Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:f849e52b8a74ea63cbe14dff73f6cdc80df72321
Branches Tags
Kabbone:main Kabbone:refactor
...
compare: Kabbone:main
Branches Tags
Kabbone:main Kabbone:refactor

24 Commits
f849e52b8a ... main

Author SHA1 Message Date
Kabbone
113834a397 flake update 2026-05-02 14:09:21 +02:00
Kabbone
4ca3e9abf4 fix disko_luks syntax 2026-04-26 18:21:02 +02:00
Kabbone
49a63fd6aa fix pre-commit hook 2026-04-26 18:16:37 +02:00
Kabbone
b319cd93e9 format the repo files 2026-04-26 10:27:50 +02:00
Kabbone
92fd97c9a2 add nix fmt pre-commit hook 2026-04-26 10:26:22 +02:00
Kabbone
c5e5b84bfb some minor security improvements found by claude 2026-04-26 10:01:18 +02:00
Kabbone
447fc61c0b minor cleanups 2026-04-25 20:29:42 +02:00
Kabbone
464e99ab2c jupiter: fix nix cache proxy 2026-04-25 20:29:29 +02:00
Kabbone
a33a909ff0 lifebook: add missing user arg 2026-04-25 18:46:04 +02:00
Kabbone
b09b26c3a3 lifebook: correct signing Key 2026-04-25 18:38:13 +02:00
Kabbone
aca0095870 retain nginx proxy cache to 14d 2026-04-25 18:32:06 +02:00
Kabbone
3e9b0496fb jupiter: add nix cache local proxy 2026-04-25 18:21:00 +02:00
Kabbone
12ad8a7dfa update flake 2026-04-25 18:03:21 +02:00
Kabbone
f50a5caee5 add persistence to gid/uid services of microvm and set vsock.cid 2026-04-25 17:38:42 +02:00
Kabbone
f7035e0daf cleanups and move steamdeck to desktop module 2026-04-25 17:09:23 +02:00
Kabbone
c8806e3676 add templates for host specific and global overlays 2026-04-25 10:59:21 +02:00
Kabbone
6ce78e164c remove gnome and hyprland 2026-04-25 10:37:31 +02:00
Kabbone
2c70c8281e add keyboardbindings to desktop module for niri 2026-04-25 10:33:58 +02:00
Kabbone
62b68a333f create users desktop module 2026-04-25 10:20:16 +02:00
Kabbone
5fb7ab4ee0 claude restructure 2026-04-23 20:08:25 +02:00
Kabbone
d66b67ba4c flake update 2026-04-17 07:54:28 +02:00
Kabbone
99528f0520 desktop: add screen and first shot ppd lifebook 2026-04-17 07:47:15 +02:00
Kabbone
5b65542026 flake update & disable nvim extraPackages 2026-04-05 20:16:54 +02:00
Kabbone
6ac7be0c33 reduce btrbk on Mars 2026-03-31 20:54:31 +02:00
142 changed files with 6226 additions and 6452 deletions
Expand all files Collapse all files

6
.githooks/pre-commit Executable file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env bash
nix fmt .
git diff --exit-code || {
echo "Formatter changed files — review with 'git diff', then re-stage and commit."
exit 1
}

108
CLAUDE.md Normal file
View File

@@ -0,0 +1,108 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## What This Repo Is
A NixOS flake configuration managing multiple hosts (desktops, laptops, servers). All hosts share common settings via `hosts/configuration_common.nix` and are assembled in `hosts/default.nix`.
## Common Commands
```bash
# Format all nix files
nix fmt
# Build a host configuration (no activation)
nixos-rebuild build --flake .#<host>
# Switch the current host
sudo nixos-rebuild switch --flake .#<host>
# Build a custom package
nix build .#<package>
# Edit an age-encrypted secret
agenix -e secrets/<path>.age
# Re-key all secrets after adding a new host key to secrets/secrets.nix
agenix -r
```
## Architecture
### Entry Points
- `flake.nix` — defines inputs (nixpkgs stable=25.11, unstable, home-manager, agenix, lanzaboote, jovian-nixos, microvm, impermanence, noctalia) and calls `hosts/default.nix` for `nixosConfigurations`
- `hosts/default.nix` — instantiates every host via `lib.nixosSystem`; contains the `mkHM` helper that wires home-manager into a host's modules list
### Host Structure
Each host lives in `hosts/<name>/`:
- `default.nix` — imports either `../../modules/desktop` or `../../modules/server`, sets the module options (`myDesktop.*` / `myServer.*`), and adds host-specific settings
- `home.nix` — host-specific home-manager config (merged with `hosts/home.nix` for desktops or `hosts/home_server.nix` for servers)
- `hardware-configuration.nix` — generated hardware config
Shared host-level files:
- `hosts/configuration_common.nix` — applied to every host: SSH (key-only, no root), locale, nix GC/settings, zsh, fonts, auto-upgrade flake URL
- `hosts/home.nix` — desktop home-manager base
- `hosts/home_server.nix` — server home-manager base
### Module System
Two top-level NixOS modules expose all major knobs as typed options:
**`modules/desktop/default.nix`** — `myDesktop.*`
- `windowManager`: `"niri"` (default) | `"sway"` | `"kde"`
- `cpu`: `"amd"` | `"intel"` | `"none"` — selects KVM kernel params
- `virtualisation.enable` — podman (docker-compat) + qemu/libvirt + virt-manager
- `syncthing.{enable,devices,folders}`
- `openrgb.{enable,motherboard}`
- `laptop.{enable,lidSwitch,hibernateDelaySec}`
- `nitrokey.enable`
- `niri.hotkeyVariant`: `"default"` | `"lifebook"`
- `git.signingKey` — SSH key for commit signing
- `extraSystemPackages`
**`modules/server/default.nix`** — `myServer.*`
- `sshPort` (default 2220)
- `virtualisation.{enable,cpu}` — podman only (no libvirt)
- `fail2ban.enable`
- `autoUpgrade.enable` (default true)
- `uid`, `sudoRequiresPassword`, `extraGroups`, `extraSystemPackages`
Service bundles are imported as lists in host `default.nix`:
- `modules/services/server/` — kabtop services (gitea, nextcloud, matrix, coturn, hydra, mealie, etc.)
- `modules/services/nas/` — jupiter services (nfs, vaultwarden, syncthing, paperless)
- `modules/services/dmz/` — dmz services (gitea runner microVM)
- `modules/services/kabtopci/` — kabtopci services (hydra, gitea runner)
- `modules/services/nasbackup/` — nasbak backup jobs
### Secrets (agenix)
`secrets/secrets.nix` declares which age public keys (users + host SSH keys) can decrypt each `.age` file. Add a new host: add its `ssh-ed25519` host key to `secrets/secrets.nix` in the relevant groups, then run `agenix -r` to re-key.
### Custom Packages & Overlays
- `packages/` — custom packages (e.g. `corosync-qdevice`), imported at `flake.nix` level
- `overlays/` — nixpkgs overlays applied globally
- Per-host overlays: set `nixpkgs.overlays` inside the host's `default.nix` so only that host is affected
### Disk Layouts
`disko/` contains reusable disko modules: `btrfs.nix`, `btrfs_luks.nix`, `nas_luks.nix` — referenced during initial install.
## Active Hosts
| Host | Role | WM / Notes |
|---|---|---|
| hades | Desktop | niri, AMD, Secure Boot (lanzaboote) |
| lifebook | Laptop | niri, Intel, Secure Boot |
| steamdeck | Gaming | KDE/Jovian-NixOS, Secure Boot |
| kabtop | Main server | gitea, nextcloud, matrix+bridges, coturn, hydra, mealie |
| kabtopci | CI server | hydra, nix-serve |
| jupiter | NAS | nfs, vaultwarden, syncthing, paperless |
| dmz | DMZ | gitea Actions homerunner microVM |
| nasbak | NAS backup | — |
| kubemaster-1 | K8s master | — |
See `SERVICES.md` for port-level service details per host.

10
disko/nas_luks.nix
View File

@@ -26,11 +26,11 @@
mountpoint = "/mnt/Pluto"; mountpoint = "/mnt/Pluto";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"];
}; };
"@/Backups"; "@/Backups" = {};
"@/Media"; "@/Media" = {};
"@/Games"; "@/Games" = {};
"@/IT"; "@/IT" = {};
"@/Rest"; "@/Rest" = {};
"@snapshots" = { "@snapshots" = {
mountpoint = "/mnt"; mountpoint = "/mnt";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"];

84
flake.lock generated
View File

@@ -25,11 +25,11 @@
}, },
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1773189535, "lastModified": 1777242778,
"narHash": "sha256-E1G/Or6MWeP+L6mpQ0iTFLpzSzlpGrITfU2220Gq47g=", "narHash": "sha256-VWTeqWeb8Sel/QiWyaPvCa9luAbcGawR+Rw09FJoHz0=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "6fa2fb4cf4a89ba49fc9dd5a3eb6cde99d388269", "rev": "ad8b31ad0ba8448bd958d7a5d50d811dc5d271c0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -126,11 +126,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774969509, "lastModified": 1777679572,
"narHash": "sha256-LCmfWlT3tlGVj0Q20TKqs5PBwdH3vnNsxJEhqt0wH1o=", "narHash": "sha256-egYNbRrkn+6SwTHinhdb6WUfzzdC3nXfCRqS321VylY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a7d2aca3f0dd952b01d8ed5c45536b40af3841eb", "rev": "9cb587ade2aa1b4a7257f0238d41072690b0ca4f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -146,11 +146,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774875830, "lastModified": 1775425411,
"narHash": "sha256-WPYlTmZvVa9dWlAziFkVjBdv1Z6giNIq40O1DxsBmiI=", "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "7afd8cebb99e25a64a745765920e663478eb8830", "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -208,11 +208,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774679353, "lastModified": 1777614199,
"narHash": "sha256-N5L8U18JigqVqxMz1FuwbJVruCCa5lA6hgGeXLg8LI8=", "narHash": "sha256-k8fgidVoDNQTZWGLdhe6kLgpsLcydhPzal5YKVwxD2U=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "8ffb6db9322542ec3cb541a232864084422f7e90", "rev": "79f3e3cc5c643138b7b3405c42681451be85d838",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -231,11 +231,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1774858933, "lastModified": 1777299656,
"narHash": "sha256-rgHUoE4QhOvK3Rcl9cbuIVdjPjFjfhcTm/uPs8Y7+2w=", "narHash": "sha256-c0r3xXp2+xFJwkryS+nhyQwoACbFzSt4C1TVs3QMh8E=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "45338aab3013924c75305f5cb3543b9cda993183", "rev": "079c608988c2747db3902c9de033572cd50e8656",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -253,11 +253,11 @@
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1774904266, "lastModified": 1776340739,
"narHash": "sha256-YVuNTcw2jrgizDZw4AjqPCw/dWc0fB/dC2Oud18Yr78=", "narHash": "sha256-s4FDictJlPtY6Shd6scG5hgrDMiHth09+svtvTA5NLA=",
"owner": "microvm-nix", "owner": "microvm-nix",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "d7832a2f0f435a778a9f41006d01e0f3b5ebab4b", "rev": "2f2f62fdfdca2750e3399f66bd03986ab967e5ca",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -290,11 +290,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1774933469, "lastModified": 1776983936,
"narHash": "sha256-OrnCQeUO2bqaWUl0lkDWyGWjKsOhtCyd7JSfTedQNUE=", "narHash": "sha256-ZOQyNqSvJ8UdrrqU1p7vaFcdL53idK+LOM8oRWEWh6o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "f4c4c2c0c923d7811ac2a63ccc154767e4195337", "rev": "2096f3f411ce46e88a79ae4eafcfc9df8ed41c61",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -322,11 +322,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1774709303, "lastModified": 1777578337,
"narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=", "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685", "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -338,11 +338,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1774799055, "lastModified": 1777428379,
"narHash": "sha256-Tsq9BCz0q47ej1uFF39m4tuhcwru/ls6vCCJzutEpaw=", "narHash": "sha256-ypxFOeDz+CqADEQNL72haqGjvZQdBR5Vc7pyx2JDttI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "107cba9eb4a8d8c9f8e9e61266d78d340867913a", "rev": "755f5aa91337890c432639c60b6064bb7fe67769",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -360,11 +360,11 @@
"noctalia-qs": "noctalia-qs" "noctalia-qs": "noctalia-qs"
}, },
"locked": { "locked": {
"lastModified": 1774977592, "lastModified": 1777427472,
"narHash": "sha256-TopLh0cZDcBHe4gHY2a/JBYQgoc8baizAloUDaiLa2E=", "narHash": "sha256-kqcfLdxb+CqTroMErCScvx6YQcZYJcf6X+z5I8kBJK8=",
"owner": "noctalia-dev", "owner": "noctalia-dev",
"repo": "noctalia-shell", "repo": "noctalia-shell",
"rev": "90e37a1e5328e4a990130df274e39de38e451323", "rev": "9f8dd48c8df5ab1f7f87ddf9842627e1e5682186",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -383,11 +383,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1774902752, "lastModified": 1777380063,
"narHash": "sha256-WC3SgVJX+N78KnRf1v9Z2VowkJBc9SBKpaZsWxWm/Rs=", "narHash": "sha256-q5mWOEICcZzr+KnjIwDHV9EXiBxOC9cnBpxZbDAViU8=",
"owner": "noctalia-dev", "owner": "noctalia-dev",
"repo": "noctalia-qs", "repo": "noctalia-qs",
"rev": "4f0ceff244748ec55cfccc4f674759a7a2941b18", "rev": "8742a7a748c43bf44eb6862a8ebd3591ed71502d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -406,11 +406,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772893680, "lastModified": 1776796298,
"narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", "narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -442,11 +442,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773544328, "lastModified": 1777173302,
"narHash": "sha256-Iv+qez54LAz+isij4APBk31VWA//Go81hwFOXr5iWTw=", "narHash": "sha256-ERiu3cbxvnTDxiDcimRA7af7xp6x1y0sRyLGm28Qzz8=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "4f977d776793c8bfbfdd7eca7835847ccc48874e", "rev": "aaec8c50baeaf2f2ba653e8aae71778a2bbbac94",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -510,11 +510,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773297127, "lastModified": 1775636079,
"narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github" "type": "github"
}, },
"original": { "original": {

