christoph/flake-nixinator
1
Fork 0
Code Activity

Compare commits

base: christoph:561f4dd058af925ef16e103c9fa7016d64ad6ec4
Branches Tags
christoph:master
...
compare: christoph:38efd144ccbf92748cc9e6f16dfeb54971ef669f
Branches Tags
christoph:master

28 Commits
561f4dd058 ... 38efd144cc

Author SHA1 Message Date
Christoph Urlacher
38efd144cc Home/Servenix: Add initial servenix home configuration 2025-07-09 00:11:02 +02:00
Christoph Urlacher
f41c16a9f3 Home/Servenix: Add initial servenix system configuration 2025-07-09 00:10:50 +02:00
Christoph Urlacher
3760784342 Home: Update top-level user config for homelab integration 2025-07-09 00:10:18 +02:00
Christoph Urlacher
7b779b84c2 System: Update top-level system config for homelab integration 2025-07-09 00:10:06 +02:00
Christoph Urlacher
6d4c500aed System/Nixinator: Remove obsolete stuff from hardware-configuration.nix 2025-07-09 00:09:38 +02:00
Christoph Urlacher
d91e178155 Modules: Add docker/podman module 2025-07-09 00:06:22 +02:00
Christoph Urlacher
2a8c3b11d4 System/Nixinator: Enable nvidia-container-toolkit 2025-07-08 23:29:31 +02:00
Christoph Urlacher
d6a2725db3 Modules: Fix typos 2025-07-08 23:26:32 +02:00
Christoph Urlacher
8869dfb62a Modules: Add yazi module 2025-07-08 23:08:51 +02:00
Christoph Urlacher
c7f5ce4a36 Modules: Add mpd module 2025-07-08 23:08:40 +02:00
Christoph Urlacher
6205da9bbc Modules: Add beets module 2025-07-08 23:08:33 +02:00
Christoph Urlacher
dbc4219bdc System/Nixinator: Remove obsolete stuff from hardware-configuration.nix 2025-07-08 22:48:34 +02:00
Christoph Urlacher
3084ed25ef Flake: Pass publicKeys attrest into configs 2025-07-08 22:48:13 +02:00
Christoph Urlacher
680f3da5e2 Lib/NixOS: Pass publicKeys attrset into config modules 2025-07-08 22:47:52 +02:00
Christoph Urlacher
8aeb80f406 Modules: Update template 2025-07-08 22:47:27 +02:00
Christoph Urlacher
b2358a096c Modules: Add git module 2025-07-08 22:47:17 +02:00
Christoph Urlacher
a5bacf0731 System: Replace systemd-boot config with module 2025-07-08 21:36:06 +02:00
Christoph Urlacher
275ec42358 Modules: Add bootloader module 2025-07-08 21:35:42 +02:00
Christoph Urlacher
2e9ddf8fa2 System: Replace desktopportal + fonts configs with modules 2025-07-08 20:15:49 +02:00
Christoph Urlacher
4f062e1644 Lib/NixOS: Add headless option to system generators 2025-07-08 20:15:29 +02:00
Christoph Urlacher
5fc158ff57 Modules: Add fonts module 2025-07-08 20:14:26 +02:00
Christoph Urlacher
6d9ec8d8a7 Modules: Add desktopportal module 2025-07-08 20:14:20 +02:00
Christoph Urlacher
e5e7a28ad0 Home: Update neovide font 2025-07-08 19:07:40 +02:00
Christoph Urlacher
d1b0b677bc System: Replace mime configuration with system-specific module usage 2025-07-08 19:07:13 +02:00
Christoph Urlacher
5822e57b8c Modules/Mime: Fix duplicate keys with identical video and audio players 2025-07-08 19:05:26 +02:00
Christoph Urlacher
20c44bebb7 Modules/Mime: Add mime module 2025-07-08 19:05:08 +02:00
Christoph Urlacher
3ecd08fb88 System: Update system module template 2025-07-08 18:57:20 +02:00
Christoph Urlacher
8d4934b836 Derivations: Update monolisa font 2025-07-08 17:31:49 +02:00
54 changed files with 2793 additions and 929 deletions
Expand all files Collapse all files

BIN
derivations/monolisa/MonoLisa-italic.ttf
View File

Binary file not shown.

BIN
derivations/monolisa/MonoLisa-normal.ttf
View File

Binary file not shown.

5
derivations/monolisa/default.nix
View File

@ -4,7 +4,7 @@
}: }:
stdenvNoCC.mkDerivation { stdenvNoCC.mkDerivation {
pname = "monolisa"; pname = "monolisa";
version = "1.0"; version = "2.016";
src = ./.; src = ./.;
@ -12,8 +12,7 @@ stdenvNoCC.mkDerivation {
runHook preInstall runHook preInstall
mkdir -p $out/share/fonts/truetype mkdir -p $out/share/fonts/truetype
mv MonoLisa-italic.ttf $out/share/fonts/truetype/ tar -xzf fonts.tar.gz -C $out/share/fonts/truetype
mv MonoLisa-normal.ttf $out/share/fonts/truetype/
runHook postInstall runHook postInstall
''; '';

BIN
derivations/monolisa/fonts.tar.gz Normal file
View File

Binary file not shown.

32
flake.nix
View File

@ -129,6 +129,12 @@
# This is required because mylib also uses the default nixpkgs lib. # This is required because mylib also uses the default nixpkgs lib.
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
}; };
# NOTE: Keep public keys here so they're easy to rotate
publicKeys = {
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAoJac+GdGtzblCMA0lBfMdSR6aQ4YyovrNglCFGIny christoph.urlacher@protonmail.com";
};
in { in {
# Local shell for NixFlake directory # Local shell for NixFlake directory
devShells."${system}".default = import ./shell.nix {inherit pkgs;}; devShells."${system}".default = import ./shell.nix {inherit pkgs;};
@ -160,18 +166,40 @@
# - The nixd HM options completion doesn't seem to work # - The nixd HM options completion doesn't seem to work
# - The system needs to be rebuilt with every HM config change # - The system needs to be rebuilt with every HM config change
nixinator = mylib.nixos.mkNixosConfigWithHomeManagerModule { nixinator = mylib.nixos.mkNixosConfigWithHomeManagerModule {
inherit system mylib; inherit system mylib publicKeys;
hostname = "nixinator"; hostname = "nixinator";
username = "christoph"; username = "christoph";
headless = false;
extraModules = [ extraModules = [
# TODO: # TODO:
# inputs.nix-topology.nixosModules.default # inputs.nix-topology.nixosModules.default
]; ];
}; };
nixtop = mylib.nixos.mkNixosConfigWithHomeManagerModule { nixtop = mylib.nixos.mkNixosConfigWithHomeManagerModule {
inherit system mylib; inherit system mylib publicKeys;
hostname = "nixtop"; hostname = "nixtop";
username = "christoph"; username = "christoph";
headless = false;
extraModules = [
# TODO:
# inputs.nix-topology.nixosModules.default
];
};
servenix = mylib.nixos.mkNixosConfigWithHomeManagerModule {
inherit system mylib publicKeys;
hostname = "servenix";
username = "christoph";
headless = true;
extraModules = [
# TODO:
# inputs.nix-topology.nixosModules.default
];
};
thinknix = mylib.nixos.mkNixosConfigWithHomeManagerModule {
inherit system mylib publicKeys;
hostname = "thinknix";
username = "christoph";
headless = true;
extraModules = [ extraModules = [
# TODO: # TODO:
# inputs.nix-topology.nixosModules.default # inputs.nix-topology.nixosModules.default

