big work done

author: scouckel <james.krinsky@gmail.com> 2026-04-02 20:49:34 -0400
committer: scouckel <james.krinsky@gmail.com> 2026-04-02 20:49:34 -0400
commit: 50044b7a87bc9f59452855a96a2013c9b000a0a1 (patch)
tree: c00948706d76ab9b9eceb051c4b1c45d16dc7e3d /modules/nixosModules
parent: eae1e605a04e7e78cac7052a5cc284de5f9ee87f (diff)
12 files changed, 416 insertions, 0 deletions
diff --git a/modules/nixosModules/createHost.nix b/modules/nixosModules/createHost.nix
new file mode 100644
index 0000000..a74ac53
--- /dev/null
+++ b/modules/nixosModules/createHost.nix
@@ -0,0 +1,83 @@
+{
+  self,
+  inputs,
+  ...
+}: {
+  flake.nixosModules.createHost = {
+    lib,
+    pkgs,
+    config,
+    ...
+  }: let
+    cfg = config.hostOptions;
+  in {
+    boot.loader = {
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot"; # ← use the same mount point here.
+      };
+      grub = {
+        efiSupport = true;
+        device = "nodev";
+        useOSProber = true;
+        theme = "${pkgs.fetchFromGitHub {
+          # blue screen of life grub theme
+          owner = "scouckel";
+          repo = "bsol";
+          rev = "a8eedad9e7163dce230ca7886be8e1b4ef81da99";
+          sha256 = "sha256-P2q73uM1Ysn1a+0mOGOvee/Q1WAYRGQvfanrasx/8r8";
+        }}/bsol";
+      };
+    };
+
+    boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+    hardware.firmware = with pkgs; [
+      linux-firmware
+    ];
+    hardware.enableRedistributableFirmware = true;
+
+    system.name = cfg.host.name;
+    networking.hostName = cfg.host.name;
+
+    networking.networkmanager.enable = true;
+
+    time.timeZone = lib.mkDefault "US/Central";
+    i18n.defaultLocale = "en_US.UTF-8";
+    i18n.extraLocaleSettings = {
+      LC_ADDRESS = "en_US.UTF-8";
+      LC_IDENTIFICATION = "en_US.UTF-8";
+      LC_MEASUREMENT = "en_US.UTF-8";
+      LC_MONETARY = "en_US.UTF-8";
+      LC_NAME = "en_US.UTF-8";
+      LC_NUMERIC = "en_US.UTF-8";
+      LC_PAPER = "en_US.UTF-8";
+      LC_TELEPHONE = "en_US.UTF-8";
+      LC_TIME = "en_US.UTF-8";
+    };
+
+    services.xserver.xkb = {
+      layout = "us";
+      variant = "";
+    };
+
+    users.users.${cfg.user.name} = {
+      isNormalUser = true;
+      description = cfg.user.name;
+      extraGroups = ["networkmanager" "wheel"];
+      shell = self.packages."${pkgs.stdenv.hostPlatform.system}".environment;
+    };
+
+    nixpkgs.config.allowUnfree = true;
+    nix.settings = {
+      experimental-features = ["nix-command" "flakes"];
+      auto-optimise-store = true;
+    };
+
+    services.openssh = {
+      enable = true;
+      settings.PermitRootLogin = "no";
+    };
+
+    system.stateVersion = "25.05";
+  };
+}
diff --git a/modules/nixosModules/desktop/default.nix b/modules/nixosModules/desktop/default.nix
new file mode 100644
index 0000000..4aa338c
--- /dev/null
+++ b/modules/nixosModules/desktop/default.nix
@@ -0,0 +1,15 @@
+{ self, inputs, ... }: {
+  flake.nixosModules.desktop = {pkgs, ...}: {
+    imports = [
+      self.nixosModules.gaming
+      self.nixosModules.pipewire
+      self.nixosModules.printing
+      self.nixosModules.thunar
+    ];
+
+    hardware.bluetooth.enable = true;
+    environment.systemPackages = [ 
+      self.packages.${pkgs.stdenv.hostPlatform.system}.zen-browser
+    ];
+  };
+}
diff --git a/modules/nixosModules/desktop/gaming.nix b/modules/nixosModules/desktop/gaming.nix
new file mode 100644
index 0000000..7314d8e
--- /dev/null
+++ b/modules/nixosModules/desktop/gaming.nix
@@ -0,0 +1,24 @@
+{self, ...}: {
+  flake.nixosModules.gaming = {
+    pkgs,
+    lib,
+    ...
