Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Blunkall-Technologies:master
Branches Tags
Blunkall-Technologies:master Blunkall-Technologies:dev
...
compare: Blunkall-Technologies:c8cfd433ae832a19c24910ff0b4c9b5108d8daaa
Branches Tags
Blunkall-Technologies:dev Blunkall-Technologies:master

23 Commits
master ... c8cfd433ae

Author SHA1 Message Date
Nathan
c8cfd433ae test 2026-03-06 19:39:21 -06:00
Nathan
60dd114bcc update aurora 2026-03-06 19:35:52 -06:00
Nathan
ac12242060 update aurora 2026-03-06 19:31:03 -06:00
Nathan
c3f12243d8 Begin Dendritic rewrite 2026-03-06 19:17:00 -06:00
Nathan
e296f298b1 Begin Dendritic rewrite 2026-03-06 19:07:55 -06:00
Nathan
f656be3dfb Begin Dendritic rewrite 2026-03-06 19:05:37 -06:00
Nathan
eb5b08c8f0 Begin Dendritic rewrite 2026-03-06 18:46:38 -06:00
Nathan
fa9ca0ec63 Begin Dendritic rewrite 2026-03-06 18:37:21 -06:00
Nathan
fd10360294 Begin Dendritic rewrite 2026-03-06 18:27:39 -06:00
Nathan
0237820306 Begin Dendritic rewrite 2026-03-06 18:26:41 -06:00
Nathan
64b6b6b763 Begin Dendritic rewrite 2026-03-06 18:23:19 -06:00
Nathan
78b1b26b91 Begin Dendritic rewrite 2026-03-06 16:34:10 -06:00
Nathan
44eb6492f2 Begin Dendritic rewrite 2026-03-06 16:32:07 -06:00
Nathan
597f51e7b2 Begin Dendritic rewrite 2026-03-06 16:25:23 -06:00
Nathan
c1684a80f7 Begin Dendritic rewrite 2026-03-06 16:24:53 -06:00
Nathan
f3a90a0fe8 test 2026-02-28 19:01:49 -06:00
Nathan
11089070ba test 2026-02-28 18:05:10 -06:00
Nathan
8697469f5f add authentik middleware 2026-02-28 17:56:12 -06:00
Nathan
fa6abcfd98 add ssh key 2026-02-28 17:26:54 -06:00
Nathan
7f0629f313 work on docker gitea 2026-02-25 09:03:17 -06:00
Nathan
1a088bc501 no nextcloud for now 2026-02-20 21:35:52 -06:00
Nathan
0f70cf9bbc add localsend 2026-02-14 18:02:53 -06:00
Nathan
fbf6864350 ollama ip 2026-02-04 00:15:51 -06:00
113 changed files with 4620 additions and 5379 deletions
Expand all files Collapse all files

3
.gitmodules vendored
View File

@@ -4,6 +4,3 @@
[submodule "machines/laptop"]
path = machines/laptop
url = ssh://gitea@gitea.esotericbytes.com:2222/Blunkall-Technologies/laptop
[submodule "machines/android"]
path = machines/android
url = ssh://gitea@gitea.esotericbytes.com:2222/Blunkall-Technologies/android

12
flake-parts.nix Normal file
View File

@@ -0,0 +1,12 @@
{ inputs, ... }: {
imports = [
inputs.home-manager.flakeModules.home-manager
inputs.disko.flakeModules.default
];
systems = [
"x86_64-linux"
"aarch64-linux"
];
}

312
flake.lock generated
View File

@@ -20,11 +20,11 @@
]
},
"locked": {
"lastModified": 1769428758,
"narHash": "sha256-0G/GzF7lkWs/yl82bXuisSqPn6sf8YGTnbEdFOXvOfU=",
"lastModified": 1772292445,
"narHash": "sha256-4F1Q7U313TKUDDovCC96m/Za4wZcJ3yqtu4eSrj8lk8=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "def5e74c97370f15949a67c62e61f1459fcb0e15",
"rev": "1dbbba659c1cef0b0202ce92cadfe13bae550e8f",
"type": "github"
},
"original": {
@@ -33,6 +33,27 @@
"type": "github"
}
},
"aurora": {
"inputs": {
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"import-tree": "import-tree",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1772847308,
"narHash": "sha256-Gqi7kEVS+f7ZUbWPu3GWnmTA7HkLJLESdByPWlM/AeM=",
"ref": "refs/heads/master",
"rev": "dcd330939be56daa7033b2a0572336c798a5c79f",
"revCount": 4,
"type": "git",
"url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora"
},
"original": {
"type": "git",
"url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@@ -40,11 +61,11 @@
]
},
"locked": {
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"lastModified": 1772699110,
"narHash": "sha256-jkyo/9fZVB3F/PHk3fVK1ImxJBZ71DCOYZvAz4R4v4E=",
"owner": "nix-community",
"repo": "disko",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"rev": "42affa9d33750ac0a0a89761644af20d8d03e6ee",
"type": "github"
},
"original": {
@@ -61,11 +82,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1770091431,
"narHash": "sha256-9Sqq/hxq8ZDLRSzu+edn0OfWG+FAPWFpwMKaJobeLec=",
"lastModified": 1772824881,
"narHash": "sha256-NqX+JCA8hRV3GoYrsqnHB2IWKte1eQ8NK2WVbJkORcw=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "4f827ff035c6ddc58d04c45abe5b777d356b926a",
"rev": "07e1616c9b13fe4794dad4bcc33cd7088c554465",
"type": "gitlab"
},
"original": {
@@ -91,26 +112,46 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
@@ -125,7 +166,7 @@
"type": "github"
}
},
"flake-parts_2": {
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
@@ -170,17 +211,35 @@
}
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1772845525,
"narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769580047,
"narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=",
"lastModified": 1772633058,
"narHash": "sha256-SO7JapRy2HPhgmqiLbfnW1kMx5rakPMKZ9z3wtRLQjI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826",
"rev": "080657a04188aca25f8a6c70a0fb2ea7e37f1865",
"type": "github"
},
"original": {
@@ -235,11 +294,11 @@
]
},
"locked": {
"lastModified": 1769284023,
"narHash": "sha256-xG34vwYJ79rA2wVC8KFuM8r36urJTG6/csXx7LiiSYU=",
"lastModified": 1770511807,
"narHash": "sha256-suKmSbSk34uPOJDTg/GbPrKEJutzK08vj0VoTvAFBCA=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "13c536659d46893596412d180449353a900a1d31",
"rev": "7c75487edd43a71b61adb01cae8326d277aab683",
"type": "github"
},
"original": {
@@ -259,17 +318,17 @@
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"hyprwire": "hyprwire",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_3",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems",
"xdph": "xdph"
},
"locked": {
"lastModified": 1770079745,
"narHash": "sha256-rQ4no/+LHuHlqDbJopj6fgS9GUsv1NSycrVhIoLPnbs=",
"lastModified": 1772833450,
"narHash": "sha256-W/2pHWOVr+jCr/Bzm1mndsZdg7kWjYsYsouLk1nCLLk=",
"ref": "refs/heads/main",
"rev": "30756d871845a6058a840642ab1a4c3979f6d782",
"revCount": 6859,
"rev": "4152ac76d0813d9d0f67d2f04653a13fa6e17433",
"revCount": 6996,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
@@ -367,11 +426,11 @@
]
},
"locked": {
"lastModified": 1767983607,
"narHash": "sha256-8C2co8NYfR4oMOUEsPROOJ9JHrv9/ktbJJ6X1WsTbXc=",
"lastModified": 1771866172,
"narHash": "sha256-fYFoXhQLrm1rD8vSFKQBOEX4OGCuJdLt1amKfHd5GAw=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "d4037379e6057246b408bbcf796cf3e9838af5b2",
"rev": "0b219224910e7642eb0ed49f0db5ec3d008e3e41",
"type": "github"
},
"original": {
@@ -444,11 +503,11 @@
]
},
"locked": {
"lastModified": 1766253372,
"narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=",
"lastModified": 1771271487,
"narHash": "sha256-41gEiUS0Pyw3L/ge1l8MXn61cK14VAhgWB/JV8s/oNI=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9",
"rev": "340a792e3b3d482c4ae5f66d27a9096bdee6d76d",
"type": "github"
},
"original": {
@@ -469,11 +528,11 @@
]
},
"locked": {
"lastModified": 1763640274,
"narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
"lastModified": 1770501770,
"narHash": "sha256-NWRM6+YxTRv+bT9yvlhhJ2iLae1B1pNH3mAL5wi2rlQ=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
"rev": "0bd8b6cde9ec27d48aad9e5b4deefb3746909d40",
"type": "github"
},
"original": {
@@ -498,11 +557,11 @@
]
},
"locked": {
"lastModified": 1769202094,
"narHash": "sha256-gdJr/vWWLRW85ucatSjoBULPB2dqBJd/53CZmQ9t91Q=",
"lastModified": 1771606233,
"narHash": "sha256-F3PLUqQ/TwgR70U+UeOqJnihJZ2EuunzojYC4g5xHr0=",
"owner": "hyprwm",
"repo": "hyprwire",
"rev": "a45ca05050d22629b3c7969a926d37870d7dd75c",
"rev": "06c7f1f8c4194786c8400653c4efc49dc14c0f3a",
"type": "github"
},
"original": {
@@ -511,33 +570,43 @@
"type": "github"
}
},
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_2",
"systems": "systems_2"
},
"import-tree": {
"locked": {
"lastModified": 1770000653,
"narHash": "sha256-QO/twGynxjOSUDtxbqJLshc/Q5/wImLH5O6KV2p9eoE=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "6a2ddb643aaf7949caa6158e718c5efc3dda7dc1",
"lastModified": 1772344373,
"narHash": "sha256-OQQ1MhB9t1J71b2wxRRTdH/Qd8UGG0p+dGspfCf5U1c=",
"owner": "vic",
"repo": "import-tree",
"rev": "10fda59eee7d7970ec443b925f32a1bc7526648c",
"type": "github"
},
"original": {
"owner": "Infinidoge",
"repo": "nix-minecraft",
"owner": "vic",
"repo": "import-tree",
"type": "github"
}
},
"import-tree_2": {
"locked": {
"lastModified": 1772344373,
"narHash": "sha256-OQQ1MhB9t1J71b2wxRRTdH/Qd8UGG0p+dGspfCf5U1c=",
"owner": "vic",
"repo": "import-tree",
"rev": "10fda59eee7d7970ec443b925f32a1bc7526648c",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "import-tree",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"lastModified": 1772542754,
"narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4",
"type": "github"
},
"original": {
@@ -548,6 +617,36 @@
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_3": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
@@ -564,11 +663,11 @@
},
"nixpkgs-us": {
"locked": {
"lastModified": 1770019141,
"narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=",
"lastModified": 1772624091,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"type": "github"
},
"original": {
@@ -580,11 +679,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"lastModified": 1772433332,
"narHash": "sha256-izhTDFKsg6KeVBxJS9EblGeQ8y+O8eCa6RcW874vxEc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"rev": "cf59864ef8aa2e178cccedbe2c178185b0365705",
"type": "github"
},
"original": {
@@ -596,11 +695,27 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1770056022,
"narHash": "sha256-yvCz+Qmci1bVucXEyac3TdoSPMtjqVJmVy5wro6j/70=",
"lastModified": 1772198003,
"narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1772598333,
"narHash": "sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr+5U=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d04d8548aed39902419f14a8537006426dc1e4fa",
"rev": "fabb8c9deee281e50b1065002c9828f2cf7b2239",
"type": "github"
},
"original": {
@@ -610,7 +725,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
@@ -626,7 +741,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1768875095,
"narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=",
@@ -644,8 +759,8 @@
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_4",
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_5",
"nixvim": "nixvim_2"
},
"locked": {
@@ -664,9 +779,9 @@
},
"nixvim_2": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_5",
"systems": "systems_3"
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_6",
"systems": "systems_2"
},
"locked": {
"lastModified": 1769644746,
@@ -692,11 +807,11 @@
]
},
"locked": {
"lastModified": 1769069492,
"narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
"lastModified": 1772024342,
"narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
"rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476",
"type": "github"
},
"original": {
@@ -707,12 +822,14 @@
},
"root": {
"inputs": {
"aurora": "aurora",
"disko": "disko",
"firefox-addons": "firefox-addons",
"home-manager": "home-manager",
"flake-parts": "flake-parts_2",
"home-manager": "home-manager_2",
"hyprland": "hyprland",
"nix-minecraft": "nix-minecraft",
"nixpkgs": "nixpkgs_3",
"import-tree": "import-tree_2",
"nixpkgs": "nixpkgs_4",
"nixpkgs-us": "nixpkgs-us",
"nixvim": "nixvim",
"sops-nix": "sops-nix"
@@ -725,11 +842,11 @@
]
},
"locked": {
"lastModified": 1769921679,
"narHash": "sha256-twBMKGQvaztZQxFxbZnkg7y/50BW9yjtCBWwdjtOZew=",
"lastModified": 1772495394,
"narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "1e89149dcfc229e7e2ae24a8030f124a31e4f24f",
"rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff",
"type": "github"
},
"original": {
@@ -768,21 +885,6 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [

185
flake.nix
View File

@@ -21,187 +21,32 @@
inputs.nixpkgs.follows = "nixpkgs";
};
flake-parts.url = "github:hercules-ci/flake-parts";
import-tree.url = "github:vic/import-tree";
firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
#simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
nixvim.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai";
aurora.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora";
self.submodules = true;
};
outputs = { self, nixpkgs, home-manager, ... } @ inputs: {
profiles = let
dir = builtins.readDir ./profiles;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = { ... }: {
imports = [
./system
./profiles/${name}
];
};
})) filtered)
);
homes = let
dir = builtins.readDir ./homes;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = { ... } @ exputs: {
imports = [ (import ./homes/${name}/home-manager (exputs // inputs)) ];
};
})) filtered)
);
iso = (nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inputs = inputs // {
nathan = self.homes.nathan;
inherit self;
};
};
modules = [
self.profiles.iso
];
}).config.system.build.isoImage;
templates = {
nixos = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/nixos;
};
home-manager = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/home-manager;
};
nix-on-droid = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/nix-on-droid;
};
machines = let
dir = builtins.readDir ./machines;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = {
welcomeText = ''
#Welcome to Olympus!
##Warning:
This is a config for ${name}, an established machine!
It may require significant alterations to be usable!
'';
description = ''
Generate this where you want your config.
'';
path = ./machines/${name};
};
})) filtered)
);
homes = let
dir = builtins.readDir ./homes;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = {
welcomeText = ''
#Welcome home, ${name}!
Your config is right here.
'';
description = ''
Generate this where you want your config.
'';
path = ./homes/${name};
};
})) filtered)
);
default = self.templates.nixos;
};
nixosConfigurations = let
dir = builtins.readDir ./machines;
filtered = builtins.filter (x: dir.${x} == "directory" && x != "android") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = nixpkgs.lib.nixosSystem {
specialArgs = inputs;
modules = [
{ sysconfig.host = name; }
./machines/${name}
self.profiles.${name}
];
};
})) filtered)
);
};
outputs = { ... } @ inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; }
(inputs.import-tree [
./profiles
./homes
./machines
./system
./templates/default.nix
./flake-parts.nix
]);
}

40
homes/nathan/flake.nix
View File

@@ -1,40 +0,0 @@
{
description = "Home-Manager Configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
olympus = {
url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Olympus";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
};
outputs = { self, nixpkgs, home-manager, olympus, ... } @ inputs: {
homeConfigurations = {
nathan = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs {
system = builtins.currentSystem;
};
modules = [
olympus.homes.nathan
./home.nix
];
extraSpecialArgs = {
inherit inputs;
};
};
};
};
}

188
homes/nathan/home-manager/default.nix
View File

@@ -1,114 +1,114 @@
{ config, lib, pkgs, inputs, ... }: {
{ inputs, ... }: {
imports = let
dir = builtins.readDir ./.;
in (builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
)) ++ [
inputs.sops-nix.homeManagerModules.sops
];
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
options.homeconfig = with lib; {
imports = [
inputs.sops-nix.homeManagerModules.sops
];
name = mkOption {
type = with types; nullOr str;
default = null;
};
options.homeconfig = with lib; {
graphical = mkOption {
type = with types; bool;
default = true;
};
name = mkOption {
type = with types; nullOr str;
default = null;
};
standalone = mkOption {
type = with types; bool;
default = false;
};
graphical = mkOption {
type = with types; bool;
default = true;
};
virtual-machines = mkOption {
type = with types; bool;
default = false;
};
};
standalone = mkOption {
type = with types; bool;
default = false;
};
config = {
homeconfig = {
name = "nathan";
mpd.enable = lib.mkDefault true;
calcurse.enable = lib.mkDefault true;
git.enable = lib.mkDefault true;
nh.enable = lib.mkDefault true;
minimal = lib.mkDefault false;
hyprland.enable = lib.mkDefault config.homeconfig.graphical;
hyprlock.enable = lib.mkDefault config.homeconfig.hyprland.enable;
wal.enable = lib.mkDefault config.homeconfig.graphical;
hyprpanel.enable = lib.mkDefault config.homeconfig.hyprland.enable;
rofi.enable = lib.mkDefault config.homeconfig.hyprland.enable;
firefox.enable = lib.mkDefault config.homeconfig.graphical;
};
home.username = lib.mkDefault config.homeconfig.name;
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
home.stateVersion = "23.11";
home.pointerCursor = lib.mkIf config.homeconfig.graphical {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 16;
};
dconf.settings = lib.mkIf config.homeconfig.virtual-machines {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
virtual-machines = mkOption {
type = with types; bool;
default = false;
};
};
gtk = lib.mkIf (config.homeconfig.graphical && config.homeconfig.hyprland.enable) {
enable = true;
theme.name = "Tokyonight-Dark";
theme.package = pkgs.tokyonight-gtk-theme;
iconTheme.package = pkgs.rose-pine-icon-theme;
iconTheme.name = "rose-pine-moon";
};
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
config = {
#secrets."remoteBuildKey" = {};
};
homeconfig = {
name = "nathan";
services.mpris-proxy.enable = true;
mpd.enable = lib.mkDefault true;
calcurse.enable = lib.mkDefault true;
git.enable = lib.mkDefault true;
nh.enable = lib.mkDefault true;
programs.ssh = {
enable = true;
minimal = lib.mkDefault false;
hyprland.enable = lib.mkDefault config.homeconfig.graphical;
hyprlock.enable = lib.mkDefault config.homeconfig.hyprland.enable;
wal.enable = lib.mkDefault config.homeconfig.graphical;
#hyprpanel.enable = lib.mkDefault config.homeconfig.hyprland.enable;
rofi.enable = lib.mkDefault config.homeconfig.hyprland.enable;
firefox.enable = lib.mkDefault config.homeconfig.graphical;
matchBlocks = {
"builder" = {
hostname = "esotericbytes.com";
user = "remote-builder";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
"remote" = {
hostname = "esotericbytes.com";
user = "nathan";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
aurora.enable = lib.mkDefault config.homeconfig.hyprland.enable;
};
home.username = lib.mkDefault config.homeconfig.name;
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
home.stateVersion = "23.11";
home.pointerCursor = lib.mkIf config.homeconfig.graphical {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 16;
};
dconf.settings = lib.mkIf config.homeconfig.virtual-machines {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
};
};
};
gtk = lib.mkIf (config.homeconfig.graphical && config.homeconfig.hyprland.enable) {
enable = true;
theme.name = "Tokyonight-Dark";
theme.package = pkgs.tokyonight-gtk-theme;
iconTheme.package = pkgs.rose-pine-icon-theme;
iconTheme.name = "rose-pine-moon";
};
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."remoteBuildKey" = {};
};
services.mpris-proxy.enable = true;
programs.ssh = {
enable = true;
matchBlocks = {
"builder" = {
hostname = "esotericbytes.com";
user = "remote-builder";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
"remote" = {
hostname = "esotericbytes.com";
user = "nathan";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
};
};
};
};
}