601
home/christoph/default.nix
View File

@ -6,17 +6,19 @@
inputs, inputs,
hostname, hostname,
username, username,
publicKeys,
lib, lib,
mylib, mylib,
nixosConfig, nixosConfig,
config, config,
pkgs, pkgs,
headless,
... ...
}: }:
# This is a HM module. # This is a HM module.
# Because no imports/options/config is defined explicitly, everything is treated as config: # Because no imports/options/config is defined explicitly, everything is treated as config:
# { inputs, lib, ... }: { ... } gets turned into { inputs, lib, ... }: { config = { ... }; } implicitly. # { inputs, lib, ... }: { ... } gets turned into { inputs, lib, ... }: { config = { ... }; } implicitly.
rec { {
# Every module is a nix expression, specifically a function { inputs, lib, ... }: { ... }. # Every module is a nix expression, specifically a function { inputs, lib, ... }: { ... }.
# Every module (/function) is called with the same arguments as this module. # Every module (/function) is called with the same arguments as this module.
# Arguments with matching names are "plugged in" into the right slots, # Arguments with matching names are "plugged in" into the right slots,
@ -33,15 +35,17 @@ rec {
]; ];
# Enable and configure my custom HM modules. # Enable and configure my custom HM modules.
paths = { paths = rec {
enable = true; # You can't disable this enable = true; # You can't disable this
nixflake = "${config.home.homeDirectory}/NixFlake"; nixflake = "${config.home.homeDirectory}/NixFlake";
dotfiles = "${config.home.homeDirectory}/NixFlake/config"; dotfiles = "${nixflake}/config";
}; };
modules = { modules = {
beets.enable = !headless;
chromium = { chromium = {
enable = true; enable = !headless;
google = false; google = false;
}; };
@ -53,10 +57,10 @@ rec {
font = builtins.head nixosConfig.fonts.fontconfig.defaultFonts.monospace; font = builtins.head nixosConfig.fonts.fontconfig.defaultFonts.monospace;
}; };
docs.enable = true; docs.enable = !headless;
firefox = { firefox = {
enable = true; enable = !headless;
wayland = true; wayland = true;
vaapi = true; vaapi = true;
disableTabBar = true; disableTabBar = true;
@ -66,10 +70,18 @@ rec {
fish.enable = true; fish.enable = true;
hyprland = { git = {
enable = true; enable = true;
userName = "Christoph Urlacher";
userEmail = "christoph.urlacher@protonmail.com";
signCommits = true;
};
hyprland = {
enable = !headless;
dunst.enable = !config.modules.hyprpanel.enable; # Disable for hyprpanel dunst.enable = !config.modules.hyprpanel.enable; # Disable for hyprpanel
theme = "Foggy-Lake"; # Three-Bears theme = "Foggy-Lake"; # TODO: Remove this in favor of color.lightScheme
keybindings = { keybindings = {
main-mod = "SUPER"; main-mod = "SUPER";
@ -79,6 +91,7 @@ rec {
"$mainMod, E" = ["exec, kitty"]; "$mainMod, E" = ["exec, kitty"];
"$mainMod, N" = ["exec, neovide"]; "$mainMod, N" = ["exec, neovide"];
"$mainMod, R" = ["exec, kitty --class=rmpc --title=Rmpc rmpc"]; "$mainMod, R" = ["exec, kitty --class=rmpc --title=Rmpc rmpc"];
"$mainMod, F" = ["exec, firefox"];
"$mainMod CTRL, N" = ["exec, kitty --class=navi --title=Navi navi"]; "$mainMod CTRL, N" = ["exec, kitty --class=navi --title=Navi navi"];
"$mainMod SHIFT, N" = ["exec, neovide ${config.paths.dotfiles}/navi/christoph.cheat"]; "$mainMod SHIFT, N" = ["exec, neovide ${config.paths.dotfiles}/navi/christoph.cheat"];
"$mainMod SHIFT, F" = ["exec, neovide ${config.paths.dotfiles}/flake.nix"]; "$mainMod SHIFT, F" = ["exec, neovide ${config.paths.dotfiles}/flake.nix"];
@ -114,12 +127,7 @@ rec {
]; ];
}; };
windowrules = [ windowrules = [];
# Prevent unity from activating when its reloading the editor
# TODO: Doesn't work, use focus_on_activate for now
# "suppressevent activate, class:^(Unity)$"
# "suppressevent activatefocus, class:^(Unity)$"
];
workspacerules = { workspacerules = {
"special" = [ "special" = [
@ -209,26 +217,27 @@ rec {
]; ];
}; };
hyprpanel.enable = true; hyprpanel.enable = !headless;
kitty.enable = true; kitty.enable = !headless;
mpd.enable = !headless;
neovim = { neovim = {
enable = true; enable = true;
alias = true; alias = true;
neovide = true; neovide = !headless;
}; };
nnn.enable = false; # Use yazi nnn.enable = false; # Use yazi
rmpc.enable = true; rmpc.enable = !headless;
rofi = { rofi = {
enable = true; enable = !headless;
# theme = "Three-Bears"; theme = "Foggy-Lake"; # TODO: Remove this in favor of color.lightScheme
theme = "Foggy-Lake";
}; };
waybar.enable = false; # Use hyprpanel waybar.enable = false; # Use hyprpanel
zathura.enable = true; yazi.enable = true;
zathura.enable = !headless;
}; };
manual = { manual = {
@ -238,12 +247,12 @@ rec {
# Make fonts installed through user packages available to applications. # Make fonts installed through user packages available to applications.
# Also updates the font-cache. # Also updates the font-cache.
fonts.fontconfig.enable = true; fonts.fontconfig.enable = !headless;
# This only works when HM is installed as a system module, # This only works when HM is installed as a system module,
# as nixosConfig won't be available otherwise. # as nixosConfig won't be available otherwise.
xdg = { xdg = {
enable = true; enable = !headless;
mime.enable = true; mime.enable = true;
mimeApps = { mimeApps = {
enable = true; enable = true;
@ -260,19 +269,20 @@ rec {
home = { home = {
inherit username; # Inherited from flake.nix inherit username; # Inherited from flake.nix
homeDirectory = "/home/${home.username}"; homeDirectory = "/home/${config.home.username}";
enableNixpkgsReleaseCheck = true; enableNixpkgsReleaseCheck = true;
# Environment variables # Environment variables
sessionVariables = { sessionVariables = lib.mkMerge [
{
LANG = "en_US.UTF-8"; LANG = "en_US.UTF-8";
DOCKER_BUILDKIT = 1;
}
(lib.mkIf (!headless) {
# TERMINAL = "alacritty -o font.size=12"; # TERMINAL = "alacritty -o font.size=12";
TERMINAL = "kitty"; TERMINAL = "kitty";
BROWSER = "firefox"; BROWSER = "firefox";
DOCKER_BUILDKIT = 1;
# Enable wayland # Enable wayland
XDG_SESSION_TYPE = "wayland"; XDG_SESSION_TYPE = "wayland";
QT_QPA_PLATFORM = "wayland"; QT_QPA_PLATFORM = "wayland";
@ -283,27 +293,15 @@ rec {
SSH_ASKPASS_REQUIRE = "prefer"; SSH_ASKPASS_REQUIRE = "prefer";
# GTK_IM_MODULE, QT_IM_MODULE, XMODIFIERS are set by HomeManager fcitx5 module # GTK_IM_MODULE, QT_IM_MODULE, XMODIFIERS are set by HomeManager fcitx5 module
}; })
];
# Files to generate in the home directory are specified here. # Files to generate in the home directory are specified here.
file = let file = lib.mkMerge [
# NOTE: SSH public key {
sshPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAoJac+GdGtzblCMA0lBfMdSR6aQ4YyovrNglCFGIny christoph.urlacher@protonmail.com"; ".ssh/id_ed25519.pub".text = "${publicKeys.ssh}";
in { }
# Generate a list of installed user packages in ~/.local/share/current-user-packages (lib.mkIf nixosConfig.modules.desktopportal.termfilechooser.enable {
".local/share/current-user-packages".text = let
packages = builtins.map (p: "${p.name}") home.packages;
sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in
formatted;
# TODO: If navi enabled
".local/share/navi/cheats/christoph.cheat".source = config.lib.file.mkOutOfStoreSymlink "${config.paths.dotfiles}/navi/christoph.cheat";
".ssh/id_ed25519.pub".text = "${sshPublicKey}";
".ssh/allowed_signers".text = "* ${sshPublicKey}";
".config/xdg-desktop-portal-termfilechooser/config".text = '' ".config/xdg-desktop-portal-termfilechooser/config".text = ''
[filechooser] [filechooser]
cmd=${pkgs.xdg-desktop-portal-termfilechooser}/share/xdg-desktop-portal-termfilechooser/yazi-wrapper.sh cmd=${pkgs.xdg-desktop-portal-termfilechooser}/share/xdg-desktop-portal-termfilechooser/yazi-wrapper.sh
@ -312,7 +310,14 @@ rec {
open_mode = suggested open_mode = suggested
save_mode = last save_mode = last
''; '';
}; })
(lib.mkIf config.modules.git.enable {
".ssh/allowed_signers".text = "* ${publicKeys.ssh}";
})
(lib.mkIf config.programs.navi.enable {
".local/share/navi/cheats/christoph.cheat".source = config.lib.file.mkOutOfStoreSymlink "${config.paths.dotfiles}/navi/christoph.cheat";
})
];
# Here, custom scripts can be run when activating a HM generation. # Here, custom scripts can be run when activating a HM generation.
# If those scripts contain side-effects, like creating files, # If those scripts contain side-effects, like creating files,
@ -325,7 +330,9 @@ rec {
}; };
# Add stuff for your user as you see fit: # Add stuff for your user as you see fit:
packages = with pkgs; [ packages = with pkgs;
lib.mkMerge [
[
# Shell utils # Shell utils
(ripgrep.override {withPCRE2 = true;}) # fast as fuck (ripgrep.override {withPCRE2 = true;}) # fast as fuck
gdu # Alternative to du-dust (I like it better) gdu # Alternative to du-dust (I like it better)
@ -352,14 +359,7 @@ rec {
nix-search-tv # search nixpkgs, nur, nixos options and homemanager options nix-search-tv # search nixpkgs, nur, nixos options and homemanager options
nix-tree # Browse the nix store sorted by size (gdu for closures) nix-tree # Browse the nix store sorted by size (gdu for closures)
nurl # Generate nix fetcher sections based on URLs nurl # Generate nix fetcher sections based on URLs
python313 # Nicer scripting than bash
# Run unpatched binaries on NixOS
# Sets NIX_LD_LIBRARY_PATH and NIX_LD variables for nix-ld.
# Start dynamically linked executable using "nix-alien-ld -- <Executable>".
inputs.nix-alien.packages.${system}.nix-alien
# Search nixpkgs
inputs.nps.packages.${system}.default
# Hardware/Software info # Hardware/Software info
pciutils # lspci pciutils # lspci
@ -374,7 +374,7 @@ rec {
acpica-tools # Dump ACPI tables etc. acpica-tools # Dump ACPI tables etc.
# Video/Image/Audio utils # Video/Image/Audio utils
ffmpeg_7-full # I love ffmpeg (including ffplay) ffmpeg-full # I love ffmpeg (including ffplay)
ffmpeg-normalize # Normalize audio ffmpeg-normalize # Normalize audio
imagemagick # Convert image (magic) imagemagick # Convert image (magic)
mp3val # Validate mp3 files mp3val # Validate mp3 files
@ -389,7 +389,6 @@ rec {
gnuplot # generate function plots gnuplot # generate function plots
pdf2svg # extract vector graphics from pdf pdf2svg # extract vector graphics from pdf
pandoc # document converting madness pandoc # document converting madness
# decker # TODO: Build failure
# Networking # Networking
dig # Make DNS requests dig # Make DNS requests
@ -405,23 +404,33 @@ rec {
cifs-utils # Mount samba shares cifs-utils # Mount samba shares
nfs-utils # Mount NFS shares nfs-utils # Mount NFS shares
sshfs # Mount remote directories via SSH sshfs # Mount remote directories via SSH
protonvpn-gui
protonvpn-cli_2 protonvpn-cli_2
protonmail-bridge-gui
protonmail-bridge # TODO: Enable on startup, email module protonmail-bridge # TODO: Enable on startup, email module
# GUI apps # Run unpatched binaries on NixOS
# Sets NIX_LD_LIBRARY_PATH and NIX_LD variables for nix-ld.
# Usage: "nix-alien-ld -- <Executable>".
inputs.nix-alien.packages.${system}.nix-alien
# Search nixpkgs
inputs.nps.packages.${system}.default
# Use NixCommunity binary cache
cachix
]
(lib.mkIf (!headless) [
# Proton
protonvpn-gui
protonmail-bridge-gui
# GUI stuff
signal-desktop signal-desktop
anki anki
font-manager # Previews fonts, but doesn't set them font-manager # Previews fonts, but doesn't set them
nextcloud-client nextcloud-client
keepassxc keepassxc
AusweisApp2
thunderbird # TODO: Email module thunderbird # TODO: Email module
obsidian obsidian
# logseq
# anytype # Use flatpak
zotero zotero
zeal-qt6 # docs browser zeal-qt6 # docs browser
helvum helvum
@ -435,15 +444,7 @@ rec {
hunspell # I cna't type hunspell # I cna't type
hunspellDicts.en_US hunspellDicts.en_US
hunspellDicts.de_DE hunspellDicts.de_DE
])
# TODO: Module, I need to add python packages from multiple modules to the same interpreter
python313
# Use NixCommunity binary cache
cachix
# Generate documentation
# modules-options-doc
]; ];
# Do not change. # Do not change.
@ -479,71 +480,10 @@ rec {
}; };
}; };
# Music taggins and mpd stats collection
beets = {
enable = true;
mpdIntegration = {
host = "127.0.0.1";
port = config.services.mpd.network.port;
enableUpdate = true;
enableStats = true;
};
# https://beets.readthedocs.io/en/stable/reference/config.html
settings = {
directory = "${home.homeDirectory}/Music";
threaded = true;
art_filename = "cover";
ui = {
color = true;
};
import = {
write = true; # Write metadata to files
copy = false; # Copy files to the music directory when importing
move = true; # Move files to the music directory when importing
log = "${home.homeDirectory}/Music/.beetslog.txt";
};
paths = {
default = "$albumartist/$albumartist - $album/$track $title";
singleton = "0 Singles/$artist - $title"; # Single songs
comp = "1 Various/$album/$track $title";
};
plugins = [
"badfiles" # check audio file integrity
"duplicates"
"edit" # edit metadata in text editor
"fetchart" # pickup local cover art or search online
"fish" # beet fish generates ~/.config/fish/completions file
# "lyrics" # fetch song lyrics
"replaygain" # write replaygain tags for automatic loudness adjustments
];
fetchart = {
auto = true;
sources = "filesystem coverart itunes amazon albumart"; # sources are queried in this order
};
# lyrics = {
# auto = "no"; # we need the lyrics as .lrc files, not embedded into the metadata
# synced = "yes"; # prefer synced lyrics if provided
# };
replaygain = {
auto = false; # analyze on import automatically
backend = "ffmpeg";
overwrite = true; # re-analyze files with existing replaygain tags on import
};
};
};
btop.enable = true; btop.enable = true;
cava = { cava = {
enable = true; enable = !headless;
settings = { settings = {
general = { general = {
@ -593,110 +533,11 @@ rec {
enableFishIntegration = config.modules.fish.enable; enableFishIntegration = config.modules.fish.enable;
}; };
git = {
enable = true;
userEmail = "christoph.urlacher@protonmail.com";
userName = "Christoph Urlacher";
signing = {
signByDefault = true;
format = "ssh";
key = "~/.ssh/id_ed25519.pub";
};
lfs.enable = true;
diff-so-fancy = {
enable = true;
changeHunkIndicators = true;
markEmptyLines = false;
stripLeadingSymbols = true;
};
extraConfig = {
core = {
compression = 9;
# whitespace = "error";
preloadindex = true;
};
init = {
defaultBranch = "main";
};
gpg = {
ssh = {
allowedSignersFile = "~/.ssh/allowed_signers";
};
};
status = {
branch = true;
showStash = true;
showUntrackedFiles = "all";
};
pull = {
default = "current";
rebase = true;
};
push = {
autoSetupRemote = true;
default = "current";
followTags = true;
};
rebase = {
autoStash = true;
missingCommitsCheck = "warn";
};
diff = {
context = 3;
renames = "copies";
interHunkContext = 10;
};
interactive = {
diffFilter = "${pkgs.diff-so-fancy}/bin/diff-so-fancy --patch";
singlekey = true;
};
log = {
abbrevCommit = true;
graphColors = "blue,yellow,cyan,magenta,green,red";
};
branch = {
sort = "-committerdate";
};
tag = {
sort = "-taggerdate";
};
pager = {
branch = false;
tag = false;
};
url = {
"ssh://git@gitea.local.chriphost.de:222/christoph/" = {
insteadOf = "gitea:";
};
"git@github.com:" = {
insteadOf = "github:";
};
};
};
};
keychain = { keychain = {
enable = true; enable = true;
enableFishIntegration = config.modules.fish.enable; enableFishIntegration = config.modules.fish.enable;
enableNushellIntegration = false; enableNushellIntegration = false;
enableXsessionIntegration = true; enableXsessionIntegration = !headless;
# agents = ["ssh"]; # Deprecated # agents = ["ssh"]; # Deprecated
keys = ["id_ed25519"]; keys = ["id_ed25519"];
}; };
@ -765,6 +606,10 @@ rec {
compression = true; compression = true;
matchBlocks = { matchBlocks = {
"nixinator" = {
user = "christoph";
hostname = "192.168.86.50";
};
"servenix" = { "servenix" = {
user = "christoph"; user = "christoph";
hostname = "local.chriphost.de"; hostname = "local.chriphost.de";
@ -804,210 +649,6 @@ rec {
''; '';
}; };
yazi = {
enable = true;
enableFishIntegration = true;
shellWrapperName = "y";
plugins = {
inherit (pkgs.yaziPlugins) chmod diff full-border git lazygit mount ouch rsync starship sudo; # smar-paste
};
initLua = ''
-- Load plugins
require("full-border"):setup()
require("starship"):setup()
require("git"):setup()
-- Show symlink in status bar
Status:children_add(function(self)
local h = self._current.hovered
if h and h.link_to then
return " -> " .. tostring(h.link_to)
else
return ""
end
end, 3300, Status.LEFT)
-- Show user:group in status bar
Status:children_add(function()
local h = cx.active.current.hovered
if not h or ya.target_family() ~= "unix" then
return ""
end
return ui.Line {
ui.Span(ya.user_name(h.cha.uid) or tostring(h.cha.uid)):fg("magenta"),
":",
ui.Span(ya.group_name(h.cha.gid) or tostring(h.cha.gid)):fg("magenta"),
" ",
}
end, 500, Status.RIGHT)
'';
# https://yazi-rs.github.io/docs/configuration/yazi
# "$n": The n-th selected file (1...n)
# "$@": All selected files
# "$0": The hovered file
settings = {
mgr = {
show_hidden = false;
};
# Associate mimetypes with edit/open/play actions
# open = {};
# Configure programs to edit/open/play files
opener = {
play = [
{
run = ''vlc "$@"'';
orphan = true;
desc = "Play selection";
}
];
edit = [
{
run = ''$EDITOR "$@"'';
block = true;
desc = "Edit selection";
}
];
open = [
{
run = ''xdg-open "$@"'';
desc = "Open selection";
}
];
extract = [
{
run = ''ouch decompress -y "$@"'';
desc = "Extract selection";
}
];
};
preview = {
max_width = 1000;
max_height = 1000;
};
plugin.prepend_fetchers = [
{
id = "git";
name = "*";
run = "git";
}
{
id = "git";
name = "*/";
run = "git";
}
];
plugin.prepend_previewers = [
{
mime = "application/*zip";
run = "ouch";
}
{
mime = "application/x-tar";
run = "ouch";
}
{
mime = "application/x-bzip2";
run = "ouch";
}
{
mime = "application/x-7z-compressed";
run = "ouch";
}
{
mime = "application/x-rar";
run = "ouch";
}
{
mime = "application/x-xz";
run = "ouch";
}
{
mime = "application/xz";
run = "ouch";
}
];
};
keymap = {
input.prepend_keymap = [
{
# Don't exit vi mode on <Esc>, but close the input
on = "<Esc>";
run = "close";
desc = "Cancel input";
}
];
mgr.prepend_keymap = [
{
on = ["<C-p>" "m"];
run = "plugin mount";
desc = "Manage device mounts";
}
{
on = ["<C-p>" "c"];
run = "plugin chmod";
desc = "Chmod selection";
}
{
on = ["<C-p>" "g"];
run = "plugin lazygit";
desc = "Run LazyGit";
}
{
on = ["<C-p>" "a"];
run = "plugin ouch";
desc = "Add selection to archive";
}
{
on = ["<C-p>" "d"];
run = ''shell -- ripdrag -a -n "$@"'';
desc = "Drag & drop selection";
}
{
on = ["<C-p>" "D"];
run = "plugin diff";
desc = "Diff the selected with the hovered file";
}
{
on = ["<C-p>" "r"];
run = "plugin rsync";
desc = "Copy files using rsync";
}
{
on = "!";
run = ''shell "$SHELL" --block'';
desc = "Open $SHELL here";
}
{
on = "y";
run = [''shell -- for path in "$@"; do echo "file://$path"; done | wl-copy -t text/uri-list'' "yank"];
desc = "Copy files to system clipboard on yank";
}
# {
# on = "p";
# run = "plugin smart-paste";
# desc = "Paste into hovered directory or CWD";
# }
{
on = "d";
run = "remove --permanently";
desc = "Delete selection";
}
];
};
};
yt-dlp.enable = true; yt-dlp.enable = true;
zoxide = { zoxide = {
@ -1022,63 +663,6 @@ rec {
indicator = nixosConfig.programs.kdeconnect.enable; indicator = nixosConfig.programs.kdeconnect.enable;
}; };
mpd = {
enable = true;
dataDir = "${home.homeDirectory}/Music/.mpd";
musicDirectory = "${home.homeDirectory}/Music";
network = {
listenAddress = "127.0.0.1"; # Listen on all addresses: "any"
port = 6600;
};
extraArgs = ["--verbose"];
extraConfig = ''
# Refresh the database whenever files in the musicDirectory change
auto_update "yes"
# Don't start playback after startup
restore_paused "yes"
# Use track tags on shuffle and album tags on album play (auto)
# Use album's tags (album)
# Use track's tags (track)
# replaygain "auto"
# PipeWire main output
audio_output {
type "pipewire"
name "PipeWire Sound Server"
# Use hardware mixer instead of software volume filter (replaygain_handler "software")
# mixer_type "hardware"
# replay_gain_handler "mixer"
}
# FiFo output for cava visualization
audio_output {
type "fifo"
name "my_fifo"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
# Pre-cache 1GB of the queue
# input_cache {
# size "1 GB"
# }
# follow_outside_symlinks "no" # If mpd should follow symlinks pointing outside the musicDirectory
# follow_inside_symlinks "yes" # If mpd should follow symlinks pointing inside the musicDirectory
'';
};
# MPD integration with mpris (used by player-ctl).
# We want to use mpris as it also supports other players (e.g. Spotify) or browsers.
mpd-mpris = {
enable = true;
mpd.useLocal = true;
};
flatpak = { flatpak = {
# FlatHub stable is only added by default if no custom remotes are specified # FlatHub stable is only added by default if no custom remotes are specified
remotes = lib.mkOptionDefault [ remotes = lib.mkOptionDefault [
@ -1092,7 +676,9 @@ rec {
} }
]; ];
packages = [ packages = lib.mkMerge [
[]
(lib.mkIf (!headless) [
"com.github.tchx84.Flatseal" "com.github.tchx84.Flatseal"
"com.spotify.Client" # Don't need this when spicetify is enabled "com.spotify.Client" # Don't need this when spicetify is enabled
@ -1105,6 +691,7 @@ rec {
# "com.google.Chrome" # "com.google.Chrome"
# "md.obsidian.Obsidian" # NOTE: Installed via package # "md.obsidian.Obsidian" # NOTE: Installed via package
# "io.anytype.anytype" # "io.anytype.anytype"
])
]; ];
uninstallUnmanaged = true; uninstallUnmanaged = true;
@ -1148,10 +735,20 @@ rec {
systemd = { systemd = {
user = { user = {
tmpfiles.rules = [ tmpfiles.rules = lib.mkMerge [
[]
(lib.mkIf (mylib.modules.contains
config.services.flatpak.packages
"com.discordapp.Discord") [
# Fix Discord rich presence for Flatpak # Fix Discord rich presence for Flatpak
"L %t/discord-ipc-0 - - - - app/com.discordapp.Discord/discord-ipc-0" "L %t/discord-ipc-0 - - - - app/com.discordapp.Discord/discord-ipc-0"
# "L %t/discord-ipc-0 - - - - app/com.discordapp.DiscordCanary/discord-ipc-0" ])
(lib.mkIf (mylib.modules.contains
config.services.flatpak.packages
"com.discordapp.DiscordCanary") [
# Fix Discord rich presence for Flatpak
"L %t/discord-ipc-0 - - - - app/com.discordapp.DiscordCanary/discord-ipc-0"
])
]; ];
# Nicely reload system units when changing configs # Nicely reload system units when changing configs

