martials/nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: martials:feb1d07500ec9a67af6f62129a4b3a52e4d143f1
Branches Tags
martials:main
...
compare: martials:main
Branches Tags
martials:main

59 Commits
feb1d07500 ... main

Author SHA1 Message Date
Martin Berg Alstad
3e718fadfc [pi4] Containerize Actual service 2025-06-23 19:18:40 +00:00
Martin Berg Alstad
763ee6312a ♻️ [pi4] Refactor firewall with variables 2025-06-23 18:17:08 +00:00
Martin Berg Alstad
5704ebe712 [pi4] Initial Actual Budget service 2025-06-23 18:07:09 +00:00
Martin Berg Alstad
70b5d5fd4d [pi4] Nginx reload on change instead of restart 2025-06-23 17:47:35 +00:00
Martin Berg Alstad
c29acb0902 [pi4] Headscale config with Postgres 2025-06-23 17:42:15 +00:00
Martin Berg Alstad
a545b4a45c 🔧 [pi4] Update Forgejo deprecated setting 2025-06-10 16:41:54 +00:00
Martin Berg Alstad
c839811b9f 🐛 [pi4] Fix wrong nginx config for headscale 2025-06-10 16:41:02 +00:00
Martin Berg Alstad
2812e85976 🚑 [pi4] Redirect from www. to 2025-06-08 21:41:29 +00:00
Martin Berg Alstad
3835c3a1a6 🚸 [pi4] Don't change password in forgejo 2025-06-08 21:37:07 +00:00
Martin Berg Alstad
a277e8f3ed [pi4] Fix nginx config with TLS 2025-06-08 21:34:06 +00:00
Martin Berg Alstad
eb8c857940 🚨 [shared] Migrate Yazi from manager to mgr 2025-06-03 21:50:42 +02:00
Martin Berg Alstad
b3e6222cac [pi4] Added initial Nginx config 2025-06-03 19:36:14 +00:00
Martin Berg Alstad
575452512a 📦 [desktop] Set Linux kernel to 6.14 2025-06-03 18:55:26 +02:00
Martin Berg Alstad
5cc4c6479c 📦 [shared] Update dependencies 2025-06-03 18:55:02 +02:00
Martin Berg Alstad
724fe6767e ♻️ [shared] Refactor system configs 2025-06-02 21:02:33 +02:00
Martin Berg Alstad
b74e5aab62 [pi4] Added initial Simple mailserver config 2025-06-02 17:44:41 +00:00
Martin Berg Alstad
be02be6bf2 ♻️ [pi4] Rename default_phone_region and other minor changes in Nextcloud 2025-05-31 16:04:19 +00:00
Martin Berg Alstad
d614495a2c 🧑‍💻 [pi4] Allow all traffic from local network 2025-05-31 15:42:48 +00:00
Martin Berg Alstad
1f2ea2d5fa [pi4] Added initial Forgejo config and Podman 2025-05-31 15:42:48 +00:00
Martin Berg Alstad
969a1e75bf [pi4] Added notes to nextcloud 2025-05-31 15:42:47 +00:00
Martin Berg Alstad
fe01334a85 🚸 [shared] Added public SSH keys for androids 2025-05-31 14:35:37 +02:00
Martin Berg Alstad
e986f337bd [pi4] Initial Nextcloud config 2025-05-27 20:01:07 +00:00
Martin Berg Alstad
96d57d34c1 🔒 [pi4] Disable ssh on gpg 2025-05-27 17:08:47 +00:00
Martin Berg Alstad
dcad8f12b9 🐛 [shared] Fix missing background on sddm 2025-05-27 18:27:07 +02:00
Martin Berg Alstad
1595e260d5 [shared] Added bat with cat alias 2025-05-27 17:31:25 +02:00
Martin Berg Alstad
de53426fa5 🔧 [shared] Update stateVersion to 25.05 2025-05-26 20:30:17 +02:00
Martin Berg Alstad
fc89c377e8 ⬆️ [shared] Upgrade to NixOS 25.05 2025-05-26 20:27:34 +02:00
Martin Berg Alstad
53329b8d1c ♻️ [shared] Moved Hm configs to shared base 2025-05-22 20:10:48 +02:00
Martin Berg Alstad
2b020958ed ♻️ [shared] Move gnome-keyring to base 2025-05-22 19:50:11 +02:00
Martin Berg Alstad
e4fe0e1127 ♻️ [shared] Moved users config to base. Use password from Sops 2025-05-22 19:40:49 +02:00
Martin Berg Alstad
21d07edcf1 ♻️ [shared] Moved files to base shared directory 2025-05-22 19:36:56 +02:00
Martin Berg Alstad
7455299dd7 ♻️ [shared] Refactor hm ssh config, added systems to hm module 2025-05-20 22:03:58 +02:00
Martin Berg Alstad
9a8cc63674 🚚 [shared] Added shared config that shared desktop config inherits from 2025-05-20 21:52:00 +02:00
Martin Berg Alstad
adb02fbcc2 [shared] Added homelab systemConfig 2025-05-20 21:37:26 +02:00
Martin Berg Alstad
882c42a093 ♻️ [shared] Move domain to common file 2025-05-19 21:51:12 +02:00
Martin Berg Alstad
c6fcb7b6b8 ♻️ [shared] Refactor ssh config to be dynamic 2025-05-19 21:42:29 +02:00
Martin Berg Alstad
b2fd4f1da5 [shared] Added all public ssh keys to authorizedKeys 2025-05-19 20:23:04 +02:00
Martin Berg Alstad
2fe8c9edcb 🔧 [shared] Added ssh config for pi4 and homelab 2025-05-15 19:35:36 +00:00
Martin Berg Alstad
ab8a579a9c [shared] Only use cuda acceleration for Ollama if Nvidia is used 2025-05-15 21:32:19 +02:00
Martin Berg Alstad
b7c38d133e 🔧 [shared] Added thinkpad to ssh config 2025-05-15 21:18:06 +02:00
Martin Berg Alstad
55f7a37aaa [shared] Added ssh config for desktop. Justfile to get pub ssh 2025-05-15 21:14:05 +02:00
Martin Berg Alstad
48ff2cdfd2 💥 [pi4] Caddy redirect from kitchenowl to grocery 2025-05-15 20:48:00 +02:00
Martin Berg Alstad
73e6462229 🔐 [pi4] Password defined in sops 2025-05-15 18:47:22 +00:00
Martin Berg Alstad
050741393b [pi4] Added initial caddy config based on homelab 2025-05-13 21:31:29 +02:00
Martin Berg Alstad
08cd2cbebc [shared] Added planify 2025-05-13 21:00:14 +02:00
Martin Berg Alstad
5fce13233e Added Signal-desktop 2025-05-04 22:19:58 +02:00
Martin Berg Alstad
0770ae3ecf [desktop] Bluetooth 
Added Bluetooth support to desktop, including PS3 controllers
 2025-04-29 20:32:24 +02:00
Martin Berg Alstad
a49dc70148 📦️ [desktop] Update packages, update Linux kernel to latest, update Nvidia drivers 2025-04-29 20:32:14 +02:00
Martin Berg Alstad
33351682c0 [shared] Added fzf, ssh hm config, reencrypted secrets 2025-04-21 11:54:22 +02:00
Martin Berg Alstad
15d5121f0e ♻️ [shared] Refactor helix conifg, rm vscodium, add age for thinkpad 2025-04-20 18:04:23 +02:00
Martin Berg Alstad
d74f3880ca [shared] Helix config 
Support for more languages in Helix. C-f to format. Autosave. Added some lsp packages
 2025-04-19 19:37:12 +02:00
Martin Berg Alstad
f1bf7b4ded [shared] Gitmoji-cli 
Added gitmoji-cli to home-manager
 2025-04-19 18:07:55 +02:00
Martin Berg Alstad
985a71d901 [shared] Replace Neovim with Helix 
Moved Helix editor to shared.
Removed Nixvim flake and it's config
 2025-04-19 17:54:56 +02:00
Martin Berg Alstad
7e5bc137e5 [shared] Added eza, ls replacement 2025-04-19 17:05:35 +02:00
Martin Berg Alstad
923b0c8980 [shared] Zoxide cd alias. Replaced Papers with sioyek 2025-04-19 16:27:53 +02:00
Martin Berg Alstad
e97dd6f5ce [shared] Updated Zed config, changed user config to just username 2025-04-18 19:49:14 +02:00
Martin Berg Alstad
31c25681c5 [thinkpad] Fingerprint for sudo and login. Upgraded hyprlock to unstable 2025-04-18 17:54:17 +02:00
Martin Berg Alstad
9e96de997d [pi4] Added Sops with new hash. Added boot recipe to justfile 2025-04-18 13:59:06 +00:00
Martin Berg Alstad
b521aebef6 🐛 [pi4] Fix wrong paths. Added Zoxide 2025-04-17 12:49:59 +00:00
129 changed files with 1345 additions and 710 deletions
Expand all files Collapse all files

