Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Blunkall-Technologies:f3a90a0fe892d85241d4b2ebe66d54c1057f31b0
Branches Tags
Blunkall-Technologies:master Blunkall-Technologies:dev
...
compare: Blunkall-Technologies:597f51e7b2ee827ed5ceb5eecb8de89bbfc25436
Branches Tags
Blunkall-Technologies:dev Blunkall-Technologies:master

2 Commits
f3a90a0fe8 ... 597f51e7b2

Author SHA1 Message Date
Nathan
597f51e7b2 Begin Dendritic rewrite 2026-03-06 16:25:23 -06:00
Nathan
c1684a80f7 Begin Dendritic rewrite 2026-03-06 16:24:53 -06:00
101 changed files with 4377 additions and 4645 deletions
Expand all files Collapse all files

3
.gitmodules vendored
View File

@@ -4,6 +4,3 @@
[submodule "machines/laptop"] [submodule "machines/laptop"]
path = machines/laptop path = machines/laptop
url = ssh://gitea@gitea.esotericbytes.com:2222/Blunkall-Technologies/laptop url = ssh://gitea@gitea.esotericbytes.com:2222/Blunkall-Technologies/laptop
[submodule "machines/android"]
path = machines/android
url = ssh://gitea@gitea.esotericbytes.com:2222/Blunkall-Technologies/android

7
flake-parts.nix Normal file
View File

@@ -0,0 +1,7 @@
{ inputs, ... }: {
imports = [
inputs.home-manager.flakeModules.home-manager
inputs.disko.flakeModules.default
];
}

182
flake.nix
View File

@@ -21,6 +21,9 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
flake-parts.url = "github:hercules-ci/flake-parts";
import-tree.url = "github:vic/import-tree";
firefox-addons = { firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
@@ -29,179 +32,22 @@
nix-minecraft.url = "github:Infinidoge/nix-minecraft"; nix-minecraft.url = "github:Infinidoge/nix-minecraft";
#simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
nixvim.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai"; nixvim.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai";
aurora.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora";
self.submodules = true; self.submodules = true;
}; };
outputs = { self, nixpkgs, home-manager, ... } @ inputs: { outputs = { ... } @ inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; }
profiles = let (inputs.import-tree [
dir = builtins.readDir ./profiles; ./profiles
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir); ./homes
in (builtins.listToAttrs ./machines
(builtins.map ./system
(name: ({ ./templates/default.nix
inherit name; ]);
value = { ... }: {
imports = [
./system
./profiles/${name}
];
};
})) filtered)
);
homes = let
dir = builtins.readDir ./homes;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = { ... } @ exputs: {
imports = [ (import ./homes/${name}/home-manager (exputs // inputs)) ];
};
})) filtered)
);
iso = (nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inputs = inputs // {
nathan = self.homes.nathan;
inherit self;
};
};
modules = [
self.profiles.iso
];
}).config.system.build.isoImage;
templates = {
nixos = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/nixos;
};
home-manager = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/home-manager;
};
nix-on-droid = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/nix-on-droid;
};
machines = let
dir = builtins.readDir ./machines;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = {
welcomeText = ''
#Welcome to Olympus!
##Warning:
This is a config for ${name}, an established machine!
It may require significant alterations to be usable!
'';
description = ''
Generate this where you want your config.
'';
path = ./machines/${name};
};
})) filtered)
);
homes = let
dir = builtins.readDir ./homes;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = {
welcomeText = ''
#Welcome home, ${name}!
Your config is right here.
'';
description = ''
Generate this where you want your config.
'';
path = ./homes/${name};
};
})) filtered)
);
default = self.templates.nixos;
};
nixosConfigurations = let
dir = builtins.readDir ./machines;
filtered = builtins.filter (x: dir.${x} == "directory" && x != "android") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = nixpkgs.lib.nixosSystem {
specialArgs = inputs;
modules = [
{ sysconfig.host = name; }
./machines/${name}
self.profiles.${name}
];
};
})) filtered)
);
};
} }

40
homes/nathan/flake.nix
View File

@@ -1,40 +0,0 @@
{
description = "Home-Manager Configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
olympus = {
url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Olympus";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
};
outputs = { self, nixpkgs, home-manager, olympus, ... } @ inputs: {
homeConfigurations = {
nathan = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs {
system = builtins.currentSystem;
};
modules = [
olympus.homes.nathan
./home.nix
];
extraSpecialArgs = {
inherit inputs;
};
};
};
};
}

188
homes/nathan/home-manager/default.nix
View File

@@ -1,114 +1,114 @@
{ config, lib, pkgs, inputs, ... }: { { inputs, ... }: {
imports = let flake.homeModules.nathan = { config, lib, pkgs, ... }: {
dir = builtins.readDir ./.;
in (builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
)) ++ [
inputs.sops-nix.homeManagerModules.sops
];
options.homeconfig = with lib; { imports = [
inputs.sops-nix.homeManagerModules.sops
];
name = mkOption { options.homeconfig = with lib; {
type = with types; nullOr str;
default = null;
};
graphical = mkOption { name = mkOption {
type = with types; bool; type = with types; nullOr str;
default = true; default = null;
}; };
standalone = mkOption { graphical = mkOption {
type = with types; bool; type = with types; bool;
default = false; default = true;
}; };
virtual-machines = mkOption { standalone = mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
}; };
};
virtual-machines = mkOption {
config = { type = with types; bool;
default = false;
homeconfig = {
name = "nathan";
mpd.enable = lib.mkDefault true;
calcurse.enable = lib.mkDefault true;
git.enable = lib.mkDefault true;
nh.enable = lib.mkDefault true;
minimal = lib.mkDefault false;
hyprland.enable = lib.mkDefault config.homeconfig.graphical;
hyprlock.enable = lib.mkDefault config.homeconfig.hyprland.enable;
wal.enable = lib.mkDefault config.homeconfig.graphical;
hyprpanel.enable = lib.mkDefault config.homeconfig.hyprland.enable;
rofi.enable = lib.mkDefault config.homeconfig.hyprland.enable;
firefox.enable = lib.mkDefault config.homeconfig.graphical;
};
home.username = lib.mkDefault config.homeconfig.name;
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
home.stateVersion = "23.11";
home.pointerCursor = lib.mkIf config.homeconfig.graphical {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 16;
};
dconf.settings = lib.mkIf config.homeconfig.virtual-machines {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
}; };
}; };
gtk = lib.mkIf (config.homeconfig.graphical && config.homeconfig.hyprland.enable) {
enable = true;
theme.name = "Tokyonight-Dark";
theme.package = pkgs.tokyonight-gtk-theme;
iconTheme.package = pkgs.rose-pine-icon-theme;
iconTheme.name = "rose-pine-moon";
};
sops = { config = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."remoteBuildKey" = {}; homeconfig = {
}; name = "nathan";
services.mpris-proxy.enable = true; mpd.enable = lib.mkDefault true;
calcurse.enable = lib.mkDefault true;
git.enable = lib.mkDefault true;
nh.enable = lib.mkDefault true;
programs.ssh = { minimal = lib.mkDefault false;
enable = true; hyprland.enable = lib.mkDefault config.homeconfig.graphical;
hyprlock.enable = lib.mkDefault config.homeconfig.hyprland.enable;
wal.enable = lib.mkDefault config.homeconfig.graphical;
#hyprpanel.enable = lib.mkDefault config.homeconfig.hyprland.enable;
rofi.enable = lib.mkDefault config.homeconfig.hyprland.enable;
firefox.enable = lib.mkDefault config.homeconfig.graphical;
matchBlocks = { aurora.enable = lib.mkDefault config.homeconfig.hyprland.enable;
"builder" = { };
hostname = "esotericbytes.com";
user = "remote-builder"; home.username = lib.mkDefault config.homeconfig.name;
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22; home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
};
home.stateVersion = "23.11";
"remote" = {
hostname = "esotericbytes.com"; home.pointerCursor = lib.mkIf config.homeconfig.graphical {
user = "nathan"; gtk.enable = true;
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519"; package = pkgs.bibata-cursors;
port = 22; name = "Bibata-Modern-Classic";
size = 16;
};
dconf.settings = lib.mkIf config.homeconfig.virtual-machines {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
}; };
}; };
};
gtk = lib.mkIf (config.homeconfig.graphical && config.homeconfig.hyprland.enable) {
enable = true;
theme.name = "Tokyonight-Dark";
theme.package = pkgs.tokyonight-gtk-theme;
iconTheme.package = pkgs.rose-pine-icon-theme;
iconTheme.name = "rose-pine-moon";
};
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."remoteBuildKey" = {};
};
services.mpris-proxy.enable = true;
programs.ssh = {
enable = true;
matchBlocks = {
"builder" = {
hostname = "esotericbytes.com";
user = "remote-builder";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
"remote" = {
hostname = "esotericbytes.com";
user = "nathan";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
};
};
};
}; };
} }

21
homes/nathan/home-manager/dotfiles/default.nix
View File

@@ -1,12 +1,15 @@
{ config, lib, ... }: { { ... }: {
home.file = { flake.homeModules.nathan = { config, lib, ... }: {
".config/hypr" = lib.mkIf config.homeconfig.hyprland.enable { source = ./hypr; recursive = true; };
".config/hyprpanel" = lib.mkIf config.homeconfig.hyprpanel.enable { source = ./hyprpanel; recursive = true; };
".config/wal/templates" = lib.mkIf config.homeconfig.wal.enable { source = ./wal/templates; recursive = true; };
".config/ohmyposh" = { source = ./ohmyposh; recursive = true; };
".config/quickshell" = lib.mkIf config.homeconfig.quickshell.enable { source = ./quickshell; recursive = true; };
"Pictures/Wallpaper" = lib.mkIf config.homeconfig.graphical { source = ./Wallpaper; recursive = true; };
};
home.file = {
".config/hypr" = lib.mkIf config.homeconfig.hyprland.enable { source = ./hypr; recursive = true; };
".config/hyprpanel" = lib.mkIf config.homeconfig.hyprpanel.enable { source = ./hyprpanel; recursive = true; };
".config/wal/templates" = lib.mkIf config.homeconfig.wal.enable { source = ./wal/templates; recursive = true; };
".config/ohmyposh" = { source = ./ohmyposh; recursive = true; };
".config/quickshell" = lib.mkIf config.homeconfig.quickshell.enable { source = ./quickshell; recursive = true; };
"Pictures/Wallpaper" = lib.mkIf config.homeconfig.graphical { source = ./Wallpaper; recursive = true; };
};
};
} }

127
homes/nathan/home-manager/packages/default.nix
View File

@@ -1,23 +1,21 @@
{ config, lib, pkgs, inputs, ... }: let { inputs, ... }: {
system = "x86_64-linux";
flake.homeModules.nathan = { config, lib, pkgs, ... }: let
system = pkgs.stdenv.hostPlatform;
pkgs-us = import inputs.nixpkgs-us { pkgs-us = import inputs.nixpkgs-us {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
in { in {
imports = [ options.homeconfig.minimal = with lib; options.mkOption {
./scripts type = with types; bool;
]; default = false;
};
options.homeconfig.minimal = with lib; options.mkOption { config = with lib; mkMerge [
type = with types; bool;
default = false;
};
config = with lib; mkMerge [
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
@@ -49,72 +47,73 @@
} }
(mkIf config.homeconfig.graphical { (mkIf config.homeconfig.graphical {
home.packages = with pkgs; [ home.packages = with pkgs; [
grim grim
slurp slurp
xfce.thunar xfce.thunar
wl-clipboard wl-clipboard
blueberry blueberry
]; ];
}) })
(mkIf (!config.homeconfig.minimal) { (mkIf (!config.homeconfig.minimal) {
home.packages = with pkgs; [ home.packages = with pkgs; [
cava cava
android-tools android-tools
neovim-remote neovim-remote
zulu zulu
fastfetch fastfetch
ncmpcpp ncmpcpp
playerctl playerctl
mpc mpc
ffmpeg ffmpeg
]; ];
}) })
(mkIf (!config.homeconfig.minimal && config.homeconfig.graphical) { (mkIf (!config.homeconfig.minimal && config.homeconfig.graphical) {
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
handbrake
quickemu
bottles
pkgs-us.runapp handbrake
brightnessctl quickemu
libdbusmenu-gtk3 bottles
lmms
pkgs-us.runapp
brightnessctl
libdbusmenu-gtk3
lmms
#unfree { #unfree {
geogebra geogebra
spotify spotify
discord discord
#} #}
rustdesk-flutter rustdesk-flutter
mpv mpv
vlc vlc
pavucontrol pavucontrol
rpi-imager rpi-imager
tigervnc tigervnc
keepassxc keepassxc
localsend localsend
#3D modeling/printing #3D modeling/printing
blender blender
freecad-wayland freecad-wayland
cura-appimage cura-appimage
#productivity #productivity
libreoffice libreoffice
#games #games
prismlauncher prismlauncher
]; ];
}) })
]; ];
};
} }

251
homes/nathan/home-manager/packages/scripts/default.nix
View File

@@ -1,135 +1,138 @@
{ config, lib, pkgs, inputs, ... }: let { ... }: {
system = "x86_64-linux"; flake.homeModules.nathan = { config, lib, pkgs, inputs, ... }: let
system = "x86_64-linux";
pkgs-us = import inputs.nixpkgs-us { pkgs-us = import inputs.nixpkgs-us {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
in { in {
options = { options = {
homeconfig.scripts.enable = lib.options.mkOption { homeconfig.scripts.enable = lib.options.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
};
}; };
config = lib.mkMerge [
(lib.mkIf (config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
${pkgs-us.runapp}/bin/runapp ''$@
#uwsm app -- ''$@
'')
];
})
(lib.mkIf (!config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
eval "''$@"
'')
];
})
(lib.mkIf config.homeconfig.scripts.enable {
home.packages = [
#scripts
(pkgs.writeShellScriptBin "randWallpaper" ''
file=''$(ls ${config.home.homeDirectory}/Pictures/Wallpaper/ | shuf -n 1)
setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/''$file
'')
(pkgs.writeShellScriptBin "setWallpaper" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
img=''$(realpath "''${1:-$(find ~/Pictures/Wallpaper/* | rofi -dmenu)}")
n=''$(basename "''$img")
ext="''${n''\#''\#*.}"
out=''${3:-/dev/null}
if [[ ''$ext == "gif" || ''$ext == "mp4" ]]; then
yes | ${pkgs.ffmpeg}/bin/ffmpeg -i "''$img" -vframes 1 /tmp/nathan/tmp.jpg >> ''$out
cp /tmp/nathan/tmp.jpg /tmp/nathan/tmp2.jpg
pidof mpvpaper && pkill mpvpaper
${pkgs.swww}/bin/swww img /tmp/nathan/tmp.jpg -t wipe >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp2.jpg >> ''$out
sleep 0.3
hyprctl dispatch exec "${pkgs.mpvpaper}/bin/mpvpaper ALL ''$img -o loop"
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp.jpg >> ''$out
rm /tmp/nathan/tmp2.jpg
else
pidof mpvpaper && pkill mpvpaper
hyprctl dispatch exec "${pkgs.swww}/bin/swww img ''$img -t wipe" >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw "''$img" >> ''$out
fi
changeColors "''$img" "''$2" >> ''$out
'')
(pkgs.writeShellScriptBin "changeColors" ''
img=''$(realpath "''$1")
alpha=''${2:-70}
if [[ ''$alpha -lt 0 ]]; then
alpha=0
elif [[ ''$alpha -gt 100 ]]; then
alpha=100
fi
if [[ -f ~/.config/wal/colorschemes/dark/''$(basename "''$img")-''$alpha.json ]]; then
${pkgs.pywal16}/bin/wal -n -f "''$(basename "''$img")-''$alpha"
else
${pkgs.pywal16}/bin/wal -n -i "''$img" -a "''$alpha" --cols16 -p "''$(basename "''$img")-''$alpha"
fi
colorPrefix
'')
(pkgs.writeShellScriptBin "colorPrefix" ''
pidof firefox > /dev/null && ${pkgs.pywalfox-native}/bin/pywalfox update &
pidof kitty > /dev/null && pkill -USR1 kitty
pidof cava > /dev/null && pkill -USR1 cava
for i in ''$(ls /run/user/1000 | grep nvim); do
${pkgs.neovim-remote}/bin/nvr -s --servername /run/user/1000/''$i --remote-send '<cmd>colorscheme pywal<CR>';
done
eval "''$@"
'')
(pkgs.writeShellScriptBin "onSystemStart" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then
rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid
fi
hyprctl --batch "\
dispatch exec ${pkgs.swww}/bin/swww-daemon ;\
dispatch exec setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ;\
dispatch exec ${pkgs.pyprland}/bin/pypr ;\
dispatch exec ${pkgs.netbird-ui}/bin/netbird-ui ;\
dispatch exec ${pkgs.hyprpolkitagent}/libexec/hyprpolkitagent ;\
setcursor Bibata-Modern-Classic 16"
sleep 3
hyprctl reload
hyprctl dispatch exec ${pkgs.pyprland}/bin/pypr toggle calendar
#tmux new-session -s hyprland
'')
];
})
];
}; };
config = lib.mkMerge [
(lib.mkIf (config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
${pkgs-us.runapp}/bin/runapp ''$@
#uwsm app -- ''$@
'')
];
})
(lib.mkIf (!config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
eval "''$@"
'')
];
})
(lib.mkIf config.homeconfig.scripts.enable {
home.packages = [
#scripts
(pkgs.writeShellScriptBin "randWallpaper" ''
file=''$(ls ${config.home.homeDirectory}/Pictures/Wallpaper/ | shuf -n 1)
setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/''$file
'')
(pkgs.writeShellScriptBin "setWallpaper" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
img=''$(realpath "''${1:-$(find ~/Pictures/Wallpaper/* | rofi -dmenu)}")
n=''$(basename "''$img")
ext="''${n''\#''\#*.}"
out=''${3:-/dev/null}
if [[ ''$ext == "gif" || ''$ext == "mp4" ]]; then
yes | ${pkgs.ffmpeg}/bin/ffmpeg -i "''$img" -vframes 1 /tmp/nathan/tmp.jpg >> ''$out
cp /tmp/nathan/tmp.jpg /tmp/nathan/tmp2.jpg
pidof mpvpaper && pkill mpvpaper
${pkgs.swww}/bin/swww img /tmp/nathan/tmp.jpg -t wipe >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp2.jpg >> ''$out
sleep 0.3
hyprctl dispatch exec "${pkgs.mpvpaper}/bin/mpvpaper ALL ''$img -o loop"
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp.jpg >> ''$out
rm /tmp/nathan/tmp2.jpg
else
pidof mpvpaper && pkill mpvpaper
hyprctl dispatch exec "${pkgs.swww}/bin/swww img ''$img -t wipe" >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw "''$img" >> ''$out
fi
changeColors "''$img" "''$2" >> ''$out
'')
(pkgs.writeShellScriptBin "changeColors" ''
img=''$(realpath "''$1")
alpha=''${2:-70}
if [[ ''$alpha -lt 0 ]]; then
alpha=0
elif [[ ''$alpha -gt 100 ]]; then
alpha=100
fi
if [[ -f ~/.config/wal/colorschemes/dark/''$(basename "''$img")-''$alpha.json ]]; then
${pkgs.pywal16}/bin/wal -n -f "''$(basename "''$img")-''$alpha"
else
${pkgs.pywal16}/bin/wal -n -i "''$img" -a "''$alpha" --cols16 -p "''$(basename "''$img")-''$alpha"
fi
colorPrefix
'')
(pkgs.writeShellScriptBin "colorPrefix" ''
pidof firefox > /dev/null && ${pkgs.pywalfox-native}/bin/pywalfox update &
pidof kitty > /dev/null && pkill -USR1 kitty
pidof cava > /dev/null && pkill -USR1 cava
for i in ''$(ls /run/user/1000 | grep nvim); do
${pkgs.neovim-remote}/bin/nvr -s --servername /run/user/1000/''$i --remote-send '<cmd>colorscheme pywal<CR>';
done
eval "''$@"
'')
(pkgs.writeShellScriptBin "onSystemStart" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then
rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid
fi
hyprctl --batch "\
dispatch exec ${pkgs.swww}/bin/swww-daemon ;\
dispatch exec setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ;\
dispatch exec ${pkgs.pyprland}/bin/pypr ;\
dispatch exec ${pkgs.netbird-ui}/bin/netbird-ui ;\
dispatch exec ${pkgs.hyprpolkitagent}/libexec/hyprpolkitagent ;\
setcursor Bibata-Modern-Classic 16"
sleep 3
hyprctl reload
hyprctl dispatch exec ${pkgs.pyprland}/bin/pypr toggle calendar
#tmux new-session -s hyprland
'')
];
})
];
} }

17
homes/nathan/home-manager/programs/aurora/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{ ... }: {
flake.homeModules.nathan = { config, lib, ... }: {
options.homeconfig.aurora.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf config.homeconfig.aurora.enable {
programs.aurora = {
enable = true;
};
};
};
}

23
homes/nathan/home-manager/programs/calcurse/default.nix
View File

@@ -1,14 +1,17 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.homeconfig.calcurse.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.calcurse.enable { options.homeconfig.calcurse.enable = lib.options.mkOption {
home.packages = with pkgs; [ type = lib.types.bool;
calcurse default = false;
libnotify };
];
config = lib.mkIf config.homeconfig.calcurse.enable {
home.packages = with pkgs; [
calcurse
libnotify
];
};
}; };
} }

21
homes/nathan/home-manager/programs/default.nix
View File

@@ -1,19 +1,14 @@
{ config, lib, pkgs, inputs, ... }: { { ... }: {
imports = let flake.homeModules.nathan = { config, lib, pkgs, inputs, ... }: {
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
config = {
config = { home.packages = lib.mkIf (!config.homeconfig.wal.enable) [
inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.default
];
home.packages = lib.mkIf (!config.homeconfig.wal.enable) [ home.sessionVariables.EDITOR = "nvim";
inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.default };
];
home.sessionVariables.EDITOR = "nvim";
}; };
} }

