomain}.esotericbytes.com"; + + networks = [ + "docker-main" + ]; + + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.entrypoints" = "localsecure"; + "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; + "traefik.http.routers.${name}.service" = "${name}"; + "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; + +#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; + "traefik.http.services.${name}.loadbalancer.server.port" = "9000"; + }; + + ports = [ + "127.0.0.1:8000:8000" + "${builtins.toString hostPort}:9000" + ]; + + extraOptions = [ + "--ip=192.168.101.10" + ]; + + volumes = [ + "vol_portainer:/data" + "/run/docker.sock:/var/run/docker.sock" + ]; + }; }; }; } diff --git a/system/virtualization/docker/rustdesk/docker-compose.nix b/system/virtualization/docker/rustdesk/docker-compose.nix-txt similarity index 100% rename from system/virtualization/docker/rustdesk/docker-compose.nix rename to system/virtualization/docker/rustdesk/docker-compose.nix-txt diff --git a/system/virtualization/docker/searxng/default.nix b/system/virtualization/docker/searxng/default.nix index c04c9db..24752da 100644 --- a/system/virtualization/docker/searxng/default.nix +++ b/system/virtualization/docker/searxng/default.nix @@ -1,58 +1,61 @@ -{ config, lib, ... }: let +{ ... }: { + + flake.nixosModules.default = { config, lib, ... }: let subdomain = "searxng"; name = "searxng"; -in { + in { - options.sysconfig.docker.searxng.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; + options.sysconfig.docker.searxng.enable = with lib; mkOption { + type = with types; bool; + default = false; + }; - config = lib.mkIf (config.sysconfig.docker.searxng.enable && config.sysconfig.docker.enable) { - - environment.etc."searxng/settings.yml".source = ./settings.yml; + config = lib.mkIf (config.sysconfig.docker.searxng.enable && config.sysconfig.docker.enable) { - virtualisation.oci-containers.containers.searxng = { - image = "searxng/searxng:latest"; + environment.etc."searxng/settings.yml".source = ./settings.yml; - # unstable, waiting for 26.05 - #pull = "newer"; + virtualisation.oci-containers.containers.searxng = { + image = "searxng/searxng:latest"; - hostname = "${subdomain}.esotericbytes.com"; +# unstable, waiting for 26.05 +#pull = "newer"; - networks = [ - "docker-main" - ]; + hostname = "${subdomain}.esotericbytes.com"; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "localsecure"; - "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; - "traefik.http.routers.${name}.service" = "${name}"; - "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - - #"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; - "traefik.http.services.${name}.loadbalancer.server.port" = "8080"; - }; + networks = [ + "docker-main" + ]; - ports = [ - ]; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.entrypoints" = "localsecure"; + "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; + "traefik.http.routers.${name}.service" = "${name}"; + "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; - extraOptions = [ - "--ip=192.168.101.9" - ]; +#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; + "traefik.http.services.${name}.loadbalancer.server.port" = "8080"; + }; - volumes = [ - "vol_searxng_settings:/etc/searxng/" - "vol_searxng_data:/var/cache/searxng/" - "/etc/searxng/settings.yml:/etc/searxng/settings.yml" - ]; + ports = [ + ]; - environment = { - SEARXNG_SECRET = "2e8b4fcf4c0f46b097496f2d5715dbb061bd5cac78c64d0f5a0bee27f013f3c0"; + extraOptions = [ + "--ip=192.168.101.9" + ]; + + volumes = [ + "vol_searxng_settings:/etc/searxng/" + "vol_searxng_data:/var/cache/searxng/" + "/etc/searxng/settings.yml:/etc/searxng/settings.yml" + ]; + + environment = { + SEARXNG_SECRET = "2e8b4fcf4c0f46b097496f2d5715dbb061bd5cac78c64d0f5a0bee27f013f3c0"; + }; }; }; }; diff --git a/system/virtualization/docker/traefik/default.nix b/system/virtualization/docker/traefik/default.nix index f9c5b2b..286d78d 100644 --- a/system/virtualization/docker/traefik/default.nix +++ b/system/virtualization/docker/traefik/default.nix @@ -1,108 +1,111 @@ -{ config, lib, ... }: { +{ ... }: { - options.sysconfig.docker.traefik.