21
homes/nathan/home-manager/dotfiles/default.nix
View File

@@ -1,12 +1,15 @@
{ config, lib, ... }: {
{ ... }: {
home.file = {
".config/hypr" = lib.mkIf config.homeconfig.hyprland.enable { source = ./hypr; recursive = true; };
".config/hyprpanel" = lib.mkIf config.homeconfig.hyprpanel.enable { source = ./hyprpanel; recursive = true; };
".config/wal/templates" = lib.mkIf config.homeconfig.wal.enable { source = ./wal/templates; recursive = true; };
".config/ohmyposh" = { source = ./ohmyposh; recursive = true; };
".config/quickshell" = lib.mkIf config.homeconfig.quickshell.enable { source = ./quickshell; recursive = true; };
"Pictures/Wallpaper" = lib.mkIf config.homeconfig.graphical { source = ./Wallpaper; recursive = true; };
};
flake.homeModules.nathan = { config, lib, ... }: {
home.file = {
".config/hypr" = lib.mkIf config.homeconfig.hyprland.enable { source = ./hypr; recursive = true; };
".config/hyprpanel" = lib.mkIf config.homeconfig.hyprpanel.enable { source = ./hyprpanel; recursive = true; };
".config/wal/templates" = lib.mkIf config.homeconfig.wal.enable { source = ./wal/templates; recursive = true; };
".config/ohmyposh" = { source = ./ohmyposh; recursive = true; };
".config/quickshell" = lib.mkIf config.homeconfig.quickshell.enable { source = ./quickshell; recursive = true; };
"Pictures/Wallpaper" = lib.mkIf config.homeconfig.graphical { source = ./Wallpaper; recursive = true; };
};
};
}

126
homes/nathan/home-manager/packages/default.nix
View File

@@ -1,23 +1,21 @@
{ config, lib, pkgs, inputs, ... }: let
system = "x86_64-linux";
{ inputs, ... }: {
flake.homeModules.nathan = { config, lib, pkgs, ... }: let
system = pkgs.stdenv.hostPlatform;
pkgs-us = import inputs.nixpkgs-us {
inherit system;
config.allowUnfree = true;
inherit system;
config.allowUnfree = true;
};
in {
imports = [
./scripts
];
options.homeconfig.minimal = with lib; options.mkOption {
type = with types; bool;
default = false;
};
options.homeconfig.minimal = with lib; options.mkOption {
type = with types; bool;
default = false;
};
config = with lib; mkMerge [
config = with lib; mkMerge [
{
home.packages = with pkgs; [
@@ -49,71 +47,73 @@
}
(mkIf config.homeconfig.graphical {
home.packages = with pkgs; [
grim
slurp
xfce.thunar
wl-clipboard
blueberry
];
})
home.packages = with pkgs; [
grim
slurp
xfce.thunar
wl-clipboard
blueberry
];
})
(mkIf (!config.homeconfig.minimal) {
home.packages = with pkgs; [
cava
android-tools
neovim-remote
zulu
fastfetch
ncmpcpp
playerctl
mpc
ffmpeg
];
})
home.packages = with pkgs; [
cava
android-tools
neovim-remote
zulu
fastfetch
ncmpcpp
playerctl
mpc
ffmpeg
];
})
(mkIf (!config.homeconfig.minimal && config.homeconfig.graphical) {
nixpkgs.config = {
allowUnfree = true;
};
nixpkgs.config = {
allowUnfree = true;
};
home.packages = with pkgs; [
handbrake
quickemu
bottles
home.packages = with pkgs; [
pkgs-us.runapp
brightnessctl
libdbusmenu-gtk3
lmms
handbrake
quickemu
bottles
pkgs-us.runapp
brightnessctl
libdbusmenu-gtk3
lmms
#unfree {
geogebra
spotify
discord
geogebra
spotify
discord
#}
rustdesk-flutter
mpv
vlc
pavucontrol
rpi-imager
tigervnc
keepassxc
rustdesk-flutter
mpv
vlc
pavucontrol
rpi-imager
tigervnc
keepassxc
localsend
#3D modeling/printing
blender
freecad-wayland
cura-appimage
blender
freecad-wayland
cura-appimage
#productivity
libreoffice
libreoffice
#games
prismlauncher
];
prismlauncher
];
})
];
];
};
}

251
homes/nathan/home-manager/packages/scripts/default.nix
View File

@@ -1,135 +1,138 @@
{ config, lib, pkgs, inputs, ... }: let
{ inputs, ... }: {
system = "x86_64-linux";
flake.homeModules.nathan = { config, lib, pkgs, ... }: let
system = "x86_64-linux";
pkgs-us = import inputs.nixpkgs-us {
inherit system;
config.allowUnfree = true;
inherit system;
config.allowUnfree = true;
};
in {
options = {
homeconfig.scripts.enable = lib.options.mkOption {
type = lib.types.bool;
default = true;
options = {
homeconfig.scripts.enable = lib.options.mkOption {
type = lib.types.bool;
default = true;
};
};
config = lib.mkMerge [
(lib.mkIf (config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
${pkgs-us.runapp}/bin/runapp ''$@
#uwsm app -- ''$@
'')
];
})
(lib.mkIf (!config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
eval "''$@"
'')
];
})
(lib.mkIf config.homeconfig.scripts.enable {
home.packages = [
#scripts
(pkgs.writeShellScriptBin "randWallpaper" ''
file=''$(ls ${config.home.homeDirectory}/Pictures/Wallpaper/ | shuf -n 1)
setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/''$file
'')
(pkgs.writeShellScriptBin "setWallpaper" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
img=''$(realpath "''${1:-$(find ~/Pictures/Wallpaper/* | rofi -dmenu)}")
n=''$(basename "''$img")
ext="''${n''\#''\#*.}"
out=''${3:-/dev/null}
if [[ ''$ext == "gif" || ''$ext == "mp4" ]]; then
yes | ${pkgs.ffmpeg}/bin/ffmpeg -i "''$img" -vframes 1 /tmp/nathan/tmp.jpg >> ''$out
cp /tmp/nathan/tmp.jpg /tmp/nathan/tmp2.jpg
pidof mpvpaper && pkill mpvpaper
${pkgs.swww}/bin/swww img /tmp/nathan/tmp.jpg -t wipe >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp2.jpg >> ''$out
sleep 0.3
hyprctl dispatch exec "${pkgs.mpvpaper}/bin/mpvpaper ALL ''$img -o loop"
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp.jpg >> ''$out
rm /tmp/nathan/tmp2.jpg
else
pidof mpvpaper && pkill mpvpaper
hyprctl dispatch exec "${pkgs.swww}/bin/swww img ''$img -t wipe" >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw "''$img" >> ''$out
fi
changeColors "''$img" "''$2" >> ''$out
'')
(pkgs.writeShellScriptBin "changeColors" ''
img=''$(realpath "''$1")
alpha=''${2:-70}
if [[ ''$alpha -lt 0 ]]; then
alpha=0
elif [[ ''$alpha -gt 100 ]]; then
alpha=100
fi
if [[ -f ~/.config/wal/colorschemes/dark/''$(basename "''$img")-''$alpha.json ]]; then
${pkgs.pywal16}/bin/wal -n -f "''$(basename "''$img")-''$alpha"
else
${pkgs.pywal16}/bin/wal -n -i "''$img" -a "''$alpha" --cols16 -p "''$(basename "''$img")-''$alpha"
fi
colorPrefix
'')
(pkgs.writeShellScriptBin "colorPrefix" ''
pidof firefox > /dev/null && ${pkgs.pywalfox-native}/bin/pywalfox update &
pidof kitty > /dev/null && pkill -USR1 kitty
pidof cava > /dev/null && pkill -USR1 cava
for i in ''$(ls /run/user/1000 | grep nvim); do
${pkgs.neovim-remote}/bin/nvr -s --servername /run/user/1000/''$i --remote-send '<cmd>colorscheme pywal<CR>';
done
eval "''$@"
'')
(pkgs.writeShellScriptBin "onSystemStart" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then
rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid
fi
hyprctl --batch "\
dispatch exec ${pkgs.swww}/bin/swww-daemon ;\
dispatch exec setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ;\
dispatch exec ${pkgs.pyprland}/bin/pypr ;\
dispatch exec ${pkgs.netbird-ui}/bin/netbird-ui ;\
dispatch exec ${pkgs.hyprpolkitagent}/libexec/hyprpolkitagent ;\
setcursor Bibata-Modern-Classic 16"
sleep 3
hyprctl reload
hyprctl dispatch exec ${pkgs.pyprland}/bin/pypr toggle calendar
#tmux new-session -s hyprland
'')
];
})
];
};
config = lib.mkMerge [
(lib.mkIf (config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
${pkgs-us.runapp}/bin/runapp ''$@
#uwsm app -- ''$@
'')
];
})
(lib.mkIf (!config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
eval "''$@"
'')
];
})
(lib.mkIf config.homeconfig.scripts.enable {
home.packages = [
#scripts
(pkgs.writeShellScriptBin "randWallpaper" ''
file=''$(ls ${config.home.homeDirectory}/Pictures/Wallpaper/ | shuf -n 1)
setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/''$file
'')
(pkgs.writeShellScriptBin "setWallpaper" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
img=''$(realpath "''${1:-$(find ~/Pictures/Wallpaper/* | rofi -dmenu)}")
n=''$(basename "''$img")
ext="''${n''\#''\#*.}"
out=''${3:-/dev/null}
if [[ ''$ext == "gif" || ''$ext == "mp4" ]]; then
yes | ${pkgs.ffmpeg}/bin/ffmpeg -i "''$img" -vframes 1 /tmp/nathan/tmp.jpg >> ''$out
cp /tmp/nathan/tmp.jpg /tmp/nathan/tmp2.jpg
pidof mpvpaper && pkill mpvpaper
${pkgs.swww}/bin/swww img /tmp/nathan/tmp.jpg -t wipe >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp2.jpg >> ''$out
sleep 0.3
hyprctl dispatch exec "${pkgs.mpvpaper}/bin/mpvpaper ALL ''$img -o loop"
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp.jpg >> ''$out
rm /tmp/nathan/tmp2.jpg
else
pidof mpvpaper && pkill mpvpaper
hyprctl dispatch exec "${pkgs.swww}/bin/swww img ''$img -t wipe" >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw "''$img" >> ''$out
fi
changeColors "''$img" "''$2" >> ''$out
'')
(pkgs.writeShellScriptBin "changeColors" ''
img=''$(realpath "''$1")
alpha=''${2:-70}
if [[ ''$alpha -lt 0 ]]; then
alpha=0
elif [[ ''$alpha -gt 100 ]]; then
alpha=100
fi
if [[ -f ~/.config/wal/colorschemes/dark/''$(basename "''$img")-''$alpha.json ]]; then
${pkgs.pywal16}/bin/wal -n -f "''$(basename "''$img")-''$alpha"
else
${pkgs.pywal16}/bin/wal -n -i "''$img" -a "''$alpha" --cols16 -p "''$(basename "''$img")-''$alpha"
fi
colorPrefix
'')
(pkgs.writeShellScriptBin "colorPrefix" ''
pidof firefox > /dev/null && ${pkgs.pywalfox-native}/bin/pywalfox update &
pidof kitty > /dev/null && pkill -USR1 kitty
pidof cava > /dev/null && pkill -USR1 cava
for i in ''$(ls /run/user/1000 | grep nvim); do
${pkgs.neovim-remote}/bin/nvr -s --servername /run/user/1000/''$i --remote-send '<cmd>colorscheme pywal<CR>';
done
eval "''$@"
'')
(pkgs.writeShellScriptBin "onSystemStart" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then
rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid
fi
hyprctl --batch "\
dispatch exec ${pkgs.swww}/bin/swww-daemon ;\
dispatch exec setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ;\
dispatch exec ${pkgs.pyprland}/bin/pypr ;\
dispatch exec ${pkgs.netbird-ui}/bin/netbird-ui ;\
dispatch exec ${pkgs.hyprpolkitagent}/libexec/hyprpolkitagent ;\
setcursor Bibata-Modern-Classic 16"
sleep 3
hyprctl reload
hyprctl dispatch exec ${pkgs.pyprland}/bin/pypr toggle calendar
#tmux new-session -s hyprland
'')
];
})
];
}

21
homes/nathan/home-manager/programs/aurora/default.nix Normal file
View File

@@ -0,0 +1,21 @@
{ inputs, ... }: {
flake.homeModules.nathan = { config, lib, ... }: {
imports = [
inputs.aurora.homeModules.default
];
options.homeconfig.aurora.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf config.homeconfig.aurora.enable {
programs.aurora = {
enable = true;
};
};
};
}

23
homes/nathan/home-manager/programs/calcurse/default.nix
View File

@@ -1,14 +1,17 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
options.homeconfig.calcurse.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
config = lib.mkIf config.homeconfig.calcurse.enable {
home.packages = with pkgs; [
calcurse
libnotify
];
options.homeconfig.calcurse.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.calcurse.enable {
home.packages = with pkgs; [
calcurse
libnotify
];
};
};
}

21
homes/nathan/home-manager/programs/default.nix
View File

@@ -1,19 +1,14 @@
{ config, lib, pkgs, inputs, ... }: {
{ inputs, ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
config = {
config = {
home.packages = lib.mkIf (!config.homeconfig.wal.enable) [
inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.default
];
home.packages = lib.mkIf (!config.homeconfig.wal.enable) [
inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.default
];
home.sessionVariables.EDITOR = "nvim";
home.sessionVariables.EDITOR = "nvim";
};
};
}

79
homes/nathan/home-manager/programs/firefox/default.nix
View File

@@ -1,59 +1,62 @@
{ config, lib, pkgs, inputs, ... }: {
{ inputs, ... }: {
options.homeconfig.firefox.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
config = lib.mkIf config.homeconfig.firefox.enable {
options.homeconfig.firefox.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
home.sessionVariables.BROWSER = "${config.programs.firefox.package}/bin/firefox";
config = lib.mkIf config.homeconfig.firefox.enable {
home.packages = lib.mkIf config.homeconfig.wal.enable [
pkgs.pywalfox-native
];
home.sessionVariables.BROWSER = "${config.programs.firefox.package}/bin/firefox";
home.file.".mozilla/native-messaging-hosts/pywalfox.json".text = let
pywalfox-wrapper = pkgs.writeShellScriptBin "pywalfox-wrapper" ''
home.packages = lib.mkIf config.homeconfig.wal.enable [
pkgs.pywalfox-native
];
home.file.".mozilla/native-messaging-hosts/pywalfox.json".text = let
pywalfox-wrapper = pkgs.writeShellScriptBin "pywalfox-wrapper" ''
${pkgs.pywalfox-native}/bin/pywalfox start
'';
in lib.replaceStrings [ "<path>" ] [
"${pywalfox-wrapper}/bin/pywalfox-wrapper"
] (lib.readFile "${pkgs.pywalfox-native}/lib/python3.13/site-packages/pywalfox/assets/manifest.json");
'';
in lib.replaceStrings [ "<path>" ] [
"${pywalfox-wrapper}/bin/pywalfox-wrapper"
] (lib.readFile "${pkgs.pywalfox-native}/lib/python3.13/site-packages/pywalfox/assets/manifest.json");
programs.firefox = {
programs.firefox = {
enable = true;
package = pkgs.firefox;
enable = true;
package = pkgs.firefox;
profiles.nathan = {
search = {
default = "ddg";
privateDefault = "ddg";
force = true;
};
bookmarks = {
force = true;
settings = [
profiles.nathan = {
search = {
default = "ddg";
privateDefault = "ddg";
force = true;
};
bookmarks = {
force = true;
settings = [
{
name = "toolbar";
toolbar = true;
bookmarks = [
{
name = "NixOS Search - Packages";
url = "https://search.nixos.org/packages";
}
{
name = "NixOS Search - Packages";
url = "https://search.nixos.org/packages";
}
];
}
];
};
extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
ublock-origin
keepassxc-browser
pywalfox
];
};
extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
ublock-origin
keepassxc-browser
pywalfox
];
};
};
};

71
homes/nathan/home-manager/programs/git/default.nix
View File

@@ -1,44 +1,47 @@
{ config, lib, ... }: {
{ ... }: {
options.homeconfig.git.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.homeModules.nathan = { config, lib, ... }: {
config = lib.mkIf config.homeconfig.git.enable {
sops = {
secrets = {
"git/username" = {};
"git/email" = {};
};
templates.gitconfig.content = ''
[user]
name = "${config.sops.placeholder."git/username"}"
email = "${config.sops.placeholder."git/email"}"
'';
options.homeconfig.git.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
programs.git = {
enable = true;
includes = [
{ path = "${config.sops.templates.gitconfig.path}"; }
];
settings = {
init = {
defaultBranch = "master";
config = lib.mkIf config.homeconfig.git.enable {
sops = {
secrets = {
"git/username" = {};
"git/email" = {};
};
safe.directory = "/etc/nixos";
templates.gitconfig.content = ''
[user]
name = "${config.sops.placeholder."git/username"}"
email = "${config.sops.placeholder."git/email"}"
'';
};
url = {
"ssh://gitea@gitea.esotericbytes.com/" = {
insteadOf = [
"server:"
];
programs.git = {
enable = true;
includes = [
{ path = "${config.sops.templates.gitconfig.path}"; }
];
settings = {
init = {
defaultBranch = "master";
};
safe.directory = "/etc/nixos";
url = {
"ssh://gitea@gitea.esotericbytes.com/" = {
insteadOf = [
"server:"
];
};
};
};
};

75
homes/nathan/home-manager/programs/hyprland/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
options.homeconfig.hyprland.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
config = lib.mkIf config.homeconfig.hyprland.enable {
options.homeconfig.hyprland.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
home.sessionVariables.NIX_OZONE_WL = "1";
config = lib.mkIf config.homeconfig.hyprland.enable {
programs.kitty.enable = lib.mkDefault true;
home.sessionVariables.NIX_OZONE_WL = "1";
home.packages = with pkgs; [
pyprland
];
programs.kitty.enable = lib.mkDefault true;
home.activation.extraHyprFile = lib.hm.dag.entryAfter ["writeBoundary"] ''
if [[ ! -f ${config.home.homeDirectory}/.config/hypr/otf.conf ]]; then
touch ${config.home.homeDirectory}/.config/hypr/otf.conf
fi
home.packages = with pkgs; [
pyprland
];
if [[ ! -f ${config.home.homeDirectory}/.config/background ]]; then
cp ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ${config.home.homeDirectory}/.config/background
chmod 600 ${config.home.homeDirectory}/.config/background
fi
'';
home.activation.extraHyprFile = lib.hm.dag.entryAfter ["writeBoundary"] ''
if [[ ! -f ${config.home.homeDirectory}/.config/hypr/otf.conf ]]; then
touch ${config.home.homeDirectory}/.config/hypr/otf.conf
fi
if [[ ! -f ${config.home.homeDirectory}/.config/background ]]; then
cp ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ${config.home.homeDirectory}/.config/background
chmod 600 ${config.home.homeDirectory}/.config/background
fi
'';
wayland.windowManager.hyprland = {
wayland.windowManager.hyprland = {
enable = true;
enable = true;
systemd = {
enable = false;
variables = [ "--all" ];
};
extraConfig = (if config.homeconfig.hyprpanel.enable then ''
bind = , Print, exec, bash -c ${pkgs.hyprpanel}/share/scripts/screenshot.sh"
'' else ''
bind = , Print, exec, grim -g "$(slurp)"
'') + ''
source = ${config.home.homeDirectory}/.config/hypr/main.conf
exec-shutdown = if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid; fi
'';
systemd = {
enable = false;
variables = [ "--all" ];
};
extraConfig = (if config.homeconfig.hyprpanel.enable then ''
bind = , Print, exec, bash -c ${pkgs.hyprpanel}/share/scripts/screenshot.sh"
'' else ''
bind = , Print, exec, grim -g "$(slurp)"
'') + ''
source = ${config.home.homeDirectory}/.config/hypr/main.conf
exec-shutdown = if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid; fi
'';
};
};
}

85
homes/nathan/home-manager/programs/hyprlock/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
options.homeconfig.hyprlock.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
config = lib.mkIf config.homeconfig.hyprlock.enable {
programs.hyprlock = {
enable = true;
options.homeconfig.hyprlock.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
services.hypridle = {
enable = true;
config = lib.mkIf config.homeconfig.hyprlock.enable {
settings = {
programs.hyprlock = {
enable = true;
};
general = {
lock_cmd = "pidof hyprlock || hyprlock"; # avoid starting multiple hyprlock instances.
before_sleep_cmd = "loginctl lock-session"; # lock before suspend.
after_sleep_cmd = "hyprctl --instance 0 dispatch dpms on"; # to avoid having to press a key twice to turn on the display.
services.hypridle = {
enable = true;
settings = {
general = {
lock_cmd = "pidof hyprlock || hyprlock"; # avoid starting multiple hyprlock instances.
before_sleep_cmd = "loginctl lock-session"; # lock before suspend.
after_sleep_cmd = "hyprctl --instance 0 dispatch dpms on"; # to avoid having to press a key twice to turn on the display.
};
listener = [
{
timeout = 150; # 2.5min.
on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
on-resume = "brightnessctl -r"; # monitor backlight restore.
}
{
timeout = 300; # 5min
on-timeout = "loginctl lock-session"; # lock screen when timeout has passed
}
{
timeout = 330; # 5.5min
on-timeout = "hyprctl --instance 0 dispatch dpms off"; # screen off when timeout has passed
on-resume = "hyprctl --instance 0 dispatch dpms on && brightnessctl -r"; # screen on when activity is detected after timeout has fired.
}
{
timeout = 1800; # 30min
on-timeout = "systemctl suspend"; # suspend pc
}
];
};
listener = [
{
timeout = 150; # 2.5min.
on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
on-resume = "brightnessctl -r"; # monitor backlight restore.
}
{
timeout = 300; # 5min
on-timeout = "loginctl lock-session"; # lock screen when timeout has passed
}
{
timeout = 330; # 5.5min
on-timeout = "hyprctl --instance 0 dispatch dpms off"; # screen off when timeout has passed
on-resume = "hyprctl --instance 0 dispatch dpms on && brightnessctl -r"; # screen on when activity is detected after timeout has fired.
}
{
timeout = 1800; # 30min
on-timeout = "systemctl suspend"; # suspend pc
}
];
};
};
};