79
homes/nathan/home-manager/programs/firefox/default.nix
View File

@@ -1,59 +1,62 @@
{ config, lib, pkgs, inputs, ... }: { { ... }: {
options.homeconfig.firefox.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, pkgs, inputs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.firefox.enable { options.homeconfig.firefox.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
home.sessionVariables.BROWSER = "${config.programs.firefox.package}/bin/firefox"; config = lib.mkIf config.homeconfig.firefox.enable {
home.packages = lib.mkIf config.homeconfig.wal.enable [ home.sessionVariables.BROWSER = "${config.programs.firefox.package}/bin/firefox";
pkgs.pywalfox-native
];
home.file.".mozilla/native-messaging-hosts/pywalfox.json".text = let home.packages = lib.mkIf config.homeconfig.wal.enable [
pywalfox-wrapper = pkgs.writeShellScriptBin "pywalfox-wrapper" '' pkgs.pywalfox-native
];
home.file.".mozilla/native-messaging-hosts/pywalfox.json".text = let
pywalfox-wrapper = pkgs.writeShellScriptBin "pywalfox-wrapper" ''
${pkgs.pywalfox-native}/bin/pywalfox start ${pkgs.pywalfox-native}/bin/pywalfox start
''; '';
in lib.replaceStrings [ "<path>" ] [ in lib.replaceStrings [ "<path>" ] [
"${pywalfox-wrapper}/bin/pywalfox-wrapper" "${pywalfox-wrapper}/bin/pywalfox-wrapper"
] (lib.readFile "${pkgs.pywalfox-native}/lib/python3.13/site-packages/pywalfox/assets/manifest.json"); ] (lib.readFile "${pkgs.pywalfox-native}/lib/python3.13/site-packages/pywalfox/assets/manifest.json");
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = pkgs.firefox; package = pkgs.firefox;
profiles.nathan = { profiles.nathan = {
search = { search = {
default = "ddg"; default = "ddg";
privateDefault = "ddg"; privateDefault = "ddg";
force = true; force = true;
}; };
bookmarks = { bookmarks = {
force = true; force = true;
settings = [ settings = [
{ {
name = "toolbar"; name = "toolbar";
toolbar = true; toolbar = true;
bookmarks = [ bookmarks = [
{ {
name = "NixOS Search - Packages"; name = "NixOS Search - Packages";
url = "https://search.nixos.org/packages"; url = "https://search.nixos.org/packages";
} }
]; ];
} }
];
};
extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
ublock-origin
keepassxc-browser
pywalfox
]; ];
}; };
extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
ublock-origin
keepassxc-browser
pywalfox
];
}; };
}; };
}; };

71
homes/nathan/home-manager/programs/git/default.nix
View File

@@ -1,44 +1,47 @@
{ config, lib, ... }: { { ... }: {
options.homeconfig.git.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.git.enable { options.homeconfig.git.enable = lib.options.mkOption {
type = lib.types.bool;
sops = { default = false;
secrets = {
"git/username" = {};
"git/email" = {};
};
templates.gitconfig.content = ''
[user]
name = "${config.sops.placeholder."git/username"}"
email = "${config.sops.placeholder."git/email"}"
'';
}; };
programs.git = {
enable = true;
includes = [ config = lib.mkIf config.homeconfig.git.enable {
{ path = "${config.sops.templates.gitconfig.path}"; }
]; sops = {
secrets = {
settings = { "git/username" = {};
init = { "git/email" = {};
defaultBranch = "master";
}; };
safe.directory = "/etc/nixos"; templates.gitconfig.content = ''
[user]
name = "${config.sops.placeholder."git/username"}"
email = "${config.sops.placeholder."git/email"}"
'';
};
url = { programs.git = {
"ssh://gitea@gitea.esotericbytes.com/" = { enable = true;
insteadOf = [
"server:" includes = [
]; { path = "${config.sops.templates.gitconfig.path}"; }
];
settings = {
init = {
defaultBranch = "master";
};
safe.directory = "/etc/nixos";
url = {
"ssh://gitea@gitea.esotericbytes.com/" = {
insteadOf = [
"server:"
];
};
}; };
}; };
}; };

75
homes/nathan/home-manager/programs/hyprland/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.homeconfig.hyprland.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.hyprland.enable { options.homeconfig.hyprland.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
home.sessionVariables.NIX_OZONE_WL = "1"; config = lib.mkIf config.homeconfig.hyprland.enable {
programs.kitty.enable = lib.mkDefault true; home.sessionVariables.NIX_OZONE_WL = "1";
home.packages = with pkgs; [ programs.kitty.enable = lib.mkDefault true;
pyprland
];
home.activation.extraHyprFile = lib.hm.dag.entryAfter ["writeBoundary"] '' home.packages = with pkgs; [
if [[ ! -f ${config.home.homeDirectory}/.config/hypr/otf.conf ]]; then pyprland
touch ${config.home.homeDirectory}/.config/hypr/otf.conf ];
fi
if [[ ! -f ${config.home.homeDirectory}/.config/background ]]; then home.activation.extraHyprFile = lib.hm.dag.entryAfter ["writeBoundary"] ''
cp ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ${config.home.homeDirectory}/.config/background if [[ ! -f ${config.home.homeDirectory}/.config/hypr/otf.conf ]]; then
chmod 600 ${config.home.homeDirectory}/.config/background touch ${config.home.homeDirectory}/.config/hypr/otf.conf
fi fi
'';
if [[ ! -f ${config.home.homeDirectory}/.config/background ]]; then
cp ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ${config.home.homeDirectory}/.config/background
chmod 600 ${config.home.homeDirectory}/.config/background
fi
'';
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
systemd = {
enable = false;
variables = [ "--all" ];
};
extraConfig = (if config.homeconfig.hyprpanel.enable then ''
bind = , Print, exec, bash -c ${pkgs.hyprpanel}/share/scripts/screenshot.sh"
'' else ''
bind = , Print, exec, grim -g "$(slurp)"
'') + ''
source = ${config.home.homeDirectory}/.config/hypr/main.conf
exec-shutdown = if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid; fi
'';
systemd = {
enable = false;
variables = [ "--all" ];
}; };
extraConfig = (if config.homeconfig.hyprpanel.enable then ''
bind = , Print, exec, bash -c ${pkgs.hyprpanel}/share/scripts/screenshot.sh"
'' else ''
bind = , Print, exec, grim -g "$(slurp)"
'') + ''
source = ${config.home.homeDirectory}/.config/hypr/main.conf
exec-shutdown = if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid; fi
'';
}; };
}; };
} }

85
homes/nathan/home-manager/programs/hyprlock/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.homeconfig.hyprlock.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.hyprlock.enable { options.homeconfig.hyprlock.enable = lib.options.mkOption {
type = lib.types.bool;
programs.hyprlock = { default = false;
enable = true;
}; };
services.hypridle = { config = lib.mkIf config.homeconfig.hyprlock.enable {
enable = true;
settings = { programs.hyprlock = {
enable = true;
};
general = { services.hypridle = {
lock_cmd = "pidof hyprlock || hyprlock"; # avoid starting multiple hyprlock instances. enable = true;
before_sleep_cmd = "loginctl lock-session"; # lock before suspend.
after_sleep_cmd = "hyprctl --instance 0 dispatch dpms on"; # to avoid having to press a key twice to turn on the display. settings = {
general = {
lock_cmd = "pidof hyprlock || hyprlock"; # avoid starting multiple hyprlock instances.
before_sleep_cmd = "loginctl lock-session"; # lock before suspend.
after_sleep_cmd = "hyprctl --instance 0 dispatch dpms on"; # to avoid having to press a key twice to turn on the display.
};
listener = [
{
timeout = 150; # 2.5min.
on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
on-resume = "brightnessctl -r"; # monitor backlight restore.
}
{
timeout = 300; # 5min
on-timeout = "loginctl lock-session"; # lock screen when timeout has passed
}
{
timeout = 330; # 5.5min
on-timeout = "hyprctl --instance 0 dispatch dpms off"; # screen off when timeout has passed
on-resume = "hyprctl --instance 0 dispatch dpms on && brightnessctl -r"; # screen on when activity is detected after timeout has fired.
}
{
timeout = 1800; # 30min
on-timeout = "systemctl suspend"; # suspend pc
}
];
}; };
listener = [
{
timeout = 150; # 2.5min.
on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
on-resume = "brightnessctl -r"; # monitor backlight restore.
}
{
timeout = 300; # 5min
on-timeout = "loginctl lock-session"; # lock screen when timeout has passed
}
{
timeout = 330; # 5.5min
on-timeout = "hyprctl --instance 0 dispatch dpms off"; # screen off when timeout has passed
on-resume = "hyprctl --instance 0 dispatch dpms on && brightnessctl -r"; # screen on when activity is detected after timeout has fired.
}
{
timeout = 1800; # 30min
on-timeout = "systemctl suspend"; # suspend pc
}
];
}; };
}; };
}; };

21
homes/nathan/home-manager/programs/hyprpanel/default.nix
View File

@@ -1,14 +1,17 @@
{ config, lib, ... }: { { ... }: {
options.homeconfig.hyprpanel.enable = with lib; mkOption { flake.homeModules.nathan = { config, lib, ... }: {
type = with types; bool;
default = false;
};
config = lib.mkIf config.homeconfig.hyprpanel.enable { options.homeconfig.hyprpanel.enable = with lib; mkOption {
type = with types; bool;
programs.hyprpanel = { default = false;
enable = true; };
config = lib.mkIf config.homeconfig.hyprpanel.enable {
programs.hyprpanel = {
enable = true;
};
}; };
}; };
} }

31
homes/nathan/home-manager/programs/nh/default.nix
View File

@@ -1,21 +1,24 @@
{ config, lib, inputs, ... }: { { ... }: {
options.homeconfig.nh.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, inputs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.nh.enable { options.homeconfig.nh.enable = lib.options.mkOption {
type = lib.types.bool;
programs.nh = { default = false;
enable = true; };
package = let pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux"; }; in pkgs-us.nh;
#flake = "${config.home.homeDirectory}/Projects/Olympus";
clean = { config = lib.mkIf config.homeconfig.nh.enable {
programs.nh = {
enable = true; enable = true;
dates = "weekly"; package = let pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux"; }; in pkgs-us.nh;
extraArgs = "--keep 5 --keep-since 5d"; #flake = "${config.home.homeDirectory}/Projects/Olympus";
clean = {
enable = true;
dates = "weekly";
extraArgs = "--keep 5 --keep-since 5d";
};
}; };
}; };
}; };

27
homes/nathan/home-manager/programs/pywal/default.nix
View File

@@ -1,19 +1,22 @@
{ config, lib, pkgs, inputs, ... }: { { ... }: {
options.homeconfig.wal.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, pkgs, inputs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.wal.enable { options.homeconfig.wal.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
home.packages = with pkgs; [ config = lib.mkIf config.homeconfig.wal.enable {
inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.pywal
pywal16 home.packages = with pkgs; [
imagemagick inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.pywal
];
pywal16
imagemagick
];
};
}; };
} }

37
homes/nathan/home-manager/programs/quickshell/default.nix
View File

@@ -1,26 +1,29 @@
{ config, lib, ... }: { { ... }: {
options.homeconfig.quickshell.enable = with lib; mkOption { flake.homeModules.nathan = { config, lib, ... }: {
type = with types; bool;
default = false;
};
config = lib.mkIf config.homeconfig.quickshell.enable { options.homeconfig.quickshell.enable = with lib; mkOption {
type = with types; bool;
programs.quickshell = { default = false;
enable = true; };
configs = { config = lib.mkIf config.homeconfig.quickshell.enable {
default = config.homeDirectory + "/${config.home.file.".config/quickshell".target}"; programs.quickshell = {
};
systemd = {
enable = true; enable = true;
target = lib.mkIf config.homeconfig.hyprland.enable "wayland-session@Hyprland.target";
};
activeConfig = "default"; configs = {
default = config.homeDirectory + "/${config.home.file.".config/quickshell".target}";
};
systemd = {
enable = true;
target = lib.mkIf config.homeconfig.hyprland.enable "wayland-session@Hyprland.target";
};
activeConfig = "default";
};
}; };
}; };
} }

27
homes/nathan/home-manager/programs/rofi/default.nix
View File

@@ -1,19 +1,22 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.homeconfig.rofi.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.rofi.enable { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
programs.rofi = {
enable = true; options.homeconfig.rofi.enable = lib.options.mkOption {
package = pkgs.rofi; type = lib.types.bool;
default = false;
};
cycle = true; config = lib.mkIf config.homeconfig.rofi.enable {
programs.rofi = {
theme = "/home/nathan/.cache/wal/colors-rofi-dark.rasi"; enable = true;
package = pkgs.rofi;
cycle = true;
theme = "/home/nathan/.cache/wal/colors-rofi-dark.rasi";
};
}; };
}; };
} }

48
homes/nathan/home-manager/programs/terminal/bash/default.nix
View File

@@ -1,31 +1,35 @@
{ config, lib, pkgs, ... }: { { ... }: {
home.packages = with pkgs; [ oh-my-posh ]; flake.homeModules.nathan = { config, lib, pkgs, ... }: {
programs.bash = { home.packages = with pkgs; [ oh-my-posh ];
enable = true;
enableCompletion = true;
shellAliases = { programs.bash = {
ls = "eza"; enable = true;
ll = "ls -l"; enableCompletion = true;
ksh = "kitten ssh"; shellAliases = {
ls = "eza";
ll = "ls -l";
vi = "nvim"; ksh = "kitten ssh";
vim = "nvim";
v = "nvim";
vi = "nvim";
vim = "nvim";
};
bashrcExtra = ''
source ${pkgs.blesh}/share/blesh/ble.sh
'';
initExtra = if config.homeconfig.wal.enable then (lib.mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
'') else (lib.mkBefore ''
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)"
'');
}; };
bashrcExtra = ''
source ${pkgs.blesh}/share/blesh/ble.sh
'';
initExtra = if config.homeconfig.wal.enable then (lib.mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
'') else (lib.mkBefore ''
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)"
'');
}; };
} }

27
homes/nathan/home-manager/programs/terminal/bat/default.nix
View File

@@ -1,18 +1,21 @@
{ config, lib, pkgs, ... }: { { ... }: {
programs.bat = { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enable = true; programs.bat = {
extraPackages = with pkgs.bat-extras; [ enable = true;
batman
batpipe extraPackages = with pkgs.bat-extras; [
batgrep batman
batdiff batpipe
batwatch batgrep
prettybat batdiff
]; batwatch
prettybat
];
}; };
};
} }

17
homes/nathan/home-manager/programs/terminal/default.nix
View File

@@ -1,17 +0,0 @@
{ ... }: {
imports = [
./bat
./bash
./eza
./fzf
./lf
./tmux
./kitty
./zoxide
./zsh
./ssh
./ohmyposh
./opencode
];
}

23
homes/nathan/home-manager/programs/terminal/eza/default.nix
View File

@@ -1,17 +1,20 @@
{ config, lib, pkgs, ... }: { { ... }: {
programs.eza = { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enable = true; programs.eza = {
enableZshIntegration = true; enable = true;
extraOptions = [ enableZshIntegration = true;
"--color=auto"
];
git = true; extraOptions = [
"--color=auto"
];
icons = "auto"; git = true;
};
icons = "auto";
};
};
} }

21
homes/nathan/home-manager/programs/terminal/fzf/default.nix
View File

@@ -1,15 +1,18 @@
{ config, lib, pkgs, ... }: { { ... }: {
programs.fzf = { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enable = true;
enableZshIntegration = true; programs.fzf = {
tmux = { enable = true;
#enableShellIntegration = true;
#shellIntegrationOptions = []; enableZshIntegration = true;
tmux = {
#enableShellIntegration = true;
#shellIntegrationOptions = [];
};
};
}; };
};
} }

61
homes/nathan/home-manager/programs/terminal/kitty/default.nix
View File

@@ -1,33 +1,36 @@
{ config, ... }: { { ... }: {
programs.kitty = {
enable = true;
font = { flake.homeModules.nathan = { config, ... }: {
name = "FiraCode Nerd Font";
size = 12; programs.kitty = {
enable = true;
font = {
name = "FiraCode Nerd Font";
size = 12;
};
extraConfig = ''
confirm_os_window_close 0
include ${config.home.homeDirectory}/.cache/wal/colors-kitty.conf
disable_ligatures never
dynamic_background_opacity yes
tab_bar_edge top
map ctrl+shift+t new_tab
map ctrl+shift+w close_tab
map ctrl+tab next_tab
map ctrl+shift+tab previous_tab
'';
};
}; };
extraConfig = ''
confirm_os_window_close 0
include ${config.home.homeDirectory}/.cache/wal/colors-kitty.conf
disable_ligatures never
dynamic_background_opacity yes
tab_bar_edge top
map ctrl+shift+t new_tab
map ctrl+shift+w close_tab
map ctrl+tab next_tab
map ctrl+shift+tab previous_tab
'';
};
} }

9
homes/nathan/home-manager/programs/terminal/lf/default.nix
View File

@@ -1,7 +1,10 @@
{ ... }: { { ... }: {
config = {
programs.lf = { flake.homeModules.nathan = { ... }: {
enable = true; config = {
programs.lf = {
enable = true;
};
}; };
}; };
} }

229
homes/nathan/home-manager/programs/terminal/ohmyposh/default.nix
View File

@@ -1,136 +1,139 @@
{ config, lib, pkgs, ... }: { { ... }: {
home.packages = with pkgs; [ flake.homeModules.nathan = { config, lib, pkgs, ... }: {
oh-my-posh
];
programs.zsh = {
initContent = with lib; mkMerge [
(mkIf config.homeconfig.wal.enable (mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
''))
(mkIf (!config.homeconfig.wal.enable) (mkBefore '' home.packages = with pkgs; [
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)" oh-my-posh
'')) ];
];
}; programs.zsh = {
home.file.".config/wal/templates/ohmyposh.toml".text = '' initContent = with lib; mkMerge [
(mkIf config.homeconfig.wal.enable (mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
''))
(mkIf (!config.homeconfig.wal.enable) (mkBefore ''
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)"
''))
];
};
home.file.".config/wal/templates/ohmyposh.toml".text = ''
#:schema https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json #:schema https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json
version = 2 version = 2
final_space = true final_space = true
console_title_template = '{{{{ .Shell }}}} in {{{{ .Folder }}}}' console_title_template = '{{{{ .Shell }}}} in {{{{ .Folder }}}}'
[[blocks]] [[blocks]]
type = 'prompt' type = 'prompt'
alignment = 'left' alignment = 'left'
newline = true newline = true
[[blocks.segments]] [[blocks.segments]]
type = 'os' type = 'os'
style = 'diamond' style = 'diamond'
trailing_diamond = '' trailing_diamond = ''
background = 'p:c1' background = 'p:c1'
foreground = 'p:c12' foreground = 'p:c12'
template = ' {{{{ .Icon }}}} ' template = ' {{{{ .Icon }}}} '
[[blocks.segments]] [[blocks.segments]]
type = 'session' type = 'session'
style = 'diamond' style = 'diamond'
trailing_diamond = '' trailing_diamond = ''
background = 'p:c2' background = 'p:c2'
foreground = 'p:c14' foreground = 'p:c14'
template = '{{{{ .UserName }}}}@{{{{ .HostName }}}}' template = '{{{{ .UserName }}}}@{{{{ .HostName }}}}'
[[blocks.segments]] [[blocks.segments]]
type = 'path' type = 'path'
style = 'diamond' style = 'diamond'
trailing_diamond = '' trailing_diamond = ''
background = 'p:c4' background = 'p:c4'
foreground = 'p:c13' foreground = 'p:c13'
template = '{{{{ .Path }}}}' template = '{{{{ .Path }}}}'
[blocks.segments.properties] [blocks.segments.properties]
style = 'full' style = 'full'
[[blocks]] [[blocks]]
type = 'prompt' type = 'prompt'
overflow = 'hidden' overflow = 'hidden'
alignment = 'right' alignment = 'right'
[[blocks.segments]] [[blocks.segments]]
type = 'executiontime' type = 'executiontime'
style = 'diamond' style = 'diamond'
leading_diamond = '' leading_diamond = ''
background = 'p:c4' background = 'p:c4'
foreground = 'p:c13' foreground = 'p:c13'
template = '{{{{ .FormattedMs }}}}' template = '{{{{ .FormattedMs }}}}'
[[blocks.segments]] [[blocks.segments]]
type = 'time' type = 'time'
style = 'diamond' style = 'diamond'
leading_diamond = '' leading_diamond = ''
background = 'p:c2' background = 'p:c2'
foreground = 'p:c14' foreground = 'p:c14'
[[blocks.segments]] [[blocks.segments]]
type = 'shell' type = 'shell'
style = 'diamond' style = 'diamond'
leading_diamond = '' leading_diamond = ''
background = 'p:c1' background = 'p:c1'
foreground = 'p:c12' foreground = 'p:c12'
[[blocks]] [[blocks]]
type = 'prompt' type = 'prompt'
alignment = 'left' alignment = 'left'
newline = true newline = true
[[blocks.segments]] [[blocks.segments]]
type = 'text' type = 'text'
style = 'plain' style = 'plain'
background = 'transparent' background = 'transparent'
foreground_templates = [ foreground_templates = [
"{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}", "{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}",
"{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}", "{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}",
] ]
template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}" template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}"
[transient_prompt] [transient_prompt]
foreground_templates = [ foreground_templates = [
"{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}", "{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}",
"{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}", "{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}",
] ]
background = 'transparent' background = 'transparent'
template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}" template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}"
[secondary_prompt] [secondary_prompt]
background = 'transparent' background = 'transparent'
forground = 'p:c14' forground = 'p:c14'
template = " " template = " "
[palette] [palette]
c0 = "{color0}" c0 = "{color0}"
c1 = "{color1}" c1 = "{color1}"
c2 = "{color2}" c2 = "{color2}"
c3 = "{color3}" c3 = "{color3}"
c4 = "{color4}" c4 = "{color4}"
c5 = "{color5}" c5 = "{color5}"
c6 = "{color6}" c6 = "{color6}"
c7 = "{color7}" c7 = "{color7}"
c8 = "{color8}" c8 = "{color8}"
c9 = "{color9}" c9 = "{color9}"
c10 = "{color10}" c10 = "{color10}"
c11 = "{color11}" c11 = "{color11}"
c12 = "{color12}" c12 = "{color12}"
c13 = "{color13}" c13 = "{color13}"
c14 = "{color14}" c14 = "{color14}"
c15 = "{color15}" c15 = "{color15}"
''; '';
};
} }