39
flake.nix
View File

@@ -5,9 +5,8 @@
# flake.nix * # flake.nix *
# ├─ ./hosts # ├─ ./hosts
# │ └─ default.nix # │ └─ default.nix
{ {
description = "Kabbone's peronal NixOS Flake config"; description = "Kabbone's personal NixOS Flake config";
inputs = { inputs = {
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
@@ -21,12 +20,14 @@
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
home-manager = { # User Package Management home-manager = {
# User Package Management
url = "github:nix-community/home-manager/release-25.11"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager-unstable = { # User Package Management home-manager-unstable = {
# User Package Management
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
@@ -50,7 +51,6 @@
url = "github:noctalia-dev/noctalia-shell"; url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = { outputs = {
@@ -65,19 +65,18 @@
microvm, microvm,
impermanence, impermanence,
lanzaboote, lanzaboote,
noctalia,
... ...
} @ inputs: rec { } @ inputs: let
inherit (self) outputs;
systems = [ systems = [
# "aarch64-linux" # "aarch64-linux"
"x86_64-linux" "x86_64-linux"
]; ];
forAllSystems = nixpkgs.lib.genAttrs systems; forAllSystems = nixpkgs.lib.genAttrs systems;
#in { in {
# Your custom packages # Your custom packages
# Accessible through 'nix build', 'nix shell', etc # Accessible through 'nix build', 'nix shell', etc
packages = forAllSystems (system: import ./packages nixpkgs.legacyPackages.${system}); packages = forAllSystems (system: import ./packages {pkgs = nixpkgs.legacyPackages.${system};});
# Formatter for your nix files, available through 'nix fmt' # Formatter for your nix files, available through 'nix fmt'
# Other options beside 'alejandra' include 'nixpkgs-fmt' # Other options beside 'alejandra' include 'nixpkgs-fmt'
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
@@ -91,24 +90,22 @@
# These are usually stuff you would upstream into home-manager # These are usually stuff you would upstream into home-manager
#homeManagerModules = import ./modules/home-manager; #homeManagerModules = import ./modules/home-manager;
nixosConfigurations = ( # NixOS configurations nixosConfigurations = ( # NixOS configurations
import ./hosts { # Imports ./hosts/default.nix import ./hosts {
# Imports ./hosts/default.nix
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote; # Also inherit home-manager so it does not need to be defined here. inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote; # Also inherit home-manager so it does not need to be defined here.
nix.allowedUsers = [ "@wheel" ];
security.sudo.execWheelOnly = true;
} }
); );
hydraJobs = { hydraJobs = {
"steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel; "steamdeck" = self.nixosConfigurations.steamdeck.config.system.build.toplevel;
"hades" = nixosConfigurations.hades.config.system.build.toplevel; "hades" = self.nixosConfigurations.hades.config.system.build.toplevel;
"nasbak" = nixosConfigurations.nasbak.config.system.build.toplevel; "nasbak" = self.nixosConfigurations.nasbak.config.system.build.toplevel;
"jupiter" = nixosConfigurations.jupiter.config.system.build.toplevel; "jupiter" = self.nixosConfigurations.jupiter.config.system.build.toplevel;
"lifebook" = nixosConfigurations.lifebook.config.system.build.toplevel; "lifebook" = self.nixosConfigurations.lifebook.config.system.build.toplevel;
"kabtop" = nixosConfigurations.kabtop.config.system.build.toplevel; "kabtop" = self.nixosConfigurations.kabtop.config.system.build.toplevel;
"dmz" = nixosConfigurations.dmz.config.system.build.toplevel; "dmz" = self.nixosConfigurations.dmz.config.system.build.toplevel;
}; };
}; };
} }

132
hosts/configuration_common.nix Normal file
View File

@@ -0,0 +1,132 @@
#
# Common configuration shared by all hosts (desktop and server).
# Imported by configuration_desktop.nix and configuration_server.nix.
#
{
config,
lib,
pkgs,
inputs,
user,
location,
agenix,
...
}: {
imports = [
../modules/hardware/hydraCache.nix
];
users.users.${user} = {
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
time.timeZone = "Europe/Berlin";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_TIME = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
fonts.packages = with pkgs; [
carlito
vegur
source-code-pro
font-awesome
hack-font
corefonts
intel-one-mono
cascadia-code
];
environment = {
variables = {
TERMINAL = "alacritty";
EDITOR = "nvim";
VISUAL = "nvim";
BROWSER = "firefox";
};
systemPackages = with pkgs; [
vim
git
killall
pciutils
usbutils
wget
bind
dig
agenix.packages.${pkgs.system}.default
cryptsetup
powerline
powerline-fonts
powerline-symbols
tree
direnv
linuxPackages_latest.cpupower
btop
];
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
programs.zsh.enable = true;
nix = {
settings = {
auto-optimise-store = true;
allowed-users = ["@wheel"];
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
security = {
sudo.execWheelOnly = true;
pki.certificateFiles = [
./rootCA.pem
];
};
system = {
stateVersion = "23.05";
autoUpgrade = {
flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m";
allowReboot = true;
rebootWindow = {
lower = "02:00";
upper = "05:00";
};
};
};
}

201
hosts/configuration_desktop.nix
View File

@@ -1,201 +0,0 @@
#
# Main system configuration. More information available in configuration.nix(5) man page.
#
# flake.nix
# ├─ ./hosts
# │ └─ configuration.nix *
# └─ ./modules
# └─ ./editors
# └─ ./nvim
# └─ default.nix
#
{ config, lib, pkgs, pkgs-stable, inputs, user, location, agenix, ... }:
{
imports = # Import window or display manager.
[
#../modules/editors/nvim # ! Comment this out on first install !
];
users.users.${user} = { # System User
isNormalUser = true;
extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" "tss" ];
shell = pkgs.zsh; # Default shell
uid = 2000;
# initialPassword = "password95";
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
time.timeZone = "Europe/Berlin"; # Time zone and internationalisation
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = { # Extra locale settings that need to be overwritten
LC_TIME = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us"; # or us/azerty/etc
};
security = {
pam.services.login.enableGnomeKeyring = true;
rtkit.enable = true;
pki.certificateFiles = [
./rootCA.pem
];
#tpm2 = {
# enable = true;
# pkcs11.enable = true;
# tctiEnvironment.enable = true;
# };
};
#sound = { # ALSA sound enable
## #enable = true;
# mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true;
# enable = true;
# };
#};
fonts.packages = with pkgs; [ # Fonts
carlito # NixOS
vegur # NixOS
source-code-pro
font-awesome # Icons
hack-font
corefonts # MS
intel-one-mono
cascadia-code
];
environment = {
variables = {
TERMINAL = "alacritty";
EDITOR = "nvim";
VISUAL = "nvim";
BROWSER = "firefox";
};
systemPackages = (with pkgs; [ # Default packages install system-wide
vim
git
killall
pciutils
usbutils
wget
file
powertop
cpufrequtils
lm_sensors
libva-utils
at-spi2-core
bind
dig
qmk-udev-rules
gptfdisk
agenix.packages.x86_64-linux.default
age-plugin-yubikey
pwgen
cryptsetup
powerline
powerline-fonts
powerline-symbols
tree
direnv
linuxPackages_latest.cpupower
linuxPackages_latest.turbostat
btop
sbctl
ausweisapp
e2fsprogs
])
++
(with pkgs-stable; [
orca-slicer
]);
};
services = {
pipewire = { # Sound
enable = true;
alsa = {
enable = true;
# support32Bit = true;
};
pulse.enable = true;
wireplumber.enable = true;
};
openssh = { # SSH: secure shell (remote connection to shell of server)
enable = true; # local: $ ssh <user>@<ip>
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
# extraConfig = ''
# HostKeyAlgorithms +ssh-rsa
# ''; # Temporary extra config so ssh will work in guacamole
};
pcscd.enable = true;
yubikey-agent.enable = true;
udev.packages = [ pkgs.yubikey-personalization pkgs.nitrokey-udev-rules ];
flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
# sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
# List:
# com.obsproject.Studio
# com.parsecgaming.parsec
# com.usebottles.bottles
gvfs.enable = true;
fwupd.enable = true;
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
};
nix = { # Nix Package Manager settings
settings ={
auto-optimise-store = true; # Optimise syslinks
};
gc = { # Automatic garbage collection
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
package = pkgs.nixVersions.stable; # Enable nixFlakes on system
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
"mbedtls-2.28.10"
];
system = { # NixOS settings
autoUpgrade = { # Allow auto update
enable = false;
flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m";
allowReboot = true;
rebootWindow = {
lower = "02:00";
upper = "05:00";
};
#channel = "https://nixos.org/channels/nixos-unstable";
};
stateVersion = "23.05";
};
}

151
hosts/configuration_server.nix
View File

@@ -1,155 +1,44 @@
# #
# Main system configuration. More information available in configuration.nix(5) man page. # Server configuration. Imports configuration_common.nix for shared settings.
# Service modules are imported per-host.
# #
# flake.nix
# ├─ ./hosts
# │ └─ configuration.nix *
# └─ ./modules
# └─ ./editors
# └─ ./nvim
# └─ default.nix
#
{ config, lib, pkgs, inputs, user, location, agenix, ... }:
{ {
imports = # Import window or display manager. config,
[ lib,
#../modules/editors/nvim # ! Comment this out on first install ! pkgs,
inputs,
user,
location,
agenix,
...
}: {
imports = [
./configuration_common.nix
]; ];
users.users.${user} = { # System User users.users.${user} = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" ];
shell = pkgs.zsh; # Default shell
uid = 3000; uid = 3000;
# initialPassword = "password95"; extraGroups = ["wheel" "networkmanager" "kvm" "libvirtd"];
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
security.sudo.wheelNeedsPassword = true; # User does not need to give password when using sudo.
time.timeZone = "Europe/Berlin"; # Time zone and internationalisation
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = { # Extra locale settings that need to be overwritten
LC_TIME = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
};
}; };
console = { security.sudo.wheelNeedsPassword = true;
font = "Lat2-Terminus16";
keyMap = "us"; # or us/azerty/etc
};
security = { environment.systemPackages = with pkgs; [
rtkit.enable = true;
pki.certificateFiles = [
./rootCA.pem
];
};
fonts.packages = with pkgs; [ # Fonts
carlito # NixOS
vegur # NixOS
source-code-pro
font-awesome # Icons
hack-font
corefonts # MS
intel-one-mono
cascadia-code
];
environment = {
variables = {
TERMINAL = "alacritty";
EDITOR = "nvim";
VISUAL = "nvim";
BROWSER = "firefox";
};
systemPackages = with pkgs; [ # Default packages install system-wide
vim
git
killall
pciutils
usbutils
wget
powertop
cpufrequtils
lm_sensors
bind
dig
agenix.packages.x86_64-linux.default
ffmpeg ffmpeg
smartmontools smartmontools
cryptsetup
powerline
powerline-fonts
powerline-symbols
tree
direnv
linuxPackages_latest.cpupower
btop
htop htop
]; ];
};
services = { services.openssh = {
openssh = { # SSH: secure shell (remote connection to shell of server)
enable = true; # local: $ ssh <user>@<ip>
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
ports = [2220]; ports = [2220];
openFirewall = true; openFirewall = true;
}; };
#flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up nix.extraOptions = ''
# sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
};
programs = {
zsh.enable = true;
};
nix = { # Nix Package Manager settings
settings ={
auto-optimise-store = true; # Optimise syslinks
};
gc = { # Automatic garbage collection
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
package = pkgs.nixVersions.stable; # Enable nixFlakes on system
extraOptions = ''
experimental-features = nix-command flakes
keep-outputs = true keep-outputs = true
keep-derivations = true keep-derivations = true
''; '';
};
nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
system = { # NixOS settings system.autoUpgrade.enable = true;
autoUpgrade = { # Allow auto update
enable = true;
flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m";
allowReboot = true;
rebootWindow = {
lower = "02:00";
upper = "05:00";
};
};
stateVersion = "23.05";
};
} }

326
hosts/default.nix
View File

@@ -4,252 +4,239 @@
# flake.nix # flake.nix
# └─ ./hosts # └─ ./hosts
# ├─ default.nix * # ├─ default.nix *
# ├─ configuration.nix # ├─ configuration_common.nix
# ├─ configuration_desktop.nix
# ├─ configuration_server.nix
# ├─ home.nix # ├─ home.nix
# └─ ./desktop OR ./laptop OR ./vm # └─ ./desktop OR ./laptop OR ./vm
# ├─ ./default.nix # ├─ ./default.nix
# └─ ./home.nix # └─ ./home.nix
# #
{
lib,
inputs,
nixpkgs,
nixpkgs-unstable,
nixos-hardware,
home-manager,
home-manager-unstable,
agenix,
jovian-nixos,
microvm,
impermanence,
lanzaboote,
...
}: let
# Default user — desktop hosts share this; server hosts may override per-host
# by passing a different `user` value in their own specialArgs block.
defaultUser = "kabbone";
location = builtins.getEnv "HOME" + "/.setup";
{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }: system = "x86_64-linux";
let
user = "kabbone";
userdmz = "diablo";
userserver = "mephisto";
location = "$HOME/.setup";
system = "x86_64-linux"; # System architecture
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true; # Allow proprietary software
};
pkgs-unstable = import nixpkgs-unstable { pkgs-unstable = import nixpkgs-unstable {
inherit system; inherit system;
config.allowUnfree = true; # Allow proprietary software config.allowUnfree = true;
};
pkgs-stable = import nixpkgs {
inherit system;
config.allowUnfree = true; # Allow proprietary software
}; };
pkgs-kabbone = import ../packages { pkgs-kabbone = import ../packages {
inherit system; inherit system;
inherit pkgs; pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
}; };
lib = nixpkgs.lib; pkgs = import nixpkgs {
users.defaultShell = "pkgs.zsh";
in
{
hades = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix microvm nixpkgs lanzaboote pkgs-kabbone; }; config.allowUnfree = true;
modules = [ # Prefer host-specific overlays over a global one here.
# Set nixpkgs.overlays inside the host's own module (e.g. hosts/desktop/default.nix)
# so only that host's pkgs is affected. Packages can be imported inline —
# no specialArgs needed. See hosts/desktop/default.nix for an example.
};
# Helper: returns [hm-module, config-attrset] for the modules list.
# hm - the home-manager flake input to use (stable or unstable)
# user - the username whose home-manager config to build
# hmImports - list of home.nix paths for this host
mkHM = hm: user: hmImports: [
hm.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {inherit user;};
home-manager.users.${user}.imports = hmImports;
}
];
in {
hades = lib.nixosSystem {
# Desktop profile
inherit system;
specialArgs = {
inherit inputs location nixos-hardware agenix microvm nixpkgs lanzaboote;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
./desktop ./desktop # myDesktop options set inside
./configuration_desktop.nix ./configuration_common.nix
../modules/hardware/hydraCache.nix
../modules/hardware/remoteBuilder.nix ../modules/hardware/remoteBuilder.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
]
++ (mkHM home-manager defaultUser [./home.nix ./desktop/home.nix]);
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./desktop/home.nix)];
};
}
];
}; };
lifebook = lib.nixosSystem { # Laptop profile lifebook = lib.nixosSystem {
# Laptop profile
inherit system; inherit system;
specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix lanzaboote; }; specialArgs = {
modules = [ inherit inputs location nixos-hardware agenix lanzaboote;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default agenix.nixosModules.default
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
./lifebook ./lifebook # myDesktop options set inside
./configuration_desktop.nix ./configuration_common.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
]
home-manager.nixosModules.home-manager { ++ (mkHM home-manager defaultUser [./home.nix ./lifebook/home.nix]);
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./lifebook/home.nix)];
};
}
];
}; };
steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile steamdeck = nixpkgs-unstable.lib.nixosSystem {
# steamdeck profile
inherit system; inherit system;
specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix jovian-nixos lanzaboote; }; specialArgs = {
modules = [ inherit inputs location nixos-hardware agenix jovian-nixos lanzaboote;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default agenix.nixosModules.default
jovian-nixos.nixosModules.default jovian-nixos.nixosModules.default
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
./steamdeck ./steamdeck
./configuration_desktop.nix ./configuration_common.nix
../modules/hardware/hydraCache.nix ]
++ (mkHM home-manager-unstable defaultUser [./home.nix ./steamdeck/home.nix]);
home-manager-unstable.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./steamdeck/home.nix)];
};
}
];
}; };
kabtop = lib.nixosSystem { # Desktop profile kabtop = lib.nixosSystem {
# Server profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs pkgs-unstable impermanence; }; specialArgs = {
modules = [ inherit inputs location nixos-hardware agenix impermanence;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
./kabtop ./kabtop
./configuration_server.nix ./configuration_common.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
]
home-manager.nixosModules.home-manager { ++ (mkHM home-manager defaultUser [./home_server.nix ./kabtop/home.nix]);
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./kabtop/home.nix)];
};
}
];
}; };
nasbak = lib.nixosSystem { # Desktop profile nasbak = lib.nixosSystem {
# Server profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; }; specialArgs = {
modules = [ inherit inputs location nixos-hardware agenix;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default agenix.nixosModules.default
./nasbackup ./nasbackup
./configuration_server.nix ./configuration_common.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
]
home-manager.nixosModules.home-manager { ++ (mkHM home-manager defaultUser [./home_server.nix ./nasbackup/home.nix]);
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./nasbackup/home.nix)];
};
}
];
}; };
jupiter = lib.nixosSystem { # Desktop profile jupiter = lib.nixosSystem {
# Server profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix pkgs-kabbone; }; specialArgs = {
modules = [ inherit inputs location nixos-hardware agenix;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default agenix.nixosModules.default
./jupiter ./jupiter
./configuration_server.nix ./configuration_common.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
]
home-manager.nixosModules.home-manager { ++ (mkHM home-manager defaultUser [./home_server.nix ./jupiter/home.nix]);
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./jupiter/home.nix)];
};
}
];
}; };
kabtopci = lib.nixosSystem { # Desktop profile kabtopci = lib.nixosSystem {
# Server profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; }; specialArgs = {
modules = [ inherit inputs location nixos-hardware agenix impermanence;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
./kabtopci ./kabtopci
./configuration_server.nix ./configuration_common.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
]
home-manager.nixosModules.home-manager { ++ (mkHM home-manager defaultUser [./home_server.nix ./kabtopci/home.nix]);
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./kabtopci/home.nix)];
};
}
];
}; };
kubemaster-1 = lib.nixosSystem { # Desktop profile kubemaster-1 = lib.nixosSystem {
# Server profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; }; specialArgs = {
modules = [ inherit inputs location nixos-hardware agenix impermanence;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
./kubemaster-1 ./kubemaster-1
./configuration_server.nix ./configuration_common.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
]
home-manager.nixosModules.home-manager { ++ (mkHM home-manager defaultUser [./home_server.nix ./kubemaster-1/home.nix]);
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./kubemaster-1/home.nix)];
};
}
];
}; };
dmz = lib.nixosSystem { # Desktop profile dmz = lib.nixosSystem {
# Server profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; }; specialArgs = {
modules = [ inherit inputs location nixos-hardware agenix impermanence;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
./dmz ./dmz
./configuration_server.nix ./configuration_common.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
]
home-manager.nixosModules.home-manager { ++ (mkHM home-manager defaultUser [./home_server.nix ./dmz/home.nix]);
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./dmz/home.nix)];
};
}
];
}; };
# vm = lib.nixosSystem { # VM profile # vm = lib.nixosSystem { # VM profile
@@ -259,14 +246,7 @@ in
# ./vm # ./vm
# ./configuration.nix # ./configuration.nix
# #
# home-manager.nixosModules.home-manager { # (mkHM home-manager [ ./home.nix ./vm/home.nix ])
# home-manager.useGlobalPkgs = true;
# home-manager.useUserPackages = true;
# home-manager.extraSpecialArgs = { inherit user; };
# home-manager.users.${user} = {
# imports = [(import ./home.nix)] ++ [(import ./vm/home.nix)];
# };
# }
# ]; # ];
# }; # };
} }

