Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: Blunkall-Technologies:master
Branches Tags
Blunkall-Technologies:master Blunkall-Technologies:dev
...
pull from: Blunkall-Technologies:dev
Branches Tags
Blunkall-Technologies:dev Blunkall-Technologies:master

31 Commits
master ... dev

Author SHA1 Message Date
Nathan
8c66096e81 test 2026-03-06 23:23:42 -06:00
Nathan
e6b2a1d3ee test 2026-03-06 23:17:43 -06:00
Nathan
93b4b2730f test 2026-03-06 21:55:48 -06:00
Nathan
e9988b21ff test 2026-03-06 21:47:12 -06:00
Nathan
d6e9904bfc test 2026-03-06 21:32:57 -06:00
Nathan
aea1919a44 test 2026-03-06 21:27:24 -06:00
Nathan
da7ad42da9 test 2026-03-06 20:04:38 -06:00
Nathan
13e5c8410e test 2026-03-06 19:42:47 -06:00
Nathan
c8cfd433ae test 2026-03-06 19:39:21 -06:00
Nathan
60dd114bcc update aurora 2026-03-06 19:35:52 -06:00
Nathan
ac12242060 update aurora 2026-03-06 19:31:03 -06:00
Nathan
c3f12243d8 Begin Dendritic rewrite 2026-03-06 19:17:00 -06:00
Nathan
e296f298b1 Begin Dendritic rewrite 2026-03-06 19:07:55 -06:00
Nathan
f656be3dfb Begin Dendritic rewrite 2026-03-06 19:05:37 -06:00
Nathan
eb5b08c8f0 Begin Dendritic rewrite 2026-03-06 18:46:38 -06:00
Nathan
fa9ca0ec63 Begin Dendritic rewrite 2026-03-06 18:37:21 -06:00
Nathan
fd10360294 Begin Dendritic rewrite 2026-03-06 18:27:39 -06:00
Nathan
0237820306 Begin Dendritic rewrite 2026-03-06 18:26:41 -06:00
Nathan
64b6b6b763 Begin Dendritic rewrite 2026-03-06 18:23:19 -06:00
Nathan
78b1b26b91 Begin Dendritic rewrite 2026-03-06 16:34:10 -06:00
Nathan
44eb6492f2 Begin Dendritic rewrite 2026-03-06 16:32:07 -06:00
Nathan
597f51e7b2 Begin Dendritic rewrite 2026-03-06 16:25:23 -06:00
Nathan
c1684a80f7 Begin Dendritic rewrite 2026-03-06 16:24:53 -06:00
Nathan
f3a90a0fe8 test 2026-02-28 19:01:49 -06:00
Nathan
11089070ba test 2026-02-28 18:05:10 -06:00
Nathan
8697469f5f add authentik middleware 2026-02-28 17:56:12 -06:00
Nathan
fa6abcfd98 add ssh key 2026-02-28 17:26:54 -06:00
Nathan
7f0629f313 work on docker gitea 2026-02-25 09:03:17 -06:00
Nathan
1a088bc501 no nextcloud for now 2026-02-20 21:35:52 -06:00
Nathan
0f70cf9bbc add localsend 2026-02-14 18:02:53 -06:00
Nathan
fbf6864350 ollama ip 2026-02-04 00:15:51 -06:00
114 changed files with 4616 additions and 5386 deletions
Expand all files Collapse all files

3
.gitmodules vendored
View File

@@ -4,6 +4,3 @@
[submodule "machines/laptop"] [submodule "machines/laptop"]
path = machines/laptop path = machines/laptop
url = ssh://gitea@gitea.esotericbytes.com:2222/Blunkall-Technologies/laptop url = ssh://gitea@gitea.esotericbytes.com:2222/Blunkall-Technologies/laptop
[submodule "machines/android"]
path = machines/android
url = ssh://gitea@gitea.esotericbytes.com:2222/Blunkall-Technologies/android

12
flake-parts.nix Normal file
View File

@@ -0,0 +1,12 @@
{ inputs, ... }: {
imports = [
inputs.home-manager.flakeModules.home-manager
inputs.disko.flakeModules.default
];
systems = [
"x86_64-linux"
"aarch64-linux"
];
}

312
flake.lock generated
View File

@@ -20,11 +20,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769428758, "lastModified": 1772292445,
"narHash": "sha256-0G/GzF7lkWs/yl82bXuisSqPn6sf8YGTnbEdFOXvOfU=", "narHash": "sha256-4F1Q7U313TKUDDovCC96m/Za4wZcJ3yqtu4eSrj8lk8=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "def5e74c97370f15949a67c62e61f1459fcb0e15", "rev": "1dbbba659c1cef0b0202ce92cadfe13bae550e8f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -33,6 +33,27 @@
"type": "github" "type": "github"
} }
}, },
"aurora": {
"inputs": {
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"import-tree": "import-tree",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1772849004,
"narHash": "sha256-i2QztCyeyCmsbVn3QHaEMBf1gsuJJQ/tobYgWUEG7N4=",
"ref": "refs/heads/master",
"rev": "8fd87dad5abbf43a599973f75545820a95345f44",
"revCount": 5,
"type": "git",
"url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora"
},
"original": {
"type": "git",
"url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -40,11 +61,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769524058, "lastModified": 1772699110,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "narHash": "sha256-jkyo/9fZVB3F/PHk3fVK1ImxJBZ71DCOYZvAz4R4v4E=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "rev": "42affa9d33750ac0a0a89761644af20d8d03e6ee",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -61,11 +82,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1770091431, "lastModified": 1772824881,
"narHash": "sha256-9Sqq/hxq8ZDLRSzu+edn0OfWG+FAPWFpwMKaJobeLec=", "narHash": "sha256-NqX+JCA8hRV3GoYrsqnHB2IWKte1eQ8NK2WVbJkORcw=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "4f827ff035c6ddc58d04c45abe5b777d356b926a", "rev": "07e1616c9b13fe4794dad4bcc33cd7088c554465",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -91,26 +112,46 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": { "locked": {
"lastModified": 1768135262, "lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
@@ -125,7 +166,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_2": { "flake-parts_4": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixvim", "nixvim",
@@ -170,17 +211,35 @@
} }
}, },
"home-manager": { "home-manager": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1772845525,
"narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1769580047, "lastModified": 1772633058,
"narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=", "narHash": "sha256-SO7JapRy2HPhgmqiLbfnW1kMx5rakPMKZ9z3wtRLQjI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826", "rev": "080657a04188aca25f8a6c70a0fb2ea7e37f1865",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -235,11 +294,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769284023, "lastModified": 1770511807,
"narHash": "sha256-xG34vwYJ79rA2wVC8KFuM8r36urJTG6/csXx7LiiSYU=", "narHash": "sha256-suKmSbSk34uPOJDTg/GbPrKEJutzK08vj0VoTvAFBCA=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprgraphics", "repo": "hyprgraphics",
"rev": "13c536659d46893596412d180449353a900a1d31", "rev": "7c75487edd43a71b61adb01cae8326d277aab683",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -259,17 +318,17 @@
"hyprutils": "hyprutils", "hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner", "hyprwayland-scanner": "hyprwayland-scanner",
"hyprwire": "hyprwire", "hyprwire": "hyprwire",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_3",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"systems": "systems", "systems": "systems",
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1770079745, "lastModified": 1772833450,
"narHash": "sha256-rQ4no/+LHuHlqDbJopj6fgS9GUsv1NSycrVhIoLPnbs=", "narHash": "sha256-W/2pHWOVr+jCr/Bzm1mndsZdg7kWjYsYsouLk1nCLLk=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "30756d871845a6058a840642ab1a4c3979f6d782", "rev": "4152ac76d0813d9d0f67d2f04653a13fa6e17433",
"revCount": 6859, "revCount": 6996,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"
@@ -367,11 +426,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767983607, "lastModified": 1771866172,
"narHash": "sha256-8C2co8NYfR4oMOUEsPROOJ9JHrv9/ktbJJ6X1WsTbXc=", "narHash": "sha256-fYFoXhQLrm1rD8vSFKQBOEX4OGCuJdLt1amKfHd5GAw=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "d4037379e6057246b408bbcf796cf3e9838af5b2", "rev": "0b219224910e7642eb0ed49f0db5ec3d008e3e41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -444,11 +503,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766253372, "lastModified": 1771271487,
"narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=", "narHash": "sha256-41gEiUS0Pyw3L/ge1l8MXn61cK14VAhgWB/JV8s/oNI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9", "rev": "340a792e3b3d482c4ae5f66d27a9096bdee6d76d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -469,11 +528,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763640274, "lastModified": 1770501770,
"narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=", "narHash": "sha256-NWRM6+YxTRv+bT9yvlhhJ2iLae1B1pNH3mAL5wi2rlQ=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwayland-scanner", "repo": "hyprwayland-scanner",
"rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671", "rev": "0bd8b6cde9ec27d48aad9e5b4deefb3746909d40",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -498,11 +557,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769202094, "lastModified": 1771606233,
"narHash": "sha256-gdJr/vWWLRW85ucatSjoBULPB2dqBJd/53CZmQ9t91Q=", "narHash": "sha256-F3PLUqQ/TwgR70U+UeOqJnihJZ2EuunzojYC4g5xHr0=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwire", "repo": "hyprwire",
"rev": "a45ca05050d22629b3c7969a926d37870d7dd75c", "rev": "06c7f1f8c4194786c8400653c4efc49dc14c0f3a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -511,33 +570,43 @@
"type": "github" "type": "github"
} }
}, },
"nix-minecraft": { "import-tree": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_2",
"systems": "systems_2"
},
"locked": { "locked": {
"lastModified": 1770000653, "lastModified": 1772344373,
"narHash": "sha256-QO/twGynxjOSUDtxbqJLshc/Q5/wImLH5O6KV2p9eoE=", "narHash": "sha256-OQQ1MhB9t1J71b2wxRRTdH/Qd8UGG0p+dGspfCf5U1c=",
"owner": "Infinidoge", "owner": "vic",
"repo": "nix-minecraft", "repo": "import-tree",
"rev": "6a2ddb643aaf7949caa6158e718c5efc3dda7dc1", "rev": "10fda59eee7d7970ec443b925f32a1bc7526648c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Infinidoge", "owner": "vic",
"repo": "nix-minecraft", "repo": "import-tree",
"type": "github"
}
},
"import-tree_2": {
"locked": {
"lastModified": 1772344373,
"narHash": "sha256-OQQ1MhB9t1J71b2wxRRTdH/Qd8UGG0p+dGspfCf5U1c=",
"owner": "vic",
"repo": "import-tree",
"rev": "10fda59eee7d7970ec443b925f32a1bc7526648c",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "import-tree",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1769461804, "lastModified": 1772542754,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -548,6 +617,36 @@
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": {
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_3": {
"locked": { "locked": {
"lastModified": 1765674936, "lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
@@ -564,11 +663,11 @@
}, },
"nixpkgs-us": { "nixpkgs-us": {
"locked": { "locked": {
"lastModified": 1770019141, "lastModified": 1772624091,
"narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -580,11 +679,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1769461804, "lastModified": 1772433332,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "narHash": "sha256-izhTDFKsg6KeVBxJS9EblGeQ8y+O8eCa6RcW874vxEc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "rev": "cf59864ef8aa2e178cccedbe2c178185b0365705",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -596,11 +695,27 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1770056022, "lastModified": 1772198003,
"narHash": "sha256-yvCz+Qmci1bVucXEyac3TdoSPMtjqVJmVy5wro6j/70=", "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1772598333,
"narHash": "sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr+5U=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d04d8548aed39902419f14a8537006426dc1e4fa", "rev": "fabb8c9deee281e50b1065002c9828f2cf7b2239",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -610,7 +725,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1769461804, "lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
@@ -626,7 +741,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1768875095, "lastModified": 1768875095,
"narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=",
@@ -644,8 +759,8 @@
}, },
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"nixvim": "nixvim_2" "nixvim": "nixvim_2"
}, },
"locked": { "locked": {
@@ -664,9 +779,9 @@
}, },
"nixvim_2": { "nixvim_2": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_6",
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1769644746, "lastModified": 1769644746,
@@ -692,11 +807,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769069492, "lastModified": 1772024342,
"narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", "narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -707,12 +822,14 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"aurora": "aurora",
"disko": "disko", "disko": "disko",
"firefox-addons": "firefox-addons", "firefox-addons": "firefox-addons",
"home-manager": "home-manager", "flake-parts": "flake-parts_2",
"home-manager": "home-manager_2",
"hyprland": "hyprland", "hyprland": "hyprland",
"nix-minecraft": "nix-minecraft", "import-tree": "import-tree_2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixpkgs-us": "nixpkgs-us", "nixpkgs-us": "nixpkgs-us",
"nixvim": "nixvim", "nixvim": "nixvim",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
@@ -725,11 +842,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769921679, "lastModified": 1772495394,
"narHash": "sha256-twBMKGQvaztZQxFxbZnkg7y/50BW9yjtCBWwdjtOZew=", "narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "1e89149dcfc229e7e2ae24a8030f124a31e4f24f", "rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -768,21 +885,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"xdph": { "xdph": {
"inputs": { "inputs": {
"hyprland-protocols": [ "hyprland-protocols": [

185
flake.nix
View File

@@ -21,187 +21,32 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
flake-parts.url = "github:hercules-ci/flake-parts";
import-tree.url = "github:vic/import-tree";
firefox-addons = { firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
#simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
nixvim.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai"; nixvim.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai";
aurora.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora";
self.submodules = true; self.submodules = true;
}; };
outputs = { self, nixpkgs, home-manager, ... } @ inputs: { outputs = { ... } @ inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; }
profiles = let (inputs.import-tree [
dir = builtins.readDir ./profiles; ./profiles
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir); ./homes
in (builtins.listToAttrs ./machines
(builtins.map ./system
(name: ({ ./templates/default.nix
inherit name; ./flake-parts.nix
]);
value = { ... }: {
imports = [
./system
./profiles/${name}
];
};
})) filtered)
);
homes = let
dir = builtins.readDir ./homes;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = { ... } @ exputs: {
imports = [ (import ./homes/${name}/home-manager (exputs // inputs)) ];
};
})) filtered)
);
iso = (nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inputs = inputs // {
nathan = self.homes.nathan;
inherit self;
};
};
modules = [
self.profiles.iso
];
}).config.system.build.isoImage;
templates = {
nixos = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/nixos;
};
home-manager = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/home-manager;
};
nix-on-droid = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/nix-on-droid;
};
machines = let
dir = builtins.readDir ./machines;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = {
welcomeText = ''
#Welcome to Olympus!
##Warning:
This is a config for ${name}, an established machine!
It may require significant alterations to be usable!
'';
description = ''
Generate this where you want your config.
'';
path = ./machines/${name};
};
})) filtered)
);
homes = let
dir = builtins.readDir ./homes;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = {
welcomeText = ''
#Welcome home, ${name}!
Your config is right here.
'';
description = ''
Generate this where you want your config.
'';
path = ./homes/${name};
};
})) filtered)
);
default = self.templates.nixos;
};
nixosConfigurations = let
dir = builtins.readDir ./machines;
filtered = builtins.filter (x: dir.${x} == "directory" && x != "android") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = nixpkgs.lib.nixosSystem {
specialArgs = inputs;
modules = [
{ sysconfig.host = name; }
./machines/${name}
self.profiles.${name}
];
};
})) filtered)
);
};
} }

40
homes/nathan/flake.nix
View File

@@ -1,40 +0,0 @@
{
description = "Home-Manager Configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
olympus = {
url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Olympus";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
};
outputs = { self, nixpkgs, home-manager, olympus, ... } @ inputs: {
homeConfigurations = {
nathan = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs {
system = builtins.currentSystem;
};
modules = [
olympus.homes.nathan
./home.nix
];
extraSpecialArgs = {
inherit inputs;
};
};
};
};
}

187
homes/nathan/home-manager/default.nix
View File

@@ -1,114 +1,113 @@
{ config, lib, pkgs, inputs, ... }: { { inputs, ... }: {
imports = let flake.homeModules.nathan = { config, lib, pkgs, ... }: {
dir = builtins.readDir ./.;
in (builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
)) ++ [
inputs.sops-nix.homeManagerModules.sops
];
options.homeconfig = with lib; { imports = [
inputs.sops-nix.homeManagerModules.sops
];
name = mkOption { options.homeconfig = with lib; {
type = with types; nullOr str;
default = null;
};
graphical = mkOption { name = mkOption {
type = with types; bool; type = with types; nullOr str;
default = true; default = null;
}; };
standalone = mkOption { graphical = mkOption {
type = with types; bool; type = with types; bool;
default = false; default = true;
}; };
virtual-machines = mkOption { standalone = mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
}; };
};
virtual-machines = mkOption {
config = { type = with types; bool;
default = false;
homeconfig = {
name = "nathan";
mpd.enable = lib.mkDefault true;
calcurse.enable = lib.mkDefault true;
git.enable = lib.mkDefault true;
nh.enable = lib.mkDefault true;
minimal = lib.mkDefault false;
hyprland.enable = lib.mkDefault config.homeconfig.graphical;
hyprlock.enable = lib.mkDefault config.homeconfig.hyprland.enable;
wal.enable = lib.mkDefault config.homeconfig.graphical;
hyprpanel.enable = lib.mkDefault config.homeconfig.hyprland.enable;
rofi.enable = lib.mkDefault config.homeconfig.hyprland.enable;
firefox.enable = lib.mkDefault config.homeconfig.graphical;
};
home.username = lib.mkDefault config.homeconfig.name;
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
home.stateVersion = "23.11";
home.pointerCursor = lib.mkIf config.homeconfig.graphical {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 16;
};
dconf.settings = lib.mkIf config.homeconfig.virtual-machines {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
}; };
}; };
gtk = lib.mkIf (config.homeconfig.graphical && config.homeconfig.hyprland.enable) {
enable = true;
theme.name = "Tokyonight-Dark";
theme.package = pkgs.tokyonight-gtk-theme;
iconTheme.package = pkgs.rose-pine-icon-theme;
iconTheme.name = "rose-pine-moon";
};
sops = { config = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."remoteBuildKey" = {}; homeconfig = {
}; name = "nathan";
services.mpris-proxy.enable = true; mpd.enable = lib.mkDefault true;
calcurse.enable = lib.mkDefault true;
git.enable = lib.mkDefault true;
nh.enable = lib.mkDefault true;
programs.ssh = { minimal = lib.mkDefault false;
enable = true; hyprland.enable = lib.mkDefault config.homeconfig.graphical;
hyprlock.enable = lib.mkDefault config.homeconfig.hyprland.enable;
wal.enable = lib.mkDefault config.homeconfig.graphical;
rofi.enable = lib.mkDefault config.homeconfig.hyprland.enable;
firefox.enable = lib.mkDefault config.homeconfig.graphical;
matchBlocks = { aurora.enable = lib.mkDefault config.homeconfig.hyprland.enable;
"builder" = { };
hostname = "esotericbytes.com";
user = "remote-builder"; home.username = lib.mkDefault config.homeconfig.name;
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22; home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
};
home.stateVersion = "23.11";
"remote" = {
hostname = "esotericbytes.com"; home.pointerCursor = lib.mkIf config.homeconfig.graphical {
user = "nathan"; gtk.enable = true;
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519"; package = pkgs.bibata-cursors;
port = 22; name = "Bibata-Modern-Classic";
size = 16;
};
dconf.settings = lib.mkIf config.homeconfig.virtual-machines {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
}; };
}; };
};
gtk = lib.mkIf (config.homeconfig.graphical && config.homeconfig.hyprland.enable) {
enable = true;
theme.name = "Tokyonight-Dark";
theme.package = pkgs.tokyonight-gtk-theme;
iconTheme.package = pkgs.rose-pine-icon-theme;
iconTheme.name = "rose-pine-moon";
};
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."remoteBuildKey" = {};
};
services.mpris-proxy.enable = true;
programs.ssh = {
enable = true;
matchBlocks = {
"builder" = {
hostname = "esotericbytes.com";
user = "remote-builder";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
"remote" = {
hostname = "esotericbytes.com";
user = "nathan";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
};
};
};
}; };
} }

21
homes/nathan/home-manager/dotfiles/default.nix
View File

@@ -1,12 +1,15 @@
{ config, lib, ... }: { { ... }: {
home.file = { flake.homeModules.nathan = { config, lib, ... }: {
".config/hypr" = lib.mkIf config.homeconfig.hyprland.enable { source = ./hypr; recursive = true; };
".config/hyprpanel" = lib.mkIf config.homeconfig.hyprpanel.enable { source = ./hyprpanel; recursive = true; };
".config/wal/templates" = lib.mkIf config.homeconfig.wal.enable { source = ./wal/templates; recursive = true; };
".config/ohmyposh" = { source = ./ohmyposh; recursive = true; };
".config/quickshell" = lib.mkIf config.homeconfig.quickshell.enable { source = ./quickshell; recursive = true; };
"Pictures/Wallpaper" = lib.mkIf config.homeconfig.graphical { source = ./Wallpaper; recursive = true; };
};
home.file = {
".config/hypr" = lib.mkIf config.homeconfig.hyprland.enable { source = ./hypr; recursive = true; };
".config/hyprpanel" = lib.mkIf config.homeconfig.hyprpanel.enable { source = ./hyprpanel; recursive = true; };
".config/wal/templates" = lib.mkIf config.homeconfig.wal.enable { source = ./wal/templates; recursive = true; };
".config/ohmyposh" = { source = ./ohmyposh; recursive = true; };
".config/quickshell" = lib.mkIf config.homeconfig.quickshell.enable { source = ./quickshell; recursive = true; };
"Pictures/Wallpaper" = lib.mkIf config.homeconfig.graphical { source = ./Wallpaper; recursive = true; };
};
};
} }

6
homes/nathan/home-manager/dotfiles/hypr/main.conf
View File

@@ -48,7 +48,7 @@ general {
col.active_border = $color1 $color5 100deg col.active_border = $color1 $color5 100deg
col.inactive_border = $color0 col.inactive_border = $color0
layout = master layout = dwindle
} }
decoration { # See https://wiki.hyprland.org/Configuring/Variables/ for more decoration { # See https://wiki.hyprland.org/Configuring/Variables/ for more
@@ -93,6 +93,10 @@ master {
new_status = "master" new_status = "master"
} }
scrolling {
direction = "right"
}
misc { misc {
disable_hyprland_logo = false disable_hyprland_logo = false
disable_splash_rendering = true disable_splash_rendering = true