63
homes/nathan/home-manager/programs/terminal/opencode/default.nix
View File

@@ -1,48 +1,51 @@
{ config, lib, ... }: { { ... }: {
options.homeconfig.opencode.enable = with lib; mkOption { flake.homeModules.nathan = { config, lib, ... }: {
type = with types; bool;
default = true;
};
config = lib.mkIf config.homeconfig.opencode.enable { options.homeconfig.opencode.enable = with lib; mkOption {
type = with types; bool;
default = true;
};
programs.opencode = { config = lib.mkIf config.homeconfig.opencode.enable {
enable = true;
settings = { programs.opencode = {
theme = "system"; enable = true;
model = "ollama-remote/qwen3:8b";
provider = { settings = {
ollama-local = { theme = "system";
name = "Ollama (local)"; model = "ollama-remote/qwen3:8b";
npm = "@ai-sdk/openai-compatible"; provider = {
ollama-local = {
name = "Ollama (local)";
options.baseURL = "http://localhost:11434/v1"; npm = "@ai-sdk/openai-compatible";
options.baseURL = "http://localhost:11434/v1";
models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
};
models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
}; };
}; ollama-remote = {
name = "Ollama (remote)";
ollama-remote = { npm = "@ai-sdk/openai-compatible";
name = "Ollama (remote)";
npm = "@ai-sdk/openai-compatible"; options.baseURL = "https://ollama.esotericbytes.com/v1";
options.baseURL = "https://ollama.esotericbytes.com/v1"; models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
};
models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
}; };
}; };
}; };
}; };

39
homes/nathan/home-manager/programs/terminal/ssh/default.nix
View File

@@ -1,24 +1,27 @@
{ ... }: { { ... }: {
programs.ssh = { flake.homeModules.nathan = { ... }: {
enable = true; programs.ssh = {
# defaults as of 25.11 enable = true;
matchBlocks."*" = {
forwardAgent = false; # defaults as of 25.11
addKeysToAgent = "no"; matchBlocks."*" = {
compression = false; forwardAgent = false;
serverAliveInterval = 0; addKeysToAgent = "no";
serverAliveCountMax = 3; compression = false;
hashKnownHosts = false; serverAliveInterval = 0;
userKnownHostsFile = "~/.ssh/known_hosts"; serverAliveCountMax = 3;
controlMaster = "no"; hashKnownHosts = false;
controlPath = "~/.ssh/master-%r@%n:%p"; userKnownHostsFile = "~/.ssh/known_hosts";
controlPersist = "no"; controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
enableDefaultConfig = false;
};
}; };
enableDefaultConfig = false;
};
} }

39
homes/nathan/home-manager/programs/terminal/tmux/default.nix
View File

@@ -1,23 +1,26 @@
{ config, lib, pkgs, ... }: { { ... }: {
programs.tmux = { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enable = true;
clock24 = true;
mouse = true;
baseIndex = 1;
keyMode = "vi";
prefix = "C-b";
shell = "${pkgs.zsh}/bin/zsh";
};
programs.tmux = {
enable = true;
clock24 = true;
mouse = true;
baseIndex = 1;
keyMode = "vi";
prefix = "C-b";
shell = "${pkgs.zsh}/bin/zsh";
};
};
} }

19
homes/nathan/home-manager/programs/terminal/zoxide/default.nix
View File

@@ -1,13 +1,16 @@
{ config, lib, pkgs, ... }: { { ... }: {
programs.zoxide = { flake.homeModules.nathan = { ... }: {
enable = true; programs.zoxide = {
enableZshIntegration = true; enable = true;
options = [ enableZshIntegration = true;
"--cmd cd"
]; options = [
}; "--cmd cd"
];
};
};
} }

63
homes/nathan/home-manager/programs/terminal/zsh/default.nix
View File

@@ -1,37 +1,40 @@
{ lib, ... }: { { ... }: {
programs.zsh = { flake.homeModules.nathan = { lib, ... }: {
enable = true;
initContent = lib.mkOrder 1200 '' programs.zsh = {
bindkey ' ' magic-space
'';
enableCompletion = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = {
ls = "eza";
ll = "ls -l";
ksh = "kitten ssh"; enable = true;
vi = "nvim"; initContent = lib.mkOrder 1200 ''
vim = "nvim"; bindkey ' ' magic-space
'';
python = "python3.13"; enableCompletion = true;
python3 = "python3.13";
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = {
ls = "eza";
ll = "ls -l";
ksh = "kitten ssh";
vi = "nvim";
vim = "nvim";
python = "python3.13";
python3 = "python3.13";
};
history = {
size = 5000;
ignoreAllDups = true;
ignoreSpace = true;
share = true;
};
};
}; };
history = {
size = 5000;
ignoreAllDups = true;
ignoreSpace = true;
share = true;
};
};
} }

9
homes/nathan/home-manager/services/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
}

65
homes/nathan/home-manager/services/mpd/default.nix
View File

@@ -1,41 +1,44 @@
{ config, lib, pkgs, ... }: { { ... }: {
options = { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
homeconfig.mpd.enable = lib.options.mkOption {
type = lib.types.bool; options = {
default = false; homeconfig.mpd.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
}; };
};
config = lib.mkIf config.homeconfig.mpd.enable { config = lib.mkIf config.homeconfig.mpd.enable {
services.mpd = { services.mpd = {
enable = true; enable = true;
network.startWhenNeeded = true; network.startWhenNeeded = true;
network.port = 6600; network.port = 6600;
network.listenAddress = "127.0.0.1"; network.listenAddress = "127.0.0.1";
musicDirectory = "/home/nathan/Music"; musicDirectory = "/home/nathan/Music";
extraConfig = '' extraConfig = ''
audio_output { audio_output {
type "pipewire" type "pipewire"
name "Audio1" name "Audio1"
} }
audio_output { audio_output {
type "fifo" type "fifo"
name "visualizer" name "visualizer"
path "/tmp/mpd.fifo" path "/tmp/mpd.fifo"
format "44100:16:1" format "44100:16:1"
} }
''; '';
};
services.mpdris2 = {
enable = true;
mpd.host = "127.0.0.1";
mpd.port = 6600;
package = pkgs.mpdris2;
mpd.musicDirectory = "/home/nathan/Music";
notifications = true;
};
}; };
services.mpdris2 = {
enable = true;
mpd.host = "127.0.0.1";
mpd.port = 6600;
package = pkgs.mpdris2;
mpd.musicDirectory = "/home/nathan/Music";
notifications = true;
};
}; };
} }

49
homes/nathan/home.nix
View File

@@ -1,25 +1,38 @@
{ lib, inputs, ... }: { self, inputs, ... }: {
{ flake.homeModules.nathan = { lib, ... }:
config = { {
homeconfig = {
graphical = lib.mkDefault false;
minimal = lib.mkDefault false;
hyprland.enable = false; config = {
}; homeconfig = {
graphical = lib.mkDefault false;
minimal = lib.mkDefault false;
hyprland.enable = false;
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders = "ssh://builder x86_64-linux,aarch64-linux /run/secrets/remoteBuildKey 1 1 nixos-test,benchmark,big-parallel,kvm - -";
builders-use-substituters = true;
}; };
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders = "ssh://builder x86_64-linux,aarch64-linux /run/secrets/remoteBuildKey 1 1 nixos-test,benchmark,big-parallel,kvm - -";
builders-use-substituters = true;
};
};
programs.home-manager.enable = true;
}; };
programs.home-manager.enable = true;
}; };
}
flake.homeConfigurations.nathan = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs {
system = builtins.currentSystem;
};
modules = [
self.homeModules.nathan
];
};
}

1
machines/android

Submodule machines/android deleted from 4ba07466f6

2
machines/homebox

Submodule machines/homebox updated: 1f7d5634bd...d134deee7e

2
machines/laptop

Submodule machines/laptop updated: 37e225fad4...e627da5b4c

259
profiles/container/default.nix
View File

@@ -1,157 +1,160 @@
{ config, pkgs, lib, inputs, ... }: { ... }: {
{ flake.nixosModules.container = { config, pkgs, lib, inputs, ... }:
imports =
[
inputs.home-manager.nixosModules.default
];
config = { {
hardware.nvidia.open = true; imports =
[
boot.isContainer = true; inputs.home-manager.nixosModules.default
services = { ];
xserver = {
config = {
hardware.nvidia.open = true;
boot.isContainer = true;
services = {
xserver = {
#enable = true; #enable = true;
videoDrivers = ["nvidia"]; videoDrivers = ["nvidia"];
};
displayManager = {
enable = true;
defaultSession = "plasma";
autoLogin = {
enable = true;
user = "nathan";
}; };
displayManager = {
enable = true;
defaultSession = "plasma";
autoLogin = {
enable = true;
user = "nathan";
};
};
pulseaudio.enable = false;
}; };
pulseaudio.enable = false;
};
systemd.extraConfig = "DefaultLimitNOFILE=2048"; systemd.extraConfig = "DefaultLimitNOFILE=2048";
/* /*
environment.sessionVariables = { environment.sessionVariables = {
WLR_BACKENDS = "headless"; WLR_BACKENDS = "headless";
WLR_LIBINPUT_NO_DEVICES = "1"; WLR_LIBINPUT_NO_DEVICES = "1";
}; };
*/ */
programs.zsh.enable = true; programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ]; environment.shells = with pkgs; [ zsh ];
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
nixpkgs = { nixpkgs = {
config.allowUnfree = true; config.allowUnfree = true;
hostPlatform = "x86_64-linux"; hostPlatform = "x86_64-linux";
}; };
# Set your time zone. # Set your time zone.
time.timeZone = "America/Chicago"; time.timeZone = "America/Chicago";
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = { i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8";
}; };
services.displayManager.sddm.settings.AutoLogin = { services.displayManager.sddm.settings.AutoLogin = {
User = "nathan"; User = "nathan";
Session = "plasmawayland.desktop"; Session = "plasmawayland.desktop";
Relogin = true; Relogin = true;
}; };
networking = { networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ]; nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true; networkmanager.enable = true;
firewall.allowedTCPPorts = [ 80 ]; firewall.allowedTCPPorts = [ 80 ];
}; };
system.stateVersion = "25.05"; # Did you read the comment? system.stateVersion = "25.05"; # Did you read the comment?
users.users."nathan" = { users.users."nathan" = {
isNormalUser = true; isNormalUser = true;
initialPassword = "7567"; initialPassword = "7567";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path; #hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [ extraGroups = [
"wheel" "wheel"
]; # Enable sudo for the user. ]; # Enable sudo for the user.
/*openssh.authorizedKeys.keys = [ /*openssh.authorizedKeys.keys = [
];*/ ];*/
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
}; };
nix = { /*sops = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
settings = { defaultSopsFile = ./secrets.yaml;
experimental-features = [ "nix-command" "flakes" ]; defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
};
};*/
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs;};
users = {
"nathan" = lib.mkMerge [
inputs.nathan-home-manager
{
config.homeconfig = {
minimal = false;
hyprland.enable = false;
wal.enable = false;
hyprpanel.enable = false;
hyprlock.enable = false;
mpd.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
};
}
];
};
}; };
sysconfig = {
opts = {
novnc.enable = true;
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
kdePlasma6.enable = true;
git.enable = true;
nh.enable = true;
netbird.enable = true;
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
/*sops = {
age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
};
};*/
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs;};
users = {
"nathan" = lib.mkMerge [
inputs.nathan-home-manager
{
config.homeconfig = {
minimal = false;
hyprland.enable = false;
wal.enable = false;
hyprpanel.enable = false;
hyprlock.enable = false;
mpd.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
};
}
];
};
};
sysconfig = {
opts = {
novnc.enable = true;
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
kdePlasma6.enable = true;
git.enable = true;
nh.enable = true;
netbird.enable = true;
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
} }

199
profiles/homebox/default.nix
View File

@@ -1,116 +1,119 @@
{ config, pkgs, lib, disko, sops-nix, home-manager, ... }: { ... }: {
{ flake.nixosModules.homebox = { config, pkgs, lib, disko, sops-nix, home-manager, ... }:
imports =
[
disko.nixosModules.default
sops-nix.nixosModules.sops
home-manager.nixosModules.default
];
config = { {
imports =
boot = { [
kernelPackages = pkgs.linuxKernel.packages.linux_6_18; disko.nixosModules.default
loader = {
systemd-boot.enable = true; sops-nix.nixosModules.sops
efi.canTouchEfiVariables = true;
home-manager.nixosModules.default
];
config = {
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
}; };
binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
};
systemd.settings.Manager.DefaultLimitNOFILE = 2048; systemd.settings.Manager.DefaultLimitNOFILE = 2048;
programs.zsh.enable = true; programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ]; environment.shells = with pkgs; [ zsh bashInteractive ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking = { networking = {
nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ]; nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ];
networkmanager = { networkmanager = {
enable = true;
dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
nftables = {};
nat = {
enable = true;
internalInterfaces = [ "ve-.+" ];
externalInterface = "wlp7s0"; # wifi
#externalInterface = "enp6s0"; # ethernet
};
};
sysconfig = {
remoteBuildHost = true;
graphical = false;
services = {
sddm.enable = false;
openssh.enable = true;
pipewire.enable = true;
netbird.enable = true;
ollama.enable = false;
avahi.enable = true;
wyoming = {
enable = true; enable = true;
piper = true; dns = "none";
openwakeword = true; };
faster-whisper = true; useDHCP = false;
dhcpcd.enable = false;
nftables = {};
nat = {
enable = true;
internalInterfaces = [ "ve-.+" ];
externalInterface = "wlp7s0"; # wifi
#externalInterface = "enp6s0"; # ethernet
}; };
}; };
programs = { sysconfig = {
hyprland.enable = false; remoteBuildHost = true;
hyprpanel.enable = false; graphical = false;
steam.enable = false;
services = {
sddm.enable = false;
openssh.enable = true;
pipewire.enable = true;
netbird.enable = true;
ollama.enable = false;
avahi.enable = true;
wyoming = {
enable = true;
piper = true;
openwakeword = true;
faster-whisper = true;
};
};
programs = {
hyprland.enable = false;
hyprpanel.enable = false;
steam.enable = false;
};
docker = {
enable = true;
portainer.enable = true;
traefik.enable = true;
pihole.enable = true;
authentik.enable = true;
netbird.enable = true;
openwebui.enable = true;
ollama.enable = true;
searxng.enable = true;
home-assistant.enable = true;
n8n.enable = true;
nextcloud.enable = false;
jellyfin.enable = true;
};
containers = {
"esotericbytes.com".enable = true;
gitea.enable = true;
code-server.enable = true;
minecraft.enable = true;
sandbox.enable = false;
};
virtual-machines = {
enable = true;
};
}; };
docker = { fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
enable = true;
portainer.enable = true;
traefik.enable = true;
pihole.enable = true;
authentik.enable = true;
netbird.enable = true;
openwebui.enable = true;
ollama.enable = true;
searxng.enable = true;
home-assistant.enable = true;
n8n.enable = true;
nextcloud.enable = false;
jellyfin.enable = true;
};
containers = {
"esotericbytes.com".enable = true;
gitea.enable = true;
code-server.enable = true;
minecraft.enable = true;
sandbox.enable = false;
};
virtual-machines = {
enable = true;
};
}; };
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
} }

173
profiles/iso/default.nix
View File

@@ -1,106 +1,109 @@
{ lib, pkgs, inputs, modulesPath, ... }: { { ... }: {
imports = with inputs; [ flake.nixosModules.iso = { lib, pkgs, inputs, modulesPath, ... }: {
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
home-manager.nixosModules.default
]; imports = with inputs; [
config = { (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
fonts.fontconfig.enable = lib.mkForce true; home-manager.nixosModules.default
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ];
system.stateVersion = "25.05";
nixpkgs.hostPlatform = "x86_64-linux"; ];
users.users."nathan" = { config = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
users.users.nixos.enable = lib.mkForce false; fonts.fontconfig.enable = lib.mkForce true;
services.getty.autologinUser = lib.mkForce null; fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ];
networking = { system.stateVersion = "25.05";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
programs.zsh.enable = true; nixpkgs.hostPlatform = "x86_64-linux";
environment.shells = with pkgs; [ zsh bashInteractive ]; users.users."nathan" = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
sysconfig = { users.users.nixos.enable = lib.mkForce false;
host = "iso";
graphical = true; services.getty.autologinUser = lib.mkForce null;
users = {
nathan = { networking = {
extraGroups = [ "wheel" "networkmanager" ]; nameservers = [ "1.1.1.1" "1.0.0.1" ];
shell = pkgs.zsh; networkmanager.enable = true;
sshKeys = [ };
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
]; programs.zsh.enable = true;
home-manager = {
enable = true; environment.shells = with pkgs; [ zsh bashInteractive ];
standalone = false;
extraModules = [ sysconfig = {
{ host = "iso";
homeconfig = { graphical = true;
minimal = false; users = {
hyprland.enable = true; nathan = {
hyprlock.enable = true; extraGroups = [ "wheel" "networkmanager" ];
wal.enable = true; shell = pkgs.zsh;
mpd.enable = true; sshKeys = [
hyprpanel.enable = true; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
rofi.enable = true;
firefox.enable = true;
git.enable = false;
nh.enable = true;
};
}
]; ];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
rofi.enable = true;
firefox.enable = true;
git.enable = false;
nh.enable = true;
};
}
];
};
};
};
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
}; };
}; };
}; };
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
};
};
}; };
}; };
} }

215
profiles/jesstop/default.nix
View File

@@ -1,131 +1,134 @@
{ config, pkgs, lib, inputs, ... }: { ... }: {
{ flake.nixosModules.jesstop = { config, pkgs, lib, inputs, ... }:
imports = [ {
./hardware-configuration.nix
#inputs.home-manager.nixosModules.default imports = [
./hardware-configuration.nix
inputs.sops-nix.nixosModules.sops #inputs.home-manager.nixosModules.default
];
config = { inputs.sops-nix.nixosModules.sops
nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
hardware = {
graphics.enable = true;
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
]; ];
sysconfig.opts = { config = {
sddm.enable = true;
openssh.enable = false;
steam.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
git.enable = false;
nh.enable = true;
}; nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
hardware = {
graphics.enable = true;
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
];
sysconfig.opts = {
sddm.enable = true;
openssh.enable = false;
steam.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
git.enable = false;
nh.enable = true;
};
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver = { services.xserver = {
enable = true; enable = true;
desktopManager.enlightenment.enable = true; desktopManager.enlightenment.enable = true;
}; };
services.acpid.enable = true; services.acpid.enable = true;
services.displayManager.enable = true; services.displayManager.enable = true;
# Enable CUPS to print documents. # Enable CUPS to print documents.
services.printing.enable = true; services.printing.enable = true;
system.stateVersion = "23.05"; # Did you read the comment? system.stateVersion = "23.05"; # Did you read the comment?
# Set your time zone. # Set your time zone.
time.timeZone = "America/Chicago"; time.timeZone = "America/Chicago";
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = { i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8";
};
networking = {
hostName = "jesstop";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
users.users."nickelback" = {
isNormalUser = true;
description = "Thomas Jefferson";
initialPassword = "89453712";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
"networkmanager"
]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [];
packages = with pkgs; [
(writeShellScriptBin "beets" ''
bluetoothctl connect A4:16:C0:74:1F:55
'')
spotify
gnome-network-displays
discord
krita
rpcs3
];
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
}; };
networking = {
hostName = "jesstop";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
users.users."nickelback" = {
isNormalUser = true;
description = "Thomas Jefferson";
initialPassword = "89453712";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
"networkmanager"
]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [];
packages = with pkgs; [
(writeShellScriptBin "beets" ''
bluetoothctl connect A4:16:C0:74:1F:55
'')
spotify
gnome-network-displays
discord
krita
rpcs3
];
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
} }

68
profiles/jesstop/hardware-configuration.nix
View File

@@ -1,39 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config { ... }: {
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ flake.nixosModules.jesstop = { config, lib, pkgs, modulesPath, ... }:
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; {
boot.initrd.kernelModules = [ ]; imports =
boot.kernelModules = [ "kvm-intel" ]; [ (modulesPath + "/installer/scan/not-detected.nix")
boot.extraModulePackages = [ ]; ];
fileSystems."/" = boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
{ device = "/dev/disk/by-uuid/d76defe1-149f-4ea2-a5a1-d9cc2804cf72"; boot.initrd.kernelModules = [ ];
fsType = "ext4"; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d76defe1-149f-4ea2-a5a1-d9cc2804cf72";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D497-6455";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}; };
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D497-6455";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