19
home/christoph/servenix/default.nix Normal file
View File

@ -0,0 +1,19 @@
{
pkgs,
nixosConfig,
config,
lib,
...
}: {
imports = [
../../modules
];
config = {
home.packages = with pkgs; [
docker-compose
];
home.stateVersion = "23.05";
};
}

6
home/modules/0_template/options.nix
View File

@ -2,8 +2,6 @@
lib, lib,
mylib, mylib,
... ...
}: }: {
with lib; enable = lib.mkEnableOption "TEMPLATE";
with mylib.modules; {
enable = mkEnableOption "TEMPLATE";
} }

74
home/modules/beets/default.nix Normal file
View File

@ -0,0 +1,74 @@
{
config,
nixosConfig,
lib,
mylib,
pkgs,
...
}: let
inherit (config.modules) beets;
in {
options.modules.beets = import ./options.nix {inherit lib mylib;};
config = lib.mkIf beets.enable {
programs.beets = {
enable = true;
mpdIntegration = {
host = "127.0.0.1";
port = config.services.mpd.network.port;
enableUpdate = true;
enableStats = true;
};
# https://beets.readthedocs.io/en/stable/reference/config.html
settings = {
directory = "${config.home.homeDirectory}/Music";
threaded = true;
art_filename = "cover";
ui = {
color = true;
};
import = {
write = true; # Write metadata to files
copy = false; # Copy files to the music directory when importing
move = true; # Move files to the music directory when importing
log = "${config.home.homeDirectory}/Music/.beetslog.txt";
};
paths = {
default = "$albumartist/$albumartist - $album/$track $title";
singleton = "0 Singles/$artist - $title"; # Single songs
comp = "1 Various/$album/$track $title";
};
plugins = [
"badfiles" # check audio file integrity
"duplicates"
"edit" # edit metadata in text editor
"fetchart" # pickup local cover art or search online
"fish" # beet fish generates ~/.config/fish/completions file
# "lyrics" # fetch song lyrics
"replaygain" # write replaygain tags for automatic loudness adjustments
];
fetchart = {
auto = true;
sources = "filesystem coverart itunes amazon albumart"; # sources are queried in this order
};
# lyrics = {
# auto = "no"; # we need the lyrics as .lrc files, not embedded into the metadata
# synced = "yes"; # prefer synced lyrics if provided
# };
replaygain = {
auto = false; # analyze on import automatically
backend = "ffmpeg";
overwrite = true; # re-analyze files with existing replaygain tags on import
};
};
};
};
}

7
home/modules/beets/options.nix Normal file
View File

@ -0,0 +1,7 @@
{
lib,
mylib,
...
}: {
enable = lib.mkEnableOption "Enable the beet music library tagger";
}

4
home/modules/default.nix
View File

@ -3,20 +3,24 @@
# Obsolete modules are kept in "1_deprecated" for reference. # Obsolete modules are kept in "1_deprecated" for reference.
# My own HM modules # My own HM modules
./beets
./chromium ./chromium
./color ./color
./docs ./docs
./firefox ./firefox
./fish ./fish
./git
./hyprland ./hyprland
./hyprpanel ./hyprpanel
./kitty ./kitty
./mpd
./neovim ./neovim
./nnn ./nnn
./paths ./paths
./rmpc ./rmpc
./rofi ./rofi
./waybar ./waybar
./yazi
./zathura ./zathura
# HM modules imported from the flake inputs # HM modules imported from the flake inputs

116
home/modules/git/default.nix Normal file
View File

@ -0,0 +1,116 @@
{
config,
nixosConfig,
lib,
mylib,
pkgs,
...
}: let
inherit (config.modules) git;
in {
options.modules.git = import ./options.nix {inherit lib mylib;};
config = lib.mkIf git.enable {
programs.git = {
enable = true;
# userEmail = "christoph.urlacher@protonmail.com";
# userName = "Christoph Urlacher";
userEmail = git.userEmail;
userName = git.userName;
signing = {
signByDefault = git.signCommits;
format = "ssh";
key = "~/.ssh/id_ed25519.pub";
};
lfs.enable = true;
diff-so-fancy = {
enable = true;
changeHunkIndicators = true;
markEmptyLines = false;
stripLeadingSymbols = true;
};
extraConfig = {
core = {
compression = 9;
# whitespace = "error";
preloadindex = true;
};
init = {
defaultBranch = "main";
};
gpg = {
ssh = {
allowedSignersFile = "~/.ssh/allowed_signers";
};
};
status = {
branch = true;
showStash = true;
showUntrackedFiles = "all";
};
pull = {
default = "current";
rebase = true;
};
push = {
autoSetupRemote = true;
default = "current";
followTags = true;
};
rebase = {
autoStash = true;
missingCommitsCheck = "warn";
};
diff = {
context = 3;
renames = "copies";
interHunkContext = 10;
};
interactive = {
diffFilter = "${pkgs.diff-so-fancy}/bin/diff-so-fancy --patch";
singlekey = true;
};
log = {
abbrevCommit = true;
graphColors = "blue,yellow,cyan,magenta,green,red";
};
branch = {
sort = "-committerdate";
};
tag = {
sort = "-taggerdate";
};
pager = {
branch = false;
tag = false;
};
url = {
"ssh://git@gitea.local.chriphost.de:222/christoph/" = {
insteadOf = "gitea:";
};
"git@github.com:" = {
insteadOf = "github:";
};
};
};
};
};
}

25
home/modules/git/options.nix Normal file
View File

@ -0,0 +1,25 @@
{
lib,
mylib,
...
}: {
enable = lib.mkEnableOption "Enable git";
userName = lib.mkOption {
type = lib.types.str;
description = "The user's name";
example = ''
"John Doe"
'';
};
userEmail = lib.mkOption {
type = lib.types.str;
description = "The user's email address";
example = ''
"john@doe.com"
'';
};
signCommits = lib.mkEnableOption "Enable commit signing";
}