126
homes/nathan/home-manager/packages/default.nix
View File

@@ -1,23 +1,21 @@
{ config, lib, pkgs, inputs, ... }: let { inputs, ... }: {
system = "x86_64-linux";
flake.homeModules.nathan = { config, lib, pkgs, ... }: let
system = pkgs.stdenv.hostPlatform;
pkgs-us = import inputs.nixpkgs-us { pkgs-us = import inputs.nixpkgs-us {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
in { in {
imports = [ options.homeconfig.minimal = with lib; options.mkOption {
./scripts type = with types; bool;
]; default = false;
};
options.homeconfig.minimal = with lib; options.mkOption { config = with lib; mkMerge [
type = with types; bool;
default = false;
};
config = with lib; mkMerge [
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
@@ -49,71 +47,73 @@
} }
(mkIf config.homeconfig.graphical { (mkIf config.homeconfig.graphical {
home.packages = with pkgs; [ home.packages = with pkgs; [
grim grim
slurp slurp
xfce.thunar xfce.thunar
wl-clipboard wl-clipboard
blueberry blueberry
]; ];
}) })
(mkIf (!config.homeconfig.minimal) { (mkIf (!config.homeconfig.minimal) {
home.packages = with pkgs; [ home.packages = with pkgs; [
cava cava
android-tools android-tools
neovim-remote neovim-remote
zulu zulu
fastfetch fastfetch
ncmpcpp ncmpcpp
playerctl playerctl
mpc mpc
ffmpeg ffmpeg
]; ];
}) })
(mkIf (!config.homeconfig.minimal && config.homeconfig.graphical) { (mkIf (!config.homeconfig.minimal && config.homeconfig.graphical) {
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
handbrake
quickemu
bottles
pkgs-us.runapp handbrake
brightnessctl quickemu
libdbusmenu-gtk3 bottles
lmms
pkgs-us.runapp
brightnessctl
libdbusmenu-gtk3
lmms
#unfree { #unfree {
geogebra geogebra
spotify spotify
discord discord
#} #}
rustdesk-flutter rustdesk-flutter
mpv mpv
vlc vlc
pavucontrol pavucontrol
rpi-imager rpi-imager
tigervnc tigervnc
keepassxc keepassxc
localsend
#3D modeling/printing #3D modeling/printing
blender blender
freecad-wayland freecad-wayland
cura-appimage cura-appimage
#productivity #productivity
libreoffice libreoffice
#games #games
prismlauncher prismlauncher
]; ];
}) })
]; ];
};
} }

251
homes/nathan/home-manager/packages/scripts/default.nix
View File

@@ -1,135 +1,138 @@
{ config, lib, pkgs, inputs, ... }: let { inputs, ... }: {
system = "x86_64-linux"; flake.homeModules.nathan = { config, lib, pkgs, ... }: let
system = "x86_64-linux";
pkgs-us = import inputs.nixpkgs-us { pkgs-us = import inputs.nixpkgs-us {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
in { in {
options = { options = {
homeconfig.scripts.enable = lib.options.mkOption { homeconfig.scripts.enable = lib.options.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
};
}; };
config = lib.mkMerge [
(lib.mkIf (config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
${pkgs-us.runapp}/bin/runapp ''$@
#uwsm app -- ''$@
'')
];
})
(lib.mkIf (!config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
eval "''$@"
'')
];
})
(lib.mkIf config.homeconfig.scripts.enable {
home.packages = [
#scripts
(pkgs.writeShellScriptBin "randWallpaper" ''
file=''$(ls ${config.home.homeDirectory}/Pictures/Wallpaper/ | shuf -n 1)
setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/''$file
'')
(pkgs.writeShellScriptBin "setWallpaper" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
img=''$(realpath "''${1:-$(find ~/Pictures/Wallpaper/* | rofi -dmenu)}")
n=''$(basename "''$img")
ext="''${n''\#''\#*.}"
out=''${3:-/dev/null}
if [[ ''$ext == "gif" || ''$ext == "mp4" ]]; then
yes | ${pkgs.ffmpeg}/bin/ffmpeg -i "''$img" -vframes 1 /tmp/nathan/tmp.jpg >> ''$out
cp /tmp/nathan/tmp.jpg /tmp/nathan/tmp2.jpg
pidof mpvpaper && pkill mpvpaper
${pkgs.swww}/bin/swww img /tmp/nathan/tmp.jpg -t wipe >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp2.jpg >> ''$out
sleep 0.3
hyprctl dispatch exec "${pkgs.mpvpaper}/bin/mpvpaper ALL ''$img -o loop"
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp.jpg >> ''$out
rm /tmp/nathan/tmp2.jpg
else
pidof mpvpaper && pkill mpvpaper
hyprctl dispatch exec "${pkgs.swww}/bin/swww img ''$img -t wipe" >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw "''$img" >> ''$out
fi
changeColors "''$img" "''$2" >> ''$out
'')
(pkgs.writeShellScriptBin "changeColors" ''
img=''$(realpath "''$1")
alpha=''${2:-70}
if [[ ''$alpha -lt 0 ]]; then
alpha=0
elif [[ ''$alpha -gt 100 ]]; then
alpha=100
fi
if [[ -f ~/.config/wal/colorschemes/dark/''$(basename "''$img")-''$alpha.json ]]; then
${pkgs.pywal16}/bin/wal -n -f "''$(basename "''$img")-''$alpha"
else
${pkgs.pywal16}/bin/wal -n -i "''$img" -a "''$alpha" --cols16 -p "''$(basename "''$img")-''$alpha"
fi
colorPrefix
'')
(pkgs.writeShellScriptBin "colorPrefix" ''
pidof firefox > /dev/null && ${pkgs.pywalfox-native}/bin/pywalfox update &
pidof kitty > /dev/null && pkill -USR1 kitty
pidof cava > /dev/null && pkill -USR1 cava
for i in ''$(ls /run/user/1000 | grep nvim); do
${pkgs.neovim-remote}/bin/nvr -s --servername /run/user/1000/''$i --remote-send '<cmd>colorscheme pywal<CR>';
done
eval "''$@"
'')
(pkgs.writeShellScriptBin "onSystemStart" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then
rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid
fi
hyprctl --batch "\
dispatch exec ${pkgs.swww}/bin/swww-daemon ;\
dispatch exec setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ;\
dispatch exec ${pkgs.pyprland}/bin/pypr ;\
dispatch exec ${pkgs.netbird-ui}/bin/netbird-ui ;\
dispatch exec ${pkgs.hyprpolkitagent}/libexec/hyprpolkitagent ;\
setcursor Bibata-Modern-Classic 16"
sleep 3
hyprctl reload
hyprctl dispatch exec ${pkgs.pyprland}/bin/pypr toggle calendar
#tmux new-session -s hyprland
'')
];
})
];
}; };
config = lib.mkMerge [
(lib.mkIf (config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
${pkgs-us.runapp}/bin/runapp ''$@
#uwsm app -- ''$@
'')
];
})
(lib.mkIf (!config.homeconfig.hyprland.enable && config.homeconfig.scripts.enable) {
home.packages = [
(pkgs.writeShellScriptBin "hyprrun" ''
eval "''$@"
'')
];
})
(lib.mkIf config.homeconfig.scripts.enable {
home.packages = [
#scripts
(pkgs.writeShellScriptBin "randWallpaper" ''
file=''$(ls ${config.home.homeDirectory}/Pictures/Wallpaper/ | shuf -n 1)
setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/''$file
'')
(pkgs.writeShellScriptBin "setWallpaper" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
img=''$(realpath "''${1:-$(find ~/Pictures/Wallpaper/* | rofi -dmenu)}")
n=''$(basename "''$img")
ext="''${n''\#''\#*.}"
out=''${3:-/dev/null}
if [[ ''$ext == "gif" || ''$ext == "mp4" ]]; then
yes | ${pkgs.ffmpeg}/bin/ffmpeg -i "''$img" -vframes 1 /tmp/nathan/tmp.jpg >> ''$out
cp /tmp/nathan/tmp.jpg /tmp/nathan/tmp2.jpg
pidof mpvpaper && pkill mpvpaper
${pkgs.swww}/bin/swww img /tmp/nathan/tmp.jpg -t wipe >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp2.jpg >> ''$out
sleep 0.3
hyprctl dispatch exec "${pkgs.mpvpaper}/bin/mpvpaper ALL ''$img -o loop"
${pkgs.hyprpanel}/bin/hyprpanel sw /tmp/nathan/tmp.jpg >> ''$out
rm /tmp/nathan/tmp2.jpg
else
pidof mpvpaper && pkill mpvpaper
hyprctl dispatch exec "${pkgs.swww}/bin/swww img ''$img -t wipe" >> ''$out
${pkgs.hyprpanel}/bin/hyprpanel sw "''$img" >> ''$out
fi
changeColors "''$img" "''$2" >> ''$out
'')
(pkgs.writeShellScriptBin "changeColors" ''
img=''$(realpath "''$1")
alpha=''${2:-70}
if [[ ''$alpha -lt 0 ]]; then
alpha=0
elif [[ ''$alpha -gt 100 ]]; then
alpha=100
fi
if [[ -f ~/.config/wal/colorschemes/dark/''$(basename "''$img")-''$alpha.json ]]; then
${pkgs.pywal16}/bin/wal -n -f "''$(basename "''$img")-''$alpha"
else
${pkgs.pywal16}/bin/wal -n -i "''$img" -a "''$alpha" --cols16 -p "''$(basename "''$img")-''$alpha"
fi
colorPrefix
'')
(pkgs.writeShellScriptBin "colorPrefix" ''
pidof firefox > /dev/null && ${pkgs.pywalfox-native}/bin/pywalfox update &
pidof kitty > /dev/null && pkill -USR1 kitty
pidof cava > /dev/null && pkill -USR1 cava
for i in ''$(ls /run/user/1000 | grep nvim); do
${pkgs.neovim-remote}/bin/nvr -s --servername /run/user/1000/''$i --remote-send '<cmd>colorscheme pywal<CR>';
done
eval "''$@"
'')
(pkgs.writeShellScriptBin "onSystemStart" ''
if [[ ! -d /tmp/nathan ]]; then
mkdir /tmp/nathan
fi
if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then
rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid
fi
hyprctl --batch "\
dispatch exec ${pkgs.swww}/bin/swww-daemon ;\
dispatch exec setWallpaper ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ;\
dispatch exec ${pkgs.pyprland}/bin/pypr ;\
dispatch exec ${pkgs.netbird-ui}/bin/netbird-ui ;\
dispatch exec ${pkgs.hyprpolkitagent}/libexec/hyprpolkitagent ;\
setcursor Bibata-Modern-Classic 16"
sleep 3
hyprctl reload
hyprctl dispatch exec ${pkgs.pyprland}/bin/pypr toggle calendar
#tmux new-session -s hyprland
'')
];
})
];
} }

21
homes/nathan/home-manager/programs/aurora/default.nix Normal file
View File

@@ -0,0 +1,21 @@
{ inputs, ... }: {
flake.homeModules.nathan = { config, lib, ... }: {
imports = [
inputs.aurora.homeModules.default
];
options.homeconfig.aurora.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf config.homeconfig.aurora.enable {
programs.aurora = {
enable = true;
};
};
};
}

23
homes/nathan/home-manager/programs/calcurse/default.nix
View File

@@ -1,14 +1,17 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.homeconfig.calcurse.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.calcurse.enable { options.homeconfig.calcurse.enable = lib.options.mkOption {
home.packages = with pkgs; [ type = lib.types.bool;
calcurse default = false;
libnotify };
];
config = lib.mkIf config.homeconfig.calcurse.enable {
home.packages = with pkgs; [
calcurse
libnotify
];
};
}; };
} }

21
homes/nathan/home-manager/programs/default.nix
View File

@@ -1,19 +1,14 @@
{ config, lib, pkgs, inputs, ... }: { { inputs, ... }: {
imports = let flake.homeModules.nathan = { config, lib, pkgs, ... }: {
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
config = {
config = { home.packages = lib.mkIf (!config.homeconfig.wal.enable) [
inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.default
];
home.packages = lib.mkIf (!config.homeconfig.wal.enable) [ home.sessionVariables.EDITOR = "nvim";
inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.default };
];
home.sessionVariables.EDITOR = "nvim";
}; };
} }

79
homes/nathan/home-manager/programs/firefox/default.nix
View File

@@ -1,59 +1,62 @@
{ config, lib, pkgs, inputs, ... }: { { inputs, ... }: {
options.homeconfig.firefox.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.firefox.enable { options.homeconfig.firefox.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
home.sessionVariables.BROWSER = "${config.programs.firefox.package}/bin/firefox"; config = lib.mkIf config.homeconfig.firefox.enable {
home.packages = lib.mkIf config.homeconfig.wal.enable [ home.sessionVariables.BROWSER = "${config.programs.firefox.package}/bin/firefox";
pkgs.pywalfox-native
];
home.file.".mozilla/native-messaging-hosts/pywalfox.json".text = let home.packages = lib.mkIf config.homeconfig.wal.enable [
pywalfox-wrapper = pkgs.writeShellScriptBin "pywalfox-wrapper" '' pkgs.pywalfox-native
];
home.file.".mozilla/native-messaging-hosts/pywalfox.json".text = let
pywalfox-wrapper = pkgs.writeShellScriptBin "pywalfox-wrapper" ''
${pkgs.pywalfox-native}/bin/pywalfox start ${pkgs.pywalfox-native}/bin/pywalfox start
''; '';
in lib.replaceStrings [ "<path>" ] [ in lib.replaceStrings [ "<path>" ] [
"${pywalfox-wrapper}/bin/pywalfox-wrapper" "${pywalfox-wrapper}/bin/pywalfox-wrapper"
] (lib.readFile "${pkgs.pywalfox-native}/lib/python3.13/site-packages/pywalfox/assets/manifest.json"); ] (lib.readFile "${pkgs.pywalfox-native}/lib/python3.13/site-packages/pywalfox/assets/manifest.json");
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = pkgs.firefox; package = pkgs.firefox;
profiles.nathan = { profiles.nathan = {
search = { search = {
default = "ddg"; default = "ddg";
privateDefault = "ddg"; privateDefault = "ddg";
force = true; force = true;
}; };
bookmarks = { bookmarks = {
force = true; force = true;
settings = [ settings = [
{ {
name = "toolbar"; name = "toolbar";
toolbar = true; toolbar = true;
bookmarks = [ bookmarks = [
{ {
name = "NixOS Search - Packages"; name = "NixOS Search - Packages";
url = "https://search.nixos.org/packages"; url = "https://search.nixos.org/packages";
} }
]; ];
} }
];
};
extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
ublock-origin
keepassxc-browser
pywalfox
]; ];
}; };
extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
ublock-origin
keepassxc-browser
pywalfox
];
}; };
}; };
}; };

71
homes/nathan/home-manager/programs/git/default.nix
View File

@@ -1,44 +1,47 @@
{ config, lib, ... }: { { ... }: {
options.homeconfig.git.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.git.enable { options.homeconfig.git.enable = lib.options.mkOption {
type = lib.types.bool;
sops = { default = false;
secrets = {
"git/username" = {};
"git/email" = {};
};
templates.gitconfig.content = ''
[user]
name = "${config.sops.placeholder."git/username"}"
email = "${config.sops.placeholder."git/email"}"
'';
}; };
programs.git = {
enable = true;
includes = [ config = lib.mkIf config.homeconfig.git.enable {
{ path = "${config.sops.templates.gitconfig.path}"; }
]; sops = {
secrets = {
settings = { "git/username" = {};
init = { "git/email" = {};
defaultBranch = "master";
}; };
safe.directory = "/etc/nixos"; templates.gitconfig.content = ''
[user]
name = "${config.sops.placeholder."git/username"}"
email = "${config.sops.placeholder."git/email"}"
'';
};
url = { programs.git = {
"ssh://gitea@gitea.esotericbytes.com/" = { enable = true;
insteadOf = [
"server:" includes = [
]; { path = "${config.sops.templates.gitconfig.path}"; }
];
settings = {
init = {
defaultBranch = "master";
};
safe.directory = "/etc/nixos";
url = {
"ssh://gitea@gitea.esotericbytes.com/" = {
insteadOf = [
"server:"
];
};
}; };
}; };
}; };

75
homes/nathan/home-manager/programs/hyprland/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.homeconfig.hyprland.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.hyprland.enable { options.homeconfig.hyprland.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
home.sessionVariables.NIX_OZONE_WL = "1"; config = lib.mkIf config.homeconfig.hyprland.enable {
programs.kitty.enable = lib.mkDefault true; home.sessionVariables.NIX_OZONE_WL = "1";
home.packages = with pkgs; [ programs.kitty.enable = lib.mkDefault true;
pyprland
];
home.activation.extraHyprFile = lib.hm.dag.entryAfter ["writeBoundary"] '' home.packages = with pkgs; [
if [[ ! -f ${config.home.homeDirectory}/.config/hypr/otf.conf ]]; then pyprland
touch ${config.home.homeDirectory}/.config/hypr/otf.conf ];
fi
if [[ ! -f ${config.home.homeDirectory}/.config/background ]]; then home.activation.extraHyprFile = lib.hm.dag.entryAfter ["writeBoundary"] ''
cp ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ${config.home.homeDirectory}/.config/background if [[ ! -f ${config.home.homeDirectory}/.config/hypr/otf.conf ]]; then
chmod 600 ${config.home.homeDirectory}/.config/background touch ${config.home.homeDirectory}/.config/hypr/otf.conf
fi fi
'';
if [[ ! -f ${config.home.homeDirectory}/.config/background ]]; then
cp ${config.home.homeDirectory}/Pictures/Wallpaper/bluescape.jpg ${config.home.homeDirectory}/.config/background
chmod 600 ${config.home.homeDirectory}/.config/background
fi
'';
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
systemd = {
enable = false;
variables = [ "--all" ];
};
extraConfig = (if config.homeconfig.hyprpanel.enable then ''
bind = , Print, exec, bash -c ${pkgs.hyprpanel}/share/scripts/screenshot.sh"
'' else ''
bind = , Print, exec, grim -g "$(slurp)"
'') + ''
source = ${config.home.homeDirectory}/.config/hypr/main.conf
exec-shutdown = if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid; fi
'';
systemd = {
enable = false;
variables = [ "--all" ];
}; };
extraConfig = (if config.homeconfig.hyprpanel.enable then ''
bind = , Print, exec, bash -c ${pkgs.hyprpanel}/share/scripts/screenshot.sh"
'' else ''
bind = , Print, exec, grim -g "$(slurp)"
'') + ''
source = ${config.home.homeDirectory}/.config/hypr/main.conf
exec-shutdown = if [[ -f ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid ]]; then rm ${config.home.homeDirectory}/.local/share/calcurse/.calcurse.pid; fi
'';
}; };
}; };
} }

85
homes/nathan/home-manager/programs/hyprlock/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.homeconfig.hyprlock.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.hyprlock.enable { options.homeconfig.hyprlock.enable = lib.options.mkOption {
type = lib.types.bool;
programs.hyprlock = { default = false;
enable = true;
}; };
services.hypridle = { config = lib.mkIf config.homeconfig.hyprlock.enable {
enable = true;
settings = { programs.hyprlock = {
enable = true;
};
general = { services.hypridle = {
lock_cmd = "pidof hyprlock || hyprlock"; # avoid starting multiple hyprlock instances. enable = true;
before_sleep_cmd = "loginctl lock-session"; # lock before suspend.
after_sleep_cmd = "hyprctl --instance 0 dispatch dpms on"; # to avoid having to press a key twice to turn on the display. settings = {
general = {
lock_cmd = "pidof hyprlock || hyprlock"; # avoid starting multiple hyprlock instances.
before_sleep_cmd = "loginctl lock-session"; # lock before suspend.
after_sleep_cmd = "hyprctl --instance 0 dispatch dpms on"; # to avoid having to press a key twice to turn on the display.
};
listener = [
{
timeout = 150; # 2.5min.
on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
on-resume = "brightnessctl -r"; # monitor backlight restore.
}
{
timeout = 300; # 5min
on-timeout = "loginctl lock-session"; # lock screen when timeout has passed
}
{
timeout = 330; # 5.5min
on-timeout = "hyprctl --instance 0 dispatch dpms off"; # screen off when timeout has passed
on-resume = "hyprctl --instance 0 dispatch dpms on && brightnessctl -r"; # screen on when activity is detected after timeout has fired.
}
{
timeout = 1800; # 30min
on-timeout = "systemctl suspend"; # suspend pc
}
];
}; };
listener = [
{
timeout = 150; # 2.5min.
on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
on-resume = "brightnessctl -r"; # monitor backlight restore.
}
{
timeout = 300; # 5min
on-timeout = "loginctl lock-session"; # lock screen when timeout has passed
}
{
timeout = 330; # 5.5min
on-timeout = "hyprctl --instance 0 dispatch dpms off"; # screen off when timeout has passed
on-resume = "hyprctl --instance 0 dispatch dpms on && brightnessctl -r"; # screen on when activity is detected after timeout has fired.
}
{
timeout = 1800; # 30min
on-timeout = "systemctl suspend"; # suspend pc
}
];
}; };
}; };
}; };

21
homes/nathan/home-manager/programs/hyprpanel/default.nix
View File

@@ -1,14 +1,17 @@
{ config, lib, ... }: { { ... }: {
options.homeconfig.hyprpanel.enable = with lib; mkOption { flake.homeModules.nathan = { config, lib, ... }: {
type = with types; bool;
default = false;
};
config = lib.mkIf config.homeconfig.hyprpanel.enable { options.homeconfig.hyprpanel.enable = with lib; mkOption {
type = with types; bool;
programs.hyprpanel = { default = false;
enable = true; };
config = lib.mkIf config.homeconfig.hyprpanel.enable {
programs.hyprpanel = {
enable = true;
};
}; };
}; };
} }

31
homes/nathan/home-manager/programs/nh/default.nix
View File

@@ -1,21 +1,24 @@
{ config, lib, inputs, ... }: { { inputs, ... }: {
options.homeconfig.nh.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.nh.enable { options.homeconfig.nh.enable = lib.options.mkOption {
type = lib.types.bool;
programs.nh = { default = false;
enable = true; };
package = let pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux"; }; in pkgs-us.nh;
#flake = "${config.home.homeDirectory}/Projects/Olympus";
clean = { config = lib.mkIf config.homeconfig.nh.enable {
programs.nh = {
enable = true; enable = true;
dates = "weekly"; package = let pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux"; }; in pkgs-us.nh;
extraArgs = "--keep 5 --keep-since 5d"; #flake = "${config.home.homeDirectory}/Projects/Olympus";
clean = {
enable = true;
dates = "weekly";
extraArgs = "--keep 5 --keep-since 5d";
};
}; };
}; };
}; };

27
homes/nathan/home-manager/programs/pywal/default.nix
View File

@@ -1,19 +1,22 @@
{ config, lib, pkgs, inputs, ... }: { { inputs, ... }: {
options.homeconfig.wal.enable = lib.options.mkOption { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.wal.enable { options.homeconfig.wal.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
home.packages = with pkgs; [ config = lib.mkIf config.homeconfig.wal.enable {
inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.pywal
pywal16 home.packages = with pkgs; [
imagemagick inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.pywal
];
pywal16
imagemagick
];
};
}; };
} }

37
homes/nathan/home-manager/programs/quickshell/default.nix
View File

@@ -1,26 +1,29 @@
{ config, lib, ... }: { { ... }: {
options.homeconfig.quickshell.enable = with lib; mkOption { flake.homeModules.nathan = { config, lib, ... }: {
type = with types; bool;
default = false;
};
config = lib.mkIf config.homeconfig.quickshell.enable { options.homeconfig.quickshell.enable = with lib; mkOption {
type = with types; bool;
programs.quickshell = { default = false;
enable = true; };
configs = { config = lib.mkIf config.homeconfig.quickshell.enable {
default = config.homeDirectory + "/${config.home.file.".config/quickshell".target}"; programs.quickshell = {
};
systemd = {
enable = true; enable = true;
target = lib.mkIf config.homeconfig.hyprland.enable "wayland-session@Hyprland.target";
};
activeConfig = "default"; configs = {
default = config.homeDirectory + "/${config.home.file.".config/quickshell".target}";
};
systemd = {
enable = true;
target = lib.mkIf config.homeconfig.hyprland.enable "wayland-session@Hyprland.target";
};
activeConfig = "default";
};
}; };
}; };
} }