2
.sops.yaml
View File

@ -1,9 +1,11 @@
keys: keys:
- &thinkpad age1j66v6z6hlsgqjfv5fz7fldm5q9jay4j5v5du6ymfda6hv40nsqesg89g7p
- &desktop age1fxr5s6d6ar0xy5pr63kpq93tk7jha5k96jcxnyquj6s2mw8mmcpss8w29w - &desktop age1fxr5s6d6ar0xy5pr63kpq93tk7jha5k96jcxnyquj6s2mw8mmcpss8w29w
- &pi4 age1xlnprpvshv93eerthxzg6cahklsfc4efh8dd6u8dte9u6cl0u5qsz48qlt - &pi4 age1xlnprpvshv93eerthxzg6cahklsfc4efh8dd6u8dte9u6cl0u5qsz48qlt
creation_rules: creation_rules:
- path_regex: shared/secrets/secrets.yaml$ - path_regex: shared/secrets/secrets.yaml$
key_groups: key_groups:
- age: - age:
- *thinkpad
- *desktop - *desktop
- *pi4 - *pi4

2
README.md
View File

@ -17,8 +17,6 @@ My NixOS configurations with dotfiles for my systems.
| Runner | Rofi | | Runner | Rofi |
| Fetch | Fastfetch | | Fetch | Fastfetch |
Requires Nix-channel with [NixOS 24.11](https://nixos.org/)
## Commands ## Commands
First time run, will create a shell with the minimum dependencies in order to download the rest First time run, will create a shell with the minimum dependencies in order to download the rest

439
flake.lock generated
View File

@ -9,11 +9,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736090999, "lastModified": 1744557573,
"narHash": "sha256-B5CJuHqfJrzPa7tObK0H9669/EClSHpa/P7B9EuvElU=", "narHash": "sha256-XAyj0iDuI51BytJ1PwN53uLpzTDdznPDQFG4RwihlTQ=",
"owner": "aylur", "owner": "aylur",
"repo": "ags", "repo": "ags",
"rev": "5527c3c07d92c11e04e7fd99d58429493dba7e3c", "rev": "3ed9737bdbc8fc7a7c7ceef2165c9109f336bff6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -31,11 +31,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735172721, "lastModified": 1742571008,
"narHash": "sha256-rtEAwGsHSppnkR3Qg3eRJ6Xh/F84IY9CrBBLzYabalY=", "narHash": "sha256-5WgfJAeBpxiKbTR/gJvxrGYfqQRge5aUDcGKmU1YZ1Q=",
"owner": "aylur", "owner": "aylur",
"repo": "astal", "repo": "astal",
"rev": "6c84b64efc736e039a8a10774a4a1bf772c37aa2", "rev": "dc0e5d37abe9424c53dcbd2506a4886ffee6296e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -44,16 +44,53 @@
"type": "github" "type": "github"
} }
}, },
"astal_2": {
"inputs": {
"nixpkgs": [
"hyprpanel",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748416910,
"narHash": "sha256-FEQcs58HL8Fe4i7XlqVEUwthjxwvRvgX15gTTfW17sU=",
"owner": "aylur",
"repo": "astal",
"rev": "c1bd89a47c81c66ab5fc6872db5a916c0433fb89",
"type": "github"
},
"original": {
"owner": "aylur",
"repo": "astal",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"catppuccin": { "catppuccin": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1744793570, "lastModified": 1748080874,
"narHash": "sha256-BzulTVLpbapBxsJ1b1ZNPSg94YIbgs/75fNyiv2uWNg=", "narHash": "sha256-sUebEzAkrY8Aq5G0GHFyRddmRNGP/a2iTtV7ISNvi/c=",
"owner": "catppuccin", "owner": "catppuccin",
"repo": "nix", "repo": "nix",
"rev": "192378974a131c402633bee18dc892b804a663e0", "rev": "0ba11b12be81f0849a89ed17ab635164ea8f0112",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -62,89 +99,31 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741473158,
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"owner": "numtide",
"repo": "devshell",
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1747046372,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "owner": "edolstra",
"revCount": 69, "repo": "flake-compat",
"type": "tarball", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "hercules-ci", "owner": "edolstra",
"repo": "flake-parts", "repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github" "type": "github"
} }
}, },
"git-hooks": { "git-hooks": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
"nixvim", "simple-nixos-mailserver",
"flake-compat" "flake-compat"
], ],
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"nixvim", "simple-nixos-mailserver",
"nixpkgs" "nixpkgs"
] ]
}, },
@ -165,7 +144,7 @@
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixvim", "simple-nixos-mailserver",
"git-hooks", "git-hooks",
"nixpkgs" "nixpkgs"
] ]
@ -189,11 +168,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1744513122, "lastModified": 1748772835,
"narHash": "sha256-DPxL9yHkIvmNfpd49LeOOpT9NYrzHpgYbTO1yQg6Zh4=", "narHash": "sha256-p/hGSN1DOU/pELQi5PTds8eL+czjmb/0RvwvLm7nGC8=",
"owner": "rishabh5321", "owner": "rishabh5321",
"repo": "grayjay-flake", "repo": "grayjay-flake",
"rev": "84accd21a2e69709040a0eea22fccdb743c9e64c", "rev": "998cbc285d936a45daf07414d03db3f60c133caa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -209,43 +188,21 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744743431, "lastModified": 1748665073,
"narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", "rev": "282e1e029cb6ab4811114fc85110613d72771dea",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11", "ref": "release-25.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"home-manager_2": { "home-manager_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744117652,
"narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"zen-browser", "zen-browser",
@ -269,14 +226,15 @@
"hyprpanel": { "hyprpanel": {
"inputs": { "inputs": {
"ags": "ags", "ags": "ags",
"astal": "astal_2",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1744513377, "lastModified": 1748962037,
"narHash": "sha256-2ocy+qAVxTBmaK8MpAy7mpKIH+DYEzwf+KzXZX83oZ4=", "narHash": "sha256-MkrOyZ6CqTzzmlfmvkPiezy51hG96xqucrR38xQpK/0=",
"owner": "Jas-SinghFSU", "owner": "Jas-SinghFSU",
"repo": "HyprPanel", "repo": "HyprPanel",
"rev": "42943b3def85d8787d703778951944c8e791202b", "rev": "8422c6b80526f8289a30b93cb5b354d9f007141d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -285,63 +243,13 @@
"type": "github" "type": "github"
} }
}, },
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729958008,
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.6",
"repo": "ixx",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1743127615,
"narHash": "sha256-+sMGqywrSr50BGMLMeY789mSrzjkoxZiu61eWjYS/8o=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "fc843893cecc1838a59713ee3e50e9e7edc6207c",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "nix-darwin-24.11",
"repo": "nix-darwin",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1744098102, "lastModified": 1744463964,
"narHash": "sha256-tzCdyIJj9AjysC3OuKA+tMD/kDEDAF9mICPDU7ix0JA=", "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c8cd81426f45942bb2906d5ed2fe21d2f19d95b7", "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -351,29 +259,45 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-25_05": {
"locked": { "locked": {
"lastModified": 1744440957, "lastModified": 1747610100,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1748889542,
"narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1744463964, "lastModified": 1748693115,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -385,11 +309,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1744463964, "lastModified": 1748693115,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -401,11 +325,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1736344531, "lastModified": 1748370509,
"narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=", "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912", "rev": "4faa5f5321320e49a78ae7848582f684d64783e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -417,21 +341,37 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1744440957, "lastModified": 1748889542,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": {
"lastModified": 1747179050,
"narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1743448293, "lastModified": 1743448293,
"narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=",
@ -447,58 +387,6 @@
"type": "github" "type": "github"
} }
}, },
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1744461753,
"narHash": "sha256-3oO3CwYmZE5P4Hp5XR5WCZbF/rj5+kF0m5sTNTMDYss=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "a22fbed4c4784e6a9761f9a896d31da98c3117b2",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "nixos-24.11",
"repo": "nixvim",
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744375525,
"narHash": "sha256-/Wf5Ca0DmV+y+qVBDXX8HAfAvSQI6y5oE27dv6t1jXk=",
"owner": "NuschtOS",
"repo": "search",
"rev": "c0e7d3bda11e2cfad692d205d82757078475957a",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"catppuccin": "catppuccin", "catppuccin": "catppuccin",
@ -508,12 +396,35 @@
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"spicetify-nix": "spicetify-nix", "spicetify-nix": "spicetify-nix",
"zen-browser": "zen-browser" "zen-browser": "zen-browser"
} }
}, },
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_5",
"nixpkgs-25_05": "nixpkgs-25_05"
},
"locked": {
"lastModified": 1747965231,
"narHash": "sha256-BW3ktviEhfCN/z3+kEyzpDKAI8qFTwO7+S0NVA0C90o=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "53007af63fade28853408370c4c600a63dd97f41",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-25.05",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -521,11 +432,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744669848, "lastModified": 1747603214,
"narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
"owner": "mic92", "owner": "mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "61154300d945f0b147b30d24ddcafa159148026a", "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -539,14 +450,14 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
], ],
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1744682091, "lastModified": 1748752728,
"narHash": "sha256-zudMf0YW3mB0f2XnWPAjYdKioJPaJQchhO4bCeBOZAI=", "narHash": "sha256-en008ncPUQjVx2i3PbM4RWeZkD9DNbJwIy0epppXe2o=",
"owner": "Gerg-L", "owner": "Gerg-L",
"repo": "spicetify-nix", "repo": "spicetify-nix",
"rev": "44ed9eb751a6966ffb291edbda2e9bebd3ebcd4a", "rev": "0e03de40d5128eb2ad600c98f57cf5db2cdf3240",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -570,53 +481,17 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1743748085,
"narHash": "sha256-uhjnlaVTWo5iD3LXics1rp9gaKgDRQj6660+gbUU3cE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "815e4121d6a5d504c0f96e5be2dd7f871e4fd99d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"zen-browser": { "zen-browser": {
"inputs": { "inputs": {
"home-manager": "home-manager_3", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1744777359, "lastModified": 1748920570,
"narHash": "sha256-20REqJW54bbQIBuP19fcjPamV9mpWN0+RPcp5hQwwLI=", "narHash": "sha256-m7EshkqPxa3IxN/qwxP1LlMlRdn37aiK0hghDieho8A=",
"owner": "0xc000022070", "owner": "0xc000022070",
"repo": "zen-browser-flake", "repo": "zen-browser-flake",
"rev": "d2bb30f451ef7802aca1954a6eb75efbc4c25872", "rev": "ff5bf0bcf588e8c1d0f5fcd635b0c8e1cce8aee5",
"type": "github" "type": "github"
}, },
"original": { "original": {