177
profiles/laptop/default.nix
View File

@@ -1,115 +1,118 @@
{ config, pkgs, lib, home-manager, sops-nix, ... }: { ... }: {
{ flake.nixosModules.laptop = { config, pkgs, lib, home-manager, sops-nix, ... }:
imports = [ {
home-manager.nixosModules.default
sops-nix.nixosModules.sops imports = [
]; home-manager.nixosModules.default
config = { sops-nix.nixosModules.sops
nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = null;
};
};
systemd.settings.Manager.DefaultLimitNOFILE = 2048;
hardware = {
graphics.enable = true;
firmware = with pkgs; [
sof-firmware
];
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
]; ];
sysconfig = with lib; { config = {
remoteBuildClient = mkDefault true;
graphical = mkDefault true; nixpkgs.config = {
allowUnfree = true;
services = {
sddm.enable = mkDefault true;
openssh.enable = mkDefault false;
pipewire.enable = mkDefault true;
netbird.enable = mkDefault true;
ollama.enable = mkDefault true;
avahi.enable = mkDefault true;
}; };
programs = { # Bootloader.
steam.enable = mkDefault true; boot = {
hyprpanel.enable = mkDefault true; kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
hyprland.enable = mkDefault true; loader = {
}; systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = null;
containers = {
wyoming = {
enable = mkDefault false;
}; };
}; };
virtual-machines = { systemd.settings.Manager.DefaultLimitNOFILE = 2048;
enable = true;
hardware = {
graphics.enable = true;
firmware = with pkgs; [
sof-firmware
];
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
];
sysconfig = with lib; {
remoteBuildClient = mkDefault true;
graphical = mkDefault true;
services = {
sddm.enable = mkDefault true;
openssh.enable = mkDefault false;
pipewire.enable = mkDefault true;
netbird.enable = mkDefault true;
ollama.enable = mkDefault true;
avahi.enable = mkDefault true;
};
programs = {
steam.enable = mkDefault true;
hyprpanel.enable = mkDefault true;
hyprland.enable = mkDefault true;
};
containers = {
wyoming = {
enable = mkDefault false;
};
};
virtual-machines = {
enable = true;
};
}; };
};
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver = { services.xserver = {
enable = true; enable = true;
}; };
services.displayManager.enable = true; services.displayManager.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ]; environment.shells = with pkgs; [ zsh bashInteractive ];
# Enable CUPS to print documents. # Enable CUPS to print documents.
services.printing.enable = true; services.printing.enable = true;
programs.adb.enable = true; programs.adb.enable = true;
programs.zsh.enable = true; programs.zsh.enable = true;
networking = { networking = {
nameservers = [ nameservers = [
"1.1.1.1" "1.1.1.1"
"1.0.0.1" "1.0.0.1"
]; ];
networkmanager = { networkmanager = {
enable = true; enable = true;
dns = "none"; dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
}; };
useDHCP = false;
dhcpcd.enable = false;
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
} }

199
profiles/live/default.nix
View File

@@ -1,121 +1,124 @@
{ pkgs, inputs, ... }: { { ... }: {
imports = with inputs; [ flake.nixosModules.live = { pkgs, inputs, ... }: {
disko.nixosModules.default
(import ./disko.nix { device = "/dev/mmcblk0"; }) imports = with inputs; [
sops-nix.nixosModules.sops disko.nixosModules.default
home-manager.nixosModules.default (import ./disko.nix { device = "/dev/mmcblk0"; })
]; sops-nix.nixosModules.sops
config = { home-manager.nixosModules.default
hardware.enableRedistributableFirmware = true; ];
hardware.enableAllHardware = true;
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ]; config = {
networking = { hardware.enableRedistributableFirmware = true;
nameservers = [ "1.1.1.1" "1.0.0.1" ]; hardware.enableAllHardware = true;
networkmanager.enable = true;
};
nixpkgs.hostPlatform = "x86_64-linux"; programs.zsh.enable = true;
boot = { environment.shells = with pkgs; [ zsh bashInteractive ];
loader = {
systemd-boot.enable = true; networking = {
efi.canTouchEfiVariables = true; nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
}; };
};
users.users."nathan" = { nixpkgs.hostPlatform = "x86_64-linux";
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
sops = { boot = {
age.keyFile = "/var/lib/sops/age/keys.txt"; loader = {
defaultSopsFile = ./secrets.yaml; systemd-boot.enable = true;
defaultSopsFormat = "yaml"; efi.canTouchEfiVariables = true;
#secrets."nathan/pass".neededForUsers = true; };
}; };
sysconfig = { users.users."nathan" = {
#remoteBuildClient = true; hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
host = "live"; packages = with pkgs; [
graphical = true; git
users = { nerd-fonts.fira-code
nathan = { ];
extraGroups = [ "wheel" "networkmanager" ]; };
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
shell = pkgs.zsh; sops = {
sshKeys = [ age.keyFile = "/var/lib/sops/age/keys.txt";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" defaultSopsFile = ./secrets.yaml;
]; defaultSopsFormat = "yaml";
home-manager = { #secrets."nathan/pass".neededForUsers = true;
enable = true; };
standalone = false;
extraModules = [ sysconfig = {
{ #remoteBuildClient = true;
homeconfig = { host = "live";
minimal = false; graphical = true;
hyprland.enable = true; users = {
hyprlock.enable = true; nathan = {
wal.enable = true; extraGroups = [ "wheel" "networkmanager" ];
mpd.enable = true; #hashedPasswordFile = config.sops.secrets."nathan/pass".path;
hyprpanel.enable = true; shell = pkgs.zsh;
calcurse.enable = true; sshKeys = [
rofi.enable = true; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
firefox.enable = true;
#git.enable = true;
nh.enable = true;
};
}
]; ];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
#git.enable = true;
nh.enable = true;
};
}
];
};
};
};
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
}; };
}; };
}; };
services = { system.stateVersion = "25.05";
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = { fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
};
};
}; };
system.stateVersion = "25.05";
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
} }

129
profiles/live/disko.nix
View File

@@ -1,66 +1,69 @@
{ { ... }: {
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = { flake.diskoConfigurations.live = {
"/root" = { device1 ? throw "Set this to your disk device, e.g. /dev/sda",
mountpoint = "/"; ...
}; }: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
"/nix" = { subvolumes = {
mountOptions = ["subvol=nix" "noatime"]; "/root" = {
mountpoint = "/nix"; mountpoint = "/";
}; };
};
}; "/nix" = {
}; mountOptions = ["subvol=nix" "noatime"];
}; mountpoint = "/nix";
}; };
}; };
}; };
};
};
};
};
};
}
} }

239
profiles/pi4/default.nix
View File

@@ -1,135 +1,138 @@
{ config, pkgs, inputs, ... }: { { ... }: {
imports = [ flake.nixosModules.pi4 = { config, pkgs, inputs, ... }: {
./hardware-configuration.nix
inputs.disko.nixosModules.default
(import ./disko.nix { device1 = "/dev/mmcblk0"; })
inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
];
config = { imports = [
./hardware-configuration.nix
sysconfig = { inputs.disko.nixosModules.default
remoteBuildClient = true;
users = { (import ./disko.nix { device1 = "/dev/mmcblk0"; })
nathan = {
hashedPasswordFile = config.sops.secrets."nathan/pass".path; inputs.home-manager.nixosModules.default
shell = pkgs.zsh;
sshKeys = [ inputs.sops-nix.nixosModules.sops
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" ];
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
]; config = {
extraGroups = [
"wheel" sysconfig = {
"networkmanager" remoteBuildClient = true;
"gpio"
"spi" users = {
"audio" nathan = {
"pulse" hashedPasswordFile = config.sops.secrets."nathan/pass".path;
"pulse-access" shell = pkgs.zsh;
]; sshKeys = [
home-manager = { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
enable = true; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
standalone = false;
extraModules = [
{
homeconfig = {
scripts.enable = false;
minimal = true;
mpd.enable = true;
git.enable = true;
nh.enable = true;
};
}
]; ];
extraGroups = [
"wheel"
"networkmanager"
"gpio"
"spi"
"audio"
"pulse"
"pulse-access"
];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
scripts.enable = false;
minimal = true;
mpd.enable = true;
git.enable = true;
nh.enable = true;
};
}
];
};
}; };
}; };
services = {
openssh.enable = true;
#pipewire.enable = true;
netbird.enable = true;
};
};
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
hardware = {
bluetooth.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users = {
groups.gpio = {};
}; };
services = { services = {
openssh.enable = true; udev.extraRules = ''
#pipewire.enable = true; SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
netbird.enable = true; SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
}; SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
}; '';
boot = { pulseaudio = {
loader = { enable = true;
grub.enable = false; extraConfig = ''
generic-extlinux-compatible.enable = true; load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
}; '';
}; };
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
hardware = {
bluetooth.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users = {
groups.gpio = {};
};
services = {
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
}; };
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
sound.enable = true;
security.rtkit.enable = true;
system.stateVersion = "25.05";
}; };
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
sound.enable = true;
security.rtkit.enable = true;
system.stateVersion = "25.05";
}; };
} }

129
profiles/pi4/disko.nix
View File

@@ -1,66 +1,69 @@
{ { ... }: {
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = { flake.diskoConfigurations.pi4 = {
"/root" = { device1 ? throw "Set this to your disk device, e.g. /dev/sda",
mountpoint = "/"; ...
}; }: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
"/nix" = { subvolumes = {
mountOptions = ["subvol=nix" "noatime"]; "/root" = {
mountpoint = "/nix"; mountpoint = "/";
}; };
};
}; "/nix" = {
}; mountOptions = ["subvol=nix" "noatime"];
}; mountpoint = "/nix";
}; };
}; };
}; };
};
};
};
};
};
};
} }

42
profiles/pi4/hardware-configuration.nix
View File

@@ -1,27 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config { ... }: {
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ flake.nixosModules.pi4 = { config, lib, pkgs, modulesPath, ... }:
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" ]; {
boot.initrd.kernelModules = [ ]; imports =
boot.kernelModules = [ ]; [ (modulesPath + "/installer/scan/not-detected.nix")
boot.extraModulePackages = [ ]; ];
swapDevices = [ ]; boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking swapDevices = [ ];
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
};
} }

181
system/default.nix
View File

@@ -1,115 +1,112 @@
{ config, lib, pkgs, nixpkgs, ... }: { { ... }: {
imports = let flake.nixosModules.default = { config, lib, pkgs, nixpkgs, ... }: {
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
options.sysconfig = with lib; { options.sysconfig = with lib; {
host = mkOption { host = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
};
graphical = mkOption {
type = with types; bool;
default = config.hardware.graphics.enable;
};
remoteBuildHost = mkOption {
type = with types; bool;
default = false;
};
remoteBuildClient = mkOption {
type = with types; bool;
default = false;
};
};
config = {
networking.hostName = lib.mkDefault config.sysconfig.host;
nix = {
nixPath = [ "nixpkgs=${nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
}; };
graphical = mkOption {
type = with types; bool;
default = config.hardware.graphics.enable;
};
remoteBuildHost = mkOption {
type = with types; bool;
default = false;
};
remoteBuildClient = mkOption {
type = with types; bool;
default = false;
};
};
distributedBuilds = config.sysconfig.remoteBuildClient; config = {
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
networking.hostName = lib.mkDefault config.sysconfig.host;
nix = {
nixPath = [ "nixpkgs=${nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
distributedBuilds = config.sysconfig.remoteBuildClient;
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
{ {
hostName = "esotericbytes.com"; hostName = "esotericbytes.com";
sshUser = "remote-builder"; sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildKey".path; sshKey = config.sops.secrets."remoteBuildKey".path;
supportedFeatures = [ supportedFeatures = [
"nixos-test" "nixos-test"
"benchmark" "benchmark"
"big-parallel" "big-parallel"
"kvm" "kvm"
]; ];
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [ "x86_64-linux" "aarch64-linux" ];
} }
]; ];
}; };
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost { users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
isNormalUser = true; isNormalUser = true;
createHome = false; createHome = false;
}; };
sops.secrets = let sops.secrets = let
dir = builtins.readDir ../machines; dir = builtins.readDir ../machines;
in lib.mkIf config.sysconfig.remoteBuildHost (builtins.listToAttrs in lib.mkIf config.sysconfig.remoteBuildHost (builtins.listToAttrs
(builtins.map (builtins.map
(y: { name = "remoteBuildClientKeys/${y}"; value = { sopsFile = ./secrets.yaml; }; }) (y: { name = "remoteBuildClientKeys/${y}"; value = { sopsFile = ./secrets.yaml; }; })
(builtins.filter (builtins.filter
(x: dir.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient) (x: dir.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient)
(builtins.attrNames dir) (builtins.attrNames dir)
) )
)
);
sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.filter
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) )
); );
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFormat = "yaml";
};
time.timeZone = lib.mkDefault "America/Chicago"; sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.filter
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
)
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
i18n = lib.mkDefault { sops = {
defaultLocale = "en_US.UTF-8"; age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFormat = "yaml";
};
extraLocaleSettings = { time.timeZone = lib.mkDefault "America/Chicago";
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; i18n = lib.mkDefault {
LC_MEASUREMENT = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8"; extraLocaleSettings = {
LC_NUMERIC = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
}; };
}; };
}; };
} };

6
system/etc/default.nix
View File

@@ -1,6 +1,10 @@
{ ... }: { { ... }: {
config = { flake.nixosModules.default = { ... }: {
config = {
};
}; };
} }

14
system/packages/default.nix
View File

@@ -1,7 +1,11 @@
{ pkgs, disko, ... }: { { inputs, ... }: {
environment.systemPackages = with pkgs; [ flake.nixosModules.default = { pkgs, ... }: {
sops
disko.packages.${pkgs.stdenv.hostPlatform.system}.disko-install environment.systemPackages = with pkgs; [
]; sops
inputs.disko.packages.${pkgs.stdenv.hostPlatform.system}.disko-install
];
};
} }

9
system/programs/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = [
./hyprland
./hyprpanel
./steam
];
}

34
system/programs/hyprland/default.nix
View File

@@ -1,28 +1,32 @@
{ config, lib, pkgs, hyprland, ... }: { { ... }: {
options.sysconfig.programs.hyprland.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, pkgs, hyprland, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.programs.hyprland.enable { options.sysconfig.programs.hyprland.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
sysconfig.services.sddm.enable = lib.mkDefault true; config = lib.mkIf config.sysconfig.programs.hyprland.enable {
environment.sessionVariables.NIXOS_OZONE_WL = "1"; sysconfig.services.sddm.enable = lib.mkDefault true;
programs.hyprland = { environment.sessionVariables.NIXOS_OZONE_WL = "1";
enable = true;
withUWSM = true; programs.hyprland = {
enable = true;
xwayland.enable = true; withUWSM = true;
systemd.setPath.enable = true; xwayland.enable = true;
package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; systemd.setPath.enable = true;
portalPackage = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
};
}; };
}; };
} }

52
system/programs/hyprpanel/default.nix
View File

@@ -1,30 +1,34 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.programs.hyprpanel.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.programs.hyprpanel.enable { options.sysconfig.programs.hyprpanel.enable = lib.options.mkOption {
services = { type = lib.types.bool;
upower.enable = true; default = false;
gvfs.enable = true;
power-profiles-daemon.enable = true;
}; };
environment.systemPackages = with pkgs; [ config = lib.mkIf config.sysconfig.programs.hyprpanel.enable {
bluez services = {
bluez-tools upower.enable = true;
libgtop gvfs.enable = true;
dart-sass power-profiles-daemon.enable = true;
wl-clipboard };
gtksourceview
libsoup_3 environment.systemPackages = with pkgs; [
brightnessctl bluez
swww bluez-tools
hyprpicker libgtop
hyprsunset dart-sass
wf-recorder wl-clipboard
]; gtksourceview
libsoup_3
brightnessctl
swww
hyprpicker
hyprsunset
wf-recorder
];
};
}; };
} }

22
system/programs/steam/default.nix
View File

@@ -1,14 +1,18 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.programs.steam.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.programs.steam.enable { options.sysconfig.programs.steam.enable = lib.options.mkOption {
type = lib.types.bool;
programs.steam = { default = false;
enable = true; };
config = lib.mkIf config.sysconfig.programs.steam.enable {
programs.steam = {
enable = true;
};
}; };
}; };
} }

42
system/services/avahi/default.nix
View File

@@ -1,23 +1,27 @@
{ config, lib, ... }: { { ... }: {
options = { flake.nixosModules.default = { config, lib, ... }: {
sysconfig.services.avahi.enable = lib.options.mkOption {
type = lib.types.bool; options = {
default = false; sysconfig.services.avahi.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.avahi.enable {
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
}; };
}; };
config = lib.mkIf config.sysconfig.services.avahi.enable {
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
};
} }

9
system/services/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
}

54
system/services/dynamicDNS/default.nix
View File

@@ -1,40 +1,44 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.services.dynamicDNS.enable = with lib; mkOption { flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = with types; bool; options.sysconfig.services.dynamicDNS.enable = with lib; mkOption {
default = false;
};
config = lib.mkIf config.sysconfig.services.dynamicDNS.enable { type = with types; bool;
default = false;
systemd.timers.dynamicDNS = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "1h";
Unit = "dynamicDNS.service";
};
}; };
systemd.services.dynamicDNS = { config = lib.mkIf config.sysconfig.services.dynamicDNS.enable {
name = "dynamicDNS.service"; systemd.timers.dynamicDNS = {
serviceConfig = { wantedBy = [ "timers.target" ];
Type = "oneshot"; timerConfig = {
LoadCredential = [ "cloudflare-api-key" ]; OnBootSec = "5m";
OnUnitActiveSec = "1h";
Unit = "dynamicDNS.service";
};
}; };
script = ''''; systemd.services.dynamicDNS = {
name = "dynamicDNS.service";
serviceConfig = {
Type = "oneshot";
LoadCredential = [ "cloudflare-api-key" ];
};
script = '''';
};
}; };
}; };
} }

54
system/services/kdePlasma6/default.nix
View File

@@ -1,31 +1,35 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.services.kdePlasma6.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.services.kdePlasma6.enable { options.sysconfig.services.kdePlasma6.enable = lib.options.mkOption {
type = lib.types.bool;
services.desktopManager.plasma6.enable = true; default = false;
};
sysconfig.services.sddm.enable = lib.mkDefault true; config = lib.mkIf config.sysconfig.services.kdePlasma6.enable {
environment.systemPackages = with pkgs; [ services.desktopManager.plasma6.enable = true;
kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice
kdePackages.kcalc # Calculator sysconfig.services.sddm.enable = lib.mkDefault true;
kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts
kdePackages.kcolorchooser # A small utility to select a color environment.systemPackages = with pkgs; [
kdePackages.kolourpaint # Easy-to-use paint program kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice
kdePackages.ksystemlog # KDE SystemLog Application kdePackages.kcalc # Calculator
kdePackages.sddm-kcm # Configuration module for SDDM kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts
kdiff3 # Compares and merges 2 or 3 files or directories kdePackages.kcolorchooser # A small utility to select a color
kdePackages.isoimagewriter # Optional: Program to write hybrid ISO files onto USB disks kdePackages.kolourpaint # Easy-to-use paint program
kdePackages.partitionmanager # Optional Manage the disk devices, partitions and file systems on your computer kdePackages.ksystemlog # KDE SystemLog Application
hardinfo2 # System information and benchmarks for Linux systems kdePackages.sddm-kcm # Configuration module for SDDM
haruna # Open source video player built with Qt/QML and libmpv kdiff3 # Compares and merges 2 or 3 files or directories
wayland-utils # Wayland utilities kdePackages.isoimagewriter # Optional: Program to write hybrid ISO files onto USB disks
wl-clipboard # Command-line copy/paste utilities for Wayland kdePackages.partitionmanager # Optional Manage the disk devices, partitions and file systems on your computer
]; hardinfo2 # System information and benchmarks for Linux systems
haruna # Open source video player built with Qt/QML and libmpv
wayland-utils # Wayland utilities
wl-clipboard # Command-line copy/paste utilities for Wayland
];
};
}; };
} }

42
system/services/netbird/default.nix
View File

@@ -1,26 +1,30 @@
{ config, lib, nixpkgs-us, ... }: { { ... }: {
options.sysconfig = { flake.nixosModules.default = { config, lib, nixpkgs-us, ... }: {
services.netbird.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = let options.sysconfig = {
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
};
in lib.mkIf config.sysconfig.services.netbird.enable {
services.netbird = { services.netbird.enable = lib.options.mkOption {
enable = config.sysconfig.services.netbird.enable; type = lib.types.bool;
ui = { default = false;
enable = true; };
package = pkgs-us.netbird-ui; };
config = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
};
in lib.mkIf config.sysconfig.services.netbird.enable {
services.netbird = {
enable = config.sysconfig.services.netbird.enable;
ui = {
enable = true;
package = pkgs-us.netbird-ui;
};
package = pkgs-us.netbird;
}; };
package = pkgs-us.netbird;
}; };
}; };
} }

52
system/services/novnc/default.nix
View File

@@ -1,30 +1,34 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.services.novnc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.services.novnc.enable { flake.nixosModules.default = { config, lib, pkgs, ... }: {
systemd.services.novnc = {
enable = true;
path = with pkgs; [ options.sysconfig.services.novnc.enable = lib.mkOption {
novnc type = lib.types.bool;
ps default = false;
];
script = ''
novnc --listen 80 --vnc 127.0.0.1:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
}; };
networking.firewall.allowedTCPPorts = [ 80 ]; config = lib.mkIf config.sysconfig.services.novnc.enable {
systemd.services.novnc = {
enable = true;
path = with pkgs; [
novnc
ps
];
script = ''
novnc --listen 80 --vnc 127.0.0.1:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
}; };
} }

42
system/services/ollama/default.nix
View File

@@ -1,25 +1,29 @@
{ config, lib, nixpkgs-us, ... }: { { ... }: {
options = { flake.nixosModules.default = { config, lib, nixpkgs-us, ... }: {
sysconfig.services.ollama.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.ollama.enable { options = {
services.ollama = { sysconfig.services.ollama.enable = lib.options.mkOption {
enable = true; type = lib.types.bool;
acceleration = "cuda"; default = false;
environmentVariables = { };
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000"; };
config = lib.mkIf config.sysconfig.services.ollama.enable {
services.ollama = {
enable = true;
acceleration = "cuda";
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000";
};
package = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.ollama-cuda;
}; };
package = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.ollama-cuda;
}; };
}; };
} }

32
system/services/openssh/default.nix
View File

@@ -1,22 +1,26 @@
{ config, lib, ... }: { { ... }: {
options = { flake.nixosModules.default = { config, lib, ... }: {
sysconfig.services.openssh.enable = lib.options.mkOption {
type = lib.types.bool; options = {
default = false; sysconfig.services.openssh.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
}; };
};
config = lib.mkIf (config.sysconfig.services.openssh.enable || config.sysconfig.remoteBuildHost) { config = lib.mkIf (config.sysconfig.services.openssh.enable || config.sysconfig.remoteBuildHost) {
services.openssh = { services.openssh = {
enable = true; enable = true;
openFirewall = lib.mkDefault true; openFirewall = lib.mkDefault true;
settings = { settings = {
PermitRootLogin = lib.mkForce "no"; PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
};
}; };
}; };
}; };
} }