21
homes/nathan/home-manager/programs/hyprpanel/default.nix
View File

@@ -1,14 +1,17 @@
{ config, lib, ... }: {
{ ... }: {
options.homeconfig.hyprpanel.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
flake.homeModules.nathan = { config, lib, ... }: {
config = lib.mkIf config.homeconfig.hyprpanel.enable {
programs.hyprpanel = {
enable = true;
options.homeconfig.hyprpanel.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf config.homeconfig.hyprpanel.enable {
programs.hyprpanel = {
enable = true;
};
};
};
}

31
homes/nathan/home-manager/programs/nh/default.nix
View File

@@ -1,21 +1,24 @@
{ config, lib, inputs, ... }: {
{ inputs, ... }: {
options.homeconfig.nh.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.homeModules.nathan = { config, lib, ... }: {
config = lib.mkIf config.homeconfig.nh.enable {
programs.nh = {
enable = true;
package = let pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux"; }; in pkgs-us.nh;
#flake = "${config.home.homeDirectory}/Projects/Olympus";
options.homeconfig.nh.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
clean = {
config = lib.mkIf config.homeconfig.nh.enable {
programs.nh = {
enable = true;
dates = "weekly";
extraArgs = "--keep 5 --keep-since 5d";
package = let pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux"; }; in pkgs-us.nh;
#flake = "${config.home.homeDirectory}/Projects/Olympus";
clean = {
enable = true;
dates = "weekly";
extraArgs = "--keep 5 --keep-since 5d";
};
};
};
};

27
homes/nathan/home-manager/programs/pywal/default.nix
View File

@@ -1,19 +1,22 @@
{ config, lib, pkgs, inputs, ... }: {
{ inputs, ... }: {
options.homeconfig.wal.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
config = lib.mkIf config.homeconfig.wal.enable {
options.homeconfig.wal.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
home.packages = with pkgs; [
inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.pywal
config = lib.mkIf config.homeconfig.wal.enable {
pywal16
imagemagick
];
home.packages = with pkgs; [
inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.pywal
pywal16
imagemagick
];
};
};
}

37
homes/nathan/home-manager/programs/quickshell/default.nix
View File

@@ -1,26 +1,29 @@
{ config, lib, ... }: {
{ ... }: {
options.homeconfig.quickshell.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
flake.homeModules.nathan = { config, lib, ... }: {
config = lib.mkIf config.homeconfig.quickshell.enable {
programs.quickshell = {
enable = true;
options.homeconfig.quickshell.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
configs = {
config = lib.mkIf config.homeconfig.quickshell.enable {
default = config.homeDirectory + "/${config.home.file.".config/quickshell".target}";
};
systemd = {
programs.quickshell = {
enable = true;
target = lib.mkIf config.homeconfig.hyprland.enable "wayland-session@Hyprland.target";
};
activeConfig = "default";
configs = {
default = config.homeDirectory + "/${config.home.file.".config/quickshell".target}";
};
systemd = {
enable = true;
target = lib.mkIf config.homeconfig.hyprland.enable "wayland-session@Hyprland.target";
};
activeConfig = "default";
};
};
};
}

27
homes/nathan/home-manager/programs/rofi/default.nix
View File

@@ -1,19 +1,22 @@
{ config, lib, pkgs, ... }: {
options.homeconfig.rofi.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
{ ... }: {
config = lib.mkIf config.homeconfig.rofi.enable {
programs.rofi = {
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enable = true;
package = pkgs.rofi;
options.homeconfig.rofi.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
cycle = true;
config = lib.mkIf config.homeconfig.rofi.enable {
programs.rofi = {
theme = "/home/nathan/.cache/wal/colors-rofi-dark.rasi";
enable = true;
package = pkgs.rofi;
cycle = true;
theme = "/home/nathan/.cache/wal/colors-rofi-dark.rasi";
};
};
};
}

48
homes/nathan/home-manager/programs/terminal/bash/default.nix
View File

@@ -1,31 +1,35 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
home.packages = with pkgs; [ oh-my-posh ];
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
programs.bash = {
enable = true;
enableCompletion = true;
home.packages = with pkgs; [ oh-my-posh ];
shellAliases = {
ls = "eza";
ll = "ls -l";
programs.bash = {
enable = true;
enableCompletion = true;
ksh = "kitten ssh";
shellAliases = {
ls = "eza";
ll = "ls -l";
vi = "nvim";
vim = "nvim";
ksh = "kitten ssh";
v = "nvim";
vi = "nvim";
vim = "nvim";
};
bashrcExtra = ''
source ${pkgs.blesh}/share/blesh/ble.sh
'';
initExtra = if config.homeconfig.wal.enable then (lib.mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
'') else (lib.mkBefore ''
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)"
'');
};
bashrcExtra = ''
source ${pkgs.blesh}/share/blesh/ble.sh
'';
initExtra = if config.homeconfig.wal.enable then (lib.mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
'') else (lib.mkBefore ''
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)"
'');
};
}

27
homes/nathan/home-manager/programs/terminal/bat/default.nix
View File

@@ -1,18 +1,21 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
programs.bat = {
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enable = true;
programs.bat = {
extraPackages = with pkgs.bat-extras; [
batman
batpipe
batgrep
batdiff
batwatch
prettybat
];
enable = true;
extraPackages = with pkgs.bat-extras; [
batman
batpipe
batgrep
batdiff
batwatch
prettybat
];
};
};
};
}

17
homes/nathan/home-manager/programs/terminal/default.nix
View File

@@ -1,17 +0,0 @@
{ ... }: {
imports = [
./bat
./bash
./eza
./fzf
./lf
./tmux
./kitty
./zoxide
./zsh
./ssh
./ohmyposh
./opencode
];
}

23
homes/nathan/home-manager/programs/terminal/eza/default.nix
View File

@@ -1,17 +1,20 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
programs.eza = {
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enable = true;
programs.eza = {
enableZshIntegration = true;
enable = true;
extraOptions = [
"--color=auto"
];
enableZshIntegration = true;
git = true;
extraOptions = [
"--color=auto"
];
icons = "auto";
};
git = true;
icons = "auto";
};
};
}

21
homes/nathan/home-manager/programs/terminal/fzf/default.nix
View File

@@ -1,15 +1,18 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
programs.fzf = {
enable = true;
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enableZshIntegration = true;
programs.fzf = {
tmux = {
#enableShellIntegration = true;
enable = true;
#shellIntegrationOptions = [];
enableZshIntegration = true;
tmux = {
#enableShellIntegration = true;
#shellIntegrationOptions = [];
};
};
};
};
}

61
homes/nathan/home-manager/programs/terminal/kitty/default.nix
View File

@@ -1,33 +1,36 @@
{ config, ... }: {
programs.kitty = {
enable = true;
{ ... }: {
font = {
name = "FiraCode Nerd Font";
size = 12;
flake.homeModules.nathan = { config, ... }: {
programs.kitty = {
enable = true;
font = {
name = "FiraCode Nerd Font";
size = 12;
};
extraConfig = ''
confirm_os_window_close 0
include ${config.home.homeDirectory}/.cache/wal/colors-kitty.conf
disable_ligatures never
dynamic_background_opacity yes
tab_bar_edge top
map ctrl+shift+t new_tab
map ctrl+shift+w close_tab
map ctrl+tab next_tab
map ctrl+shift+tab previous_tab
'';
};
};
extraConfig = ''
confirm_os_window_close 0
include ${config.home.homeDirectory}/.cache/wal/colors-kitty.conf
disable_ligatures never
dynamic_background_opacity yes
tab_bar_edge top
map ctrl+shift+t new_tab
map ctrl+shift+w close_tab
map ctrl+tab next_tab
map ctrl+shift+tab previous_tab
'';
};
}

9
homes/nathan/home-manager/programs/terminal/lf/default.nix
View File

@@ -1,7 +1,10 @@
{ ... }: {
config = {
programs.lf = {
enable = true;
flake.homeModules.nathan = { ... }: {
config = {
programs.lf = {
enable = true;
};
};
};
}

229
homes/nathan/home-manager/programs/terminal/ohmyposh/default.nix
View File

@@ -1,136 +1,139 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
home.packages = with pkgs; [
oh-my-posh
];
programs.zsh = {
initContent = with lib; mkMerge [
(mkIf config.homeconfig.wal.enable (mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
''))
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
(mkIf (!config.homeconfig.wal.enable) (mkBefore ''
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)"
''))
];
home.packages = with pkgs; [
oh-my-posh
];
};
programs.zsh = {
home.file.".config/wal/templates/ohmyposh.toml".text = ''
initContent = with lib; mkMerge [
(mkIf config.homeconfig.wal.enable (mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
''))
(mkIf (!config.homeconfig.wal.enable) (mkBefore ''
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)"
''))
];
};
home.file.".config/wal/templates/ohmyposh.toml".text = ''
#:schema https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json
version = 2
final_space = true
console_title_template = '{{{{ .Shell }}}} in {{{{ .Folder }}}}'
version = 2
final_space = true
console_title_template = '{{{{ .Shell }}}} in {{{{ .Folder }}}}'
[[blocks]]
type = 'prompt'
alignment = 'left'
newline = true
[[blocks]]
type = 'prompt'
alignment = 'left'
newline = true
[[blocks.segments]]
type = 'os'
style = 'diamond'
trailing_diamond = ''
background = 'p:c1'
foreground = 'p:c12'
template = ' {{{{ .Icon }}}} '
[[blocks.segments]]
type = 'os'
style = 'diamond'
trailing_diamond = ''
background = 'p:c1'
foreground = 'p:c12'
template = ' {{{{ .Icon }}}} '
[[blocks.segments]]
type = 'session'
style = 'diamond'
trailing_diamond = ''
background = 'p:c2'
foreground = 'p:c14'
template = '{{{{ .UserName }}}}@{{{{ .HostName }}}}'
[[blocks.segments]]
type = 'session'
style = 'diamond'
trailing_diamond = ''
background = 'p:c2'
foreground = 'p:c14'
template = '{{{{ .UserName }}}}@{{{{ .HostName }}}}'
[[blocks.segments]]
type = 'path'
style = 'diamond'
trailing_diamond = ''
background = 'p:c4'
foreground = 'p:c13'
template = '{{{{ .Path }}}}'
[[blocks.segments]]
type = 'path'
style = 'diamond'
trailing_diamond = ''
background = 'p:c4'
foreground = 'p:c13'
template = '{{{{ .Path }}}}'
[blocks.segments.properties]
style = 'full'
[blocks.segments.properties]
style = 'full'
[[blocks]]
type = 'prompt'
overflow = 'hidden'
alignment = 'right'
[[blocks]]
type = 'prompt'
overflow = 'hidden'
alignment = 'right'
[[blocks.segments]]
type = 'executiontime'
style = 'diamond'
leading_diamond = ''
background = 'p:c4'
foreground = 'p:c13'
template = '{{{{ .FormattedMs }}}}'
[[blocks.segments]]
type = 'executiontime'
style = 'diamond'
leading_diamond = ''
background = 'p:c4'
foreground = 'p:c13'
template = '{{{{ .FormattedMs }}}}'
[[blocks.segments]]
type = 'time'
style = 'diamond'
leading_diamond = ''
background = 'p:c2'
foreground = 'p:c14'
[[blocks.segments]]
type = 'time'
style = 'diamond'
leading_diamond = ''
background = 'p:c2'
foreground = 'p:c14'
[[blocks.segments]]
type = 'shell'
style = 'diamond'
leading_diamond = ''
background = 'p:c1'
foreground = 'p:c12'
[[blocks.segments]]
type = 'shell'
style = 'diamond'
leading_diamond = ''
background = 'p:c1'
foreground = 'p:c12'
[[blocks]]
type = 'prompt'
alignment = 'left'
newline = true
[[blocks]]
type = 'prompt'
alignment = 'left'
newline = true
[[blocks.segments]]
type = 'text'
style = 'plain'
background = 'transparent'
foreground_templates = [
"{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}",
"{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}",
]
template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}"
[[blocks.segments]]
type = 'text'
style = 'plain'
background = 'transparent'
foreground_templates = [
"{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}",
"{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}",
]
template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}"
[transient_prompt]
foreground_templates = [
"{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}",
"{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}",
]
background = 'transparent'
template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}"
[transient_prompt]
foreground_templates = [
"{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}",
"{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}",
]
background = 'transparent'
template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}"
[secondary_prompt]
background = 'transparent'
forground = 'p:c14'
template = " "
[secondary_prompt]
background = 'transparent'
forground = 'p:c14'
template = " "
[palette]
[palette]
c0 = "{color0}"
c1 = "{color1}"
c2 = "{color2}"
c3 = "{color3}"
c4 = "{color4}"
c5 = "{color5}"
c6 = "{color6}"
c7 = "{color7}"
c8 = "{color8}"
c9 = "{color9}"
c10 = "{color10}"
c11 = "{color11}"
c12 = "{color12}"
c13 = "{color13}"
c14 = "{color14}"
c15 = "{color15}"
'';
c0 = "{color0}"
c1 = "{color1}"
c2 = "{color2}"
c3 = "{color3}"
c4 = "{color4}"
c5 = "{color5}"
c6 = "{color6}"
c7 = "{color7}"
c8 = "{color8}"
c9 = "{color9}"
c10 = "{color10}"
c11 = "{color11}"
c12 = "{color12}"
c13 = "{color13}"
c14 = "{color14}"
c15 = "{color15}"
'';
};
}

63
homes/nathan/home-manager/programs/terminal/opencode/default.nix
View File

@@ -1,48 +1,51 @@
{ config, lib, ... }: {
{ ... }: {
options.homeconfig.opencode.enable = with lib; mkOption {
type = with types; bool;
default = true;
};
flake.homeModules.nathan = { config, lib, ... }: {
config = lib.mkIf config.homeconfig.opencode.enable {
options.homeconfig.opencode.enable = with lib; mkOption {
type = with types; bool;
default = true;
};
programs.opencode = {
enable = true;
config = lib.mkIf config.homeconfig.opencode.enable {
settings = {
theme = "system";
model = "ollama-remote/qwen3:8b";
programs.opencode = {
enable = true;
provider = {
ollama-local = {
name = "Ollama (local)";
settings = {
theme = "system";
model = "ollama-remote/qwen3:8b";
npm = "@ai-sdk/openai-compatible";
provider = {
ollama-local = {
name = "Ollama (local)";
options.baseURL = "http://localhost:11434/v1";
npm = "@ai-sdk/openai-compatible";
options.baseURL = "http://localhost:11434/v1";
models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
};
models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
};
};
ollama-remote = {
name = "Ollama (remote)";
ollama-remote = {
name = "Ollama (remote)";
npm = "@ai-sdk/openai-compatible";
npm = "@ai-sdk/openai-compatible";
options.baseURL = "https://ollama.esotericbytes.com/v1";
options.baseURL = "https://ollama.esotericbytes.com/v1";
models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
};
models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
};
};
};
};

9
homes/nathan/home-manager/programs/terminal/ripgrep/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{ ... }: {
flake.homeModules.nathan = { ... }: {
programs.ripgrep = {
enable = true;
};
};
}

39
homes/nathan/home-manager/programs/terminal/ssh/default.nix
View File

@@ -1,24 +1,27 @@
{ ... }: {
programs.ssh = {
flake.homeModules.nathan = { ... }: {
enable = true;
programs.ssh = {
# defaults as of 25.11
matchBlocks."*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
enable = true;
# defaults as of 25.11
matchBlocks."*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
enableDefaultConfig = false;
};
};
enableDefaultConfig = false;
};
}

39
homes/nathan/home-manager/programs/terminal/tmux/default.nix
View File

@@ -1,23 +1,26 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
programs.tmux = {
enable = true;
clock24 = true;
mouse = true;
baseIndex = 1;
keyMode = "vi";
prefix = "C-b";
shell = "${pkgs.zsh}/bin/zsh";
};
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
programs.tmux = {
enable = true;
clock24 = true;
mouse = true;
baseIndex = 1;
keyMode = "vi";
prefix = "C-b";
shell = "${pkgs.zsh}/bin/zsh";
};
};
}

19
homes/nathan/home-manager/programs/terminal/zoxide/default.nix
View File

@@ -1,13 +1,16 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
programs.zoxide = {
flake.homeModules.nathan = { ... }: {
enable = true;
programs.zoxide = {
enableZshIntegration = true;
enable = true;
options = [
"--cmd cd"
];
};
enableZshIntegration = true;
options = [
"--cmd cd"
];
};
};
}

63
homes/nathan/home-manager/programs/terminal/zsh/default.nix
View File

@@ -1,37 +1,40 @@
{ lib, ... }: {
{ ... }: {
programs.zsh = {
enable = true;
flake.homeModules.nathan = { lib, ... }: {
initContent = lib.mkOrder 1200 ''
bindkey ' ' magic-space
'';
enableCompletion = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = {
ls = "eza";
ll = "ls -l";
programs.zsh = {
ksh = "kitten ssh";
enable = true;
vi = "nvim";
vim = "nvim";
initContent = lib.mkOrder 1200 ''
bindkey ' ' magic-space
'';
python = "python3.13";
python3 = "python3.13";
enableCompletion = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = {
ls = "eza";
ll = "ls -l";
ksh = "kitten ssh";
vi = "nvim";
vim = "nvim";
python = "python3.13";
python3 = "python3.13";
};
history = {
size = 5000;
ignoreAllDups = true;
ignoreSpace = true;
share = true;
};
};
};
history = {
size = 5000;
ignoreAllDups = true;
ignoreSpace = true;
share = true;
};
};
}

9
homes/nathan/home-manager/services/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
}

65
homes/nathan/home-manager/services/mpd/default.nix
View File

@@ -1,41 +1,44 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
options = {
homeconfig.mpd.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
options = {
homeconfig.mpd.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
};
config = lib.mkIf config.homeconfig.mpd.enable {
services.mpd = {
enable = true;
network.startWhenNeeded = true;
network.port = 6600;
network.listenAddress = "127.0.0.1";
musicDirectory = "/home/nathan/Music";
extraConfig = ''
audio_output {
type "pipewire"
name "Audio1"
}
config = lib.mkIf config.homeconfig.mpd.enable {
services.mpd = {
enable = true;
network.startWhenNeeded = true;
network.port = 6600;
network.listenAddress = "127.0.0.1";
musicDirectory = "/home/nathan/Music";
extraConfig = ''
audio_output {
type "pipewire"
name "Audio1"
}
audio_output {
type "fifo"
name "visualizer"
path "/tmp/mpd.fifo"
format "44100:16:1"
name "visualizer"
path "/tmp/mpd.fifo"
format "44100:16:1"
}
'';
'';
};
services.mpdris2 = {
enable = true;
mpd.host = "127.0.0.1";
mpd.port = 6600;
package = pkgs.mpdris2;
mpd.musicDirectory = "/home/nathan/Music";
notifications = true;
};
};
services.mpdris2 = {
enable = true;
mpd.host = "127.0.0.1";
mpd.port = 6600;
package = pkgs.mpdris2;
mpd.musicDirectory = "/home/nathan/Music";
notifications = true;
};
};
}

49
homes/nathan/home.nix
View File

@@ -1,25 +1,38 @@
{ lib, inputs, ... }:
{ self, inputs, ... }: {
{
flake.homeModules.nathan = { lib, ... }:
config = {
homeconfig = {
graphical = lib.mkDefault false;
minimal = lib.mkDefault false;
{
hyprland.enable = false;
};
config = {
homeconfig = {
graphical = lib.mkDefault false;
minimal = lib.mkDefault false;
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders = "ssh://builder x86_64-linux,aarch64-linux /run/secrets/remoteBuildKey 1 1 nixos-test,benchmark,big-parallel,kvm - -";
builders-use-substituters = true;
hyprland.enable = lib.mkDefault false;
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders = "ssh://builder x86_64-linux,aarch64-linux /run/secrets/remoteBuildKey 1 1 nixos-test,benchmark,big-parallel,kvm - -";
builders-use-substituters = true;
};
};
programs.home-manager.enable = true;
};
programs.home-manager.enable = true;
};
}
flake.homeConfigurations.nathan = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs {
system = builtins.currentSystem;
};
modules = [
self.homeModules.nathan
];
};
}