138
hosts/desktop/default.nix
View File

@@ -1,104 +1,62 @@
# #
# Specific system configuration settings for desktop # Hades desktop — system configuration
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ inputs, lib, config, pkgs, user, nixpkgs, pkgs-kabbone, ... }:
{ {
imports = # For now, if applying to other system, swap files lib,
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix pkgs,
[(import ../../modules/wm/niri/default.nix)] ++ # Window Manager inputs,
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker ...
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options }: {
#[(import ../../modules/kabbone/corosync-qdevice.nix)] ++ # corosync qdevice quorum # Example: host-specific overlays — only hades gets these packages in its pkgs.
(import ../../modules/hardware); # Hardware devices # nixpkgs.overlays = [
# (final: prev: {
# # pull a single package from unstable (no specialArgs needed)
# firefox = inputs.nixpkgs-unstable.legacyPackages.${prev.system}.firefox;
# # pull a package from pkgs-kabbone (inline import, no specialArgs needed)
# corosync-qdevice = (import ../../packages { pkgs = prev; }).corosync-qdevice;
# })
# ];
boot = { # Boot options imports = [
./hardware-configuration.nix
../../modules/desktop
];
# ── Desktop module options ──────────────────────────────────────────────
myDesktop.windowManager = "niri";
myDesktop.cpu = "amd";
myDesktop.virtualisation.enable = true;
myDesktop.openrgb.enable = true;
myDesktop.openrgb.motherboard = "amd";
myDesktop.syncthing.enable = true;
myDesktop.syncthing.devices = {
"jupiter.home.opel-online.de" = {id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR";};
"lifebook.home.opel-online.de" = {id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4";};
};
myDesktop.syncthing.folders = {
"Sync" = {
path = "/home/kabbone/Sync";
devices = ["jupiter.home.opel-online.de" "lifebook.home.opel-online.de"];
ignorePerms = false;
};
};
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false; systemd-boot.enable = lib.mkForce false;
efi = { efi.canTouchEfiVariables = true;
canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot";
efiSysMountPoint = "/boot"; timeout = 1;
}; };
timeout = 1; # Grub auto select time
};
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
}; };
}; };
# hardware.sane = { # Used for scanning with Xsane environment.systemPackages = [pkgs.linux-firmware];
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
# hardware = {
# nitrokey.enable = true;
# };
environment = {
systemPackages = [
pkgs.linux-firmware
#pkgs-kabbone.corosync-qdevice
];
};
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
hardware.openrgb = {
enable = true;
motherboard = "amd";
};
syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
};
folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID
path = "/home/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
};
} }

51
hosts/desktop/hardware-configuration.nix
View File

@@ -10,12 +10,16 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++ [(modulesPath + "/installer/scan/not-detected.nix")]
[( import ../../modules/hardware/backup.nix )]; ++ [(import ../../modules/hardware/backup.nix)];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
@@ -69,7 +73,7 @@
snapshot_preserve_min = "all"; snapshot_preserve_min = "all";
target_preserve_min = "no"; target_preserve_min = "no";
target_preserve = "2m 4w 3d"; target_preserve = "4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas"; ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk"; ssh_user = "btrbk";
@@ -94,60 +98,59 @@
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
}; };
fileSystems."/srv" = fileSystems."/srv" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
}; };
fileSystems."/swap" = fileSystems."/swap" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
}; };
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/mnt/Pluto" = fileSystems."/mnt/Pluto" = {
{ device = "jupiter:/Pluto"; device = "jupiter:/Pluto";
fsType = "nfs"; fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
}; };
fileSystems."/mnt/Mars" = fileSystems."/mnt/Mars" = {
{ device = "jupiter:/Mars"; device = "jupiter:/Mars";
fsType = "nfs"; fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
}; };
swapDevices = [{device = "/swap/swapfile";}]; swapDevices = [{device = "/swap/swapfile";}];
networking = { networking = {

44
hosts/desktop/home.nix
View File

@@ -1,52 +1,26 @@
# #
# Home-manager configuration for laptop # Hades desktop — home-manager host-specific additions
# (WM home config is loaded by modules/desktop based on myDesktop.windowManager)
# #
# flake.nix {pkgs, ...}: {
# ├─ ./hosts imports = [
# │ └─ ./laptop ../../modules/home.nix # cmds / theme options
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/niri/home.nix # Window Manager
../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home.packages = with pkgs; [
packages = with pkgs; [
# Applications
#freecad # Office packages
#firefox
chromium chromium
thunderbird thunderbird
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
#nheko
pulsemixer pulsemixer
#yubioath-flutter
nitrokey-app nitrokey-app
kicad kicad
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
]; ];
};
services = { # Applets services = {
blueman-applet.enable = true; # Bluetooth blueman-applet.enable = true;
network-manager-applet.enable = true; # Network network-manager-applet.enable = true;
}; };
xsession.preferStatusNotifierItems = true; xsession.preferStatusNotifierItems = true;
} }

65
hosts/dmz/default.nix
View File

@@ -1,59 +1,46 @@
# #
# Specific system configuration settings for desktop # DMZ — demilitarised zone server configuration
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{ {
imports = # For now, if applying to other system, swap files config,
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix pkgs,
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker user,
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker agenix,
(import ../../modules/services/dmz); # Server Services impermanence,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/dmz);
boot = { # Boot options # ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "intel";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
loader = { # EFI Boot
systemd-boot.enable = true; systemd-boot.enable = true;
efi = { efi.canTouchEfiVariables = true;
canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot";
efiSysMountPoint = "/boot"; timeout = 1;
}; };
timeout = 1; # Grub auto select time
};
};
programs = {
zsh.enable = true;
}; };
services = { services = {
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = {
enable = true; enable = true;
addresses = true; addresses = true;
userServices = true; userServices = true;
}; };
}; };
}; };
} }

41
hosts/dmz/hardware-configuration.nix
View File

@@ -10,11 +10,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/profiles/qemu-guest.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"]; boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"];
@@ -33,44 +37,44 @@
]; ];
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
}; };
fileSystems."/srv" = fileSystems."/srv" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
}; };
fileSystems."/var" = fileSystems."/var" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
}; };
fileSystems."/swap" = fileSystems."/swap" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
}; };
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
}; };
@@ -103,5 +107,4 @@
allowedTCPPorts = [80 443]; allowedTCPPorts = [80 443];
}; };
}; };
} }

12
hosts/dmz/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
{ pkgs, ... }: imports = [
{
imports =
[
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home = {
# Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
@@ -32,5 +29,4 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

38
hosts/fuji/default.nix
View File

@@ -16,21 +16,32 @@
# └─ ./hardware # └─ ./hardware
# └─ default.nix # └─ default.nix
# #
{ config, nixpkgs, pkgs, user, lib, ... }:
{ {
imports = # For now, if applying to other system, swap files config,
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix nixpkgs,
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager pkgs,
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker user,
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options lib,
...
}: {
imports =
# For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)]
++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/sway/default.nix)]
++ # Window Manager
(import ../../modules/wm/virtualisation)
++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)]
++ # kvm module options
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = {
# Boot options
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot loader = {
# EFI Boot
systemd-boot.enable = lib.mkForce false; systemd-boot.enable = lib.mkForce false;
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
@@ -64,15 +75,16 @@
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
blueman.enable = true; blueman.enable = true;
avahi = { # Needed to find wireless printer avahi = {
# Needed to find wireless printer
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = {
# Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;
userServices = true; userServices = true;
}; };
}; };
}; };
} }

41
hosts/fuji/hardware-configuration.nix
View File

@@ -10,12 +10,16 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++ [(modulesPath + "/installer/scan/not-detected.nix")]
[( import ../../modules/hardware/backup.nix )]; ++ [(import ../../modules/hardware/backup.nix)];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
@@ -59,48 +63,47 @@
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
}; };
fileSystems."/srv" = fileSystems."/srv" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
}; };
fileSystems."/swap" = fileSystems."/swap" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
}; };
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1"; device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [{device = "/swap/swapfile";}]; swapDevices = [{device = "/swap/swapfile";}];
networking = { networking = {

15
hosts/fuji/home.nix
View File

@@ -10,18 +10,15 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
{ pkgs, ... }: imports = [
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager #../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/kde/home.nix # Window Manager #../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home = {
# Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
#firefox #firefox
@@ -35,11 +32,11 @@
]; ];
}; };
services = { # Applets services = {
# Applets
#blueman-applet.enable = true; # Bluetooth #blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network network-manager-applet.enable = true; # Network
}; };
xsession.preferStatusNotifierItems = true; xsession.preferStatusNotifierItems = true;
} }

23
hosts/home.nix
View File

@@ -14,16 +14,19 @@
# └─ ./shell # └─ ./shell
# └─ default.nix # └─ default.nix
# #
{ config, lib, pkgs, user, pkgs-stable, ... }:
{ {
config,
lib,
pkgs,
user,
...
}: {
imports = imports =
(import ../modules/editors) ++ (import ../modules/editors)
(import ../modules/programs) ++ ++ (import ../modules/programs)
(import ../modules/programs/configs) ++ ++ (import ../modules/programs/configs)
(import ../modules/services) ++ ++ (import ../modules/services)
(import ../modules/shell); ++ (import ../modules/shell);
home = { home = {
username = "${user}"; username = "${user}";
@@ -44,8 +47,10 @@
gnumake gnumake
gnupatch gnupatch
gnulib gnulib
screen
yubioath-flutter yubioath-flutter
nitrokey-app nitrokey-app
claude-code
tailscale tailscale
wireguard-tools wireguard-tools
@@ -95,7 +100,6 @@
}) })
sdkmanager sdkmanager
android-tools
]; ];
file.".config/wall".source = ../modules/themes/wall.jpg; file.".config/wall".source = ../modules/themes/wall.jpg;
@@ -116,7 +120,6 @@
}; };
}; };
# gtk = { # Theming # gtk = { # Theming
# enable = true; # enable = true;
# theme = { # theme = {

16
hosts/home_server.nix
View File

@@ -14,12 +14,17 @@
# └─ ./shell # └─ ./shell
# └─ default.nix # └─ default.nix
# #
{ config, lib, pkgs, user, ... }:
{ {
imports = # Home Manager Modules config,
(import ../modules/editors) ++ lib,
pkgs,
user,
...
}: {
imports =
# Home Manager Modules
(import ../modules/editors)
++
#(import ../modules/programs) ++ #(import ../modules/programs) ++
#(import ../modules/programs/configs) ++ #(import ../modules/programs/configs) ++
#(import ../modules/services) ++ #(import ../modules/services) ++
@@ -48,7 +53,6 @@
rsync # Syncer $ rsync -r dir1/ dir2/ rsync # Syncer $ rsync -r dir1/ dir2/
#unzip # Zip files #unzip # Zip files
#unrar # Rar files #unrar # Rar files
]; ];
stateVersion = "23.11"; stateVersion = "23.11";
}; };

81
hosts/jupiter/default.nix
View File

@@ -1,55 +1,44 @@
# #
# Specific system configuration settings for desktop # Jupiter — NAS server configuration
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, pkgs-kabbone, ... }:
{ {
imports = # For now, if applying to other ssystem, swap files config,
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix pkgs,
#(import ../../modules/wm/virtualisation) ++ # Docker inputs,
(import ../../modules/services/nas) ++ # Server Services user,
(import ../../modules/hardware); # Hardware devices ...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/nas);
boot = { # Boot options # ── Server module options ───────────────────────────────────────────────
kernelPackages = pkgs.linuxPackages_latest; # No virtualisation on the NAS
loader = { # EFI Boot # ── Host-specific settings ──────────────────────────────────────────────
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
};
# environment = { # Example: host-specific overlay — only jupiter gets these packages in its pkgs.
# systemPackages = with pkgs-kabbone; [ # nixpkgs.overlays = [
# corosync-qdevice # (final: prev: {
### simple-scan # corosync-qdevice = (import ../../packages { pkgs = prev; }).corosync-qdevice;
### intel-media-driver # firefox = inputs.nixpkgs-unstable.legacyPackages.${prev.system}.firefox;
### alacritty # })
# ]; # ];
# };
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
};
programs = { programs = {
zsh.enable = true;
ssh.startAgent = false; ssh.startAgent = false;
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
@@ -60,16 +49,14 @@
services = { services = {
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = {
enable = true; enable = true;
addresses = true; addresses = true;
userServices = true; userServices = true;
}; };
}; };
}; };
} }