75
system/services/pipewire/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: { { ... }: {
options = {
sysconfig.services.pipewire.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.pipewire.enable { flake.nixosModules.default = { config, lib, pkgs, ... }: {
options = {
sysconfig.services.pipewire.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.pipewire.enable {
# Enable sound with pipewire. # Enable sound with pipewire.
#sound.enable = true; #sound.enable = true;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
package = pkgs.pipewire; package = pkgs.pipewire;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
extraConfig.pipewire-pulse."92-low-latency" = { extraConfig.pipewire-pulse."92-low-latency" = {
context.modules = [ context.modules = [
{ {
name = "libpipewire-module-protocol-pulse"; name = "libpipewire-module-protocol-pulse";
args = { args = {
pulse.min.req = "32/48000"; pulse.min.req = "32/48000";
pulse.default.req = "32/48000"; pulse.default.req = "32/48000";
pulse.max.req = "32/48000"; pulse.max.req = "32/48000";
pulse.min.quantum = "32/48000"; pulse.min.quantum = "32/48000";
pulse.max.quantum = "32/48000"; pulse.max.quantum = "32/48000";
};
}
];
stream.properties = {
node.latency = "32/48000";
resample.quality = 1;
}; };
}
];
stream.properties = {
node.latency = "32/48000";
resample.quality = 1;
}; };
};
# If you want to use JACK applications, uncomment this # If you want to use JACK applications, uncomment this
#jack.enable = true; #jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default, # use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now) # no need to redefine it in your config for now)
wireplumber.enable = true; wireplumber.enable = true;
};
}; };
}; };
} }

53
system/services/sddm/default.nix
View File

@@ -1,34 +1,37 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.services.sddm.enable = lib.mkOption { flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.services.sddm.enable { options.sysconfig.services.sddm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
qt.enable = true; config = lib.mkIf config.sysconfig.services.sddm.enable {
environment.systemPackages = with pkgs; [ (sddm-astronaut.override { embeddedTheme = "pixel_sakura"; }) ]; qt.enable = true;
services.displayManager.sddm = { environment.systemPackages = with pkgs; [ (sddm-astronaut.override { embeddedTheme = "pixel_sakura"; }) ];
enable = true;
wayland.enable = true;
autoNumlock = true;
theme = "sddm-astronaut-theme"; #"${inputs.tokyo-night-sddm-theme { inherit pkgs; }}";
enableHidpi = true;
/*extraPackages = with pkgs; [
libsForQt5.qtsvg
libsForQt5.qtquickcontrols2
libsForQt5.qtgraphicaleffects
];*/
package = lib.mkDefault pkgs.kdePackages.sddm; services.displayManager.sddm = {
extraPackages = with pkgs; [ enable = true;
kdePackages.qtsvg wayland.enable = true;
kdePackages.qtvirtualkeyboard autoNumlock = true;
kdePackages.qtmultimedia theme = "sddm-astronaut-theme"; #"${inputs.tokyo-night-sddm-theme { inherit pkgs; }}";
]; enableHidpi = true;
/*extraPackages = with pkgs; [
libsForQt5.qtsvg
libsForQt5.qtquickcontrols2
libsForQt5.qtgraphicaleffects
];*/
package = lib.mkDefault pkgs.kdePackages.sddm;
extraPackages = with pkgs; [
kdePackages.qtsvg
kdePackages.qtvirtualkeyboard
kdePackages.qtmultimedia
];
};
}; };
}; };
} }

107
system/services/wyoming/default.nix
View File

@@ -1,66 +1,69 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.services.wyoming = { flake.nixosModules.default = { config, lib, ... }: {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.wyoming.enable { options.sysconfig.services.wyoming = {
enable = lib.options.mkOption {
services.wyoming = { type = lib.types.bool;
default = false;
piper = lib.mkIf config.sysconfig.services.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
}; };
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
openwakeword = lib.mkIf config.sysconfig.services.wyoming.openwakeword { config = lib.mkIf config.sysconfig.services.wyoming.enable {
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5; services.wyoming = {
customModelsDirectories = [
piper = lib.mkIf config.sysconfig.services.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
};
openwakeword = lib.mkIf config.sysconfig.services.wyoming.openwakeword {
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words #./wake_words
]; ];
}; };
faster-whisper = lib.mkIf config.sysconfig.services.wyoming.faster-whisper { faster-whisper = lib.mkIf config.sysconfig.services.wyoming.faster-whisper {
servers.whisper = { servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.services.wyoming.satellite {
enable = true; enable = true;
device = "auto"; uri = "tcp://0.0.0.0:11431";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
}; };
}; };
satellite = lib.mkIf config.sysconfig.services.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
};
}; };
}; };
} }

232
system/users/default.nix
View File

@@ -1,144 +1,140 @@
{ config, lib, pkgs, ... } @ inputs: { { ... }: {
imports = let flake.nixosModules.default = { config, lib, pkgs, ... } @ inputs: {
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
options.sysconfig = with lib; {
sshHostKeys = lib.mkOption {
type = with lib.types; attrsOf str;
default = {};
};
users = let options.sysconfig = with lib; {
userType = types.submodule ({ name, ... }: { sshHostKeys = lib.mkOption {
options = with lib; { type = with lib.types; attrsOf str;
name = mkOption { default = {};
};
users = let
userType = types.submodule ({ name, ... }: {
options = with lib; {
name = mkOption {
type = with types; passwdEntry str; type = with types; passwdEntry str;
default = name; default = name;
}; };
home-manager = { home-manager = {
enable = mkOption { enable = mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
}; };
standalone = mkOption { standalone = mkOption {
type = with types; bool; type = with types; bool;
default = true; default = true;
description = "is this home-manager standalone?"; description = "is this home-manager standalone?";
}; };
extraModules = mkOption { extraModules = mkOption {
type = with types; listOf raw; type = with types; listOf raw;
default = [];
};
};
isSuperuser = mkOption {
type = with types; bool;
default = false;
description = "sudo?";
};
usePresets = mkOption {
type = with types; bool;
default = true;
description = "search for predefined settings?";
};
ssh = {
keys = mkOption {
type = with types; listOf str;
default = [];
description = "public keys used to login as this user";
};
hosts = mkOption {
type = with types; listOf str;
default = [];
description = "user@host's used to login as this user";
};
};
uid = mkOption {
type = with types; nullOr int;
default = null;
};
hashedPasswordFile = mkOption {
type = with types; nullOr str;
default = null;
};
extraGroups = mkOption {
type = with types; listOf str;
default = []; default = [];
}; };
};
shell = mkOption { isSuperuser = mkOption {
type = with types; package; type = with types; bool;
default = pkgs.shadow; default = false;
}; description = "sudo?";
}; };
});
in lib.mkOption { usePresets = mkOption {
type = with lib.types; attrsOf userType; type = with types; bool;
default = {}; default = true;
description = "search for predefined settings?";
};
ssh = {
keys = mkOption {
type = with types; listOf str;
default = [];
description = "public keys used to login as this user";
};
hosts = mkOption {
type = with types; listOf str;
default = [];
description = "user@host's used to login as this user";
};
};
uid = mkOption {
type = with types; nullOr int;
default = null;
};
hashedPasswordFile = mkOption {
type = with types; nullOr str;
default = null;
};
extraGroups = mkOption {
type = with types; listOf str;
default = [];
};
shell = mkOption {
type = with types; package;
default = pkgs.shadow;
};
};
});
in lib.mkOption {
type = with lib.types; attrsOf userType;
default = {};
};
}; };
};
config = lib.mkIf (config.sysconfig.host != "android") { config = lib.mkIf (config.sysconfig.host != "android") {
users.users = builtins.mapAttrs (x: y: let users.users = builtins.mapAttrs (x: y: let
cfg = config.sysconfig.users.${x}; cfg = config.sysconfig.users.${x};
in { in {
name = cfg.name; name = cfg.name;
isNormalUser = true; isNormalUser = true;
uid = cfg.uid; uid = cfg.uid;
hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile; hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
shell = cfg.shell; shell = cfg.shell;
extraGroups = cfg.extraGroups ++ (if cfg.isSuperuser then [ "wheel" ] else []); extraGroups = cfg.extraGroups ++ (if cfg.isSuperuser then [ "wheel" ] else []);
openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable (cfg.ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) cfg.ssh.hosts)); openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable (cfg.ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) cfg.ssh.hosts));
packages = with pkgs; lib.mkIf (cfg.home-manager.enable && cfg.home-manager.standalone) [ home-manager ]; packages = with pkgs; lib.mkIf (cfg.home-manager.enable && cfg.home-manager.standalone) [ home-manager ];
}) config.sysconfig.users; }) config.sysconfig.users;
programs.fuse.userAllowOther = true;
home-manager = { programs.fuse.userAllowOther = true;
backupFileExtension = "backup";
extraSpecialArgs = { inherit inputs; };
useUserPackages = true;
sharedModules = [];
users = builtins.listToAttrs (builtins.map
(x: {
name = x;
value = (lib.mkMerge ([
(if let home-manager = {
dir = builtins.readDir ./.; backupFileExtension = "backup";
in dir ? ${x} && dir.${x} == "directory" then extraSpecialArgs = { inherit inputs; };
import ../../homes/${x}/home-manager useUserPackages = true;
else {}) sharedModules = [];
users = builtins.listToAttrs (builtins.map
(x: {
name = x;
value = (lib.mkMerge ([
(if inputs ? ${x} then inputs.${x} else {}) (if let
dir = builtins.readDir ./.;
in dir ? ${x} && dir.${x} == "directory" then
import ../../homes/${x}/home-manager
else {})
] ++ config.sysconfig.users.${x}.home-manager.extraModules)); (if inputs ? ${x} then inputs.${x} else {})
})
(builtins.filter ] ++ config.sysconfig.users.${x}.home-manager.extraModules));
(y: (config.sysconfig.users.${y}.home-manager.enable && !config.sysconfig.users.${y}.home-manager.standalone)) })
(builtins.attrNames config.sysconfig.users) (builtins.filter
) (y: (config.sysconfig.users.${y}.home-manager.enable && !config.sysconfig.users.${y}.home-manager.standalone))
); (builtins.attrNames config.sysconfig.users)
)
);
};
}; };
}; };
} }

39
system/users/nathan/default.nix
View File

@@ -1,24 +1,27 @@
{ config, lib, pkgs, ... }: { { ... }: {
config = lib.mkIf ( flake.nixosModules.default = { config, lib, pkgs, ... }: {
config.sysconfig.users ? nathan && config.sysconfig.users.nathan.usePresets
) {
sops.secrets."nathan/pass".neededForUsers = true;
users.users.nathan = { config = lib.mkIf (
shell = lib.mkDefault pkgs.zsh; config.sysconfig.users ? nathan && config.sysconfig.users.nathan.usePresets
name = lib.mkDefault "nathan"; ) {
isNormalUser = lib.mkDefault true;
#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
extraGroups = [ "networkmanager" "docker" "libvirtd" ];
openssh.authorizedKeys.keys = with config.sysconfig.users.nathan; lib.mkIf config.sysconfig.services.openssh.enable (
ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) ssh.hosts)
);
packages = lib.mkIf (
config.sysconfig.users.nathan.home-manager.enable && config.sysconfig.users.nathan.home-manager.standalone
) [ pkgs.home-manager ];
sops.secrets."nathan/pass".neededForUsers = true;
users.users.nathan = {
shell = lib.mkDefault pkgs.zsh;
name = lib.mkDefault "nathan";
isNormalUser = lib.mkDefault true;
#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
extraGroups = [ "networkmanager" "docker" "libvirtd" ];
openssh.authorizedKeys.keys = with config.sysconfig.users.nathan; lib.mkIf config.sysconfig.services.openssh.enable (
ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) ssh.hosts)
);
packages = lib.mkIf (
config.sysconfig.users.nathan.home-manager.enable && config.sysconfig.users.nathan.home-manager.standalone
) [ pkgs.home-manager ];
};
}; };
}; };
} }

53
system/virtualization/containers/code-server/default.nix
View File

@@ -1,40 +1,43 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers.code-server.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.code-server.enable { options.sysconfig.containers.code-server.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
containers.code-server = { config = lib.mkIf config.sysconfig.containers.code-server.enable {
autoStart = true; containers.code-server = {
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.31";
config = { autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.31";
services.code-server = { config = {
enable = true;
hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI";
disableUpdateCheck = true; services.code-server = {
enable = true;
disableTelemetry = true; hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI";
disableGettingStartedOverride = true; disableUpdateCheck = true;
auth = "none"; disableTelemetry = true;
host = "0.0.0.0"; disableGettingStartedOverride = true;
auth = "none";
host = "0.0.0.0";
};
networking.firewall.allowedTCPPorts = [ 4444 ];
system.stateVersion = "25.05";
}; };
networking.firewall.allowedTCPPorts = [ 4444 ];
system.stateVersion = "25.05";
}; };
}; };
}; };

32
system/virtualization/containers/default.nix
View File

@@ -1,32 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
/*imports = [
./gitlab
./gitea
./traefik
./nginx
./jellyfin
./pihole
./nextcloud
./ntfy
./homeassistant
./rustdesk
./netbird
./keycloak
./ollama
./openwebui
./n8n
./wyoming
./code-server
./novnc
./minecraft
#./sandbox
];*/
}

167
system/virtualization/containers/gitea/default.nix
View File

@@ -1,105 +1,110 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers.gitea.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.gitea.enable { options.sysconfig.containers.gitea.enable = lib.options.mkOption {
type = lib.types.bool;
networking = { default = false;
nat.internalInterfaces = [ "ve-gitea" ];
};
sops.secrets = {
"gitea/dbpass" = {};
}; };
containers.gitea = { config = lib.mkIf config.sysconfig.containers.gitea.enable {
autoStart = true; networking = {
privateNetwork = true; nat.internalInterfaces = [ "ve-gitea" ];
hostAddress = "192.168.100.10";
localAddress = "192.168.100.20";
bindMounts = {
"/etc/gitea/data" = {
hostPath = "/ssd1/Gitea/data";
isReadOnly = false;
};
}; };
extraFlags = [ sops.secrets = {
"--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}" "gitea/dbpass" = {};
]; };
config = {
systemd.services.secrets_setup = { containers.gitea = {
wantedBy = [ "gitea.service" ];
serviceConfig = { autoStart = true;
LoadCredential = [ privateNetwork = true;
"dbpass" hostAddress = "192.168.100.10";
]; localAddress = "192.168.100.20";
bindMounts = {
"/etc/gitea/data" = {
hostPath = "/ssd1/Gitea/data";
isReadOnly = false;
}; };
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass
chown gitea:gitea /etc/gitea/*
'';
}; };
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}"
];
services.gitea = { config = {
enable = true;
stateDir = "/etc/gitea/data"; systemd.services.secrets_setup = {
wantedBy = [ "gitea.service" ];
dump.enable = false; serviceConfig = {
LoadCredential = [
appName = "Gitea"; "dbpass"
];
settings = {
server = {
DOMAIN = "gitea.esotericbytes.com";
HTTP_PORT = 3000;
ROOT_URL = "https://gitea.esotericbytes.com/";
}; };
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
session.COOKIE_SECURE = true;
cron = { script = ''
ENABLED = true; cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass
RUN_AT_START = true; chown gitea:gitea /etc/gitea/*
}; '';
}; };
database = { services.gitea = {
passwordFile = "/etc/gitea/dbpass"; enable = true;
type = "postgres";
stateDir = "/etc/gitea/data";
dump.enable = false;
appName = "Gitea";
settings = {
server = {
DOMAIN = "gitea.esotericbytes.com";
HTTP_PORT = 3000;
ROOT_URL = "https://gitea.esotericbytes.com/";
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
session.COOKIE_SECURE = true;
cron = {
ENABLED = true;
RUN_AT_START = true;
};
};
database = {
passwordFile = "/etc/gitea/dbpass";
type = "postgres";
};
}; };
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
ports = [ 2222 ];
};
networking.firewall.allowedTCPPorts = [ 3000 ];
system.stateVersion = "24.11";
}; };
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
ports = [ 2222 ];
};
networking.firewall.allowedTCPPorts = [ 3000 ];
system.stateVersion = "24.11";
}; };
}; };
}; };

172
system/virtualization/containers/gitlab/default.nix
View File

@@ -1,172 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.gitlab.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.gitlab.enable {
sops.secrets = {
"gitlab/db_pass" = {};
"gitlab/root_pass" = {};
"gitlab/secrets/secret" = {};
"gitlab/secrets/otp" = {};
"gitlab/secrets/db" = {};
"gitlab/secrets/jws" = {};
"gitlab/oidc/id" = {};
"gitlab/oidc/secret" = {};
};
services.openssh.ports = [
2222
];
networking.firewall.allowedTCPPorts = [
22
2222
];
containers.gitlab = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.16";
forwardPorts = [
{
containerPort = 22;
hostPort = 22;
}
];
bindMounts = {
"/etc/gitlab/data" = {
hostPath = "/ssd1/Gitlab/data";
isReadOnly = false;
};
};
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."gitlab/db_pass".path}"
"--load-credential=rootpass:${config.sops.secrets."gitlab/root_pass".path}"
"--load-credential=secret:${config.sops.secrets."gitlab/secrets/secret".path}"
"--load-credential=otp:${config.sops.secrets."gitlab/secrets/otp".path}"
"--load-credential=db:${config.sops.secrets."gitlab/secrets/db".path}"
"--load-credential=jws:${config.sops.secrets."gitlab/secrets/jws".path}"
"--load-credential=oidc_id:${config.sops.secrets."gitlab/oidc/id".path}"
"--load-credential=oidc_secret:${config.sops.secrets."gitlab/oidc/secret".path}"
];
config = {
systemd.services.secrets_setup = {
wantedBy = [ "gitlab.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
"rootpass"
"secret"
"db"
"otp"
"jws"
"oidc_id"
"oidc_secret"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitlab/dbpass
cat ''${CREDENTIALS_DIRECTORY}/rootpass > /etc/gitlab/rootpass
cat ''${CREDENTIALS_DIRECTORY}/secret > /etc/gitlab/secret
cat ''${CREDENTIALS_DIRECTORY}/db > /etc/gitlab/db
cat ''${CREDENTIALS_DIRECTORY}/otp > /etc/gitlab/otp
cat ''${CREDENTIALS_DIRECTORY}/jws > /etc/gitlab/jws
cat ''${CREDENTIALS_DIRECTORY}/oidc_id > /etc/gitlab/oidc-id
cat ''${CREDENTIALS_DIRECTORY}/oidc_secret > /etc/gitlab/oidc-secret
chown gitlab:gitlab /etc/gitlab/*
'';
};
services.gitlab = {
enable = true;
#https = true;
#port = 443;
host = "gitlab.blunkall.us";
databasePasswordFile = "/etc/gitlab/dbpass";
initialRootPasswordFile = "/etc/gitlab/rootpass";
statePath = "/etc/gitlab/data";
secrets = {
secretFile = "/etc/gitlab/secret";
otpFile = "/etc/gitlab/otp";
dbFile = "/etc/gitlab/db";
jwsFile = "/etc/gitlab/jws";
};
extraConfig = {
gitlab = {
default_project_features = {
builds = false;
};
};
omniauth = {
enabled = true;
auto_sign_in_with_provider = "openid_connect";
allow_single_sign_on = [ "openid_connect" ];
sync_email_from_provider = "openid_connect";
sync_profile_from_provider = [ "openid_connect" ];
sync_profile_attributes = [ "email" ];
auto_link_saml_user = true;
auto_link_user = [ "openid_connect" ];
block_auto_created_users = false;
providers = [
{
name = "openid_connect";
label = "Authentik SSO";
args = {
name = "openid_connect";
scope = [ "openid" "profile" "email" ];
response_type = "code";
issuer = "https://auth.blunkall.us/application/o/gitlab/";
discovery = true;
client_auth_method = "query";
uid_field = "preferred_username";
send_scope_to_token_endpoint = true;
pkce = true;
client_options = {
identifier = { _secret = "/etc/gitlab/oidc-id"; };
secret = { _secret = "/etc/gitlab/oidc-secret"; };
redirect_uri = "https://gitlab.blunkall.us/users/auth/openid_connect/callback";
};
};
}
];
};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"gitlab.blunkall.us" = {
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
};
services.openssh.enable = true;
systemd.services.gitlab-backup.environment.BACKUP = "dump";
networking.firewall.allowedTCPPorts = [ 22 80 ];
system.stateVersion = "24.05";
};
};
};
}

108
system/virtualization/containers/minecraft/default.nix
View File

@@ -1,108 +0,0 @@
{ config, lib, pkgs, nix-minecraft, ... }: {
options.sysconfig = {
containers.minecraft.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.containers.minecraft.enable {
networking = {
firewall = {
allowedTCPPorts = [ 25565 ];
allowedUDPPorts = [ 25565 ];
};
};
nixpkgs.overlays = [ nix-minecraft.overlay ];
containers.minecraft = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.29";
forwardPorts = [
{
containerPort = 25565;
hostPort = 25565;
protocol = "tcp";
}
{
containerPort = 25565;
hostPort = 25565;
protocol = "udp";
}
];
config = {
imports = [
nix-minecraft.nixosModules.minecraft-servers
];
environment.systemPackages = with pkgs; [ tmux ];
services.minecraft-servers = {
enable = true;
eula = true;
openFirewall = true;
dataDir = "/var/lib/mcservers";
managementSystem.systemd-socket.enable = true; #temp
servers = {
vanilla = {
enable = true;
package = pkgs.fabricServers.fabric-1_21_8;
serverProperties = {
server-port = 25565;
gamemode = "survival";
difficulty = 2;
white-list = true;
motd = "Didn't see that coming huh?";
};
whitelist = {
"MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb";
"651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc";
"Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3";
};
autoStart = true;
};
modded = {
enable = false;
#package = pkgs.fabricServers.fabric-1_21_1.override { loaderVersion = "0.16.14"; };
package = pkgs.fabricServers.fabric-1_21_1;
jvmOpts = [ "-Xms8000M" "-Xmx12000M" ];
serverProperties = {
server-port = 25566;
gamemode = "survival";
white-list = true;
allow-flight = true;
motd = "Ex-plo-sion!!!";
};
whitelist = {
"MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb";
"651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc";
"Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3";
};
autoStart = true;
symlinks = {
"mods" = ./mods;
};
};
};
};
system.stateVersion = "25.05";
};
};
};
}