27
homes/nathan/home-manager/programs/rofi/default.nix
View File

@@ -1,19 +1,22 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.homeconfig.rofi.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.homeconfig.rofi.enable { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
programs.rofi = {
enable = true; options.homeconfig.rofi.enable = lib.options.mkOption {
package = pkgs.rofi; type = lib.types.bool;
default = false;
};
cycle = true; config = lib.mkIf config.homeconfig.rofi.enable {
programs.rofi = {
theme = "/home/nathan/.cache/wal/colors-rofi-dark.rasi"; enable = true;
package = pkgs.rofi;
cycle = true;
theme = "/home/nathan/.cache/wal/colors-rofi-dark.rasi";
};
}; };
}; };
} }

48
homes/nathan/home-manager/programs/terminal/bash/default.nix
View File

@@ -1,31 +1,35 @@
{ config, lib, pkgs, ... }: { { ... }: {
home.packages = with pkgs; [ oh-my-posh ]; flake.homeModules.nathan = { config, lib, pkgs, ... }: {
programs.bash = { home.packages = with pkgs; [ oh-my-posh ];
enable = true;
enableCompletion = true;
shellAliases = { programs.bash = {
ls = "eza"; enable = true;
ll = "ls -l"; enableCompletion = true;
ksh = "kitten ssh"; shellAliases = {
ls = "eza";
ll = "ls -l";
vi = "nvim"; ksh = "kitten ssh";
vim = "nvim";
v = "nvim";
vi = "nvim";
vim = "nvim";
};
bashrcExtra = ''
source ${pkgs.blesh}/share/blesh/ble.sh
'';
initExtra = if config.homeconfig.wal.enable then (lib.mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
'') else (lib.mkBefore ''
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)"
'');
}; };
bashrcExtra = ''
source ${pkgs.blesh}/share/blesh/ble.sh
'';
initExtra = if config.homeconfig.wal.enable then (lib.mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
'') else (lib.mkBefore ''
eval "$(oh-my-posh init bash --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)"
'');
}; };
} }

27
homes/nathan/home-manager/programs/terminal/bat/default.nix
View File

@@ -1,18 +1,21 @@
{ config, lib, pkgs, ... }: { { ... }: {
programs.bat = { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enable = true; programs.bat = {
extraPackages = with pkgs.bat-extras; [ enable = true;
batman
batpipe extraPackages = with pkgs.bat-extras; [
batgrep batman
batdiff batpipe
batwatch batgrep
prettybat batdiff
]; batwatch
prettybat
];
}; };
};
} }

17
homes/nathan/home-manager/programs/terminal/default.nix
View File

@@ -1,17 +0,0 @@
{ ... }: {
imports = [
./bat
./bash
./eza
./fzf
./lf
./tmux
./kitty
./zoxide
./zsh
./ssh
./ohmyposh
./opencode
];
}

23
homes/nathan/home-manager/programs/terminal/eza/default.nix
View File

@@ -1,17 +1,20 @@
{ config, lib, pkgs, ... }: { { ... }: {
programs.eza = { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enable = true; programs.eza = {
enableZshIntegration = true; enable = true;
extraOptions = [ enableZshIntegration = true;
"--color=auto"
];
git = true; extraOptions = [
"--color=auto"
];
icons = "auto"; git = true;
};
icons = "auto";
};
};
} }

21
homes/nathan/home-manager/programs/terminal/fzf/default.nix
View File

@@ -1,15 +1,18 @@
{ config, lib, pkgs, ... }: { { ... }: {
programs.fzf = { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enable = true;
enableZshIntegration = true; programs.fzf = {
tmux = { enable = true;
#enableShellIntegration = true;
#shellIntegrationOptions = []; enableZshIntegration = true;
tmux = {
#enableShellIntegration = true;
#shellIntegrationOptions = [];
};
};
}; };
};
} }

61
homes/nathan/home-manager/programs/terminal/kitty/default.nix
View File

@@ -1,33 +1,36 @@
{ config, ... }: { { ... }: {
programs.kitty = {
enable = true;
font = { flake.homeModules.nathan = { config, ... }: {
name = "FiraCode Nerd Font";
size = 12; programs.kitty = {
enable = true;
font = {
name = "FiraCode Nerd Font";
size = 12;
};
extraConfig = ''
confirm_os_window_close 0
include ${config.home.homeDirectory}/.cache/wal/colors-kitty.conf
disable_ligatures never
dynamic_background_opacity yes
tab_bar_edge top
map ctrl+shift+t new_tab
map ctrl+shift+w close_tab
map ctrl+tab next_tab
map ctrl+shift+tab previous_tab
'';
};
}; };
extraConfig = ''
confirm_os_window_close 0
include ${config.home.homeDirectory}/.cache/wal/colors-kitty.conf
disable_ligatures never
dynamic_background_opacity yes
tab_bar_edge top
map ctrl+shift+t new_tab
map ctrl+shift+w close_tab
map ctrl+tab next_tab
map ctrl+shift+tab previous_tab
'';
};
} }

9
homes/nathan/home-manager/programs/terminal/lf/default.nix
View File

@@ -1,7 +1,10 @@
{ ... }: { { ... }: {
config = {
programs.lf = { flake.homeModules.nathan = { ... }: {
enable = true; config = {
programs.lf = {
enable = true;
};
}; };
}; };
} }

229
homes/nathan/home-manager/programs/terminal/ohmyposh/default.nix
View File

@@ -1,136 +1,139 @@
{ config, lib, pkgs, ... }: { { ... }: {
home.packages = with pkgs; [ flake.homeModules.nathan = { config, lib, pkgs, ... }: {
oh-my-posh
];
programs.zsh = {
initContent = with lib; mkMerge [
(mkIf config.homeconfig.wal.enable (mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
''))
(mkIf (!config.homeconfig.wal.enable) (mkBefore '' home.packages = with pkgs; [
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)" oh-my-posh
'')) ];
];
}; programs.zsh = {
home.file.".config/wal/templates/ohmyposh.toml".text = '' initContent = with lib; mkMerge [
(mkIf config.homeconfig.wal.enable (mkBefore ''
cat ${config.home.homeDirectory}/.cache/wal/sequences
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.cache/wal/ohmyposh.toml)"
''))
(mkIf (!config.homeconfig.wal.enable) (mkBefore ''
eval "$(oh-my-posh init zsh --config ${config.home.homeDirectory}/.config/ohmyposh/ohmyposh.toml)"
''))
];
};
home.file.".config/wal/templates/ohmyposh.toml".text = ''
#:schema https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json #:schema https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json
version = 2 version = 2
final_space = true final_space = true
console_title_template = '{{{{ .Shell }}}} in {{{{ .Folder }}}}' console_title_template = '{{{{ .Shell }}}} in {{{{ .Folder }}}}'
[[blocks]] [[blocks]]
type = 'prompt' type = 'prompt'
alignment = 'left' alignment = 'left'
newline = true newline = true
[[blocks.segments]] [[blocks.segments]]
type = 'os' type = 'os'
style = 'diamond' style = 'diamond'
trailing_diamond = '' trailing_diamond = ''
background = 'p:c1' background = 'p:c1'
foreground = 'p:c12' foreground = 'p:c12'
template = ' {{{{ .Icon }}}} ' template = ' {{{{ .Icon }}}} '
[[blocks.segments]] [[blocks.segments]]
type = 'session' type = 'session'
style = 'diamond' style = 'diamond'
trailing_diamond = '' trailing_diamond = ''
background = 'p:c2' background = 'p:c2'
foreground = 'p:c14' foreground = 'p:c14'
template = '{{{{ .UserName }}}}@{{{{ .HostName }}}}' template = '{{{{ .UserName }}}}@{{{{ .HostName }}}}'
[[blocks.segments]] [[blocks.segments]]
type = 'path' type = 'path'
style = 'diamond' style = 'diamond'
trailing_diamond = '' trailing_diamond = ''
background = 'p:c4' background = 'p:c4'
foreground = 'p:c13' foreground = 'p:c13'
template = '{{{{ .Path }}}}' template = '{{{{ .Path }}}}'
[blocks.segments.properties] [blocks.segments.properties]
style = 'full' style = 'full'
[[blocks]] [[blocks]]
type = 'prompt' type = 'prompt'
overflow = 'hidden' overflow = 'hidden'
alignment = 'right' alignment = 'right'
[[blocks.segments]] [[blocks.segments]]
type = 'executiontime' type = 'executiontime'
style = 'diamond' style = 'diamond'
leading_diamond = '' leading_diamond = ''
background = 'p:c4' background = 'p:c4'
foreground = 'p:c13' foreground = 'p:c13'
template = '{{{{ .FormattedMs }}}}' template = '{{{{ .FormattedMs }}}}'
[[blocks.segments]] [[blocks.segments]]
type = 'time' type = 'time'
style = 'diamond' style = 'diamond'
leading_diamond = '' leading_diamond = ''
background = 'p:c2' background = 'p:c2'
foreground = 'p:c14' foreground = 'p:c14'
[[blocks.segments]] [[blocks.segments]]
type = 'shell' type = 'shell'
style = 'diamond' style = 'diamond'
leading_diamond = '' leading_diamond = ''
background = 'p:c1' background = 'p:c1'
foreground = 'p:c12' foreground = 'p:c12'
[[blocks]] [[blocks]]
type = 'prompt' type = 'prompt'
alignment = 'left' alignment = 'left'
newline = true newline = true
[[blocks.segments]] [[blocks.segments]]
type = 'text' type = 'text'
style = 'plain' style = 'plain'
background = 'transparent' background = 'transparent'
foreground_templates = [ foreground_templates = [
"{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}", "{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}",
"{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}", "{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}",
] ]
template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}" template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}"
[transient_prompt] [transient_prompt]
foreground_templates = [ foreground_templates = [
"{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}", "{{{{ if gt .Code 0 }}}}p:c13{{{{end}}}}",
"{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}", "{{{{ if eq .Code 0 }}}}p:c14{{{{end}}}}",
] ]
background = 'transparent' background = 'transparent'
template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}" template = "{{{{ if gt .Code 0 }}}}! {{{{else}}}} {{{{end}}}}"
[secondary_prompt] [secondary_prompt]
background = 'transparent' background = 'transparent'
forground = 'p:c14' forground = 'p:c14'
template = " " template = " "
[palette] [palette]
c0 = "{color0}" c0 = "{color0}"
c1 = "{color1}" c1 = "{color1}"
c2 = "{color2}" c2 = "{color2}"
c3 = "{color3}" c3 = "{color3}"
c4 = "{color4}" c4 = "{color4}"
c5 = "{color5}" c5 = "{color5}"
c6 = "{color6}" c6 = "{color6}"
c7 = "{color7}" c7 = "{color7}"
c8 = "{color8}" c8 = "{color8}"
c9 = "{color9}" c9 = "{color9}"
c10 = "{color10}" c10 = "{color10}"
c11 = "{color11}" c11 = "{color11}"
c12 = "{color12}" c12 = "{color12}"
c13 = "{color13}" c13 = "{color13}"
c14 = "{color14}" c14 = "{color14}"
c15 = "{color15}" c15 = "{color15}"
''; '';
};
} }

63
homes/nathan/home-manager/programs/terminal/opencode/default.nix
View File

@@ -1,48 +1,51 @@
{ config, lib, ... }: { { ... }: {
options.homeconfig.opencode.enable = with lib; mkOption { flake.homeModules.nathan = { config, lib, ... }: {
type = with types; bool;
default = true;
};
config = lib.mkIf config.homeconfig.opencode.enable { options.homeconfig.opencode.enable = with lib; mkOption {
type = with types; bool;
default = true;
};
programs.opencode = { config = lib.mkIf config.homeconfig.opencode.enable {
enable = true;
settings = { programs.opencode = {
theme = "system"; enable = true;
model = "ollama-remote/qwen3:8b";
provider = { settings = {
ollama-local = { theme = "system";
name = "Ollama (local)"; model = "ollama-remote/qwen3:8b";
npm = "@ai-sdk/openai-compatible"; provider = {
ollama-local = {
name = "Ollama (local)";
options.baseURL = "http://localhost:11434/v1"; npm = "@ai-sdk/openai-compatible";
options.baseURL = "http://localhost:11434/v1";
models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
};
models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
}; };
}; ollama-remote = {
name = "Ollama (remote)";
ollama-remote = { npm = "@ai-sdk/openai-compatible";
name = "Ollama (remote)";
npm = "@ai-sdk/openai-compatible"; options.baseURL = "https://ollama.esotericbytes.com/v1";
options.baseURL = "https://ollama.esotericbytes.com/v1"; models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
};
models = {
"ministral-3:8b".name = "Ministral 3 8B";
"llama3.2".name = "Llama 3.2";
"qwen3:8b".name = "Qwen 3";
}; };
}; };
}; };
}; };

9
homes/nathan/home-manager/programs/terminal/ripgrep/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{ ... }: {
flake.homeModules.nathan = { ... }: {
programs.ripgrep = {
enable = true;
};
};
}

39
homes/nathan/home-manager/programs/terminal/ssh/default.nix
View File

@@ -1,24 +1,27 @@
{ ... }: { { ... }: {
programs.ssh = { flake.homeModules.nathan = { ... }: {
enable = true; programs.ssh = {
# defaults as of 25.11 enable = true;
matchBlocks."*" = {
forwardAgent = false; # defaults as of 25.11
addKeysToAgent = "no"; matchBlocks."*" = {
compression = false; forwardAgent = false;
serverAliveInterval = 0; addKeysToAgent = "no";
serverAliveCountMax = 3; compression = false;
hashKnownHosts = false; serverAliveInterval = 0;
userKnownHostsFile = "~/.ssh/known_hosts"; serverAliveCountMax = 3;
controlMaster = "no"; hashKnownHosts = false;
controlPath = "~/.ssh/master-%r@%n:%p"; userKnownHostsFile = "~/.ssh/known_hosts";
controlPersist = "no"; controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
enableDefaultConfig = false;
};
}; };
enableDefaultConfig = false;
};
} }

39
homes/nathan/home-manager/programs/terminal/tmux/default.nix
View File

@@ -1,23 +1,26 @@
{ config, lib, pkgs, ... }: { { ... }: {
programs.tmux = { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
enable = true;
clock24 = true;
mouse = true;
baseIndex = 1;
keyMode = "vi";
prefix = "C-b";
shell = "${pkgs.zsh}/bin/zsh";
};
programs.tmux = {
enable = true;
clock24 = true;
mouse = true;
baseIndex = 1;
keyMode = "vi";
prefix = "C-b";
shell = "${pkgs.zsh}/bin/zsh";
};
};
} }

19
homes/nathan/home-manager/programs/terminal/zoxide/default.nix
View File

@@ -1,13 +1,16 @@
{ config, lib, pkgs, ... }: { { ... }: {
programs.zoxide = { flake.homeModules.nathan = { ... }: {
enable = true; programs.zoxide = {
enableZshIntegration = true; enable = true;
options = [ enableZshIntegration = true;
"--cmd cd"
]; options = [
}; "--cmd cd"
];
};
};
} }

63
homes/nathan/home-manager/programs/terminal/zsh/default.nix
View File

@@ -1,37 +1,40 @@
{ lib, ... }: { { ... }: {
programs.zsh = { flake.homeModules.nathan = { lib, ... }: {
enable = true;
initContent = lib.mkOrder 1200 '' programs.zsh = {
bindkey ' ' magic-space
'';
enableCompletion = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = {
ls = "eza";
ll = "ls -l";
ksh = "kitten ssh"; enable = true;
vi = "nvim"; initContent = lib.mkOrder 1200 ''
vim = "nvim"; bindkey ' ' magic-space
'';
python = "python3.13"; enableCompletion = true;
python3 = "python3.13";
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = {
ls = "eza";
ll = "ls -l";
ksh = "kitten ssh";
vi = "nvim";
vim = "nvim";
python = "python3.13";
python3 = "python3.13";
};
history = {
size = 5000;
ignoreAllDups = true;
ignoreSpace = true;
share = true;
};
};
}; };
history = {
size = 5000;
ignoreAllDups = true;
ignoreSpace = true;
share = true;
};
};
} }

9
homes/nathan/home-manager/services/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
}

65
homes/nathan/home-manager/services/mpd/default.nix
View File

@@ -1,41 +1,44 @@
{ config, lib, pkgs, ... }: { { ... }: {
options = { flake.homeModules.nathan = { config, lib, pkgs, ... }: {
homeconfig.mpd.enable = lib.options.mkOption {
type = lib.types.bool; options = {
default = false; homeconfig.mpd.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
}; };
};
config = lib.mkIf config.homeconfig.mpd.enable { config = lib.mkIf config.homeconfig.mpd.enable {
services.mpd = { services.mpd = {
enable = true; enable = true;
network.startWhenNeeded = true; network.startWhenNeeded = true;
network.port = 6600; network.port = 6600;
network.listenAddress = "127.0.0.1"; network.listenAddress = "127.0.0.1";
musicDirectory = "/home/nathan/Music"; musicDirectory = "/home/nathan/Music";
extraConfig = '' extraConfig = ''
audio_output { audio_output {
type "pipewire" type "pipewire"
name "Audio1" name "Audio1"
} }
audio_output { audio_output {
type "fifo" type "fifo"
name "visualizer" name "visualizer"
path "/tmp/mpd.fifo" path "/tmp/mpd.fifo"
format "44100:16:1" format "44100:16:1"
} }
''; '';
};
services.mpdris2 = {
enable = true;
mpd.host = "127.0.0.1";
mpd.port = 6600;
package = pkgs.mpdris2;
mpd.musicDirectory = "/home/nathan/Music";
notifications = true;
};
}; };
services.mpdris2 = {
enable = true;
mpd.host = "127.0.0.1";
mpd.port = 6600;
package = pkgs.mpdris2;
mpd.musicDirectory = "/home/nathan/Music";
notifications = true;
};
}; };
} }

49
homes/nathan/home.nix
View File

@@ -1,25 +1,38 @@
{ lib, inputs, ... }: { self, inputs, ... }: {
{ flake.homeModules.nathan = { lib, ... }:
config = { {
homeconfig = {
graphical = lib.mkDefault false;
minimal = lib.mkDefault false;
hyprland.enable = false; config = {
}; homeconfig = {
graphical = lib.mkDefault false;
minimal = lib.mkDefault false;
hyprland.enable = lib.mkDefault false;
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders = "ssh://builder x86_64-linux,aarch64-linux /run/secrets/remoteBuildKey 1 1 nixos-test,benchmark,big-parallel,kvm - -";
builders-use-substituters = true;
}; };
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders = "ssh://builder x86_64-linux,aarch64-linux /run/secrets/remoteBuildKey 1 1 nixos-test,benchmark,big-parallel,kvm - -";
builders-use-substitutes = true;
};
};
programs.home-manager.enable = true;
}; };
programs.home-manager.enable = true;
}; };
}
flake.homeConfigurations.nathan = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs {
system = builtins.currentSystem;
};
modules = [
self.homeModules.nathan
];
};
}

1
machines/android

Submodule machines/android deleted from 4ba07466f6

2
machines/homebox

Submodule machines/homebox updated: b2a72f1a24...105eb3477a

2
machines/laptop

Submodule machines/laptop updated: 37e225fad4...740f36e4ee

259
profiles/container/default.nix
View File

@@ -1,157 +1,160 @@
{ config, pkgs, lib, inputs, ... }: { inputs, ... }: {
{ flake.nixosModules.container = { config, pkgs, lib, ... }:
imports =
[
inputs.home-manager.nixosModules.default
];
config = { {
hardware.nvidia.open = true; imports =
[
boot.isContainer = true; inputs.home-manager.nixosModules.default
services = { ];
xserver = {
config = {
hardware.nvidia.open = true;
boot.isContainer = true;
services = {
xserver = {
#enable = true; #enable = true;
videoDrivers = ["nvidia"]; videoDrivers = ["nvidia"];
};
displayManager = {
enable = true;
defaultSession = "plasma";
autoLogin = {
enable = true;
user = "nathan";
}; };
displayManager = {
enable = true;
defaultSession = "plasma";
autoLogin = {
enable = true;
user = "nathan";
};
};
pulseaudio.enable = false;
}; };
pulseaudio.enable = false;
};
systemd.extraConfig = "DefaultLimitNOFILE=2048"; systemd.extraConfig = "DefaultLimitNOFILE=2048";
/* /*
environment.sessionVariables = { environment.sessionVariables = {
WLR_BACKENDS = "headless"; WLR_BACKENDS = "headless";
WLR_LIBINPUT_NO_DEVICES = "1"; WLR_LIBINPUT_NO_DEVICES = "1";
}; };
*/ */
programs.zsh.enable = true; programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ]; environment.shells = with pkgs; [ zsh ];
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
nixpkgs = { nixpkgs = {
config.allowUnfree = true; config.allowUnfree = true;
hostPlatform = "x86_64-linux"; hostPlatform = "x86_64-linux";
}; };
# Set your time zone. # Set your time zone.
time.timeZone = "America/Chicago"; time.timeZone = "America/Chicago";
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = { i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8";
}; };
services.displayManager.sddm.settings.AutoLogin = { services.displayManager.sddm.settings.AutoLogin = {
User = "nathan"; User = "nathan";
Session = "plasmawayland.desktop"; Session = "plasmawayland.desktop";
Relogin = true; Relogin = true;
}; };
networking = { networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ]; nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true; networkmanager.enable = true;
firewall.allowedTCPPorts = [ 80 ]; firewall.allowedTCPPorts = [ 80 ];
}; };
system.stateVersion = "25.05"; # Did you read the comment? system.stateVersion = "25.05"; # Did you read the comment?
users.users."nathan" = { users.users."nathan" = {
isNormalUser = true; isNormalUser = true;
initialPassword = "7567"; initialPassword = "7567";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path; #hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [ extraGroups = [
"wheel" "wheel"
]; # Enable sudo for the user. ]; # Enable sudo for the user.
/*openssh.authorizedKeys.keys = [ /*openssh.authorizedKeys.keys = [
];*/ ];*/
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
}; };
nix = { /*sops = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
settings = { defaultSopsFile = ./secrets.yaml;
experimental-features = [ "nix-command" "flakes" ]; defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
};
};*/
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs;};
users = {
"nathan" = lib.mkMerge [
inputs.nathan-home-manager
{
config.homeconfig = {
minimal = false;
hyprland.enable = false;
wal.enable = false;
hyprpanel.enable = false;
hyprlock.enable = false;
mpd.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
};
}
];
};
}; };
sysconfig = {
opts = {
novnc.enable = true;
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
kdePlasma6.enable = true;
git.enable = true;
nh.enable = true;
netbird.enable = true;
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
/*sops = {
age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
};
};*/
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs;};
users = {
"nathan" = lib.mkMerge [
inputs.nathan-home-manager
{
config.homeconfig = {
minimal = false;
hyprland.enable = false;
wal.enable = false;
hyprpanel.enable = false;
hyprlock.enable = false;
mpd.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
};
}
];
};
};
sysconfig = {
opts = {
novnc.enable = true;
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
kdePlasma6.enable = true;
git.enable = true;
nh.enable = true;
netbird.enable = true;
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
} }