2
home/modules/hyprland/default.nix
View File

@ -160,7 +160,7 @@ in {
x11.enable = true; x11.enable = true;
package = pkgs.bibata-cursors; package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic"; name = "Bibata-Modern-Classic";
size = 32; size = 16;
}; };
packages = with pkgs; [ packages = with pkgs; [

91
home/modules/mpd/default.nix Normal file
View File

@ -0,0 +1,91 @@
{
config,
nixosConfig,
lib,
mylib,
pkgs,
...
}: let
inherit (config.modules) mpd;
in {
options.modules.mpd = import ./options.nix {inherit lib mylib;};
config = lib.mkIf mpd.enable {
services = {
mpd = {
enable = true;
dataDir = "${config.home.homeDirectory}/Music/.mpd";
musicDirectory = "${config.home.homeDirectory}/Music";
network = {
listenAddress = "127.0.0.1"; # Listen on all addresses: "any"
port = 6600;
};
extraArgs = ["--verbose"];
extraConfig = ''
# Refresh the database whenever files in the musicDirectory change
auto_update "yes"
# Don't start playback after startup
restore_paused "yes"
# Use track tags on shuffle and album tags on album play (auto)
# Use album's tags (album)
# Use track's tags (track)
# replaygain "auto"
# PipeWire main output
audio_output {
type "pipewire"
name "PipeWire Sound Server"
# Use hardware mixer instead of software volume filter
# Alternative: replaygain_handler "software"
# mixer_type "hardware"
# replay_gain_handler "mixer"
}
# FiFo output for cava visualization
audio_output {
type "fifo"
name "my_fifo"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
# Pre-cache 1GB of the queue
# input_cache {
# size "1 GB"
# }
# If mpd should follow symlinks pointing outside the musicDirectory
# follow_outside_symlinks "no"
# If mpd should follow symlinks pointing inside the musicDirectory
# follow_inside_symlinks "yes"
'';
};
# MPD integration with mpris (used by player-ctl).
# We want to use mpris as it also supports other players (e.g. Spotify) or browsers.
mpd-mpris = {
enable = true;
mpd.useLocal = true;
};
mpd-discord-rpc = {
enable = true;
# NOTE: Bitch wants to create a default config file inside a
# read-only filesystem when changing settings here...
# settings = {
# hosts = "127.0.0.1:${builtins.toString config.services.mpd.network.port}";
# format = {
# details = "$title";
# state = "On $album by $artist";
# };
# };
};
};
};
}

7
home/modules/mpd/options.nix Normal file
View File

@ -0,0 +1,7 @@
{
lib,
mylib,
...
}: {
enable = lib.mkEnableOption "Enable the Music Player Daemon";
}

2
home/modules/neovim/extraConfigLuaPost.lua
View File

@ -19,7 +19,7 @@ if g.neovide then
-- Neovide Fonts -- Neovide Fonts
-- o.guifont = "JetBrainsMono Nerd Font Mono:h12:Medium" -- o.guifont = "JetBrainsMono Nerd Font Mono:h12:Medium"
o.guifont = "MonoLisa:h12:Medium" o.guifont = "MonoLisa Alt Script:h12:Medium"
else else
-- require("notify").notify("Not running in NeoVide") -- require("notify").notify("Not running in NeoVide")
end end

218
home/modules/yazi/default.nix Normal file
View File

@ -0,0 +1,218 @@
{
config,
nixosConfig,
lib,
mylib,
pkgs,
...
}: let
inherit (config.modules) yazi;
in {
options.modules.yazi = import ./options.nix {inherit lib mylib;};
config = lib.mkIf yazi.enable {
programs.yazi = {
enable = true;
enableFishIntegration = config.modules.fish.enable;
shellWrapperName = "y";
plugins = {
inherit (pkgs.yaziPlugins) chmod diff full-border git lazygit mount ouch rsync starship sudo; # smar-paste
};
initLua = ''
-- Load plugins
require("full-border"):setup()
require("starship"):setup()
require("git"):setup()
-- Show symlink in status bar
Status:children_add(function(self)
local h = self._current.hovered
if h and h.link_to then
return " -> " .. tostring(h.link_to)
else
return ""
end
end, 3300, Status.LEFT)
-- Show user:group in status bar
Status:children_add(function()
local h = cx.active.current.hovered
if not h or ya.target_family() ~= "unix" then
return ""
end
return ui.Line {
ui.Span(ya.user_name(h.cha.uid) or tostring(h.cha.uid)):fg("magenta"),
":",
ui.Span(ya.group_name(h.cha.gid) or tostring(h.cha.gid)):fg("magenta"),
" ",
}
end, 500, Status.RIGHT)
'';
# https://yazi-rs.github.io/docs/configuration/yazi
# "$n": The n-th selected file (1...n)
# "$@": All selected files
# "$0": The hovered file
settings = {
mgr = {
show_hidden = false;
};
# Associate mimetypes with edit/open/play actions
# open = {};
# Configure programs to edit/open/play files
opener = {
play = [
{
run = ''vlc "$@"'';
orphan = true;
desc = "Play selection";
}
];
edit = [
{
run = ''$EDITOR "$@"'';
block = true;
desc = "Edit selection";
}
];
open = [
{
run = ''xdg-open "$@"'';
desc = "Open selection";
}
];
extract = [
{
run = ''ouch decompress -y "$@"'';
desc = "Extract selection";
}
];
};
preview = {
max_width = 1000;
max_height = 1000;
};
plugin.prepend_fetchers = [
{
id = "git";
name = "*";
run = "git";
}
{
id = "git";
name = "*/";
run = "git";
}
];
plugin.prepend_previewers = [
{
mime = "application/*zip";
run = "ouch";
}
{
mime = "application/x-tar";
run = "ouch";
}
{
mime = "application/x-bzip2";
run = "ouch";
}
{
mime = "application/x-7z-compressed";
run = "ouch";
}
{
mime = "application/x-rar";
run = "ouch";
}
{
mime = "application/x-xz";
run = "ouch";
}
{
mime = "application/xz";
run = "ouch";
}
];
};
keymap = {
input.prepend_keymap = [
{
# Don't exit vi mode on <Esc>, but close the input
on = "<Esc>";
run = "close";
desc = "Cancel input";
}
];
mgr.prepend_keymap = [
{
on = ["<C-p>" "m"];
run = "plugin mount";
desc = "Manage device mounts";
}
{
on = ["<C-p>" "c"];
run = "plugin chmod";
desc = "Chmod selection";
}
{
on = ["<C-p>" "g"];
run = "plugin lazygit";
desc = "Run LazyGit";
}
{
on = ["<C-p>" "a"];
run = "plugin ouch";
desc = "Add selection to archive";
}
{
on = ["<C-p>" "d"];
run = ''shell -- ripdrag -a -n "$@"'';
desc = "Drag & drop selection";
}
{
on = ["<C-p>" "D"];
run = "plugin diff";
desc = "Diff the selected with the hovered file";
}
{
on = ["<C-p>" "r"];
run = "plugin rsync";
desc = "Copy files using rsync";
}
{
on = "!";
run = ''shell "$SHELL" --block'';
desc = "Open $SHELL here";
}
{
on = "y";
run = [''shell -- for path in "$@"; do echo "file://$path"; done | wl-copy -t text/uri-list'' "yank"];
desc = "Copy files to system clipboard on yank";
}
# {
# on = "p";
# run = "plugin smart-paste";
# desc = "Paste into hovered directory or CWD";
# }
{
on = "d";
run = "remove --permanently";
desc = "Delete selection";
}
];
};
};
};
}

7
home/modules/yazi/options.nix Normal file
View File

@ -0,0 +1,7 @@
{
lib,
mylib,
...
}: {
enable = lib.mkEnableOption "Enable the yazi terminal file manager";
}

10
lib/nixos.nix
View File

@ -9,13 +9,17 @@
mylib, mylib,
hostname, hostname,
username, username,
publicKeys,
extraModules ? [], extraModules ? [],
headless ? false,
}: }:
lib.nixosSystem { lib.nixosSystem {
inherit system; inherit system;
# Values in "specialArgs" are propagated to all system modules. # Values in "specialArgs" are propagated to all system modules.
specialArgs = {inherit inputs hostname mylib system username;}; specialArgs = {
inherit inputs system hostname mylib username publicKeys headless;
};
modules = builtins.concatLists [ modules = builtins.concatLists [
[ [
@ -35,7 +39,9 @@
{ {
home-manager = { home-manager = {
# Values in "extraSpecialArgs" are propagated to all HM modules. # Values in "extraSpecialArgs" are propagated to all HM modules.
extraSpecialArgs = {inherit inputs system hostname username mylib;}; extraSpecialArgs = {
inherit inputs system hostname mylib username publicKeys headless;
};
# Use the "pkgs" from the system configuration. # Use the "pkgs" from the system configuration.
# This disables "nixpkgs.*" options in HM modules. # This disables "nixpkgs.*" options in HM modules.