61
system/virtualization/containers/nginx/default.nix
View File

@@ -1,42 +1,45 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers."esotericbytes.com".enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers."esotericbytes.com".enable { flake.nixosModules.default = { config, lib, ... }: {
containers.esotericbytes-com = { options.sysconfig.containers."esotericbytes.com".enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
autoStart = true; config = lib.mkIf config.sysconfig.containers."esotericbytes.com".enable {
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.13";
bindMounts = { containers.esotericbytes-com = {
"/var/www/data" = {
hostPath = "/ssd1/esotericbytes-com/data";
isReadOnly = false;
};
};
config = { autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.13";
services.nginx = { bindMounts = {
enable = true; "/var/www/data" = {
virtualHosts = { hostPath = "/ssd1/esotericbytes-com/data";
"esotericbytes.com" = { isReadOnly = false;
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 ]; config = {
system.stateVersion = "24.05"; services.nginx = {
enable = true;
virtualHosts = {
"esotericbytes.com" = {
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
};
}; };
}; };
}; };

73
system/virtualization/containers/novnc/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.containers.novnc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.novnc.enable { flake.nixosModules.default = { config, lib, pkgs, ... }: {
networking = { options.sysconfig.containers.novnc.enable = lib.mkOption {
firewall.interfaces."ve-novnc" = { type = lib.types.bool;
allowedTCPPorts = [ 5900 ]; default = false;
allowedUDPPorts = [ 5900 ];
};
}; };
containers.novnc = { config = lib.mkIf config.sysconfig.containers.novnc.enable {
autoStart = true; networking = {
privateNetwork = true; firewall.interfaces."ve-novnc" = {
hostAddress = "192.168.100.10"; allowedTCPPorts = [ 5900 ];
localAddress = "192.168.100.30"; allowedUDPPorts = [ 5900 ];
};
};
config = { containers.novnc = {
systemd.services.novnc = { autoStart = true;
enable = true; privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.30";
path = with pkgs; [ config = {
novnc
ps
];
script = '' systemd.services.novnc = {
novnc --listen 80 --vnc 192.168.100.10:5900 enable = true;
'';
serviceConfig = { path = with pkgs; [
Type = "exec"; novnc
ps
];
script = ''
novnc --listen 80 --vnc 192.168.100.10:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
}; };
wantedBy = [ "multi-user.target" ];
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "25.05";
}; };
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "25.05";
}; };
}; };
}; };

57
system/virtualization/containers/ntfy/default.nix
View File

@@ -1,42 +1,45 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers.ntfy.enable = lib.mkOption { flake.nixosModules.default = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.ntfy.enable { options.sysconfig.containers.ntfy.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
containers.ntfy = { config = lib.mkIf config.sysconfig.containers.ntfy.enable {
autoStart = true; containers.ntfy = {
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.19";
config = { autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.19";
services.ntfy-sh = { config = {
enable = true;
settings = {
base-url = "https://ntfy.esotericbytes.com";
listen-http = ":80"; services.ntfy-sh = {
behind-proxy = true; enable = true;
upstream-base-url = "https://ntfy.sh"; settings = {
auth-default-access = "deny-all"; base-url = "https://ntfy.esotericbytes.com";
listen-http = ":80";
behind-proxy = true;
upstream-base-url = "https://ntfy.sh";
auth-default-access = "deny-all";
};
}; };
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
}; };
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
}; };
}; };
}; };

143
system/virtualization/containers/rustdesk/default.nix
View File

@@ -1,84 +1,87 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers.rustdesk.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.rustdesk.enable { options.sysconfig.containers.rustdesk.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
/*networking = { config = lib.mkIf config.sysconfig.containers.rustdesk.enable {
firewall.allowedTCPPorts = [ 21115 21116 21117 21118 21119 ];
firewall.allowedUDPPorts = [ 21116 ];
};*/
containers.rustdesk = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.27";
/* forwardPorts = [
{
containerPort = 21115;
hostPort = 21115;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "udp";
}
{
containerPort = 21117;
hostPort = 21117;
protocol = "tcp";
}
{
containerPort = 21118;
hostPort = 21118;
protocol = "tcp";
}
{ /*networking = {
containerPort = 21119; firewall.allowedTCPPorts = [ 21115 21116 21117 21118 21119 ];
hostPort = 21119; firewall.allowedUDPPorts = [ 21116 ];
protocol = "tcp"; };*/
} containers.rustdesk = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.27";
/* forwardPorts = [
{
containerPort = 21115;
hostPort = 21115;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "udp";
}
{
containerPort = 21117;
hostPort = 21117;
protocol = "tcp";
}
{
containerPort = 21118;
hostPort = 21118;
protocol = "tcp";
}
{
containerPort = 21119;
hostPort = 21119;
protocol = "tcp";
}
];*/ ];*/
config = { config = {
services.rustdesk-server = { services.rustdesk-server = {
enable = true;
openFirewall = true;
relay = {
enable = true; enable = true;
extraArgs = [
"-k" openFirewall = true;
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
]; relay = {
enable = true;
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
signal = {
enable = true;
#relayHosts = [ "esotericbytes.com" ];
relayHosts = [ "192.168.100.27" ];
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
}; };
signal = { system.stateVersion = "24.05";
enable = true;
#relayHosts = [ "esotericbytes.com" ];
relayHosts = [ "192.168.100.27" ];
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
}; };
system.stateVersion = "24.05";
}; };
}; };
}; };

135
system/virtualization/containers/sandbox/default.nix
View File

@@ -1,79 +1,82 @@
{ config, lib, self, ... }: { { ... }: {
options.sysconfig.containers.sandbox.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.sandbox.enable { flake.nixosModules.default = { config, lib, self, ... }: {
networking = { options.sysconfig.containers.sandbox.enable = lib.mkOption {
type = lib.types.bool;
nat.internalInterfaces = [ "ve-sandbox" ]; default = false;
}; };
containers.sandbox = {
autoStart = true; config = lib.mkIf config.sysconfig.containers.sandbox.enable {
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.32";
ephemeral = true; networking = {
timeoutStartSec = "3min"; nat.internalInterfaces = [ "ve-sandbox" ];
flake = "${self}";
/*bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
}; };
containers.sandbox = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.32";
ephemeral = true;
timeoutStartSec = "3min";
flake = "${self}";
/*bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];*/
config = {
};
allowedDevices = [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];*/
config = {
}; };
}; };
}; };
} }

191
system/virtualization/containers/wyoming/default.nix
View File

@@ -1,61 +1,63 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers.wyoming = { flake.nixosModules.default = { config, lib, ... }: {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.containers.wyoming.enable { options.sysconfig.containers.wyoming = {
enable = lib.options.mkOption {
containers.wyoming = { type = lib.types.bool;
default = false;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.26";
bindMounts = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
}; };
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
allowedDevices = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper [ config = lib.mkIf config.sysconfig.containers.wyoming.enable {
containers.wyoming = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.26";
bindMounts = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper [
{ {
node = "/dev/nvidia0"; node = "/dev/nvidia0";
modifier = "rw"; modifier = "rw";
@@ -76,56 +78,57 @@
node = "/dev/nvidia-uvm-tools"; node = "/dev/nvidia-uvm-tools";
modifier = "rw"; modifier = "rw";
} }
]; ];
config = { config = {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 11431 11432 11433 11435 ]; allowedTCPPorts = [ 11431 11432 11433 11435 ];
}; };
services.wyoming = {
piper = lib.mkIf config.sysconfig.containers.wyoming.piper { services.wyoming = {
servers.piper = { piper = lib.mkIf config.sysconfig.containers.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
};
openwakeword = lib.mkIf config.sysconfig.containers.wyoming.openwakeword {
enable = true; enable = true;
voice = "en-us-ryan-medium"; uri = "tcp://0.0.0.0:11432";
uri = "tcp://0.0.0.0:11435";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
faster-whisper = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.containers.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
#user = "nathan";
vad.enable = false;
}; };
}; };
openwakeword = lib.mkIf config.sysconfig.containers.wyoming.openwakeword { system.stateVersion = "25.05";
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
faster-whisper = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.containers.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
#user = "nathan";
vad.enable = false;
};
}; };
system.stateVersion = "25.05";
}; };
};
};
}; };
} }

9
system/virtualization/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
}

405
system/virtualization/docker/authentik/default.nix
View File

@@ -1,4 +1,6 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
hostPort = 9005; hostPort = 9005;
@@ -6,232 +8,233 @@
name = "authentik"; name = "authentik";
in { in {
options.sysconfig.docker.authentik.enable = with lib; mkOption { options.sysconfig.docker.authentik.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
}; };
config = lib.mkIf (config.sysconfig.docker.authentik.enable && config.sysconfig.docker.enable) { config = lib.mkIf (config.sysconfig.docker.authentik.enable && config.sysconfig.docker.enable) {
networking.firewall.interfaces = { networking.firewall.interfaces = {
"ve-traefik" = { "ve-traefik" = {
allowedTCPPorts = [ hostPort ]; allowedTCPPorts = [ hostPort ];
};
}; };
};
sops.secrets = { sops.secrets = {
"authentik/pass" = {}; "authentik/pass" = {};
"authentik/secret_key" = {}; "authentik/secret_key" = {};
}; };
sops.templates."authentik.env" = { sops.templates."authentik.env" = {
content = '' content = ''
PG_PASS=${config.sops.placeholder."authentik/pass"} PG_PASS=${config.sops.placeholder."authentik/pass"}
SECRET_KEY=${config.sops.placeholder."authentik/secret_key"} SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
''; '';
}; };
virtualisation.oci-containers.containers."authentik-postgresql" = { virtualisation.oci-containers.containers."authentik-postgresql" = {
image = "docker.io/library/postgres:16-alpine"; image = "docker.io/library/postgres:16-alpine";
environment = { environment = {
"POSTGRES_DB" = "authentik"; "POSTGRES_DB" = "authentik";
"POSTGRES_PASSWORD" = "\${PG_PASS}"; "POSTGRES_PASSWORD" = "\${PG_PASS}";
"POSTGRES_USER" = "authentik"; "POSTGRES_USER" = "authentik";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
volumes = [
"authentik_database:/var/lib/postgresql/data:rw"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}"
"--health-interval=30s"
"--health-retries=5"
"--health-start-period=20s"
"--health-timeout=5s"
"--network-alias=postgresql"
"--network=authentik_default"
];
}; };
environmentFiles = [ config.sops.templates."authentik.env".path ]; systemd.services."docker-authentik-postgresql" = {
volumes = [ serviceConfig = {
"authentik_database:/var/lib/postgresql/data:rw" Restart = lib.mkOverride 90 "always";
]; RestartMaxDelaySec = lib.mkOverride 90 "1m";
log-driver = "journald"; RestartSec = lib.mkOverride 90 "100ms";
extraOptions = [ RestartSteps = lib.mkOverride 90 9;
"--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}" };
"--health-interval=30s" after = [
"--health-retries=5" "docker-network-authentik_default.service"
"--health-start-period=20s" "docker-volume-authentik_database.service"
"--health-timeout=5s" ];
"--network-alias=postgresql" requires = [
"--network=authentik_default" "docker-network-authentik_default.service"
]; "docker-volume-authentik_database.service"
}; ];
systemd.services."docker-authentik-postgresql" = { partOf = [
serviceConfig = { "docker-compose-authentik-root.target"
Restart = lib.mkOverride 90 "always"; ];
RestartMaxDelaySec = lib.mkOverride 90 "1m"; wantedBy = [
RestartSec = lib.mkOverride 90 "100ms"; "docker-compose-authentik-root.target"
RestartSteps = lib.mkOverride 90 9; ];
}; };
after = [ virtualisation.oci-containers.containers."authentik-server" = {
"docker-network-authentik_default.service" image = "ghcr.io/goauthentik/server:2025.12.2";
"docker-volume-authentik_database.service" environment = {
]; "AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
requires = [ "AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"docker-network-authentik_default.service" "AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"docker-volume-authentik_database.service" "AUTHENTIK_POSTGRESQL__USER" = "authentik";
]; "AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
partOf = [ };
"docker-compose-authentik-root.target" environmentFiles = [ config.sops.templates."authentik.env".path ];
]; labels = {
wantedBy = [ "traefik.enable" = "true";
"docker-compose-authentik-root.target" "traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
]; "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
}; "traefik.http.routers.${name}.service" = "${name}";
virtualisation.oci-containers.containers."authentik-server" = { "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
image = "ghcr.io/goauthentik/server:2025.12.2";
environment = {
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
"traefik.http.middlewares.authentik.forwardauth.address" = "https://auth.esotericbytes.com/outpost.goauthentik.io/auth/traefik"; "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
"traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
"traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
"traefik.http.middlewares.authentik.forwardauth.address" = "https://auth.esotericbytes.com/outpost.goauthentik.io/auth/traefik";
"traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
"traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
};
volumes = [
"/etc/Authentik/custom-templates:/templates:rw"
"/etc/Authentik/data:/data:rw"
];
ports = [
"${builtins.toString hostPort}:9000/tcp"
#"9443:9443/tcp"
];
cmd = [ "server" ];
dependsOn = [
"authentik-postgresql"
];
log-driver = "journald";
extraOptions = [
"--network-alias=server"
"--network-alias=authentik-server"
"--network-alias=${name}"
];
networks = [
"docker-main"
"authentik_default"
];
}; };
volumes = [ systemd.services."docker-authentik-server" = {
"/etc/Authentik/custom-templates:/templates:rw" serviceConfig = {
"/etc/Authentik/data:/data:rw" Restart = lib.mkOverride 90 "always";
]; RestartMaxDelaySec = lib.mkOverride 90 "1m";
ports = [ RestartSec = lib.mkOverride 90 "100ms";
"${builtins.toString hostPort}:9000/tcp" RestartSteps = lib.mkOverride 90 9;
#"9443:9443/tcp" };
]; after = [
cmd = [ "server" ]; "docker-network-authentik_default.service"
dependsOn = [ "docker-network-setup.service"
"authentik-postgresql" ];
]; requires = [
log-driver = "journald"; "docker-network-authentik_default.service"
extraOptions = [ "docker-network-setup.service"
"--network-alias=server" ];
"--network-alias=authentik-server" partOf = [
"--network-alias=${name}" "docker-compose-authentik-root.target"
]; ];
networks = [ wantedBy = [
"docker-main" "docker-compose-authentik-root.target"
"authentik_default" ];
];
};
systemd.services."docker-authentik-server" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
}; };
after = [ virtualisation.oci-containers.containers."authentik-worker" = {
"docker-network-authentik_default.service" image = "ghcr.io/goauthentik/server:2025.12.2";
"docker-network-setup.service" environment = {
]; "AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
requires = [ "AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"docker-network-authentik_default.service" "AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"docker-network-setup.service" "AUTHENTIK_POSTGRESQL__USER" = "authentik";
]; "AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
partOf = [ };
"docker-compose-authentik-root.target" environmentFiles = [ config.sops.templates."authentik.env".path ];
]; volumes = [
wantedBy = [ "/etc/Authentik/certs:/certs:rw"
"docker-compose-authentik-root.target" "/etc/Authentik/custom-templates:/templates:rw"
]; "/etc/Authentik/data:/data:rw"
}; "/var/run/docker.sock:/var/run/docker.sock:rw"
virtualisation.oci-containers.containers."authentik-worker" = { ];
image = "ghcr.io/goauthentik/server:2025.12.2"; cmd = [ "worker" ];
environment = { dependsOn = [
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql"; "authentik-postgresql"
"AUTHENTIK_POSTGRESQL__NAME" = "authentik"; ];
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}"; user = "root";
"AUTHENTIK_POSTGRESQL__USER" = "authentik"; log-driver = "journald";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}"; extraOptions = [
"--network-alias=worker"
"--network=authentik_default"
];
}; };
environmentFiles = [ config.sops.templates."authentik.env".path ]; systemd.services."docker-authentik-worker" = {
volumes = [ serviceConfig = {
"/etc/Authentik/certs:/certs:rw" Restart = lib.mkOverride 90 "always";
"/etc/Authentik/custom-templates:/templates:rw" RestartMaxDelaySec = lib.mkOverride 90 "1m";
"/etc/Authentik/data:/data:rw" RestartSec = lib.mkOverride 90 "100ms";
"/var/run/docker.sock:/var/run/docker.sock:rw" RestartSteps = lib.mkOverride 90 9;
]; };
cmd = [ "worker" ]; after = [
dependsOn = [ "docker-network-authentik_default.service"
"authentik-postgresql" ];
]; requires = [
user = "root"; "docker-network-authentik_default.service"
log-driver = "journald"; ];
extraOptions = [ partOf = [
"--network-alias=worker" "docker-compose-authentik-root.target"
"--network=authentik_default" ];
]; wantedBy = [
}; "docker-compose-authentik-root.target"
systemd.services."docker-authentik-worker" = { ];
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
}; };
after = [
"docker-network-authentik_default.service"
];
requires = [
"docker-network-authentik_default.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
# Networks # Networks
systemd.services."docker-network-authentik_default" = { systemd.services."docker-network-authentik_default" = {
path = [ pkgs.docker ]; path = [ pkgs.docker ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
ExecStop = "docker network rm -f authentik_default"; ExecStop = "docker network rm -f authentik_default";
};
script = ''
docker network inspect authentik_default || docker network create authentik_default
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
}; };
script = ''
docker network inspect authentik_default || docker network create authentik_default
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Volumes # Volumes
systemd.services."docker-volume-authentik_database" = { systemd.services."docker-volume-authentik_database" = {
path = [ pkgs.docker ]; path = [ pkgs.docker ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
};
script = ''
docker volume inspect authentik_database || docker volume create authentik_database --driver=local
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
}; };
script = ''
docker volume inspect authentik_database || docker volume create authentik_database --driver=local
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Root service # Root service
# When started, this will automatically create all resources and start # When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources. # the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-authentik-root" = { systemd.targets."docker-compose-authentik-root" = {
unitConfig = { unitConfig = {
Description = "Root target generated by compose2nix."; Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
}; };
wantedBy = [ "multi-user.target" ];
}; };
}; };
} }

93
system/virtualization/docker/default.nix
View File

@@ -1,61 +1,58 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.docker = { flake.nixosModules.default = { config, lib, pkgs, ... }: {
enable = with lib; mkOption {
type = with types; bool;
default = false;
};
nvidia = with lib; mkOption { options.sysconfig.docker = {
type = with types; bool; enable = with lib; mkOption {
default = false; type = with types; bool;
}; default = false;
};
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
config = lib.mkIf config.sysconfig.docker.enable {
networking.nat.internalInterfaces = [ "docker0" "docker-main" ];
virtualisation = {
docker = {
enable = true;
storageDriver = "btrfs";
}; };
oci-containers = { nvidia = with lib; mkOption {
backend = "docker"; type = with types; bool;
default = false;
}; };
}; };
hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia; config = lib.mkIf config.sysconfig.docker.enable {
systemd.services."docker-network-setup" = { networking.nat.internalInterfaces = [ "docker0" "docker-main" ];
path = [ pkgs.docker ];
serviceConfig = { virtualisation = {
Type = "oneshot"; docker = {
RemainAfterExit = true; enable = true;
ExecStop = "docker network rm -f docker-main"; storageDriver = "btrfs";
};
oci-containers = {
backend = "docker";
};
}; };
script = ''
docker network inspect docker-main ||
docker network create -d bridge docker-main \
--attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \
--gateway 192.168.101.1 \
-o "com.docker.network.bridge.name"="docker-main" \
-o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik"
'';
wantedBy = [ "docker-net.target" ];
};
systemd.targets."docker-net" = { hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia;
wantedBy = [ "multi-user.target" ];
systemd.services."docker-network-setup" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f docker-main";
};
script = ''
docker network inspect docker-main ||
docker network create -d bridge docker-main \
--attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \
--gateway 192.168.101.1 \
-o "com.docker.network.bridge.name"="docker-main" \
-o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik"
'';
wantedBy = [ "docker-net.target" ];
};
systemd.targets."docker-net" = {
wantedBy = [ "multi-user.target" ];
};
}; };
}; };
} }

265
system/virtualization/docker/gitea/default.nix
View File

@@ -1,151 +1,154 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "gitea"; subdomain = "gitea";
name = "gitea"; name = "gitea";
in { in {
options.sysconfig.docker."${name}".enable = with lib; mkOption { options.sysconfig.docker."${name}".enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers."${name}" = {
image = "docker.gitea.com/gitea:1.25.4";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "3000";
"traefik.tcp.routers.${name}-ssh.entrypoints" = "gitea-ssh";
"traefik.tcp.routers.${name}-ssh.rule" = "HostSNI(`*`)";
"traefik.tcp.routers.${name}-ssh.service" = "${name}-ssh";
"traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "22";
};
ports = [
];
extraOptions = [
"--ip=192.168.101.20"
];
volumes = [
"vol_gitea:/data"
];
environment = {
};
}; };
virtualisation.oci-containers.containers."${name}-db" = { config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) {
image = "docker.io/library/postgres:14";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${name}-db"; virtualisation.oci-containers.containers."${name}" = {
image = "docker.gitea.com/gitea:1.25.4";
networks = [ # unstable, waiting for 26.05
"docker-main" #pull = "newer";
];
labels = { hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "3000";
"traefik.tcp.routers.${name}-ssh.entrypoints" = "gitea-ssh";
"traefik.tcp.routers.${name}-ssh.rule" = "HostSNI(`*`)";
"traefik.tcp.routers.${name}-ssh.service" = "${name}-ssh";
"traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "22";
};
ports = [
];
extraOptions = [
"--ip=192.168.101.20"
];
volumes = [
"vol_gitea:/data"
];
environment = {
};
}; };
ports = [ virtualisation.oci-containers.containers."${name}-db" = {
]; image = "docker.io/library/postgres:14";
extraOptions = [
"--ip=192.168.101.21"
];
volumes = [ # unstable, waiting for 26.05
"/etc/gitea/db:/var/lib/postgresql/data" #pull = "newer";
];
environment = { hostname = "${name}-db";
networks = [
"docker-main"
];
labels = {
};
ports = [
];
extraOptions = [
"--ip=192.168.101.21"
];
volumes = [
"/etc/gitea/db:/var/lib/postgresql/data"
];
environment = {
};
}; };
systemd.services."docker-gitea" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
partOf = [
"docker-compose-gitea-root.target"
];
wantedBy = [
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-gitea-db" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
];
requires = [
"docker-network-setup.service"
];
partOf = [
"docker-compose-gitea-root.target"
];
wantedBy = [
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-volume-gitea" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local
'';
partOf = [ "docker-compose-gitea-root.target" ];
wantedBy = [ "docker-compose-gitea-root.target" ];
};
}; };
systemd.services."docker-gitea" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
partOf = [
"docker-compose-gitea-root.target"
];
wantedBy = [
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-gitea-db" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
];
requires = [
"docker-network-setup.service"
];
partOf = [
"docker-compose-gitea-root.target"
];
wantedBy = [
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-volume-gitea" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local
'';
partOf = [ "docker-compose-gitea-root.target" ];
wantedBy = [ "docker-compose-gitea-root.target" ];
};
}; };
} }