196
profiles/homebox/default.nix
View File

@@ -1,115 +1,117 @@
{ config, pkgs, lib, disko, sops-nix, home-manager, ... }: { inputs, ... }: {
{ flake.nixosModules.homebox = { config, pkgs, lib, ... }:
imports =
[
disko.nixosModules.default
sops-nix.nixosModules.sops
home-manager.nixosModules.default
];
config = { {
imports =
boot = { [
kernelPackages = pkgs.linuxKernel.packages.linux_6_18; inputs.disko.nixosModules.default
loader = {
systemd-boot.enable = true; inputs.sops-nix.nixosModules.sops
efi.canTouchEfiVariables = true;
inputs.home-manager.nixosModules.default
];
config = {
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
}; };
binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
};
systemd.settings.Manager.DefaultLimitNOFILE = 2048; systemd.settings.Manager.DefaultLimitNOFILE = 2048;
programs.zsh.enable = true; programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ]; environment.shells = with pkgs; [ zsh bashInteractive ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking = { networking = {
nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ]; nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ];
networkmanager = { networkmanager = {
enable = true;
dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
nftables = {};
nat = {
enable = true;
internalInterfaces = [ "ve-.+" ];
externalInterface = "wlp7s0"; # wifi
#externalInterface = "enp6s0"; # ethernet
};
};
sysconfig = {
remoteBuildHost = true;
graphical = false;
services = {
sddm.enable = false;
openssh.enable = true;
pipewire.enable = true;
netbird.enable = true;
ollama.enable = false;
wyoming = {
enable = true; enable = true;
piper = true; dns = "none";
openwakeword = true; };
faster-whisper = true; useDHCP = false;
dhcpcd.enable = false;
nftables = {};
nat = {
enable = true;
internalInterfaces = [ "ve-.+" ];
externalInterface = "wlp7s0"; # wifi
#externalInterface = "enp6s0"; # ethernet
}; };
}; };
programs = { sysconfig = {
hyprland.enable = false; remoteBuildHost = true;
hyprpanel.enable = false; graphical = false;
steam.enable = false;
services = {
sddm.enable = false;
openssh.enable = true;
pipewire.enable = true;
netbird.enable = true;
ollama.enable = false;
avahi.enable = true;
wyoming = {
enable = true;
piper = true;
openwakeword = true;
faster-whisper = true;
};
};
programs = {
hyprland.enable = false;
hyprpanel.enable = false;
steam.enable = false;
};
docker = {
enable = true;
portainer.enable = true;
traefik.enable = true;
pihole.enable = true;
authentik.enable = true;
netbird.enable = true;
openwebui.enable = true;
ollama.enable = true;
searxng.enable = true;
home-assistant.enable = true;
n8n.enable = true;
nextcloud.enable = false;
jellyfin.enable = true;
};
containers = {
"esotericbytes.com".enable = true;
gitea.enable = true;
code-server.enable = true;
sandbox.enable = false;
};
virtual-machines = {
enable = true;
};
}; };
docker = { fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
enable = true;
portainer.enable = true;
traefik.enable = true;
pihole.enable = true;
authentik.enable = true;
netbird.enable = true;
openwebui.enable = true;
ollama.enable = true;
searxng.enable = true;
home-assistant.enable = true;
n8n.enable = true;
nextcloud.enable = true;
jellyfin.enable = true;
};
containers = {
"esotericbytes.com".enable = true;
gitea.enable = true;
code-server.enable = true;
minecraft.enable = true;
sandbox.enable = false;
};
virtual-machines = {
enable = true;
};
}; };
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
} }

173
profiles/iso/default.nix
View File

@@ -1,106 +1,109 @@
{ lib, pkgs, inputs, modulesPath, ... }: { { inputs, ... }: {
imports = with inputs; [ flake.nixosModules.iso = { lib, pkgs, modulesPath, ... }: {
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
home-manager.nixosModules.default
]; imports = with inputs; [
config = { (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
fonts.fontconfig.enable = lib.mkForce true; home-manager.nixosModules.default
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ];
system.stateVersion = "25.05";
nixpkgs.hostPlatform = "x86_64-linux"; ];
users.users."nathan" = { config = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
users.users.nixos.enable = lib.mkForce false; fonts.fontconfig.enable = lib.mkForce true;
services.getty.autologinUser = lib.mkForce null; fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ];
networking = { system.stateVersion = "25.05";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
programs.zsh.enable = true; nixpkgs.hostPlatform = "x86_64-linux";
environment.shells = with pkgs; [ zsh bashInteractive ]; users.users."nathan" = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
sysconfig = { users.users.nixos.enable = lib.mkForce false;
host = "iso";
graphical = true; services.getty.autologinUser = lib.mkForce null;
users = {
nathan = { networking = {
extraGroups = [ "wheel" "networkmanager" ]; nameservers = [ "1.1.1.1" "1.0.0.1" ];
shell = pkgs.zsh; networkmanager.enable = true;
sshKeys = [ };
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
]; programs.zsh.enable = true;
home-manager = {
enable = true; environment.shells = with pkgs; [ zsh bashInteractive ];
standalone = false;
extraModules = [ sysconfig = {
{ host = "iso";
homeconfig = { graphical = true;
minimal = false; users = {
hyprland.enable = true; nathan = {
hyprlock.enable = true; extraGroups = [ "wheel" "networkmanager" ];
wal.enable = true; shell = pkgs.zsh;
mpd.enable = true; sshKeys = [
hyprpanel.enable = true; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
rofi.enable = true;
firefox.enable = true;
git.enable = false;
nh.enable = true;
};
}
]; ];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
rofi.enable = true;
firefox.enable = true;
git.enable = false;
nh.enable = true;
};
}
];
};
};
};
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
}; };
}; };
}; };
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
};
};
}; };
}; };
} }

226
profiles/jesstop/default.nix
View File

@@ -1,142 +1,132 @@
{ config, pkgs, lib, inputs, ... }: { inputs, ... }: {
{ flake.nixosModules.jesstop = { config, pkgs, lib, ... }:
imports = [ {
./hardware-configuration.nix
#inputs.home-manager.nixosModules.default imports = [
#inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
];
config = {
nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
hardware = {
graphics.enable = true;
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
]; ];
sysconfig.opts = { config = {
sddm.enable = true;
openssh.enable = false;
steam.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
git.enable = false;
nh.enable = true;
}; nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
hardware = {
graphics.enable = true;
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
];
sysconfig.opts = {
sddm.enable = true;
openssh.enable = false;
steam.enable = true;
pipewire.enable = true;
hyprpanel.enable = false;
hyprland.enable = false;
git.enable = false;
nh.enable = true;
};
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver = { services.xserver = {
enable = true; enable = true;
desktopManager.enlightenment.enable = true; desktopManager.enlightenment.enable = true;
}; };
services.acpid.enable = true; services.acpid.enable = true;
services.displayManager.enable = true; services.displayManager.enable = true;
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
# Enable CUPS to print documents. # Enable CUPS to print documents.
services.printing.enable = true; services.printing.enable = true;
system.stateVersion = "23.05"; # Did you read the comment? system.stateVersion = "23.05"; # Did you read the comment?
# Set your time zone. # Set your time zone.
time.timeZone = "America/Chicago"; time.timeZone = "America/Chicago";
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = { i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8";
};
networking = {
hostName = "jesstop";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
users.users."nickelback" = {
isNormalUser = true;
description = "Thomas Jefferson";
initialPassword = "89453712";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
"networkmanager"
]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [];
packages = with pkgs; [
(writeShellScriptBin "beets" ''
bluetoothctl connect A4:16:C0:74:1F:55
'')
spotify
gnome-network-displays
discord
krita
rpcs3
];
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
}; };
networking = {
hostName = "jesstop";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
users.users."nickelback" = {
isNormalUser = true;
description = "Thomas Jefferson";
initialPassword = "89453712";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
"networkmanager"
]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [];
packages = with pkgs; [
(writeShellScriptBin "beets" ''
bluetoothctl connect A4:16:C0:74:1F:55
'')
spotify
gnome-network-displays
discord
krita
rpcs3
];
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
} }

68
profiles/jesstop/hardware-configuration.nix
View File

@@ -1,39 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config { ... }: {
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ flake.nixosModules.jesstop = { config, lib, pkgs, modulesPath, ... }:
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; {
boot.initrd.kernelModules = [ ]; imports =
boot.kernelModules = [ "kvm-intel" ]; [ (modulesPath + "/installer/scan/not-detected.nix")
boot.extraModulePackages = [ ]; ];
fileSystems."/" = boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
{ device = "/dev/disk/by-uuid/d76defe1-149f-4ea2-a5a1-d9cc2804cf72"; boot.initrd.kernelModules = [ ];
fsType = "ext4"; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d76defe1-149f-4ea2-a5a1-d9cc2804cf72";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D497-6455";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}; };
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D497-6455";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

186
profiles/laptop/default.nix
View File

@@ -1,125 +1,117 @@
{ config, pkgs, lib, home-manager, sops-nix, ... }: { inputs, ... }: {
{ flake.nixosModules.laptop = { config, pkgs, lib, ... }:
imports = [ {
home-manager.nixosModules.default
sops-nix.nixosModules.sops imports = [
]; inputs.home-manager.nixosModules.default
config = { inputs.sops-nix.nixosModules.sops
nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = null;
};
};
systemd.settings.Manager.DefaultLimitNOFILE = 2048;
hardware = {
graphics.enable = true;
firmware = with pkgs; [
sof-firmware
];
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
]; ];
sysconfig = with lib; { config = {
remoteBuildClient = mkDefault true;
graphical = mkDefault true; nixpkgs.config = {
allowUnfree = true;
services = {
sddm.enable = mkDefault true;
openssh.enable = mkDefault false;
pipewire.enable = mkDefault true;
netbird.enable = mkDefault true;
ollama.enable = mkDefault true;
}; };
programs = { # Bootloader.
steam.enable = mkDefault true; boot = {
hyprpanel.enable = mkDefault true; kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
hyprland.enable = mkDefault true; loader = {
}; systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = null;
containers = {
wyoming = {
enable = mkDefault false;
}; };
}; };
virtual-machines = { systemd.settings.Manager.DefaultLimitNOFILE = 2048;
enable = true;
hardware = {
graphics.enable = true;
firmware = with pkgs; [
sof-firmware
];
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
];
sysconfig = with lib; {
remoteBuildClient = mkDefault true;
graphical = mkDefault true;
services = {
sddm.enable = mkDefault true;
openssh.enable = mkDefault false;
pipewire.enable = mkDefault true;
netbird.enable = mkDefault true;
ollama.enable = mkDefault true;
avahi.enable = mkDefault true;
};
programs = {
steam.enable = mkDefault true;
hyprland.enable = mkDefault true;
};
containers = {
wyoming = {
enable = mkDefault false;
};
};
virtual-machines = {
enable = true;
};
}; };
};
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver = { services.xserver = {
enable = true; enable = true;
}; };
services.displayManager.enable = true; services.displayManager.enable = true;
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
environment.shells = with pkgs; [ zsh bashInteractive ]; environment.shells = with pkgs; [ zsh bashInteractive ];
# Enable CUPS to print documents. # Enable CUPS to print documents.
services.printing.enable = true; services.printing.enable = true;
programs.adb.enable = true; programs.adb.enable = true;
programs.zsh.enable = true; programs.zsh.enable = true;
networking = { networking = {
nameservers = [ nameservers = [
"1.1.1.1" "1.1.1.1"
"1.0.0.1" "1.0.0.1"
]; ];
networkmanager = { networkmanager = {
enable = true; enable = true;
dns = "none"; dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
}; };
useDHCP = false;
dhcpcd.enable = false;
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
} }

199
profiles/live/default.nix
View File

@@ -1,121 +1,124 @@
{ pkgs, inputs, ... }: { { inputs, ... }: {
imports = with inputs; [ flake.nixosModules.live = { pkgs, ... }: {
disko.nixosModules.default
(import ./disko.nix { device = "/dev/mmcblk0"; }) imports = with inputs; [
sops-nix.nixosModules.sops disko.nixosModules.default
home-manager.nixosModules.default (import ./disko.nix { device = "/dev/mmcblk0"; })
]; sops-nix.nixosModules.sops
config = { home-manager.nixosModules.default
hardware.enableRedistributableFirmware = true; ];
hardware.enableAllHardware = true;
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ]; config = {
networking = { hardware.enableRedistributableFirmware = true;
nameservers = [ "1.1.1.1" "1.0.0.1" ]; hardware.enableAllHardware = true;
networkmanager.enable = true;
};
nixpkgs.hostPlatform = "x86_64-linux"; programs.zsh.enable = true;
boot = { environment.shells = with pkgs; [ zsh bashInteractive ];
loader = {
systemd-boot.enable = true; networking = {
efi.canTouchEfiVariables = true; nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
}; };
};
users.users."nathan" = { nixpkgs.hostPlatform = "x86_64-linux";
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
sops = { boot = {
age.keyFile = "/var/lib/sops/age/keys.txt"; loader = {
defaultSopsFile = ./secrets.yaml; systemd-boot.enable = true;
defaultSopsFormat = "yaml"; efi.canTouchEfiVariables = true;
#secrets."nathan/pass".neededForUsers = true; };
}; };
sysconfig = { users.users."nathan" = {
#remoteBuildClient = true; hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
host = "live"; packages = with pkgs; [
graphical = true; git
users = { nerd-fonts.fira-code
nathan = { ];
extraGroups = [ "wheel" "networkmanager" ]; };
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
shell = pkgs.zsh; sops = {
sshKeys = [ age.keyFile = "/var/lib/sops/age/keys.txt";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" defaultSopsFile = ./secrets.yaml;
]; defaultSopsFormat = "yaml";
home-manager = { #secrets."nathan/pass".neededForUsers = true;
enable = true; };
standalone = false;
extraModules = [ sysconfig = {
{ #remoteBuildClient = true;
homeconfig = { host = "live";
minimal = false; graphical = true;
hyprland.enable = true; users = {
hyprlock.enable = true; nathan = {
wal.enable = true; extraGroups = [ "wheel" "networkmanager" ];
mpd.enable = true; #hashedPasswordFile = config.sops.secrets."nathan/pass".path;
hyprpanel.enable = true; shell = pkgs.zsh;
calcurse.enable = true; sshKeys = [
rofi.enable = true; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
firefox.enable = true;
#git.enable = true;
nh.enable = true;
};
}
]; ];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
#git.enable = true;
nh.enable = true;
};
}
];
};
};
};
services = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = {
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
}; };
}; };
}; };
services = { system.stateVersion = "25.05";
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
#kdePlasma6.enable = true;
netbird.enable = true;
#ollama.enable = true;
};
programs = { fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
#steam.enable = true;
hyprpanel.enable = true;
hyprland.enable = true;
};
virtualization = {
wyoming = {
enable = false;
};
homeassistant = {
enable = false;
};
};
}; };
system.stateVersion = "25.05";
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
}; };
} }

129
profiles/live/disko.nix
View File

@@ -1,66 +1,69 @@
{ { ... }: {
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = { flake.diskoConfigurations.live = {
"/root" = { device1 ? throw "Set this to your disk device, e.g. /dev/sda",
mountpoint = "/"; ...
}; }: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
"/nix" = { subvolumes = {
mountOptions = ["subvol=nix" "noatime"]; "/root" = {
mountpoint = "/nix"; mountpoint = "/";
}; };
};
}; "/nix" = {
}; mountOptions = ["subvol=nix" "noatime"];
}; mountpoint = "/nix";
}; };
}; };
}; };
};
};
};
};
};
};
} }

251
profiles/pi4/default.nix
View File

@@ -1,145 +1,138 @@
{ config, pkgs, inputs, ... }: { { inputs, ... }: {
imports = [ flake.nixosModules.pi4 = { config, pkgs, ... }: {
./hardware-configuration.nix
inputs.disko.nixosModules.default
(import ./disko.nix { device1 = "/dev/mmcblk0"; })
inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
];
config = { imports = [
./hardware-configuration.nix
sysconfig = { inputs.disko.nixosModules.default
remoteBuildClient = true;
users = { (import ./disko.nix { device1 = "/dev/mmcblk0"; })
nathan = {
hashedPasswordFile = config.sops.secrets."nathan/pass".path; inputs.home-manager.nixosModules.default
shell = pkgs.zsh;
sshKeys = [ inputs.sops-nix.nixosModules.sops
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" ];
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
]; config = {
extraGroups = [
"wheel" sysconfig = {
"networkmanager" remoteBuildClient = true;
"gpio"
"spi" users = {
"audio" nathan = {
"pulse" hashedPasswordFile = config.sops.secrets."nathan/pass".path;
"pulse-access" shell = pkgs.zsh;
]; sshKeys = [
home-manager = { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
enable = true; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
standalone = false;
extraModules = [
{
homeconfig = {
scripts.enable = false;
minimal = true;
mpd.enable = true;
git.enable = true;
nh.enable = true;
};
}
]; ];
extraGroups = [
"wheel"
"networkmanager"
"gpio"
"spi"
"audio"
"pulse"
"pulse-access"
];
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
scripts.enable = false;
minimal = true;
mpd.enable = true;
git.enable = true;
nh.enable = true;
};
}
];
};
}; };
}; };
services = {
openssh.enable = true;
#pipewire.enable = true;
netbird.enable = true;
};
};
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
hardware = {
bluetooth.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users = {
groups.gpio = {};
}; };
services = { services = {
openssh.enable = true; udev.extraRules = ''
#pipewire.enable = true; SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
netbird.enable = true; SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
}; SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
}; '';
boot = { pulseaudio = {
loader = { enable = true;
grub.enable = false; extraConfig = ''
generic-extlinux-compatible.enable = true; load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
}; '';
}; };
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
hardware = {
bluetooth.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users = {
groups.gpio = {};
};
services = {
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
};
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
}; };
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
sound.enable = true;
security.rtkit.enable = true;
system.stateVersion = "25.05";
}; };
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
sound.enable = true;
security.rtkit.enable = true;
system.stateVersion = "25.05";
}; };
} }

129
profiles/pi4/disko.nix
View File

@@ -1,66 +1,69 @@
{ { ... }: {
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = { flake.diskoConfigurations.pi4 = {
"/root" = { device1 ? throw "Set this to your disk device, e.g. /dev/sda",
mountpoint = "/"; ...
}; }: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
"/nix" = { subvolumes = {
mountOptions = ["subvol=nix" "noatime"]; "/root" = {
mountpoint = "/nix"; mountpoint = "/";
}; };
};
}; "/nix" = {
}; mountOptions = ["subvol=nix" "noatime"];
}; mountpoint = "/nix";
}; };
}; };
}; };
};
};
};
};
};
};
} }

42
profiles/pi4/hardware-configuration.nix
View File

@@ -1,27 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config { ... }: {
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ flake.nixosModules.pi4 = { config, lib, pkgs, modulesPath, ... }:
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" ]; {
boot.initrd.kernelModules = [ ]; imports =
boot.kernelModules = [ ]; [ (modulesPath + "/installer/scan/not-detected.nix")
boot.extraModulePackages = [ ]; ];
swapDevices = [ ]; boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking swapDevices = [ ];
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
};
} }

179
system/default.nix
View File

@@ -1,115 +1,112 @@
{ config, lib, pkgs, nixpkgs, ... }: { { inputs, ... }: {
imports = let flake.nixosModules.default = { config, lib, pkgs, ... }: {
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
options.sysconfig = with lib; { options.sysconfig = with lib; {
host = mkOption { host = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
};
graphical = mkOption {
type = with types; bool;
default = config.hardware.graphics.enable;
};
remoteBuildHost = mkOption {
type = with types; bool;
default = false;
};
remoteBuildClient = mkOption {
type = with types; bool;
default = false;
};
};
config = {
networking.hostName = lib.mkDefault config.sysconfig.host;
nix = {
nixPath = [ "nixpkgs=${nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
}; };
graphical = mkOption {
type = with types; bool;
default = config.hardware.graphics.enable;
};
remoteBuildHost = mkOption {
type = with types; bool;
default = false;
};
remoteBuildClient = mkOption {
type = with types; bool;
default = false;
};
};
distributedBuilds = config.sysconfig.remoteBuildClient; config = {
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
networking.hostName = lib.mkDefault config.sysconfig.host;
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
distributedBuilds = config.sysconfig.remoteBuildClient;
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
{ {
hostName = "esotericbytes.com"; hostName = "esotericbytes.com";
sshUser = "remote-builder"; sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildKey".path; sshKey = config.sops.secrets."remoteBuildKey".path;
supportedFeatures = [ supportedFeatures = [
"nixos-test" "nixos-test"
"benchmark" "benchmark"
"big-parallel" "big-parallel"
"kvm" "kvm"
]; ];
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [ "x86_64-linux" "aarch64-linux" ];
} }
]; ];
}; };
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost { users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
isNormalUser = true; isNormalUser = true;
createHome = false; createHome = false;
}; };
sops.secrets = let sops.secrets = let
dir = builtins.readDir ../machines; dir = builtins.readDir ../machines;
in lib.mkIf config.sysconfig.remoteBuildHost (builtins.listToAttrs in lib.mkIf config.sysconfig.remoteBuildHost (builtins.listToAttrs
(builtins.map (builtins.map
(y: { name = "remoteBuildClientKeys/${y}"; value = { sopsFile = ./secrets.yaml; }; }) (y: { name = "remoteBuildClientKeys/${y}"; value = { sopsFile = ./secrets.yaml; }; })
(builtins.filter (builtins.filter
(x: dir.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient) (x: dir.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient)
(builtins.attrNames dir) (builtins.attrNames dir)
) )
)
);
sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.filter
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) )
); );
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFormat = "yaml";
};
time.timeZone = lib.mkDefault "America/Chicago"; sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.filter
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
)
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
i18n = lib.mkDefault { sops = {
defaultLocale = "en_US.UTF-8"; age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFormat = "yaml";
};
extraLocaleSettings = { time.timeZone = lib.mkDefault "America/Chicago";
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; i18n = lib.mkDefault {
LC_MEASUREMENT = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8"; extraLocaleSettings = {
LC_NUMERIC = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
}; };
}; };
}; };
} }

6
system/etc/default.nix
View File

@@ -1,6 +1,10 @@
{ ... }: { { ... }: {
config = { flake.nixosModules.default = { ... }: {
config = {
};
}; };
} }

14
system/packages/default.nix
View File

@@ -1,7 +1,11 @@
{ pkgs, disko, ... }: { { inputs, ... }: {
environment.systemPackages = with pkgs; [ flake.nixosModules.default = { pkgs, ... }: {
sops
disko.packages.${pkgs.stdenv.hostPlatform.system}.disko-install environment.systemPackages = with pkgs; [
]; sops
inputs.disko.packages.${pkgs.stdenv.hostPlatform.system}.disko-install
];
};
} }

9
system/programs/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = [
./hyprland
./hyprpanel
./steam
];
}