58
flake.nix
View File

@ -5,17 +5,17 @@
# #
# ========= Official NixOS and HM Package Sources ========= # ========= Official NixOS and HM Package Sources =========
# #
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
# The next two are for pinning to stable vs unstable regardless of what the above is set to # The next two are for pinning to stable vs unstable regardless of what the above is set to
# This is particularly useful when an upcoming stable release is in beta because you can effectively # This is particularly useful when an upcoming stable release is in beta because you can effectively
# keep 'nixpkgs-stable' set to stable for critical packages while setting 'nixpkgs' to the beta branch to # keep 'nixpkgs-stable' set to stable for critical packages while setting 'nixpkgs' to the beta branch to
# get a jump start on deprecation changes. # get a jump start on deprecation changes.
# See also 'stable-packages' and 'unstable-packages' overlays at 'overlays/default.nix" # See also 'stable-packages' and 'unstable-packages' overlays at 'overlays/default.nix"
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-24.11"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -28,16 +28,10 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Catppuccin theming # Catppuccin theming
catppuccin = { catppuccin.url = "github:catppuccin/nix";
url = "github:catppuccin/nix";
};
# vim
nixvim = {
url = "github:nix-community/nixvim/nixos-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
# Bar # Bar
hyprpanel.url = "github:Jas-SinghFSU/HyprPanel"; hyprpanel.url = "github:Jas-SinghFSU/HyprPanel";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05";
# Spotify # Spotify
spicetify-nix = { spicetify-nix = {
url = "github:Gerg-L/spicetify-nix"; url = "github:Gerg-L/spicetify-nix";
@ -54,6 +48,7 @@
self, self,
nixpkgs, nixpkgs,
home-manager, home-manager,
simple-nixos-mailserver,
... ...
}@inputs: }@inputs:
let let
@ -79,31 +74,51 @@
systems = builtins.map (config: defaultAttrs // config) [ systems = builtins.map (config: defaultAttrs // config) [
{ {
hostName = "desktop"; hostName = "desktop";
system = "x86_64-linux";
nvidia.enable = true; nvidia.enable = true;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
} }
{ {
hostName = "thinkpad"; hostName = "thinkpad";
system = "x86_64-linux"; ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH";
} }
{ {
hostName = "pi4"; hostName = "pi4";
system = "aarch64-linux"; system = "aarch64-linux";
wayland.enable = false; wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE";
address.private = common.localIpAddr 188;
}
{
hostName = "homelab";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
address.private = common.localIpAddr 231;
address.tailnet = common.tailnetAddr "admin";
} }
# TODO Homelab config
]; ];
defaultAttrs = { defaultAttrs = {
user = { hostName = builtins.abort "hostName is required";
name = common.username; system = "x86_64-linux";
password = "temp"; # TODO username = common.username;
};
version = common.system.version; version = common.system.version;
wayland.enable = true; wayland.enable = true;
nvidia.enable = false; nvidia.enable = false;
}; };
knownSystems = [
{
# Samsung S23 FE
hostName = "localhost-y4maoyqm";
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7SSjiqnjif1Kko60iXVTKJ7a1/lRlR8TFNtoclNcnQ";
}
{
# OnePlus 8
hostName = "localhost-4izgka9k";
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALtulVgLrUEpKnpfPFQTHjaEXTxs2Q818NC18eLx0bj";
}
];
in in
{ {
# #
@ -120,7 +135,7 @@
{ {
hostName, hostName,
system, system,
user, username,
... ...
}@systemConfig: }@systemConfig:
@ -136,6 +151,8 @@
theme theme
lib lib
systemConfig systemConfig
systems
knownSystems
; ;
isDarwin = false; isDarwin = false;
}; };
@ -155,9 +172,10 @@
theme theme
libHm libHm
systemConfig systemConfig
systems
; ;
}; };
users.${user.name} = import ./hosts/${hostName}/home-manager; users.${username} = import ./hosts/${hostName}/home-manager;
}; };
} }
{ {

18
hosts/desktop/bluetooth.nix Normal file
View File

@ -0,0 +1,18 @@
{ pkgs, ... }:
{
hardware.bluetooth = {
enable = true;
input = {
# Required to get PS3 controllers working
General = {
ClassicBondedOnly = false;
UserspaceHID = false;
};
};
powerOnBoot = true;
package = pkgs.unstable.bluez;
};
services.blueman.enable = true;
}

6
hosts/desktop/default.nix
View File

@ -1,11 +1,15 @@
{ {
lib, lib,
pkgs,
... ...
}: }:
{ {
imports = [ imports = [
(lib.custom.relativeToRoot "shared/modules") (lib.custom.relativeToDesktop "modules")
./bluetooth.nix
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages_6_14;
} }

2
hosts/desktop/home-manager/default.nix
View File

@ -5,7 +5,7 @@
{ {
imports = [ imports = [
(lib.custom.relativeToRoot "shared/home-manager") (lib.custom.relativeToDesktop "home-manager")
./hyprpaper.nix ./hyprpaper.nix
./settings.nix ./settings.nix
]; ];