330
system/default.nix
View File

@ -10,6 +10,7 @@
pkgs, pkgs,
system, system,
username, username,
headless,
... ...
}: }:
with mylib.networking; { with mylib.networking; {
@ -24,7 +25,52 @@ with mylib.networking; {
]; ];
modules = { modules = {
polkit.enable = true; bootloader = {
enable = true;
loader =
if headless
then "grub"
else "systemd-boot";
systemd-boot.bootDevice = "/boot/efi";
grub.bootDevice = "/dev/sda";
};
desktopportal = {
enable = !headless;
termfilechooser.enable = true;
hyprland.enable = config.programs.hyprland.enable;
};
docker = {
enable = true;
# Use podman on the desktops, the servers are
# already configured using docker though...
podman = !headless;
docker.rootless = true;
};
fonts = {
enable = !headless;
defaultSerifFont = "Noto Serif CJK SC";
defaultSansSerifFont = "Noto Sans CJK SC";
defaultMonoFont = "MonoLisa Alt Script";
};
mime = {
enable = !headless;
defaultTextEditor = "neovide.desktop";
defaultFileBrowser = "yazi.desktop";
defaultWebBrowser = "firefox.desktop";
defaultPdfViewer = "org.pwmt.zathura.desktop";
defaultImageViewer = "imv-dir.desktop";
defaultAudioPlayer = "vlc.desktop";
defaultVideoPlayer = "vlc.desktop";
};
network = { network = {
inherit hostname; inherit hostname;
@ -43,9 +89,10 @@ with mylib.networking; {
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
9918 # Wireguard 9918 # Wireguard
24727 # AusweisApp2
]; ];
}; };
polkit.enable = true;
}; };
# Enable flakes # Enable flakes
@ -77,19 +124,6 @@ with mylib.networking; {
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
kernelParams = ["mitigations=off"]; # I don't care kernelParams = ["mitigations=off"]; # I don't care
# plymouth.enable = true;
loader = {
timeout = 120;
systemd-boot = {
enable = true;
configurationLimit = 5;
editor = false;
consoleMode = "max";
};
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
};
# Make /tmp volatile # Make /tmp volatile
# NOTE: Setting this to true can lead to large derivations running out of tmp space # NOTE: Setting this to true can lead to large derivations running out of tmp space
tmp.useTmpfs = false; tmp.useTmpfs = false;
@ -134,7 +168,10 @@ with mylib.networking; {
}; };
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Berlin"; time = {
timeZone = "Europe/Berlin";
hardwareClockInLocalTime = false;
};
# Select internationalisation properties. # Select internationalisation properties.
i18n = { i18n = {
@ -156,223 +193,8 @@ with mylib.networking; {
supportedLocales = ["en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8"]; supportedLocales = ["en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8"];
}; };
xdg = { # Configure console keymap
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types console.keyMap = "us-acentos";
# Find .desktop files: fd ".*\.desktop" / | grep --color=auto -E neovide
mime = let
textTypes = [
"text/css"
"text/csv"
"text/javascript"
"text/plain"
"text/xml"
"application/json"
"application/ld+json"
"application/x-sh"
"application/xml"
];
imageTypes = [
"image/apng"
"image/avif"
"image/bmp"
"image/gif"
"image/jpeg"
"image/png"
"image/svg+xml"
"image/tiff"
"image/webp"
];
audioTypes = [
"audio/aac"
"audio/mpeg"
"audio/ogg"
"audio/opus"
"audio/wav"
"audio/webm"
"audio/3gpp"
"audio/3gpp2"
];
videoTypes = [
"video/x-msvideo"
"video/mp4"
"video/mpeg"
"video/ogg"
"video/mp2t"
"video/webm"
"video/3gpp"
"video/3gpp2"
];
webTypes = [
"text/uri-list"
"text/x-uri"
"text/html"
"application/xhtml+xml"
"x-scheme-handler/https"
];
in rec {
enable = true;
defaultApplications = let
associations = {
"neovide.desktop" = textTypes ++ [];
"yazi.desktop" = ["inode/directory"];
"firefox.desktop" = webTypes ++ [];
"org.pwmt.zathura.desktop" = ["application/pdf"];
"imv-dir.desktop" = imageTypes ++ []; # imv-dir autoselects the directory so next/prev works
"vlc.desktop" = audioTypes ++ videoTypes ++ [];
};
# Applied to a single app and a single type
mkAssociation = app: type: {${type} = [app];}; # Result: { "image/jpg" = ["imv.desktop"]; }
# Applied to a single app and a list of types
mkAssociations = app: types: lib.mergeAttrsList (builtins.map (mkAssociation app) types); # Result: { "image/jpg" = ["imv.desktop"]; "image/png" = ["imv.desktop"]; ... }
in
# Apply to a list of apps each with a list of types
lib.mergeAttrsList (lib.mapAttrsToList mkAssociations associations);
addedAssociations = defaultApplications;
removedAssociations = let
fromTextTypes = [
"nvim.desktop"
];
fromImageTypes = [
"imv.desktop"
"chromium-browser.desktop"
"org.kde.krita.desktop"
"krita.desktop"
"krita_svg.desktop"
"krita_raw.desktop"
"krita_heif.desktop"
"krita_webp.desktop"
"krita_gif.desktop"
"krita_brush.desktop"
"krita_xcf.desktop"
"krita_jpeg.desktop"
"krita_spriter.desktop"
"krita_jxl.desktop"
"krita_ora.desktop"
"krita_csv.desktop"
"krita_tga.desktop"
"krita_psd.desktop"
"krita_png.desktop"
"krita_tiff.desktop"
"krita_exr.desktop"
"krita_qimageio.desktop"
"krita_pdf.desktop"
"krita_jp2.desktop"
"krita_heightmap.desktop"
"krita_kra.desktop"
"krita_krz.desktop"
];
fromAudioTypes = [];
fromVideoTypes = [];
fromWebTypes = [
"chromium-browser.desktop"
"com.google.Chrome.desktop"
];
# Applied to a list of apps and a single type
removeAssociation = apps: type: {${type} = apps;};
# Applied to a list of apps and a list of types: For each type the list of apps should be removed
removeAssociations = apps: types: lib.mergeAttrsList (builtins.map (removeAssociation apps) types);
in
lib.mergeAttrsList [
{
"application/pdf" = [
"chromium-browser.desktop"
"com.google.Chrome.desktop"
"firefox.desktop"
];
"text/plain" = [
"firefox.desktop"
"code.desktop"
];
}
# Only activate those if applications to remove are specified: (len from...Types) > 0
(lib.optionalAttrs (builtins.lessThan 0 (builtins.length fromTextTypes))
(removeAssociations fromTextTypes textTypes))
(lib.optionalAttrs (builtins.lessThan 0 (builtins.length fromImageTypes))
(removeAssociations fromImageTypes imageTypes))
(lib.optionalAttrs (builtins.lessThan 0 (builtins.length fromAudioTypes))
(removeAssociations fromAudioTypes audioTypes))
(lib.optionalAttrs (builtins.lessThan 0 (builtins.length fromVideoTypes))
(removeAssociations fromVideoTypes videoTypes))
(lib.optionalAttrs (builtins.lessThan 0 (builtins.length fromWebTypes))
(removeAssociations fromWebTypes webTypes))
];
};
# XDG
portal = {
enable = true;
xdgOpenUsePortal = false;
wlr.enable = false; # Hyprland has its own portal automatically enabled...
config = {
common.default = ["*"]; # https://discourse.nixos.org/t/clicked-links-in-desktop-apps-not-opening-browers/29114/26
common."org.freedesktop.impl.portal.FileChooser" = ["termfilechooser"];
hyprland.default = ["hyprland"];
hyprland."org.freedesktop.impl.portal.FileChooser" = ["termfilechooser"];
};
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-termfilechooser # Filepicker using yazi
# xdg-desktop-portal-kde
# xdg-desktop-portal-hyprland # Already enabled by hyprland system module
];
};
};
fonts = {
enableDefaultPackages = true; # Some default fonts for unicode coverage
# https://wiki.nixos.org/wiki/Fonts#Flatpak_applications_can.27t_find_system_fonts
fontDir.enable = true; # Puts fonts to /run/current-system/sw/share/X11/fonts
# Font packages go here.
# They are installed system-wide so they land in fontdir,
# this is required for flatpak to find them.
packages = with pkgs; [
# Monospace fonts
nerd-fonts.jetbrains-mono
nerd-fonts.victor-mono
monolisa
# Sans/Serif fonts
noto-fonts
noto-fonts-emoji
noto-fonts-cjk-sans
lxgw-wenkai
];
fontconfig = {
enable = true;
antialias = true;
hinting.enable = true;
hinting.autohint = true;
cache32Bit = true;
# https://wiki.nixos.org/wiki/Fonts#Noto_Color_Emoji_doesn.27t_render_on_Firefox
useEmbeddedBitmaps = true;
defaultFonts = {
serif = ["Noto Serif CJK SC"];
sansSerif = ["Noto Sans CJK SC"];
monospace = ["MonoLisa" "JetBrainsMono Nerd Font Mono"]; # NOTE: Match with color.font
};
};
};
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.christoph = { users.users.christoph = {
@ -411,10 +233,12 @@ with mylib.networking; {
# Empty since we basically only need git + editor which is enabled below # Empty since we basically only need git + editor which is enabled below
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
iw iw
wget
mprocs # run multiple processes in single terminal window, screen alternative mprocs # run multiple processes in single terminal window, screen alternative
parted # partition manager parted # partition manager
procs # Better ps procs # Better ps
procps # pgrep, pkill procps # pgrep, pkill
busybox
killall killall
slirp4netns # user network namespaces slirp4netns # user network namespaces
wireguard-tools wireguard-tools
@ -436,15 +260,15 @@ with mylib.networking; {
fish.enable = true; fish.enable = true;
firejail.enable = true; # Use to run app in network namespace (e.g. through vpn) firejail.enable = true; # Use to run app in network namespace (e.g. through vpn)
git.enable = true; git.enable = true;
kdeconnect.enable = true; # Use this instead of HM for firewall setup kdeconnect.enable = !headless; # Use this instead of HM for firewall setup
neovim.enable = true; neovim.enable = true;
starship.enable = true; starship.enable = true;
# pay-respects.enable = true; # The new fuck # pay-respects.enable = true; # The new fuck
xwayland.enable = true; xwayland.enable = !headless;
nix-ld.enable = true; # Load dynamically linked executables nix-ld.enable = true; # Load dynamically linked executables
hyprland = { hyprland = {
enable = true; enable = !headless;
xwayland.enable = true; xwayland.enable = true;
withUWSM = true; withUWSM = true;
}; };
@ -463,14 +287,13 @@ with mylib.networking; {
}; };
fuse.userAllowOther = true; # Allow users to mount e.g. samba shares (cifs) fuse.userAllowOther = true; # Allow users to mount e.g. samba shares (cifs)
# ausweisapp.openFirewall = true; # Directly set port in firewall
}; };
# List services that you want to enable: # List services that you want to enable:
services = { services = {
# Enable sound with pipewire. # Enable sound with pipewire.
pipewire = { pipewire = {
enable = true; enable = !headless;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
@ -481,7 +304,7 @@ with mylib.networking; {
# Enable the X11 windowing system. # Enable the X11 windowing system.
xserver = { xserver = {
enable = true; enable = !headless;
# Startx replaces the displaymanager so default (lightdm) isn't used, start to shell # Startx replaces the displaymanager so default (lightdm) isn't used, start to shell
displayManager.startx.enable = true; displayManager.startx.enable = true;
@ -490,7 +313,7 @@ with mylib.networking; {
}; };
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
libinput.enable = true; libinput.enable = !headless;
# Enable CUPS to print documents. # Enable CUPS to print documents.
printing = { printing = {
@ -534,31 +357,6 @@ with mylib.networking; {
gnome.gcr-ssh-agent.enable = false; # TODO: Use this instead of ssh.startAgent? gnome.gcr-ssh-agent.enable = false; # TODO: Use this instead of ssh.startAgent?
}; };
virtualisation = {
docker = {
enable = false;
autoPrune.enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
# extraPackages = with pkgs; [];
};
oci-containers.backend = "podman"; # "docker" or "podman"
libvirtd.enable = true;
};
systemd = { systemd = {
# TODO: Technically this should be a user service if it runs as ${username}? # TODO: Technically this should be a user service if it runs as ${username}?
timers."refresh-nps-cache" = { timers."refresh-nps-cache" = {
@ -575,7 +373,7 @@ with mylib.networking; {
path = ["/run/current-system/sw/"]; path = ["/run/current-system/sw/"];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = "${username}"; # ⚠️ replace with your "username" or "${user}", if it's defined User = "${username}";
}; };
script = '' script = ''
set -eu set -eu

14
system/modules/0_template/default.nix Normal file
View File

@ -0,0 +1,14 @@
{
config,
lib,
mylib,
...
}: let
inherit (config.modules) TEMPLATE;
in {
options.modules.TEMPLATE = import ./options.nix {inherit lib mylib;};
config =
lib.mkIf TEMPLATE.enable {
};
}

7
system/modules/0_template/options.nix Normal file
View File

@ -0,0 +1,7 @@
{
lib,
mylib,
...
}: {
enable = lib.mkEnableOption "TEMPLATE";
}

35
system/modules/bootloader/default.nix Normal file
View File

@ -0,0 +1,35 @@
{
config,
lib,
mylib,
...
}: let
inherit (config.modules) bootloader;
in {
options.modules.bootloader = import ./options.nix {inherit lib mylib;};
config = lib.mkIf bootloader.enable (lib.mkMerge [
{
boot.loader = {
timeout = 10;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = bootloader.systemd-boot.bootDevice;
};
}
(lib.mkIf (bootloader.loader == "systemd-boot") {
boot.loader.systemd-boot = {
enable = true;
configurationLimit = 5;
editor = false;
consoleMode = "max";
};
})
(lib.mkIf (bootloader.loader == "grub") {
boot.loader.grub = {
enable = true;
useOSProber = true;
device = bootloader.grub.bootDevice;
};
})
]);
}

31
system/modules/bootloader/options.nix Normal file
View File

@ -0,0 +1,31 @@
{
lib,
mylib,
...
}: {
enable = lib.mkEnableOption "Enable boot loader configuration";
loader = lib.mkOption {
type = lib.types.enum [
"grub"
"systemd-boot"
];
description = "What boot loader to use";
example = "systemd-boot";
default = "systemd-boot";
};
systemd-boot.bootDevice = lib.mkOption {
type = lib.types.str;
description = "The path to the boot partition";
example = "/boot/efi";
default = "/boot/efi";
};
grub.bootDevice = lib.mkOption {
type = lib.types.str;
description = "The path to the boot partition";
example = "/dev/sda";
default = "/dev/sda";
};
}

5
system/modules/default.nix
View File

@ -1,5 +1,10 @@
{...}: { {...}: {
imports = [ imports = [
./bootloader
./desktopportal
./docker
./fonts
./mime
./polkit ./polkit
./network ./network
]; ];

57
system/modules/desktopportal/default.nix Normal file
View File

@ -0,0 +1,57 @@
{
config,
lib,
mylib,
pkgs,
...
}: let
inherit (config.modules) desktopportal;
in {
options.modules.desktopportal = import ./options.nix {inherit lib mylib;};
config = lib.mkIf desktopportal.enable {
xdg = {
portal = {
enable = true;
xdgOpenUsePortal = true;
wlr.enable = false;
# TODO: Replace lib.optional(s) throughout the config with mkMerge
config = lib.mkMerge [
{
# https://discourse.nixos.org/t/clicked-links-in-desktop-apps-not-opening-browers/29114/26
common.default = ["*"];
}
(lib.mkIf desktopportal.termfilechooser.enable {
common."org.freedesktop.impl.portal.FileChooser" = ["termfilechooser"];
})
(lib.mkIf desktopportal.hyprland.enable {
hyprland.default = ["hyprland"];
})
(lib.mkIf
(desktopportal.hyprland.enable && desktopportal.termfilechooser.enable) {
hyprland."org.freedesktop.impl.portal.FileChooser" = ["termfilechooser"];
})
];
extraPortals = with pkgs;
lib.mkMerge [
[
xdg-desktop-portal-gtk # Fallback
]
(lib.mkIf desktopportal.hyprland.enable [
xdg-desktop-portal-hyprland
])
(lib.mkIf desktopportal.termfilechooser.enable [
xdg-desktop-portal-termfilechooser # Filechooser using yazi
])
];
};
};
};
}