55
system/programs/hyprland/default.nix
View File

@@ -1,28 +1,53 @@
{ config, lib, pkgs, hyprland, ... }: { { inputs, ... }: {
options.sysconfig.programs.hyprland.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.programs.hyprland.enable { options.sysconfig.programs.hyprland.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
sysconfig.services.sddm.enable = lib.mkDefault true; config = lib.mkIf config.sysconfig.programs.hyprland.enable {
environment.sessionVariables.NIXOS_OZONE_WL = "1"; sysconfig.services.sddm.enable = lib.mkDefault true;
programs.hyprland = { environment.sessionVariables.NIXOS_OZONE_WL = "1";
enable = true;
withUWSM = true; programs.hyprland = {
enable = true;
xwayland.enable = true; withUWSM = true;
systemd.setPath.enable = true; xwayland.enable = true;
package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; systemd.setPath.enable = true;
portalPackage = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
};
services = {
upower.enable = true;
gvfs.enable = true;
power-profiles-daemon.enable = true;
};
environment.systemPackages = with pkgs; [
bluez
bluez-tools
libgtop
dart-sass
wl-clipboard
gtksourceview
libsoup_3
brightnessctl
swww
hyprpicker
hyprsunset
wf-recorder
];
}; };
}; };
} }

30
system/programs/hyprpanel/default.nix
View File

@@ -1,30 +0,0 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.programs.hyprpanel.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.programs.hyprpanel.enable {
services = {
upower.enable = true;
gvfs.enable = true;
power-profiles-daemon.enable = true;
};
environment.systemPackages = with pkgs; [
bluez
bluez-tools
libgtop
dart-sass
wl-clipboard
gtksourceview
libsoup_3
brightnessctl
swww
hyprpicker
hyprsunset
wf-recorder
];
};
}

22
system/programs/steam/default.nix
View File

@@ -1,14 +1,18 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.programs.steam.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.programs.steam.enable { options.sysconfig.programs.steam.enable = lib.options.mkOption {
type = lib.types.bool;
programs.steam = { default = false;
enable = true; };
config = lib.mkIf config.sysconfig.programs.steam.enable {
programs.steam = {
enable = true;
};
}; };
}; };
} }

27
system/services/avahi/default.nix Normal file
View File

@@ -0,0 +1,27 @@
{ ... }: {
flake.nixosModules.default = { config, lib, ... }: {
options = {
sysconfig.services.avahi.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.avahi.enable {
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
};
};
}

9
system/services/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
}

54
system/services/dynamicDNS/default.nix
View File

@@ -1,40 +1,44 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.services.dynamicDNS.enable = with lib; mkOption { flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = with types; bool; options.sysconfig.services.dynamicDNS.enable = with lib; mkOption {
default = false;
};
config = lib.mkIf config.sysconfig.services.dynamicDNS.enable { type = with types; bool;
default = false;
systemd.timers.dynamicDNS = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "1h";
Unit = "dynamicDNS.service";
};
}; };
systemd.services.dynamicDNS = { config = lib.mkIf config.sysconfig.services.dynamicDNS.enable {
name = "dynamicDNS.service"; systemd.timers.dynamicDNS = {
serviceConfig = { wantedBy = [ "timers.target" ];
Type = "oneshot"; timerConfig = {
LoadCredential = [ "cloudflare-api-key" ]; OnBootSec = "5m";
OnUnitActiveSec = "1h";
Unit = "dynamicDNS.service";
};
}; };
script = ''''; systemd.services.dynamicDNS = {
name = "dynamicDNS.service";
serviceConfig = {
Type = "oneshot";
LoadCredential = [ "cloudflare-api-key" ];
};
script = '''';
};
}; };
}; };
} }

54
system/services/kdePlasma6/default.nix
View File

@@ -1,31 +1,35 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.services.kdePlasma6.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.services.kdePlasma6.enable { options.sysconfig.services.kdePlasma6.enable = lib.options.mkOption {
type = lib.types.bool;
services.desktopManager.plasma6.enable = true; default = false;
};
sysconfig.services.sddm.enable = lib.mkDefault true; config = lib.mkIf config.sysconfig.services.kdePlasma6.enable {
environment.systemPackages = with pkgs; [ services.desktopManager.plasma6.enable = true;
kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice
kdePackages.kcalc # Calculator sysconfig.services.sddm.enable = lib.mkDefault true;
kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts
kdePackages.kcolorchooser # A small utility to select a color environment.systemPackages = with pkgs; [
kdePackages.kolourpaint # Easy-to-use paint program kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice
kdePackages.ksystemlog # KDE SystemLog Application kdePackages.kcalc # Calculator
kdePackages.sddm-kcm # Configuration module for SDDM kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts
kdiff3 # Compares and merges 2 or 3 files or directories kdePackages.kcolorchooser # A small utility to select a color
kdePackages.isoimagewriter # Optional: Program to write hybrid ISO files onto USB disks kdePackages.kolourpaint # Easy-to-use paint program
kdePackages.partitionmanager # Optional Manage the disk devices, partitions and file systems on your computer kdePackages.ksystemlog # KDE SystemLog Application
hardinfo2 # System information and benchmarks for Linux systems kdePackages.sddm-kcm # Configuration module for SDDM
haruna # Open source video player built with Qt/QML and libmpv kdiff3 # Compares and merges 2 or 3 files or directories
wayland-utils # Wayland utilities kdePackages.isoimagewriter # Optional: Program to write hybrid ISO files onto USB disks
wl-clipboard # Command-line copy/paste utilities for Wayland kdePackages.partitionmanager # Optional Manage the disk devices, partitions and file systems on your computer
]; hardinfo2 # System information and benchmarks for Linux systems
haruna # Open source video player built with Qt/QML and libmpv
wayland-utils # Wayland utilities
wl-clipboard # Command-line copy/paste utilities for Wayland
];
};
}; };
} }

42
system/services/netbird/default.nix
View File

@@ -1,26 +1,30 @@
{ config, lib, nixpkgs-us, ... }: { { inputs, ... }: {
options.sysconfig = { flake.nixosModules.default = { config, lib, ... }: {
services.netbird.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = let options.sysconfig = {
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
};
in lib.mkIf config.sysconfig.services.netbird.enable {
services.netbird = { services.netbird.enable = lib.options.mkOption {
enable = config.sysconfig.services.netbird.enable; type = lib.types.bool;
ui = { default = false;
enable = true; };
package = pkgs-us.netbird-ui; };
config = let
pkgs-us = import inputs.nixpkgs-us {
system = "x86_64-linux";
};
in lib.mkIf config.sysconfig.services.netbird.enable {
services.netbird = {
enable = config.sysconfig.services.netbird.enable;
ui = {
enable = true;
package = pkgs-us.netbird-ui;
};
package = pkgs-us.netbird;
}; };
package = pkgs-us.netbird;
}; };
}; };
} }

52
system/services/novnc/default.nix
View File

@@ -1,30 +1,34 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.services.novnc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.services.novnc.enable { flake.nixosModules.default = { config, lib, pkgs, ... }: {
systemd.services.novnc = {
enable = true;
path = with pkgs; [ options.sysconfig.services.novnc.enable = lib.mkOption {
novnc type = lib.types.bool;
ps default = false;
];
script = ''
novnc --listen 80 --vnc 127.0.0.1:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
}; };
networking.firewall.allowedTCPPorts = [ 80 ]; config = lib.mkIf config.sysconfig.services.novnc.enable {
systemd.services.novnc = {
enable = true;
path = with pkgs; [
novnc
ps
];
script = ''
novnc --listen 80 --vnc 127.0.0.1:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
}; };
} }

42
system/services/ollama/default.nix
View File

@@ -1,25 +1,29 @@
{ config, lib, nixpkgs-us, ... }: { { inputs, ... }: {
options = { flake.nixosModules.default = { config, lib, ... }: {
sysconfig.services.ollama.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.ollama.enable { options = {
services.ollama = { sysconfig.services.ollama.enable = lib.options.mkOption {
enable = true; type = lib.types.bool;
acceleration = "cuda"; default = false;
environmentVariables = { };
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000"; };
config = lib.mkIf config.sysconfig.services.ollama.enable {
services.ollama = {
enable = true;
acceleration = "cuda";
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000";
};
package = let
pkgs-us = import inputs.nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.ollama-cuda;
}; };
package = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.ollama-cuda;
}; };
}; };
} }

32
system/services/openssh/default.nix
View File

@@ -1,22 +1,26 @@
{ config, lib, ... }: { { ... }: {
options = { flake.nixosModules.default = { config, lib, ... }: {
sysconfig.services.openssh.enable = lib.options.mkOption {
type = lib.types.bool; options = {
default = false; sysconfig.services.openssh.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
}; };
};
config = lib.mkIf (config.sysconfig.services.openssh.enable || config.sysconfig.remoteBuildHost) { config = lib.mkIf (config.sysconfig.services.openssh.enable || config.sysconfig.remoteBuildHost) {
services.openssh = { services.openssh = {
enable = true; enable = true;
openFirewall = lib.mkDefault true; openFirewall = lib.mkDefault true;
settings = { settings = {
PermitRootLogin = lib.mkForce "no"; PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
};
}; };
}; };
}; };
} }

75
system/services/pipewire/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: { { ... }: {
options = {
sysconfig.services.pipewire.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.pipewire.enable { flake.nixosModules.default = { config, lib, pkgs, ... }: {
options = {
sysconfig.services.pipewire.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.pipewire.enable {
# Enable sound with pipewire. # Enable sound with pipewire.
#sound.enable = true; #sound.enable = true;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
package = pkgs.pipewire; package = pkgs.pipewire;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
extraConfig.pipewire-pulse."92-low-latency" = { extraConfig.pipewire-pulse."92-low-latency" = {
context.modules = [ context.modules = [
{ {
name = "libpipewire-module-protocol-pulse"; name = "libpipewire-module-protocol-pulse";
args = { args = {
pulse.min.req = "32/48000"; pulse.min.req = "32/48000";
pulse.default.req = "32/48000"; pulse.default.req = "32/48000";
pulse.max.req = "32/48000"; pulse.max.req = "32/48000";
pulse.min.quantum = "32/48000"; pulse.min.quantum = "32/48000";
pulse.max.quantum = "32/48000"; pulse.max.quantum = "32/48000";
};
}
];
stream.properties = {
node.latency = "32/48000";
resample.quality = 1;
}; };
}
];
stream.properties = {
node.latency = "32/48000";
resample.quality = 1;
}; };
};
# If you want to use JACK applications, uncomment this # If you want to use JACK applications, uncomment this
#jack.enable = true; #jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default, # use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now) # no need to redefine it in your config for now)
wireplumber.enable = true; wireplumber.enable = true;
};
}; };
}; };
} }

53
system/services/sddm/default.nix
View File

@@ -1,34 +1,37 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.services.sddm.enable = lib.mkOption { flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.services.sddm.enable { options.sysconfig.services.sddm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
qt.enable = true; config = lib.mkIf config.sysconfig.services.sddm.enable {
environment.systemPackages = with pkgs; [ (sddm-astronaut.override { embeddedTheme = "pixel_sakura"; }) ]; qt.enable = true;
services.displayManager.sddm = { environment.systemPackages = with pkgs; [ (sddm-astronaut.override { embeddedTheme = "pixel_sakura"; }) ];
enable = true;
wayland.enable = true;
autoNumlock = true;
theme = "sddm-astronaut-theme"; #"${inputs.tokyo-night-sddm-theme { inherit pkgs; }}";
enableHidpi = true;
/*extraPackages = with pkgs; [
libsForQt5.qtsvg
libsForQt5.qtquickcontrols2
libsForQt5.qtgraphicaleffects
];*/
package = lib.mkDefault pkgs.kdePackages.sddm; services.displayManager.sddm = {
extraPackages = with pkgs; [ enable = true;
kdePackages.qtsvg wayland.enable = true;
kdePackages.qtvirtualkeyboard autoNumlock = true;
kdePackages.qtmultimedia theme = "sddm-astronaut-theme"; #"${inputs.tokyo-night-sddm-theme { inherit pkgs; }}";
]; enableHidpi = true;
/*extraPackages = with pkgs; [
libsForQt5.qtsvg
libsForQt5.qtquickcontrols2
libsForQt5.qtgraphicaleffects
];*/
package = lib.mkDefault pkgs.kdePackages.sddm;
extraPackages = with pkgs; [
kdePackages.qtsvg
kdePackages.qtvirtualkeyboard
kdePackages.qtmultimedia
];
};
}; };
}; };
} }

107
system/services/wyoming/default.nix
View File

@@ -1,66 +1,69 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.services.wyoming = { flake.nixosModules.default = { config, lib, ... }: {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.services.wyoming.enable { options.sysconfig.services.wyoming = {
enable = lib.options.mkOption {
services.wyoming = { type = lib.types.bool;
default = false;
piper = lib.mkIf config.sysconfig.services.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
}; };
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
openwakeword = lib.mkIf config.sysconfig.services.wyoming.openwakeword { config = lib.mkIf config.sysconfig.services.wyoming.enable {
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5; services.wyoming = {
customModelsDirectories = [
piper = lib.mkIf config.sysconfig.services.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
};
openwakeword = lib.mkIf config.sysconfig.services.wyoming.openwakeword {
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words #./wake_words
]; ];
}; };
faster-whisper = lib.mkIf config.sysconfig.services.wyoming.faster-whisper { faster-whisper = lib.mkIf config.sysconfig.services.wyoming.faster-whisper {
servers.whisper = { servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.services.wyoming.satellite {
enable = true; enable = true;
device = "auto"; uri = "tcp://0.0.0.0:11431";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
}; };
}; };
satellite = lib.mkIf config.sysconfig.services.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
};
}; };
}; };
} }

225
system/users/default.nix
View File

@@ -1,144 +1,133 @@
{ config, lib, pkgs, ... } @ inputs: { { self, ... }: {
imports = let flake.nixosModules.default = { config, lib, pkgs, ... }: {
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
options.sysconfig = with lib; {
sshHostKeys = lib.mkOption {
type = with lib.types; attrsOf str;
default = {};
};
users = let options.sysconfig = with lib; {
userType = types.submodule ({ name, ... }: { sshHostKeys = lib.mkOption {
options = with lib; { type = with lib.types; attrsOf str;
name = mkOption { default = {};
};
users = let
userType = types.submodule ({ name, ... }: {
options = with lib; {
name = mkOption {
type = with types; passwdEntry str; type = with types; passwdEntry str;
default = name; default = name;
}; };
home-manager = { home-manager = {
enable = mkOption { enable = mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
}; };
standalone = mkOption { standalone = mkOption {
type = with types; bool; type = with types; bool;
default = true; default = true;
description = "is this home-manager standalone?"; description = "is this home-manager standalone?";
}; };
extraModules = mkOption { extraModules = mkOption {
type = with types; listOf raw; type = with types; listOf raw;
default = [];
};
};
isSuperuser = mkOption {
type = with types; bool;
default = false;
description = "sudo?";
};
usePresets = mkOption {
type = with types; bool;
default = true;
description = "search for predefined settings?";
};
ssh = {
keys = mkOption {
type = with types; listOf str;
default = [];
description = "public keys used to login as this user";
};
hosts = mkOption {
type = with types; listOf str;
default = [];
description = "user@host's used to login as this user";
};
};
uid = mkOption {
type = with types; nullOr int;
default = null;
};
hashedPasswordFile = mkOption {
type = with types; nullOr str;
default = null;
};
extraGroups = mkOption {
type = with types; listOf str;
default = []; default = [];
}; };
};
shell = mkOption { isSuperuser = mkOption {
type = with types; package; type = with types; bool;
default = pkgs.shadow; default = false;
}; description = "sudo?";
}; };
});
in lib.mkOption { usePresets = mkOption {
type = with lib.types; attrsOf userType; type = with types; bool;
default = {}; default = true;
description = "search for predefined settings?";
};
ssh = {
keys = mkOption {
type = with types; listOf str;
default = [];
description = "public keys used to login as this user";
};
hosts = mkOption {
type = with types; listOf str;
default = [];
description = "user@host's used to login as this user";
};
};
uid = mkOption {
type = with types; nullOr int;
default = null;
};
hashedPasswordFile = mkOption {
type = with types; nullOr str;
default = null;
};
extraGroups = mkOption {
type = with types; listOf str;
default = [];
};
shell = mkOption {
type = with types; package;
default = pkgs.shadow;
};
};
});
in lib.mkOption {
type = with lib.types; attrsOf userType;
default = {};
};
}; };
};
config = lib.mkIf (config.sysconfig.host != "android") { config = {
users.users = builtins.mapAttrs (x: y: let users.users = builtins.mapAttrs (x: y: let
cfg = config.sysconfig.users.${x}; cfg = config.sysconfig.users.${x};
in { in {
name = cfg.name; name = cfg.name;
isNormalUser = true; isNormalUser = true;
uid = cfg.uid; uid = cfg.uid;
hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile; hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
shell = cfg.shell; shell = cfg.shell;
extraGroups = cfg.extraGroups ++ (if cfg.isSuperuser then [ "wheel" ] else []); extraGroups = cfg.extraGroups ++ (if cfg.isSuperuser then [ "wheel" ] else []);
openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable (cfg.ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) cfg.ssh.hosts)); openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable (cfg.ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) cfg.ssh.hosts));
packages = with pkgs; lib.mkIf (cfg.home-manager.enable && cfg.home-manager.standalone) [ home-manager ]; packages = with pkgs; lib.mkIf (cfg.home-manager.enable && cfg.home-manager.standalone) [ home-manager ];
}) config.sysconfig.users; }) config.sysconfig.users;
programs.fuse.userAllowOther = true;
home-manager = { programs.fuse.userAllowOther = true;
backupFileExtension = "backup";
extraSpecialArgs = { inherit inputs; };
useUserPackages = true;
sharedModules = [];
users = builtins.listToAttrs (builtins.map
(x: {
name = x;
value = (lib.mkMerge ([
(if let home-manager = {
dir = builtins.readDir ./.; backupFileExtension = "backup";
in dir ? ${x} && dir.${x} == "directory" then useUserPackages = true;
import ../../homes/${x}/home-manager sharedModules = [];
else {}) users = builtins.listToAttrs (builtins.map
(x: {
name = x;
value = (lib.mkMerge ([
(if inputs ? ${x} then inputs.${x} else {}) (lib.mkIf (self.homeModules ? ${x}) self.homeModules.${x})
] ++ config.sysconfig.users.${x}.home-manager.extraModules)); ] ++ config.sysconfig.users.${x}.home-manager.extraModules));
}) })
(builtins.filter (builtins.filter
(y: (config.sysconfig.users.${y}.home-manager.enable && !config.sysconfig.users.${y}.home-manager.standalone)) (y: (config.sysconfig.users.${y}.home-manager.enable && !config.sysconfig.users.${y}.home-manager.standalone))
(builtins.attrNames config.sysconfig.users) (builtins.attrNames config.sysconfig.users)
) )
); );
};
}; };
}; };
} }

39
system/users/nathan/default.nix
View File

@@ -1,24 +1,27 @@
{ config, lib, pkgs, ... }: { { ... }: {
config = lib.mkIf ( flake.nixosModules.default = { config, lib, pkgs, ... }: {
config.sysconfig.users ? nathan && config.sysconfig.users.nathan.usePresets
) {
sops.secrets."nathan/pass".neededForUsers = true;
users.users.nathan = { config = lib.mkIf (
shell = lib.mkDefault pkgs.zsh; config.sysconfig.users ? nathan && config.sysconfig.users.nathan.usePresets
name = lib.mkDefault "nathan"; ) {
isNormalUser = lib.mkDefault true;
#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
extraGroups = [ "networkmanager" "docker" "libvirtd" ];
openssh.authorizedKeys.keys = with config.sysconfig.users.nathan; lib.mkIf config.sysconfig.services.openssh.enable (
ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) ssh.hosts)
);
packages = lib.mkIf (
config.sysconfig.users.nathan.home-manager.enable && config.sysconfig.users.nathan.home-manager.standalone
) [ pkgs.home-manager ];
sops.secrets."nathan/pass".neededForUsers = true;
users.users.nathan = {
shell = lib.mkDefault pkgs.zsh;
name = lib.mkDefault "nathan";
isNormalUser = lib.mkDefault true;
#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
extraGroups = [ "networkmanager" "docker" "libvirtd" ];
openssh.authorizedKeys.keys = with config.sysconfig.users.nathan; lib.mkIf config.sysconfig.services.openssh.enable (
ssh.keys ++ (map (z: config.sysconfig.sshHostKeys.${z}) ssh.hosts)
);
packages = lib.mkIf (
config.sysconfig.users.nathan.home-manager.enable && config.sysconfig.users.nathan.home-manager.standalone
) [ pkgs.home-manager ];
};
}; };
}; };
} }

71
system/virtualization/containers/authentik/default.nix
View File

@@ -1,71 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.authentik.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.authentik.enable {
sops.secrets."authentik/dbpass" = {};
networking = {
nat.internalInterfaces = [ "ve-authentik" ];
};
containers.authentik = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.35";
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."authentik/dbpass".path}"
];
bindMounts = {
"/etc/authentik" = {
hostPath = "/ssd1/Authentik";
isReadOnly = false;
};
};
config = {
networking.firewall.allowedTCPPorts = [ 9001 ];
systemd.services.secrets_setup = {
wantedBy = [ "authentik.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/authentik/dbpass
chown postgres:postgres /etc/authentik/dbpass
'';
};
services.authentik = {
enable = true;
environmentFile = "/etc/authentik/authentik.env";
settings = {
disable_startup_analytics = true;
avatars = "initials";
};
worker.listenHTTP = "0.0.0.0:9001";
};
system.stateVersion = "25.05";
};
};
};
}

53
system/virtualization/containers/code-server/default.nix
View File

@@ -1,40 +1,43 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers.code-server.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.code-server.enable { options.sysconfig.containers.code-server.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
containers.code-server = { config = lib.mkIf config.sysconfig.containers.code-server.enable {
autoStart = true; containers.code-server = {
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.31";
config = { autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.31";
services.code-server = { config = {
enable = true;
hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI";
disableUpdateCheck = true; services.code-server = {
enable = true;
disableTelemetry = true; hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI";
disableGettingStartedOverride = true; disableUpdateCheck = true;
auth = "none"; disableTelemetry = true;
host = "0.0.0.0"; disableGettingStartedOverride = true;
auth = "none";
host = "0.0.0.0";
};
networking.firewall.allowedTCPPorts = [ 4444 ];
system.stateVersion = "25.05";
}; };
networking.firewall.allowedTCPPorts = [ 4444 ];
system.stateVersion = "25.05";
}; };
}; };
}; };

32
system/virtualization/containers/default.nix
View File

@@ -1,32 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
/*imports = [
./gitlab
./gitea
./traefik
./nginx
./jellyfin
./pihole
./nextcloud
./ntfy
./homeassistant
./rustdesk
./netbird
./keycloak
./ollama
./openwebui
./n8n
./wyoming
./code-server
./novnc
./minecraft
#./sandbox
];*/
}