42
hosts/pi4/actual.nix Normal file
View File

@ -0,0 +1,42 @@
{ config, common, ... }:
let
domain = "beta.budget.${common.domain}";
in
{
networking.nat = {
enable = true;
internalInterfaces = [ "ve-*" ];
externalInterface = "wlan0";
# Lazy IPv6 connectivity for the container
enableIPv6 = true;
};
containers.actual = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.10.188";
localAddress = "192.168.10.11";
config =
{ ... }:
{
services = {
actual = {
enable = true;
settings = {
port = 8084;
loginMethod = "password";
};
};
};
system.stateVersion = common.system.version;
};
};
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${config.containers.actual.localAddress}:8084";
proxyWebsockets = true;
};
};
}

91
hosts/pi4/caddy.nix Normal file
View File

@ -0,0 +1,91 @@
{ common, ... }:
let
domain = common.domain;
in
{
services.caddy = {
enable = false;
email = "cert@${domain}";
virtualHosts =
let
localProxy = proxyTo "localhost";
homelabProxy = proxyTo "192.168.10.231";
proxyTo = ip: port: "reverse_proxy ${ip}:${builtins.toString port}";
redirect = subdomain: "redir https://${subdomain}.${domain}{uri}";
in
{
"beta.${domain}".extraConfig = ''
redir https://${domain}{uri}
'';
"git.${domain}".extraConfig = ''
${redirect "code"}
'';
"kitchenowl.${domain}".extraConfig = ''
${redirect "grocery"}
'';
# Gitea
"code.${domain}".extraConfig = ''
${homelabProxy 3000}
'';
# Forgejo
"beta.code.${domain}".extraConfig = ''
${localProxy 8001}
'';
# Nextcloud
"nextcloud.${domain}".extraConfig = ''
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
${homelabProxy 11000}
'';
# Kitchenowl
"grocery.${domain}".extraConfig = ''
${homelabProxy 800}
'';
# Actual Budget
"budget.${domain}".extraConfig = ''
${homelabProxy 5006}
'';
# Uptime Kuma
"status.${domain}".extraConfig = ''
${homelabProxy 3001}
'';
# Headscale
"vpn.${domain}".extraConfig = ''
reverse_proxy /web* 192.168.10.231:8084
reverse_proxy * 192.168.10.231:8082
'';
# Headscale SmartDNS
"dns.${domain}".extraConfig = ''
${homelabProxy 8082}
'';
# FreshRSS
"rss.${domain}".extraConfig = ''
${homelabProxy 8085}
'';
# Ente backend
"api.ente.${domain}".extraConfig = ''
${homelabProxy 8083}
'';
# Ente Photos frontend
"ente.${domain}".extraConfig = ''
${homelabProxy 3003}
'';
# Ente Auth frontend
"mfa.${domain}".extraConfig = ''
${homelabProxy 3004}
'';
# Homepage / portfolio
"${domain}".extraConfig = ''
${homelabProxy 4321}
'';
# Yamtrack
"track.${domain}".extraConfig = ''
${homelabProxy 8090}
'';
# Donetick
"chore.${domain}".extraConfig = ''
${homelabProxy 2021}
'';
};
};
}

34
hosts/pi4/default.nix
View File

@ -1,29 +1,19 @@
{ { lib, ... }:
lib,
systemConfig,
...
}:
{ {
imports = [ imports = with lib.custom; [
(lib.custom.relativeToRoot "shared/modules/nix-helper.nix") (relativeToBase "modules")
(lib.custom.relativeToRoot "shared/modules/nixos.nix") ./actual.nix
(lib.custom.relativeToRoot "shared/modules/shell.nix")
./boot.nix ./boot.nix
./development.nix ./caddy.nix
./forgejo.nix
./hardware.nix ./hardware.nix
./networking.nix ./headscale.nix
./mailserver.nix
./nextcloud.nix
./nginx.nix
./podman.nix
./postgres.nix
./security ./security
]; ];
system.stateVersion = systemConfig.version;
users = {
mutableUsers = false;
users.${systemConfig.user.name} = {
isNormalUser = true;
password = systemConfig.user.password;
extraGroups = [ "wheel" ];
};
};
} }

11
hosts/pi4/development.nix
View File

@ -1,11 +0,0 @@
{ pkgs, lib, ... }:
{
imports = [
(lib.custom.relativeToRoot "shared/modules/development/formatters.nix")
];
environment.systemPackages = with pkgs; [
just
];
}

94
hosts/pi4/forgejo.nix Normal file
View File

@ -0,0 +1,94 @@
{
config,
pkgs,
lib,
systemConfig,
common,
...
}:
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
domain = "beta.code.${common.domain}";
passwordKey = "forgejo/admin-pass";
runnerTokenKey = "forgejo/runner-token";
in
{
services = {
nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString srv.HTTP_PORT}";
serverAliases = [ "beta.git.${common.domain}" ];
};
forgejo = {
enable = true;
database.type = "postgres";
# Enable support for Git Large File Storage
lfs.enable = true;
secrets.mailer.PASSWD = config.sops.secrets."mailserver/password-hash".path;
settings = {
server = {
DOMAIN = domain;
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${domain}/";
HTTP_PORT = 8002;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
# Sending emails is completely optional
# You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration
mailer = lib.mkIf config.mailserver.enable {
ENABLED = true;
PROTOCOL = "smtps";
SMTP_ADDR = config.mailserver.fqdn;
FROM = "noreply-forgejo@${common.domain}";
USER = "${systemConfig.username}@${common.domain}";
};
};
};
gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = "monolith";
url = "https://${domain}";
# Obtaining the path to the runner token file may differ
# tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
tokenFile = config.sops.secrets.${runnerTokenKey}.path;
labels = [
"docker:docker://node:20-bullseye"
"native:host"
];
};
};
};
sops.secrets = {
${passwordKey}.owner = "forgejo";
${runnerTokenKey}.owner = "forgejo";
};
# Create a single admin user / update password if exists
systemd.services.forgejo.preStart =
let
adminCmd = "${lib.getExe config.services.forgejo.package} admin user";
pwd = config.sops.secrets.${passwordKey};
user = "martin"; # Note, Forgejo doesn't allow creation of an account named "admin"
email = "git@${common.domain}";
in
''
${adminCmd} create --admin --email "${email}" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
## Alter an existing user. Will prompt new password on login
# ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
'';
}

66
hosts/pi4/headscale.nix Normal file
View File

@ -0,0 +1,66 @@
{
config,
common,
...
}:
let
cfg = config.services.headscale;
domain = "beta.vpn.${common.domain}";
dnsDomain = "secure.${common.domain}";
in
{
networking.firewall = {
trustedInterfaces = [ config.services.tailscale.interfaceName ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
services = {
headscale = {
enable = true;
address = "0.0.0.0";
port = 8083;
settings = {
database = {
postgres = {
host = "/run/postgresql";
name = "headscale";
port = config.services.postgresql.settings.port;
user = cfg.user;
};
type = "postgres";
};
dns = {
base_domain = dnsDomain;
magic_dns = true;
};
logtail.enabled = false;
server_url = "https://${domain}";
};
};
nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
postgresql =
let
psql = cfg.settings.database.postgres;
in
{
ensureDatabases = [ psql.name ];
ensureUsers = [
{
name = psql.user;
ensureDBOwnership = true;
}
];
};
};
}

30
hosts/pi4/home-manager/default.nix
View File

@ -1,31 +1,9 @@
{ { lib, ... }:
lib,
inputs,
outputs,
systemConfig,
...
}:
{ {
imports = [ imports = with lib.custom; [
inputs.catppuccin.homeModules.catppuccin (relativeToBase "home-manager")
(lib.custom.relativeToRoot "shared/home-manager/btop.nix")
(lib.custom.relativeToRoot "shared/home-manager/development/git.nix")
(lib.custom.relativeToRoot "shared/home-manager/fastfetch.nix")
(lib.custom.relativeToRoot "shared/home-manager/fish.nix")
(lib.custom.relativeToRoot "shared/home-manager/gpg.nix")
./helix.nix
]; ];
home.stateVersion = systemConfig.version; programs.git.signing.key = "E3FA0E995C0D0E5E";
# Adds pkgs.unstable in order to fetch packages from unstable repositories
nixpkgs.overlays = [ outputs.overlays.unstable-packages ];
programs = {
git.signing.key = "E3FA0E995C0D0E5E";
# Let Home Manager install and manage itself.
home-manager.enable = true;
};
} }