1
machines/android

Submodule machines/android deleted from 4ba07466f6

2
machines/homebox

Submodule machines/homebox updated: b2a72f1a24...105eb3477a

2
machines/laptop

Submodule machines/laptop updated: 37e225fad4...3c3c77825f

259
profiles/container/default.nix
View File

@@ -1,157 +1,160 @@
{ config, pkgs, lib, inputs, ... }:
{ inputs, ... }: {
{
imports =
[
inputs.home-manager.nixosModules.default
];
flake.nixosModules.container = { config, pkgs, lib, ... }:
config = {
hardware.nvidia.open = true;
{
imports =
[
boot.isContainer = true;
inputs.home-manager.nixosModules.default
services = {
xserver = {
];
config = {
hardware.nvidia.open = true;
boot.isContainer = true;
services = {
xserver = {
#enable = true;
videoDrivers = ["nvidia"];
};
displayManager = {
enable = true;
defaultSession = "plasma";
autoLogin = {
enable = true;
user = "nathan";
videoDrivers = ["nvidia"];
};
displayManager = {
enable = true;
defaultSession = "plasma";
autoLogin = {
enable = true;
user = "nathan";
};
};
pulseaudio.enable = false;
};
pulseaudio.enable = false;
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
/*
environment.sessionVariables = {
WLR_BACKENDS = "headless";
WLR_LIBINPUT_NO_DEVICES = "1";
};
*/
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users.defaultUserShell = pkgs.zsh;
systemd.extraConfig = "DefaultLimitNOFILE=2048";
/*
environment.sessionVariables = {
WLR_BACKENDS = "headless";
WLR_LIBINPUT_NO_DEVICES = "1";
};
*/
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users.defaultUserShell = pkgs.zsh;
nixpkgs = {
config.allowUnfree = true;
hostPlatform = "x86_64-linux";
};
nixpkgs = {
config.allowUnfree = true;
hostPlatform = "x86_64-linux";
};
# Set your time zone.
time.timeZone = "America/Chicago";
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
services.displayManager.sddm.settings.AutoLogin = {
User = "nathan";
Session = "plasmawayland.desktop";
Relogin = true;
};
services.displayManager.sddm.settings.AutoLogin = {
User = "nathan";
Session = "plasmawayland.desktop";
Relogin = true;
};
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
firewall.allowedTCPPorts = [ 80 ];
};
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
firewall.allowedTCPPorts = [ 80 ];
};
system.stateVersion = "25.05"; # Did you read the comment?
system.stateVersion = "25.05"; # Did you read the comment?
users.users."nathan" = {
isNormalUser = true;
users.users."nathan" = {
isNormalUser = true;
initialPassword = "7567";
initialPassword = "7567";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
]; # Enable sudo for the user.
extraGroups = [
"wheel"
]; # Enable sudo for the user.
/*openssh.authorizedKeys.keys = [
];*/
/*openssh.authorizedKeys.keys = [
];*/
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
/*sops = {
age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
};
};*/
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs;};
users = {
"nathan" = lib.mkMerge [
inputs.nathan-home-manager
{
config.homeconfig = {
minimal = false;
hyprland.enable = false;
wal.enable = false;
hyprpanel.enable = false;
hyprlock.enable = false;
mpd.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
};
}
];
};
};
sysconfig = {
opts = {
novnc.enable = true;
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
kdePlasma6.enable = true;
git.enable = true;
nh.enable = true;
netbird.enable = true;
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
/*sops = {
age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
};
};*/
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs;};
users = {
"nathan" = lib.mkMerge [
inputs.nathan-home-manager
{
config.homeconfig = {
minimal = false;
hyprland.enable = false;
wal.enable = false;
hyprpanel.enable = false;
hyprlock.enable = false;
mpd.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
};
}
];
};
};
sysconfig = {
opts = {
novnc.enable = true;
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
kdePlasma6.enable = true;
git.enable = true;
nh.enable = true;
netbird.enable = true;
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
}

196
profiles/homebox/default.nix
View File

@@ -1,115 +1,117 @@
{ config, pkgs, lib, disko, sops-nix, home-manager, ... }:
{ inputs, ... }: {
{
imports =
[
disko.nixosModules.default
sops-nix.nixosModules.sops
home-manager.nixosModules.default
];
flake.nixosModules.homebox = { config, pkgs, lib, ... }:
config = {
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
{
imports =
[
inputs.disko.nixosModules.default
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
config = {
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
};
binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
};
systemd.settings.Manager.DefaultLimitNOFILE = 2048;
systemd.settings.Manager.DefaultLimitNOFILE = 2048;
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfree = true;
networking = {
nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ];
networkmanager = {
enable = true;
dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
nftables = {};
nat = {
enable = true;
internalInterfaces = [ "ve-.+" ];
externalInterface = "wlp7s0"; # wifi
#externalInterface = "enp6s0"; # ethernet
};
};
sysconfig = {
remoteBuildHost = true;
graphical = false;
services = {
sddm.enable = false;
openssh.enable = true;
pipewire.enable = true;
netbird.enable = true;
ollama.enable = false;
wyoming = {
networking = {
nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ];
networkmanager = {
enable = true;
piper = true;
openwakeword = true;
faster-whisper = true;
dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
nftables = {};
nat = {
enable = true;
internalInterfaces = [ "ve-.+" ];
externalInterface = "wlp7s0"; # wifi
#externalInterface = "enp6s0"; # ethernet
};
};
programs = {
hyprland.enable = false;
hyprpanel.enable = false;
steam.enable = false;
sysconfig = {
remoteBuildHost = true;
graphical = false;
services = {
sddm.enable = false;
openssh.enable = true;
pipewire.enable = true;
netbird.enable = true;
ollama.enable = false;
avahi.enable = true;
wyoming = {
enable = true;
piper = true;
openwakeword = true;
faster-whisper = true;
};
};
programs = {
hyprland.enable = false;
hyprpanel.enable = false;
steam.enable = false;
};
docker = {
enable = true;
portainer.enable = true;
traefik.enable = true;
pihole.enable = true;
authentik.enable = true;
netbird.enable = true;
openwebui.enable = true;
ollama.enable = true;
searxng.enable = true;
home-assistant.enable = true;
n8n.enable = true;
nextcloud.enable = false;
jellyfin.enable = true;
};
containers = {
"esotericbytes.com".enable = true;
gitea.enable = true;
code-server.enable = true;
sandbox.enable = false;
};
virtual-machines = {
enable = true;
};
};
docker = {
enable = true;
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
portainer.enable = true;
traefik.enable = true;
pihole.enable = true;
authentik.enable = true;
netbird.enable = true;
openwebui.enable = true;
ollama.enable = true;
searxng.enable = true;
home-assistant.enable = true;
n8n.enable = true;
nextcloud.enable = true;
jellyfin.enable = true;
};
containers = {
"esotericbytes.com".enable = true;
gitea.enable = true;
code-server.enable = true;
minecraft.enable = true;
sandbox.enable = false;
};
virtual-machines = {
enable = true;
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
}

173
profiles/iso/default.nix
View File

@@ -1,106 +1,109 @@
{ lib, pkgs, inputs, modulesPath, ... }: {
{ inputs, ... }: {
imports = with inputs; [
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
home-manager.nixosModules.default
flake.nixosModules.iso = { lib, pkgs, modulesPath, ... }: {
];
imports = with inputs; [
config = {
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
fonts.fontconfig.enable = lib.mkForce true;
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ];
system.stateVersion = "25.05";
home-manager.nixosModules.default
nixpkgs.hostPlatform = "x86_64-linux";
];
users.users."nathan" = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
config = {
users.users.nixos.enable = lib.mkForce false;
fonts.fontconfig.enable = lib.mkForce true;
services.getty.autologinUser = lib.mkForce null;
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ];
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
system.stateVersion = "25.05";
programs.zsh.enable = true;
nixpkgs.hostPlatform = "x86_64-linux";
environment.shells = with pkgs; [ zsh bashInteractive ];
users.users."nathan" = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
sysconfig = {
host = "iso";
graphical = true;
users = {
nathan = {
extraGroups = [ "wheel" "networkmanager" ];
shell = pkgs.zsh;
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
rofi.enable = true;
firefox.enable = true;
git.enable = false;
nh.enable = true;
};
}
users.users.nixos.enable = lib.mkForce false;
services.getty.autologinUser = lib.mkForce null;
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
sysconfig = {
host = "iso";
graphical = true;
users = {
nathan = {
extraGroups = [ "wheel" "networkmanager" ];
shell = pkgs.zsh;
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
rofi.enable = true;
firefox.enable = true;
git.enable = false;
nh.enable = true;
};
}
];
};
};
};
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
};
};
};
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
};
};
};
};
}

226
profiles/jesstop/default.nix
View File

@@ -1,142 +1,132 @@
{ config, pkgs, lib, inputs, ... }:
{ inputs, ... }: {
{
flake.nixosModules.jesstop = { config, pkgs, lib, ... }:
imports = [
./hardware-configuration.nix
{
#inputs.home-manager.nixosModules.default
imports = [
#inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
];
config = {
nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
hardware = {
graphics.enable = true;
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
inputs.sops-nix.nixosModules.sops
];
sysconfig.opts = {
sddm.enable = true;
openssh.enable = false;
steam.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
git.enable = false;
nh.enable = true;
config = {
};
nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
hardware = {
graphics.enable = true;
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
];
sysconfig.opts = {
sddm.enable = true;
openssh.enable = false;
steam.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
git.enable = false;
nh.enable = true;
};
# Enable the X11 windowing system.
services.xserver = {
enable = true;
desktopManager.enlightenment.enable = true;
};
services.xserver = {
enable = true;
desktopManager.enlightenment.enable = true;
};
services.acpid.enable = true;
services.acpid.enable = true;
services.displayManager.enable = true;
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
services.displayManager.enable = true;
# Enable CUPS to print documents.
services.printing.enable = true;
services.printing.enable = true;
system.stateVersion = "23.05"; # Did you read the comment?
system.stateVersion = "23.05"; # Did you read the comment?
# Set your time zone.
time.timeZone = "America/Chicago";
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
networking = {
hostName = "jesstop";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
users.users."nickelback" = {
isNormalUser = true;
description = "Thomas Jefferson";
initialPassword = "89453712";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
"networkmanager"
]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [];
packages = with pkgs; [
(writeShellScriptBin "beets" ''
bluetoothctl connect A4:16:C0:74:1F:55
'')
spotify
gnome-network-displays
discord
krita
rpcs3
];
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
networking = {
hostName = "jesstop";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
users.users."nickelback" = {
isNormalUser = true;
description = "Thomas Jefferson";
initialPassword = "89453712";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
"networkmanager"
]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [];
packages = with pkgs; [
(writeShellScriptBin "beets" ''
bluetoothctl connect A4:16:C0:74:1F:55
'')
spotify
gnome-network-displays
discord
krita
rpcs3
];
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
}

68
profiles/jesstop/hardware-configuration.nix
View File

@@ -1,39 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ ... }: {
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
flake.nixosModules.jesstop = { config, lib, pkgs, modulesPath, ... }:
boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d76defe1-149f-4ea2-a5a1-d9cc2804cf72";
fsType = "ext4";
boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d76defe1-149f-4ea2-a5a1-d9cc2804cf72";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D497-6455";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D497-6455";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

187
profiles/laptop/default.nix
View File

@@ -1,125 +1,118 @@
{ config, pkgs, lib, home-manager, sops-nix, ... }:
{ inputs, ... }: {
{
flake.nixosModules.laptop = { config, pkgs, lib, ... }:
imports = [
home-manager.nixosModules.default
{
sops-nix.nixosModules.sops
];
imports = [
inputs.home-manager.nixosModules.default
config = {
nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = null;
};
};
systemd.settings.Manager.DefaultLimitNOFILE = 2048;
hardware = {
graphics.enable = true;
firmware = with pkgs; [
sof-firmware
];
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
inputs.sops-nix.nixosModules.sops
];
sysconfig = with lib; {
remoteBuildClient = mkDefault true;
graphical = mkDefault true;
services = {
sddm.enable = mkDefault true;
openssh.enable = mkDefault false;
pipewire.enable = mkDefault true;
netbird.enable = mkDefault true;
ollama.enable = mkDefault true;
config = {
nixpkgs.config = {
allowUnfree = true;
};
programs = {
steam.enable = mkDefault true;
hyprpanel.enable = mkDefault true;
hyprland.enable = mkDefault true;
};
containers = {
wyoming = {
enable = mkDefault false;
# Bootloader.
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = null;
};
};
virtual-machines = {
enable = true;
systemd.settings.Manager.DefaultLimitNOFILE = 2048;
hardware = {
graphics.enable = true;
firmware = with pkgs; [
sof-firmware
];
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
];
sysconfig = with lib; {
remoteBuildClient = mkDefault true;
graphical = mkDefault true;
services = {
sddm.enable = mkDefault true;
openssh.enable = mkDefault false;
pipewire.enable = mkDefault true;
netbird.enable = mkDefault true;
ollama.enable = mkDefault true;
avahi.enable = mkDefault true;
};
programs = {
steam.enable = mkDefault true;
hyprpanel.enable = mkDefault true;
hyprland.enable = mkDefault true;
};
containers = {
wyoming = {
enable = mkDefault false;
};
};
virtual-machines = {
enable = true;
};
};
};
# Enable the X11 windowing system.
services.xserver = {
enable = true;
};
services.xserver = {
enable = true;
};
services.displayManager.enable = true;
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
services.displayManager.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
environment.shells = with pkgs; [ zsh bashInteractive ];
# Enable CUPS to print documents.
services.printing.enable = true;
services.printing.enable = true;
programs.adb.enable = true;
programs.adb.enable = true;
programs.zsh.enable = true;
programs.zsh.enable = true;
networking = {
nameservers = [
"1.1.1.1"
"1.0.0.1"
];
networkmanager = {
enable = true;
dns = "none";
networking = {
nameservers = [
"1.1.1.1"
"1.0.0.1"
];
networkmanager = {
enable = true;
dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
};
useDHCP = false;
dhcpcd.enable = false;
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
}

199
profiles/live/default.nix
View File

@@ -1,121 +1,124 @@
{ pkgs, inputs, ... }: {
{ inputs, ... }: {
imports = with inputs; [
disko.nixosModules.default
flake.nixosModules.live = { pkgs, ... }: {
(import ./disko.nix { device = "/dev/mmcblk0"; })
imports = with inputs; [
sops-nix.nixosModules.sops
disko.nixosModules.default
home-manager.nixosModules.default
(import ./disko.nix { device = "/dev/mmcblk0"; })
];
sops-nix.nixosModules.sops
config = {
home-manager.nixosModules.default
hardware.enableRedistributableFirmware = true;
hardware.enableAllHardware = true;
programs.zsh.enable = true;
];
environment.shells = with pkgs; [ zsh bashInteractive ];
config = {
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
hardware.enableRedistributableFirmware = true;
hardware.enableAllHardware = true;
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
};
users.users."nathan" = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
nixpkgs.hostPlatform = "x86_64-linux";
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."nathan/pass".neededForUsers = true;
};
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
sysconfig = {
#remoteBuildClient = true;
host = "live";
graphical = true;
users = {
nathan = {
extraGroups = [ "wheel" "networkmanager" ];
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
shell = pkgs.zsh;
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
#git.enable = true;
nh.enable = true;
};
}
users.users."nathan" = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."nathan/pass".neededForUsers = true;
};
sysconfig = {
#remoteBuildClient = true;
host = "live";
graphical = true;
users = {
nathan = {
extraGroups = [ "wheel" "networkmanager" ];
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
shell = pkgs.zsh;
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
#git.enable = true;
nh.enable = true;
};
}
];
};
};
};
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
};
};
};
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
system.stateVersion = "25.05";
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
system.stateVersion = "25.05";
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
}

129
profiles/live/disko.nix
View File

@@ -1,66 +1,69 @@
{
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
{ ... }: {
subvolumes = {
"/root" = {
mountpoint = "/";
};
flake.diskoConfigurations.live = {
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
};
};
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
};
};
};
}

251
profiles/pi4/default.nix
View File

@@ -1,145 +1,138 @@
{ config, pkgs, inputs, ... }: {
{ inputs, ... }: {
imports = [
./hardware-configuration.nix
inputs.disko.nixosModules.default
(import ./disko.nix { device1 = "/dev/mmcblk0"; })
inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
];
flake.nixosModules.pi4 = { config, pkgs, ... }: {
config = {
imports = [
./hardware-configuration.nix
sysconfig = {
remoteBuildClient = true;
inputs.disko.nixosModules.default
users = {
nathan = {
hashedPasswordFile = config.sops.secrets."nathan/pass".path;
shell = pkgs.zsh;
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
];
extraGroups = [
"wheel"
"networkmanager"
"gpio"
"spi"
"audio"
"pulse"
"pulse-access"
];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
scripts.enable = false;
minimal = true;
mpd.enable = true;
git.enable = true;
nh.enable = true;
};
}
(import ./disko.nix { device1 = "/dev/mmcblk0"; })
inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
];
config = {
sysconfig = {
remoteBuildClient = true;
users = {
nathan = {
hashedPasswordFile = config.sops.secrets."nathan/pass".path;
shell = pkgs.zsh;
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
];
extraGroups = [
"wheel"
"networkmanager"
"gpio"
"spi"
"audio"
"pulse"
"pulse-access"
];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
scripts.enable = false;
minimal = true;
mpd.enable = true;
git.enable = true;
nh.enable = true;
};
}
];
};
};
};
services = {
openssh.enable = true;
#pipewire.enable = true;
netbird.enable = true;
};
};
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
hardware = {
bluetooth.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users = {
groups.gpio = {};
};
services = {
openssh.enable = true;
#pipewire.enable = true;
netbird.enable = true;
};
};
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
hardware = {
bluetooth.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users = {
groups.gpio = {};
};
services = {
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
};
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
};
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
sound.enable = true;
security.rtkit.enable = true;
system.stateVersion = "25.05";
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
sound.enable = true;
security.rtkit.enable = true;
system.stateVersion = "25.05";
};
}

129
profiles/pi4/disko.nix
View File

@@ -1,66 +1,69 @@
{
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
{ ... }: {
subvolumes = {
"/root" = {
mountpoint = "/";
};
flake.diskoConfigurations.pi4 = {
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
};
};
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
};
};
};
}

42
profiles/pi4/hardware-configuration.nix
View File

@@ -1,27 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ ... }: {
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
flake.nixosModules.pi4 = { config, lib, pkgs, modulesPath, ... }:
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
swapDevices = [ ];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
};
}

179
system/default.nix
View File

@@ -1,115 +1,112 @@
{ config, lib, pkgs, nixpkgs, ... }: {
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
flake.nixosModules.default = { config, lib, pkgs, nixpkgs, ... }: {
options.sysconfig = with lib; {
host = mkOption {
type = with types; nullOr str;
default = null;
};
graphical = mkOption {
type = with types; bool;
default = config.hardware.graphics.enable;
};
remoteBuildHost = mkOption {
type = with types; bool;
default = false;
};
remoteBuildClient = mkOption {
type = with types; bool;
default = false;
};
};
config = {
networking.hostName = lib.mkDefault config.sysconfig.host;
nix = {
nixPath = [ "nixpkgs=${nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
options.sysconfig = with lib; {
host = mkOption {
type = with types; nullOr str;
default = null;
};
graphical = mkOption {
type = with types; bool;
default = config.hardware.graphics.enable;
};
remoteBuildHost = mkOption {
type = with types; bool;
default = false;
};
remoteBuildClient = mkOption {
type = with types; bool;
default = false;
};
};
distributedBuilds = config.sysconfig.remoteBuildClient;
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
config = {
networking.hostName = lib.mkDefault config.sysconfig.host;
nix = {
nixPath = [ "nixpkgs=${nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
distributedBuilds = config.sysconfig.remoteBuildClient;
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
{
hostName = "esotericbytes.com";
sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildKey".path;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"benchmark"
"big-parallel"
"kvm"
];
systems = [ "x86_64-linux" "aarch64-linux" ];
}
];
};
];
};
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
isNormalUser = true;
createHome = false;
};
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
isNormalUser = true;
createHome = false;
};
sops.secrets = let
dir = builtins.readDir ../machines;
in lib.mkIf config.sysconfig.remoteBuildHost (builtins.listToAttrs
(builtins.map
(y: { name = "remoteBuildClientKeys/${y}"; value = { sopsFile = ./secrets.yaml; }; })
(builtins.filter
(x: dir.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient)
(builtins.attrNames dir)
)
)
);
sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.filter
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
sops.secrets = let
dir = builtins.readDir ../machines;
in lib.mkIf config.sysconfig.remoteBuildHost (builtins.listToAttrs
(builtins.map
(y: { name = "remoteBuildClientKeys/${y}"; value = { sopsFile = ./secrets.yaml; }; })
(builtins.filter
(x: dir.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient)
(builtins.attrNames dir)
)
)
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFormat = "yaml";
};
time.timeZone = lib.mkDefault "America/Chicago";
sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.filter
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
)
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
i18n = lib.mkDefault {
defaultLocale = "en_US.UTF-8";
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFormat = "yaml";
};
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
};
};
}