87
system/virtualization/docker/home-assistant/default.nix
View File

@@ -1,58 +1,61 @@
{ config, lib, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, ... }: let
subdomain = "hass"; subdomain = "hass";
name = "home-assistant"; name = "home-assistant";
in { in {
options.sysconfig.docker.home-assistant.enable = with lib; mkOption { options.sysconfig.docker.home-assistant.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
}; };
config = lib.mkIf (config.sysconfig.docker.home-assistant.enable && config.sysconfig.docker.enable) { config = lib.mkIf (config.sysconfig.docker.home-assistant.enable && config.sysconfig.docker.enable) {
environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml;
virtualisation.oci-containers.containers.home-assistant = { environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml;
image = "ghcr.io/home-assistant/home-assistant:stable";
# unstable, waiting for 26.05 virtualisation.oci-containers.containers.home-assistant = {
#pull = "newer"; image = "ghcr.io/home-assistant/home-assistant:stable";
hostname = "${subdomain}.esotericbytes.com"; # unstable, waiting for 26.05
#pull = "newer";
networks = [ hostname = "${subdomain}.esotericbytes.com";
"docker-main"
];
labels = { networks = [
"traefik.enable" = "true"; "docker-main"
"traefik.http.routers.${name}.entrypoints" = "localsecure"; ];
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}"; labels = {
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; "traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.services.${name}.loadbalancer.server.port" = "8123"; "traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "8123";
};
environment = {
TZ = "America/Chicago";
};
extraOptions = [
"--ip=192.168.101.13"
];
ports = [
];
volumes = [
"vol_home-assistant:/config/"
"/etc/home-assistant/configuration.yaml:/config/configuration.yaml"
];
}; };
environment = {
TZ = "America/Chicago";
};
extraOptions = [
"--ip=192.168.101.13"
];
ports = [
];
volumes = [
"vol_home-assistant:/config/"
"/etc/home-assistant/configuration.yaml:/config/configuration.yaml"
];
}; };
}; };
} }

211
system/virtualization/docker/jellyfin/default.nix
View File

@@ -1,117 +1,120 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "watch"; subdomain = "watch";
name = "jellyfin"; name = "jellyfin";
in { in {
options.sysconfig.docker.jellyfin.enable = with lib; mkOption { options.sysconfig.docker.jellyfin.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker.jellyfin.enable && config.sysconfig.docker.enable) {
networking.firewall.allowedUDPPorts = [ 7359 ];
virtualisation.oci-containers.containers.jellyfin = {
image = "jellyfin/jellyfin:10.11.6";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"7359:7359/udp"
];
volumes = [
"vol_jellyfin-config:/config"
"vol_jellyfin-cache:/cache"
"/etc/jellyfin/media:/media"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8096";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.21"
];
environment = {
JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com";
};
}; };
systemd.services."docker-jellyfin" = { config = lib.mkIf (config.sysconfig.docker.jellyfin.enable && config.sysconfig.docker.enable) {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
partOf = [
"docker-compose-jellyfin-root.target"
];
wantedBy = [
"docker-compose-jellyfin-root.target"
];
};
systemd.services."docker-volume-jellyfin-config" = { networking.firewall.allowedUDPPorts = [ 7359 ];
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.services."docker-volume-jellyfin-cache" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.targets."docker-compose-jellyfin-root" = { virtualisation.oci-containers.containers.jellyfin = {
wantedBy = [ "multi-user.target" ]; image = "jellyfin/jellyfin:10.11.6";
};
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"7359:7359/udp"
];
volumes = [
"vol_jellyfin-config:/config"
"vol_jellyfin-cache:/cache"
"/etc/jellyfin/media:/media"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8096";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.21"
];
environment = {
JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com";
};
};
systemd.services."docker-jellyfin" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
partOf = [
"docker-compose-jellyfin-root.target"
];
wantedBy = [
"docker-compose-jellyfin-root.target"
];
};
systemd.services."docker-volume-jellyfin-config" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.services."docker-volume-jellyfin-cache" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.targets."docker-compose-jellyfin-root" = {
wantedBy = [ "multi-user.target" ];
};
};
}; };
} }

181
system/virtualization/docker/n8n/default.nix
View File

@@ -1,102 +1,105 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "n8n"; subdomain = "n8n";
name = "n8n"; name = "n8n";
in { in {
options.sysconfig.docker."${name}".enable = with lib; mkOption { options.sysconfig.docker."${name}".enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers."${name}" = {
image = "docker.n8n.io/n8nio/n8n";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "5678";
};
ports = [
];
extraOptions = [
"--ip=192.168.101.2"
];
volumes = [
"vol_n8n:/etc/n8n"
];
environment = {
GENERIC_TIMEZONE = "America/Chicago";
TZ = "America/Chicago";
N8N_DIAGNOSTICS_ENABLED = "false";
N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
N8N_TEMPLATES_ENABLED = "false";
EXTERNAL_FRONTEND_HOOKS_URLS = "";
N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
N8N_SECURE_COOKIE = "false";
};
}; };
systemd.services."docker-n8n" = { config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-n8n.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-n8n.service"
];
partOf = [
"docker-compose-n8n-root.target"
];
wantedBy = [
"docker-compose-n8n-root.target"
];
};
systemd.services."docker-volume-n8n" = {
path = [ pkgs.docker ]; virtualisation.oci-containers.containers."${name}" = {
serviceConfig = { image = "docker.n8n.io/n8nio/n8n";
Type = "oneshot";
RemainAfterExit = true; # unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "5678";
};
ports = [
];
extraOptions = [
"--ip=192.168.101.2"
];
volumes = [
"vol_n8n:/etc/n8n"
];
environment = {
GENERIC_TIMEZONE = "America/Chicago";
TZ = "America/Chicago";
N8N_DIAGNOSTICS_ENABLED = "false";
N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
N8N_TEMPLATES_ENABLED = "false";
EXTERNAL_FRONTEND_HOOKS_URLS = "";
N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
N8N_SECURE_COOKIE = "false";
};
}; };
script = ''
docker volume inspect vol_n8n || docker volume create vol_n8n --driver=local systemd.services."docker-n8n" = {
''; serviceConfig = {
partOf = [ "docker-compose-n8n-root.target" ]; Restart = lib.mkOverride 90 "always";
wantedBy = [ "docker-compose-n8n-root.target" ]; RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-n8n.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-n8n.service"
];
partOf = [
"docker-compose-n8n-root.target"
];
wantedBy = [
"docker-compose-n8n-root.target"
];
};
systemd.services."docker-volume-n8n" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_n8n || docker volume create vol_n8n --driver=local
'';
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
}; };
}; };
} }

407
system/virtualization/docker/netbird/default.nix
View File

@@ -1,229 +1,232 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.docker.netbird.enable = with lib; mkOption { flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.netbird.enable && config.sysconfig.docker.enable) { options.sysconfig.docker.netbird.enable = with lib; mkOption {
type = with types; bool;
networking.firewall.allowedUDPPorts = [ 3478 ]; default = false;
sops.secrets."netbird/secret_key" = {};
sops.templates."netbird-relay.env" = {
content = ''
NB_AUTH_SECRET=${config.sops.placeholder."netbird/secret_key"}
NB_LOG_LEVEL=info
NB_LISTEN_ADDRESS=:80
NB_EXPOSED_ADDRESS=rels://vpn.esotericbytes.com:443
NB_ENABLE_STUN=true
NB_STUN_LOG_LEVEL=info
NB_STUN_PORTS=3478
'';
}; };
environment.etc."netbird/management.json".source = ./config/management.json; config = lib.mkIf (config.sysconfig.docker.netbird.enable && config.sysconfig.docker.enable) {
networking.firewall.allowedUDPPorts = [ 3478 ];
sops.secrets."netbird/secret_key" = {};
sops.templates."netbird-relay.env" = {
content = ''
NB_AUTH_SECRET=${config.sops.placeholder."netbird/secret_key"}
NB_LOG_LEVEL=info
NB_LISTEN_ADDRESS=:80
NB_EXPOSED_ADDRESS=rels://vpn.esotericbytes.com:443
NB_ENABLE_STUN=true
NB_STUN_LOG_LEVEL=info
NB_STUN_PORTS=3478
'';
};
environment.etc."netbird/management.json".source = ./config/management.json;
# Containers # Containers
virtualisation.oci-containers.containers."netbird-dashboard" = { virtualisation.oci-containers.containers."netbird-dashboard" = {
image = "netbirdio/dashboard:v2.30.1"; image = "netbirdio/dashboard:v2.30.1";
environment = { environment = {
"AUTH_AUDIENCE" = "netbird-dashboard"; "AUTH_AUDIENCE" = "netbird-dashboard";
"AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2"; "AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2";
"AUTH_CLIENT_ID" = "netbird-dashboard"; "AUTH_CLIENT_ID" = "netbird-dashboard";
"AUTH_CLIENT_SECRET" = ""; "AUTH_CLIENT_SECRET" = "";
"AUTH_REDIRECT_URI" = "/nb-auth"; "AUTH_REDIRECT_URI" = "/nb-auth";
"AUTH_SILENT_REDIRECT_URI" = "/nb-silent-auth"; "AUTH_SILENT_REDIRECT_URI" = "/nb-silent-auth";
"AUTH_SUPPORTED_SCOPES" = "openid profile email groups"; "AUTH_SUPPORTED_SCOPES" = "openid profile email groups";
"LETSENCRYPT_DOMAIN" = "none"; "LETSENCRYPT_DOMAIN" = "none";
"NETBIRD_MGMT_API_ENDPOINT" = "https://vpn.esotericbytes.com"; "NETBIRD_MGMT_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NETBIRD_MGMT_GRPC_API_ENDPOINT" = "https://vpn.esotericbytes.com"; "NETBIRD_MGMT_GRPC_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NGINX_SSL_PORT" = "443"; "NGINX_SSL_PORT" = "443";
"USE_AUTH0" = "false"; "USE_AUTH0" = "false";
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-dashboard.entrypoints" = "websecure";
"traefik.http.routers.netbird-dashboard.priority" = "1";
"traefik.http.routers.netbird-dashboard.rule" = "Host(`vpn.esotericbytes.com`)";
"traefik.http.routers.netbird-dashboard.tls" = "true";
"traefik.http.services.netbird-dashboard.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=dashboard"
"--network=docker-main"
"--ip=192.168.101.5"
];
}; };
labels = { systemd.services."docker-netbird-dashboard" = {
"traefik.enable" = "true"; serviceConfig = {
"traefik.http.routers.netbird-dashboard.entrypoints" = "websecure"; Restart = lib.mkOverride 90 "always";
"traefik.http.routers.netbird-dashboard.priority" = "1"; RestartMaxDelaySec = lib.mkOverride 90 "1m";
"traefik.http.routers.netbird-dashboard.rule" = "Host(`vpn.esotericbytes.com`)"; RestartSec = lib.mkOverride 90 "100ms";
"traefik.http.routers.netbird-dashboard.tls" = "true"; RestartSteps = lib.mkOverride 90 9;
"traefik.http.services.netbird-dashboard.loadbalancer.server.port" = "80"; };
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
}; };
log-driver = "journald"; virtualisation.oci-containers.containers."netbird-management" = {
extraOptions = [ image = "netbirdio/management:0.64.4";
"--network-alias=dashboard" volumes = [
"--network=docker-main" "/etc/netbird/management.json:/etc/netbird/management.json:rw"
"--ip=192.168.101.5" "netbird_netbird_management:/var/lib/netbird:rw"
]; ];
}; cmd = [ "--port" "80" "--log-file" "console" "--log-level" "info" "--disable-anonymous-metrics=false" "--single-account-mode-domain=netbird.selfhosted" "--dns-domain=netbird.selfhosted" "--idp-sign-key-refresh-enabled" ];
systemd.services."docker-netbird-dashboard" = { labels = {
serviceConfig = { "traefik.enable" = "true";
Restart = lib.mkOverride 90 "always"; "traefik.http.routers.netbird-api.entrypoints" = "websecure";
RestartMaxDelaySec = lib.mkOverride 90 "1m"; "traefik.http.routers.netbird-api.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/api`)";
RestartSec = lib.mkOverride 90 "100ms"; "traefik.http.routers.netbird-api.service" = "netbird-api";
RestartSteps = lib.mkOverride 90 9; "traefik.http.routers.netbird-api.tls" = "true";
"traefik.http.routers.netbird-mgmt-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/management.ManagementService/`)";
"traefik.http.routers.netbird-mgmt-grpc.service" = "netbird-mgmt-grpc";
"traefik.http.routers.netbird-mgmt-grpc.tls" = "true";
"traefik.http.routers.netbird-mgmt-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/management`)";
"traefik.http.routers.netbird-mgmt-ws.service" = "netbird-mgmt-ws";
"traefik.http.routers.netbird-mgmt-ws.tls" = "true";
"traefik.http.routers.netbird-oauth2.entrypoints" = "websecure";
"traefik.http.routers.netbird-oauth2.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/oauth2`)";
"traefik.http.routers.netbird-oauth2.service" = "netbird-oauth2";
"traefik.http.routers.netbird-oauth2.tls" = "true";
"traefik.http.services.netbird-api.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-mgmt-ws.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-oauth2.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=management"
"--network=docker-main"
"--ip=192.168.101.4"
];
}; };
partOf = [ systemd.services."docker-netbird-management" = {
"docker-compose-netbird-root.target" serviceConfig = {
]; Restart = lib.mkOverride 90 "always";
wantedBy = [ RestartMaxDelaySec = lib.mkOverride 90 "1m";
"docker-compose-netbird-root.target" RestartSec = lib.mkOverride 90 "100ms";
]; RestartSteps = lib.mkOverride 90 9;
}; };
virtualisation.oci-containers.containers."netbird-management" = { after = [
image = "netbirdio/management:0.64.4"; "docker-volume-netbird_netbird_management.service"
volumes = [ ];
"/etc/netbird/management.json:/etc/netbird/management.json:rw" requires = [
"netbird_netbird_management:/var/lib/netbird:rw" "docker-volume-netbird_netbird_management.service"
]; ];
cmd = [ "--port" "80" "--log-file" "console" "--log-level" "info" "--disable-anonymous-metrics=false" "--single-account-mode-domain=netbird.selfhosted" "--dns-domain=netbird.selfhosted" "--idp-sign-key-refresh-enabled" ]; partOf = [
labels = { "docker-compose-netbird-root.target"
"traefik.enable" = "true"; ];
"traefik.http.routers.netbird-api.entrypoints" = "websecure"; wantedBy = [
"traefik.http.routers.netbird-api.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/api`)"; "docker-compose-netbird-root.target"
"traefik.http.routers.netbird-api.service" = "netbird-api"; ];
"traefik.http.routers.netbird-api.tls" = "true";
"traefik.http.routers.netbird-mgmt-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/management.ManagementService/`)";
"traefik.http.routers.netbird-mgmt-grpc.service" = "netbird-mgmt-grpc";
"traefik.http.routers.netbird-mgmt-grpc.tls" = "true";
"traefik.http.routers.netbird-mgmt-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/management`)";
"traefik.http.routers.netbird-mgmt-ws.service" = "netbird-mgmt-ws";
"traefik.http.routers.netbird-mgmt-ws.tls" = "true";
"traefik.http.routers.netbird-oauth2.entrypoints" = "websecure";
"traefik.http.routers.netbird-oauth2.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/oauth2`)";
"traefik.http.routers.netbird-oauth2.service" = "netbird-oauth2";
"traefik.http.routers.netbird-oauth2.tls" = "true";
"traefik.http.services.netbird-api.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-mgmt-ws.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-oauth2.loadbalancer.server.port" = "80";
}; };
log-driver = "journald"; virtualisation.oci-containers.containers."netbird-relay" = {
extraOptions = [ image = "netbirdio/relay:0.64.4";
"--network-alias=management"
"--network=docker-main"
"--ip=192.168.101.4"
];
};
systemd.services."docker-netbird-management" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-volume-netbird_netbird_management.service"
];
requires = [
"docker-volume-netbird_netbird_management.service"
];
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
virtualisation.oci-containers.containers."netbird-relay" = {
image = "netbirdio/relay:0.64.4";
environmentFiles = [ config.sops.templates."netbird-relay.env".path ]; environmentFiles = [ config.sops.templates."netbird-relay.env".path ];
ports = [ ports = [
"3478:3478/udp" "3478:3478/udp"
]; ];
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
"traefik.http.routers.netbird-relay.entrypoints" = "websecure"; "traefik.http.routers.netbird-relay.entrypoints" = "websecure";
"traefik.http.routers.netbird-relay.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/relay`)"; "traefik.http.routers.netbird-relay.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/relay`)";
"traefik.http.routers.netbird-relay.tls" = "true"; "traefik.http.routers.netbird-relay.tls" = "true";
"traefik.http.services.netbird-relay.loadbalancer.server.port" = "80"; "traefik.http.services.netbird-relay.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=relay"
"--network=docker-main"
"--ip=192.168.101.3"
];
}; };
log-driver = "journald"; systemd.services."docker-netbird-relay" = {
extraOptions = [ serviceConfig = {
"--network-alias=relay" Restart = lib.mkOverride 90 "always";
"--network=docker-main" RestartMaxDelaySec = lib.mkOverride 90 "1m";
"--ip=192.168.101.3" RestartSec = lib.mkOverride 90 "100ms";
]; RestartSteps = lib.mkOverride 90 9;
}; };
systemd.services."docker-netbird-relay" = { partOf = [
serviceConfig = { "docker-compose-netbird-root.target"
Restart = lib.mkOverride 90 "always"; ];
RestartMaxDelaySec = lib.mkOverride 90 "1m"; wantedBy = [
RestartSec = lib.mkOverride 90 "100ms"; "docker-compose-netbird-root.target"
RestartSteps = lib.mkOverride 90 9; ];
}; };
partOf = [ virtualisation.oci-containers.containers."netbird-signal" = {
"docker-compose-netbird-root.target" image = "netbirdio/signal:0.64.4";
]; labels = {
wantedBy = [ "traefik.enable" = "true";
"docker-compose-netbird-root.target" "traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure";
]; "traefik.http.routers.netbird-signal-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/signalexchange.SignalExchange/`)";
}; "traefik.http.routers.netbird-signal-grpc.service" = "netbird-signal-grpc";
virtualisation.oci-containers.containers."netbird-signal" = { "traefik.http.routers.netbird-signal-grpc.tls" = "true";
image = "netbirdio/signal:0.64.4"; "traefik.http.routers.netbird-signal-ws.entrypoints" = "websecure";
labels = { "traefik.http.routers.netbird-signal-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/signal`)";
"traefik.enable" = "true"; "traefik.http.routers.netbird-signal-ws.service" = "netbird-signal-ws";
"traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure"; "traefik.http.routers.netbird-signal-ws.tls" = "true";
"traefik.http.routers.netbird-signal-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/signalexchange.SignalExchange/`)"; "traefik.http.services.netbird-signal-grpc.loadbalancer.server.port" = "10000";
"traefik.http.routers.netbird-signal-grpc.service" = "netbird-signal-grpc"; "traefik.http.services.netbird-signal-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.routers.netbird-signal-grpc.tls" = "true"; "traefik.http.services.netbird-signal-ws.loadbalancer.server.port" = "80";
"traefik.http.routers.netbird-signal-ws.entrypoints" = "websecure"; };
"traefik.http.routers.netbird-signal-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/signal`)"; log-driver = "journald";
"traefik.http.routers.netbird-signal-ws.service" = "netbird-signal-ws"; extraOptions = [
"traefik.http.routers.netbird-signal-ws.tls" = "true"; "--network-alias=signal"
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.port" = "10000"; "--network=docker-main"
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.scheme" = "h2c"; ];
"traefik.http.services.netbird-signal-ws.loadbalancer.server.port" = "80";
}; };
log-driver = "journald"; systemd.services."docker-netbird-signal" = {
extraOptions = [ serviceConfig = {
"--network-alias=signal" Restart = lib.mkOverride 90 "always";
"--network=docker-main" RestartMaxDelaySec = lib.mkOverride 90 "1m";
]; RestartSec = lib.mkOverride 90 "100ms";
}; RestartSteps = lib.mkOverride 90 9;
systemd.services."docker-netbird-signal" = { };
serviceConfig = { partOf = [
Restart = lib.mkOverride 90 "always"; "docker-compose-netbird-root.target"
RestartMaxDelaySec = lib.mkOverride 90 "1m"; ];
RestartSec = lib.mkOverride 90 "100ms"; wantedBy = [
RestartSteps = lib.mkOverride 90 9; "docker-compose-netbird-root.target"
];
}; };
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
# Volumes # Volumes
systemd.services."docker-volume-netbird_netbird_management" = { systemd.services."docker-volume-netbird_netbird_management" = {
path = [ pkgs.docker ]; path = [ pkgs.docker ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
};
script = ''
docker volume inspect netbird_netbird_management || docker volume create netbird_netbird_management
'';
partOf = [ "docker-compose-netbird-root.target" ];
wantedBy = [ "docker-compose-netbird-root.target" ];
}; };
script = ''
docker volume inspect netbird_netbird_management || docker volume create netbird_netbird_management
'';
partOf = [ "docker-compose-netbird-root.target" ];
wantedBy = [ "docker-compose-netbird-root.target" ];
};
# Root service # Root service
# When started, this will automatically create all resources and start # When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources. # the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-netbird-root" = { systemd.targets."docker-compose-netbird-root" = {
unitConfig = { unitConfig = {
Description = "Root target generated by compose2nix."; Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
}; };
wantedBy = [ "multi-user.target" ];
}; };
}; };
} }