65
hosts/jupiter/hardware-configuration.nix
View File

@@ -10,12 +10,16 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = imports =
[(modulesPath + "/profiles/qemu-guest.nix")] ++ [(modulesPath + "/profiles/qemu-guest.nix")]
[( import ../../modules/hardware/backup.nix )]; ++ [(import ../../modules/hardware/backup.nix)];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"]; boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
@@ -112,78 +116,78 @@
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
}; };
fileSystems."/srv" = fileSystems."/srv" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
}; };
fileSystems."/swap" = fileSystems."/swap" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
}; };
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
}; };
fileSystems."/mnt/snapshots/Mars" = fileSystems."/mnt/snapshots/Mars" = {
{ device = "/dev/disk/by-label/MARS"; device = "/dev/disk/by-label/MARS";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
}; };
fileSystems."/mnt/snapshots/Pluto" = fileSystems."/mnt/snapshots/Pluto" = {
{ device = "/dev/disk/by-label/NAS-RAID"; device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd:8,noatime,subvolid=5"]; options = ["compress=zstd:8,noatime,subvolid=5"];
}; };
fileSystems."/mnt/Pluto" = fileSystems."/mnt/Pluto" = {
{ device = "/dev/disk/by-label/NAS-RAID"; device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd:8,noatime,subvol=@"]; options = ["compress=zstd:8,noatime,subvol=@"];
}; };
fileSystems."/mnt/Mars" = fileSystems."/mnt/Mars" = {
{ device = "/dev/disk/by-label/MARS"; device = "/dev/disk/by-label/MARS";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async"];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-label/NIXBOOT"; device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/export/Pluto" = fileSystems."/export/Pluto" = {
{ device = "/mnt/Pluto"; device = "/mnt/Pluto";
options = ["bind"]; options = ["bind"];
}; };
fileSystems."/export/Mars" = fileSystems."/export/Mars" = {
{ device = "/mnt/Mars"; device = "/mnt/Mars";
options = ["bind"]; options = ["bind"];
}; };
@@ -234,5 +238,4 @@
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088 ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
''; '';
}; };
} }

12
hosts/jupiter/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
{ pkgs, ... }: imports = [
{
imports =
[
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home = {
# Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
@@ -32,5 +29,4 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

100
hosts/kabtop/default.nix
View File

@@ -1,45 +1,39 @@
# #
# Specific system configuration settings for desktop # Kabtop — server configuration
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, pkgs-unstable, user, agenix, impermanence, ... }:
{ {
imports = # For now, if applying to other system, swap files config,
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix pkgs,
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker user,
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options agenix,
(import ../../modules/services/server); # Server Services impermanence,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/server);
boot = { # Boot options # ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "amd";
myServer.fail2ban.enable = true;
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
loader = { # EFI Boot
grub = { grub = {
enable = true; enable = true;
device = "/dev/sda"; device = "/dev/sda";
}; };
timeout = 1; # Grub auto select time timeout = 1;
}; };
}; };
environment = { environment.etc = {
etc = {
"fail2ban/filter.d/open-webui.conf" = { "fail2ban/filter.d/open-webui.conf" = {
source = ../../modules/services/server/fail2ban/filter/open-webui.conf; source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
mode = "0444"; mode = "0444";
@@ -53,10 +47,8 @@
mode = "0444"; mode = "0444";
}; };
}; };
};
programs = { programs = {
zsh.enable = true;
ssh.startAgent = false; ssh.startAgent = false;
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
@@ -65,47 +57,5 @@
}; };
}; };
services = { services.qemuGuest.enable = true;
#auto-cpufreq.enable = true;
qemuGuest.enable = true;
#avahi = { # Needed to find wireless printer
# enable = true;
# nssmdns = true;
# publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
fail2ban = {
enable = true;
maxretry = 5;
jails.DEFAULT.settings = {
findtime = "15m";
};
jails = {
open-webui = ''
enabled = true
filter = open-webui
backend = systemd
action = iptables-allports
'';
gitea = ''
enabled = true
filter = gitea
backend = systemd
action = iptables-allports
'';
nextcloud = ''
backend = auto
enabled = true
filter = nextcloud
logpath = /var/lib/nextcloud/data/nextcloud.log
action = iptables-allports
'';
};
};
};
} }

42
hosts/kabtop/hardware-configuration.nix
View File

@@ -10,11 +10,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/profiles/qemu-guest.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod"]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod"];
@@ -61,49 +65,48 @@
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
}; };
fileSystems."/srv" = fileSystems."/srv" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
}; };
fileSystems."/var" = fileSystems."/var" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"]; options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
}; };
fileSystems."/swap" = fileSystems."/swap" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
}; };
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
}; };
#swapDevices = [ { device = "/swap/swapfile"; } ]; #swapDevices = [ { device = "/swap/swapfile"; } ];
swapDevices = []; swapDevices = [];
@@ -144,6 +147,5 @@
}; };
}; };
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

12
hosts/kabtop/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
{ pkgs, ... }: imports = [
{
imports =
[
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home = {
# Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
@@ -32,5 +29,4 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

55
hosts/kabtopci/default.nix
View File

@@ -1,45 +1,34 @@
# #
# Specific system configuration settings for desktop # Kabtopci — CI server configuration
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{ {
imports = # For now, if applying to other system, swap files config,
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix pkgs,
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker user,
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # Docker agenix,
(import ../../modules/services/kabtopci); # Server Services impermanence,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/kabtopci);
boot = { # Boot options # ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "amd";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
loader = { # EFI Boot
grub = { grub = {
enable = true; enable = true;
device = "/dev/vda"; device = "/dev/vda";
}; };
timeout = 1; # Grub auto select time timeout = 1;
}; };
}; };
programs = {
zsh.enable = true;
};
} }

47
hosts/kabtopci/hardware-configuration.nix
View File

@@ -10,11 +10,14 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix")]; lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk"]; boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
@@ -32,38 +35,38 @@
]; ];
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
}; };
fileSystems."/srv" = fileSystems."/srv" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
}; };
fileSystems."/var" = fileSystems."/var" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"]; options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = ["compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
}; };
fileSystems."/swap" = fileSystems."/swap" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
}; };
@@ -80,14 +83,18 @@
interfaces = { interfaces = {
ens3 = { ens3 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet. useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ { ipv4.addresses = [
{
address = "195.90.221.87"; address = "195.90.221.87";
prefixLength = 22; prefixLength = 22;
} ]; }
ipv6.addresses = [ { ];
ipv6.addresses = [
{
address = "2a00:6800:3:d5b::2"; address = "2a00:6800:3:d5b::2";
prefixLength = 64; prefixLength = 64;
} ]; }
];
}; };
}; };
defaultGateway = "195.90.220.1"; defaultGateway = "195.90.220.1";

12
hosts/kabtopci/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
{ pkgs, ... }: imports = [
{
imports =
[
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home = {
# Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
@@ -32,5 +29,4 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

67
hosts/kubemaster-1/default.nix
View File

@@ -1,58 +1,43 @@
# #
# Specific system configuration settings for desktop # Kubemaster-1 — Kubernetes master server configuration
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{ {
imports = # For now, if applying to other system, swap files config,
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix pkgs,
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker user,
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker agenix,
(import ../../modules/services/kubemaster); # Server Services impermanence,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/kubemaster);
boot = { # Boot options # ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "intel";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
loader = { # EFI Boot
systemd-boot.enable = true; systemd-boot.enable = true;
efi = { efi.canTouchEfiVariables = true;
canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot";
efiSysMountPoint = "/boot"; timeout = 1;
};
timeout = 1; # Grub auto select time
}; };
}; };
programs = { services.avahi = {
zsh.enable = true;
};
services = {
avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = {
enable = true; enable = true;
addresses = true; addresses = true;
userServices = true; userServices = true;
}; };
}; };
};
} }

41
hosts/kubemaster-1/hardware-configuration.nix
View File

@@ -10,11 +10,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"];
@@ -33,44 +37,44 @@
]; ];
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
}; };
fileSystems."/srv" = fileSystems."/srv" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
}; };
fileSystems."/var" = fileSystems."/var" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
}; };
fileSystems."/swap" = fileSystems."/swap" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
}; };
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
}; };
@@ -113,5 +117,4 @@
''; '';
}; };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

12
hosts/kubemaster-1/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
{ pkgs, ... }: imports = [
{
imports =
[
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home = {
# Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
@@ -32,5 +29,4 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

131
hosts/lifebook/default.nix
View File

@@ -1,99 +1,60 @@
# #
# Specific system configuration settings for desktop # Lifebook laptop — system configuration
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ inputs, lib, config, pkgs, user, ... }:
{ {
imports = # For now, if applying to other system, swap files lib,
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix pkgs,
[(import ../../modules/wm/niri/default.nix)] ++ # Window Manager user,
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker ...
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options }: {
(import ../../modules/hardware); # Hardware devices imports = [
./hardware-configuration.nix
../../modules/desktop
];
boot = { # Boot options # ── Desktop module options ──────────────────────────────────────────────
myDesktop.windowManager = "niri";
myDesktop.niri.hotkeyVariant = "lifebook";
myDesktop.cpu = "intel";
myDesktop.virtualisation.enable = true;
myDesktop.laptop.enable = true;
myDesktop.laptop.lidSwitch = "suspend-then-hibernate";
myDesktop.laptop.hibernateDelaySec = "1h";
myDesktop.git.signingKey = "/home/${user}/.ssh/id_ed25519_sk_rk_blackred";
myDesktop.syncthing.enable = true;
myDesktop.syncthing.devices = {
"jupiter.home.opel-online.de" = {id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR";};
"hades.home.opel-online.de" = {id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA";};
};
myDesktop.syncthing.folders = {
"Sync" = {
path = "/home/kabbone/Sync";
devices = ["jupiter.home.opel-online.de" "hades.home.opel-online.de"];
ignorePerms = false;
};
};
myDesktop.extraSystemPackages = with pkgs; [
intel-media-driver
intel-compute-runtime
];
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
initrd.prepend = ["${./patched-SSDT4}"]; initrd.prepend = ["${./patched-SSDT4}"];
loader = {
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false; systemd-boot.enable = lib.mkForce false;
efi = { efi.canTouchEfiVariables = true;
canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot";
efiSysMountPoint = "/boot"; timeout = 1;
}; };
timeout = 1; # Grub auto select time
};
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
}; };
}; };
hardware = {
nitrokey.enable = true;
};
environment = {
systemPackages = with pkgs; [
linux-firmware
intel-media-driver
intel-compute-runtime
];
};
systemd.sleep.extraConfig = "HibernateDelaySec=1h";
services = {
logind.settings.Login.HandleLidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
blueman.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
#tailscale.enable = true;
syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
};
folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID
path = "/home/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
};
} }

104
hosts/lifebook/hardware-configuration.nix
View File

@@ -10,12 +10,16 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++ [(modulesPath + "/installer/scan/not-detected.nix")]
[( import ../../modules/hardware/backup.nix )]; ++ [(import ../../modules/hardware/backup.nix)];
boot = { boot = {
initrd = { initrd = {
@@ -43,7 +47,6 @@
zramSwap.enable = true; zramSwap.enable = true;
services = { services = {
btrfs.autoScrub = { btrfs.autoScrub = {
enable = true; enable = true;
@@ -92,7 +95,7 @@
snapshot_preserve_min = "all"; snapshot_preserve_min = "all";
target_preserve_min = "no"; target_preserve_min = "no";
target_preserve = "2m 4w 3d"; target_preserve = "4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas"; ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk"; ssh_user = "btrbk";
@@ -109,6 +112,42 @@
}; };
}; };
}; };
tuned = {
enable = true;
profiles = {
balanced_powertop = {
main = {
include = "balanced";
};
sysfs = {
"/sys/class/net/wlan0/device/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb3/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb1/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-9/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb4/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-10/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb2/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-5/power/wakeup" = "enabled";
};
};
balanced-battery_powertop = {
main = {
include = "balanced-battery";
};
sysfs = {
"/sys/class/net/wlan0/device/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb3/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb1/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-9/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb4/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-10/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb2/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-5/power/wakeup" = "disabled";
};
};
};
};
}; };
systemd.timers = { systemd.timers = {
@@ -118,76 +157,73 @@
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-label/NIXBOOT"; device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
}; };
fileSystems."/srv" = fileSystems."/srv" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
}; };
fileSystems."/swap" = fileSystems."/swap" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
}; };
fileSystems."/opt" = fileSystems."/opt" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
}; };
fileSystems."/var" = fileSystems."/var" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
}; };
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
}; };
fileSystems."/mnt/Pluto" = {
fileSystems."/mnt/Pluto" = device = "jupiter.home.opel-online.de:/Pluto";
{ device = "jupiter.home.opel-online.de:/Pluto";
fsType = "nfs"; fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
}; };
fileSystems."/mnt/Mars" = fileSystems."/mnt/Mars" = {
{ device = "jupiter.home.opel-online.de:/Mars"; device = "jupiter.home.opel-online.de:/Mars";
fsType = "nfs"; fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
}; };
swapDevices = [{device = "/swap/swapfile";}]; swapDevices = [{device = "/swap/swapfile";}];
networking = { networking = {
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "lifebook"; hostName = "lifebook";
@@ -219,7 +255,7 @@
}; };
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = { # powerManagement = {
powertop.enable = true; # powertop.enable = true;
}; # };
} }

43
hosts/lifebook/home.nix
View File

@@ -1,49 +1,26 @@
# #
# Home-manager configuration for laptop # Lifebook laptop — home-manager host-specific additions
# (WM home config is loaded by modules/desktop based on myDesktop.windowManager)
# #
# flake.nix {pkgs, ...}: {
# ├─ ./hosts imports = [
# │ └─ ./laptop ../../modules/home.nix # cmds / theme options
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/niri/home.nix # Window Manager
../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home.packages = with pkgs; [
packages = with pkgs; [ libreoffice
# Applications
libreoffice # Office packages
#firefox
chromium chromium
thunderbird thunderbird
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
intel-gpu-tools intel-gpu-tools
pulsemixer pulsemixer
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
]; ];
};
services = { # Applets services = {
blueman-applet.enable = true; # Bluetooth blueman-applet.enable = true;
network-manager-applet.enable = true; # Network network-manager-applet.enable = true;
}; };
xsession.preferStatusNotifierItems = true; xsession.preferStatusNotifierItems = true;
} }

60
hosts/nasbackup/default.nix
View File

@@ -1,46 +1,34 @@
# #
# Specific system configuration settings for desktop # Nasbak — NAS backup server configuration
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, ... }:
{ {
imports = # For now, if applying to other system, swap files config,
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix pkgs,
#[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker user,
(import ../../modules/services/nasbackup) ++ # Server Services ...
(import ../../modules/hardware); # Hardware devices }: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/nasbackup);
boot = { # Boot options # ── Server module options ───────────────────────────────────────────────
# No virtualisation on the backup NAS
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
loader = { # EFI Boot
systemd-boot.enable = true; systemd-boot.enable = true;
efi = { efi.canTouchEfiVariables = true;
canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot";
efiSysMountPoint = "/boot"; timeout = 1;
};
timeout = 1; # Grub auto select time
}; };
}; };
programs = { programs = {
zsh.enable = true;
ssh.startAgent = false; ssh.startAgent = false;
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
@@ -51,16 +39,14 @@
services = { services = {
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = {
enable = true; enable = true;
addresses = true; addresses = true;
userServices = true; userServices = true;
}; };
}; };
}; };
} }

47
hosts/nasbackup/hardware-configuration.nix
View File

@@ -1,4 +1,3 @@
# Hardware settings for Teclast F5 10" Laptop # Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2 # NixOS @ sda2
# #
@@ -10,11 +9,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/profiles/qemu-guest.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
@@ -139,39 +142,38 @@
}; };
}; };
fileSystems."/" = {
fileSystems."/" = device = "/dev/disk/by-label/NIXROOT";
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
}; };
fileSystems."/srv" = fileSystems."/srv" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
}; };
fileSystems."/swap" = fileSystems."/swap" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
}; };
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" = {
{ device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
}; };
@@ -182,14 +184,14 @@
# options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ]; # options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ];
# }; # };
# #
fileSystems."/mnt/nas" = fileSystems."/mnt/nas" = {
{ device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b"; device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak"]; options = ["compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak"];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-label/NIXBOOT"; device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat"; fsType = "vfat";
}; };
@@ -229,5 +231,4 @@
# ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2 # ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2
# ''; # '';
}; };
} }