171
system/virtualization/containers/gitea/default.nix
View File

@@ -1,105 +1,114 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers.gitea.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.gitea.enable { options.sysconfig.containers.gitea.enable = lib.options.mkOption {
type = lib.types.bool;
networking = { default = false;
nat.internalInterfaces = [ "ve-gitea" ];
};
sops.secrets = {
"gitea/dbpass" = {};
}; };
containers.gitea = { config = lib.mkIf config.sysconfig.containers.gitea.enable {
autoStart = true; networking = {
privateNetwork = true; nat.internalInterfaces = [ "ve-gitea" ];
hostAddress = "192.168.100.10";
localAddress = "192.168.100.20";
bindMounts = {
"/etc/gitea/data" = {
hostPath = "/ssd1/Gitea/data";
isReadOnly = false;
};
}; };
extraFlags = [ sops.secrets = {
"--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}" "gitea/dbpass" = {};
]; };
config = {
systemd.services.secrets_setup = { containers.gitea = {
wantedBy = [ "gitea.service" ];
serviceConfig = { autoStart = true;
LoadCredential = [ privateNetwork = true;
"dbpass" hostAddress = "192.168.100.10";
]; localAddress = "192.168.100.20";
bindMounts = {
"/etc/gitea/data" = {
hostPath = "/ssd1/Gitea/data";
isReadOnly = false;
}; };
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass
chown gitea:gitea /etc/gitea/*
'';
}; };
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}"
];
services.gitea = { config = {
enable = true;
stateDir = "/etc/gitea/data"; systemd.services.secrets_setup = {
wantedBy = [ "gitea.service" ];
dump.enable = false; serviceConfig = {
LoadCredential = [
appName = "Gitea"; "dbpass"
];
settings = {
server = {
DOMAIN = "gitea.esotericbytes.com";
HTTP_PORT = 3000;
ROOT_URL = "https://gitea.esotericbytes.com/";
}; };
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
session.COOKIE_SECURE = true;
cron = { script = ''
ENABLED = true; cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass
RUN_AT_START = true; chown gitea:gitea /etc/gitea/*
}; '';
}; };
database = { services.gitea = {
passwordFile = "/etc/gitea/dbpass"; enable = true;
type = "postgres";
stateDir = "/etc/gitea/data";
dump.enable = false;
appName = "Gitea";
settings = {
server = {
DOMAIN = "gitea.esotericbytes.com";
HTTP_PORT = 3000;
ROOT_URL = "https://gitea.esotericbytes.com/";
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
session.COOKIE_SECURE = true;
cron = {
ENABLED = true;
RUN_AT_START = true;
};
repository = {
DEFAULT_BRANCH = "master";
};
};
database = {
passwordFile = "/etc/gitea/dbpass";
type = "postgres";
};
}; };
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
ports = [ 2222 ];
};
networking.firewall.allowedTCPPorts = [ 3000 ];
system.stateVersion = "24.11";
}; };
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
ports = [ 2222 ];
};
networking.firewall.allowedTCPPorts = [ 3000 ];
system.stateVersion = "24.11";
}; };
}; };
}; };

172
system/virtualization/containers/gitlab/default.nix
View File

@@ -1,172 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.gitlab.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.gitlab.enable {
sops.secrets = {
"gitlab/db_pass" = {};
"gitlab/root_pass" = {};
"gitlab/secrets/secret" = {};
"gitlab/secrets/otp" = {};
"gitlab/secrets/db" = {};
"gitlab/secrets/jws" = {};
"gitlab/oidc/id" = {};
"gitlab/oidc/secret" = {};
};
services.openssh.ports = [
2222
];
networking.firewall.allowedTCPPorts = [
22
2222
];
containers.gitlab = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.16";
forwardPorts = [
{
containerPort = 22;
hostPort = 22;
}
];
bindMounts = {
"/etc/gitlab/data" = {
hostPath = "/ssd1/Gitlab/data";
isReadOnly = false;
};
};
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."gitlab/db_pass".path}"
"--load-credential=rootpass:${config.sops.secrets."gitlab/root_pass".path}"
"--load-credential=secret:${config.sops.secrets."gitlab/secrets/secret".path}"
"--load-credential=otp:${config.sops.secrets."gitlab/secrets/otp".path}"
"--load-credential=db:${config.sops.secrets."gitlab/secrets/db".path}"
"--load-credential=jws:${config.sops.secrets."gitlab/secrets/jws".path}"
"--load-credential=oidc_id:${config.sops.secrets."gitlab/oidc/id".path}"
"--load-credential=oidc_secret:${config.sops.secrets."gitlab/oidc/secret".path}"
];
config = {
systemd.services.secrets_setup = {
wantedBy = [ "gitlab.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
"rootpass"
"secret"
"db"
"otp"
"jws"
"oidc_id"
"oidc_secret"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitlab/dbpass
cat ''${CREDENTIALS_DIRECTORY}/rootpass > /etc/gitlab/rootpass
cat ''${CREDENTIALS_DIRECTORY}/secret > /etc/gitlab/secret
cat ''${CREDENTIALS_DIRECTORY}/db > /etc/gitlab/db
cat ''${CREDENTIALS_DIRECTORY}/otp > /etc/gitlab/otp
cat ''${CREDENTIALS_DIRECTORY}/jws > /etc/gitlab/jws
cat ''${CREDENTIALS_DIRECTORY}/oidc_id > /etc/gitlab/oidc-id
cat ''${CREDENTIALS_DIRECTORY}/oidc_secret > /etc/gitlab/oidc-secret
chown gitlab:gitlab /etc/gitlab/*
'';
};
services.gitlab = {
enable = true;
#https = true;
#port = 443;
host = "gitlab.blunkall.us";
databasePasswordFile = "/etc/gitlab/dbpass";
initialRootPasswordFile = "/etc/gitlab/rootpass";
statePath = "/etc/gitlab/data";
secrets = {
secretFile = "/etc/gitlab/secret";
otpFile = "/etc/gitlab/otp";
dbFile = "/etc/gitlab/db";
jwsFile = "/etc/gitlab/jws";
};
extraConfig = {
gitlab = {
default_project_features = {
builds = false;
};
};
omniauth = {
enabled = true;
auto_sign_in_with_provider = "openid_connect";
allow_single_sign_on = [ "openid_connect" ];
sync_email_from_provider = "openid_connect";
sync_profile_from_provider = [ "openid_connect" ];
sync_profile_attributes = [ "email" ];
auto_link_saml_user = true;
auto_link_user = [ "openid_connect" ];
block_auto_created_users = false;
providers = [
{
name = "openid_connect";
label = "Authentik SSO";
args = {
name = "openid_connect";
scope = [ "openid" "profile" "email" ];
response_type = "code";
issuer = "https://auth.blunkall.us/application/o/gitlab/";
discovery = true;
client_auth_method = "query";
uid_field = "preferred_username";
send_scope_to_token_endpoint = true;
pkce = true;
client_options = {
identifier = { _secret = "/etc/gitlab/oidc-id"; };
secret = { _secret = "/etc/gitlab/oidc-secret"; };
redirect_uri = "https://gitlab.blunkall.us/users/auth/openid_connect/callback";
};
};
}
];
};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"gitlab.blunkall.us" = {
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
};
services.openssh.enable = true;
systemd.services.gitlab-backup.environment.BACKUP = "dump";
networking.firewall.allowedTCPPorts = [ 22 80 ];
system.stateVersion = "24.05";
};
};
};
}

39
system/virtualization/containers/jellyfin/default.nix
View File

@@ -1,39 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.jellyfin.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.jellyfin.enable {
containers.jellyfin = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.14";
bindMounts = {
"/etc/jellyfin" = {
hostPath = "/ssd1/Jellyfin";
isReadOnly = false;
};
};
config = {
services.jellyfin = {
enable = true;
dataDir = "/etc/jellyfin/data";
configDir = "/etc/jellyfin/config";
logDir = "/etc/jellyfin/log";
openFirewall = true;
};
system.stateVersion = "24.05";
};
};
};
}

108
system/virtualization/containers/minecraft/default.nix
View File

@@ -1,108 +0,0 @@
{ config, lib, pkgs, nix-minecraft, ... }: {
options.sysconfig = {
containers.minecraft.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.containers.minecraft.enable {
networking = {
firewall = {
allowedTCPPorts = [ 25565 ];
allowedUDPPorts = [ 25565 ];
};
};
nixpkgs.overlays = [ nix-minecraft.overlay ];
containers.minecraft = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.29";
forwardPorts = [
{
containerPort = 25565;
hostPort = 25565;
protocol = "tcp";
}
{
containerPort = 25565;
hostPort = 25565;
protocol = "udp";
}
];
config = {
imports = [
nix-minecraft.nixosModules.minecraft-servers
];
environment.systemPackages = with pkgs; [ tmux ];
services.minecraft-servers = {
enable = true;
eula = true;
openFirewall = true;
dataDir = "/var/lib/mcservers";
managementSystem.systemd-socket.enable = true; #temp
servers = {
vanilla = {
enable = true;
package = pkgs.fabricServers.fabric-1_21_8;
serverProperties = {
server-port = 25565;
gamemode = "survival";
difficulty = 2;
white-list = true;
motd = "Didn't see that coming huh?";
};
whitelist = {
"MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb";
"651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc";
"Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3";
};
autoStart = true;
};
modded = {
enable = false;
#package = pkgs.fabricServers.fabric-1_21_1.override { loaderVersion = "0.16.14"; };
package = pkgs.fabricServers.fabric-1_21_1;
jvmOpts = [ "-Xms8000M" "-Xmx12000M" ];
serverProperties = {
server-port = 25566;
gamemode = "survival";
white-list = true;
allow-flight = true;
motd = "Ex-plo-sion!!!";
};
whitelist = {
"MeasureTwice66" = "a4032062-293d-484d-a790-9f52475836bb";
"651sonic" = "936a3fb0-4548-4557-975b-7794e97a3afc";
"Griffin12_" = "6a1f56d9-f712-4723-a031-e5437a389bb3";
};
autoStart = true;
symlinks = {
"mods" = ./mods;
};
};
};
};
system.stateVersion = "25.05";
};
};
};
}

81
system/virtualization/containers/nextcloud/default.nix
View File

@@ -1,81 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.nextcloud.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.nextcloud.enable {
sops.secrets."nextcloud/pass" = {};
containers.nextcloud = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.15";
bindMounts = {
"/var/lib/nextcloud" = {
hostPath = "/ssd1/Nextcloud/data";
isReadOnly = false;
};
};
extraFlags = [
"--load-credential=nextcloud-admin-pass:${config.sops.secrets."nextcloud/pass".path}"
];
config = { config, lib, pkgs, ... }: {
systemd.services.secrets_setup = {
wantedBy = [ "nextcloud-setup.service" ];
serviceConfig = {
LoadCredential = [
"nextcloud-admin-pass"
];
};
script = ''
cat $CREDENTIALS_DIRECTORY/nextcloud-admin-pass > /etc/nextcloud-admin-pass
chown nextcloud:nextcloud /etc/nextcloud-admin-pass
'';
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.virtualHosts."192.168.100.15".listen = [ { addr = "0.0.0.0"; port = 80; } ];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud32;
hostName = "192.168.100.15";
config = {
adminpassFile = "/etc/nextcloud-admin-pass";
adminuser = "root";
dbtype = "mysql";
};
https = true;
home = "/var/lib/nextcloud";
appstoreEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit mail contacts calendar tasks user_oidc;
inherit impersonate end_to_end_encryption notes spreed music memories phonetrack;
};
extraAppsEnable = true;
settings = {
overwriteprotocol = "https";
trusted_domains = [ "nextcloud.esotericbytes.com" ];
trusted_proxies = [ "192.168.100.11" ];
default_phone_region = "US";
};
database.createLocally = true;
};
system.stateVersion = "24.05";
};
};
};
}

61
system/virtualization/containers/nginx/default.nix
View File

@@ -1,42 +1,45 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers."esotericbytes.com".enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers."esotericbytes.com".enable { flake.nixosModules.default = { config, lib, ... }: {
containers.esotericbytes-com = { options.sysconfig.containers."esotericbytes.com".enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
autoStart = true; config = lib.mkIf config.sysconfig.containers."esotericbytes.com".enable {
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.13";
bindMounts = { containers.esotericbytes-com = {
"/var/www/data" = {
hostPath = "/ssd1/esotericbytes-com/data";
isReadOnly = false;
};
};
config = { autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.13";
services.nginx = { bindMounts = {
enable = true; "/var/www/data" = {
virtualHosts = { hostPath = "/ssd1/esotericbytes-com/data";
"esotericbytes.com" = { isReadOnly = false;
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 ]; config = {
system.stateVersion = "24.05"; services.nginx = {
enable = true;
virtualHosts = {
"esotericbytes.com" = {
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
};
}; };
}; };
}; };

73
system/virtualization/containers/novnc/default.nix
View File

@@ -1,51 +1,54 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.containers.novnc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.novnc.enable { flake.nixosModules.default = { config, lib, pkgs, ... }: {
networking = { options.sysconfig.containers.novnc.enable = lib.mkOption {
firewall.interfaces."ve-novnc" = { type = lib.types.bool;
allowedTCPPorts = [ 5900 ]; default = false;
allowedUDPPorts = [ 5900 ];
};
}; };
containers.novnc = { config = lib.mkIf config.sysconfig.containers.novnc.enable {
autoStart = true; networking = {
privateNetwork = true; firewall.interfaces."ve-novnc" = {
hostAddress = "192.168.100.10"; allowedTCPPorts = [ 5900 ];
localAddress = "192.168.100.30"; allowedUDPPorts = [ 5900 ];
};
};
config = { containers.novnc = {
systemd.services.novnc = { autoStart = true;
enable = true; privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.30";
path = with pkgs; [ config = {
novnc
ps
];
script = '' systemd.services.novnc = {
novnc --listen 80 --vnc 192.168.100.10:5900 enable = true;
'';
serviceConfig = { path = with pkgs; [
Type = "exec"; novnc
ps
];
script = ''
novnc --listen 80 --vnc 192.168.100.10:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
}; };
wantedBy = [ "multi-user.target" ];
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "25.05";
}; };
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "25.05";
}; };
}; };
}; };

57
system/virtualization/containers/ntfy/default.nix
View File

@@ -1,42 +1,45 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers.ntfy.enable = lib.mkOption { flake.nixosModules.default = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.ntfy.enable { options.sysconfig.containers.ntfy.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
containers.ntfy = { config = lib.mkIf config.sysconfig.containers.ntfy.enable {
autoStart = true; containers.ntfy = {
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.19";
config = { autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.19";
services.ntfy-sh = { config = {
enable = true;
settings = {
base-url = "https://ntfy.esotericbytes.com";
listen-http = ":80"; services.ntfy-sh = {
behind-proxy = true; enable = true;
upstream-base-url = "https://ntfy.sh"; settings = {
auth-default-access = "deny-all"; base-url = "https://ntfy.esotericbytes.com";
listen-http = ":80";
behind-proxy = true;
upstream-base-url = "https://ntfy.sh";
auth-default-access = "deny-all";
};
}; };
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
}; };
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
}; };
}; };
}; };

39
system/virtualization/containers/openwebui/default.nix
View File

@@ -1,39 +0,0 @@
{ config, lib, nixpkgs-us, ... }: {
options = {
sysconfig.containers.openwebui.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.containers.openwebui.enable {
containers.openwebui = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.33";
config = {
services.open-webui = {
enable = true;
package = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.open-webui;
openFirewall = true;
host = "0.0.0.0";
};
system.stateVersion = "25.05";
};
};
};
}

143
system/virtualization/containers/rustdesk/default.nix
View File

@@ -1,84 +1,87 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers.rustdesk.enable = lib.options.mkOption { flake.nixosModules.default = { config, lib, ... }: {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.rustdesk.enable { options.sysconfig.containers.rustdesk.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
/*networking = { config = lib.mkIf config.sysconfig.containers.rustdesk.enable {
firewall.allowedTCPPorts = [ 21115 21116 21117 21118 21119 ];
firewall.allowedUDPPorts = [ 21116 ];
};*/
containers.rustdesk = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.27";
/* forwardPorts = [
{
containerPort = 21115;
hostPort = 21115;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "udp";
}
{
containerPort = 21117;
hostPort = 21117;
protocol = "tcp";
}
{
containerPort = 21118;
hostPort = 21118;
protocol = "tcp";
}
{ /*networking = {
containerPort = 21119; firewall.allowedTCPPorts = [ 21115 21116 21117 21118 21119 ];
hostPort = 21119; firewall.allowedUDPPorts = [ 21116 ];
protocol = "tcp"; };*/
} containers.rustdesk = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.27";
/* forwardPorts = [
{
containerPort = 21115;
hostPort = 21115;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "udp";
}
{
containerPort = 21117;
hostPort = 21117;
protocol = "tcp";
}
{
containerPort = 21118;
hostPort = 21118;
protocol = "tcp";
}
{
containerPort = 21119;
hostPort = 21119;
protocol = "tcp";
}
];*/ ];*/
config = { config = {
services.rustdesk-server = { services.rustdesk-server = {
enable = true;
openFirewall = true;
relay = {
enable = true; enable = true;
extraArgs = [
"-k" openFirewall = true;
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
]; relay = {
enable = true;
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
signal = {
enable = true;
#relayHosts = [ "esotericbytes.com" ];
relayHosts = [ "192.168.100.27" ];
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
}; };
signal = { system.stateVersion = "24.05";
enable = true;
#relayHosts = [ "esotericbytes.com" ];
relayHosts = [ "192.168.100.27" ];
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
}; };
system.stateVersion = "24.05";
}; };
}; };
}; };

135
system/virtualization/containers/sandbox/default.nix
View File

@@ -1,79 +1,82 @@
{ config, lib, self, ... }: { { ... }: {
options.sysconfig.containers.sandbox.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.sandbox.enable { flake.nixosModules.default = { config, lib, self, ... }: {
networking = { options.sysconfig.containers.sandbox.enable = lib.mkOption {
type = lib.types.bool;
nat.internalInterfaces = [ "ve-sandbox" ]; default = false;
}; };
containers.sandbox = {
autoStart = true; config = lib.mkIf config.sysconfig.containers.sandbox.enable {
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.32";
ephemeral = true; networking = {
timeoutStartSec = "3min"; nat.internalInterfaces = [ "ve-sandbox" ];
flake = "${self}";
/*bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
}; };
containers.sandbox = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.32";
ephemeral = true;
timeoutStartSec = "3min";
flake = "${self}";
/*bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];*/
config = {
};
allowedDevices = [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];*/
config = {
}; };
}; };
}; };
} }

292
system/virtualization/containers/traefik/default.nix
View File

@@ -1,292 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.traefik.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.traefik.enable {
networking = {
hosts."192.168.100.11" = [
"esotericbytes.com"
"*.esotericbytes.com"
];
firewall.allowedTCPPorts = [ 22 80 443 ];
nat.internalInterfaces = [ "ve-traefik" ];
};
containers.traefik = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
forwardPorts = [
{
containerPort = 81;
hostPort = 80;
}
{
containerPort = 444;
hostPort = 443;
}
];
bindMounts = {
"/etc/traefik/data" = {
hostPath = "/ssd1/Traefik/data";
isReadOnly = false;
};
"/var/run/docker.sock" = lib.mkIf config.sysconfig.docker.enable {
hostPath = "/run/docker.sock";
isReadOnly = false;
};
};
config = {
environment.etc."resolv.conf" = {
enable = true;
text = ''
nameserver 1.1.1.1
nameserver 1.0.0.1
options edns0
'';
user = "root";
mode = "0664";
};
#virtualisation.docker.enable = lib.mkIf config.sysconfig.docker.enable true;
users.groups."docker" = lib.mkIf config.sysconfig.docker.enable {
name = "docker";
gid = 131;
members = [
"traefik"
];
};
services.traefik = {
enable = true;
group = lib.mkIf config.sysconfig.docker.enable "docker";
dataDir = "/etc/traefik/data";
environmentFiles = [
"/etc/traefik/data/traefik.env"
];
staticConfigOptions = {
serversTransport.insecureSkipVerify = true;
api = {
dashboard = true;
debug = true;
};
global = {
checknewversion = false;
sendanonymoususage = false;
};
providers.docker = lib.mkIf config.sysconfig.docker.enable {};
entryPoints = {
web = {
address = ":81";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":444";
asDefault = true;
http.tls = {
certResolver = "cloudflare";
domains = {
main = "esotericbytes.com";
sans = [
"*.esotericbytes.com"
];
};
};
};
local = {
address = ":80";
http.redirections.entryPoint = {
to = "localsecure";
scheme = "https";
};
};
localsecure = {
address = ":443";
asDefault = true;
http.tls = {
certResolver = "cloudflare";
domains = {
main = "esotericbytes.com";
sans = [
"*.esotericbytes.com"
];
};
};
};
};
log = {
level = "INFO";
filePath = "/etc/traefik/data/logs/traefik.log";
format = "json";
};
certificatesResolvers = {
cloudflare = {
acme = {
email = "nathanblunkall5@gmail.com";
storage = "/etc/traefik/data/acme.json";
keyType = "EC256";
dnsChallenge = {
provider = "cloudflare";
resolvers = [ "1.1.1.1:53" "1.0.0.1:53" ];
};
};
};
};
};
dynamicConfigOptions = {
http = {
routers = {
homepageSecure = {
entryPoints = [ "websecure" "localsecure" ];
rule = "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)";
service = "homepage";
tls.certResolver = "cloudflare";
};
/*remote = {
entryPoints = [ "websecure" ];
rule = "Host(`remote.esotericbytes.com`)";
service = "novnc";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};*/
/*homeassistant = {
entryPoints = [ "localsecure" ];
rule = "Host(`hass.esotericbytes.com`)";
service = "homeassistant";
tls.certResolver = "cloudflare";
};*/
jellyfin = {
entryPoints = [ "websecure" "localsecure" ];
rule = "Host(`jellyfin.esotericbytes.com`)";
service = "jellyfin";
tls.certResolver = "cloudflare";
};
/*gitlab = {
entryPoints = [ "websecure" ];
rule = "Host(`gitlab.esotericbytes.com`)";
service = "gitlab";
tls.certResolver = "cloudflare";
};*/
gitea = {
entryPoints = [ "websecure" "localsecure" ];
rule = "Host(`gitea.esotericbytes.com`)";
service = "gitea";
tls.certResolver = "cloudflare";
};
nextcloud = {
entryPoints = [ "websecure" "localsecure" ];
rule = "Host(`nextcloud.esotericbytes.com`)";
service = "nextcloud";
tls.certResolver = "cloudflare";
middlewares = [
"nextcloud_redirectregex"
];
};
traefik = {
entryPoints = [ "localsecure" ];
rule = "Host(`traefik.esotericbytes.com`)";
service = "api@internal";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};
/*ntfy = {
entryPoints = [ "websecure" ];
rule = "Host(`ntfy.esotericbytes.com`)";
service = "ntfy";
tls.certResolver = "cloudflare";
};*/
openwebui = {
entryPoints = [ "localsecure" ];
rule = "Host(`ai.esotericbytes.com`)";
service = "openwebui";
tls.certResolver = "cloudflare";
};
code-server = {
entryPoints = [ "localsecure" ];
rule = "Host(`code.esotericbytes.com`)";
service = "code-server";
tls.certResolver = "cloudflare";
};
};
middlewares = {
nextcloud_redirectregex.redirectregex = {
permanent = true;
regex = "https://nextcloud.esotericbytes.com/.well-known/(?:card|cal)dav";
replacement = "https://nextcloud.esotericbytes.com/remote.php/dav";
};
};
services = {
#gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:3000"; } ];
homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ];
jellyfin.loadBalancer.servers = [ { url = "http://192.168.100.14:8096"; } ];
#novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ];
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ];
#ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ];
openwebui.loadBalancer.servers = [ { url = "http://192.168.100.33:8080"; } ];
code-server.loadBalancer.servers = [ { url = "http://192.168.100.31:4444"; } ];
/*homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.25:8123"; } ];*/
};
};
};
};
networking = {
firewall = {
allowedTCPPorts = [ 80 443 81 444 ];
allowedUDPPorts = [ 80 443 81 444 ];
};
useHostResolvConf = false;
};
system.stateVersion = "24.05";
};
};
};
}