203
system/virtualization/docker/nextcloud/default.nix
View File

@@ -1,115 +1,118 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "cloud"; subdomain = "cloud";
name = "nextcloud"; name = "nextcloud";
in { in {
options.sysconfig.docker.nextcloud.enable = with lib; mkOption { options.sysconfig.docker.nextcloud.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker.nextcloud.enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = {
image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751";
serviceName = "docker-nextcloud";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
];
volumes = [
"nextcloud_aio_mastercontainer:/mnt/docker-aio-config"
"/run/docker.sock:/var/run/docker.sock:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.routers.${name}.middlewares" = "nextcloud-chain";
"traefik.http.middlewares.https-redirect.redirectScheme.scheme" = "https";
"traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders" = "X-Forwarded-Host";
"traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy" = "same-origin";
"traefik.http.middlewares.nextcloud-chain.chain.middlewares" = "https-redirect,nextcloud-secure-headers";
#"traefik.http.services.${name}.loadbalancer.server.port" = "11000";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:11000";
};
extraOptions = [
"--ip=192.168.101.17"
];
environment = {
APACHE_PORT = "11000";
APACHE_IP = "0.0.0.0";
APACHE_ADDITIONAL_NETWORK = "docker-main";
SKIP_DOMAIN_VALIDATION = "true";
TALK_PORT = "3479";
};
}; };
systemd.services."docker-nextcloud" = { config = lib.mkIf (config.sysconfig.docker.nextcloud.enable && config.sysconfig.docker.enable) {
serviceConfig = {
Restart = lib.mkOverride 90 "always"; virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = {
RestartMaxDelaySec = lib.mkOverride 90 "1m"; image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9; serviceName = "docker-nextcloud";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
];
volumes = [
"nextcloud_aio_mastercontainer:/mnt/docker-aio-config"
"/run/docker.sock:/var/run/docker.sock:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.routers.${name}.middlewares" = "nextcloud-chain";
"traefik.http.middlewares.https-redirect.redirectScheme.scheme" = "https";
"traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders" = "X-Forwarded-Host";
"traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy" = "same-origin";
"traefik.http.middlewares.nextcloud-chain.chain.middlewares" = "https-redirect,nextcloud-secure-headers";
#"traefik.http.services.${name}.loadbalancer.server.port" = "11000";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:11000";
};
extraOptions = [
"--ip=192.168.101.17"
];
environment = {
APACHE_PORT = "11000";
APACHE_IP = "0.0.0.0";
APACHE_ADDITIONAL_NETWORK = "docker-main";
SKIP_DOMAIN_VALIDATION = "true";
TALK_PORT = "3479";
};
}; };
after = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
partOf = [
"docker-compose-nextcloud-root.target"
];
wantedBy = [
"docker-compose-nextcloud-root.target"
];
};
systemd.services."docker-volume-nextcloud" = { systemd.services."docker-nextcloud" = {
path = [ pkgs.docker ]; serviceConfig = {
serviceConfig = { Restart = lib.mkOverride 90 "always";
Type = "oneshot"; RestartMaxDelaySec = lib.mkOverride 90 "1m";
RemainAfterExit = true; RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
partOf = [
"docker-compose-nextcloud-root.target"
];
wantedBy = [
"docker-compose-nextcloud-root.target"
];
}; };
script = ''
docker volume inspect nextcloud_aio_mastercontainer || docker volume create nextcloud_aio_mastercontainer --driver=local
'';
partOf = [ "docker-compose-nextcloud-root.target" ];
wantedBy = [ "docker-compose-nextcloud-root.target" ];
};
systemd.targets."docker-compose-nextcloud-root" = { systemd.services."docker-volume-nextcloud" = {
wantedBy = [ "multi-user.target" ]; path = [ pkgs.docker ];
}; serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect nextcloud_aio_mastercontainer || docker volume create nextcloud_aio_mastercontainer --driver=local
'';
partOf = [ "docker-compose-nextcloud-root.target" ];
wantedBy = [ "docker-compose-nextcloud-root.target" ];
};
systemd.targets."docker-compose-nextcloud-root" = {
wantedBy = [ "multi-user.target" ];
};
};
}; };
} }

107
system/virtualization/docker/ollama/default.nix
View File

@@ -1,4 +1,6 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
hostPort = 11434; hostPort = 11434;
@@ -6,67 +8,68 @@
name = "ollama"; name = "ollama";
in { in {
options.sysconfig.docker.ollama.enable = with lib; mkOption { options.sysconfig.docker.ollama.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker.ollama.enable && config.sysconfig.docker.enable) {
environment.systemPackages = with pkgs; [
ollama
];
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
"ve-openwebui" = {
allowedTCPPorts = [ hostPort ];
};
}; };
virtualisation.oci-containers.containers.ollama = { config = lib.mkIf (config.sysconfig.docker.ollama.enable && config.sysconfig.docker.enable) {
image = "ollama/ollama:latest";
# unstable, waiting for 26.05 environment.systemPackages = with pkgs; [
#pull = "newer"; ollama
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
]; ];
ports = [ networking.firewall.interfaces = {
"${builtins.toString hostPort}:11434" "ve-traefik" = {
]; allowedTCPPorts = [ hostPort ];
};
volumes = [ "ve-openwebui" = {
"vol_ollama:/root/.ollama" allowedTCPPorts = [ hostPort ];
]; };
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "11434";
}; };
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ virtualisation.oci-containers.containers.ollama = {
"--device=nvidia.com/gpu=all" image = "ollama/ollama:latest";
"--ip=192.168.101.22"
];
environment = { # unstable, waiting for 26.05
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "32000"; #pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"${builtins.toString hostPort}:11434"
];
volumes = [
"vol_ollama:/root/.ollama"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "11434";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.22"
];
environment = {
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "32000";
};
}; };
}; };
}; };

165
system/virtualization/docker/openwebui/default.nix
View File

@@ -1,96 +1,99 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "ai"; subdomain = "ai";
name = "openwebui"; name = "openwebui";
in { in {
options.sysconfig.docker.openwebui.enable = with lib; mkOption { options.sysconfig.docker.openwebui.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker.openwebui.enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers.openwebui = {
image = "ghcr.io/open-webui/open-webui:v0.7.2";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
/*ports = [
"${builtins.toString hostPort}:8080"
];*/
volumes = [
"vol_openwebui:/app/backend/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8080";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.8"
];
environment = {
};
}; };
systemd.services."docker-openwebui" = { config = lib.mkIf (config.sysconfig.docker.openwebui.enable && config.sysconfig.docker.enable) {
serviceConfig = {
Restart = lib.mkOverride 90 "always"; virtualisation.oci-containers.containers.openwebui = {
RestartMaxDelaySec = lib.mkOverride 90 "1m"; image = "ghcr.io/open-webui/open-webui:v0.7.2";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9; # unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
/*ports = [
"${builtins.toString hostPort}:8080"
];*/
volumes = [
"vol_openwebui:/app/backend/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8080";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.8"
];
environment = {
};
}; };
after = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
partOf = [
"docker-compose-openwebui-root.target"
];
wantedBy = [
"docker-compose-openwebui-root.target"
];
};
systemd.services."docker-volume-openwebui" = { systemd.services."docker-openwebui" = {
path = [ pkgs.docker ]; serviceConfig = {
serviceConfig = { Restart = lib.mkOverride 90 "always";
Type = "oneshot"; RestartMaxDelaySec = lib.mkOverride 90 "1m";
RemainAfterExit = true; RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
partOf = [
"docker-compose-openwebui-root.target"
];
wantedBy = [
"docker-compose-openwebui-root.target"
];
}; };
script = ''
docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=local
'';
partOf = [ "docker-compose-openwebui-root.target" ];
wantedBy = [ "docker-compose-openwebui-root.target" ];
};
systemd.targets."docker-compose-openwebui-root" = { systemd.services."docker-volume-openwebui" = {
wantedBy = [ "multi-user.target" ]; path = [ pkgs.docker ];
}; serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=local
'';
partOf = [ "docker-compose-openwebui-root.target" ];
wantedBy = [ "docker-compose-openwebui-root.target" ];
};
systemd.targets."docker-compose-openwebui-root" = {
wantedBy = [ "multi-user.target" ];
};
};
}; };
} }

0
system/virtualization/docker/passbolt/docker-compose.nix → system/virtualization/docker/passbolt/docker-compose.nix-txt
View File

123
system/virtualization/docker/pihole/default.nix
View File

@@ -1,4 +1,6 @@
{ config, lib, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, ... }: let
hostPort = 9001; hostPort = 9001;
@@ -6,76 +8,77 @@
name = "pihole"; name = "pihole";
in { in {
options.sysconfig.docker.pihole.enable = with lib; mkOption { options.sysconfig.docker.pihole.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker.pihole.enable && config.sysconfig.docker.enable) {
virtualisation.docker.daemon.settings.dns = [ "192.168.101.12" ];
environment.etc."resolv.conf" = {
enable = true;
text = ''
nameserver 127.0.0.1
nameserver 1.1.1.1
nameserver 1.0.0.1
options edns0
'';
user = "root";
mode = "0664";
};
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
}; };
virtualisation.oci-containers.containers.pihole = { config = lib.mkIf (config.sysconfig.docker.pihole.enable && config.sysconfig.docker.enable) {
image = "pihole/pihole:latest";
# unstable, waiting for 26.05 virtualisation.docker.daemon.settings.dns = [ "192.168.101.12" ];
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com"; environment.etc."resolv.conf" = {
enable = true;
text = ''
nameserver 127.0.0.1
nameserver 1.1.1.1
nameserver 1.0.0.1
options edns0
'';
networks = [ user = "root";
"docker-main" mode = "0664";
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "80";
}; };
extraOptions = [ networking.firewall.interfaces = {
"--ip=192.168.101.12" "ve-traefik" = {
]; allowedTCPPorts = [ hostPort ];
};
};
ports = [ virtualisation.oci-containers.containers.pihole = {
"${builtins.toString hostPort}:80" image = "pihole/pihole:latest";
"127.0.0.1:53:53/tcp"
"127.0.0.1:53:53/udp"
];
volumes = [ # unstable, waiting for 26.05
"vol_pihole:/etc/pihole" #pull = "newer";
];
environment = { hostname = "${subdomain}.esotericbytes.com";
FTLCONF_webserver_api_password = "7567";
FTLCONF_dns_listeningMode = "ALL"; networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "80";
};
extraOptions = [
"--ip=192.168.101.12"
];
ports = [
"${builtins.toString hostPort}:80"
"127.0.0.1:53:53/tcp"
"127.0.0.1:53:53/udp"
];
volumes = [
"vol_pihole:/etc/pihole"
];
environment = {
FTLCONF_webserver_api_password = "7567";
FTLCONF_dns_listeningMode = "ALL";
};
}; };
}; };
}; };

93
system/virtualization/docker/portainer/default.nix
View File

@@ -1,4 +1,6 @@
{ config, lib, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, ... }: let
hostPort = 9000; hostPort = 9000;
@@ -6,57 +8,58 @@
name = "portainer"; name = "portainer";
in { in {
options.sysconfig.docker.portainer.enable = with lib; mkOption { options.sysconfig.docker.portainer.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = true; default = true;
};
config = lib.mkIf (config.sysconfig.docker.portainer.enable && config.sysconfig.docker.enable) {
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
}; };
virtualisation.oci-containers.containers.portainer = { config = lib.mkIf (config.sysconfig.docker.portainer.enable && config.sysconfig.docker.enable) {
image = "portainer/portainer-ce:latest";
# unstable, waiting for 26.05 networking.firewall.interfaces = {
#pull = "newer"; "ve-traefik" = {
allowedTCPPorts = [ hostPort ];
hostname = "${subdomain}.esotericbytes.com"; };
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "9000";
}; };
ports = [ virtualisation.oci-containers.containers.portainer = {
"127.0.0.1:8000:8000" image = "portainer/portainer-ce:latest";
"${builtins.toString hostPort}:9000"
];
extraOptions = [
"--ip=192.168.101.10"
];
volumes = [ # unstable, waiting for 26.05
"vol_portainer:/data" #pull = "newer";
"/run/docker.sock:/var/run/docker.sock"
]; hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "9000";
};
ports = [
"127.0.0.1:8000:8000"
"${builtins.toString hostPort}:9000"
];
extraOptions = [
"--ip=192.168.101.10"
];
volumes = [
"vol_portainer:/data"
"/run/docker.sock:/var/run/docker.sock"
];
};
}; };
}; };
} }

0
system/virtualization/docker/rustdesk/docker-compose.nix → system/virtualization/docker/rustdesk/docker-compose.nix-txt
View File

81
system/virtualization/docker/searxng/default.nix
View File

@@ -1,58 +1,61 @@
{ config, lib, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, ... }: let
subdomain = "searxng"; subdomain = "searxng";
name = "searxng"; name = "searxng";
in { in {
options.sysconfig.docker.searxng.enable = with lib; mkOption { options.sysconfig.docker.searxng.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
}; };
config = lib.mkIf (config.sysconfig.docker.searxng.enable && config.sysconfig.docker.enable) { config = lib.mkIf (config.sysconfig.docker.searxng.enable && config.sysconfig.docker.enable) {
environment.etc."searxng/settings.yml".source = ./settings.yml;
virtualisation.oci-containers.containers.searxng = { environment.etc."searxng/settings.yml".source = ./settings.yml;
image = "searxng/searxng:latest";
# unstable, waiting for 26.05 virtualisation.oci-containers.containers.searxng = {
#pull = "newer"; image = "searxng/searxng:latest";
hostname = "${subdomain}.esotericbytes.com"; # unstable, waiting for 26.05
#pull = "newer";
networks = [ hostname = "${subdomain}.esotericbytes.com";
"docker-main"
];
labels = { networks = [
"traefik.enable" = "true"; "docker-main"
"traefik.http.routers.${name}.entrypoints" = "localsecure"; ];
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "8080";
};
ports = [ labels = {
]; "traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
extraOptions = [ #"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"--ip=192.168.101.9" "traefik.http.services.${name}.loadbalancer.server.port" = "8080";
]; };
volumes = [ ports = [
"vol_searxng_settings:/etc/searxng/" ];
"vol_searxng_data:/var/cache/searxng/"
"/etc/searxng/settings.yml:/etc/searxng/settings.yml"
];
environment = { extraOptions = [
SEARXNG_SECRET = "2e8b4fcf4c0f46b097496f2d5715dbb061bd5cac78c64d0f5a0bee27f013f3c0"; "--ip=192.168.101.9"
];
volumes = [
"vol_searxng_settings:/etc/searxng/"
"vol_searxng_data:/var/cache/searxng/"
"/etc/searxng/settings.yml:/etc/searxng/settings.yml"
];
environment = {
SEARXNG_SECRET = "2e8b4fcf4c0f46b097496f2d5715dbb061bd5cac78c64d0f5a0bee27f013f3c0";
};
}; };
}; };
}; };

187
system/virtualization/docker/traefik/default.nix
View File

@@ -1,108 +1,111 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.docker.traefik.enable = with lib; mkOption { flake.nixosModules.default = { config, lib, ... }: {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.traefik.enable && config.sysconfig.docker.enable) { options.sysconfig.docker.traefik.enable = with lib; mkOption {
type = with types; bool;
networking.firewall.allowedTCPPorts = [ 80 81 443 444 2222 ]; default = false;
sops.secrets = {
"traefik/cf_email" = {};
"traefik/cf_api_key" = {};
}; };
sops.templates."traefik.env" = { config = lib.mkIf (config.sysconfig.docker.traefik.enable && config.sysconfig.docker.enable) {
content = ''
CF_API_EMAIL=${config.sops.placeholder."traefik/cf_email"} networking.firewall.allowedTCPPorts = [ 80 81 443 444 2222 ];
sops.secrets = {
"traefik/cf_email" = {};
"traefik/cf_api_key" = {};
};
sops.templates."traefik.env" = {
content = ''
CF_API_EMAIL=${config.sops.placeholder."traefik/cf_email"}
CF_DNS_API_TOKEN=${config.sops.placeholder."traefik/cf_api_key"} CF_DNS_API_TOKEN=${config.sops.placeholder."traefik/cf_api_key"}
''; '';
};
environment.etc = (builtins.listToAttrs (builtins.map (x: {
name = "traefik/${x}";
value = {
source = ./config/${x};
mode = "0664";
};
}) (builtins.attrNames (builtins.readDir ./config))));
/*environment.etc."traefik/traefik.yml" = {
source = ./config/traefik.yml;
};
environment.etc."traefik/routing.yml" = {
source = ./config/routing.yml;
};*/
virtualisation.oci-containers.containers.traefik = {
image = "traefik:v3.6";
environment = {
TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}";
};
environmentFiles = [ config.sops.templates."traefik.env".path ];
volumes = [
"/etc/traefik/:/etc/traefik/"
"/run/docker.sock:/var/run/docker.sock"
];
networks = [
"docker-main"
];
ports = [
"80:80"
"81:81"
"443:443"
"444:444"
"2222:2222"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.dashboard.rule" = "Host(`traefik.esotericbytes.com`)";
"traefik.http.routers.dashboard.entrypoints" = "websecure,localsecure";
"traefik.http.routers.dashboard.service" = "api@internal";
"traefik.http.routers.dashboard.tls.certResolver" = "cloudflare";
}; };
extraOptions = [ environment.etc = (builtins.listToAttrs (builtins.map (x: {
"--ip=192.168.101.11" name = "traefik/${x}";
]; value = {
source = ./config/${x};
mode = "0664";
};
}) (builtins.attrNames (builtins.readDir ./config))));
log-driver = "journald"; /*environment.etc."traefik/traefik.yml" = {
}; source = ./config/traefik.yml;
systemd.services."docker-traefik" = { };
serviceConfig = { environment.etc."traefik/routing.yml" = {
Restart = lib.mkOverride 90 "always"; source = ./config/routing.yml;
RestartMaxDelaySec = lib.mkOverride 90 "1m"; };*/
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9; virtualisation.oci-containers.containers.traefik = {
image = "traefik:v3.6";
environment = {
TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}";
};
environmentFiles = [ config.sops.templates."traefik.env".path ];
volumes = [
"/etc/traefik/:/etc/traefik/"
"/run/docker.sock:/var/run/docker.sock"
];
networks = [
"docker-main"
];
ports = [
"80:80"
"81:81"
"443:443"
"444:444"
"2222:2222"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.dashboard.rule" = "Host(`traefik.esotericbytes.com`)";
"traefik.http.routers.dashboard.entrypoints" = "websecure,localsecure";
"traefik.http.routers.dashboard.service" = "api@internal";
"traefik.http.routers.dashboard.tls.certResolver" = "cloudflare";
};
extraOptions = [
"--ip=192.168.101.11"
];
log-driver = "journald";
};
systemd.services."docker-traefik" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
];
requires = [
"docker-network-setup.service"
];
partOf = [
"docker-compose-traefik-root.target"
];
wantedBy = [
"docker-compose-traefik-root.target"
];
}; };
after = [
"docker-network-setup.service"
];
requires = [
"docker-network-setup.service"
];
partOf = [
"docker-compose-traefik-root.target"
];
wantedBy = [
"docker-compose-traefik-root.target"
];
};
# Root service # Root service
# When started, this will automatically create all resources and start # When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources. # the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-traefik-root" = { systemd.targets."docker-compose-traefik-root" = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
};
}; };
}; };
} }

46
system/virtualization/virtual-machines/default.nix
View File

@@ -1,31 +1,27 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.virtual-machines.enable = with lib; mkOption { flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = with types; bool;
default = false;
};
imports = let options.sysconfig.virtual-machines.enable = with lib; mkOption {
dir = builtins.readDir ./.; type = with types; bool;
in builtins.map (x: ./${x}) (builtins.filter default = false;
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
config = lib.mkIf config.sysconfig.virtual-machines.enable {
programs.virt-manager.enable = true;
virtualisation = {
libvirtd = {
enable = true;
qemu.swtpm.enable = true;
};
spiceUSBRedirection.enable = true;
}; };
environment.systemPackages = with pkgs; lib.mkIf config.sysconfig.graphical [ config = lib.mkIf config.sysconfig.virtual-machines.enable {
virt-viewer programs.virt-manager.enable = true;
];
virtualisation = {
libvirtd = {
enable = true;
qemu.swtpm.enable = true;
};
spiceUSBRedirection.enable = true;
};
environment.systemPackages = with pkgs; lib.mkIf config.sysconfig.graphical [
virt-viewer
];
};
}; };
} }

22
system/virtualization/virtual-machines/home-assistant/default.nix
View File

@@ -1,13 +1,17 @@
{ config, lib, ... }: { { ... }: {
flake.nixosModules.default = { config, lib, ... }: {
options.sysconfig.virtual-machines.home-assistant = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.virtual-machines.home-assistant.enable {
options.sysconfig.virtual-machines.home-assistant = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
}; };
}; };
config = lib.mkIf config.sysconfig.virtual-machines.home-assistant.enable {
};
} }

Some files were not shown because too many files have changed in this diff Show More