12
hosts/nasbackup/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
{ pkgs, ... }: imports = [
{
imports =
[
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home = {
# Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
@@ -32,5 +29,4 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

40
hosts/nbf5/default.nix
View File

@@ -16,23 +16,32 @@
# └─ ./hardware # └─ ./hardware
# └─ default.nix # └─ default.nix
# #
{ config, pkgs, user, ... }:
{ {
imports = # For now, if applying to other system, swap files config,
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix pkgs,
user,
...
}: {
imports =
# For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)]
++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager #[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
# [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager # [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)]
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options ++ # Docker
(import ../../modules/hardware) ++ [(import ../../modules/wm/virtualisation/kvm-intel.nix)]
(import ../../modules/services/printer); # Hardware devices ++ # kvm module options
(import ../../modules/hardware)
++ (import ../../modules/services/printer); # Hardware devices
boot = { # Boot options boot = {
# Boot options
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot loader = {
# EFI Boot
systemd-boot.enable = true; systemd-boot.enable = true;
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
@@ -48,7 +57,8 @@
]; ];
}; };
programs = { # No xbacklight, this is the alterantive programs = {
# No xbacklight, this is the alterantive
light.enable = true; light.enable = true;
}; };
@@ -63,10 +73,12 @@
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
blueman.enable = true; blueman.enable = true;
avahi = { # Needed to find wireless printer avahi = {
# Needed to find wireless printer
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = {
# Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;
userServices = true; userServices = true;

50
hosts/nbf5/hardware-configuration.nix
View File

@@ -10,11 +10,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot = { boot = {
@@ -74,63 +78,61 @@
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/mapper/root"; device = "/dev/mapper/root";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/mapper/root"; device = "/dev/mapper/root";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
}; };
fileSystems."/srv" = fileSystems."/srv" = {
{ device = "/dev/mapper/root"; device = "/dev/mapper/root";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
}; };
fileSystems."/opt" = fileSystems."/opt" = {
{ device = "/dev/mapper/root"; device = "/dev/mapper/root";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/mapper/root"; device = "/dev/mapper/root";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
}; };
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" = {
{ device = "/dev/mapper/root"; device = "/dev/mapper/root";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-label/BOOT"; device = "/dev/disk/by-label/BOOT";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/mnt/Pluto" = fileSystems."/mnt/Pluto" = {
{ device = "jupiter:/Pluto"; device = "jupiter:/Pluto";
fsType = "nfs"; fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
}; };
fileSystems."/mnt/Mars" = fileSystems."/mnt/Mars" = {
{ device = "jupiter:/Mars"; device = "jupiter:/Mars";
fsType = "nfs"; fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
}; };
swapDevices = []; swapDevices = [];
networking = { networking = {
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "nbf5"; hostName = "nbf5";

15
hosts/nbf5/home.nix
View File

@@ -10,18 +10,15 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
{ pkgs, ... }: imports = [
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager #../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/sway/home.nix # Window Manager #../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home = {
# Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
firefox firefox
@@ -41,11 +38,11 @@
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
services = { # Applets services = {
# Applets
blueman-applet.enable = true; # Bluetooth blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network network-manager-applet.enable = true; # Network
}; };
xsession.preferStatusNotifierItems = true; xsession.preferStatusNotifierItems = true;
} }

85
hosts/steamdeck/default.nix
View File

@@ -1,80 +1,53 @@
# #
# Specific system configuration settings for desktop # Steamdeck — system configuration
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, jovian-nixos, lib, ... }:
{ {
lib,
pkgs,
user,
jovian-nixos,
...
}: {
imports = [
./hardware-configuration.nix
../../modules/desktop
../../modules/wm/steam
];
# ── Desktop module options ──────────────────────────────────────────────
myDesktop.windowManager = "kde";
myDesktop.cpu = "amd";
myDesktop.virtualisation.enable = true;
myDesktop.nitrokey.enable = true;
specialisation = { specialisation = {
sway.configuration = { sway.configuration = {
imports = imports = [(import ../../modules/wm/sway)];
[(import ../../modules/wm/sway)];
jovian.steam.enable = lib.mkForce false; jovian.steam.enable = lib.mkForce false;
services.desktopManager.plasma6.enable = lib.mkForce false; services.desktopManager.plasma6.enable = lib.mkForce false;
}; };
}; };
imports = # For now, if applying to other system, swap files # ── Host-specific settings ──────────────────────────────────────────────
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix boot = {
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker loader = {
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
[(import ../../modules/wm/steam)] ++
[(import ../../modules/wm/kde)] ++
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false; systemd-boot.enable = lib.mkForce false;
efi = { efi.canTouchEfiVariables = true;
canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot";
efiSysMountPoint = "/boot"; timeout = 1;
}; };
timeout = 1; # Grub auto select time
};
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
}; };
}; };
hardware = { services.printing = {
nitrokey.enable = true;
};
services = {
# blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true; enable = true;
drivers = [pkgs.gutenprint]; drivers = [pkgs.gutenprint];
}; };
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
tailscale.enable = true;
}; services.tailscale.enable = true;
security.pam.sshAgentAuth.enable = true; security.pam.sshAgentAuth.enable = true;
} }

54
hosts/steamdeck/hardware-configuration.nix
View File

@@ -10,11 +10,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot = { boot = {
@@ -111,49 +115,49 @@
# }; # };
# }; # };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-label/NIXBOOT"; device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
}; };
fileSystems."/srv" = fileSystems."/srv" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
}; };
fileSystems."/swap" = fileSystems."/swap" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
}; };
fileSystems."/opt" = fileSystems."/opt" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
}; };
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" = {
{ device = "/dev/mapper/crypted"; device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
}; };
@@ -164,22 +168,20 @@
# options = [ "nofail,noauto,users,x-systemd.automount" ]; # options = [ "nofail,noauto,users,x-systemd.automount" ];
# }; # };
fileSystems."/mnt/Pluto" = fileSystems."/mnt/Pluto" = {
{ device = "jupiter:/Pluto"; device = "jupiter:/Pluto";
fsType = "nfs"; fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
}; };
fileSystems."/mnt/Mars" = fileSystems."/mnt/Mars" = {
{ device = "jupiter:/Mars"; device = "jupiter:/Mars";
fsType = "nfs"; fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
}; };
swapDevices = [{device = "/swap/swapfile";}]; swapDevices = [{device = "/swap/swapfile";}];
networking = { networking = {
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "steamdeck"; hostName = "steamdeck";

39
hosts/steamdeck/home.nix
View File

@@ -1,52 +1,27 @@
# #
# Home-manager configuration for laptop # Home-manager configuration for steamdeck
# #
# flake.nix {pkgs, ...}: {
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
specialisation = { specialisation = {
sway.configuration = { sway.configuration = {
imports = imports = [(import ../../modules/wm/sway/home.nix)];
[(import ../../modules/wm/sway/home.nix)];
}; };
}; };
imports = imports =
[(import ../../modules/home.nix)] ++ # Window Manager [(import ../../modules/home.nix)]
[(import ../../modules/wm/steam/home.nix)] ++ ++ [(import ../../modules/wm/steam/home.nix)];
[(import ../../modules/wm/kde/home.nix)];
home = { # Specific packages for laptop home = {
packages = with pkgs; [ packages = with pkgs; [
# Applications libreoffice
libreoffice # Office packages
#firefox
chromium chromium
thunderbird thunderbird
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
pulsemixer pulsemixer
#yuzu-early-access
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
]; ];
}; };
services = { # Applets
};
xsession.preferStatusNotifierItems = true; xsession.preferStatusNotifierItems = true;
} }

20
hosts/vm/hardware-configuration.nix
View File

@@ -1,11 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/profiles/qemu-guest.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"]; boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"];
@@ -13,8 +17,8 @@
boot.kernelModules = ["kvm-intel"]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime"]; options = ["compress=zstd,space_cache=v2,ssd,noatime"];
}; };
@@ -25,8 +29,8 @@
# options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ]; # options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ];
# }; # };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-label/BOOT"; device = "/dev/disk/by-label/BOOT";
fsType = "vfat"; fsType = "vfat";
}; };

552
modules/desktop/default.nix Normal file
View File

@@ -0,0 +1,552 @@
#
# Desktop module — import this instead of manual WM/virtualisation imports.
#
# Usage in hosts/<hostname>/default.nix:
#
# imports = [
# ./hardware-configuration.nix
# ../../modules/desktop
# ];
#
# myDesktop.windowManager = "niri"; # niri (default) | sway | kde
# myDesktop.cpu = "amd"; # amd | intel | none (default)
#
# myDesktop.virtualisation.enable = true;
#
# myDesktop.syncthing.enable = true;
# myDesktop.syncthing.devices = { "jupiter.home.example.de" = { id = "XXXXX-..."; }; };
# myDesktop.syncthing.folders = { "Sync" = { path = "/home/user/Sync"; devices = [...]; }; };
#
# myDesktop.openrgb.enable = true;
# myDesktop.openrgb.motherboard = "amd"; # or "intel"
#
# myDesktop.laptop.enable = true;
# myDesktop.laptop.lidSwitch = "suspend-then-hibernate";
# myDesktop.laptop.hibernateDelaySec = "1h";
#
# myDesktop.nitrokey.enable = true;
#
# myDesktop.extraSystemPackages = with pkgs; [ some-tool ];
#
{
config,
lib,
pkgs,
inputs,
user,
...
}: let
cfg = config.myDesktop;
in {
# Hardware modules that are always useful on desktops (bluetooth, …)
imports = import ../hardware;
# ── Options ──────────────────────────────────────────────────────────────
options.myDesktop = with lib; {
windowManager = mkOption {
type = types.enum ["niri" "sway" "kde"];
default = "niri";
description = "Window manager / desktop environment for this host.";
};
cpu = mkOption {
type = types.enum ["amd" "intel" "none"];
default = "none";
description = "CPU type selects the matching KVM kernel parameters.";
};
virtualisation.enable =
mkEnableOption "virtualisation stack (podman/docker-compat, qemu/libvirt, virt-manager)";
syncthing = {
enable = mkEnableOption "syncthing continuous file synchronisation";
devices = mkOption {
type = types.attrs;
default = {};
example =
literalExpression
''{ "jupiter.home.example.de" = { id = "XXXXX-XXXXX-XXXXX-..."; }; }'';
description = "Syncthing peer devices.";
};
folders = mkOption {
type = types.attrs;
default = {};
example =
literalExpression
''{ "Sync" = { path = "/home/user/Sync"; devices = [ "jupiter" ]; ignorePerms = false; }; }'';
description = "Syncthing shared folders.";
};
};
openrgb = {
enable = mkEnableOption "OpenRGB RGB motherboard control";
motherboard = mkOption {
type = types.str;
default = "amd";
description = "Motherboard vendor string passed to OpenRGB (amd or intel).";
};
};
laptop = {
enable = mkEnableOption "laptop-specific settings (lid-switch, hibernate delay)";
lidSwitch = mkOption {
type = types.str;
default = "suspend-then-hibernate";
description = "systemd-logind action on lid close.";
};
hibernateDelaySec = mkOption {
type = types.str;
default = "1h";
description = "Delay before transitioning from suspend to hibernate.";
};
};
nitrokey.enable = mkEnableOption "Nitrokey hardware security key support";
niri.hotkeyVariant = mkOption {
type = types.enum ["default" "lifebook"];
default = "default";
description = "Niri hotkey variant to deploy selects binds/<variant>.kdl.";
};
git.signingKey = mkOption {
type = types.str;
default = "/home/${user}/.ssh/id_ed25519_sk_rk_red";
description = "SSH key used for git commit signing on this host.";
};
extraSystemPackages = mkOption {
type = types.listOf types.package;
default = [];
description = "Additional system packages specific to this host.";
};
};
# ── Configuration ────────────────────────────────────────────────────────
config = lib.mkMerge [
# ── Base desktop config (replaces configuration_desktop.nix) ───────────
{
users.users.${user} = {
isNormalUser = true;
uid = 2000;
extraGroups = [
"wheel"
"video"
"audio"
"camera"
"networkmanager"
"lp"
"kvm"
"libvirtd"
"adb"
"dialout"
"tss"
];
};
security = {
pam.services.login.enableGnomeKeyring = true;
# swaylock PAM is harmless on non-sway WMs
pam.services.swaylock = {};
rtkit.enable = true;
};
environment.systemPackages = with pkgs;
[
file
powertop
cpufrequtils
lm_sensors
libva-utils
at-spi2-core
qmk-udev-rules
gptfdisk
age-plugin-yubikey
pwgen
sbctl
ausweisapp
e2fsprogs
orca-slicer
]
++ cfg.extraSystemPackages;
nixpkgs.config.permittedInsecurePackages = ["mbedtls-2.28.10"];
services = {
pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
wireplumber.enable = true;
};
pcscd.enable = true;
yubikey-agent.enable = true;
udev.packages = with pkgs; [yubikey-personalization nitrokey-udev-rules];
flatpak.enable = true;
gvfs.enable = true;
fwupd.enable = true;
blueman.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
userServices = true;
};
};
};
programs.dconf.enable = true;
system.autoUpgrade.enable = false;
home-manager.users.${user}.programs.git.signing.key =
cfg.git.signingKey;
}
# ── Niri ───────────────────────────────────────────────────────────────
(lib.mkIf (cfg.windowManager == "niri") {
environment = {
systemPackages = with pkgs; [
alacritty
xdg-desktop-portal-gnome
xdg-desktop-portal-gtk
swaylock
swayidle
slurp
grim
lxqt.lxqt-openssh-askpass
clinfo
glib
brightnessctl
playerctl
xwayland-satellite
breeze-hacked-cursor-theme
pwvucontrol
];
loginShellInit = ''
export GTK_IM_MODULE="simple"
export ELECTRON_OZONE_PLATFORM_HINT="auto"
export NIXOS_OZONE_WL="1"
export WLR_RENDERER="vulkan"
export _JAVA_AWT_WM_NONREPARENTING="1"
'';
};
services = {
iio-niri.enable = false;
greetd = {
enable = true;
useTextGreeter = true;
settings.default_session.command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
};
tuned.enable = true;
upower.enable = true;
};
programs = {
niri.enable = true;
ssh.enableAskPassword = true;
ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
# Noctalia shell + niri home config via home-manager
home-manager.users.${user} = {
imports = [
inputs.noctalia.homeModules.default
../wm/niri/home.nix
];
xdg.configFile."niri/binds.kdl".source =
../wm/niri/binds/${cfg.niri.hotkeyVariant}.kdl;
services = {
mako.enable = true;
polkit-gnome.enable = true;
};
programs = {
fuzzel.enable = true;
noctalia-shell = {
enable = true;
settings = {
appLauncher.terminalCommand = "alacritty -e";
bar = {
density = "compact";
position = "top";
showCapsule = false;
widgets = {
left = [
{
id = "ControlCenter";
useDistroLogo = true;
}
{
hideUnoccupied = false;
id = "Workspace";
labelMode = "index";
showApplications = true;
}
{id = "ActiveWindow";}
];
center = [
{
formatHorizontal = "HH:mm\\ndd-MM-yy";
formatVertical = "HH mm";
id = "Clock";
useMonospacedFont = true;
usePrimaryColor = true;
}
];
right = [
{id = "MediaMini";}
{
id = "SystemMonitor";
showNetworkStats = true;
compactMode = false;
}
{id = "WiFi";}
{id = "Bluetooth";}
{
id = "Battery";
displayMode = "icon-always";
hideIfNotDetected = true;
}
{
id = "Volume";
displayMode = "alwaysShow";
}
{
id = "NotificationHistory";
hideWhenZero = true;
}
{id = "Tray";}
];
};
};
colorSchemes.predefinedScheme = "Catppuccin";
general = {
avatarImage = "/home/${user}/.face";
radiusRatio = 0.2;
lockOnSusepnd = true;
};
location = {
monthBeforeDay = true;
name = "Munich, Germany";
showWeekNumberInCalendar = true;
firstDayOfWeek = 0;
};
wallpaper = {
enabled = true;
overviewEnabled = false;
directory = "/home/${user}/.setup/modules/themes/";
};
brightness = {
enforceMinimum = true;
brightnessStep = 5;
};
controlCenter.shortcuts.left = [
{id = "WiFi";}
{id = "Bluetooth";}
{id = "ScreenRecorder";}
{id = "PowerProfile";}
{id = "KeepAwake";}
];
dock.enabled = false;
sessionMenu.enableCountdown = false;
templates = {
fuzzel = true;
alacritty = true;
qt = true;
gtk = true;
discord = true;
code = true;
telegram = true;
niri = true;
firefox = true;
};
};
};
};
home.file.".cache/noctalia/wallpapers.json".text = builtins.toJSON {
defaultWallpaper = "/home/${user}/.setup/modules/themes/wall.jpg";
};
};
})
# ── Sway ───────────────────────────────────────────────────────────────
(lib.mkIf (cfg.windowManager == "sway") {
environment = {
loginShellInit = ''
if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then
exec sway
fi
'';
systemPackages = with pkgs; [
xdg-desktop-portal-wlr
sway
swaylock
swayidle
slurp
grim
bemenu
lxqt.lxqt-openssh-askpass
clinfo
waybar
glib
];
};
programs = {
sway = {
enable = true;
extraSessionCommands = ''
export MOZ_ENABLE_WAYLAND="1"
export MOZ_WEBRENDER="1"
export WLR_RENDERER="vulkan"
export XDG_SESSION_TYPE="wayland"
export GTK_THEME="Arc"
export _JAVA_AWT_WM_NONREPARENTING="1"
'';
};
ssh.enableAskPassword = true;
ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = [pkgs.xdg-desktop-portal-gtk];
};
home-manager.users.${user}.imports = [
../wm/sway/home.nix
../wm/waybar.nix # sway uses waybar for the bar
];
})
# ── KDE Plasma ─────────────────────────────────────────────────────────
(lib.mkIf (cfg.windowManager == "kde") {
environment.systemPackages = with pkgs; [
kdePackages.discover
maliit-keyboard
maliit-framework
kdePackages.ksshaskpass
];
programs.ssh = {
enableAskPassword = true;
askPassword = lib.mkDefault "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass";
};
services = {
packagekit.enable = true;
desktopManager.plasma6.enable = true;
udev.packages = with pkgs; [gnome-settings-daemon];
};
qt.platformTheme = "kde";
home-manager.users.${user}.imports = [../wm/kde/home.nix];
})
# ── Virtualisation (podman/docker-compat + qemu/libvirt) ───────────────
(lib.mkIf cfg.virtualisation.enable {
users.groups = {
docker.members = [user];
libvirtd.members = ["root" user];
};
virtualisation = {
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
libvirtd = {
enable = true;
onShutdown = "shutdown";
qemu.runAsRoot = false;
};
spiceUSBRedirection.enable = true;
};
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
qemu
OVMF
OVMF-cloud-hypervisor
gvfs
cloud-hypervisor
];
})
# ── KVM AMD ──────────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.cpu == "amd") {
boot.extraModprobeConfig = ''
options kvm_amd nested=0 avic=1 npt=1
'';
})
# ── KVM Intel ────────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.cpu == "intel") {
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_nsrs=1
'';
})
# ── Syncthing ──────────────────────────────────────────────────────────
(lib.mkIf cfg.syncthing.enable {
services.syncthing = {
enable = true;
group = "users";
user = user;
dataDir = "/home/${user}/Sync";
configDir = "/home/${user}/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
settings = {
devices = cfg.syncthing.devices;
folders = cfg.syncthing.folders;
};
};
})
# ── OpenRGB ────────────────────────────────────────────────────────────
(lib.mkIf cfg.openrgb.enable {
services.hardware.openrgb = {
enable = true;
motherboard = cfg.openrgb.motherboard;
};
})
# ── Laptop ─────────────────────────────────────────────────────────────
(lib.mkIf cfg.laptop.enable {
systemd.sleep.extraConfig = "HibernateDelaySec=${cfg.laptop.hibernateDelaySec}";
services.logind.settings.Login.HandleLidSwitch =
cfg.laptop.lidSwitch;
})
# ── Nitrokey ───────────────────────────────────────────────────────────
(lib.mkIf cfg.nitrokey.enable {
hardware.nitrokey.enable = true;
})
];
}

