Blunkall-Technologies/homebox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Blunkall-Technologies:15fb558afc1f22284579bec1c998efd9057ce5a4
Branches Tags
Blunkall-Technologies:master
...
compare: Blunkall-Technologies:master
Branches Tags
Blunkall-Technologies:master

4 Commits
15fb558afc ... master

Author SHA1 Message Date
Nathan
105eb3477a Begin Dendritic rewrite 2026-03-06 19:16:39 -06:00
Nathan
d134deee7e Begin Dendritic rewrite 2026-03-06 16:25:05 -06:00
Nathan
1f7d5634bd add ssh key 2026-02-28 17:26:29 -06:00
Nathan
b2a72f1a24 update netbird secrets 2026-02-01 06:57:04 -06:00
5 changed files with 276 additions and 317 deletions
Expand all files Collapse all files

207
default.nix
View File

@@ -1,113 +1,121 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ self, inputs, ... }: {
{ config, lib, pkgs, ... }:
flake.nixosConfigurations."homebox" = inputs.nixpkgs.lib.nixosSystem {
{
modules = [
self.nixosModules.homebox
self.nixosModules.default
];
};
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
flake.nixosModules.homebox = { config, lib, pkgs, ... }:
(import ./disko.nix { device1 = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; device3 = "/dev/sda"; })
];
{
config = {
imports = [ # Include the results of the hardware scan.
services = {
xserver = {
enable = false;
videoDrivers = ["nvidia"];
};
displayManager = {
enable = false;
defaultSession = "hyprland";
autoLogin = {
enable = true;
user = "nathan";
(import ./disko.nix { device1 = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; device3 = "/dev/sda"; })
];
config = {
services = {
xserver = {
enable = false;
videoDrivers = ["nvidia"];
};
};
pulseaudio.enable = false;
hardware.openrgb = {
enable = true;
motherboard = "amd";
};
};
hardware = {
nvidia = {
open = true;
modesetting.enable = true;
nvidiaPersistenced = true;
};
bluetooth = {
enable = true;
powerOnBoot = false;
};
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
};
};
sysconfig = {
docker.nvidia = true;
remoteBuildClient = false;
users = {
nathan = {
isSuperuser = true;
extraGroups = [ "networkmanager" "docker" ];
ssh.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
];
shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."nathan/pass".path;
home-manager = {
displayManager = {
enable = false;
defaultSession = "hyprland";
autoLogin = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
virtual-machines = true;
hyprland.enable = false;
hyprlock.enable = false;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = false;
calcurse.enable = true;
rofi.enable = false;
firefox.enable = false;
git.enable = true;
nh.enable = true;
};
user = "nathan";
};
};
pulseaudio.enable = false;
services.hypridle.enable = lib.mkForce false;
hardware.openrgb = {
enable = true;
motherboard = "amd";
};
};
home.packages = with pkgs; [
wayvnc
openrgb
];
}
];
hardware = {
nvidia = {
open = true;
modesetting.enable = true;
nvidiaPersistenced = true;
};
bluetooth = {
enable = true;
powerOnBoot = false;
};
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
};
};
sysconfig = {
host = "homebox";
docker.nvidia = true;
remoteBuildClient = false;
users = {
nathan = {
isSuperuser = true;
extraGroups = [ "networkmanager" "docker" ];
ssh.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCM7ZgIu4+ntHZbzo9iQPq5pUt7AhpOnfvvI0lWDgO4CgtkPGvyFrDnW87wjAKGKYkgKeHWHIkwq2hkEDqlPD+7xxtPpwzfyo7ZS23xlP31rL14HcG21jGHgx9SO7RmGDHHylu4PwJzz/KX59hcVmpSSV4hgB/mYA9UKe6VHv39X4y3HsjmiHwNBOKXltG4V+VkxOZD6HcZ62sgkyDTaqDpE7p+q8vHPbm6dVTKC9cMjtJmjB5EesMGKcEAy3VN2tA9M0EndtaLcBKM39vDXGpBsjURYZTu7NbQnncnO7L8kVL0nT4vA/d4mCjB51dPoXIcxn1ise0TOb9G7TxMbBQQO5YMOpiB2iuZRRvB3sYoKwbO8YfSxZi0EhvLcxkF9GBFw+pWPl0p0D2fPBbW88YQfEpoAt2EWvEu/pgaMJsTHpgaIuDwPLVQmDciX4MRoi324oElGSK8yN0P8IaCHhFchuehLBWvTi34Qot0GpnxeTzmlLzImICO9Yq0I7dk2rk= nathan@rpi-3dp"
];
shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."nathan/pass".path;
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
virtual-machines = true;
hyprland.enable = false;
hyprlock.enable = false;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = false;
calcurse.enable = true;
rofi.enable = false;
firefox.enable = false;
git.enable = true;
nh.enable = true;
};
services.hypridle.enable = lib.mkForce false;
home.packages = with pkgs; [
wayvnc
openrgb
];
}
];
};
};
};
};
};
@@ -117,7 +125,8 @@
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
};
system.stateVersion = "23.05"; # Did you read the comment?
};
};
}