6
system/etc/default.nix
View File

@@ -1,6 +1,10 @@
{ ... }: {
config = {
flake.nixosModules.default = { ... }: {
config = {
};
};
}

14
system/packages/default.nix
View File

@@ -1,7 +1,11 @@
{ pkgs, disko, ... }: {
{ inputs, ... }: {
environment.systemPackages = with pkgs; [
sops
disko.packages.${pkgs.stdenv.hostPlatform.system}.disko-install
];
flake.nixosModules.default = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
sops
inputs.disko.packages.${pkgs.stdenv.hostPlatform.system}.disko-install
];
};
}

9
system/programs/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = [
./hyprland
./hyprpanel
./steam
];
}

34
system/programs/hyprland/default.nix
View File

@@ -1,28 +1,32 @@
{ config, lib, pkgs, hyprland, ... }: {
{ ... }: {
options.sysconfig.programs.hyprland.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.nixosModules.default = { config, lib, pkgs, hyprland, ... }: {
config = lib.mkIf config.sysconfig.programs.hyprland.enable {
options.sysconfig.programs.hyprland.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
sysconfig.services.sddm.enable = lib.mkDefault true;
config = lib.mkIf config.sysconfig.programs.hyprland.enable {
environment.sessionVariables.NIXOS_OZONE_WL = "1";
sysconfig.services.sddm.enable = lib.mkDefault true;
programs.hyprland = {
enable = true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
withUWSM = true;
programs.hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
systemd.setPath.enable = true;
xwayland.enable = true;
package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
systemd.setPath.enable = true;
portalPackage = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
};
};
};
}

52
system/programs/hyprpanel/default.nix
View File

@@ -1,30 +1,34 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
options.sysconfig.programs.hyprpanel.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.nixosModules.default = { config, lib, pkgs, ... }: {
config = lib.mkIf config.sysconfig.programs.hyprpanel.enable {
services = {
upower.enable = true;
gvfs.enable = true;
power-profiles-daemon.enable = true;
options.sysconfig.programs.hyprpanel.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
environment.systemPackages = with pkgs; [
bluez
bluez-tools
libgtop
dart-sass
wl-clipboard
gtksourceview
libsoup_3
brightnessctl
swww
hyprpicker
hyprsunset
wf-recorder
];
config = lib.mkIf config.sysconfig.programs.hyprpanel.enable {
services = {
upower.enable = true;
gvfs.enable = true;
power-profiles-daemon.enable = true;
};
environment.systemPackages = with pkgs; [
bluez
bluez-tools
libgtop
dart-sass
wl-clipboard
gtksourceview
libsoup_3
brightnessctl
swww
hyprpicker
hyprsunset
wf-recorder
];
};
};
}

22
system/programs/steam/default.nix
View File

@@ -1,14 +1,18 @@
{ config, lib, ... }: {
{ ... }: {
options.sysconfig.programs.steam.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.nixosModules.default = { config, lib, ... }: {
config = lib.mkIf config.sysconfig.programs.steam.enable {
programs.steam = {
enable = true;
options.sysconfig.programs.steam.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.programs.steam.enable {
programs.steam = {
enable = true;
};
};
};
}

27
system/services/avahi/default.nix Normal file
View File

@@ -0,0 +1,27 @@
{ ... }: {
flake.nixosModules.default = { config, lib, ... }: {
options = {
sysconfig.services.avahi.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.avahi.enable {
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
};
};
}

9
system/services/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
}

54
system/services/dynamicDNS/default.nix
View File

@@ -1,40 +1,44 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
options.sysconfig.services.dynamicDNS.enable = with lib; mkOption {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = with types; bool;
default = false;
};
options.sysconfig.services.dynamicDNS.enable = with lib; mkOption {
config = lib.mkIf config.sysconfig.services.dynamicDNS.enable {
systemd.timers.dynamicDNS = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "1h";
Unit = "dynamicDNS.service";
};
type = with types; bool;
default = false;
};
systemd.services.dynamicDNS = {
config = lib.mkIf config.sysconfig.services.dynamicDNS.enable {
name = "dynamicDNS.service";
systemd.timers.dynamicDNS = {
serviceConfig = {
wantedBy = [ "timers.target" ];
Type = "oneshot";
timerConfig = {
LoadCredential = [ "cloudflare-api-key" ];
OnBootSec = "5m";
OnUnitActiveSec = "1h";
Unit = "dynamicDNS.service";
};
};
script = '''';
systemd.services.dynamicDNS = {
name = "dynamicDNS.service";
serviceConfig = {
Type = "oneshot";
LoadCredential = [ "cloudflare-api-key" ];
};
script = '''';
};
};
};
}

54
system/services/kdePlasma6/default.nix
View File

@@ -1,31 +1,35 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
options.sysconfig.services.kdePlasma6.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.nixosModules.default = { config, lib, pkgs, ... }: {
config = lib.mkIf config.sysconfig.services.kdePlasma6.enable {
services.desktopManager.plasma6.enable = true;
options.sysconfig.services.kdePlasma6.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
sysconfig.services.sddm.enable = lib.mkDefault true;
config = lib.mkIf config.sysconfig.services.kdePlasma6.enable {
environment.systemPackages = with pkgs; [
kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice
kdePackages.kcalc # Calculator
kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts
kdePackages.kcolorchooser # A small utility to select a color
kdePackages.kolourpaint # Easy-to-use paint program
kdePackages.ksystemlog # KDE SystemLog Application
kdePackages.sddm-kcm # Configuration module for SDDM
kdiff3 # Compares and merges 2 or 3 files or directories
kdePackages.isoimagewriter # Optional: Program to write hybrid ISO files onto USB disks
kdePackages.partitionmanager # Optional Manage the disk devices, partitions and file systems on your computer
hardinfo2 # System information and benchmarks for Linux systems
haruna # Open source video player built with Qt/QML and libmpv
wayland-utils # Wayland utilities
wl-clipboard # Command-line copy/paste utilities for Wayland
];
services.desktopManager.plasma6.enable = true;
sysconfig.services.sddm.enable = lib.mkDefault true;
environment.systemPackages = with pkgs; [
kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice
kdePackages.kcalc # Calculator
kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts
kdePackages.kcolorchooser # A small utility to select a color
kdePackages.kolourpaint # Easy-to-use paint program
kdePackages.ksystemlog # KDE SystemLog Application
kdePackages.sddm-kcm # Configuration module for SDDM
kdiff3 # Compares and merges 2 or 3 files or directories
kdePackages.isoimagewriter # Optional: Program to write hybrid ISO files onto USB disks
kdePackages.partitionmanager # Optional Manage the disk devices, partitions and file systems on your computer
hardinfo2 # System information and benchmarks for Linux systems
haruna # Open source video player built with Qt/QML and libmpv
wayland-utils # Wayland utilities
wl-clipboard # Command-line copy/paste utilities for Wayland
];
};
};
}

42
system/services/netbird/default.nix
View File

@@ -1,26 +1,30 @@
{ config, lib, nixpkgs-us, ... }: {
{ ... }: {
options.sysconfig = {
services.netbird.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
flake.nixosModules.default = { config, lib, nixpkgs-us, ... }: {
config = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
};
in lib.mkIf config.sysconfig.services.netbird.enable {
options.sysconfig = {
services.netbird = {
enable = config.sysconfig.services.netbird.enable;
ui = {
enable = true;
package = pkgs-us.netbird-ui;
services.netbird.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
};
in lib.mkIf config.sysconfig.services.netbird.enable {
services.netbird = {
enable = config.sysconfig.services.netbird.enable;
ui = {
enable = true;
package = pkgs-us.netbird-ui;
};
package = pkgs-us.netbird;
};
package = pkgs-us.netbird;
};
};
}

52
system/services/novnc/default.nix
View File

@@ -1,30 +1,34 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.services.novnc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
{ ... }: {
config = lib.mkIf config.sysconfig.services.novnc.enable {
systemd.services.novnc = {
enable = true;
flake.nixosModules.default = { config, lib, pkgs, ... }: {
path = with pkgs; [
novnc
ps
];
script = ''
novnc --listen 80 --vnc 127.0.0.1:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
options.sysconfig.services.novnc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
networking.firewall.allowedTCPPorts = [ 80 ];
config = lib.mkIf config.sysconfig.services.novnc.enable {
systemd.services.novnc = {
enable = true;
path = with pkgs; [
novnc
ps
];
script = ''
novnc --listen 80 --vnc 127.0.0.1:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
};
}

42
system/services/ollama/default.nix
View File

@@ -1,25 +1,29 @@
{ config, lib, nixpkgs-us, ... }: {
{ ... }: {
options = {
sysconfig.services.ollama.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
flake.nixosModules.default = { config, lib, nixpkgs-us, ... }: {
config = lib.mkIf config.sysconfig.services.ollama.enable {
services.ollama = {
enable = true;
acceleration = "cuda";
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000";
options = {
sysconfig.services.ollama.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.ollama.enable {
services.ollama = {
enable = true;
acceleration = "cuda";
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000";
};
package = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.ollama-cuda;
};
package = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.ollama-cuda;
};
};
}

32
system/services/openssh/default.nix
View File

@@ -1,22 +1,26 @@
{ config, lib, ... }: {
{ ... }: {
options = {
sysconfig.services.openssh.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
flake.nixosModules.default = { config, lib, ... }: {
options = {
sysconfig.services.openssh.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
};
config = lib.mkIf (config.sysconfig.services.openssh.enable || config.sysconfig.remoteBuildHost) {
config = lib.mkIf (config.sysconfig.services.openssh.enable || config.sysconfig.remoteBuildHost) {
services.openssh = {
enable = true;
openFirewall = lib.mkDefault true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
services.openssh = {
enable = true;
openFirewall = lib.mkDefault true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
};
};
}

75
system/services/pipewire/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: {
options = {
sysconfig.services.pipewire.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
{ ... }: {
config = lib.mkIf config.sysconfig.services.pipewire.enable {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
options = {
sysconfig.services.pipewire.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.pipewire.enable {
# Enable sound with pipewire.
#sound.enable = true;
#sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
package = pkgs.pipewire;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
extraConfig.pipewire-pulse."92-low-latency" = {
context.modules = [
{
name = "libpipewire-module-protocol-pulse";
args = {
pulse.min.req = "32/48000";
pulse.default.req = "32/48000";
pulse.max.req = "32/48000";
pulse.min.quantum = "32/48000";
pulse.max.quantum = "32/48000";
security.rtkit.enable = true;
services.pipewire = {
enable = true;
package = pkgs.pipewire;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
extraConfig.pipewire-pulse."92-low-latency" = {
context.modules = [
{
name = "libpipewire-module-protocol-pulse";
args = {
pulse.min.req = "32/48000";
pulse.default.req = "32/48000";
pulse.max.req = "32/48000";
pulse.min.quantum = "32/48000";
pulse.max.quantum = "32/48000";
};
}
];
stream.properties = {
node.latency = "32/48000";
resample.quality = 1;
};
}
];
stream.properties = {
node.latency = "32/48000";
resample.quality = 1;
};
};
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
wireplumber.enable = true;
wireplumber.enable = true;
};
};
};
}

53
system/services/sddm/default.nix
View File

@@ -1,34 +1,37 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
options.sysconfig.services.sddm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
flake.nixosModules.default = { config, lib, pkgs, ... }: {
config = lib.mkIf config.sysconfig.services.sddm.enable {
options.sysconfig.services.sddm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
qt.enable = true;
config = lib.mkIf config.sysconfig.services.sddm.enable {
environment.systemPackages = with pkgs; [ (sddm-astronaut.override { embeddedTheme = "pixel_sakura"; }) ];
qt.enable = true;
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
autoNumlock = true;
theme = "sddm-astronaut-theme"; #"${inputs.tokyo-night-sddm-theme { inherit pkgs; }}";
enableHidpi = true;
/*extraPackages = with pkgs; [
libsForQt5.qtsvg
libsForQt5.qtquickcontrols2
libsForQt5.qtgraphicaleffects
];*/
environment.systemPackages = with pkgs; [ (sddm-astronaut.override { embeddedTheme = "pixel_sakura"; }) ];
package = lib.mkDefault pkgs.kdePackages.sddm;
extraPackages = with pkgs; [
kdePackages.qtsvg
kdePackages.qtvirtualkeyboard
kdePackages.qtmultimedia
];
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
autoNumlock = true;
theme = "sddm-astronaut-theme"; #"${inputs.tokyo-night-sddm-theme { inherit pkgs; }}";
enableHidpi = true;
/*extraPackages = with pkgs; [
libsForQt5.qtsvg
libsForQt5.qtquickcontrols2
libsForQt5.qtgraphicaleffects
];*/
package = lib.mkDefault pkgs.kdePackages.sddm;
extraPackages = with pkgs; [
kdePackages.qtsvg
kdePackages.qtvirtualkeyboard
kdePackages.qtmultimedia
];
};
};
};
}

107
system/services/wyoming/default.nix
View File

@@ -1,66 +1,69 @@
{ config, lib, ... }: {
{ ... }: {
options.sysconfig.services.wyoming = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
flake.nixosModules.default = { config, lib, ... }: {
config = lib.mkIf config.sysconfig.services.wyoming.enable {
services.wyoming = {
piper = lib.mkIf config.sysconfig.services.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
options.sysconfig.services.wyoming = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
openwakeword = lib.mkIf config.sysconfig.services.wyoming.openwakeword {
enable = true;
uri = "tcp://0.0.0.0:11432";
config = lib.mkIf config.sysconfig.services.wyoming.enable {
threshold = 0.5;
customModelsDirectories = [
services.wyoming = {
piper = lib.mkIf config.sysconfig.services.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
};
openwakeword = lib.mkIf config.sysconfig.services.wyoming.openwakeword {
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
];
};
faster-whisper = lib.mkIf config.sysconfig.services.wyoming.faster-whisper {
servers.whisper = {
faster-whisper = lib.mkIf config.sysconfig.services.wyoming.faster-whisper {
servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.services.wyoming.satellite {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
uri = "tcp://0.0.0.0:11431";
};
};
satellite = lib.mkIf config.sysconfig.services.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
};
};
};
}

225
system/users/default.nix
View File

@@ -1,144 +1,133 @@
{ config, lib, pkgs, ... } @ inputs: {
{ self, ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
options.sysconfig = with lib; {
sshHostKeys = lib.mkOption {
type = with lib.types; attrsOf str;
default = {};
};
flake.nixosModules.default = { config, lib, pkgs, ... }: {
users = let
options.sysconfig = with lib; {
userType = types.submodule ({ name, ... }: {
options = with lib; {
name = mkOption {
sshHostKeys = lib.mkOption {
type = with lib.types; attrsOf str;
default = {};
};
users = let
userType = types.submodule ({ name, ... }: {
options = with lib; {
name = mkOption {
type = with types; passwdEntry str;
default = name;
};
};
home-manager = {
home-manager = {
enable = mkOption {
type = with types; bool;
default = false;
type = with types; bool;
default = false;
};
standalone = mkOption {
type = with types; bool;
default = true;
description = "is this home-manager standalone?";
type = with types; bool;
default = true;
description = "is this home-manager standalone?";
};
extraModules = mkOption {
type = with types; listOf raw;
default = [];
};
};
isSuperuser = mkOption {
type = with types; bool;
default = false;
description = "sudo?";
};
usePresets = mkOption {
type = with types; bool;
default = true;
description = "search for predefined settings?";
};
ssh = {
keys = mkOption {
type = with types; listOf str;
default = [];
description = "public keys used to login as this user";
};
hosts = mkOption {
type = with types; listOf str;
default = [];
description = "user@host's used to login as this user";
};
};
uid = mkOption {
type = with types; nullOr int;
default = null;
};
hashedPasswordFile = mkOption {
type = with types; nullOr str;
default = null;
};
extraGroups = mkOption {
type = with types; listOf str;
type = with types; listOf raw;
default = [];
};
};
};
shell = mkOption {
type = with types; package;
default = pkgs.shadow;
};
};
});
isSuperuser = mkOption {
type = with types; bool;
default = false;
description = "sudo?";
};
in lib.mkOption {
type = with lib.types; attrsOf userType;
default = {};
usePresets = mkOption {
type = with types; bool;
default = true;
description = "search for predefined settings?";
};
ssh = {
keys = mkOption {
type = with types; listOf str;
default = [];
description = "public keys used to login as this user";
};
hosts = mkOption {
type = with types; listOf str;
default = [];
description = "user@host's used to login as this user";
};
};
uid = mkOption {
type = with types; nullOr int;
default = null;
};
hashedPasswordFile = mkOption {
type = with types; nullOr str;
default = null;
};
extraGroups = mkOption {
type = with types; listOf str;
default = [];
};
shell = mkOption {
type = with types; package;
default = pkgs.shadow;
};
};
});
in lib.mkOption {
type = with lib.types; attrsOf userType;
default = {};
};
};
};
config = lib.mkIf (config.sysconfig.host != "android") {
users.users = builtins.mapAttrs (x: y: let
cfg = config.sysconfig.users.${x};
in {
name = cfg.name;
isNormalUser = true;
uid = cfg.uid;
hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
shell = cfg.shell;
extraGroups = cfg.extraGroups ++ (if cfg.isSuperuser then [ "wheel" ] else []);
openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable (cfg.ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) cfg.ssh.hosts));
packages = with pkgs; lib.mkIf (cfg.home-manager.enable && cfg.home-manager.standalone) [ home-manager ];
}) config.sysconfig.users;
programs.fuse.userAllowOther = true;
config = {
users.users = builtins.mapAttrs (x: y: let
cfg = config.sysconfig.users.${x};
in {
name = cfg.name;
isNormalUser = true;
uid = cfg.uid;
hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
shell = cfg.shell;
extraGroups = cfg.extraGroups ++ (if cfg.isSuperuser then [ "wheel" ] else []);
openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable (cfg.ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) cfg.ssh.hosts));
packages = with pkgs; lib.mkIf (cfg.home-manager.enable && cfg.home-manager.standalone) [ home-manager ];
}) config.sysconfig.users;
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = { inherit inputs; };
useUserPackages = true;
sharedModules = [];
users = builtins.listToAttrs (builtins.map
(x: {
name = x;
value = (lib.mkMerge ([
programs.fuse.userAllowOther = true;
(if let
dir = builtins.readDir ./.;
in dir ? ${x} && dir.${x} == "directory" then
import ../../homes/${x}/home-manager
else {})
home-manager = {
backupFileExtension = "backup";
useUserPackages = true;
sharedModules = [];
users = builtins.listToAttrs (builtins.map
(x: {
name = x;
value = (lib.mkMerge ([
(if inputs ? ${x} then inputs.${x} else {})
(lib.mkIf (self.homeModules ? ${x}) self.homeModules.${x})
] ++ config.sysconfig.users.${x}.home-manager.extraModules));
})
(builtins.filter
(y: (config.sysconfig.users.${y}.home-manager.enable && !config.sysconfig.users.${y}.home-manager.standalone))
(builtins.attrNames config.sysconfig.users)
)
);
] ++ config.sysconfig.users.${x}.home-manager.extraModules));
})
(builtins.filter
(y: (config.sysconfig.users.${y}.home-manager.enable && !config.sysconfig.users.${y}.home-manager.standalone))
(builtins.attrNames config.sysconfig.users)
)
);
};
};
};
}