1
modules/editors/default.nix
View File

@@ -9,7 +9,6 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
./nvim ./nvim
] ]

3
modules/editors/nvim/config/default.nix
View File

@@ -1,5 +1,4 @@
{ nvim, ... }: {nvim, ...}: {
{
# Import all your configuration modules here # Import all your configuration modules here
programs.nixvim = { programs.nixvim = {
enable = true; enable = true;

21
modules/editors/nvim/default.nix
View File

@@ -1,11 +1,7 @@
# #
# Neovim # Neovim
# #
{pkgs, ...}: {
{ pkgs, ... }:
{
home = { home = {
packages = [pkgs.gnvim]; packages = [pkgs.gnvim];
}; };
@@ -17,6 +13,8 @@
vimAlias = true; vimAlias = true;
vimdiffAlias = true; vimdiffAlias = true;
withNodeJs = true; withNodeJs = true;
withRuby = true;
withPython3 = true;
# plugins = with pkgs.vimPlugins; [ # plugins = with pkgs.vimPlugins; [
# #
@@ -51,12 +49,12 @@
# indent-blankline-nvim # indent-blankline-nvim
# ]; # ];
extraPackages = with pkgs; [ # extraPackages = with pkgs; [
ripgrep # ripgrep
fd # fd
nodejs # nodejs
nodePackages.npm # nodePackages.npm
]; # ];
# extraConfig = '' # extraConfig = ''
# set expandtab # set expandtab
@@ -159,4 +157,3 @@
}; };
}; };
} }

9
modules/hardware/backup.nix
View File

@@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
services.btrbk = { services.btrbk = {
sshAccess = [ sshAccess = [
{ {

5
modules/hardware/bluetooth.nix
View File

@@ -1,10 +1,7 @@
# #
# Bluetooth # Bluetooth
# #
{pkgs, ...}: {
{ pkgs, ... }:
{
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
hsphfpd.enable = false; # HSP & HFP daemon hsphfpd.enable = false; # HSP & HFP daemon

13
modules/hardware/hydraCache.nix
View File

@@ -1,7 +1,9 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
nix = { nix = {
settings = { settings = {
extra-trusted-public-keys = [ extra-trusted-public-keys = [
@@ -9,13 +11,10 @@
"steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc=" "steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc="
]; ];
extra-substituters = [ extra-substituters = [
"https://cache.home.opel-online.de"
"https://steamdeck.cachix.org" "https://steamdeck.cachix.org"
"https://cache.ci.kabtop.de" "https://cache.ci.kabtop.de"
]; ];
#extra-trusted-substituters = [
# "https://cache.home.opel-online.de"
#];
}; };
}; };
} }

16
modules/hardware/remoteBuilder.nix
View File

@@ -1,17 +1,21 @@
{ pkgs, config, ... }:
{ {
users.users.nixremote = { # System User pkgs,
isNormalUser = true; config,
...
}: {
users.users.nixremote = {
# System User
isSystemUser = true;
group = "nixremote";
extraGroups = ["kvm"]; extraGroups = ["kvm"];
shell = pkgs.zsh; # Default shell
uid = 1001; uid = 1001;
# initialPassword = "password95";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades"
]; ];
}; };
users.groups.nixremote = {};
nix.settings.trusted-users = [ nix.settings.trusted-users = [
"nixremote" "nixremote"
]; ];

14
modules/hardware/remoteClient.nix
View File

@@ -1,10 +1,13 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
nix = { nix = {
distributedBuilds = false; distributedBuilds = false;
buildMachines = [ { buildMachines = [
{
hostName = "hades"; hostName = "hades";
system = "x86_64-linux"; system = "x86_64-linux";
supportedFeatures = ["kvm" "big-parallel"]; supportedFeatures = ["kvm" "big-parallel"];
@@ -14,7 +17,8 @@
speedFactor = 4; speedFactor = 4;
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%"; publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
protocol = "ssh-ng"; protocol = "ssh-ng";
} ]; }
];
settings = { settings = {
extra-trusted-public-keys = [ extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII=" "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="

76
modules/home.nix
View File

@@ -1,31 +1,75 @@
{ lib, options, ... }:
{ {
lib,
options,
...
}: {
options = with lib; { options = with lib; {
cmds = { cmds = {
shell = mkOption { type = types.str; default = "zsh"; }; shell = mkOption {
fetch = mkOption { type = types.str; default = "hyfetch"; }; type = types.str;
editor = mkOption { type = types.str; default = "nvim"; }; default = "zsh";
};
fetch = mkOption {
type = types.str;
default = "hyfetch";
};
editor = mkOption {
type = types.str;
default = "nvim";
};
wm = mkOption { type = types.str; default = "sway"; }; wm = mkOption {
type = types.str;
default = "sway";
};
terminal = mkOption { type = types.str; default = "alacritty"; }; terminal = mkOption {
menu = mkOption { type = types.str; default = "rofi -show drun -show-icons"; }; type = types.str;
default = "alacritty";
};
menu = mkOption {
type = types.str;
default = "rofi -show drun -show-icons";
};
lock = mkOption { type = types.str; default = "locksway"; }; lock = mkOption {
type = types.str;
default = "locksway";
};
notifications = { notifications = {
volume = mkOption { type = types.str; default = "volume-notify"; }; volume = mkOption {
brightness = mkOption { type = types.str; default = "brightness-notify"; }; type = types.str;
default = "volume-notify";
};
brightness = mkOption {
type = types.str;
default = "brightness-notify";
};
}; };
}; };
is-wayland = mkOption { type = types.bool; default = true; }; is-wayland = mkOption {
type = types.bool;
default = true;
};
theme = { theme = {
theme = mkOption { type = types.str; default = "catppuccin-mocha"; }; theme = mkOption {
icon-theme = mkOption { type = types.str; default = "Papirus-Dark"; }; type = types.str;
font = mkOption { type = types.str; default = "Cascadia Code 11"; }; default = "catppuccin-mocha";
wallpaper = mkOption { type = types.str; default = ""; }; };
icon-theme = mkOption {
type = types.str;
default = "Papirus-Dark";
};
font = mkOption {
type = types.str;
default = "Cascadia Code 11";
};
wallpaper = mkOption {
type = types.str;
default = "";
};
}; };
}; };
} }

7
modules/kabbone/corosync-qdevice.nix
View File

@@ -4,12 +4,10 @@
pkgs, pkgs,
pkgs-kabbone, pkgs-kabbone,
... ...
}: }: let
let
cfg = config.services.corosync-qnetd; cfg = config.services.corosync-qnetd;
dataDir = "/var/run/corosync-qnetd"; dataDir = "/var/run/corosync-qnetd";
in in {
{
# interface # interface
options.services.corosync-qnetd = { options.services.corosync-qnetd = {
enable = lib.mkEnableOption "corosync-qnetd"; enable = lib.mkEnableOption "corosync-qnetd";
@@ -45,7 +43,6 @@ in
# transport: knet # transport: knet
# } # }
# logging { # logging {
# to_syslog: yes # to_syslog: yes
# } # }

11
modules/kabbone/mautrix-whatsapp.nix
View File

@@ -3,8 +3,7 @@
config, config,
pkgs, pkgs,
... ...
}: }: let
let
cfg = config.services.kabbone_mautrix-whatsapp; cfg = config.services.kabbone_mautrix-whatsapp;
dataDir = "/var/lib/mautrix-whatsapp"; dataDir = "/var/lib/mautrix-whatsapp";
registrationFile = "${dataDir}/whatsapp-registration.yaml"; registrationFile = "${dataDir}/whatsapp-registration.yaml";
@@ -66,9 +65,7 @@ let
}; };
}; };
}; };
in {
in
{
options.services.kabbone_mautrix-whatsapp = { options.services.kabbone_mautrix-whatsapp = {
enable = lib.mkEnableOption "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge"; enable = lib.mkEnableOption "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge";
@@ -159,7 +156,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.users.mautrix-whatsapp = { users.users.mautrix-whatsapp = {
isSystemUser = true; isSystemUser = true;
group = "mautrix-whatsapp"; group = "mautrix-whatsapp";
@@ -178,8 +174,7 @@ in
# Note: this is defined here to avoid the docs depending on `config` # Note: this is defined here to avoid the docs depending on `config`
services.kabbone_mautrix-whatsapp.settings.homeserver = optOneOf ( services.kabbone_mautrix-whatsapp.settings.homeserver = optOneOf (
with config.services; with config.services; [
[
(lib.mkIf matrix-synapse.enable (mkDefaults { (lib.mkIf matrix-synapse.enable (mkDefaults {
domain = matrix-synapse.settings.server_name; domain = matrix-synapse.settings.server_name;
})) }))

28
modules/programs/alacritty.nix
View File

@@ -1,28 +0,0 @@
#
# Terminal Emulator
#
# Hardcoded as terminal for rofi and doom emacs
{ pkgs, ... }:
{
home.packages = [ pkgs.alacritty ];
programs = {
alacritty = {
enable = true;
#settings = {
# env.term = "screen-256color";
# font = rec { # Font - Laptop has size manually changed at home.nix
# #normal.family = "FiraCode Nerd Font";
# normal.family = "Cascadia Code";
# #normal.family = "Intel One Mono";
# #bold = { style = "Bold"; };
# # size = 8;
# };
#};
};
};
}

1
modules/programs/configs/default.nix
View File

@@ -9,7 +9,6 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
./mpv.nix ./mpv.nix
] ]

5
modules/programs/configs/mpv.nix
View File

@@ -9,10 +9,7 @@
# └─ ./configs # └─ ./configs
# └─ mpv.nix * # └─ mpv.nix *
# #
{pkgs, ...}: {
{ pkgs, ... }:
{
home.file = { home.file = {
".config/mpv/mpv.conf".text = '' ".config/mpv/mpv.conf".text = ''
hwdec=vaapi hwdec=vaapi

18
modules/programs/default.nix
View File

@@ -1,21 +1,3 @@
#
# Apps
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./apps
# └─ default.nix *
# └─ ...
#
[ [
# ./alacritty.nix
# ./rofi.nix
./firefox.nix ./firefox.nix
#./waybar.nix
#./games.nix
] ]
# Waybar.nix is pulled from modules/wm/..
# Games.nix is pulled from desktop/default.nix

10
modules/programs/firefox.nix
View File

@@ -1,17 +1,17 @@
# #
# Firefox Brower Emulator # Firefox Brower Emulator
# #
{ pkgs, ... }:
{ {
pkgs,
config,
...
}: {
#home.packages = [ pkgs.firefox-wayland ]; #home.packages = [ pkgs.firefox-wayland ];
programs = { programs = {
firefox = { firefox = {
enable = true; enable = true;
configPath = "${config.xdg.configHome}/mozilla/firefox";
#package = pkgs.wrapFirefox pkgs.firefox-unwrapped { #package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
#forceWayland = true; #forceWayland = true;
# extraPolicies = { # extraPolicies = {