9
system/modules/desktopportal/options.nix Normal file
View File

@ -0,0 +1,9 @@
{
lib,
mylib,
...
}: {
enable = lib.mkEnableOption "Enable XDG desktop portals";
termfilechooser.enable = lib.mkEnableOption "Enable xdg-desktop-portal-termfilechooser";
hyprland.enable = lib.mkEnableOption "Configure portals for Hyprland";
}

57
system/modules/docker/default.nix Normal file
View File

@ -0,0 +1,57 @@
{
config,
lib,
mylib,
...
}: let
inherit (config.modules) docker;
in {
options.modules.docker = import ./options.nix {inherit lib mylib;};
config = lib.mkIf docker.enable {
virtualisation = {
docker = {
enable = !docker.podman;
autoPrune.enable = true;
enableNvidia = true;
rootless = {
enable = docker.docker.rootless;
setSocketVariable = true;
};
daemon.settings = {
# ipv6 = true;
# fixed-cidr-v6 = "2001::/80";
dns = [
"8.8.8.8"
# "2001:4860:4860::8888"
# "127.0.0.1"
# "192.168.86.25"
];
hosts = [
# Allow access to docker socket
"tcp://0.0.0.0:2375"
"unix:///var/run/docker.sock"
];
};
};
podman = {
enable = docker.podman;
autoPrune.enable = true;
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
# extraPackages = with pkgs; [];
};
oci-containers.backend = "podman"; # "docker" or "podman"
libvirtd.enable = true;
};
};
}

10
system/modules/docker/options.nix Normal file
View File

@ -0,0 +1,10 @@
{
lib,
mylib,
...
}: {
enable = lib.mkEnableOption "Enable light virtualization using containers";
podman = lib.mkEnableOption "Use podman instead of docker";
docker.rootless = lib.mkEnableOption "Use rootless docker (no effect if podman is used)";
}

55
system/modules/fonts/default.nix Normal file
View File

@ -0,0 +1,55 @@
{
config,
lib,
mylib,
pkgs,
...
}: let
inherit (config.modules) fonts;
in {
options.modules.fonts = import ./options.nix {inherit lib mylib;};
config = lib.mkIf fonts.enable {
fonts = {
# Some default fonts for unicode coverage
enableDefaultPackages = true;
# Puts fonts to /run/current-system/sw/share/X11/fonts
# https://wiki.nixos.org/wiki/Fonts#Flatpak_applications_can.27t_find_system_fonts
fontDir.enable = true;
# Font packages go here.
# They are installed system-wide so they land in fontdir,
# this is required for flatpak to find them.
packages = with pkgs; [
# Monospace fonts
nerd-fonts.jetbrains-mono
nerd-fonts.victor-mono
monolisa
# Sans/Serif fonts
noto-fonts
noto-fonts-emoji
noto-fonts-cjk-sans
lxgw-wenkai
];
fontconfig = {
enable = true;
antialias = true;
hinting.enable = true;
hinting.autohint = true;
cache32Bit = true;
# https://wiki.nixos.org/wiki/Fonts#Noto_Color_Emoji_doesn.27t_render_on_Firefox
useEmbeddedBitmaps = true;
defaultFonts = {
serif = [fonts.defaultSerifFont] ++ fonts.fallbackSerifFonts;
sansSerif = [fonts.defaultSansSerifFont] ++ fonts.fallbackSansSerifFonts;
monospace = [fonts.defaultMonoFont] ++ fonts.fallbackMonoFonts;
};
};
};
};
}

69
system/modules/fonts/options.nix Normal file
View File

@ -0,0 +1,69 @@
{
lib,
mylib,
...
}: {
enable = lib.mkEnableOption "Enable fonts configuration";
defaultSerifFont = lib.mkOption {
type = lib.types.str;
description = "Select default serif font";
example = ''
"Noto Serif CJK SC"
'';
default = "Noto Serif CJK SC";
};
defaultSansSerifFont = lib.mkOption {
type = lib.types.str;
description = "Select default sans-serif font";
example = ''
"Noto Sans CJK SC"
'';
default = "Noto Sans CJK SC";
};
defaultMonoFont = lib.mkOption {
type = lib.types.str;
description = "Select default monospace font";
example = ''
"MonoLisa Alt Script"
'';
default = "MonoLisa Alt Script";
};
fallbackSerifFonts = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Select fallback serif fonts";
example = ''
[
"Noto Serif CJK SC"
]
'';
default = [];
};
fallbackSansSerifFonts = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Select fallback sans-serif fonts";
example = ''
[
"Noto Sans CJK SC"
]
'';
default = [];
};
fallbackMonoFonts = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Select fallback monospace fonts";
example = ''
[
"JetBrainsMono Nerd Font Mono"
]
'';
default = [
"JetBrainsMono Nerd Font Mono"
];
};
}

94
system/modules/mime/default.nix Normal file
View File

@ -0,0 +1,94 @@
{
config,
lib,
mylib,
...
}: let
inherit (config.modules) mime;
in {
options.modules.mime = import ./options.nix {inherit lib mylib;};
config = lib.mkIf mime.enable {
xdg = {
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types
# Find .desktop files: fd ".*\.desktop" / | grep --color=auto -E neovide
mime = rec {
enable = true;
defaultApplications = let
associations =
{
${mime.defaultTextEditor} = mime.textTypes;
${mime.defaultFileBrowser} = ["inode/directory"];
${mime.defaultWebBrowser} = mime.webTypes;
${mime.defaultPdfViewer} = ["application/pdf"];
${mime.defaultImageViewer} = mime.imageTypes;
# If audio and video player are equal, we assign all types to the audio player,
# as multiple identical keys cannot exist in attrsets.
${mime.defaultAudioPlayer} =
mime.audioTypes
++ (lib.optionals
(mime.defaultAudioPlayer == mime.defaultVideoPlayer)
mime.videoTypes);
}
# If audio and video player are not equal, we associate the video types with
# the chosen video player. Otherwise video types will be included with audio.
// (lib.optionalAttrs (mime.defaultAudioPlayer != mime.defaultVideoPlayer) {
${mime.defaultVideoPlayer} = mime.videoTypes;
});
# Applied to a single app and a single type
# Result: { "image/jpg" = ["imv.desktop"]; }
mkAssociation = app: type: {${type} = [app];};
# Applied to a single app and a list of types
# Result: { "image/jpg" = ["imv.desktop"]; "image/png" = ["imv.desktop"]; ... }
mkAssociations = app: types:
lib.mergeAttrsList
(builtins.map (mkAssociation app) types);
in
# Apply to a list of apps each with a list of types
lib.mergeAttrsList (lib.mapAttrsToList mkAssociations associations);
addedAssociations = defaultApplications;
removedAssociations = let
# Applied to a list of apps and a single type
removeAssociation = apps: type: {${type} = apps;};
# Applied to a list of apps and a list of types:
# For each type the list of apps should be removed
removeAssociations = apps: types:
lib.mergeAttrsList
(builtins.map (removeAssociation apps) types);
# Only create if more than 0 apps are specified: (len from...Types) > 0
mkIfExists = apps: types:
lib.optionalAttrs
(builtins.lessThan 0 (builtins.length apps))
(removeAssociations apps types);
in
lib.mergeAttrsList [
{
"application/pdf" = [
"chromium-browser.desktop"
"com.google.Chrome.desktop"
"firefox.desktop"
];
"text/plain" = [
"firefox.desktop"
"code.desktop"
];
}
(mkIfExists mime.removedTextTypes mime.textTypes)
(mkIfExists mime.removedImageTypes mime.imageTypes)
(mkIfExists mime.removedAudioTypes mime.audioTypes)
(mkIfExists mime.removedVideoTypes mime.videoTypes)
(mkIfExists mime.removedWebTypes mime.webTypes)
];
};
};
};
}

326
system/modules/mime/options.nix Normal file
View File

@ -0,0 +1,326 @@
{
lib,
mylib,
...
}: {
enable = lib.mkEnableOption "TEMPLATE";
defaultTextEditor = lib.mkOption {
type = lib.types.str;
description = "Default application to open text files";
example = ''
"neovide.desktop"
'';
default = "neovide.desktop";
};
defaultFileBrowser = lib.mkOption {
type = lib.types.str;
description = "Default application for file browsing";
example = ''
"yazi.desktop"
'';
default = "yazi.desktop";
};
defaultWebBrowser = lib.mkOption {
type = lib.types.str;
description = "Default web browser";
example = ''
"firefox.desktop"
'';
default = "firefox.desktop";
};
defaultPdfViewer = lib.mkOption {
type = lib.types.str;
description = "Default application to open PDF files";
example = ''
"org.pwmt.zathura.desktop"
'';
default = "org.pwmt.zathura.desktop";
};
defaultImageViewer = lib.mkOption {
type = lib.types.str;
description = "Default application to open image files";
example = ''
"imv-dir.desktop"
'';
default = "imv-dir.desktop";
};
defaultAudioPlayer = lib.mkOption {
type = lib.types.str;
description = "Default application to play audio files";
example = ''
"vlc.desktop"
'';
default = "vlc.desktop";
};
defaultVideoPlayer = lib.mkOption {
type = lib.types.str;
description = "Default application to play video files";
example = ''
"vlc.desktop"
'';
default = "vlc.desktop";
};
textTypes = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Mime types that should be associated with a text editor";
example = ''
[
"text/css"
"text/csv"
"text/javascript"
"text/plain"
"text/xml"
"application/json"
"application/ld+json"
"application/x-sh"
"application/xml"
]
'';
default = [
"text/css"
"text/csv"
"text/javascript"
"text/plain"
"text/xml"
"application/json"
"application/ld+json"
"application/x-sh"
"application/xml"
];
};
imageTypes = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Mime types that should be associated with an image viewer";
example = ''
[
"image/apng"
"image/avif"
"image/bmp"
"image/gif"
"image/jpeg"
"image/png"
"image/svg+xml"
"image/tiff"
"image/webp"
]
'';
default = [
"image/apng"
"image/avif"
"image/bmp"
"image/gif"
"image/jpeg"
"image/png"
"image/svg+xml"
"image/tiff"
"image/webp"
];
};
audioTypes = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Mime types that should be associated with an audio player";
example = ''
[
"audio/aac"
"audio/flac"
"audio/mp4"
"audio/mpeg"
"audio/ogg"
"audio/opus"
"audio/wav"
"audio/webm"
"audio/3gpp"
"audio/3gpp2"
]
'';
default = [
"audio/aac"
"audio/flac"
"audio/mp4"
"audio/mpeg"
"audio/ogg"
"audio/opus"
"audio/wav"
"audio/webm"
"audio/3gpp"
"audio/3gpp2"
];
};
videoTypes = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Mime types that should be associated with a video player";
example = ''
[
"video/x-msvideo"
"video/mp4"
"video/mpeg"
"video/ogg"
"video/mp2t"
"video/webm"
"video/3gpp"
"video/3gpp2"
]
'';
default = [
"video/x-msvideo"
"video/mp4"
"video/mpeg"
"video/ogg"
"video/mp2t"
"video/webm"
"video/3gpp"
"video/3gpp2"
];
};
webTypes = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Mime types that should be associated with a web browser";
example = ''
[
"text/uri-list"
"text/x-uri"
"text/html"
"application/xhtml+xml"
"x-scheme-handler/https"
]
'';
default = [
"text/uri-list"
"text/x-uri"
"text/html"
"application/xhtml+xml"
"x-scheme-handler/https"
];
};
removedTextTypes = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Applications that shouldn't be used to open text files";
example = ''
[
"nvim.desktop"
]
'';
default = [
"nvim.desktop"
];
};
removedImageTypes = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Applications that shouldn't be used to view image files";
example = ''
[
"imv.desktop"
"chromium-browser.desktop"
"org.kde.krita.desktop"
"krita.desktop"
"krita_svg.desktop"
"krita_raw.desktop"
"krita_heif.desktop"
"krita_webp.desktop"
"krita_gif.desktop"
"krita_brush.desktop"
"krita_xcf.desktop"
"krita_jpeg.desktop"
"krita_spriter.desktop"
"krita_jxl.desktop"
"krita_ora.desktop"
"krita_csv.desktop"
"krita_tga.desktop"
"krita_psd.desktop"
"krita_png.desktop"
"krita_tiff.desktop"
"krita_exr.desktop"
"krita_qimageio.desktop"
"krita_pdf.desktop"
"krita_jp2.desktop"
"krita_heightmap.desktop"
"krita_kra.desktop"
"krita_krz.desktop"
]
'';
default = [
"imv.desktop"
"chromium-browser.desktop"
"org.kde.krita.desktop"
"krita.desktop"
"krita_svg.desktop"
"krita_raw.desktop"
"krita_heif.desktop"
"krita_webp.desktop"
"krita_gif.desktop"
"krita_brush.desktop"
"krita_xcf.desktop"
"krita_jpeg.desktop"
"krita_spriter.desktop"
"krita_jxl.desktop"
"krita_ora.desktop"
"krita_csv.desktop"
"krita_tga.desktop"
"krita_psd.desktop"
"krita_png.desktop"
"krita_tiff.desktop"
"krita_exr.desktop"
"krita_qimageio.desktop"
"krita_pdf.desktop"
"krita_jp2.desktop"
"krita_heightmap.desktop"
"krita_kra.desktop"
"krita_krz.desktop"
];
};
removedAudioTypes = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Applications that shouldn't be used to play audio files";
example = ''
[
"mpv.desktop"
]
'';
default = [
"mpv.desktop"
];
};
removedVideoTypes = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Applications that shouldn't be used to play video files";
example = ''
[
"mpv.desktop"
]
'';
default = [
"mpv.desktop"
];
};
removedWebTypes = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Web browsers that shouldn't be used for web types";
example = ''
[
"chromium-browser.desktop"
"com.google.Chrome.desktop"
]
'';
default = [
"chromium-browser.desktop"
"com.google.Chrome.desktop"
];
};
}