39
system/users/nathan/default.nix
View File

@@ -1,24 +1,27 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
config = lib.mkIf (
config.sysconfig.users ? nathan && config.sysconfig.users.nathan.usePresets
) {
sops.secrets."nathan/pass".neededForUsers = true;
flake.nixosModules.default = { config, lib, pkgs, ... }: {
users.users.nathan = {
shell = lib.mkDefault pkgs.zsh;
name = lib.mkDefault "nathan";
isNormalUser = lib.mkDefault true;
#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
extraGroups = [ "networkmanager" "docker" "libvirtd" ];
openssh.authorizedKeys.keys = with config.sysconfig.users.nathan; lib.mkIf config.sysconfig.services.openssh.enable (
ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) ssh.hosts)
);
packages = lib.mkIf (
config.sysconfig.users.nathan.home-manager.enable && config.sysconfig.users.nathan.home-manager.standalone
) [ pkgs.home-manager ];
config = lib.mkIf (
config.sysconfig.users ? nathan && config.sysconfig.users.nathan.usePresets
) {
sops.secrets."nathan/pass".neededForUsers = true;
users.users.nathan = {
shell = lib.mkDefault pkgs.zsh;
name = lib.mkDefault "nathan";
isNormalUser = lib.mkDefault true;
#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
extraGroups = [ "networkmanager" "docker" "libvirtd" ];
openssh.authorizedKeys.keys = with config.sysconfig.users.nathan; lib.mkIf config.sysconfig.services.openssh.enable (
ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) ssh.hosts)
);
packages = lib.mkIf (
config.sysconfig.users.nathan.home-manager.enable && config.sysconfig.users.nathan.home-manager.standalone
) [ pkgs.home-manager ];
};
};
};
}

71
system/virtualization/containers/authentik/default.nix
View File

@@ -1,71 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.authentik.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.authentik.enable {
sops.secrets."authentik/dbpass" = {};
networking = {
nat.internalInterfaces = [ "ve-authentik" ];
};
containers.authentik = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.35";
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."authentik/dbpass".path}"
];
bindMounts = {
"/etc/authentik" = {
hostPath = "/ssd1/Authentik";
isReadOnly = false;
};
};
config = {
networking.firewall.allowedTCPPorts = [ 9001 ];
systemd.services.secrets_setup = {
wantedBy = [ "authentik.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/authentik/dbpass
chown postgres:postgres /etc/authentik/dbpass
'';
};
services.authentik = {
enable = true;
environmentFile = "/etc/authentik/authentik.env";
settings = {
disable_startup_analytics = true;
avatars = "initials";
};
worker.listenHTTP = "0.0.0.0:9001";
};
system.stateVersion = "25.05";
};
};
};
}

53
system/virtualization/containers/code-server/default.nix
View File

@@ -1,40 +1,43 @@
{ config, lib, ... }: {
{ ... }: {
options.sysconfig.containers.code-server.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.nixosModules.default = { config, lib, ... }: {
config = lib.mkIf config.sysconfig.containers.code-server.enable {
options.sysconfig.containers.code-server.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
containers.code-server = {
config = lib.mkIf config.sysconfig.containers.code-server.enable {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.31";
containers.code-server = {
config = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.31";
services.code-server = {
enable = true;
hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI";
config = {
disableUpdateCheck = true;
services.code-server = {
enable = true;
disableTelemetry = true;
hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI";
disableGettingStartedOverride = true;
disableUpdateCheck = true;
auth = "none";
disableTelemetry = true;
host = "0.0.0.0";
disableGettingStartedOverride = true;
auth = "none";
host = "0.0.0.0";
};
networking.firewall.allowedTCPPorts = [ 4444 ];
system.stateVersion = "25.05";
};
networking.firewall.allowedTCPPorts = [ 4444 ];
system.stateVersion = "25.05";
};
};
};

32
system/virtualization/containers/default.nix
View File

@@ -1,32 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
/*imports = [
./gitlab
./gitea
./traefik
./nginx
./jellyfin
./pihole
./nextcloud
./ntfy
./homeassistant
./rustdesk
./netbird
./keycloak
./ollama
./openwebui
./n8n
./wyoming
./code-server
./novnc
./minecraft
#./sandbox
];*/
}

171
system/virtualization/containers/gitea/default.nix
View File

@@ -1,105 +1,114 @@
{ config, lib, ... }: {
{ ... }: {
options.sysconfig.containers.gitea.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.nixosModules.default = { config, lib, ... }: {
config = lib.mkIf config.sysconfig.containers.gitea.enable {
networking = {
nat.internalInterfaces = [ "ve-gitea" ];
};
sops.secrets = {
"gitea/dbpass" = {};
options.sysconfig.containers.gitea.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
containers.gitea = {
config = lib.mkIf config.sysconfig.containers.gitea.enable {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.20";
bindMounts = {
"/etc/gitea/data" = {
hostPath = "/ssd1/Gitea/data";
isReadOnly = false;
};
networking = {
nat.internalInterfaces = [ "ve-gitea" ];
};
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}"
];
config = {
sops.secrets = {
"gitea/dbpass" = {};
};
systemd.services.secrets_setup = {
wantedBy = [ "gitea.service" ];
containers.gitea = {
serviceConfig = {
LoadCredential = [
"dbpass"
];
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.20";
bindMounts = {
"/etc/gitea/data" = {
hostPath = "/ssd1/Gitea/data";
isReadOnly = false;
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass
chown gitea:gitea /etc/gitea/*
'';
};
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}"
];
services.gitea = {
enable = true;
config = {
stateDir = "/etc/gitea/data";
systemd.services.secrets_setup = {
wantedBy = [ "gitea.service" ];
dump.enable = false;
appName = "Gitea";
settings = {
server = {
DOMAIN = "gitea.esotericbytes.com";
HTTP_PORT = 3000;
ROOT_URL = "https://gitea.esotericbytes.com/";
serviceConfig = {
LoadCredential = [
"dbpass"
];
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
session.COOKIE_SECURE = true;
cron = {
ENABLED = true;
RUN_AT_START = true;
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass
chown gitea:gitea /etc/gitea/*
'';
};
database = {
passwordFile = "/etc/gitea/dbpass";
type = "postgres";
services.gitea = {
enable = true;
stateDir = "/etc/gitea/data";
dump.enable = false;
appName = "Gitea";
settings = {
server = {
DOMAIN = "gitea.esotericbytes.com";
HTTP_PORT = 3000;
ROOT_URL = "https://gitea.esotericbytes.com/";
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
session.COOKIE_SECURE = true;
cron = {
ENABLED = true;
RUN_AT_START = true;
};
repository = {
DEFAULT_BRANCH = "master";
};
};
database = {
passwordFile = "/etc/gitea/dbpass";
type = "postgres";
};
};
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
ports = [ 2222 ];
};
networking.firewall.allowedTCPPorts = [ 3000 ];
system.stateVersion = "24.11";
};
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
ports = [ 2222 ];
};
networking.firewall.allowedTCPPorts = [ 3000 ];
system.stateVersion = "24.11";
};
};
};

172
system/virtualization/containers/gitlab/default.nix
View File

@@ -1,172 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.gitlab.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.gitlab.enable {
sops.secrets = {
"gitlab/db_pass" = {};
"gitlab/root_pass" = {};
"gitlab/secrets/secret" = {};
"gitlab/secrets/otp" = {};
"gitlab/secrets/db" = {};
"gitlab/secrets/jws" = {};
"gitlab/oidc/id" = {};
"gitlab/oidc/secret" = {};
};
services.openssh.ports = [
2222
];
networking.firewall.allowedTCPPorts = [
22
2222
];
containers.gitlab = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.16";
forwardPorts = [
{
containerPort = 22;
hostPort = 22;
}
];
bindMounts = {
"/etc/gitlab/data" = {
hostPath = "/ssd1/Gitlab/data";
isReadOnly = false;
};
};
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."gitlab/db_pass".path}"
"--load-credential=rootpass:${config.sops.secrets."gitlab/root_pass".path}"
"--load-credential=secret:${config.sops.secrets."gitlab/secrets/secret".path}"
"--load-credential=otp:${config.sops.secrets."gitlab/secrets/otp".path}"
"--load-credential=db:${config.sops.secrets."gitlab/secrets/db".path}"
"--load-credential=jws:${config.sops.secrets."gitlab/secrets/jws".path}"
"--load-credential=oidc_id:${config.sops.secrets."gitlab/oidc/id".path}"
"--load-credential=oidc_secret:${config.sops.secrets."gitlab/oidc/secret".path}"
];
config = {
systemd.services.secrets_setup = {
wantedBy = [ "gitlab.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
"rootpass"
"secret"
"db"
"otp"
"jws"
"oidc_id"
"oidc_secret"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitlab/dbpass
cat ''${CREDENTIALS_DIRECTORY}/rootpass > /etc/gitlab/rootpass
cat ''${CREDENTIALS_DIRECTORY}/secret > /etc/gitlab/secret
cat ''${CREDENTIALS_DIRECTORY}/db > /etc/gitlab/db
cat ''${CREDENTIALS_DIRECTORY}/otp > /etc/gitlab/otp
cat ''${CREDENTIALS_DIRECTORY}/jws > /etc/gitlab/jws
cat ''${CREDENTIALS_DIRECTORY}/oidc_id > /etc/gitlab/oidc-id
cat ''${CREDENTIALS_DIRECTORY}/oidc_secret > /etc/gitlab/oidc-secret
chown gitlab:gitlab /etc/gitlab/*
'';
};
services.gitlab = {
enable = true;
#https = true;
#port = 443;
host = "gitlab.blunkall.us";
databasePasswordFile = "/etc/gitlab/dbpass";
initialRootPasswordFile = "/etc/gitlab/rootpass";
statePath = "/etc/gitlab/data";
secrets = {
secretFile = "/etc/gitlab/secret";
otpFile = "/etc/gitlab/otp";
dbFile = "/etc/gitlab/db";
jwsFile = "/etc/gitlab/jws";
};
extraConfig = {
gitlab = {
default_project_features = {
builds = false;
};
};
omniauth = {
enabled = true;
auto_sign_in_with_provider = "openid_connect";
allow_single_sign_on = [ "openid_connect" ];
sync_email_from_provider = "openid_connect";
sync_profile_from_provider = [ "openid_connect" ];
sync_profile_attributes = [ "email" ];
auto_link_saml_user = true;
auto_link_user = [ "openid_connect" ];
block_auto_created_users = false;
providers = [
{
name = "openid_connect";
label = "Authentik SSO";
args = {
name = "openid_connect";
scope = [ "openid" "profile" "email" ];
response_type = "code";
issuer = "https://auth.blunkall.us/application/o/gitlab/";
discovery = true;
client_auth_method = "query";
uid_field = "preferred_username";
send_scope_to_token_endpoint = true;
pkce = true;
client_options = {
identifier = { _secret = "/etc/gitlab/oidc-id"; };
secret = { _secret = "/etc/gitlab/oidc-secret"; };
redirect_uri = "https://gitlab.blunkall.us/users/auth/openid_connect/callback";
};
};
}
];
};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"gitlab.blunkall.us" = {
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
};
services.openssh.enable = true;
systemd.services.gitlab-backup.environment.BACKUP = "dump";
networking.firewall.allowedTCPPorts = [ 22 80 ];
system.stateVersion = "24.05";
};
};
};
}

39
system/virtualization/containers/jellyfin/default.nix
View File

@@ -1,39 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.jellyfin.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.jellyfin.enable {
containers.jellyfin = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.14";
bindMounts = {
"/etc/jellyfin" = {
hostPath = "/ssd1/Jellyfin";
isReadOnly = false;
};
};
config = {
services.jellyfin = {
enable = true;
dataDir = "/etc/jellyfin/data";
configDir = "/etc/jellyfin/config";
logDir = "/etc/jellyfin/log";
openFirewall = true;
};
system.stateVersion = "24.05";
};
};
};
}

108
system/virtualization/containers/minecraft/default.nix
View File

@@ -1,108 +0,0 @@
{ config, lib, pkgs, nix-minecraft, ... }: {
options.sysconfig = {
containers.minecraft.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.containers.minecraft.enable {
networking = {
firewall = {
allowedTCPPorts = [ 25565 ];
allowedUDPPorts = [ 25565 ];
};
};
nixpkgs.overlays = [ nix-minecraft.overlay ];
containers.minecraft = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.29";
forwardPorts = [
{
containerPort = 25565;
hostPort = 25565;
protocol = "tcp";
}
{
containerPort = 25565;
hostPort = 25565;
protocol = "udp";
}
];
config = {
imports = [
nix-minecraft.nixosModules.minecraft-servers
];
environment.systemPackages = with pkgs; [ tmux ];
services.minecraft-servers = {
enable = true;
eula = true;
openFirewall = true;
dataDir = "/var/lib/mcservers";
managementSystem.systemd-socket.enable = true; #temp
servers = {
vanilla = {
enable = true;
package = pkgs.fabricServers.fabric-1_21_8;
serverProperties = {
server-port = 25565;
gamemode = "survival";
difficulty = 2;
white-list = true;
motd = "Didn't see that coming huh?";
};
whitelist = {
"MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb";
"651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc";
"Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3";
};
autoStart = true;
};
modded = {
enable = false;
#package = pkgs.fabricServers.fabric-1_21_1.override { loaderVersion = "0.16.14"; };
package = pkgs.fabricServers.fabric-1_21_1;
jvmOpts = [ "-Xms8000M" "-Xmx12000M" ];
serverProperties = {
server-port = 25566;
gamemode = "survival";
white-list = true;
allow-flight = true;
motd = "Ex-plo-sion!!!";
};
whitelist = {
"MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb";
"651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc";
"Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3";
};
autoStart = true;
symlinks = {
"mods" = ./mods;
};
};
};
};
system.stateVersion = "25.05";
};
};
};
}

81
system/virtualization/containers/nextcloud/default.nix
View File

@@ -1,81 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.nextcloud.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.nextcloud.enable {
sops.secrets."nextcloud/pass" = {};
containers.nextcloud = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.15";
bindMounts = {
"/var/lib/nextcloud" = {
hostPath = "/ssd1/Nextcloud/data";
isReadOnly = false;
};
};
extraFlags = [
"--load-credential=nextcloud-admin-pass:${config.sops.secrets."nextcloud/pass".path}"
];
config = { config, lib, pkgs, ... }: {
systemd.services.secrets_setup = {
wantedBy = [ "nextcloud-setup.service" ];
serviceConfig = {
LoadCredential = [
"nextcloud-admin-pass"
];
};
script = ''
cat $CREDENTIALS_DIRECTORY/nextcloud-admin-pass > /etc/nextcloud-admin-pass
chown nextcloud:nextcloud /etc/nextcloud-admin-pass
'';
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.virtualHosts."192.168.100.15".listen = [ { addr = "0.0.0.0"; port = 80; } ];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud32;
hostName = "192.168.100.15";
config = {
adminpassFile = "/etc/nextcloud-admin-pass";
adminuser = "root";
dbtype = "mysql";
};
https = true;
home = "/var/lib/nextcloud";
appstoreEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit mail contacts calendar tasks user_oidc;
inherit impersonate end_to_end_encryption notes spreed music memories phonetrack;
};
extraAppsEnable = true;
settings = {
overwriteprotocol = "https";
trusted_domains = [ "nextcloud.esotericbytes.com" ];
trusted_proxies = [ "192.168.100.11" ];
default_phone_region = "US";
};
database.createLocally = true;
};
system.stateVersion = "24.05";
};
};
};
}

61
system/virtualization/containers/nginx/default.nix
View File

@@ -1,42 +1,45 @@
{ config, lib, ... }: {
options.sysconfig.containers."esotericbytes.com".enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
{ ... }: {
config = lib.mkIf config.sysconfig.containers."esotericbytes.com".enable {
flake.nixosModules.default = { config, lib, ... }: {
containers.esotericbytes-com = {
options.sysconfig.containers."esotericbytes.com".enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.13";
config = lib.mkIf config.sysconfig.containers."esotericbytes.com".enable {
bindMounts = {
"/var/www/data" = {
hostPath = "/ssd1/esotericbytes-com/data";
isReadOnly = false;
};
};
containers.esotericbytes-com = {
config = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.13";
services.nginx = {
enable = true;
virtualHosts = {
"esotericbytes.com" = {
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
bindMounts = {
"/var/www/data" = {
hostPath = "/ssd1/esotericbytes-com/data";
isReadOnly = false;
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
config = {
system.stateVersion = "24.05";
services.nginx = {
enable = true;
virtualHosts = {
"esotericbytes.com" = {
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
};
};
};
};

73
system/virtualization/containers/novnc/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.containers.novnc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
{ ... }: {
config = lib.mkIf config.sysconfig.containers.novnc.enable {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
networking = {
firewall.interfaces."ve-novnc" = {
allowedTCPPorts = [ 5900 ];
allowedUDPPorts = [ 5900 ];
};
options.sysconfig.containers.novnc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
containers.novnc = {
config = lib.mkIf config.sysconfig.containers.novnc.enable {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.30";
networking = {
firewall.interfaces."ve-novnc" = {
allowedTCPPorts = [ 5900 ];
allowedUDPPorts = [ 5900 ];
};
};
config = {
containers.novnc = {
systemd.services.novnc = {
enable = true;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.30";
path = with pkgs; [
novnc
ps
];
config = {
script = ''
novnc --listen 80 --vnc 192.168.100.10:5900
'';
systemd.services.novnc = {
enable = true;
serviceConfig = {
Type = "exec";
path = with pkgs; [
novnc
ps
];
script = ''
novnc --listen 80 --vnc 192.168.100.10:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
};
wantedBy = [ "multi-user.target" ];
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "25.05";
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "25.05";
};
};
};

57
system/virtualization/containers/ntfy/default.nix
View File

@@ -1,42 +1,45 @@
{ config, lib, ... }: {
{ ... }: {
options.sysconfig.containers.ntfy.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
flake.nixosModules.default = { config, lib, ... }: {
config = lib.mkIf config.sysconfig.containers.ntfy.enable {
options.sysconfig.containers.ntfy.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
containers.ntfy = {
config = lib.mkIf config.sysconfig.containers.ntfy.enable {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.19";
containers.ntfy = {
config = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.19";
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://ntfy.esotericbytes.com";
config = {
listen-http = ":80";
services.ntfy-sh = {
behind-proxy = true;
enable = true;
upstream-base-url = "https://ntfy.sh";
settings = {
auth-default-access = "deny-all";
base-url = "https://ntfy.esotericbytes.com";
listen-http = ":80";
behind-proxy = true;
upstream-base-url = "https://ntfy.sh";
auth-default-access = "deny-all";
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
};
};
};

39
system/virtualization/containers/openwebui/default.nix
View File

@@ -1,39 +0,0 @@
{ config, lib, nixpkgs-us, ... }: {
options = {
sysconfig.containers.openwebui.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.containers.openwebui.enable {
containers.openwebui = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.33";
config = {
services.open-webui = {
enable = true;
package = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.open-webui;
openFirewall = true;
host = "0.0.0.0";
};
system.stateVersion = "25.05";
};
};
};
}

143
system/virtualization/containers/rustdesk/default.nix
View File

@@ -1,84 +1,87 @@
{ config, lib, ... }: {
{ ... }: {
options.sysconfig.containers.rustdesk.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
flake.nixosModules.default = { config, lib, ... }: {
config = lib.mkIf config.sysconfig.containers.rustdesk.enable {
options.sysconfig.containers.rustdesk.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
/*networking = {
firewall.allowedTCPPorts = [ 21115 21116 21117 21118 21119 ];
firewall.allowedUDPPorts = [ 21116 ];
};*/
containers.rustdesk = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.27";
/* forwardPorts = [
{
containerPort = 21115;
hostPort = 21115;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "udp";
}
{
containerPort = 21117;
hostPort = 21117;
protocol = "tcp";
}
{
containerPort = 21118;
hostPort = 21118;
protocol = "tcp";
}
config = lib.mkIf config.sysconfig.containers.rustdesk.enable {
{
containerPort = 21119;
hostPort = 21119;
protocol = "tcp";
}
/*networking = {
firewall.allowedTCPPorts = [ 21115 21116 21117 21118 21119 ];
firewall.allowedUDPPorts = [ 21116 ];
};*/
containers.rustdesk = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.27";
/* forwardPorts = [
{
containerPort = 21115;
hostPort = 21115;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "udp";
}
{
containerPort = 21117;
hostPort = 21117;
protocol = "tcp";
}
{
containerPort = 21118;
hostPort = 21118;
protocol = "tcp";
}
{
containerPort = 21119;
hostPort = 21119;
protocol = "tcp";
}
];*/
config = {
];*/
config = {
services.rustdesk-server = {
enable = true;
openFirewall = true;
relay = {
services.rustdesk-server = {
enable = true;
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
openFirewall = true;
relay = {
enable = true;
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
signal = {
enable = true;
#relayHosts = [ "esotericbytes.com" ];
relayHosts = [ "192.168.100.27" ];
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
};
signal = {
enable = true;
#relayHosts = [ "esotericbytes.com" ];
relayHosts = [ "192.168.100.27" ];
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
system.stateVersion = "24.05";
};
system.stateVersion = "24.05";
};
};
};