287
disko.nix
View File

@@ -1,145 +1,148 @@
{
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
device2,
device3,
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
size = "4G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
ssd1 = {
device = device2;
type = "disk";
content = {
type = "gpt";
partitions = {
ssd1 = {
name = "ssd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "ssd1_vg";
};
};
};
};
};
hdd1 = {
device = device3;
type = "disk";
content = {
type = "gpt";
partitions = {
hdd1 = {
name = "hdd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "hdd1_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
{ ... }: {
subvolumes = {
"/root" = {
mountpoint = "/";
};
flake.diskoConfigurations.homebox = {
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
device2,
device3,
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
size = "4G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
ssd1 = {
device = device2;
type = "disk";
content = {
type = "gpt";
partitions = {
ssd1 = {
name = "ssd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "ssd1_vg";
};
};
};
};
};
hdd1 = {
device = device3;
type = "disk";
content = {
type = "gpt";
partitions = {
hdd1 = {
name = "hdd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "hdd1_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
ssd1_vg = {
type = "lvm_vg";
lvs = {
ssd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/ssd1" = {
mountOptions = [ "subvol=ssd1" "noatime" ];
mountpoint = "/ssd1";
};
};
};
};
};
};
hdd1_vg = {
type = "lvm_vg";
lvs = {
hdd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/hdd1" = {
mountOptions = [ "subvol=hdd1" "noatime" ];
mountpoint = "/hdd1";
};
};
};
};
};
};
};
};
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
ssd1_vg = {
type = "lvm_vg";
lvs = {
ssd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/ssd1" = {
mountOptions = [ "subvol=ssd1" "noatime" ];
mountpoint = "/ssd1";
};
};
};
};
};
};
hdd1_vg = {
type = "lvm_vg";
lvs = {
hdd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/hdd1" = {
mountOptions = [ "subvol=hdd1" "noatime" ];
mountpoint = "/hdd1";
};
};
};
};
};
};
};
};
};
}

38
flake.nix
View File

@@ -1,38 +0,0 @@
{
description = "System Configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
olympus = {
#url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Olympus";
url = "git+file:///home/nathan/Projects/Olympus";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
};
outputs = { self, nixpkgs, olympus, ... }: let
host = "homebox";
in {
nixosConfigurations."${host}" = nixpkgs.lib.nixosSystem {
specialArgs = olympus.inputs;
modules = [
{ sysconfig.host = host; }
./.
olympus.profiles.homebox
];
};
};
}

53
hardware-configuration.nix
View File

@@ -1,39 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ ... }: {
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
flake.nixosModules.homebox = { config, lib, pkgs, modulesPath, ... }:
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.br-de2feead48ad.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-blunkall-us.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-gitea.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-home-assnHYM.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-jellyfin.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-keycloak.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-n8n.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-netbird.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-nextcloud.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-ollama.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-traefik.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-wyoming.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

6
secrets.yaml
View File

@@ -13,7 +13,7 @@ gitea:
keycloak:
dbpass: ENC[AES256_GCM,data:tc4wIAqzY7nonBhz8s+YdAux,iv:Wg0b0/xnl6cANLTOJWBsX+gw1iF8Q/GvO/iKyKwqJrM=,tag:LORKRmo4RjcrVbPNhk2A9Q==,type:str]
netbird:
coturnPass: ENC[AES256_GCM,data:zB6P9RyTTKkXEOIhOyeJuF4Y,iv:8SWVfcdmMnXQJxezu3uanrlmFhR+hxXEJ3T7KA+YZqE=,tag:1H21K3kbZOuLOdN2zufWJw==,type:str]
secret_key: ENC[AES256_GCM,data:isJHGh/InvgJUSqISqxpWhZH0OMN/QG7WBbSS7WqHaWTdfZDBOh//PBP8g==,iv:j0D6feM3qnDjXijXRHgZPboFLHzPwWIhT5bYz3M+QMU=,tag:pOHRxOEdOUrL3n6DgqGDsA==,type:str]
gitlab:
db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str]
root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str]
@@ -38,7 +38,7 @@ sops:
S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-30T13:36:40Z"
mac: ENC[AES256_GCM,data:rmsAKZoCpAWGkbFtnKzvFljpUG3JzBr7xm0SxA3Hmh9z0ue/lhxl2pxTRCtA5JCAmCOdcIeGX3rPq0ofrd2zx7qExsZCQpO2FsBnVy9TBHDdi4fFwOA6PCIi32HkKLqQispJpVg08k5b4hL4Ad5x9jMB7iUYkrohuJdQySBc+pw=,iv:gplDymlUg5+1kJt7PJWbm469ipGHW7js9cWsPHDLiC0=,tag:KUz+75XQaEtwMzqMZ55iMg==,type:str]
lastmodified: "2026-02-01T12:56:37Z"
mac: ENC[AES256_GCM,data:clu/WnwHAQaowQ99Z8tNlIKKcVnLHYeYsgQK0meftXgiQKnLyLzqNipwfaU3qjITdm6fB7wY+TcySygpwFbY2f2TKrqAk7RxdnTFa61vQDqMF7rYPG90Ub79P+R5URZI8yjv69Hmrav0Y6z92vH8ItbPSRBLtgrbYZx36IFq0LU=,iv:qzBVA0xATM979tzu6cTvMrX77firvA5K0WU2hoUggoA=,tag:Fm3IqH0GUHBq9Din6ZW6ng==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0