119
modules/programs/rofi.nix
View File

@@ -1,119 +0,0 @@
#
# System Menu
#
{ config, lib, pkgs, ... }:
let
inherit (config.lib.formats.rasi) mkLiteral; # Theme.rasi alternative. Add Theme here
colors = import ../themes/colors.nix;
in
{
programs = {
rofi = {
enable = true;
terminal = "${pkgs.alacritty}/bin/alacritty"; # Alacritty is default terminal emulator
location = "center";
theme = with colors.scheme.doom; {
"*" = {
bg0 = mkLiteral "#${bg}";
bg1 = mkLiteral "#414868";
fg0 = mkLiteral "#${text}";
fg1 = mkLiteral "#${text-alt}";
background-color = mkLiteral "transparent";
text-color = mkLiteral "@fg0";
margin = 0;
padding = 0;
spacing = 0;
};
"element-icon, element-text, scrollbar" = {
cursor = mkLiteral "pointer";
};
"window" = {
location = mkLiteral "northwest";
width = mkLiteral "280px";
x-offset = mkLiteral "8px";
y-offset = mkLiteral "24px";
background-color = mkLiteral "@bg0";
border = mkLiteral "1px";
border-color = mkLiteral "@bg1";
border-radius = mkLiteral "6px";
};
"inputbar" = {
spacing = mkLiteral "8px";
padding = mkLiteral "4px 8px";
children = mkLiteral "[ icon-search, entry ]";
#background-color = mkLiteral "@bg0";
background-color = mkLiteral "@bg0";
};
"icon-search, entry, element-icon, element-text" = {
vertical-align = mkLiteral "0.5";
};
"icon-search" = {
expand = false;
filename = mkLiteral "[ search-symbolic ]";
size = mkLiteral "14px";
};
"textbox" = {
padding = mkLiteral "4px 8px";
background-color = mkLiteral "@bg0";
};
"listview" = {
padding = mkLiteral "4px 0px";
lines = 12;
columns = 1;
scrollbar = true;
fixed-height = false;
dynamic = true;
};
"element" = {
padding = mkLiteral "4px 8px";
spacing = mkLiteral "8px";
};
"element normal urgent" = {
text-color = mkLiteral "@fg1";
};
"element normal active" = {
text-color = mkLiteral "@fg1";
};
"element selected" = {
text-color = mkLiteral "@bg0"; #1
background-color = mkLiteral "@fg1";
};
"element selected urgent" = {
background-color = mkLiteral "@fg1";
};
"element-icon" = {
size = mkLiteral "0.8em";
};
"element-text" = {
text-color = mkLiteral "inherit";
};
"scrollbar" = {
handle-width = mkLiteral "4px";
handle-color = mkLiteral "@fg1";
padding = mkLiteral "0 4px";
};
};
};
};
}

151
modules/server/default.nix Normal file
View File

@@ -0,0 +1,151 @@
#
# Server module — import this instead of configuration_server.nix + manual virtualisation imports.
#
# Usage in hosts/<hostname>/default.nix:
#
# imports = [
# ./hardware-configuration.nix
# ../../modules/server
# ];
#
# myServer.virtualisation.enable = true;
# myServer.virtualisation.cpu = "amd"; # amd | intel | none (default)
#
# myServer.sshPort = 2220; # default
# myServer.fail2ban.enable = true;
#
# myServer.extraSystemPackages = with pkgs; [ some-tool ];
#
{
config,
lib,
pkgs,
user,
...
}: let
cfg = config.myServer;
in {
# ── Options ──────────────────────────────────────────────────────────────
options.myServer = with lib; {
uid = mkOption {
type = types.int;
default = 3000;
description = "UID for the server user.";
};
sshPort = mkOption {
type = types.port;
default = 2220;
description = "Port openssh listens on.";
};
sudoRequiresPassword = mkOption {
type = types.bool;
default = true;
description = "Whether wheel users must enter a password for sudo.";
};
autoUpgrade.enable = mkOption {
type = types.bool;
default = true;
description = "Enable automatic NixOS upgrades (inherits flake URL from configuration_common.nix).";
};
virtualisation = {
enable = mkEnableOption "container/VM stack (podman with docker-compat, KVM tuning)";
cpu = mkOption {
type = types.enum ["amd" "intel" "none"];
default = "none";
description = "CPU type selects KVM kernel parameters when virtualisation is enabled.";
};
};
extraGroups = mkOption {
type = types.listOf types.str;
default = [];
description = "Additional groups for the server user beyond the defaults.";
};
extraSystemPackages = mkOption {
type = types.listOf types.package;
default = [];
description = "Additional system packages specific to this host.";
};
fail2ban = {
enable = mkEnableOption "fail2ban intrusion prevention";
};
};
# ── Configuration ────────────────────────────────────────────────────────
config = lib.mkMerge [
# ── Base server config ────────────────────────────────────────────────
{
users.users.${user} = {
isNormalUser = true;
uid = cfg.uid;
extraGroups = ["wheel" "networkmanager" "kvm" "libvirtd"] ++ cfg.extraGroups;
};
security.sudo.wheelNeedsPassword = cfg.sudoRequiresPassword;
environment.systemPackages = with pkgs;
[
ffmpeg
smartmontools
htop
]
++ cfg.extraSystemPackages;
services.openssh = {
ports = [cfg.sshPort];
openFirewall = true;
};
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
system.autoUpgrade.enable = cfg.autoUpgrade.enable;
}
# ── Virtualisation (podman/docker-compat) ─────────────────────────────
(lib.mkIf cfg.virtualisation.enable {
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
users.groups.docker.members = [user];
})
# ── KVM AMD ─────────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.virtualisation.cpu == "amd") {
boot.extraModprobeConfig = ''
options kvm_amd nested=0 avic=1 npt=1
'';
})
# ── KVM Intel ───────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.virtualisation.cpu == "intel") {
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_nsrs=1
'';
})
# ── Fail2ban ──────────────────────────────────────────────────────────
(lib.mkIf cfg.fail2ban.enable {
services.fail2ban = {
enable = true;
maxretry = 5;
jails.DEFAULT.settings.findtime = "15m";
};
})
];
}

23
modules/services/default.nix
View File

@@ -1,26 +1,3 @@
#
# Services
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./services
# └─ default.nix *
# └─ ...
#
[ [
#./dunst.nix
#./flameshot.nix
#./picom.nix
#./polybar.nix
#./sxhkd.nix
#./udiskie.nix
#./redshift.nix
#./kanshi.nix
./keyring.nix ./keyring.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

3
modules/services/dmz/default.nix
View File

@@ -9,11 +9,10 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
./microvm.nix ./microvm.nix
# ./hydra.nix # ./hydra.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables # redshift temporarely disables

7
modules/services/dmz/gitea_runner.nix
View File

@@ -1,6 +1,9 @@
{ lib, config, pkgs, ... }:
{ {
lib,
config,
pkgs,
...
}: {
virtualisation = { virtualisation = {
podman = { podman = {
enable = true; enable = true;

9
modules/services/dmz/hydra.nix
View File

@@ -1,6 +1,9 @@
{ lib, config, pkgs, ... }:
{ {
lib,
config,
pkgs,
...
}: {
services = { services = {
hydra = { hydra = {
enable = true; enable = true;
@@ -86,6 +89,4 @@
file = ../../../secrets/services/acme/opel-online.age; file = ../../../secrets/services/acme/opel-online.age;
owner = "acme"; owner = "acme";
}; };
} }

42
modules/services/dmz/microvm.nix
View File

@@ -1,22 +1,28 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{ {
config,
microvm,
lib,
pkgs,
user,
agenix,
impermanence,
...
}: let
name = "gitea-runner";
in {
microvm = { microvm = {
autostart = [ autostart = [
name name
]; ];
vms = { vms = {
${name} = { ${name} = {
inherit pkgs; inherit pkgs;
config = { config = {
imports = imports =
[ agenix.nixosModules.default ] ++ [agenix.nixosModules.default]
[ impermanence.nixosModules.impermanence ] ++ ++ [impermanence.nixosModules.impermanence]
[( ./gitea_runner.nix )]; ++ [(./gitea_runner.nix)];
networking = { networking = {
hostName = "${name}"; hostName = "${name}";
@@ -40,7 +46,8 @@ in
}; };
}; };
users.users.${user} = { # System User users.users.${user} = {
# System User
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel"]; extraGroups = ["wheel"];
uid = 2000; uid = 2000;
@@ -64,14 +71,16 @@ in
path = "/persist/etc/ssh/ssh_host_rsa_key"; path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa"; type = "rsa";
bits = 4096; bits = 4096;
}]; }
];
}; };
}; };
fileSystems."/persist".neededForBoot = lib.mkForce true; fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = { environment = {
systemPackages = with pkgs; [ # Default packages install system-wide systemPackages = with pkgs; [
# Default packages install system-wide
bash bash
coreutils coreutils
curl curl
@@ -84,6 +93,7 @@ in
persistence."/persist" = { persistence."/persist" = {
directories = [ directories = [
"/var/log" "/var/log"
"/var/lib/nixos"
"/var/lib/private" "/var/lib/private"
]; ];
@@ -95,6 +105,7 @@ in
microvm = { microvm = {
hypervisor = "cloud-hypervisor"; hypervisor = "cloud-hypervisor";
vsock.cid = 3;
vcpu = 4; vcpu = 4;
mem = 4096; mem = 4096;
interfaces = [ interfaces = [
@@ -106,8 +117,10 @@ in
link = "ens18"; link = "ens18";
mode = "bridge"; mode = "bridge";
}; };
} ]; }
shares = [{ ];
shares = [
{
source = "/nix/store"; source = "/nix/store";
mountPoint = "/nix/.ro-store"; mountPoint = "/nix/.ro-store";
tag = "ro-store"; tag = "ro-store";
@@ -118,7 +131,8 @@ in
mountPoint = "/persist"; mountPoint = "/persist";
tag = "persist"; tag = "persist";
proto = "virtiofs"; proto = "virtiofs";
}]; }
];
#writableStoreOverlay = "/nix/.rw-store"; #writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true; #storeOnDisk = true;
}; };

76
modules/services/dunst.nix
View File

@@ -1,76 +0,0 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
let
colors = import ../themes/colors.nix; # Import colors theme
dunst-volume-notification = pkgs.writeShellScriptBin "volume-notify" ''
if [ "$(pulsemixer --get-mute)" = "0" ]; then dunstify -u low -r 1 " 🔊 $(pulsemixer --get-volume | awk '{print $1}')%"
else dunstify -u low -r 1 "🔈 Muted"; fi
'';
dunst-brightness-notification = pkgs.writeShellScriptBin "brightness-notify" ''
dunstify -u low -r 1 " $(light -G)%"
'';
in
{
cmds.notifications.volume = "volume-notify";
cmds.notifications.brightness = "brightness-notify";
home.packages = [
dunst-volume-notification
dunst-brightness-notification
pkgs.libnotify
];
services.dunst = {
enable = true;
settings = {
global = {
monitor = 0;
follow = "keyboard";
indicate_hidden = "yes";
shrink = true;
transparency = 0;
origin = "top-center";
offset = "0x20";
seperator_height = 0;
padding = 12;
horizontal_padding = 20;
frame_width = 4;
seperator_color = "auto";
font = "${config.theme.font}";
markup = "full";
format = "<span foreground='#b3cfa7'><b>%s</b>%p</span>\n%b";
alignment = "center";
show_age_threshold = 60;
word_wrap = "yes";
ellipsize = "middle";
ignore_newline = "no";
stack_duplicates = true;
hide_duplicate_count = true;
show_indicators = "yes";
icon_position = "off";
sticky_history = "yes";
history_length = 20;
always_run_script = true;
browser = "/usr/bin/xdg-open";
corner_radius = 12;
force_xinerama = false;
mouse_left_click = "close_current";
mouse_middle_click = "do_action";
mouse_right_click = "close_all";
progress_bar_min_width = "200";
enable_recursive_icon_lookup = true;
};
urgency_low.timeout = 4;
urgency_normal.timeout = 8;
urgency_critical.timeout = 0;
};
};
xdg.dataFile."dbus-1/services/org.knopwob.dunst.service".source = "${pkgs.dunst}/share/dbus-1/services/org.knopwob.dunst.service";
}

22
modules/services/flameshot.nix
View File

@@ -1,22 +0,0 @@
#
# Screenshots
#
{ pkgs, user, ... }:
{
services = { # sxhkd shortcut = Printscreen button (Print)
flameshot = {
enable = true;
settings = {
General = { # Settings
savePath = "/home/${user}/";
saveAsFileExtension = ".png";
uiColor = "#2d0096";
showHelp = "false";
disabledTrayIcon = "true"; # Hide from systray
};
};
};
};
}

3
modules/services/kabtopci/default.nix
View File

@@ -9,11 +9,10 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
# ./microvm.nix # ./microvm.nix
./hydra.nix ./hydra.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables # redshift temporarely disables

7
modules/services/kabtopci/gitea_runner.nix
View File

@@ -1,6 +1,9 @@
{ lib, config, pkgs, ... }:
{ {
lib,
config,
pkgs,
...
}: {
virtualisation = { virtualisation = {
podman = { podman = {
enable = true; enable = true;

8
modules/services/kabtopci/hydra.nix
View File

@@ -1,6 +1,9 @@
{ lib, config, pkgs, ... }:
{ {
lib,
config,
pkgs,
...
}: {
services = { services = {
hydra = { hydra = {
enable = true; enable = true;
@@ -78,5 +81,4 @@
file = ../../../secrets/keys/nixservepriv.age; file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra"; owner = "hydra";
}; };
} }

41
modules/services/kabtopci/microvm.nix
View File

@@ -1,22 +1,28 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{ {
config,
microvm,
lib,
pkgs,
user,
agenix,
impermanence,
...
}: let
name = "gitea-runner";
in {
microvm = { microvm = {
autostart = [ autostart = [
name name
]; ];
vms = { vms = {
${name} = { ${name} = {
inherit pkgs; inherit pkgs;
config = { config = {
imports = imports =
[ agenix.nixosModules.default ] ++ [agenix.nixosModules.default]
[ impermanence.nixosModules.impermanence ] ++ ++ [impermanence.nixosModules.impermanence]
[( ./gitea_runner.nix )]; ++ [(./gitea_runner.nix)];
networking = { networking = {
hostName = "${name}"; hostName = "${name}";
@@ -40,7 +46,8 @@ in
}; };
}; };
users.users.${user} = { # System User users.users.${user} = {
# System User
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel"]; extraGroups = ["wheel"];
uid = 2000; uid = 2000;
@@ -64,14 +71,16 @@ in
path = "/persist/etc/ssh/ssh_host_rsa_key"; path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa"; type = "rsa";
bits = 4096; bits = 4096;
}]; }
];
}; };
}; };
fileSystems."/persist".neededForBoot = lib.mkForce true; fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = { environment = {
systemPackages = with pkgs; [ # Default packages install system-wide systemPackages = with pkgs; [
# Default packages install system-wide
bash bash
coreutils coreutils
curl curl
@@ -84,6 +93,7 @@ in
persistence."/persist" = { persistence."/persist" = {
directories = [ directories = [
"/var/log" "/var/log"
"/var/lib/nixos"
"/var/lib/private" "/var/lib/private"
]; ];
@@ -103,8 +113,10 @@ in
type = "user"; type = "user";
id = "vm-${name}"; id = "vm-${name}";
mac = "04:00:00:00:00:02"; mac = "04:00:00:00:00:02";
} ]; }
shares = [{ ];
shares = [
{
source = "/nix/store"; source = "/nix/store";
mountPoint = "/nix/.ro-store"; mountPoint = "/nix/.ro-store";
tag = "ro-store"; tag = "ro-store";
@@ -115,7 +127,8 @@ in
mountPoint = "/persist"; mountPoint = "/persist";
tag = "persist"; tag = "persist";
proto = "virtiofs"; proto = "virtiofs";
}]; }
];
#writableStoreOverlay = "/nix/.rw-store"; #writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true; #storeOnDisk = true;
}; };