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; + flake.nixosModules.default = { config, lib, ... }: { - config = lib.mkIf (config.sysconfig.docker.traefik.enable && config.sysconfig.docker.enable) { - - networking.firewall.allowedTCPPorts = [ 80 81 443 444 2222 ]; - - sops.secrets = { - "traefik/cf_email" = {}; - "traefik/cf_api_key" = {}; + options.sysconfig.docker.traefik.enable = with lib; mkOption { + type = with types; bool; + default = false; }; - sops.templates."traefik.env" = { - content = '' - CF_API_EMAIL=${config.sops.placeholder."traefik/cf_email"} + config = lib.mkIf (config.sysconfig.docker.traefik.enable && config.sysconfig.docker.enable) { + + networking.firewall.allowedTCPPorts = [ 80 81 443 444 2222 ]; + + sops.secrets = { + "traefik/cf_email" = {}; + "traefik/cf_api_key" = {}; + }; + + sops.templates."traefik.env" = { + content = '' + CF_API_EMAIL=${config.sops.placeholder."traefik/cf_email"} CF_DNS_API_TOKEN=${config.sops.placeholder."traefik/cf_api_key"} - ''; - }; - - environment.etc = (builtins.listToAttrs (builtins.map (x: { - name = "traefik/${x}"; - value = { - source = ./config/${x}; - mode = "0664"; - }; - }) (builtins.attrNames (builtins.readDir ./config)))); - - /*environment.etc."traefik/traefik.yml" = { - source = ./config/traefik.yml; - }; - environment.etc."traefik/routing.yml" = { - source = ./config/routing.yml; - };*/ - - virtualisation.oci-containers.containers.traefik = { - - image = "traefik:v3.6"; - - environment = { - TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}"; - }; - - environmentFiles = [ config.sops.templates."traefik.env".path ]; - - volumes = [ - "/etc/traefik/:/etc/traefik/" - "/run/docker.sock:/var/run/docker.sock" - ]; - - networks = [ - "docker-main" - ]; - - ports = [ - "80:80" - "81:81" - "443:443" - "444:444" - "2222:2222" - ]; - - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.dashboard.rule" = "Host(`traefik.esotericbytes.com`)"; - "traefik.http.routers.dashboard.entrypoints" = "websecure,localsecure"; - "traefik.http.routers.dashboard.service" = "api@internal"; - "traefik.http.routers.dashboard.tls.certResolver" = "cloudflare"; + ''; }; - extraOptions = [ - "--ip=192.168.101.11" - ]; + environment.etc = (builtins.listToAttrs (builtins.map (x: { + name = "traefik/${x}"; + value = { + source = ./config/${x}; + mode = "0664"; + }; + }) (builtins.attrNames (builtins.readDir ./config)))); - log-driver = "journald"; - }; - systemd.services."docker-traefik" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; + /*environment.etc."traefik/traefik.yml" = { + source = ./config/traefik.yml; + }; + environment.etc."traefik/routing.yml" = { + source = ./config/routing.yml; + };*/ + + virtualisation.oci-containers.containers.traefik = { + + image = "traefik:v3.6"; + + environment = { + TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}"; + }; + + environmentFiles = [ config.sops.templates."traefik.env".path ]; + + volumes = [ + "/etc/traefik/:/etc/traefik/" + "/run/docker.sock:/var/run/docker.sock" + ]; + + networks = [ + "docker-main" + ]; + + ports = [ + "80:80" + "81:81" + "443:443" + "444:444" + "2222:2222" + ]; + + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.dashboard.rule" = "Host(`traefik.esotericbytes.com`)"; + "traefik.http.routers.dashboard.entrypoints" = "websecure,localsecure"; + "traefik.http.routers.dashboard.service" = "api@internal"; + "traefik.http.routers.dashboard.tls.certResolver" = "cloudflare"; + }; + + extraOptions = [ + "--ip=192.168.101.11" + ]; + + log-driver = "journald"; + }; + systemd.services."docker-traefik" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-setup.service" + ]; + requires = [ + "docker-network-setup.service" + ]; + partOf = [ + "docker-compose-traefik-root.target" + ]; + wantedBy = [ + "docker-compose-traefik-root.target" + ]; }; - after = [ - "docker-network-setup.service" - ]; - requires = [ - "docker-network-setup.service" - ]; - partOf = [ - "docker-compose-traefik-root.target" - ]; - wantedBy = [ - "docker-compose-traefik-root.target" - ]; - }; # Root service # When started, this will automatically create all resources and start # the containers. When stopped, this will teardown all resources. - systemd.targets."docker-compose-traefik-root" = { - wantedBy = [ "multi-user.target" ]; + systemd.targets."docker-compose-traefik-root" = { + wantedBy = [ "multi-user.target" ]; + }; }; }; } diff --git a/system/virtualization/virtual-machines/default.nix b/system/virtualization/virtual-machines/default.nix index 9dc883d..06e6e87 100644 --- a/system/virtualization/virtual-machines/default.nix +++ b/system/virtualization/virtual-machines/default.nix @@ -1,31 +1,27 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { - options.sysconfig.virtual-machines.enable = with lib; mkOption { - type = with types; bool; - default = false; - }; + flake.nixosModules.default = { config, lib, pkgs, ... }: { - imports = let - dir = builtins.readDir ./.; - in builtins.map (x: ./${x}) (builtins.filter - (file: (dir.${file} == "directory")) - (builtins.attrNames dir) - ); - - config = lib.mkIf config.sysconfig.virtual-machines.enable { - programs.virt-manager.enable = true; - - virtualisation = { - libvirtd = { - enable = true; - qemu.swtpm.enable = true; - }; - - spiceUSBRedirection.enable = true; + options.sysconfig.virtual-machines.enable = with lib; mkOption { + type = with types; bool; + default = false; }; - environment.systemPackages = with pkgs; lib.mkIf config.sysconfig.graphical [ - virt-viewer - ]; + config = lib.mkIf config.sysconfig.virtual-machines.enable { + programs.virt-manager.enable = true; + + virtualisation = { + libvirtd = { + enable = true; + qemu.swtpm.enable = true; + }; + + spiceUSBRedirection.enable = true; + }; + + environment.systemPackages = with pkgs; lib.mkIf config.sysconfig.graphical [ + virt-viewer + ]; + }; }; } diff --git a/system/virtualization/virtual-machines/home-assistant/default.nix b/system/virtualization/virtual-machines/home-assistant/default.nix index 6910442..d3557f4 100644 --- a/system/virtualization/virtual-machines/home-assistant/default.nix +++ b/system/virtualization/virtual-machines/home-assistant/default.nix @@ -1,13 +1,17 @@ -{ config, lib, ... }: { +{ ... }: { + + flake.nixosModules.default = { config, lib, ... }: { + + options.sysconfig.virtual-machines.home-assistant = { + enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + }; + + config = lib.mkIf config.sysconfig.virtual-machines.home-assistant.enable { - options.sysconfig.virtual-machines.home-assistant = { - enable = lib.options.mkOption { - type = lib.types.bool; - default = false; }; }; - - config = lib.mkIf config.sysconfig.virtual-machines.home-assistant.enable { - - }; } + diff --git a/templates/default.nix b/templates/default.nix new file mode 100644 index 0000000..d89537e --- /dev/null +++ b/templates/default.nix @@ -0,0 +1,46 @@ +{ ... }: { + + flake.templates = { + nixos = { + welcomeText = '' + #Welcome to Olympus! + Have Fun! + ''; + + description = '' + Generate this where you want your config. + ''; + + path = ./nixos; + + }; + + home-manager = { + welcomeText = '' + #Welcome to Olympus! + Have Fun! + ''; + + description = '' + Generate this where you want your config. + ''; + + path = ./home-manager; + + }; + + nix-on-droid = { + welcomeText = '' + #Welcome to Olympus! + Have Fun! + ''; + + description = '' + Generate this where you want your config. + ''; + + path = ./nix-on-droid; + + }; + }; +}