191
system/virtualization/containers/wyoming/default.nix
View File

@@ -1,61 +1,63 @@
{ config, lib, ... }: { { ... }: {
options.sysconfig.containers.wyoming = { flake.nixosModules.default = { config, lib, ... }: {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.containers.wyoming.enable { options.sysconfig.containers.wyoming = {
enable = lib.options.mkOption {
containers.wyoming = { type = lib.types.bool;
default = false;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.26";
bindMounts = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
}; };
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
allowedDevices = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper [ config = lib.mkIf config.sysconfig.containers.wyoming.enable {
containers.wyoming = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.26";
bindMounts = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper [
{ {
node = "/dev/nvidia0"; node = "/dev/nvidia0";
modifier = "rw"; modifier = "rw";
@@ -76,56 +78,57 @@
node = "/dev/nvidia-uvm-tools"; node = "/dev/nvidia-uvm-tools";
modifier = "rw"; modifier = "rw";
} }
]; ];
config = { config = {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 11431 11432 11433 11435 ]; allowedTCPPorts = [ 11431 11432 11433 11435 ];
}; };
services.wyoming = {
piper = lib.mkIf config.sysconfig.containers.wyoming.piper { services.wyoming = {
servers.piper = { piper = lib.mkIf config.sysconfig.containers.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
};
openwakeword = lib.mkIf config.sysconfig.containers.wyoming.openwakeword {
enable = true; enable = true;
voice = "en-us-ryan-medium"; uri = "tcp://0.0.0.0:11432";
uri = "tcp://0.0.0.0:11435";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
faster-whisper = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.containers.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
#user = "nathan";
vad.enable = false;
}; };
}; };
openwakeword = lib.mkIf config.sysconfig.containers.wyoming.openwakeword { system.stateVersion = "25.05";
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
faster-whisper = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.containers.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
#user = "nathan";
vad.enable = false;
};
}; };
system.stateVersion = "25.05";
}; };
};
};
}; };
} }

9
system/virtualization/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }: {
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
}

403
system/virtualization/docker/authentik/default.nix
View File

@@ -1,4 +1,6 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
hostPort = 9005; hostPort = 9005;
@@ -6,226 +8,233 @@
name = "authentik"; name = "authentik";
in { in {
options.sysconfig.docker.authentik.enable = with lib; mkOption { options.sysconfig.docker.authentik.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
}; };
config = lib.mkIf (config.sysconfig.docker.authentik.enable && config.sysconfig.docker.enable) { config = lib.mkIf (config.sysconfig.docker.authentik.enable && config.sysconfig.docker.enable) {
networking.firewall.interfaces = { networking.firewall.interfaces = {
"ve-traefik" = { "ve-traefik" = {
allowedTCPPorts = [ hostPort ]; allowedTCPPorts = [ hostPort ];
};
}; };
};
sops.secrets = { sops.secrets = {
"authentik/pass" = {}; "authentik/pass" = {};
"authentik/secret_key" = {}; "authentik/secret_key" = {};
}; };
sops.templates."authentik.env" = { sops.templates."authentik.env" = {
content = '' content = ''
PG_PASS=${config.sops.placeholder."authentik/pass"} PG_PASS=${config.sops.placeholder."authentik/pass"}
SECRET_KEY=${config.sops.placeholder."authentik/secret_key"} SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
''; '';
}; };
virtualisation.oci-containers.containers."authentik-postgresql" = { virtualisation.oci-containers.containers."authentik-postgresql" = {
image = "docker.io/library/postgres:16-alpine"; image = "docker.io/library/postgres:16-alpine";
environment = { environment = {
"POSTGRES_DB" = "authentik"; "POSTGRES_DB" = "authentik";
"POSTGRES_PASSWORD" = "\${PG_PASS}"; "POSTGRES_PASSWORD" = "\${PG_PASS}";
"POSTGRES_USER" = "authentik"; "POSTGRES_USER" = "authentik";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
volumes = [
"authentik_database:/var/lib/postgresql/data:rw"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}"
"--health-interval=30s"
"--health-retries=5"
"--health-start-period=20s"
"--health-timeout=5s"
"--network-alias=postgresql"
"--network=authentik_default"
];
}; };
environmentFiles = [ config.sops.templates."authentik.env".path ]; systemd.services."docker-authentik-postgresql" = {
volumes = [ serviceConfig = {
"authentik_database:/var/lib/postgresql/data:rw" Restart = lib.mkOverride 90 "always";
]; RestartMaxDelaySec = lib.mkOverride 90 "1m";
log-driver = "journald"; RestartSec = lib.mkOverride 90 "100ms";
extraOptions = [ RestartSteps = lib.mkOverride 90 9;
"--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}" };
"--health-interval=30s" after = [
"--health-retries=5" "docker-network-authentik_default.service"
"--health-start-period=20s" "docker-volume-authentik_database.service"
"--health-timeout=5s" ];
"--network-alias=postgresql" requires = [
"--network=authentik_default" "docker-network-authentik_default.service"
]; "docker-volume-authentik_database.service"
}; ];
systemd.services."docker-authentik-postgresql" = { partOf = [
serviceConfig = { "docker-compose-authentik-root.target"
Restart = lib.mkOverride 90 "always"; ];
RestartMaxDelaySec = lib.mkOverride 90 "1m"; wantedBy = [
RestartSec = lib.mkOverride 90 "100ms"; "docker-compose-authentik-root.target"
RestartSteps = lib.mkOverride 90 9; ];
}; };
after = [ virtualisation.oci-containers.containers."authentik-server" = {
"docker-network-authentik_default.service" image = "ghcr.io/goauthentik/server:2025.12.2";
"docker-volume-authentik_database.service" environment = {
]; "AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
requires = [ "AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"docker-network-authentik_default.service" "AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"docker-volume-authentik_database.service" "AUTHENTIK_POSTGRESQL__USER" = "authentik";
]; "AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
partOf = [ };
"docker-compose-authentik-root.target" environmentFiles = [ config.sops.templates."authentik.env".path ];
]; labels = {
wantedBy = [ "traefik.enable" = "true";
"docker-compose-authentik-root.target" "traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
]; "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
}; "traefik.http.routers.${name}.service" = "${name}";
virtualisation.oci-containers.containers."authentik-server" = { "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
image = "ghcr.io/goauthentik/server:2025.12.2";
environment = { "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}"; "traefik.http.middlewares.authentik.forwardauth.address" = "https://auth.esotericbytes.com/outpost.goauthentik.io/auth/traefik";
"AUTHENTIK_POSTGRESQL__USER" = "authentik"; "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}"; "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
};
volumes = [
"/etc/Authentik/custom-templates:/templates:rw"
"/etc/Authentik/data:/data:rw"
];
ports = [
"${builtins.toString hostPort}:9000/tcp"
#"9443:9443/tcp"
];
cmd = [ "server" ];
dependsOn = [
"authentik-postgresql"
];
log-driver = "journald";
extraOptions = [
"--network-alias=server"
"--network-alias=authentik-server"
"--network-alias=${name}"
];
networks = [
"docker-main"
"authentik_default"
];
}; };
environmentFiles = [ config.sops.templates."authentik.env".path ]; systemd.services."docker-authentik-server" = {
labels = { serviceConfig = {
"traefik.enable" = "true"; Restart = lib.mkOverride 90 "always";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure"; RestartMaxDelaySec = lib.mkOverride 90 "1m";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; RestartSec = lib.mkOverride 90 "100ms";
"traefik.http.routers.${name}.service" = "${name}"; RestartSteps = lib.mkOverride 90 9;
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; };
after = [
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}"; "docker-network-authentik_default.service"
"docker-network-setup.service"
];
requires = [
"docker-network-authentik_default.service"
"docker-network-setup.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
}; };
volumes = [ virtualisation.oci-containers.containers."authentik-worker" = {
"/etc/Authentik/custom-templates:/templates:rw" image = "ghcr.io/goauthentik/server:2025.12.2";
"/etc/Authentik/data:/data:rw" environment = {
]; "AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
ports = [ "AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"${builtins.toString hostPort}:9000/tcp" "AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
#"9443:9443/tcp" "AUTHENTIK_POSTGRESQL__USER" = "authentik";
]; "AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
cmd = [ "server" ]; };
dependsOn = [ environmentFiles = [ config.sops.templates."authentik.env".path ];
"authentik-postgresql" volumes = [
]; "/etc/Authentik/certs:/certs:rw"
log-driver = "journald"; "/etc/Authentik/custom-templates:/templates:rw"
extraOptions = [ "/etc/Authentik/data:/data:rw"
"--network-alias=server" "/var/run/docker.sock:/var/run/docker.sock:rw"
"--network-alias=authentik-server" ];
"--network-alias=${name}" cmd = [ "worker" ];
]; dependsOn = [
networks = [ "authentik-postgresql"
"docker-main" ];
"authentik_default" user = "root";
]; log-driver = "journald";
}; extraOptions = [
systemd.services."docker-authentik-server" = { "--network-alias=worker"
serviceConfig = { "--network=authentik_default"
Restart = lib.mkOverride 90 "always"; ];
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
}; };
after = [ systemd.services."docker-authentik-worker" = {
"docker-network-authentik_default.service" serviceConfig = {
"docker-network-setup.service" Restart = lib.mkOverride 90 "always";
]; RestartMaxDelaySec = lib.mkOverride 90 "1m";
requires = [ RestartSec = lib.mkOverride 90 "100ms";
"docker-network-authentik_default.service" RestartSteps = lib.mkOverride 90 9;
"docker-network-setup.service" };
]; after = [
partOf = [ "docker-network-authentik_default.service"
"docker-compose-authentik-root.target" ];
]; requires = [
wantedBy = [ "docker-network-authentik_default.service"
"docker-compose-authentik-root.target" ];
]; partOf = [
}; "docker-compose-authentik-root.target"
virtualisation.oci-containers.containers."authentik-worker" = { ];
image = "ghcr.io/goauthentik/server:2025.12.2"; wantedBy = [
environment = { "docker-compose-authentik-root.target"
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql"; ];
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
}; };
environmentFiles = [ config.sops.templates."authentik.env".path ];
volumes = [
"/etc/Authentik/certs:/certs:rw"
"/etc/Authentik/custom-templates:/templates:rw"
"/etc/Authentik/data:/data:rw"
"/var/run/docker.sock:/var/run/docker.sock:rw"
];
cmd = [ "worker" ];
dependsOn = [
"authentik-postgresql"
];
user = "root";
log-driver = "journald";
extraOptions = [
"--network-alias=worker"
"--network=authentik_default"
];
};
systemd.services."docker-authentik-worker" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
];
requires = [
"docker-network-authentik_default.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
# Networks # Networks
systemd.services."docker-network-authentik_default" = { systemd.services."docker-network-authentik_default" = {
path = [ pkgs.docker ]; path = [ pkgs.docker ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
ExecStop = "docker network rm -f authentik_default"; ExecStop = "docker network rm -f authentik_default";
};
script = ''
docker network inspect authentik_default || docker network create authentik_default
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
}; };
script = ''
docker network inspect authentik_default || docker network create authentik_default
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Volumes # Volumes
systemd.services."docker-volume-authentik_database" = { systemd.services."docker-volume-authentik_database" = {
path = [ pkgs.docker ]; path = [ pkgs.docker ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
};
script = ''
docker volume inspect authentik_database || docker volume create authentik_database --driver=local
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
}; };
script = ''
docker volume inspect authentik_database || docker volume create authentik_database --driver=local
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Root service # Root service
# When started, this will automatically create all resources and start # When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources. # the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-authentik-root" = { systemd.targets."docker-compose-authentik-root" = {
unitConfig = { unitConfig = {
Description = "Root target generated by compose2nix."; Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
}; };
wantedBy = [ "multi-user.target" ];
}; };
}; };
} }

93
system/virtualization/docker/default.nix
View File

@@ -1,61 +1,58 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.docker = { flake.nixosModules.default = { config, lib, pkgs, ... }: {
enable = with lib; mkOption {
type = with types; bool;
default = false;
};
nvidia = with lib; mkOption { options.sysconfig.docker = {
type = with types; bool; enable = with lib; mkOption {
default = false; type = with types; bool;
}; default = false;
};
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
config = lib.mkIf config.sysconfig.docker.enable {
networking.nat.internalInterfaces = [ "docker0" "docker-main" ];
virtualisation = {
docker = {
enable = true;
storageDriver = "btrfs";
}; };
oci-containers = { nvidia = with lib; mkOption {
backend = "docker"; type = with types; bool;
default = false;
}; };
}; };
hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia; config = lib.mkIf config.sysconfig.docker.enable {
systemd.services."docker-network-setup" = { networking.nat.internalInterfaces = [ "docker0" "docker-main" ];
path = [ pkgs.docker ];
serviceConfig = { virtualisation = {
Type = "oneshot"; docker = {
RemainAfterExit = true; enable = true;
ExecStop = "docker network rm -f docker-main"; storageDriver = "btrfs";
};
oci-containers = {
backend = "docker";
};
}; };
script = ''
docker network inspect docker-main ||
docker network create -d bridge docker-main \
--attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \
--gateway 192.168.101.1 \
-o "com.docker.network.bridge.name"="docker-main" \
-o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik"
'';
wantedBy = [ "docker-net.target" ];
};
systemd.targets."docker-net" = { hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia;
wantedBy = [ "multi-user.target" ];
systemd.services."docker-network-setup" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f docker-main";
};
script = ''
docker network inspect docker-main ||
docker network create -d bridge docker-main \
--attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \
--gateway 192.168.101.1 \
-o "com.docker.network.bridge.name"="docker-main" \
-o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik"
'';
wantedBy = [ "docker-net.target" ];
};
systemd.targets."docker-net" = {
wantedBy = [ "multi-user.target" ];
};
}; };
}; };
} }

155
system/virtualization/docker/gitea/default.nix
View File

@@ -1 +1,154 @@
{} { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "gitea";
name = "gitea";
in {
options.sysconfig.docker."${name}".enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers."${name}" = {
image = "docker.gitea.com/gitea:1.25.4";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "3000";
"traefik.tcp.routers.${name}-ssh.entrypoints" = "gitea-ssh";
"traefik.tcp.routers.${name}-ssh.rule" = "HostSNI(`*`)";
"traefik.tcp.routers.${name}-ssh.service" = "${name}-ssh";
"traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "22";
};
ports = [
];
extraOptions = [
"--ip=192.168.101.20"
];
volumes = [
"vol_gitea:/data"
];
environment = {
};
};
virtualisation.oci-containers.containers."${name}-db" = {
image = "docker.io/library/postgres:14";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${name}-db";
networks = [
"docker-main"
];
labels = {
};
ports = [
];
extraOptions = [
"--ip=192.168.101.21"
];
volumes = [
"/etc/gitea/db:/var/lib/postgresql/data"
];
environment = {
};
};
systemd.services."docker-gitea" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
partOf = [
"docker-compose-gitea-root.target"
];
wantedBy = [
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-gitea-db" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
];
requires = [
"docker-network-setup.service"
];
partOf = [
"docker-compose-gitea-root.target"
];
wantedBy = [
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-volume-gitea" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local
'';
partOf = [ "docker-compose-gitea-root.target" ];
wantedBy = [ "docker-compose-gitea-root.target" ];
};
};
};
}

87
system/virtualization/docker/home-assistant/default.nix
View File

@@ -1,58 +1,61 @@
{ config, lib, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, ... }: let
subdomain = "hass"; subdomain = "hass";
name = "home-assistant"; name = "home-assistant";
in { in {
options.sysconfig.docker.home-assistant.enable = with lib; mkOption { options.sysconfig.docker.home-assistant.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
}; };
config = lib.mkIf (config.sysconfig.docker.home-assistant.enable && config.sysconfig.docker.enable) { config = lib.mkIf (config.sysconfig.docker.home-assistant.enable && config.sysconfig.docker.enable) {
environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml;
virtualisation.oci-containers.containers.home-assistant = { environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml;
image = "ghcr.io/home-assistant/home-assistant:stable";
# unstable, waiting for 26.05 virtualisation.oci-containers.containers.home-assistant = {
#pull = "newer"; image = "ghcr.io/home-assistant/home-assistant:stable";
hostname = "${subdomain}.esotericbytes.com"; # unstable, waiting for 26.05
#pull = "newer";
networks = [ hostname = "${subdomain}.esotericbytes.com";
"docker-main"
];
labels = { networks = [
"traefik.enable" = "true"; "docker-main"
"traefik.http.routers.${name}.entrypoints" = "localsecure"; ];
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}"; labels = {
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; "traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.services.${name}.loadbalancer.server.port" = "8123"; "traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "8123";
};
environment = {
TZ = "America/Chicago";
};
extraOptions = [
"--ip=192.168.101.13"
];
ports = [
];
volumes = [
"vol_home-assistant:/config/"
"/etc/home-assistant/configuration.yaml:/config/configuration.yaml"
];
}; };
environment = {
TZ = "America/Chicago";
};
extraOptions = [
"--ip=192.168.101.13"
];
ports = [
];
volumes = [
"vol_home-assistant:/config/"
"/etc/home-assistant/configuration.yaml:/config/configuration.yaml"
];
}; };
}; };
} }

211
system/virtualization/docker/jellyfin/default.nix
View File

@@ -1,117 +1,120 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "watch"; subdomain = "watch";
name = "jellyfin"; name = "jellyfin";
in { in {
options.sysconfig.docker.jellyfin.enable = with lib; mkOption { options.sysconfig.docker.jellyfin.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker.jellyfin.enable && config.sysconfig.docker.enable) {
networking.firewall.allowedUDPPorts = [ 7359 ];
virtualisation.oci-containers.containers.jellyfin = {
image = "jellyfin/jellyfin:10.11.6";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"7359:7359/udp"
];
volumes = [
"vol_jellyfin-config:/config"
"vol_jellyfin-cache:/cache"
"/etc/jellyfin/media:/media"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8096";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.21"
];
environment = {
JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com";
};
}; };
systemd.services."docker-jellyfin" = { config = lib.mkIf (config.sysconfig.docker.jellyfin.enable && config.sysconfig.docker.enable) {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
partOf = [
"docker-compose-jellyfin-root.target"
];
wantedBy = [
"docker-compose-jellyfin-root.target"
];
};
systemd.services."docker-volume-jellyfin-config" = { networking.firewall.allowedUDPPorts = [ 7359 ];
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.services."docker-volume-jellyfin-cache" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.targets."docker-compose-jellyfin-root" = { virtualisation.oci-containers.containers.jellyfin = {
wantedBy = [ "multi-user.target" ]; image = "jellyfin/jellyfin:10.11.6";
};
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"7359:7359/udp"
];
volumes = [
"vol_jellyfin-config:/config"
"vol_jellyfin-cache:/cache"
"/etc/jellyfin/media:/media"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8096";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.21"
];
environment = {
JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com";
};
};
systemd.services."docker-jellyfin" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
partOf = [
"docker-compose-jellyfin-root.target"
];
wantedBy = [
"docker-compose-jellyfin-root.target"
];
};
systemd.services."docker-volume-jellyfin-config" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.services."docker-volume-jellyfin-cache" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.targets."docker-compose-jellyfin-root" = {
wantedBy = [ "multi-user.target" ];
};
};
}; };
} }

141
system/virtualization/docker/n8n/default.nix
View File

@@ -1,74 +1,105 @@
{ config, lib, ... }: let { ... }: {
hostPort = 9004; flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "n8n"; subdomain = "n8n";
name = "n8n"; name = "n8n";
in { in {
options.sysconfig.docker."${name}".enable = with lib; mkOption { options.sysconfig.docker."${name}".enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) {
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
}; };
virtualisation.oci-containers.containers."${name}" = { config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) {
image = "docker.n8n.io/n8nio/n8n";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com"; virtualisation.oci-containers.containers."${name}" = {
image = "docker.n8n.io/n8nio/n8n";
networks = [ # unstable, waiting for 26.05
"docker-main" #pull = "newer";
];
labels = { hostname = "${subdomain}.esotericbytes.com";
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure"; networks = [
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; "docker-main"
"traefik.http.routers.${name}.service" = "${name}"; ];
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
labels = {
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; "traefik.enable" = "true";
"traefik.http.services.${name}.loadbalancer.server.port" = "5678"; "traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "5678";
};
ports = [
];
extraOptions = [
"--ip=192.168.101.2"
];
volumes = [
"vol_n8n:/etc/n8n"
];
environment = {
GENERIC_TIMEZONE = "America/Chicago";
TZ = "America/Chicago";
N8N_DIAGNOSTICS_ENABLED = "false";
N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
N8N_TEMPLATES_ENABLED = "false";
EXTERNAL_FRONTEND_HOOKS_URLS = "";
N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
N8N_SECURE_COOKIE = "false";
};
}; };
ports = [ systemd.services."docker-n8n" = {
]; serviceConfig = {
Restart = lib.mkOverride 90 "always";
extraOptions = [ RestartMaxDelaySec = lib.mkOverride 90 "1m";
"--ip=192.168.101.2" RestartSec = lib.mkOverride 90 "100ms";
]; RestartSteps = lib.mkOverride 90 9;
};
volumes = [ after = [
"vol_n8n:/etc/n8n" "docker-network-setup.service"
]; "docker-volume-n8n.service"
];
environment = { requires = [
GENERIC_TIMEZONE = "America/Chicago"; "docker-network-setup.service"
TZ = "America/Chicago"; "docker-volume-n8n.service"
N8N_DIAGNOSTICS_ENABLED = "false"; ];
N8N_VERSION_NOTIFICATIONS_ENABLED = "false"; partOf = [
N8N_TEMPLATES_ENABLED = "false"; "docker-compose-n8n-root.target"
];
EXTERNAL_FRONTEND_HOOKS_URLS = ""; wantedBy = [
N8N_DIAGNOSTICS_CONFIG_FRONTEND = ""; "docker-compose-n8n-root.target"
N8N_DIAGNOSTICS_CONFIG_BACKEND = ""; ];
N8N_SECURE_COOKIE = "false";
}; };
systemd.services."docker-volume-n8n" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_n8n || docker volume create vol_n8n --driver=local
'';
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
}; };
}; };
} }