30
hosts/pi4/home-manager/helix.nix
View File

@ -1,30 +0,0 @@
{ pkgs, theme, ... }:
{
catppuccin.helix = {
enable = true;
flavor = theme.flavor;
};
programs.helix = {
enable = true;
defaultEditor = true;
settings = {
editor = {
cursor-shape = {
normal = "block";
insert = "bar";
select = "underline";
};
lsp.display-messages = true;
};
};
languages.language = [
{
name = "nix";
auto-format = true;
formatter.command = "${pkgs.nixfmt-rfc-style}/bin/nixfmt";
}
];
};
}

44
hosts/pi4/mailserver.nix Normal file
View File

@ -0,0 +1,44 @@
{
config,
inputs,
common,
systemConfig,
...
}:
let
passwordHashKey = "mailserver/password-hash";
in
{
imports = [
inputs.simple-nixos-mailserver.nixosModule
];
mailserver = {
enable = true;
# stateVersion = 1; TODO uncomment on 25.11
fqdn = "mail.${common.domain}";
domains = [
common.domain
];
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"${systemConfig.username}@${common.domain}" = {
hashedPasswordFile = config.sops.secrets.${passwordHashKey}.path;
};
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = "acme-nginx";
};
networking.firewall.allowedTCPPorts = [
25
465
587
];
sops.secrets.${passwordHashKey}.neededForUsers = true;
}

90
hosts/pi4/nextcloud.nix Normal file
View File

@ -0,0 +1,90 @@
# https://mich-murphy.com/configure-nextcloud-nixos/
{
pkgs,
config,
common,
...
}:
let
adminPassKey = "nextcloud/admin-pass";
domain = "beta.nextcloud.${common.domain}";
dbname = "nextcloud";
dbuser = dbname;
in
{
security.acme = {
acceptTerms = true;
certs.${config.services.nextcloud.hostName}.email = "acme@${common.domain}";
};
services = {
nextcloud = {
enable = true;
autoUpdateApps.enable = true;
config = {
adminpassFile = config.sops.secrets.${adminPassKey}.path;
dbtype = "pgsql";
dbname = dbname;
dbuser = dbuser;
# default directory for postgresql, ensures automatic setup of db
dbhost = "/run/postgresql";
adminuser = "admin";
};
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
contacts
deck
notes
tasks
;
};
extraAppsEnable = true;
hostName = domain;
https = true;
maxUploadSize = "0"; # No max limit
package = pkgs.nextcloud31;
settings = {
default_phone_region = "NO";
trusted_domains = [
domain
];
};
};
nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
};
postgresql = {
ensureDatabases = [ dbname ];
ensureUsers = [
{
name = dbuser;
ensureDBOwnership = true;
}
];
};
postgresqlBackup = {
enable = true;
location = "/data/backup/nextclouddb";
databases = [ dbname ];
# time to start backup in systemd.time format
startAt = "*-*-* 23:15:00";
};
};
sops.secrets.${adminPassKey}.neededForUsers = true;
# ensure postgresql db is started with nextcloud
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
}

93
hosts/pi4/nginx.nix Normal file
View File

@ -0,0 +1,93 @@
{
common,
...
}:
let
domain = common.domain;
proxyTo = address: port: {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "${address}:${builtins.toString port}";
};
proxyLocations = locations: {
enableACME = true;
forceSSL = true;
inherit locations;
};
homelab = "http://${common.localIpAddr 231}";
homelabProxy = proxyTo homelab; # TODO get homelab local ip from systems
redirect = subdomain: {
enableACME = true;
forceSSL = true;
globalRedirect = if subdomain == "" then domain else "${subdomain}.${domain}";
};
in
{
services.nginx = {
enable = true;
enableReload = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
# Beta is currently stable
"www.${domain}" = redirect "";
"beta.${domain}" = redirect "";
"git.${domain}" = redirect "code";
"kitchenowl.${domain}" = redirect "grocery";
# Gitea
"code.${domain}" = homelabProxy 3000;
# Nextcloud
"nextcloud.${domain}" = proxyLocations {
"/".proxyPass = "${homelab}:11000";
"/.well-known/carddav".return = "301 /remote.php/dav";
"/.well-known/caldav".return = "301 /remote.php/dav";
};
# Kitchenowl
"grocery.${domain}" = homelabProxy 800;
# Actual budget
"budget.${domain}" = homelabProxy 5006;
# Uptime Kuma
"status.${domain}" = homelabProxy 3001;
# Headscale
"vpn.${domain}" = proxyLocations {
"/web".proxyPass = "${homelab}:8084";
"/" = {
proxyPass = "${homelab}:8082";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect http:// https://;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
'';
};
};
# Headscale SmartDNS
"dns.${domain}" = homelabProxy 8082;
# FreshRSS
"rss.${domain}" = homelabProxy 8085;
# Ente backend
"api.ente.${domain}" = homelabProxy 8083;
# Ente Photos frontend
"ente.${domain}" = homelabProxy 3003;
# Ente Auth frontend
"mfa.${domain}" = homelabProxy 3004;
# Homepage / portfolio
"${domain}" = homelabProxy 4321;
# Yamtrack
"track.${domain}" = homelabProxy 8090;
# Donetick
"chore.${domain}" = homelabProxy 2021;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "acme@${domain}";
};
}

23
hosts/pi4/podman.nix Normal file
View File

@ -0,0 +1,23 @@
{ pkgs, ... }:
{
virtualisation = {
# Enable common container config files in /etc/containers
containers.enable = true;
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Useful other development tools
environment.systemPackages = with pkgs; [
podman-tui # status of containers in the terminal
podman-compose # start group of containers for dev
];
}

11
hosts/pi4/postgres.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
{
services.postgresql = {
enable = true;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all all trust
'';
};
}

9
hosts/pi4/security/default.nix
View File

@ -3,12 +3,5 @@
./firewall.nix ./firewall.nix
]; ];
programs.gnupg.agent = { services.pcscd.enable = true;
enable = true;
enableSSHSupport = true;
};
services = {
pcscd.enable = true;
gnome.gnome-keyring.enable = true;
};
} }

16
hosts/pi4/security/firewall.nix
View File

@ -1,15 +1,15 @@
{ common, ... }:
{ {
networking = { networking = {
firewall = { firewall = {
enable = true; enable = true;
trustedInterfaces = [ "tailscale0" ]; allowedTCPPorts = [
extraInputRules = 80
let 443
localIPv4Range = "192.168.10.0/24"; ];
in extraInputRules = ''
'' ip saddr ${common.localIpRange} accept
ip saddr ${localIPv4Range} tcp dport 22 accept
ip saddr ${localIPv4Range} udp dport 22 accept
''; '';
}; };
nftables.enable = true; nftables.enable = true;

2
hosts/thinkpad/default.nix
View File

@ -6,7 +6,7 @@
{ {
imports = [ imports = [
(lib.custom.relativeToRoot "shared/modules") (lib.custom.relativeToDesktop "modules")
./battery.nix ./battery.nix
./bluetooth.nix ./bluetooth.nix
./hardware-configuration.nix ./hardware-configuration.nix

2
hosts/thinkpad/home-manager/default.nix
View File

@ -5,7 +5,7 @@
{ {
imports = [ imports = [
(lib.custom.relativeToRoot "shared/home-manager") (lib.custom.relativeToDesktop "home-manager")
./hyprland ./hyprland
./zen ./zen
]; ];

1
hosts/thinkpad/home-manager/hyprland/default.nix
View File

@ -1,6 +1,7 @@
# Home configurations for Hyprland. For system configs, see ./modules/hyprland # Home configurations for Hyprland. For system configs, see ./modules/hyprland
{ {
imports = [ imports = [
./hyprlock.nix
./hyprpanel.nix ./hyprpanel.nix
./settings.nix ./settings.nix
]; ];

15
hosts/thinkpad/home-manager/hyprland/hyprlock.nix Normal file
View File

@ -0,0 +1,15 @@
{ pkgs, lib, ... }:
{
# TODO fingerprint prompt using $FPRINTPROMPT
programs.hyprlock = {
package = pkgs.unstable.hyprlock;
settings = {
auth."fingerprint:enabled" = true;
# Override removed settings shared config
general = lib.mkForce {
hide_cursor = true;
};
};
};
}