11
system/nixinator/default.nix
View File

@ -113,11 +113,20 @@
kernelPackages = pkgs.linuxPackages_zen; kernelPackages = pkgs.linuxPackages_zen;
}; };
services.xserver = { programs = {
ausweisapp = {
enable = true;
openFirewall = true; # Directly set port in firewall
};
};
services = {
xserver = {
# Configure keymap in X11 # Configure keymap in X11
xkb.layout = "us"; xkb.layout = "us";
xkb.variant = "altgr-intl"; xkb.variant = "altgr-intl";
videoDrivers = ["nvidia"]; # NVIDIA videoDrivers = ["nvidia"]; # NVIDIA
}; };
};
} }

29
system/nixinator/hardware-configuration.nix
View File

@ -99,31 +99,13 @@
} }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault false; # NOTE: Set to false bc systemd-networkd
networking.enableIPv6 = lib.mkDefault false; # NOTE: Could be overwritten by systemd-networkd
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0u2.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
# networking.networkmanager.enable = true;
# networking.wireless.iwd.enable = true;
# networking.networkmanager.wifi.backend = "iwd";
# nixpkgs.config.allowUnfree = true;
hardware = { hardware = {
# Use all redistributable firmware (i.e. nonfree) # Use all redistributable firmware (i.e. nonfree)
enableAllFirmware = true; enableAllFirmware = true;
enableRedistributableFirmware = true; enableRedistributableFirmware = true;
# cpu.intel.updateMicrocode = true;
cpu.amd.updateMicrocode = true; cpu.amd.updateMicrocode = true;
bluetooth.enable = true; bluetooth.enable = true;
nvidia-container-toolkit.enable = true;
nvidia = { nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable; package = config.boot.kernelPackages.nvidiaPackages.stable;
@ -139,17 +121,11 @@
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
# AMD: https://nixos.wiki/wiki/AMD_GPU # https://nixos.wiki/wiki/Accelerated_Video_Playback
extraPackages = with pkgs; [ extraPackages = with pkgs; [
# amdvlk # RADV (mesa) and AMDVLK (amd) can be used simultaneously
# VAAPI/VDPAU: https://nixos.wiki/wiki/Accelerated_Video_Playback
vaapiVdpau # Taken from wiki, this is also part of nixos-hardware/common/gpu/nvidia vaapiVdpau # Taken from wiki, this is also part of nixos-hardware/common/gpu/nvidia
libvdpau-va-gl # Taken from wiki libvdpau-va-gl # Taken from wiki
# libvdpau # NOTE: Don't know if needed/where it belongs...
# libva # NOTE: Don't know if needed/where it belongs...
# https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/3 # https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/3
nvidia-vaapi-driver # Experimental, doesn't work with chromium nvidia-vaapi-driver # Experimental, doesn't work with chromium
]; ];
@ -159,7 +135,6 @@
# xpadneo.enable = true; # Xbox Controller # xpadneo.enable = true; # Xbox Controller
}; };
# environment.variables.AMD_VULKAN_ICD = "RADV"; # Choose mesa driver by default
environment.variables = { environment.variables = {
GBM_BACKEND = "nvidia-drm"; GBM_BACKEND = "nvidia-drm";
__GLX_VENDOR_LIBRARY_NAME = "nvidia"; __GLX_VENDOR_LIBRARY_NAME = "nvidia";

113
system/servenix/default.nix Normal file
View File

@ -0,0 +1,113 @@
{
inputs,
hostname,
lib,
mylib,
config,
pkgs,
system,
username,
headless,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../modules
# My own services
../services/heidi.nix
../services/formula10.nix
../services/formula11.nix
# General services
../services/authelia.nix
../services/gitea.nix
../services/gitea-runner.nix
../services/immich.nix
../services/jellyfin.nix
../services/kopia.nix
../services/nextcloud.nix
../services/nginx-proxy-manager.nix
../services/paperless.nix
../services/portainer.nix
../services/whats-up-docker.nix
];
modules = {
network = {
useNetworkManager = false;
networks = {
"10-ether-1G" = mylib.networking.mkStaticSystemdNetwork {
interface = "ens18";
ips = ["192.168.86.25/24"];
routers = ["192.168.86.5"];
nameservers = ["192.168.86.26"];
routable = true;
};
};
allowedTCPPorts = [
53 # DNS
80 # HTTP
3000 # Gitea runner needs to reach local gitea instance
];
allowedUDPPorts = [
53 # DNS
67 # DHCP
3000 # Gitea runner needs to reach local gitea instance
];
};
};
networking.firewall.trustedInterfaces = ["docker0" "podman0"];
systemd.services.init-behind-nginx-docker-network = {
description = "Create a docker network bridge for all services behind nginx-proxy-manager.";
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig.Type = "oneshot";
script = let
cli = "${config.virtualisation.docker.package}/bin/docker";
network = "behind-nginx";
in ''
# Put a true at the end to prevent getting non-zero return code, which will
# crash the whole service.
check=$(${cli} network ls | grep ${network} || true)
if [ -z "$check" ]; then
# TODO: Disable IP masquerading to show individual containers in AdGuard/Pi-Hole
# - Disabling this prevents containers from having internet connection. DNS issue?
# ${cli} network create -o "com.docker.network.bridge.enable_ip_masquerade"="false" ${network}
# ${cli} network create --ipv6 --gateway="2000::1" --subnet="2000::/80" ${network}
${cli} network create ${network}
else
echo "${network} already exists in docker"
fi
'';
};
# List services that you want to enable:
services = {
# Configure keymap in X11
xserver = {
layout = "us";
xkbVariant = "altgr-intl";
videoDrivers = ["nvidia"];
};
qemuGuest.enable = true;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

99
system/servenix/hardware-configuration.nix Normal file
View File

@ -0,0 +1,99 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
initrd.kernelModules = [];
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/2d1b1f62-f008-4562-906e-5a63d854b18b";
fsType = "ext4";
options = ["defaults" "rw" "relatime"];
};
"/home/christoph/ssd" = {
device = "/dev/disk/by-uuid/ff42f57c-cd45-41ea-a0ee-640e638b38bc";
fsType = "ext4";
options = ["defaults" "rw" "relatime"];
};
# Synology DS223j
"/media/synology-syncthing" = {
device = "192.168.86.15:/volume1/DockerVolumes";
fsType = "nfs";
options = ["defaults" "rw" "relatime" "_netdev" "bg" "soft"];
};
# SG Exos Mirror Shares
"/media/Movie" = {
device = "192.168.86.20:/mnt/SG Exos Mirror 18TB/Movie";
fsType = "nfs";
options = ["defaults" "rw" "relatime" "_netdev" "bg" "soft"];
};
"/media/Show" = {
device = "192.168.86.20:/mnt/SG Exos Mirror 18TB/Show";
fsType = "nfs";
options = ["defaults" "rw" "relatime" "_netdev" "bg" "soft"];
};
"/media/TV-Music" = {
device = "192.168.86.20:/mnt/SG Exos Mirror 18TB/Music";
fsType = "nfs";
options = ["defaults" "rw" "relatime" "_netdev" "bg" "soft"];
};
};
swapDevices = [];
hardware = {
enableAllFirmware = true;
enableRedistributableFirmware = true;
cpu.intel.updateMicrocode = true;
bluetooth.enable = false;
nvidia-container-toolkit.enable = true;
nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = false;
open = true;
nvidiaSettings = false;
};
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
nvidia-vaapi-driver
];
};
};
environment.variables = {
GBM_BACKEND = "nvidia-drm";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
LIBVA_DRIVER_NAME = "nvidia";
NVD_BACKEND = "direct"; # egl
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

30
system/services/0_TEMPLATE.nix Normal file
View File

@ -0,0 +1,30 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.TEMPLATE = {
image = "TEMPLATE";
autoStart = true;
dependsOn = [];
ports = [];
volumes = [];
environment = {
PUID = "1000";
PGID = "1000";
TZ = "Europe/Berlin";
# NVIDIA_VISIBLE_DEVICES = "all";
# NVIDIA_DRIVER_CAPABILITIES = "all";
};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
];
};
}

49
system/services/adguard.nix Normal file
View File

@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.adguard = {
image = "adguard/adguardhome";
autoStart = true;
dependsOn = [];
ports = [
# DNS server
"53:53/tcp"
"53:53/udp"
# "853:853/tcp" # DNS over TLS
# "853:853/udp" # DNS over QUIC
# DHCP server
# "67:67/udp"
# "68:68/tcp"
# "68:68/udp"
# Admin panel + DNS over HTTPS
# "80:80/tcp"
# "443:443/tcp"
# "443:443/udp"
# "3100:3000/tcp" # Web interface
# DNSCrypt
# "5443:5443/tcp"
# "5443:5443/udp"
# "6060:6060/tcp" # Debugging
];
volumes = [
"adguard_config:/opt/adguardhome/conf"
"adguard_work:/opt/adguardhome/work"
];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
}

31
system/services/authelia.nix Normal file
View File

@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.authelia = {
image = "authelia/authelia:latest";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "9091:9091"
];
volumes = [
"authelia_config:/config"
];
environment = {
TZ = "Europe/Berlin";
};
extraOptions = [
"--net=behind-nginx"
];
};
}

31
system/services/formula10.nix Normal file
View File

@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.formula10 = {
image = "gitea.vps.chriphost.de/christoph/formula10:latest";
autoStart = true;
dependsOn = [];
ports = [
"55555:5000"
];
volumes = [
"formula10_data:/app/instance"
"formula10_cache:/cache"
];
environment = {
TZ = "Europe/Berlin";
};
extraOptions = [
"--init" # Make an init process take up PID 1, to make python receive the SIGTERM
"--net=behind-nginx"
];
};
}

65
system/services/formula11.nix Normal file
View File

@ -0,0 +1,65 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.formula11_pocketbase = {
image = "gitea.vps.chriphost.de/christoph/pocketbase:0.25.0";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
"8090:8080"
];
volumes = [
"formula11_pb_data:/pb/pb_data"
];
environment = {};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.formula11 = {
image = "gitea.vps.chriphost.de/christoph/formula11:latest";
autoStart = true;
dependsOn = [
"formula11_pocketbase"
];
ports = [
# "8080:8090"
"5173:3000"
];
volumes = [];
environment = {
# PB_PROTOCOL="http";
# PB_HOST="formula11_pocketbase";
# PB_PORT="8000";
# PB_PROTOCOL="https";
# PB_URL="f11pb.vps.chriphost.de";
PUBLIC_PBURL="https://f11pb.vps.chriphost.de";
# Required by SvelteKit to prevent cross-site POST errors
ORIGIN="https://f11.vps.chriphost.de";
};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
];
};
}

39
system/services/gitea-runner.nix Normal file
View File

@ -0,0 +1,39 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.gitea-runner = {
image = "gitea/act_runner:latest"; # NOTE: vegardit has other runner images
autoStart = true;
dependsOn = [];
ports = [];
volumes = [
"gitea-runner_data:/data"
"gitea-runner_config:/config" # Managed by env variables for vegardit image
"/var/run/docker.sock:/var/run/docker.sock" # Disable for dind
];
environment = {
# NOTE: gitlab.local.chriphost.de doesn't work, because it gets resolved to 192.168.86.25:443, which is nginx
GITEA_INSTANCE_URL = "http://192.168.86.25:3000";
GITEA_RUNNER_NAME = "servenix";
# Can be generated from inside the container using act_runner generate-config > /config/config.yaml
CONFIG_FILE = "/config/config.yaml";
# NOTE: This token is invalid, when re-registering is needed it has to be refreshed
GITEA_RUNNER_REGISTRATION_TOKEN = "Mq6wr0dPthqDij3iaryP8s5VYZA5kPfOQbHA6wm6";
};
extraOptions = [
# "--privileged" # Enable for dind
"--net=behind-nginx"
];
};
}