135
system/virtualization/containers/sandbox/default.nix
View File

@@ -1,79 +1,82 @@
{ config, lib, self, ... }: {
options.sysconfig.containers.sandbox.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
{ ... }: {
config = lib.mkIf config.sysconfig.containers.sandbox.enable {
flake.nixosModules.default = { config, lib, self, ... }: {
networking = {
nat.internalInterfaces = [ "ve-sandbox" ];
options.sysconfig.containers.sandbox.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
containers.sandbox = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.32";
config = lib.mkIf config.sysconfig.containers.sandbox.enable {
ephemeral = true;
networking = {
timeoutStartSec = "3min";
flake = "${self}";
/*bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
nat.internalInterfaces = [ "ve-sandbox" ];
};
containers.sandbox = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.32";
ephemeral = true;
timeoutStartSec = "3min";
flake = "${self}";
/*bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];*/
config = {
};
allowedDevices = [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];*/
config = {
};
};
};
}

292
system/virtualization/containers/traefik/default.nix
View File

@@ -1,292 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.traefik.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.traefik.enable {
networking = {
hosts."192.168.100.11" = [
"esotericbytes.com"
"*.esotericbytes.com"
];
firewall.allowedTCPPorts = [ 22 80 443 ];
nat.internalInterfaces = [ "ve-traefik" ];
};
containers.traefik = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
forwardPorts = [
{
containerPort = 81;
hostPort = 80;
}
{
containerPort = 444;
hostPort = 443;
}
];
bindMounts = {
"/etc/traefik/data" = {
hostPath = "/ssd1/Traefik/data";
isReadOnly = false;
};
"/var/run/docker.sock" = lib.mkIf config.sysconfig.docker.enable {
hostPath = "/run/docker.sock";
isReadOnly = false;
};
};
config = {
environment.etc."resolv.conf" = {
enable = true;
text = ''
nameserver 1.1.1.1
nameserver 1.0.0.1
options edns0
'';
user = "root";
mode = "0664";
};
#virtualisation.docker.enable = lib.mkIf config.sysconfig.docker.enable true;
users.groups."docker" = lib.mkIf config.sysconfig.docker.enable {
name = "docker";
gid = 131;
members = [
"traefik"
];
};
services.traefik = {
enable = true;
group = lib.mkIf config.sysconfig.docker.enable "docker";
dataDir = "/etc/traefik/data";
environmentFiles = [
"/etc/traefik/data/traefik.env"
];
staticConfigOptions = {
serversTransport.insecureSkipVerify = true;
api = {
dashboard = true;
debug = true;
};
global = {
checknewversion = false;
sendanonymoususage = false;
};
providers.docker = lib.mkIf config.sysconfig.docker.enable {};
entryPoints = {
web = {
address = ":81";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":444";
asDefault = true;
http.tls = {
certResolver = "cloudflare";
domains = {
main = "esotericbytes.com";
sans = [
"*.esotericbytes.com"
];
};
};
};
local = {
address = ":80";
http.redirections.entryPoint = {
to = "localsecure";
scheme = "https";
};
};
localsecure = {
address = ":443";
asDefault = true;
http.tls = {
certResolver = "cloudflare";
domains = {
main = "esotericbytes.com";
sans = [
"*.esotericbytes.com"
];
};
};
};
};
log = {
level = "INFO";
filePath = "/etc/traefik/data/logs/traefik.log";
format = "json";
};
certificatesResolvers = {
cloudflare = {
acme = {
email = "nathanblunkall5@gmail.com";
storage = "/etc/traefik/data/acme.json";
keyType = "EC256";
dnsChallenge = {
provider = "cloudflare";
resolvers = [ "1.1.1.1:53" "1.0.0.1:53" ];
};
};
};
};
};
dynamicConfigOptions = {
http = {
routers = {
homepageSecure = {
entryPoints = [ "websecure" "localsecure" ];
rule = "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)";
service = "homepage";
tls.certResolver = "cloudflare";
};
/*remote = {
entryPoints = [ "websecure" ];
rule = "Host(`remote.esotericbytes.com`)";
service = "novnc";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};*/
/*homeassistant = {
entryPoints = [ "localsecure" ];
rule = "Host(`hass.esotericbytes.com`)";
service = "homeassistant";
tls.certResolver = "cloudflare";
};*/
jellyfin = {
entryPoints = [ "websecure" "localsecure" ];
rule = "Host(`jellyfin.esotericbytes.com`)";
service = "jellyfin";
tls.certResolver = "cloudflare";
};
/*gitlab = {
entryPoints = [ "websecure" ];
rule = "Host(`gitlab.esotericbytes.com`)";
service = "gitlab";
tls.certResolver = "cloudflare";
};*/
gitea = {
entryPoints = [ "websecure" "localsecure" ];
rule = "Host(`gitea.esotericbytes.com`)";
service = "gitea";
tls.certResolver = "cloudflare";
};
nextcloud = {
entryPoints = [ "websecure" "localsecure" ];
rule = "Host(`nextcloud.esotericbytes.com`)";
service = "nextcloud";
tls.certResolver = "cloudflare";
middlewares = [
"nextcloud_redirectregex"
];
};
traefik = {
entryPoints = [ "localsecure" ];
rule = "Host(`traefik.esotericbytes.com`)";
service = "api@internal";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};
/*ntfy = {
entryPoints = [ "websecure" ];
rule = "Host(`ntfy.esotericbytes.com`)";
service = "ntfy";
tls.certResolver = "cloudflare";
};*/
openwebui = {
entryPoints = [ "localsecure" ];
rule = "Host(`ai.esotericbytes.com`)";
service = "openwebui";
tls.certResolver = "cloudflare";
};
code-server = {
entryPoints = [ "localsecure" ];
rule = "Host(`code.esotericbytes.com`)";
service = "code-server";
tls.certResolver = "cloudflare";
};
};
middlewares = {
nextcloud_redirectregex.redirectregex = {
permanent = true;
regex = "https://nextcloud.esotericbytes.com/.well-known/(?:card|cal)dav";
replacement = "https://nextcloud.esotericbytes.com/remote.php/dav";
};
};
services = {
#gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:3000"; } ];
homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ];
jellyfin.loadBalancer.servers = [ { url = "http://192.168.100.14:8096"; } ];
#novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ];
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ];
#ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ];
openwebui.loadBalancer.servers = [ { url = "http://192.168.100.33:8080"; } ];
code-server.loadBalancer.servers = [ { url = "http://192.168.100.31:4444"; } ];
/*homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.25:8123"; } ];*/
};
};
};
};
networking = {
firewall = {
allowedTCPPorts = [ 80 443 81 444 ];
allowedUDPPorts = [ 80 443 81 444 ];
};
useHostResolvConf = false;
};
system.stateVersion = "24.05";
};
};
};
}

191
system/virtualization/containers/wyoming/default.nix
View File

@@ -1,61 +1,63 @@
{ config, lib, ... }: {
{ ... }: {
options.sysconfig.containers.wyoming = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
flake.nixosModules.default = { config, lib, ... }: {
config = lib.mkIf config.sysconfig.containers.wyoming.enable {
containers.wyoming = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.26";
bindMounts = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
options.sysconfig.containers.wyoming = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
allowedDevices = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper [
config = lib.mkIf config.sysconfig.containers.wyoming.enable {
containers.wyoming = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.26";
bindMounts = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper [
{
node = "/dev/nvidia0";
modifier = "rw";
@@ -76,56 +78,57 @@
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];
];
config = {
config = {
networking.firewall = {
allowedTCPPorts = [ 11431 11432 11433 11435 ];
};
services.wyoming = {
networking.firewall = {
allowedTCPPorts = [ 11431 11432 11433 11435 ];
};
piper = lib.mkIf config.sysconfig.containers.wyoming.piper {
services.wyoming = {
servers.piper = {
piper = lib.mkIf config.sysconfig.containers.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
};
openwakeword = lib.mkIf config.sysconfig.containers.wyoming.openwakeword {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
faster-whisper = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.containers.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
#user = "nathan";
vad.enable = false;
};
};
openwakeword = lib.mkIf config.sysconfig.containers.wyoming.openwakeword {
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
faster-whisper = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.containers.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
#user = "nathan";
vad.enable = false;
};
system.stateVersion = "25.05";
};
system.stateVersion = "25.05";
};
};
};
};
}

9
system/virtualization/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
}

403
system/virtualization/docker/authentik/default.nix
View File

@@ -1,4 +1,6 @@
{ config, lib, pkgs, ... }: let
{ ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
hostPort = 9005;
@@ -6,226 +8,233 @@
name = "authentik";
in {
in {
options.sysconfig.docker.authentik.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
options.sysconfig.docker.authentik.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.authentik.enable && config.sysconfig.docker.enable) {
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
config = lib.mkIf (config.sysconfig.docker.authentik.enable && config.sysconfig.docker.enable) {
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
};
};
sops.secrets = {
"authentik/pass" = {};
"authentik/secret_key" = {};
};
sops.secrets = {
"authentik/pass" = {};
"authentik/secret_key" = {};
};
sops.templates."authentik.env" = {
content = ''
PG_PASS=${config.sops.placeholder."authentik/pass"}
sops.templates."authentik.env" = {
content = ''
PG_PASS=${config.sops.placeholder."authentik/pass"}
SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
'';
};
'';
};
virtualisation.oci-containers.containers."authentik-postgresql" = {
image = "docker.io/library/postgres:16-alpine";
environment = {
"POSTGRES_DB" = "authentik";
"POSTGRES_PASSWORD" = "\${PG_PASS}";
"POSTGRES_USER" = "authentik";
virtualisation.oci-containers.containers."authentik-postgresql" = {
image = "docker.io/library/postgres:16-alpine";
environment = {
"POSTGRES_DB" = "authentik";
"POSTGRES_PASSWORD" = "\${PG_PASS}";
"POSTGRES_USER" = "authentik";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
volumes = [
"authentik_database:/var/lib/postgresql/data:rw"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}"
"--health-interval=30s"
"--health-retries=5"
"--health-start-period=20s"
"--health-timeout=5s"
"--network-alias=postgresql"
"--network=authentik_default"
];
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
volumes = [
"authentik_database:/var/lib/postgresql/data:rw"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}"
"--health-interval=30s"
"--health-retries=5"
"--health-start-period=20s"
"--health-timeout=5s"
"--network-alias=postgresql"
"--network=authentik_default"
];
};
systemd.services."docker-authentik-postgresql" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
systemd.services."docker-authentik-postgresql" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
"docker-volume-authentik_database.service"
];
requires = [
"docker-network-authentik_default.service"
"docker-volume-authentik_database.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
after = [
"docker-network-authentik_default.service"
"docker-volume-authentik_database.service"
];
requires = [
"docker-network-authentik_default.service"
"docker-volume-authentik_database.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
virtualisation.oci-containers.containers."authentik-server" = {
image = "ghcr.io/goauthentik/server:2025.12.2";
environment = {
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
virtualisation.oci-containers.containers."authentik-server" = {
image = "ghcr.io/goauthentik/server:2025.12.2";
environment = {
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
"traefik.http.middlewares.authentik.forwardauth.address" = "https://auth.esotericbytes.com/outpost.goauthentik.io/auth/traefik";
"traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
"traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
};
volumes = [
"/etc/Authentik/custom-templates:/templates:rw"
"/etc/Authentik/data:/data:rw"
];
ports = [
"${builtins.toString hostPort}:9000/tcp"
#"9443:9443/tcp"
];
cmd = [ "server" ];
dependsOn = [
"authentik-postgresql"
];
log-driver = "journald";
extraOptions = [
"--network-alias=server"
"--network-alias=authentik-server"
"--network-alias=${name}"
];
networks = [
"docker-main"
"authentik_default"
];
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
systemd.services."docker-authentik-server" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
"docker-network-setup.service"
];
requires = [
"docker-network-authentik_default.service"
"docker-network-setup.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
volumes = [
"/etc/Authentik/custom-templates:/templates:rw"
"/etc/Authentik/data:/data:rw"
];
ports = [
"${builtins.toString hostPort}:9000/tcp"
#"9443:9443/tcp"
];
cmd = [ "server" ];
dependsOn = [
"authentik-postgresql"
];
log-driver = "journald";
extraOptions = [
"--network-alias=server"
"--network-alias=authentik-server"
"--network-alias=${name}"
];
networks = [
"docker-main"
"authentik_default"
];
};
systemd.services."docker-authentik-server" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
virtualisation.oci-containers.containers."authentik-worker" = {
image = "ghcr.io/goauthentik/server:2025.12.2";
environment = {
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
volumes = [
"/etc/Authentik/certs:/certs:rw"
"/etc/Authentik/custom-templates:/templates:rw"
"/etc/Authentik/data:/data:rw"
"/var/run/docker.sock:/var/run/docker.sock:rw"
];
cmd = [ "worker" ];
dependsOn = [
"authentik-postgresql"
];
user = "root";
log-driver = "journald";
extraOptions = [
"--network-alias=worker"
"--network=authentik_default"
];
};
after = [
"docker-network-authentik_default.service"
"docker-network-setup.service"
];
requires = [
"docker-network-authentik_default.service"
"docker-network-setup.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
virtualisation.oci-containers.containers."authentik-worker" = {
image = "ghcr.io/goauthentik/server:2025.12.2";
environment = {
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
systemd.services."docker-authentik-worker" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
];
requires = [
"docker-network-authentik_default.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
volumes = [
"/etc/Authentik/certs:/certs:rw"
"/etc/Authentik/custom-templates:/templates:rw"
"/etc/Authentik/data:/data:rw"
"/var/run/docker.sock:/var/run/docker.sock:rw"
];
cmd = [ "worker" ];
dependsOn = [
"authentik-postgresql"
];
user = "root";
log-driver = "journald";
extraOptions = [
"--network-alias=worker"
"--network=authentik_default"
];
};
systemd.services."docker-authentik-worker" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
];
requires = [
"docker-network-authentik_default.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
# Networks
systemd.services."docker-network-authentik_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f authentik_default";
systemd.services."docker-network-authentik_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f authentik_default";
};
script = ''
docker network inspect authentik_default || docker network create authentik_default
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
script = ''
docker network inspect authentik_default || docker network create authentik_default
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Volumes
systemd.services."docker-volume-authentik_database" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
systemd.services."docker-volume-authentik_database" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect authentik_database || docker volume create authentik_database --driver=local
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
script = ''
docker volume inspect authentik_database || docker volume create authentik_database --driver=local
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-authentik-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
systemd.targets."docker-compose-authentik-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
wantedBy = [ "multi-user.target" ];
};
};
}

93
system/virtualization/docker/default.nix
View File

@@ -1,61 +1,58 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
options.sysconfig.docker = {
enable = with lib; mkOption {
type = with types; bool;
default = false;
};
flake.nixosModules.default = { config, lib, pkgs, ... }: {
nvidia = with lib; mkOption {
type = with types; bool;
default = false;
};
};
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
config = lib.mkIf config.sysconfig.docker.enable {
networking.nat.internalInterfaces = [ "docker0" "docker-main" ];
virtualisation = {
docker = {
enable = true;
storageDriver = "btrfs";
options.sysconfig.docker = {
enable = with lib; mkOption {
type = with types; bool;
default = false;
};
oci-containers = {
backend = "docker";
nvidia = with lib; mkOption {
type = with types; bool;
default = false;
};
};
hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia;
config = lib.mkIf config.sysconfig.docker.enable {
systemd.services."docker-network-setup" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f docker-main";
networking.nat.internalInterfaces = [ "docker0" "docker-main" ];
virtualisation = {
docker = {
enable = true;
storageDriver = "btrfs";
};
oci-containers = {
backend = "docker";
};
};
script = ''
docker network inspect docker-main ||
docker network create -d bridge docker-main \
--attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \
--gateway 192.168.101.1 \
-o "com.docker.network.bridge.name"="docker-main" \
-o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik"
'';
wantedBy = [ "docker-net.target" ];
};
systemd.targets."docker-net" = {
wantedBy = [ "multi-user.target" ];
hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia;
systemd.services."docker-network-setup" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f docker-main";
};
script = ''
docker network inspect docker-main ||
docker network create -d bridge docker-main \
--attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \
--gateway 192.168.101.1 \
-o "com.docker.network.bridge.name"="docker-main" \
-o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik"
'';
wantedBy = [ "docker-net.target" ];
};
systemd.targets."docker-net" = {
wantedBy = [ "multi-user.target" ];
};
};
};
}

155
system/virtualization/docker/gitea/default.nix
View File

@@ -1 +1,154 @@
{}
{ ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "gitea";
name = "gitea";
in {
options.sysconfig.docker."${name}".enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers."${name}" = {
image = "docker.gitea.com/gitea:1.25.4";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "3000";
"traefik.tcp.routers.${name}-ssh.entrypoints" = "gitea-ssh";
"traefik.tcp.routers.${name}-ssh.rule" = "HostSNI(`*`)";
"traefik.tcp.routers.${name}-ssh.service" = "${name}-ssh";
"traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "22";
};
ports = [
];
extraOptions = [
"--ip=192.168.101.20"
];
volumes = [
"vol_gitea:/data"
];
environment = {
};
};
virtualisation.oci-containers.containers."${name}-db" = {
image = "docker.io/library/postgres:14";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${name}-db";
networks = [
"docker-main"
];
labels = {
};
ports = [
];
extraOptions = [
"--ip=192.168.101.21"
];
volumes = [
"/etc/gitea/db:/var/lib/postgresql/data"
];
environment = {
};
};
systemd.services."docker-gitea" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
partOf = [
"docker-compose-gitea-root.target"
];
wantedBy = [
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-gitea-db" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
];
requires = [
"docker-network-setup.service"
];
partOf = [
"docker-compose-gitea-root.target"
];
wantedBy = [
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-volume-gitea" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local
'';
partOf = [ "docker-compose-gitea-root.target" ];
wantedBy = [ "docker-compose-gitea-root.target" ];
};
};
};
}

87
system/virtualization/docker/home-assistant/default.nix
View File

@@ -1,58 +1,61 @@
{ config, lib, ... }: let
{ ... }: {
flake.nixosModules.default = { config, lib, ... }: let
subdomain = "hass";
name = "home-assistant";
in {
in {
options.sysconfig.docker.home-assistant.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
options.sysconfig.docker.home-assistant.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.home-assistant.enable && config.sysconfig.docker.enable) {
environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml;
config = lib.mkIf (config.sysconfig.docker.home-assistant.enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers.home-assistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml;
# unstable, waiting for 26.05
#pull = "newer";
virtualisation.oci-containers.containers.home-assistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
hostname = "${subdomain}.esotericbytes.com";
# unstable, waiting for 26.05
#pull = "newer";
networks = [
"docker-main"
];
hostname = "${subdomain}.esotericbytes.com";
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "8123";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "8123";
};
environment = {
TZ = "America/Chicago";
};
extraOptions = [
"--ip=192.168.101.13"
];
ports = [
];
volumes = [
"vol_home-assistant:/config/"
"/etc/home-assistant/configuration.yaml:/config/configuration.yaml"
];
};
environment = {
TZ = "America/Chicago";
};
extraOptions = [
"--ip=192.168.101.13"
];
ports = [
];
volumes = [
"vol_home-assistant:/config/"
"/etc/home-assistant/configuration.yaml:/config/configuration.yaml"
];
};
};
}

211
system/virtualization/docker/jellyfin/default.nix
View File

@@ -1,117 +1,120 @@
{ config, lib, pkgs, ... }: let
{ ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "watch";
name = "jellyfin";
in {
in {
options.sysconfig.docker.jellyfin.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.jellyfin.enable && config.sysconfig.docker.enable) {
networking.firewall.allowedUDPPorts = [ 7359 ];
virtualisation.oci-containers.containers.jellyfin = {
image = "jellyfin/jellyfin:10.11.6";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"7359:7359/udp"
];
volumes = [
"vol_jellyfin-config:/config"
"vol_jellyfin-cache:/cache"
"/etc/jellyfin/media:/media"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8096";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.21"
];
environment = {
JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com";
};
options.sysconfig.docker.jellyfin.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
systemd.services."docker-jellyfin" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
partOf = [
"docker-compose-jellyfin-root.target"
];
wantedBy = [
"docker-compose-jellyfin-root.target"
];
};
config = lib.mkIf (config.sysconfig.docker.jellyfin.enable && config.sysconfig.docker.enable) {
systemd.services."docker-volume-jellyfin-config" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.services."docker-volume-jellyfin-cache" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
networking.firewall.allowedUDPPorts = [ 7359 ];
systemd.targets."docker-compose-jellyfin-root" = {
wantedBy = [ "multi-user.target" ];
};
virtualisation.oci-containers.containers.jellyfin = {
image = "jellyfin/jellyfin:10.11.6";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"7359:7359/udp"
];
volumes = [
"vol_jellyfin-config:/config"
"vol_jellyfin-cache:/cache"
"/etc/jellyfin/media:/media"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8096";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.21"
];
environment = {
JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com";
};
};
systemd.services."docker-jellyfin" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
partOf = [
"docker-compose-jellyfin-root.target"
];
wantedBy = [
"docker-compose-jellyfin-root.target"
];
};
systemd.services."docker-volume-jellyfin-config" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.services."docker-volume-jellyfin-cache" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.targets."docker-compose-jellyfin-root" = {
wantedBy = [ "multi-user.target" ];
};
};
};
}