9
hosts/thinkpad/security.nix
View File

@ -2,8 +2,7 @@
{ {
security = { security = {
pam = { pam.services = {
services = {
gdm-fingerprint.text = '' gdm-fingerprint.text = ''
auth required pam_shells.so auth required pam_shells.so
auth requisite pam_nologin.so auth requisite pam_nologin.so
@ -24,7 +23,6 @@
login.fprintAuth = false; login.fprintAuth = false;
}; };
}; };
};
# Start the driver at boot # Start the driver at boot
systemd.services.fprintd = { systemd.services.fprintd = {
@ -37,9 +35,4 @@
enable = true; enable = true;
tod.driver = pkgs.libfprint-2-tod1-goodix-550a; # Goodix 550a driver (from Lenovo) tod.driver = pkgs.libfprint-2-tod1-goodix-550a; # Goodix 550a driver (from Lenovo)
}; };
# however for focaltech 2808:a658, use fprintd with overidden package (without tod)
# services.fprintd.package = pkgs.fprintd.override {
# libfprint = pkgs.libfprint-focaltech-2808-a658;
# };
} }

16
justfile
View File

@ -18,6 +18,12 @@ test *FLAGS:
just fmt just fmt
nh os test . {{FLAGS}} nh os test . {{FLAGS}}
# Add new configuration to bootloader, but don't activate it now
boot *FLAGS:
git add .
just fmt
nh os test . {{FLAGS}}
# Switch to new config and add to bootloader # Switch to new config and add to bootloader
switch *FLAGS: switch *FLAGS:
git add . git add .
@ -28,11 +34,9 @@ switch *FLAGS:
switch-now *FLAGS: switch-now *FLAGS:
nh os switch . {{FLAGS}} nh os switch . {{FLAGS}}
update-all: update-all *FLAGS:
nix-channel --update
nix flake update nix flake update
just switch {{FLAGS}}
just switch
update PKG: update PKG:
nix flake update {{PKG}} nix flake update {{PKG}}
@ -63,6 +67,10 @@ generate-age-from-ssh:
get-public-age-key: get-public-age-key:
nix shell nixpkgs#age -c age-keygen -y ~/.config/sops/age/keys.txt nix shell nixpkgs#age -c age-keygen -y ~/.config/sops/age/keys.txt
# Get the public ssh key from the current user
get-public-ssh-key:
cat ~/.ssh/id_ed25519.pub
# Edit the SOPS secrets file # Edit the SOPS secrets file
edit-secrets: edit-secrets:
nix run nixpkgs#sops -- shared/secrets/secrets.yaml nix run nixpkgs#sops -- shared/secrets/secrets.yaml

11
lib/default.nix
View File

@ -1,16 +1,19 @@
# FIXME(lib.custom): Add some stuff from hmajid2301/dotfiles/lib/module/default.nix, as simplifies option declaration # FIXME(lib.custom): Add some stuff from hmajid2301/dotfiles/lib/module/default.nix, as simplifies option declaration
{ lib, ... }: { lib, ... }:
with builtins;
{ {
getSecret = with lib.strings; filePath: trim (removeSuffix "\n" (builtins.readFile filePath)); getSecret = with lib.strings; filePath: trim (removeSuffix "\n" (readFile filePath));
# use path relative to the root of the project # use path relative to the root of the project
relativeToRoot = lib.path.append ../.; relativeToRoot = lib.path.append ../.;
relativeToBase = lib.path.append ../shared/base;
relativeToDesktop = lib.path.append ../shared/desktop;
scanPaths = scanPaths =
path: path:
builtins.map (f: (path + "/${f}")) ( map (f: (path + "/${f}")) (
builtins.attrNames ( attrNames (
lib.attrsets.filterAttrs ( lib.attrsets.filterAttrs (
path: _type: path: _type:
(_type == "directory") # include directories (_type == "directory") # include directories
@ -18,7 +21,7 @@
(path != "default.nix") # ignore default.nix (path != "default.nix") # ignore default.nix
&& (lib.strings.hasSuffix ".nix" path) # include .nix files && (lib.strings.hasSuffix ".nix" path) # include .nix files
) )
) (builtins.readDir path) ) (readDir path)
) )
); );
} }

12
shared/base/home-manager/default.nix Normal file
View File

@ -0,0 +1,12 @@
{ inputs, ... }:
{
imports = [
inputs.catppuccin.homeModules.catppuccin
./development
./shell
./gpg.nix
./home-manager.nix
./ssh.nix
];
}

6
shared/base/home-manager/development/default.nix Normal file
View File

@ -0,0 +1,6 @@
{
imports = [
./git.nix
./helix.nix
];
}

9
shared/home-manager/development/git.nix → shared/base/home-manager/development/git.nix
View File

@ -1,7 +1,10 @@
{ pkgs, ... }: { pkgs, common, ... }:
{ {
home.packages = with pkgs; [ git-crypt ]; home.packages = with pkgs; [
git-crypt
gitmoji-cli
];
programs.git = programs.git =
let let
@ -11,7 +14,7 @@
enable = true; enable = true;
package = package; package = package;
userName = "Martin Berg Alstad"; userName = "Martin Berg Alstad";
userEmail = "git@martials.no"; userEmail = "git@${common.domain}";
aliases = { aliases = {
amend = "commit --amend"; amend = "commit --amend";

103
shared/base/home-manager/development/helix.nix Normal file
View File

@ -0,0 +1,103 @@
{
pkgs,
lib,
theme,
...
}:
{
catppuccin.helix = {
enable = true;
flavor = theme.flavor;
};
programs = {
fish.shellAliases.edit = "hx";
helix =
let
prettier = format: {
command = "prettier";
args = [
"--stdin-filepath"
"file.${format}"
];
};
in
{
enable = true;
defaultEditor = true;
extraPackages = with pkgs; [
# Markdown
marksman
markdown-oxide
# Html, css, Json, Eslint
vscode-langservers-extracted
# Yaml
ansible-language-server
yaml-language-server
];
settings = {
editor = {
auto-save = {
after-delay.enable = true;
focus-lost = true;
};
cursor-shape = {
normal = "block";
insert = "bar";
select = "underline";
};
lsp = {
display-inlay-hints = true;
display-messages = true;
};
};
keys.normal = {
C-f = ":format";
};
};
languages.language = [
{
name = "css";
formatter = prettier "css";
auto-format = true;
}
{
name = "json";
language-servers = [
"vscode-json-language-server"
];
formatter = prettier "json";
auto-format = true;
}
{
name = "jsonc";
language-servers = [
];
formatter = prettier "jsonc";
file-types = [
"jsonc"
];
auto-format = true;
}
{
name = "markdown";
formatter = prettier "md";
auto-format = true;
}
{
name = "nix";
formatter.command = lib.getExe pkgs.nixfmt-rfc-style;
auto-format = true;
}
{
name = "yaml";
formatter = prettier "yaml";
auto-format = true;
}
];
};
};
}

2
shared/home-manager/gpg.nix → shared/base/home-manager/gpg.nix
View File

@ -5,6 +5,6 @@
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableFishIntegration = true; enableFishIntegration = true;
pinentryPackage = pkgs.pinentry-curses; pinentry.package = pkgs.pinentry-curses;
}; };
} }

16
shared/base/home-manager/home-manager.nix Normal file
View File

@ -0,0 +1,16 @@
{
systemConfig,
common,
...
}:
{
home = {
username = systemConfig.username;
homeDirectory = common.dir.home;
stateVersion = systemConfig.version;
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
}

13
shared/base/home-manager/shell/bat.nix Normal file
View File

@ -0,0 +1,13 @@
{ theme, ... }:
{
catppuccin.bat = {
enable = true;
flavor = theme.flavor;
};
programs = {
bat.enable = true;
fish.shellAliases.cat = "bat";
};
}

0
shared/home-manager/shell/btop.nix → shared/base/home-manager/shell/btop.nix
View File

5
shared/home-manager/shell/default.nix → shared/base/home-manager/shell/default.nix
View File

@ -1,10 +1,11 @@
{ {
imports = [ imports = [
./bat.nix
./btop.nix ./btop.nix
./cava ./eza.nix
./fastfetch.nix ./fastfetch.nix
./fish.nix ./fish.nix
./yazi ./fzf.nix
./zoxide.nix ./zoxide.nix
]; ];
} }