40
modules/services/kanshi.nix
View File

@@ -1,40 +0,0 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.kanshi = {
enable = true;
settings = [
{
profile = {
name = "undocked";
outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
];
};
}
{
profile = {
name = "docked_c";
outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; scale = 1.5; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
];
};
}
{
profile = {
name = "docked_triple";
outputs = [
{ criteria = "eDP-1"; status = "disable"; mode = "1920x1080"; position = "4480,0"; }
{ criteria = "HDMI-A-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
];
};
}
];
};
}

10
modules/services/keyring.nix
View File

@@ -1,11 +1,13 @@
# #
# Screenshots # Screenshots
# #
{ pkgs, user, ... }:
{ {
services = { # sxhkd shortcut = Printscreen button (Print) pkgs,
user,
...
}: {
services = {
# sxhkd shortcut = Printscreen button (Print)
gnome-keyring = { gnome-keyring = {
enable = true; enable = true;
}; };

3
modules/services/kubemaster/default.nix
View File

@@ -9,11 +9,10 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
# ./microvm.nix # ./microvm.nix
# ./hydra.nix # ./hydra.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables # redshift temporarely disables

3
modules/services/nas/default.nix
View File

@@ -9,7 +9,6 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
./nfs.nix ./nfs.nix
./nginx.nix ./nginx.nix
@@ -17,6 +16,6 @@
./syncthing.nix ./syncthing.nix
./paperless.nix ./paperless.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables # redshift temporarely disables

7
modules/services/nas/nfs.nix
View File

@@ -1,4 +1,9 @@
{config, pkgs, lib, ...}: { {
config,
pkgs,
lib,
...
}: {
# enable nfs # enable nfs
services.nfs.server = rec { services.nfs.server = rec {
enable = true; enable = true;

50
modules/services/nas/nginx.nix
View File

@@ -1,16 +1,28 @@
# #
# System notifications # System notifications
# #
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
appendHttpConfig = ''
proxy_cache_path /mnt/Pluto/nix-cache
levels=1:2
keys_zone=nix_cache:10m
max_size=100g
inactive=14d
use_temp_path=off;
'';
virtualHosts = { virtualHosts = {
"home.opel-online.de" = { "home.opel-online.de" = {
enableACME = true; enableACME = true;
@@ -18,9 +30,34 @@
default = true; default = true;
locations."/".return = "503"; locations."/".return = "503";
}; };
}; "cache.home.opel-online.de" = {
}; useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
extraConfig = ''
proxy_pass https://cache.ci.kabtop.de;
proxy_ssl_server_name on;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host cache.ci.kabtop.de;
proxy_cache nix_cache;
proxy_cache_valid 200 14d;
proxy_cache_valid 404 1m;
proxy_cache_use_stale error timeout updating;
proxy_cache_lock on;
proxy_cache_lock_timeout 1h;
add_header X-Cache-Status $upstream_cache_status;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 8 1m;
proxy_max_temp_file_size 0;
'';
};
};
};
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@@ -39,6 +76,8 @@
}; };
}; };
systemd.services.nginx.serviceConfig.ReadWritePaths = ["/mnt/Pluto/nix-cache"];
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedUDPPorts = []; allowedUDPPorts = [];
@@ -49,5 +88,4 @@
file = ../../../secrets/services/acme/opel-online.age; file = ../../../secrets/services/acme/opel-online.age;
owner = "acme"; owner = "acme";
}; };
} }

9
modules/services/nas/paperless.nix
View File

@@ -1,10 +1,12 @@
# #
# System notifications # System notifications
# #
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
services.paperless = { services.paperless = {
enable = true; enable = true;
domain = "paperless.home.opel-online.de"; domain = "paperless.home.opel-online.de";
@@ -34,5 +36,4 @@
file = ../../../secrets/services/paperless/pwFile.age; file = ../../../secrets/services/paperless/pwFile.age;
owner = "paperless"; owner = "paperless";
}; };
} }

12
modules/services/nas/syncthing.nix
View File

@@ -1,10 +1,12 @@
# #
# System notifications # System notifications
# #
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
services.syncthing = { services.syncthing = {
enable = true; enable = true;
group = "users"; group = "users";
@@ -20,7 +22,8 @@
"lifebook.home.opel-online.de" = {id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4";}; "lifebook.home.opel-online.de" = {id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4";};
}; };
folders = { folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID "Sync" = {
# Name of folder in Syncthing, also the folder ID
path = "/mnt/Mars/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing path = "/mnt/Mars/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = ["hades.home.opel-online.de" "lifebook.home.opel-online.de"]; # Which devices to share the folder with devices = ["hades.home.opel-online.de" "lifebook.home.opel-online.de"]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder. ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
@@ -49,5 +52,4 @@
}; };
}; };
}; };
} }

9
modules/services/nas/vaultwarden.nix
View File

@@ -1,10 +1,12 @@
# #
# System notifications # System notifications
# #
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
dbBackend = "sqlite"; dbBackend = "sqlite";
@@ -34,5 +36,4 @@
file = ../../../secrets/services/vaultwarden/environment.age; file = ../../../secrets/services/vaultwarden/environment.age;
owner = "vaultwarden"; owner = "vaultwarden";
}; };
} }

3
modules/services/nasbackup/default.nix
View File

@@ -9,10 +9,9 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
# ./nfs.nix # ./nfs.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables # redshift temporarely disables

3
modules/services/printer/default.nix
View File

@@ -9,10 +9,9 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
./klipper.nix ./klipper.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables # redshift temporarely disables

8
modules/services/printer/klipper.nix
View File

@@ -1,6 +1,9 @@
{ lib, config, pkgs, ... }:
{ {
lib,
config,
pkgs,
...
}: {
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
klipperscreen klipperscreen
@@ -97,5 +100,4 @@
# #server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
# }; # };
}; };
} }

10
modules/services/printer/nginx.nix
View File

@@ -1,10 +1,12 @@
# #
# System notifications # System notifications
# #
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
@@ -21,7 +23,6 @@
}; };
}; };
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
@@ -49,5 +50,4 @@
file = ../../../secrets/services/acme/opel-online.age; file = ../../../secrets/services/acme/opel-online.age;
owner = "acme"; owner = "acme";
}; };
} }

23
modules/services/server/coturn.nix
View File

@@ -1,10 +1,14 @@
{config, pkgs, lib, ...}: { {
config,
pkgs,
lib,
...
}: {
# enable coturn # enable coturn
services.coturn = rec { services.coturn = rec {
enable = true; enable = true;
no-cli = true; no-cli = true;
no-tcp-relay = true; no-tcp-relay = true;
no-tls = true;
min-port = 49000; min-port = 49000;
max-port = 50000; max-port = 50000;
use-auth-secret = true; use-auth-secret = true;
@@ -44,21 +48,24 @@
# open the firewall # open the firewall
networking.firewall = { networking.firewall = {
interfaces.ens18 = let interfaces.ens18 = let
range = with config.services.coturn; [ { range = with config.services.coturn; [
{
from = min-port; from = min-port;
to = max-port; to = max-port;
} ]; }
in ];
{ in {
allowedUDPPortRanges = range; allowedUDPPortRanges = range;
allowedUDPPorts = [3478]; allowedUDPPorts = [3478];
allowedTCPPortRanges = range; allowedTCPPortRanges = range;
allowedTCPPorts = [ 3478 ]; allowedTCPPorts = [3478 5349];
}; };
}; };
# get a certificate # get a certificate
security.acme.certs.${config.services.coturn.realm} = { security.acme.certs.${config.services.coturn.realm} = {
/* insert here the right configuration to obtain a certificate */ /*
insert here the right configuration to obtain a certificate
*/
postRun = "systemctl restart coturn.service"; postRun = "systemctl restart coturn.service";
group = "turnserver"; group = "turnserver";
}; };

3
modules/services/server/default.nix
View File

@@ -9,7 +9,6 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
./postgresql.nix ./postgresql.nix
./gitea.nix ./gitea.nix
@@ -21,6 +20,6 @@
./mealie.nix ./mealie.nix
# ./ollama.nix # ./ollama.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables # redshift temporarely disables

10
modules/services/server/gitea.nix
View File

@@ -1,10 +1,12 @@
# #
# System notifications # System notifications
# #
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
services.gitea = { services.gitea = {
enable = true; enable = true;
dump.enable = false; dump.enable = false;
@@ -29,7 +31,7 @@
LFS_ALLOW_PURE_SSH = true; LFS_ALLOW_PURE_SSH = true;
}; };
security = { security = {
MIN_PASSWORD_LENGTH = 8; MIN_PASSWORD_LENGTH = 12;
PASSWORD_CHECK_PWN = true; PASSWORD_CHECK_PWN = true;
PASSWORD_HASH_ALGO = "argon2"; PASSWORD_HASH_ALGO = "argon2";
}; };

7
modules/services/server/gitea_runner.nix
View File

@@ -1,6 +1,9 @@
{ lib, config, pkgs, ... }:
{ {
lib,
config,
pkgs,
...
}: {
virtualisation = { virtualisation = {
podman = { podman = {
enable = true; enable = true;

8
modules/services/server/hydra.nix
View File

@@ -1,6 +1,9 @@
{ lib, config, pkgs, ... }:
{ {
lib,
config,
pkgs,
...
}: {
services = { services = {
hydra = { hydra = {
enable = true; enable = true;
@@ -73,5 +76,4 @@
file = ../../../secrets/keys/nixservepriv.age; file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra"; owner = "hydra";
}; };
} }

6
modules/services/server/jitsi.nix
View File

@@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
services.jitsi-meet = { services.jitsi-meet = {
enable = true; enable = true;
hostName = "meet.kabtop.de"; hostName = "meet.kabtop.de";

23
modules/services/server/matrix.nix
View File

@@ -1,10 +1,12 @@
# #
# System notifications # System notifications
# #
{
{ config, lib, pkgs, ... }: config,
lib,
let pkgs,
...
}: let
fqdn = "matrix.${config.networking.domain}"; fqdn = "matrix.${config.networking.domain}";
clientConfig = { clientConfig = {
"m.homeserver".base_url = "https://${fqdn}"; "m.homeserver".base_url = "https://${fqdn}";
@@ -62,14 +64,21 @@ in {
server_name = config.networking.domain; server_name = config.networking.domain;
public_baseurl = "https://matrix.${config.networking.domain}"; public_baseurl = "https://matrix.${config.networking.domain}";
listeners = [ listeners = [
{ port = 8008; {
port = 8008;
bind_addresses = ["::1"]; bind_addresses = ["::1"];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
resources = [ resources = [
{ names = [ "client" ]; compress = true; } {
{ names = [ "federation" ]; compress = false; } names = ["client"];
compress = true;
}
{
names = ["federation"];
compress = false;
}
]; ];
} }
]; ];

26
modules/services/server/mealie.nix
View File

@@ -1,18 +1,16 @@
{ config, pkgs, pkgs-unstable, ... }:
{ {
config,
pkgs,
...
}: {
services.mealie = { services.mealie = {
enable = true; enable = true;
#package = pkgs-unstable.mealie;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
credentialsFile = config.age.secrets."services/mealie/credentialsFile".path; credentialsFile = config.age.secrets."services/mealie/credentialsFile".path;
settings = { settings = {
ALLOW_SIGNUP = "false"; ALLOW_SIGNUP = "false";
DB_ENGINE = "postgres"; DB_ENGINE = "postgres";
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
PGID = "911";
PUID = "911";
}; };
}; };
@@ -27,21 +25,6 @@
}; };
}; };
users = {
users = {
mealie = {
uid = 911;
group = "mealie";
isSystemUser = true;
};
};
groups = {
mealie = {
gid = 911;
};
};
};
age.secrets."services/mealie/credentialsFile" = { age.secrets."services/mealie/credentialsFile" = {
file = ../../../secrets/services/mealie/credentialsFile.age; file = ../../../secrets/services/mealie/credentialsFile.age;
owner = "mealie"; owner = "mealie";
@@ -50,5 +33,4 @@
security.acme.defaults.email = "webmaster@kabtop.de"; security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge"; security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
} }

41
modules/services/server/microvm.nix
View File

@@ -1,22 +1,28 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{ {
config,
microvm,
lib,
pkgs,
user,
agenix,
impermanence,
...
}: let
name = "gitea-runner";
in {
microvm = { microvm = {
autostart = [ autostart = [
name name
]; ];
vms = { vms = {
${name} = { ${name} = {
inherit pkgs; inherit pkgs;
config = { config = {
imports = imports =
[ agenix.nixosModules.default ] ++ [agenix.nixosModules.default]
[ impermanence.nixosModules.impermanence ] ++ ++ [impermanence.nixosModules.impermanence]
[( ./gitea_runner.nix )]; ++ [(./gitea_runner.nix)];
networking = { networking = {
hostName = "${name}"; hostName = "${name}";
@@ -40,7 +46,8 @@ in
}; };
}; };
users.users.${user} = { # System User users.users.${user} = {
# System User
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel"]; extraGroups = ["wheel"];
uid = 2000; uid = 2000;
@@ -64,14 +71,16 @@ in
path = "/persist/etc/ssh/ssh_host_rsa_key"; path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa"; type = "rsa";
bits = 4096; bits = 4096;
}]; }
];
}; };
}; };
fileSystems."/persist".neededForBoot = lib.mkForce true; fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = { environment = {
systemPackages = with pkgs; [ # Default packages install system-wide systemPackages = with pkgs; [
# Default packages install system-wide
bash bash
coreutils coreutils
curl curl
@@ -84,6 +93,7 @@ in
persistence."/persist" = { persistence."/persist" = {
directories = [ directories = [
"/var/log" "/var/log"
"/var/lib/nixos"
"/var/lib/private" "/var/lib/private"
]; ];
@@ -103,8 +113,10 @@ in
type = "user"; type = "user";
id = "vm-${name}"; id = "vm-${name}";
mac = "04:00:00:00:00:01"; mac = "04:00:00:00:00:01";
} ]; }
shares = [{ ];
shares = [
{
source = "/nix/store"; source = "/nix/store";
mountPoint = "/nix/.ro-store"; mountPoint = "/nix/.ro-store";
tag = "ro-store"; tag = "ro-store";
@@ -115,7 +127,8 @@ in
mountPoint = "/persist"; mountPoint = "/persist";
tag = "persist"; tag = "persist";
proto = "virtiofs"; proto = "virtiofs";
}]; }
];
#writableStoreOverlay = "/nix/.rw-store"; #writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true; #storeOnDisk = true;
}; };

11
modules/services/server/nextcloud.nix
View File

@@ -1,10 +1,8 @@
{ config, pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ # Default packages install system-wide config,
appimage-run pkgs,
]; ...
}: {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
hostName = "cloud.kabtop.de"; hostName = "cloud.kabtop.de";
@@ -99,5 +97,4 @@
security.acme.defaults.email = "webmaster@kabtop.de"; security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge"; security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
} }

11
modules/services/server/ollama.nix
View File

@@ -1,9 +1,10 @@
{ config, pkgs, ... }:
let
ollamahostname = "llm.kabtop.de";
in
{ {
config,
pkgs,
...
}: let
ollamahostname = "llm.kabtop.de";
in {
virtualisation.oci-containers.containers."open-webui" = { virtualisation.oci-containers.containers."open-webui" = {
autoStart = true; autoStart = true;
image = "ghcr.io/open-webui/open-webui:ollama"; image = "ghcr.io/open-webui/open-webui:ollama";

9
modules/services/server/postgresql.nix
View File

@@ -1,10 +1,12 @@
# #
# System notifications # System notifications
# #
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
# imports = [ ./postgresql_upgrade.nix ]; # imports = [ ./postgresql_upgrade.nix ];
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@@ -50,5 +52,4 @@
file = ../../../secrets/services/postgresql/initScript.age; file = ../../../secrets/services/postgresql/initScript.age;
owner = "postgres"; owner = "postgres";
}; };
} }

Some files were not shown because too many files have changed in this diff Show More