141
system/virtualization/docker/n8n/default.nix
View File

@@ -1,74 +1,105 @@
{ config, lib, ... }: let
{ ... }: {
hostPort = 9004;
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "n8n";
name = "n8n";
in {
in {
options.sysconfig.docker."${name}".enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) {
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
options.sysconfig.docker."${name}".enable = with lib; mkOption {
type = with types; bool;
default = false;
};
virtualisation.oci-containers.containers."${name}" = {
image = "docker.n8n.io/n8nio/n8n";
config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) {
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
virtualisation.oci-containers.containers."${name}" = {
image = "docker.n8n.io/n8nio/n8n";
networks = [
"docker-main"
];
# unstable, waiting for 26.05
#pull = "newer";
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "5678";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "5678";
};
ports = [
];
extraOptions = [
"--ip=192.168.101.2"
];
volumes = [
"vol_n8n:/etc/n8n"
];
environment = {
GENERIC_TIMEZONE = "America/Chicago";
TZ = "America/Chicago";
N8N_DIAGNOSTICS_ENABLED = "false";
N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
N8N_TEMPLATES_ENABLED = "false";
EXTERNAL_FRONTEND_HOOKS_URLS = "";
N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
N8N_SECURE_COOKIE = "false";
};
};
ports = [
];
extraOptions = [
"--ip=192.168.101.2"
];
volumes = [
"vol_n8n:/etc/n8n"
];
environment = {
GENERIC_TIMEZONE = "America/Chicago";
TZ = "America/Chicago";
N8N_DIAGNOSTICS_ENABLED = "false";
N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
N8N_TEMPLATES_ENABLED = "false";
EXTERNAL_FRONTEND_HOOKS_URLS = "";
N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
N8N_SECURE_COOKIE = "false";
systemd.services."docker-n8n" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-n8n.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-n8n.service"
];
partOf = [
"docker-compose-n8n-root.target"
];
wantedBy = [
"docker-compose-n8n-root.target"
];
};
systemd.services."docker-volume-n8n" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_n8n || docker volume create vol_n8n --driver=local
'';
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
};
};
}

407
system/virtualization/docker/netbird/default.nix
View File

@@ -1,229 +1,232 @@
{ config, lib, pkgs, ... }: {
{ ... }: {
options.sysconfig.docker.netbird.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
flake.nixosModules.default = { config, lib, pkgs, ... }: {
config = lib.mkIf (config.sysconfig.docker.netbird.enable && config.sysconfig.docker.enable) {
networking.firewall.allowedUDPPorts = [ 3478 ];
sops.secrets."netbird/secret_key" = {};
sops.templates."netbird-relay.env" = {
content = ''
NB_AUTH_SECRET=${config.sops.placeholder."netbird/secret_key"}
NB_LOG_LEVEL=info
NB_LISTEN_ADDRESS=:80
NB_EXPOSED_ADDRESS=rels://vpn.esotericbytes.com:443
NB_ENABLE_STUN=true
NB_STUN_LOG_LEVEL=info
NB_STUN_PORTS=3478
'';
options.sysconfig.docker.netbird.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
environment.etc."netbird/management.json".source = ./config/management.json;
config = lib.mkIf (config.sysconfig.docker.netbird.enable && config.sysconfig.docker.enable) {
networking.firewall.allowedUDPPorts = [ 3478 ];
sops.secrets."netbird/secret_key" = {};
sops.templates."netbird-relay.env" = {
content = ''
NB_AUTH_SECRET=${config.sops.placeholder."netbird/secret_key"}
NB_LOG_LEVEL=info
NB_LISTEN_ADDRESS=:80
NB_EXPOSED_ADDRESS=rels://vpn.esotericbytes.com:443
NB_ENABLE_STUN=true
NB_STUN_LOG_LEVEL=info
NB_STUN_PORTS=3478
'';
};
environment.etc."netbird/management.json".source = ./config/management.json;
# Containers
virtualisation.oci-containers.containers."netbird-dashboard" = {
image = "netbirdio/dashboard:v2.30.1";
environment = {
"AUTH_AUDIENCE" = "netbird-dashboard";
"AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2";
"AUTH_CLIENT_ID" = "netbird-dashboard";
"AUTH_CLIENT_SECRET" = "";
"AUTH_REDIRECT_URI" = "/nb-auth";
"AUTH_SILENT_REDIRECT_URI" = "/nb-silent-auth";
"AUTH_SUPPORTED_SCOPES" = "openid profile email groups";
"LETSENCRYPT_DOMAIN" = "none";
"NETBIRD_MGMT_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NETBIRD_MGMT_GRPC_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NGINX_SSL_PORT" = "443";
"USE_AUTH0" = "false";
virtualisation.oci-containers.containers."netbird-dashboard" = {
image = "netbirdio/dashboard:v2.30.1";
environment = {
"AUTH_AUDIENCE" = "netbird-dashboard";
"AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2";
"AUTH_CLIENT_ID" = "netbird-dashboard";
"AUTH_CLIENT_SECRET" = "";
"AUTH_REDIRECT_URI" = "/nb-auth";
"AUTH_SILENT_REDIRECT_URI" = "/nb-silent-auth";
"AUTH_SUPPORTED_SCOPES" = "openid profile email groups";
"LETSENCRYPT_DOMAIN" = "none";
"NETBIRD_MGMT_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NETBIRD_MGMT_GRPC_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NGINX_SSL_PORT" = "443";
"USE_AUTH0" = "false";
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-dashboard.entrypoints" = "websecure";
"traefik.http.routers.netbird-dashboard.priority" = "1";
"traefik.http.routers.netbird-dashboard.rule" = "Host(`vpn.esotericbytes.com`)";
"traefik.http.routers.netbird-dashboard.tls" = "true";
"traefik.http.services.netbird-dashboard.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=dashboard"
"--network=docker-main"
"--ip=192.168.101.5"
];
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-dashboard.entrypoints" = "websecure";
"traefik.http.routers.netbird-dashboard.priority" = "1";
"traefik.http.routers.netbird-dashboard.rule" = "Host(`vpn.esotericbytes.com`)";
"traefik.http.routers.netbird-dashboard.tls" = "true";
"traefik.http.services.netbird-dashboard.loadbalancer.server.port" = "80";
systemd.services."docker-netbird-dashboard" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
log-driver = "journald";
extraOptions = [
"--network-alias=dashboard"
"--network=docker-main"
"--ip=192.168.101.5"
];
};
systemd.services."docker-netbird-dashboard" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
virtualisation.oci-containers.containers."netbird-management" = {
image = "netbirdio/management:0.64.4";
volumes = [
"/etc/netbird/management.json:/etc/netbird/management.json:rw"
"netbird_netbird_management:/var/lib/netbird:rw"
];
cmd = [ "--port" "80" "--log-file" "console" "--log-level" "info" "--disable-anonymous-metrics=false" "--single-account-mode-domain=netbird.selfhosted" "--dns-domain=netbird.selfhosted" "--idp-sign-key-refresh-enabled" ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-api.entrypoints" = "websecure";
"traefik.http.routers.netbird-api.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/api`)";
"traefik.http.routers.netbird-api.service" = "netbird-api";
"traefik.http.routers.netbird-api.tls" = "true";
"traefik.http.routers.netbird-mgmt-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/management.ManagementService/`)";
"traefik.http.routers.netbird-mgmt-grpc.service" = "netbird-mgmt-grpc";
"traefik.http.routers.netbird-mgmt-grpc.tls" = "true";
"traefik.http.routers.netbird-mgmt-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/management`)";
"traefik.http.routers.netbird-mgmt-ws.service" = "netbird-mgmt-ws";
"traefik.http.routers.netbird-mgmt-ws.tls" = "true";
"traefik.http.routers.netbird-oauth2.entrypoints" = "websecure";
"traefik.http.routers.netbird-oauth2.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/oauth2`)";
"traefik.http.routers.netbird-oauth2.service" = "netbird-oauth2";
"traefik.http.routers.netbird-oauth2.tls" = "true";
"traefik.http.services.netbird-api.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-mgmt-ws.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-oauth2.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=management"
"--network=docker-main"
"--ip=192.168.101.4"
];
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
virtualisation.oci-containers.containers."netbird-management" = {
image = "netbirdio/management:0.64.4";
volumes = [
"/etc/netbird/management.json:/etc/netbird/management.json:rw"
"netbird_netbird_management:/var/lib/netbird:rw"
];
cmd = [ "--port" "80" "--log-file" "console" "--log-level" "info" "--disable-anonymous-metrics=false" "--single-account-mode-domain=netbird.selfhosted" "--dns-domain=netbird.selfhosted" "--idp-sign-key-refresh-enabled" ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-api.entrypoints" = "websecure";
"traefik.http.routers.netbird-api.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/api`)";
"traefik.http.routers.netbird-api.service" = "netbird-api";
"traefik.http.routers.netbird-api.tls" = "true";
"traefik.http.routers.netbird-mgmt-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/management.ManagementService/`)";
"traefik.http.routers.netbird-mgmt-grpc.service" = "netbird-mgmt-grpc";
"traefik.http.routers.netbird-mgmt-grpc.tls" = "true";
"traefik.http.routers.netbird-mgmt-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/management`)";
"traefik.http.routers.netbird-mgmt-ws.service" = "netbird-mgmt-ws";
"traefik.http.routers.netbird-mgmt-ws.tls" = "true";
"traefik.http.routers.netbird-oauth2.entrypoints" = "websecure";
"traefik.http.routers.netbird-oauth2.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/oauth2`)";
"traefik.http.routers.netbird-oauth2.service" = "netbird-oauth2";
"traefik.http.routers.netbird-oauth2.tls" = "true";
"traefik.http.services.netbird-api.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-mgmt-ws.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-oauth2.loadbalancer.server.port" = "80";
systemd.services."docker-netbird-management" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-volume-netbird_netbird_management.service"
];
requires = [
"docker-volume-netbird_netbird_management.service"
];
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
log-driver = "journald";
extraOptions = [
"--network-alias=management"
"--network=docker-main"
"--ip=192.168.101.4"
];
};
systemd.services."docker-netbird-management" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-volume-netbird_netbird_management.service"
];
requires = [
"docker-volume-netbird_netbird_management.service"
];
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
virtualisation.oci-containers.containers."netbird-relay" = {
image = "netbirdio/relay:0.64.4";
virtualisation.oci-containers.containers."netbird-relay" = {
image = "netbirdio/relay:0.64.4";
environmentFiles = [ config.sops.templates."netbird-relay.env".path ];
environmentFiles = [ config.sops.templates."netbird-relay.env".path ];
ports = [
"3478:3478/udp"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-relay.entrypoints" = "websecure";
"traefik.http.routers.netbird-relay.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/relay`)";
"traefik.http.routers.netbird-relay.tls" = "true";
"traefik.http.services.netbird-relay.loadbalancer.server.port" = "80";
ports = [
"3478:3478/udp"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-relay.entrypoints" = "websecure";
"traefik.http.routers.netbird-relay.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/relay`)";
"traefik.http.routers.netbird-relay.tls" = "true";
"traefik.http.services.netbird-relay.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=relay"
"--network=docker-main"
"--ip=192.168.101.3"
];
};
log-driver = "journald";
extraOptions = [
"--network-alias=relay"
"--network=docker-main"
"--ip=192.168.101.3"
];
};
systemd.services."docker-netbird-relay" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
systemd.services."docker-netbird-relay" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
virtualisation.oci-containers.containers."netbird-signal" = {
image = "netbirdio/signal:0.64.4";
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-signal-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/signalexchange.SignalExchange/`)";
"traefik.http.routers.netbird-signal-grpc.service" = "netbird-signal-grpc";
"traefik.http.routers.netbird-signal-grpc.tls" = "true";
"traefik.http.routers.netbird-signal-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-signal-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/signal`)";
"traefik.http.routers.netbird-signal-ws.service" = "netbird-signal-ws";
"traefik.http.routers.netbird-signal-ws.tls" = "true";
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.port" = "10000";
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-signal-ws.loadbalancer.server.port" = "80";
virtualisation.oci-containers.containers."netbird-signal" = {
image = "netbirdio/signal:0.64.4";
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-signal-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/signalexchange.SignalExchange/`)";
"traefik.http.routers.netbird-signal-grpc.service" = "netbird-signal-grpc";
"traefik.http.routers.netbird-signal-grpc.tls" = "true";
"traefik.http.routers.netbird-signal-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-signal-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/signal`)";
"traefik.http.routers.netbird-signal-ws.service" = "netbird-signal-ws";
"traefik.http.routers.netbird-signal-ws.tls" = "true";
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.port" = "10000";
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-signal-ws.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=signal"
"--network=docker-main"
];
};
log-driver = "journald";
extraOptions = [
"--network-alias=signal"
"--network=docker-main"
];
};
systemd.services."docker-netbird-signal" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
systemd.services."docker-netbird-signal" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
# Volumes
systemd.services."docker-volume-netbird_netbird_management" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
systemd.services."docker-volume-netbird_netbird_management" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect netbird_netbird_management || docker volume create netbird_netbird_management
'';
partOf = [ "docker-compose-netbird-root.target" ];
wantedBy = [ "docker-compose-netbird-root.target" ];
};
script = ''
docker volume inspect netbird_netbird_management || docker volume create netbird_netbird_management
'';
partOf = [ "docker-compose-netbird-root.target" ];
wantedBy = [ "docker-compose-netbird-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-netbird-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
systemd.targets."docker-compose-netbird-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
wantedBy = [ "multi-user.target" ];
};
};
}

203
system/virtualization/docker/nextcloud/default.nix
View File

@@ -1,115 +1,118 @@
{ config, lib, pkgs, ... }: let
{ ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "cloud";
name = "nextcloud";
in {
in {
options.sysconfig.docker.nextcloud.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.nextcloud.enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = {
image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751";
serviceName = "docker-nextcloud";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
];
volumes = [
"nextcloud_aio_mastercontainer:/mnt/docker-aio-config"
"/run/docker.sock:/var/run/docker.sock:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.routers.${name}.middlewares" = "nextcloud-chain";
"traefik.http.middlewares.https-redirect.redirectScheme.scheme" = "https";
"traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders" = "X-Forwarded-Host";
"traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy" = "same-origin";
"traefik.http.middlewares.nextcloud-chain.chain.middlewares" = "https-redirect,nextcloud-secure-headers";
#"traefik.http.services.${name}.loadbalancer.server.port" = "11000";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:11000";
};
extraOptions = [
"--ip=192.168.101.17"
];
environment = {
APACHE_PORT = "11000";
APACHE_IP = "0.0.0.0";
APACHE_ADDITIONAL_NETWORK = "docker-main";
SKIP_DOMAIN_VALIDATION = "true";
TALK_PORT = "3479";
};
options.sysconfig.docker.nextcloud.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
systemd.services."docker-nextcloud" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
config = lib.mkIf (config.sysconfig.docker.nextcloud.enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = {
image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751";
serviceName = "docker-nextcloud";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
];
volumes = [
"nextcloud_aio_mastercontainer:/mnt/docker-aio-config"
"/run/docker.sock:/var/run/docker.sock:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.routers.${name}.middlewares" = "nextcloud-chain";
"traefik.http.middlewares.https-redirect.redirectScheme.scheme" = "https";
"traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders" = "X-Forwarded-Host";
"traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy" = "same-origin";
"traefik.http.middlewares.nextcloud-chain.chain.middlewares" = "https-redirect,nextcloud-secure-headers";
#"traefik.http.services.${name}.loadbalancer.server.port" = "11000";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:11000";
};
extraOptions = [
"--ip=192.168.101.17"
];
environment = {
APACHE_PORT = "11000";
APACHE_IP = "0.0.0.0";
APACHE_ADDITIONAL_NETWORK = "docker-main";
SKIP_DOMAIN_VALIDATION = "true";
TALK_PORT = "3479";
};
};
after = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
partOf = [
"docker-compose-nextcloud-root.target"
];
wantedBy = [
"docker-compose-nextcloud-root.target"
];
};
systemd.services."docker-volume-nextcloud" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
systemd.services."docker-nextcloud" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
partOf = [
"docker-compose-nextcloud-root.target"
];
wantedBy = [
"docker-compose-nextcloud-root.target"
];
};
script = ''
docker volume inspect nextcloud_aio_mastercontainer || docker volume create nextcloud_aio_mastercontainer --driver=local
'';
partOf = [ "docker-compose-nextcloud-root.target" ];
wantedBy = [ "docker-compose-nextcloud-root.target" ];
};
systemd.targets."docker-compose-nextcloud-root" = {
wantedBy = [ "multi-user.target" ];
};
systemd.services."docker-volume-nextcloud" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect nextcloud_aio_mastercontainer || docker volume create nextcloud_aio_mastercontainer --driver=local
'';
partOf = [ "docker-compose-nextcloud-root.target" ];
wantedBy = [ "docker-compose-nextcloud-root.target" ];
};
systemd.targets."docker-compose-nextcloud-root" = {
wantedBy = [ "multi-user.target" ];
};
};
};
}

107
system/virtualization/docker/ollama/default.nix
View File

@@ -1,4 +1,6 @@
{ config, lib, pkgs, ... }: let
{ ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
hostPort = 11434;
@@ -6,67 +8,68 @@
name = "ollama";
in {
in {
options.sysconfig.docker.ollama.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.ollama.enable && config.sysconfig.docker.enable) {
environment.systemPackages = with pkgs; [
ollama
];
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
"ve-openwebui" = {
allowedTCPPorts = [ hostPort ];
};
options.sysconfig.docker.ollama.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
virtualisation.oci-containers.containers.ollama = {
image = "ollama/ollama:latest";
config = lib.mkIf (config.sysconfig.docker.ollama.enable && config.sysconfig.docker.enable) {
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
environment.systemPackages = with pkgs; [
ollama
];
ports = [
"${builtins.toString hostPort}:11434"
];
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
volumes = [
"vol_ollama:/root/.ollama"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "11434";
"ve-openwebui" = {
allowedTCPPorts = [ hostPort ];
};
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.6"
];
virtualisation.oci-containers.containers.ollama = {
image = "ollama/ollama:latest";
environment = {
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "32000";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"${builtins.toString hostPort}:11434"
];
volumes = [
"vol_ollama:/root/.ollama"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "11434";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.22"
];
environment = {
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "32000";
};
};
};
};

165
system/virtualization/docker/openwebui/default.nix
View File

@@ -1,96 +1,99 @@
{ config, lib, pkgs, ... }: let
{ ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "ai";
name = "openwebui";
in {
in {
options.sysconfig.docker.openwebui.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.openwebui.enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers.openwebui = {
image = "ghcr.io/open-webui/open-webui:v0.7.2";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
/*ports = [
"${builtins.toString hostPort}:8080"
];*/
volumes = [
"vol_openwebui:/app/backend/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8080";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.8"
];
environment = {
};
options.sysconfig.docker.openwebui.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
systemd.services."docker-openwebui" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
config = lib.mkIf (config.sysconfig.docker.openwebui.enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers.openwebui = {
image = "ghcr.io/open-webui/open-webui:v0.7.2";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
/*ports = [
"${builtins.toString hostPort}:8080"
];*/
volumes = [
"vol_openwebui:/app/backend/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8080";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.8"
];
environment = {
};
};
after = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
partOf = [
"docker-compose-openwebui-root.target"
];
wantedBy = [
"docker-compose-openwebui-root.target"
];
};
systemd.services."docker-volume-openwebui" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
systemd.services."docker-openwebui" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
partOf = [
"docker-compose-openwebui-root.target"
];
wantedBy = [
"docker-compose-openwebui-root.target"
];
};
script = ''
docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=local
'';
partOf = [ "docker-compose-openwebui-root.target" ];
wantedBy = [ "docker-compose-openwebui-root.target" ];
};
systemd.targets."docker-compose-openwebui-root" = {
wantedBy = [ "multi-user.target" ];
};
systemd.services."docker-volume-openwebui" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=local
'';
partOf = [ "docker-compose-openwebui-root.target" ];
wantedBy = [ "docker-compose-openwebui-root.target" ];
};
systemd.targets."docker-compose-openwebui-root" = {
wantedBy = [ "multi-user.target" ];
};
};
};
}

0
system/virtualization/docker/passbolt/docker-compose.nix → system/virtualization/docker/passbolt/docker-compose.nix-txt
View File

Some files were not shown because too many files have changed in this diff Show More