79
system/services/gitea.nix Normal file
View File

@ -0,0 +1,79 @@
{
config,
lib,
pkgs,
...
}: {
# Extra git user for Gitea
users.users.git = {
uid = 500;
group = "git";
isNormalUser = false;
isSystemUser = true;
description = "Gitea User";
extraGroups = ["docker" "podman"];
shell = pkgs.fish;
};
virtualisation.oci-containers.containers.gitea-db = {
image = "postgres:14";
autoStart = true;
dependsOn = [];
ports = [];
volumes = [
"gitea-db_data:/var/lib/postgresql/data"
];
environment = {
POSTGRES_USER = "gitea";
POSTGRES_PASSWORD = "gitea";
POSTGRES_DB = "gitea";
};
extraOptions = [
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.gitea = {
image = "gitea/gitea:latest";
autoStart = true;
dependsOn = [
"gitea-db"
];
ports = [
"3000:3000"
# NOTE: Set .git/config url to ssh://christoph@gitea.local.chriphost.de:222/christoph/<repo>.git
"222:222" # Gitea SSH
];
volumes = [
"/etc/timezone:/etc/timezone:ro"
"/etc/localtime:/etc/localtime:ro"
"gitea_data:/data"
];
environment = {
USER = "git";
USER_UID = "500";
# USER_GID = "100";
GITEA__database__DB_TYPE = "postgres";
GITEA__database__HOST = "gitea-db:5432";
GITEA__database__NAME = "gitea";
GITEA__database__USER = "gitea";
GITEA__database__PASSWD = "gitea";
};
extraOptions = [
"--net=behind-nginx"
];
};
}

31
system/services/heidi.nix Normal file
View File

@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.heidi = {
image = "gitea.vps.chriphost.de/christoph/discord-heidi:latest";
autoStart = true;
dependsOn = [];
ports = [];
volumes = [
"heidi_config:/config"
"/home/christoph/heidi-sounds:/sounds:ro"
];
environment = {
DISCORD_TOKEN = (builtins.readFile ./heidi.discord_token);
DOCKER = "True";
};
extraOptions = [
"--init" # Make an init process take up PID 1, to make python receive the SIGTERM
"--net=behind-nginx"
];
};
}

96
system/services/immich.nix Normal file
View File

@ -0,0 +1,96 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.immich-database = {
image = "ghcr.io/immich-app/postgres:15-vectorchord0.3.0-pgvectors0.2.0";
autoStart = true;
dependsOn = [];
ports = [
# "5432:5432"
];
volumes = [
"immich-database_data:/var/lib/postgresql/data"
];
environment = {
POSTGRES_USER = "immich";
POSTGRES_PASSWORD = "immich";
POSTGRES_DB = "immich";
};
extraOptions = [
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.immich-redis = {
image = "redis";
autoStart = true;
dependsOn = [];
ports = [
# "6379:6379"
];
volumes = [];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.immich = {
image = "ghcr.io/imagegenius/immich:latest";
autoStart = true;
dependsOn = [
"immich-database"
"immich-redis"
];
ports = [
"2283:8080"
];
volumes = [
"immich_config:/config"
"immich_data:/photos"
"immich_machine-learning:/config/machine-learning"
# "immich_imports:/import:ro"
];
environment = {
PUID = "1000";
PGID = "1000";
TZ = "Europe/Berlin";
DB_HOSTNAME = "immich-database";
DB_USERNAME = "immich";
DB_PASSWORD = "immich";
# DB_PORT = "5432";
DB_DATABASE_NAME = "immich";
REDIS_HOSTNAME = "immich-redis";
# REDIS_PORT = "6379";
# REDIS_PASSWORD = "";
MACHINE_LEARNING_WORKERS = "1";
MACHINE_LEARNING_WORKER_TIMEOUT = "120";
};
extraOptions = [
"--privileged"
"--gpus=all"
"--net=behind-nginx"
];
};
}

42
system/services/jellyfin.nix Normal file
View File

@ -0,0 +1,42 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.jellyfin = {
image = "linuxserver/jellyfin:latest";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
"8096:8096"
];
volumes = [
"/media/Show:/data/tvshows"
"/media/Movie:/data/movies"
"/media/TV-Music:/data/music"
"jellyfin_config:/config"
];
environment = {
PUID = "3000";
PGID = "3000";
TZ = "Europe/Berlin";
NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
};
extraOptions = [
"--privileged"
"--gpus=all"
"--net=behind-nginx"
];
};
}

81
system/services/kopia.nix Normal file
View File

@ -0,0 +1,81 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.kopia = {
image = "kopia/kopia:latest";
autoStart = true;
dependsOn = [];
ports = [
# "51515:51515"
];
volumes = [
"kopia_config:/app/config"
"kopia_cache:/app/cache"
"kopia_logs:/app/logs"
"kopia_temp:/tmp"
# Repository, where snapshots are stored (incrementally)
"/media/synology-syncthing:/repository"
# Folders that are backed up
# "adguard_config:/data/adguard_config:ro" # ThinkNix
# "adguard_work:/data/adguard_work:ro" # ThinkNix
"authelia_config:/data/authelia_config:ro"
"formula10_cache:/data/formula10_cache:ro"
"formula10_data:/data/formula10_data:ro"
"gitea-db_data:/data/gitea-db_data:ro"
"gitea-runner_config:/data/gitea-runner_config:ro"
"gitea-runner_data:/data/gitea-runner_data:ro"
"gitea_data:/data/gitea_data:ro"
"heidi_config:/data/heidi_config:ro"
# "homeassistant_config:/data/homeassistant_config:ro" # ThinkNix
# "homepage_config:/data/homepage_config:ro"
"immich-database_data:/data/immich-database_data:ro"
"immich_config:/data/immich_config:ro"
"immich_data:/data/immich_data:ro"
"immich_machine-learning:/data/immich_machine-learning:ro"
"jellyfin_config:/data/jellyfin_config:ro"
"nextcloud-db_data:/data/nextcloud-db_data:ro"
"nextcloud_data:/data/nextcloud_data:ro"
"nginx_config:/data/nginx_config:ro"
"nginx_letsencrypt:/data/nginx_letsencrypt:ro"
"nginx_snippets:/data/nginx_snippets:ro"
"paperless-postgres_data:/data/paperless-postgres_data:ro"
"paperless_data:/data/paperless_data:ro"
# "portainer_config:/data/portainer_config:ro"
# "uptime-kuma_config:/data/uptime-kuma_config:ro" # Disabled
# "wireguard_vps_config:/data/wireguard_vps_config:ro"
];
environment = {
TZ = "Europe/Berlin";
USER = "christoph";
KOPIA_PASSWORD = (builtins.readFile ./kopia.password);
};
entrypoint = "/bin/kopia";
cmd = [
"server"
"start"
"--disable-csrf-token-checks"
"--insecure"
"--address=0.0.0.0:51515"
"--server-username=christoph"
"--server-password=kopia"
];
extraOptions = [
"--privileged"
"--device=/dev/fuse:/dev/fuse:rwm"
"--cap-add=SYS_ADMIN"
"--net=behind-nginx"
];
};
}

126
system/services/nextcloud.nix Normal file
View File

@ -0,0 +1,126 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.nextcloud-db = {
image = "postgres:alpine";
autoStart = true;
dependsOn = [];
ports = [
# "5432:5432"
];
volumes = [
"nextcloud-db_data:/var/lib/postgresql/data"
];
environment = {
POSTGRES_PASSWORD = "nextcloud";
POSTGRES_DB = "nextcloud";
POSTGRES_USER = "nextcloud";
};
extraOptions = [
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.nextcloud-memcache = {
image = "redis:alpine";
autoStart = true;
dependsOn = [];
ports = [
# "6379:6379"
];
volumes = [
"nextcloud-memcache_data:/data"
];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.nextcloud = {
image = "nextcloud:apache";
autoStart = true;
dependsOn = [
"nextcloud-db"
"nextcloud-memcache"
];
ports = [
"8080:80"
];
volumes = [
"nextcloud_data:/var/www/html"
# Paperless media
# "/media/paperless-consume:/media/paperless-consume"
# "/media/paperless-export:/media/paperless-export"
# "/media/paperless-media:/media/paperless-media"
"/home/christoph/nextcloud:/flow-scripts"
# "/var/run/docker.sock:/var/run/docker.sock:ro" # For AiO
];
environment = {
# Don't add PUID/PGID/TZ or sth like that!
# Allow uploads larger than 1GB
APACHE_BODY_LIMIT = "0";
NEXTCLOUD_TRUSTED_DOMAINS = "https://nextcloud.local.chriphost.de https://local.chriphost.de https://nextcloud.vps.chriphost.de https://vps.chriphost.de";
# Proxy
APACHE_DISABLE_REWRITE_IP = "1";
TRUSTED_PROXIES = "192.168.86.25 212.227.233.241 172.19.0.1";
OVERWRITEPROTOCOL = "https";
# DB
POSTGRES_HOST = "nextcloud-db";
POSTGRES_PASSWORD = "nextcloud";
POSTGRES_DB = "nextcloud";
POSTGRES_USER = "nextcloud";
# Memcache + Transactional Locking
REDIS_HOST = "nextcloud-memcache";
};
extraOptions = [
"--net=behind-nginx"
];
};
systemd.services.nextcloud-cron = {
enable = true;
description = "Nextcloud Cron Job";
serviceConfig = {
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data nextcloud /usr/local/bin/php -f /var/www/html/cron.php";
};
};
systemd.timers.nextcloud-cron = {
enable = true;
description = "Nextcloud Cron Job";
timerConfig = {
OnBootSec = "5min";
OnUnitActiveSec = "5min";
Unit = "nextcloud-cron.service";
};
wantedBy = ["timers.target"];
};
}

36
system/services/nginx-proxy-manager.nix Normal file
View File

@ -0,0 +1,36 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.nginx-proxy-manager = {
image = "jc21/nginx-proxy-manager:latest";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
"80:80"
# "81:81" # Web interface
"443:443"
];
volumes = [
"nginx_config:/data"
"nginx_snippets:/snippets"
"nginx_letsencrypt:/etc/letsencrypt"
];
environment = {
DISABLE_IPV6 = "true";
};
extraOptions = [
# "--net=host"
"--net=behind-nginx"
];
};
}

87
system/services/paperless.nix Normal file
View File

@ -0,0 +1,87 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.paperless-redis = {
image = "docker.io/library/redis:7";
autoStart = true;
dependsOn = [];
ports = [];
volumes = [
"paperless-redis_data:/data"
];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.paperless-postgres = {
image = "docker.io/library/postgres:15";
autoStart = true;
dependsOn = [];
ports = [];
volumes = [
"paperless-postgres_data:/var/lib/postgresql/data"
];
environment = {
POSTGRES_DB = "paperless";
POSTGRES_USER = "paperless";
POSTGRES_PASSWORD = "paperless";
};
extraOptions = [
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.paperless = {
image = "ghcr.io/paperless-ngx/paperless-ngx:latest";
autoStart = true;
dependsOn = [
"paperless-redis"
"paperless-postgres"
];
ports = [
"8000:8000"
];
volumes = [
"paperless_data:/usr/src/paperless/data"
"/media/paperless-media:/usr/src/paperless/media"
"/media/paperless-export:/usr/src/paperless/export"
"/media/paperless-consume:/usr/src/paperless/consume"
];
environment = {
PAPERLESS_REDIS = "redis://paperless-redis:6379";
PAPERLESS_DBHOST = "paperless-postgres";
# PAPERLESS_ADMIN_USER = "root";
# PAPERLESS_ADMIN_PASSWORD = "admin";
PAPERLESS_URL = "https://*.chriphost.de";
# PAPERLESS_CSRF_TRUSTED_ORIGINS = "[https://paperless.local.chriphost.de,https://paperless.vps.chriphost.de]";
# PAPERLESS_ALLOWED_HOSTS = "[https://paperless.local.chriphost.de,https://paperless.vps.chriphost.de]";
# PAPERLESS_CORS_ALLOWED_HOSTS = "[https://paperless.local.chriphost.de,https://paperless.vps.chriphost.de]";
};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
];
};
}

53
system/services/portainer.nix Normal file
View File

@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
...
}: {
# virtualisation.oci-containers.containers.portainer = {
# image = "portainer/portainer-ce:latest";
# autoStart = true;
# dependsOn = [];
# ports = [
# # "8000:8000"
# # "9443:9443"
# ];
# volumes = [
# "portainer_config:/data"
# "/var/run/docker.sock:/var/run/docker.sock"
# ];
# environment = {};
# extraOptions = [
# "--net=behind-nginx"
# ];
# };
virtualisation.oci-containers.containers.portainer-agent = {
image = "portainer/agent:latest";
autoStart = true;
dependsOn = [];
ports = [
"9001:9001"
];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"/var/lib/docker/volumes:/var/lib/docker/volumes"
];
environment = {};
extraOptions = [
# This container needs to be accessible from another machine inside the LAN
# "--net=behind-nginx"
];
};
}

29
system/services/whats-up-docker.nix Normal file
View File

@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.whats-up-docker = {
image = "getwud/wud:latest";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "3001:3000"
];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
}