12
shared/base/home-manager/shell/eza.nix Normal file
View File

@ -0,0 +1,12 @@
{
programs = {
eza = {
enable = true;
colors = "always";
enableFishIntegration = true;
git = true;
icons = "always";
};
fish.shellAliases.ls = "eza";
};
}

0
shared/home-manager/shell/fastfetch.nix → shared/base/home-manager/shell/fastfetch.nix
View File

0
shared/home-manager/shell/fish.nix → shared/base/home-manager/shell/fish.nix
View File

13
shared/base/home-manager/shell/fzf.nix Normal file
View File

@ -0,0 +1,13 @@
{ theme, ... }:
{
catppuccin.fzf = {
enable = true;
flavor = theme.flavor;
};
programs.fzf = {
enable = true;
enableFishIntegration = true;
};
}

10
shared/base/home-manager/shell/zoxide.nix Normal file
View File

@ -0,0 +1,10 @@
# cd alternative
{
programs = {
fish.shellAliases.cd = "z";
zoxide = {
enable = true;
enableFishIntegration = true;
};
};
}

32
shared/base/home-manager/ssh.nix Normal file
View File

@ -0,0 +1,32 @@
# ~/.ssh/config
{
systemConfig,
systems,
common,
...
}:
with builtins;
{
programs.ssh = {
enable = true;
matchBlocks = listToAttrs (
map (system: {
name = system.hostName;
value =
let
hostName =
if (system ? address && system.address ? tailnet) then
system.address.tailnet
else
common.tailnetAddr system.hostName;
in
{
port = 22;
user = systemConfig.username;
hostname = hostName;
};
}) systems
);
};
}

11
shared/base/modules/default.nix Normal file
View File

@ -0,0 +1,11 @@
{
imports = [
./development
./networking.nix
./nix-helper.nix
./nixos.nix
./security
./shell.nix
./users.nix
];
}

13
shared/base/modules/development/default.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
imports = [
./formatters.nix
./nix.nix
];
environment.systemPackages = with pkgs; [
git
just
];
}

0
shared/modules/development/formatters.nix → shared/base/modules/development/formatters.nix
View File

0
shared/modules/development/nix.nix → shared/base/modules/development/nix.nix
View File

10
hosts/pi4/networking.nix → shared/base/modules/networking.nix
View File

@ -1,11 +1,17 @@
{ systemConfig, ... }: { pkgs, systemConfig, ... }:
{ {
environment.systemPackages = with pkgs; [
wget
];
networking = { networking = {
hostName = systemConfig.hostName;
networkmanager.enable = true; networkmanager.enable = true;
hostName = systemConfig.hostName;
}; };
programs.ssh.enableAskPassword = false;
services = { services = {
openssh.enable = true; openssh.enable = true;
tailscale.enable = true; tailscale.enable = true;

0
shared/modules/nix-helper.nix → shared/base/modules/nix-helper.nix
View File

5
shared/modules/nixos.nix → shared/base/modules/nixos.nix
View File

@ -21,5 +21,8 @@
overlays = [ outputs.overlays.unstable-packages ]; overlays = [ outputs.overlays.unstable-packages ];
}; };
system.stateVersion = systemConfig.version; system = {
rebuild.enableNg = true;
stateVersion = systemConfig.version;
};
} }

3
shared/modules/security/default.nix → shared/base/modules/security/default.nix
View File

@ -1,7 +1,8 @@
{ {
imports = [ imports = [
./keyring.nix
./sops.nix ./sops.nix
./yubikey.nix ./ssh.nix
]; ];
programs.gnupg.agent.enable = true; programs.gnupg.agent.enable = true;

3
shared/base/modules/security/keyring.nix Normal file
View File

@ -0,0 +1,3 @@
{
services.gnome.gnome-keyring.enable = true;
}

4
shared/modules/security/sops.nix → shared/base/modules/security/sops.nix
View File

@ -14,7 +14,7 @@
defaultSopsFile = lib.custom.relativeToRoot "shared/secrets/secrets.yaml"; defaultSopsFile = lib.custom.relativeToRoot "shared/secrets/secrets.yaml";
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
age.keyFile = "/home/${systemConfig.user.name}/.config/sops/age/keys.txt"; age.keyFile = "/home/${systemConfig.username}/.config/sops/age/keys.txt";
secrets.password.neededForUsers = true; secrets.password-hash.neededForUsers = true;
}; };
} }

33
shared/base/modules/security/ssh.nix Normal file
View File

@ -0,0 +1,33 @@
# /nix/store/<hash>/etc/ssh/ssh_config & /nix/store/<hash>/etc/ssh/authorized_keys
{
systemConfig,
systems,
knownSystems,
common,
...
}:
with builtins;
let
allSystems = knownSystems ++ systems;
in
{
programs.ssh.knownHosts = listToAttrs (
map (system: {
name = system.hostName;
value = {
extraHostNames = [
(
if (system ? address && system.address ? tailnet) then
system.address.tailnet
else
common.tailnetAddr system.hostName
)
];
publicKey = system.ssh.publicKey;
};
}) allSystems
);
users.users.${systemConfig.username}.openssh.authorizedKeys.keys = (
map (system: system.ssh.publicKey) allSystems
);
}

0
shared/modules/shell.nix → shared/base/modules/shell.nix
View File

18
shared/base/modules/users.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, systemConfig, ... }:
let
username = systemConfig.username;
in
{
users = {
mutableUsers = false;
users.${username} = {
isNormalUser = true;
hashedPasswordFile = config.sops.secrets.password-hash.path;
description = username;
extraGroups = [
"networkmanager"
"wheel"
];
};
};
}

9
shared/common.nix
View File

@ -13,6 +13,13 @@ rec {
pictures = "${dir.home}/Pictures"; pictures = "${dir.home}/Pictures";
}; };
domain = "martials.no";
tailnetDomain = "dns.${domain}";
localIpPrefix = "192.168.10.";
localIpRange = "${localIpPrefix}0/24";
localIpAddr = subAddr: "${localIpPrefix}${builtins.toString subAddr}";
tailnetAddr = host: "${host}.${tailnetDomain}";
keymaps = { keymaps = {
layout = "gb,no"; layout = "gb,no";
options = "grp:alt_shift_toggle"; # Toggle using ALT + SHIFT options = "grp:alt_shift_toggle"; # Toggle using ALT + SHIFT
@ -28,5 +35,5 @@ rec {
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.version = "24.11"; system.version = "25.05";
} }

0
shared/home-manager/cursors.nix → shared/desktop/home-manager/cursors.nix
View File

2
shared/home-manager/default-applications.nix → shared/desktop/home-manager/default-applications.nix
View File

@ -5,7 +5,7 @@
let let
browser = "zen.desktop"; browser = "zen.desktop";
imageViewer = "imv.desktop"; imageViewer = "imv.desktop";
pdfReader = "org.gnome.Papers.desktop"; pdfReader = "sioyek.desktop";
in in
{ {
"text/html" = browser; "text/html" = browser;

31
shared/desktop/home-manager/default.nix Normal file
View File

@ -0,0 +1,31 @@
{
lib,
common,
...
}:
let
dir = common.dir;
in
{
imports = [
(lib.custom.relativeToBase "home-manager")
./development
./hyprland
./media
./rofi
./shell
./zen
./cursors.nix
./default-applications.nix
./freetube.nix
./gtk.nix
./kitty.nix
./nextcloud.nix
./sioyek.nix
./spicetify.nix
];
home.sessionVariables = {
XDG_PICTURES_DIR = dir.pictures; # Define the default dir for pictures
};
}

2
shared/home-manager/development/default.nix → shared/desktop/home-manager/development/default.nix
View File

@ -1,7 +1,5 @@
{ {
imports = [ imports = [
./git.nix
./nixvim
./zed.nix ./zed.nix
]; ];
# TODO set Wayland vmOptions in Jetbrains products, Requires current installed version in path # TODO set Wayland vmOptions in Jetbrains products, Requires current installed version in path

14
shared/home-manager/development/zed.nix → shared/desktop/home-manager/development/zed.nix
View File