407
system/virtualization/docker/netbird/default.nix
View File

@@ -1,229 +1,232 @@
{ config, lib, pkgs, ... }: { { ... }: {
options.sysconfig.docker.netbird.enable = with lib; mkOption { flake.nixosModules.default = { config, lib, pkgs, ... }: {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.netbird.enable && config.sysconfig.docker.enable) { options.sysconfig.docker.netbird.enable = with lib; mkOption {
type = with types; bool;
networking.firewall.allowedUDPPorts = [ 3478 ]; default = false;
sops.secrets."netbird/secret_key" = {};
sops.templates."netbird-relay.env" = {
content = ''
NB_AUTH_SECRET=${config.sops.placeholder."netbird/secret_key"}
NB_LOG_LEVEL=info
NB_LISTEN_ADDRESS=:80
NB_EXPOSED_ADDRESS=rels://vpn.esotericbytes.com:443
NB_ENABLE_STUN=true
NB_STUN_LOG_LEVEL=info
NB_STUN_PORTS=3478
'';
}; };
environment.etc."netbird/management.json".source = ./config/management.json; config = lib.mkIf (config.sysconfig.docker.netbird.enable && config.sysconfig.docker.enable) {
networking.firewall.allowedUDPPorts = [ 3478 ];
sops.secrets."netbird/secret_key" = {};
sops.templates."netbird-relay.env" = {
content = ''
NB_AUTH_SECRET=${config.sops.placeholder."netbird/secret_key"}
NB_LOG_LEVEL=info
NB_LISTEN_ADDRESS=:80
NB_EXPOSED_ADDRESS=rels://vpn.esotericbytes.com:443
NB_ENABLE_STUN=true
NB_STUN_LOG_LEVEL=info
NB_STUN_PORTS=3478
'';
};
environment.etc."netbird/management.json".source = ./config/management.json;
# Containers # Containers
virtualisation.oci-containers.containers."netbird-dashboard" = { virtualisation.oci-containers.containers."netbird-dashboard" = {
image = "netbirdio/dashboard:v2.30.1"; image = "netbirdio/dashboard:v2.30.1";
environment = { environment = {
"AUTH_AUDIENCE" = "netbird-dashboard"; "AUTH_AUDIENCE" = "netbird-dashboard";
"AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2"; "AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2";
"AUTH_CLIENT_ID" = "netbird-dashboard"; "AUTH_CLIENT_ID" = "netbird-dashboard";
"AUTH_CLIENT_SECRET" = ""; "AUTH_CLIENT_SECRET" = "";
"AUTH_REDIRECT_URI" = "/nb-auth"; "AUTH_REDIRECT_URI" = "/nb-auth";
"AUTH_SILENT_REDIRECT_URI" = "/nb-silent-auth"; "AUTH_SILENT_REDIRECT_URI" = "/nb-silent-auth";
"AUTH_SUPPORTED_SCOPES" = "openid profile email groups"; "AUTH_SUPPORTED_SCOPES" = "openid profile email groups";
"LETSENCRYPT_DOMAIN" = "none"; "LETSENCRYPT_DOMAIN" = "none";
"NETBIRD_MGMT_API_ENDPOINT" = "https://vpn.esotericbytes.com"; "NETBIRD_MGMT_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NETBIRD_MGMT_GRPC_API_ENDPOINT" = "https://vpn.esotericbytes.com"; "NETBIRD_MGMT_GRPC_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NGINX_SSL_PORT" = "443"; "NGINX_SSL_PORT" = "443";
"USE_AUTH0" = "false"; "USE_AUTH0" = "false";
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-dashboard.entrypoints" = "websecure";
"traefik.http.routers.netbird-dashboard.priority" = "1";
"traefik.http.routers.netbird-dashboard.rule" = "Host(`vpn.esotericbytes.com`)";
"traefik.http.routers.netbird-dashboard.tls" = "true";
"traefik.http.services.netbird-dashboard.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=dashboard"
"--network=docker-main"
"--ip=192.168.101.5"
];
}; };
labels = { systemd.services."docker-netbird-dashboard" = {
"traefik.enable" = "true"; serviceConfig = {
"traefik.http.routers.netbird-dashboard.entrypoints" = "websecure"; Restart = lib.mkOverride 90 "always";
"traefik.http.routers.netbird-dashboard.priority" = "1"; RestartMaxDelaySec = lib.mkOverride 90 "1m";
"traefik.http.routers.netbird-dashboard.rule" = "Host(`vpn.esotericbytes.com`)"; RestartSec = lib.mkOverride 90 "100ms";
"traefik.http.routers.netbird-dashboard.tls" = "true"; RestartSteps = lib.mkOverride 90 9;
"traefik.http.services.netbird-dashboard.loadbalancer.server.port" = "80"; };
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
}; };
log-driver = "journald"; virtualisation.oci-containers.containers."netbird-management" = {
extraOptions = [ image = "netbirdio/management:0.64.4";
"--network-alias=dashboard" volumes = [
"--network=docker-main" "/etc/netbird/management.json:/etc/netbird/management.json:rw"
"--ip=192.168.101.5" "netbird_netbird_management:/var/lib/netbird:rw"
]; ];
}; cmd = [ "--port" "80" "--log-file" "console" "--log-level" "info" "--disable-anonymous-metrics=false" "--single-account-mode-domain=netbird.selfhosted" "--dns-domain=netbird.selfhosted" "--idp-sign-key-refresh-enabled" ];
systemd.services."docker-netbird-dashboard" = { labels = {
serviceConfig = { "traefik.enable" = "true";
Restart = lib.mkOverride 90 "always"; "traefik.http.routers.netbird-api.entrypoints" = "websecure";
RestartMaxDelaySec = lib.mkOverride 90 "1m"; "traefik.http.routers.netbird-api.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/api`)";
RestartSec = lib.mkOverride 90 "100ms"; "traefik.http.routers.netbird-api.service" = "netbird-api";
RestartSteps = lib.mkOverride 90 9; "traefik.http.routers.netbird-api.tls" = "true";
"traefik.http.routers.netbird-mgmt-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/management.ManagementService/`)";
"traefik.http.routers.netbird-mgmt-grpc.service" = "netbird-mgmt-grpc";
"traefik.http.routers.netbird-mgmt-grpc.tls" = "true";
"traefik.http.routers.netbird-mgmt-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/management`)";
"traefik.http.routers.netbird-mgmt-ws.service" = "netbird-mgmt-ws";
"traefik.http.routers.netbird-mgmt-ws.tls" = "true";
"traefik.http.routers.netbird-oauth2.entrypoints" = "websecure";
"traefik.http.routers.netbird-oauth2.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/oauth2`)";
"traefik.http.routers.netbird-oauth2.service" = "netbird-oauth2";
"traefik.http.routers.netbird-oauth2.tls" = "true";
"traefik.http.services.netbird-api.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-mgmt-ws.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-oauth2.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=management"
"--network=docker-main"
"--ip=192.168.101.4"
];
}; };
partOf = [ systemd.services."docker-netbird-management" = {
"docker-compose-netbird-root.target" serviceConfig = {
]; Restart = lib.mkOverride 90 "always";
wantedBy = [ RestartMaxDelaySec = lib.mkOverride 90 "1m";
"docker-compose-netbird-root.target" RestartSec = lib.mkOverride 90 "100ms";
]; RestartSteps = lib.mkOverride 90 9;
}; };
virtualisation.oci-containers.containers."netbird-management" = { after = [
image = "netbirdio/management:0.64.4"; "docker-volume-netbird_netbird_management.service"
volumes = [ ];
"/etc/netbird/management.json:/etc/netbird/management.json:rw" requires = [
"netbird_netbird_management:/var/lib/netbird:rw" "docker-volume-netbird_netbird_management.service"
]; ];
cmd = [ "--port" "80" "--log-file" "console" "--log-level" "info" "--disable-anonymous-metrics=false" "--single-account-mode-domain=netbird.selfhosted" "--dns-domain=netbird.selfhosted" "--idp-sign-key-refresh-enabled" ]; partOf = [
labels = { "docker-compose-netbird-root.target"
"traefik.enable" = "true"; ];
"traefik.http.routers.netbird-api.entrypoints" = "websecure"; wantedBy = [
"traefik.http.routers.netbird-api.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/api`)"; "docker-compose-netbird-root.target"
"traefik.http.routers.netbird-api.service" = "netbird-api"; ];
"traefik.http.routers.netbird-api.tls" = "true";
"traefik.http.routers.netbird-mgmt-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/management.ManagementService/`)";
"traefik.http.routers.netbird-mgmt-grpc.service" = "netbird-mgmt-grpc";
"traefik.http.routers.netbird-mgmt-grpc.tls" = "true";
"traefik.http.routers.netbird-mgmt-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/management`)";
"traefik.http.routers.netbird-mgmt-ws.service" = "netbird-mgmt-ws";
"traefik.http.routers.netbird-mgmt-ws.tls" = "true";
"traefik.http.routers.netbird-oauth2.entrypoints" = "websecure";
"traefik.http.routers.netbird-oauth2.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/oauth2`)";
"traefik.http.routers.netbird-oauth2.service" = "netbird-oauth2";
"traefik.http.routers.netbird-oauth2.tls" = "true";
"traefik.http.services.netbird-api.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-mgmt-ws.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-oauth2.loadbalancer.server.port" = "80";
}; };
log-driver = "journald"; virtualisation.oci-containers.containers."netbird-relay" = {
extraOptions = [ image = "netbirdio/relay:0.64.4";
"--network-alias=management"
"--network=docker-main"
"--ip=192.168.101.4"
];
};
systemd.services."docker-netbird-management" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-volume-netbird_netbird_management.service"
];
requires = [
"docker-volume-netbird_netbird_management.service"
];
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
virtualisation.oci-containers.containers."netbird-relay" = {
image = "netbirdio/relay:0.64.4";
environmentFiles = [ config.sops.templates."netbird-relay.env".path ]; environmentFiles = [ config.sops.templates."netbird-relay.env".path ];
ports = [ ports = [
"3478:3478/udp" "3478:3478/udp"
]; ];
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
"traefik.http.routers.netbird-relay.entrypoints" = "websecure"; "traefik.http.routers.netbird-relay.entrypoints" = "websecure";
"traefik.http.routers.netbird-relay.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/relay`)"; "traefik.http.routers.netbird-relay.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/relay`)";
"traefik.http.routers.netbird-relay.tls" = "true"; "traefik.http.routers.netbird-relay.tls" = "true";
"traefik.http.services.netbird-relay.loadbalancer.server.port" = "80"; "traefik.http.services.netbird-relay.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=relay"
"--network=docker-main"
"--ip=192.168.101.3"
];
}; };
log-driver = "journald"; systemd.services."docker-netbird-relay" = {
extraOptions = [ serviceConfig = {
"--network-alias=relay" Restart = lib.mkOverride 90 "always";
"--network=docker-main" RestartMaxDelaySec = lib.mkOverride 90 "1m";
"--ip=192.168.101.3" RestartSec = lib.mkOverride 90 "100ms";
]; RestartSteps = lib.mkOverride 90 9;
}; };
systemd.services."docker-netbird-relay" = { partOf = [
serviceConfig = { "docker-compose-netbird-root.target"
Restart = lib.mkOverride 90 "always"; ];
RestartMaxDelaySec = lib.mkOverride 90 "1m"; wantedBy = [
RestartSec = lib.mkOverride 90 "100ms"; "docker-compose-netbird-root.target"
RestartSteps = lib.mkOverride 90 9; ];
}; };
partOf = [ virtualisation.oci-containers.containers."netbird-signal" = {
"docker-compose-netbird-root.target" image = "netbirdio/signal:0.64.4";
]; labels = {
wantedBy = [ "traefik.enable" = "true";
"docker-compose-netbird-root.target" "traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure";
]; "traefik.http.routers.netbird-signal-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/signalexchange.SignalExchange/`)";
}; "traefik.http.routers.netbird-signal-grpc.service" = "netbird-signal-grpc";
virtualisation.oci-containers.containers."netbird-signal" = { "traefik.http.routers.netbird-signal-grpc.tls" = "true";
image = "netbirdio/signal:0.64.4"; "traefik.http.routers.netbird-signal-ws.entrypoints" = "websecure";
labels = { "traefik.http.routers.netbird-signal-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/signal`)";
"traefik.enable" = "true"; "traefik.http.routers.netbird-signal-ws.service" = "netbird-signal-ws";
"traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure"; "traefik.http.routers.netbird-signal-ws.tls" = "true";
"traefik.http.routers.netbird-signal-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/signalexchange.SignalExchange/`)"; "traefik.http.services.netbird-signal-grpc.loadbalancer.server.port" = "10000";
"traefik.http.routers.netbird-signal-grpc.service" = "netbird-signal-grpc"; "traefik.http.services.netbird-signal-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.routers.netbird-signal-grpc.tls" = "true"; "traefik.http.services.netbird-signal-ws.loadbalancer.server.port" = "80";
"traefik.http.routers.netbird-signal-ws.entrypoints" = "websecure"; };
"traefik.http.routers.netbird-signal-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/signal`)"; log-driver = "journald";
"traefik.http.routers.netbird-signal-ws.service" = "netbird-signal-ws"; extraOptions = [
"traefik.http.routers.netbird-signal-ws.tls" = "true"; "--network-alias=signal"
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.port" = "10000"; "--network=docker-main"
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.scheme" = "h2c"; ];
"traefik.http.services.netbird-signal-ws.loadbalancer.server.port" = "80";
}; };
log-driver = "journald"; systemd.services."docker-netbird-signal" = {
extraOptions = [ serviceConfig = {
"--network-alias=signal" Restart = lib.mkOverride 90 "always";
"--network=docker-main" RestartMaxDelaySec = lib.mkOverride 90 "1m";
]; RestartSec = lib.mkOverride 90 "100ms";
}; RestartSteps = lib.mkOverride 90 9;
systemd.services."docker-netbird-signal" = { };
serviceConfig = { partOf = [
Restart = lib.mkOverride 90 "always"; "docker-compose-netbird-root.target"
RestartMaxDelaySec = lib.mkOverride 90 "1m"; ];
RestartSec = lib.mkOverride 90 "100ms"; wantedBy = [
RestartSteps = lib.mkOverride 90 9; "docker-compose-netbird-root.target"
];
}; };
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
# Volumes # Volumes
systemd.services."docker-volume-netbird_netbird_management" = { systemd.services."docker-volume-netbird_netbird_management" = {
path = [ pkgs.docker ]; path = [ pkgs.docker ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
};
script = ''
docker volume inspect netbird_netbird_management || docker volume create netbird_netbird_management
'';
partOf = [ "docker-compose-netbird-root.target" ];
wantedBy = [ "docker-compose-netbird-root.target" ];
}; };
script = ''
docker volume inspect netbird_netbird_management || docker volume create netbird_netbird_management
'';
partOf = [ "docker-compose-netbird-root.target" ];
wantedBy = [ "docker-compose-netbird-root.target" ];
};
# Root service # Root service
# When started, this will automatically create all resources and start # When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources. # the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-netbird-root" = { systemd.targets."docker-compose-netbird-root" = {
unitConfig = { unitConfig = {
Description = "Root target generated by compose2nix."; Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
}; };
wantedBy = [ "multi-user.target" ];
}; };
}; };
} }

203
system/virtualization/docker/nextcloud/default.nix
View File

@@ -1,115 +1,118 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "cloud"; subdomain = "cloud";
name = "nextcloud"; name = "nextcloud";
in { in {
options.sysconfig.docker.nextcloud.enable = with lib; mkOption { options.sysconfig.docker.nextcloud.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker.nextcloud.enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = {
image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751";
serviceName = "docker-nextcloud";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
];
volumes = [
"nextcloud_aio_mastercontainer:/mnt/docker-aio-config"
"/run/docker.sock:/var/run/docker.sock:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.routers.${name}.middlewares" = "nextcloud-chain";
"traefik.http.middlewares.https-redirect.redirectScheme.scheme" = "https";
"traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders" = "X-Forwarded-Host";
"traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy" = "same-origin";
"traefik.http.middlewares.nextcloud-chain.chain.middlewares" = "https-redirect,nextcloud-secure-headers";
#"traefik.http.services.${name}.loadbalancer.server.port" = "11000";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:11000";
};
extraOptions = [
"--ip=192.168.101.17"
];
environment = {
APACHE_PORT = "11000";
APACHE_IP = "0.0.0.0";
APACHE_ADDITIONAL_NETWORK = "docker-main";
SKIP_DOMAIN_VALIDATION = "true";
TALK_PORT = "3479";
};
}; };
systemd.services."docker-nextcloud" = { config = lib.mkIf (config.sysconfig.docker.nextcloud.enable && config.sysconfig.docker.enable) {
serviceConfig = {
Restart = lib.mkOverride 90 "always"; virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = {
RestartMaxDelaySec = lib.mkOverride 90 "1m"; image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9; serviceName = "docker-nextcloud";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
];
volumes = [
"nextcloud_aio_mastercontainer:/mnt/docker-aio-config"
"/run/docker.sock:/var/run/docker.sock:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.routers.${name}.middlewares" = "nextcloud-chain";
"traefik.http.middlewares.https-redirect.redirectScheme.scheme" = "https";
"traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders" = "X-Forwarded-Host";
"traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy" = "same-origin";
"traefik.http.middlewares.nextcloud-chain.chain.middlewares" = "https-redirect,nextcloud-secure-headers";
#"traefik.http.services.${name}.loadbalancer.server.port" = "11000";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:11000";
};
extraOptions = [
"--ip=192.168.101.17"
];
environment = {
APACHE_PORT = "11000";
APACHE_IP = "0.0.0.0";
APACHE_ADDITIONAL_NETWORK = "docker-main";
SKIP_DOMAIN_VALIDATION = "true";
TALK_PORT = "3479";
};
}; };
after = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
partOf = [
"docker-compose-nextcloud-root.target"
];
wantedBy = [
"docker-compose-nextcloud-root.target"
];
};
systemd.services."docker-volume-nextcloud" = { systemd.services."docker-nextcloud" = {
path = [ pkgs.docker ]; serviceConfig = {
serviceConfig = { Restart = lib.mkOverride 90 "always";
Type = "oneshot"; RestartMaxDelaySec = lib.mkOverride 90 "1m";
RemainAfterExit = true; RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
partOf = [
"docker-compose-nextcloud-root.target"
];
wantedBy = [
"docker-compose-nextcloud-root.target"
];
}; };
script = ''
docker volume inspect nextcloud_aio_mastercontainer || docker volume create nextcloud_aio_mastercontainer --driver=local
'';
partOf = [ "docker-compose-nextcloud-root.target" ];
wantedBy = [ "docker-compose-nextcloud-root.target" ];
};
systemd.targets."docker-compose-nextcloud-root" = { systemd.services."docker-volume-nextcloud" = {
wantedBy = [ "multi-user.target" ]; path = [ pkgs.docker ];
}; serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect nextcloud_aio_mastercontainer || docker volume create nextcloud_aio_mastercontainer --driver=local
'';
partOf = [ "docker-compose-nextcloud-root.target" ];
wantedBy = [ "docker-compose-nextcloud-root.target" ];
};
systemd.targets."docker-compose-nextcloud-root" = {
wantedBy = [ "multi-user.target" ];
};
};
}; };
} }

107
system/virtualization/docker/ollama/default.nix
View File

@@ -1,4 +1,6 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
hostPort = 11434; hostPort = 11434;
@@ -6,67 +8,68 @@
name = "ollama"; name = "ollama";
in { in {
options.sysconfig.docker.ollama.enable = with lib; mkOption { options.sysconfig.docker.ollama.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker.ollama.enable && config.sysconfig.docker.enable) {
environment.systemPackages = with pkgs; [
ollama
];
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
"ve-openwebui" = {
allowedTCPPorts = [ hostPort ];
};
}; };
virtualisation.oci-containers.containers.ollama = { config = lib.mkIf (config.sysconfig.docker.ollama.enable && config.sysconfig.docker.enable) {
image = "ollama/ollama:latest";
# unstable, waiting for 26.05 environment.systemPackages = with pkgs; [
#pull = "newer"; ollama
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
]; ];
ports = [ networking.firewall.interfaces = {
"${builtins.toString hostPort}:11434" "ve-traefik" = {
]; allowedTCPPorts = [ hostPort ];
};
volumes = [ "ve-openwebui" = {
"vol_ollama:/root/.ollama" allowedTCPPorts = [ hostPort ];
]; };
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "11434";
}; };
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ virtualisation.oci-containers.containers.ollama = {
"--device=nvidia.com/gpu=all" image = "ollama/ollama:latest";
"--ip=192.168.101.6"
];
environment = { # unstable, waiting for 26.05
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "32000"; #pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"${builtins.toString hostPort}:11434"
];
volumes = [
"vol_ollama:/root/.ollama"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "11434";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.22"
];
environment = {
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "32000";
};
}; };
}; };
}; };

165
system/virtualization/docker/openwebui/default.nix
View File

@@ -1,96 +1,99 @@
{ config, lib, pkgs, ... }: let { ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: let
subdomain = "ai"; subdomain = "ai";
name = "openwebui"; name = "openwebui";
in { in {
options.sysconfig.docker.openwebui.enable = with lib; mkOption { options.sysconfig.docker.openwebui.enable = with lib; mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
};
config = lib.mkIf (config.sysconfig.docker.openwebui.enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers.openwebui = {
image = "ghcr.io/open-webui/open-webui:v0.7.2";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
/*ports = [
"${builtins.toString hostPort}:8080"
];*/
volumes = [
"vol_openwebui:/app/backend/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8080";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.8"
];
environment = {
};
}; };
systemd.services."docker-openwebui" = { config = lib.mkIf (config.sysconfig.docker.openwebui.enable && config.sysconfig.docker.enable) {
serviceConfig = {
Restart = lib.mkOverride 90 "always"; virtualisation.oci-containers.containers.openwebui = {
RestartMaxDelaySec = lib.mkOverride 90 "1m"; image = "ghcr.io/open-webui/open-webui:v0.7.2";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9; # unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
/*ports = [
"${builtins.toString hostPort}:8080"
];*/
volumes = [
"vol_openwebui:/app/backend/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8080";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.8"
];
environment = {
};
}; };
after = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
partOf = [
"docker-compose-openwebui-root.target"
];
wantedBy = [
"docker-compose-openwebui-root.target"
];
};
systemd.services."docker-volume-openwebui" = { systemd.services."docker-openwebui" = {
path = [ pkgs.docker ]; serviceConfig = {
serviceConfig = { Restart = lib.mkOverride 90 "always";
Type = "oneshot"; RestartMaxDelaySec = lib.mkOverride 90 "1m";
RemainAfterExit = true; RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
partOf = [
"docker-compose-openwebui-root.target"
];
wantedBy = [
"docker-compose-openwebui-root.target"
];
}; };
script = ''
docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=local
'';
partOf = [ "docker-compose-openwebui-root.target" ];
wantedBy = [ "docker-compose-openwebui-root.target" ];
};
systemd.targets."docker-compose-openwebui-root" = { systemd.services."docker-volume-openwebui" = {
wantedBy = [ "multi-user.target" ]; path = [ pkgs.docker ];
}; serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=local
'';
partOf = [ "docker-compose-openwebui-root.target" ];
wantedBy = [ "docker-compose-openwebui-root.target" ];
};
systemd.targets."docker-compose-openwebui-root" = {
wantedBy = [ "multi-user.target" ];
};
};
}; };
} }

Some files were not shown because too many files have changed in this diff Show More