@ -19,7 +19,7 @@
fontSize = 14; fontSize = 14;
in in
{ {
assistant = { agent = {
default_model = { default_model = {
provider = "ollama"; provider = "ollama";
model = "deepseek-r1:8b"; model = "deepseek-r1:8b";
@ -27,17 +27,17 @@
version = "2"; version = "2";
}; };
autosave = "on_focus_change"; autosave = "on_focus_change";
auto_update = false;
base_keymap = "JetBrains"; base_keymap = "JetBrains";
buffer_font_family = font; buffer_font_family = font;
features = { features = {
edit_completion_provider = "zed"; edit_completion_provider = "zed";
}; };
icon_theme = "Catppuccin Mocha"; icon_theme = {
# icon_theme = { TODO replace icon theme above with below mode = theme.mode;
# mode = theme.mode; light = "Catppuccin Latte";
# light = "Catppuccin Mocha"; dark = "Catppuccin Mocha";
# dark = "Catppuccin Mocha"; };
# };
ui_font_family = font; ui_font_family = font;
ui_font_size = fontSize; ui_font_size = fontSize;
buffer_font_size = fontSize; buffer_font_size = fontSize;

0
shared/home-manager/freetube.nix → shared/desktop/home-manager/freetube.nix
View File

0
shared/home-manager/gtk.nix → shared/desktop/home-manager/gtk.nix
View File

0
shared/home-manager/hyprland/binds.nix → shared/desktop/home-manager/hyprland/binds.nix
View File

0
shared/home-manager/hyprland/default.nix → shared/desktop/home-manager/hyprland/default.nix
View File

0
shared/home-manager/hyprland/hypridle/default.nix → shared/desktop/home-manager/hyprland/hypridle/default.nix
View File

4
shared/home-manager/hyprland/hyprlock/default.nix → shared/desktop/home-manager/hyprland/hyprlock/default.nix
View File

@ -14,7 +14,7 @@
# GENERAL # GENERAL
general = { general = {
disable_loading_bar = true; disable_loading_bar = true; # TODO removed in hyprlock 0.8
hide_cursor = true; hide_cursor = true;
}; };
@ -78,7 +78,7 @@
fail_color = "${theme.redRgb}"; fail_color = "${theme.redRgb}";
fail_text = "<i>$FAIL <b>($ATTEMPTS)</b></i>"; fail_text = "<i>$FAIL <b>($ATTEMPTS)</b></i>";
capslock_color = "${theme.yellowRgb}"; capslock_color = "${theme.yellowRgb}";
position = "0, -47"; # TODO change to use % at 25.05 position = "0, -5%";
halign = "center"; halign = "center";
valign = "center"; valign = "center";
}; };

0
shared/home-manager/hyprland/hyprpanel/default.nix → shared/desktop/home-manager/hyprland/hyprpanel/default.nix
View File

0
shared/home-manager/hyprland/hyprpaper.nix → shared/desktop/home-manager/hyprland/hyprpaper.nix
View File

0
shared/home-manager/hyprland/hyprshot.nix → shared/desktop/home-manager/hyprland/hyprshot.nix
View File

5
shared/home-manager/hyprland/settings.nix → shared/desktop/home-manager/hyprland/settings.nix
View File

@ -9,6 +9,11 @@ let
in in
{ {
wayland.windowManager.hyprland.settings = { wayland.windowManager.hyprland.settings = {
ecosystem = {
no_update_news = true;
no_donation_nag = true;
};
monitor = [ monitor = [
", preferred, auto, 1" ", preferred, auto, 1"
]; ];

0
shared/home-manager/kitty.nix → shared/desktop/home-manager/kitty.nix
View File

0
shared/home-manager/media/default.nix → shared/desktop/home-manager/media/default.nix
View File

0
shared/home-manager/media/imv.nix → shared/desktop/home-manager/media/imv.nix
View File

0
shared/home-manager/media/mpv.nix → shared/desktop/home-manager/media/mpv.nix
View File

0
shared/home-manager/nextcloud.nix → shared/desktop/home-manager/nextcloud.nix
View File

0
shared/home-manager/rofi/catppuccin-mocha.rasi → shared/desktop/home-manager/rofi/catppuccin-mocha.rasi
View File

0
shared/home-manager/rofi/config.rasi → shared/desktop/home-manager/rofi/config.rasi
View File

0
shared/home-manager/rofi/default.nix → shared/desktop/home-manager/rofi/default.nix
View File

0
shared/home-manager/rofi/rofimoji.rc → shared/desktop/home-manager/rofi/rofimoji.rc
View File

0
shared/home-manager/shell/cava/cava.png → shared/desktop/home-manager/shell/cava/cava.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.1 KiB

After

Width:  |  Height:  |  Size: 2.1 KiB

0
shared/home-manager/shell/cava/default.nix → shared/desktop/home-manager/shell/cava/default.nix
View File

6
shared/desktop/home-manager/shell/default.nix Normal file
View File

@ -0,0 +1,6 @@
{
imports = [
./cava
./yazi
];
}

4
shared/home-manager/shell/yazi/default.nix → shared/desktop/home-manager/shell/yazi/default.nix
View File

@ -14,7 +14,7 @@
enable = true; enable = true;
enableFishIntegration = true; enableFishIntegration = true;
keymap = { keymap = {
manager.prepend_keymap = [ mgr.prepend_keymap = [
{ {
run = "hidden toggle"; run = "hidden toggle";
on = [ "<C-h>" ]; on = [ "<C-h>" ];
@ -23,7 +23,7 @@
]; ];
}; };
settings = { settings = {
manager = { mgr = {
ratio = [ ratio = [
2 2
4 4

13
shared/desktop/home-manager/sioyek.nix Normal file
View File

@ -0,0 +1,13 @@
# PDF Viewer
{ theme, ... }:
{
catppuccin.sioyek = {
enable = true;
flavor = theme.flavor;
};
programs.sioyek = {
enable = true;
};
}

0
shared/home-manager/spicetify.nix → shared/desktop/home-manager/spicetify.nix
View File

0
shared/home-manager/zen/default.nix → shared/desktop/home-manager/zen/default.nix
View File

0
shared/modules/boot.nix → shared/desktop/modules/boot.nix
View File

10
shared/modules/default.nix → shared/desktop/modules/default.nix
View File

@ -1,5 +1,8 @@
{ lib, ... }:
{ {
imports = [ imports = with lib.custom; [
(relativeToBase "modules")
./boot.nix ./boot.nix
./development ./development
./electron.nix ./electron.nix
@ -11,16 +14,11 @@
./locale.nix ./locale.nix
./mail.nix ./mail.nix
./media.nix ./media.nix
./networking.nix
./nixos.nix
./nix-helper.nix
./office.nix ./office.nix
./hyprland ./hyprland
./sddm.nix ./sddm.nix
./security ./security
./shell.nix
./social.nix ./social.nix
./users.nix
./qt.nix ./qt.nix
./xdg.nix ./xdg.nix
./xserver.nix ./xserver.nix

7
shared/modules/development/default.nix → shared/desktop/modules/development/default.nix
View File

@ -4,19 +4,12 @@
imports = [ imports = [
./docker.nix ./docker.nix
./dotnet.nix ./dotnet.nix
./formatters.nix
./nix.nix
./node.nix ./node.nix
./ollama.nix ./ollama.nix
./rust.nix ./rust.nix
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# IDEs
vscodium # TODO set up extensions
# Tools
git
just
unstable.libpq # Required for PostgreSQL unstable.libpq # Required for PostgreSQL
]; ];
} }

0
shared/modules/development/docker.nix → shared/desktop/modules/development/docker.nix
View File

0
shared/modules/development/dotnet.nix → shared/desktop/modules/development/dotnet.nix
View File

0
shared/modules/development/node.nix → shared/desktop/modules/development/node.nix
View File

8
shared/desktop/modules/development/ollama.nix Normal file
View File

@ -0,0 +1,8 @@
{ lib, systemConfig, ... }:
{
services.ollama = {
enable = true;
acceleration = lib.mkIf systemConfig.nvidia.enable "cuda";
};
}

0
shared/modules/development/rust.nix → shared/desktop/modules/development/rust.nix
View File

0
shared/modules/electron.nix → shared/desktop/modules/electron.nix
View File

16
shared/desktop/modules/fonts.nix Normal file
View File

@ -0,0 +1,16 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
font-awesome # Icons
];
fonts = {
fontconfig.enable = true;
packages = with pkgs; [
nerd-fonts.jetbrains-mono
font-awesome
];
};
}

0
shared/modules/gaming/default.nix → shared/desktop/modules/gaming/default.nix
View File

Some files were not shown because too many files have changed in this diff Show More