+  }: {
+    programs = {
+      steam = {
+        enable = true;
+        protontricks.enable = true;
+        extest.enable = true;
+
+        extraCompatPackages = with pkgs; [
+          proton-ge-bin
+        ];
+      };
+    };
+
+    environment.systemPackages = with pkgs; [
+      prismlauncher
+      heroic
+    ];
+  };
+}
diff --git a/modules/nixosModules/desktop/pipewire.nix b/modules/nixosModules/desktop/pipewire.nix
new file mode 100644
index 0000000..46e3926
--- /dev/null
+++ b/modules/nixosModules/desktop/pipewire.nix
@@ -0,0 +1,12 @@
+{
+  flake.nixosModules.pipewire = {pkgs, ...}: {
+    services.pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      jack.enable = true;
+      pulse.enable = true;
+      socketActivation = true;
+    };
+  };
+}
diff --git a/modules/nixosModules/desktop/printing.nix b/modules/nixosModules/desktop/printing.nix
new file mode 100644
index 0000000..925a73d
--- /dev/null
+++ b/modules/nixosModules/desktop/printing.nix
@@ -0,0 +1,13 @@
+{
+  flake.nixosModules.printing = {pkgs, ...}: {
+    services.printing = {
+      enable = true;
+      drivers = with pkgs; [
+        brlaser
+        gutenprint
+        brgenml1lpr
+        brgenml1cupswrapper
+      ];
+    };
+  };
+}
diff --git a/modules/nixosModules/desktop/thunar.nix b/modules/nixosModules/desktop/thunar.nix
new file mode 100644
index 0000000..bef8fa6
--- /dev/null
+++ b/modules/nixosModules/desktop/thunar.nix
@@ -0,0 +1,17 @@
+{
+  flake.nixosModules.thunar = {pkgs, ...}: {
+    programs.thunar = {
+      enable = true;
+
+      plugins = with pkgs; [
+        thunar-archive-plugin
+        thunar-media-tags-plugin
+        thunar-volman
+      ];
+    };
+
+    programs.xfconf.enable = true;
+    services.gvfs.enable = true;
+    services.tumbler.enable = true;
+  };
+}
diff --git a/modules/nixosModules/server/arr.nix b/modules/nixosModules/server/arr.nix
new file mode 100644
index 0000000..40261ef
--- /dev/null
+++ b/modules/nixosModules/server/arr.nix
@@ -0,0 +1,74 @@
+{self, ...}: {
+  flake.nixosModules.arr = {
+    pkgs,
+    config,
+    lib,
+    ...
+  }: let
+    cfg = config.hostOptions.server;
+  in {
+    imports = [
+      self.nixosModules.hostOptions
+    ];
+
+    services.radarr = {
+      enable = true;
+      openFirewall = false;
+      dataDir = "${cfg.dataPath}/arr/radarr/";
+      settings.server = {
+        bindAddress = "*";
+        port = 7878;
+      };
+    };
+
+    services.lidarr = {
+      enable = true;
+      openFirewall = false;
+      dataDir = "${cfg.dataPath}/arr/lidarr/";
+      settings.server = {
+        bindAddress = "*";
+        port = 8686;
+      };
+    };
+
+    services.sonarr = {
+      enable = true;
+      openFirewall = false;
+      dataDir = "${cfg.dataPath}/arr/sonarr/";
+      settings.server = {
+        bindAddress = "*";
+        port = 8989;
+      };
+    };
+
+    services.prowlarr = {
+      enable = true;
+      openFirewall = false;
+      dataDir = "${cfg.dataPath}/arr/prowlarr/";
+      settings.server = {
+        bindAddress = "*";
+        port = 9696;
+      };
+    };
+
+    users.users.prowlarr = {
+      isSystemUser = true;
+      group = "prowlarr";
+    };
+    users.groups.prowlarr = {};
+    systemd.services.prowlarr.serviceConfig = {
+      DynamicUser = lib.mkForce false;
+      User = lib.mkForce "prowlarr";
+      Group = lib.mkForce "prowlarr";
+      ReadWritePaths = ["${cfg.dataPath}/arr/prowlarr/"];
+      ExecStart = lib.mkForce "${pkgs.prowlarr}/bin/Prowlarr -nobrowser -data=${cfg.dataPath}/arr/prowlarr";
+    };
+
+    services.flaresolverr.enable = true;
+
+    users.groups.arr = {};
+    users.users.radarr.extraGroups = ["arr"];
+    users.users.lidarr.extraGroups = ["arr"];
+    users.users.sonarr.extraGroups = ["arr"];
+  };
+}
diff --git a/modules/nixosModules/server/cgit.nix b/modules/nixosModules/server/cgit.nix
new file mode 100644
index 0000000..09a5829
--- /dev/null
+++ b/modules/nixosModules/server/cgit.nix
@@ -0,0 +1,57 @@
+{
+  self,
+  lib,
+  ...
+}: {
+  flake.nixosModules.cgit = {
+    config,
+    pkgs,
+    ...
+  }: let
+    cfg = config.hostOptions.server;
+  in {
+    imports = [
+      self.nixosModules.hostOptions
+      self.nixosModules.nginx
+    ];
+
+    users.users.git = {
+      isSystemUser = true;
+      group = "git";
+      home = "${cfg.dataPath}/git";
+      createHome = true;
+      shell = "${pkgs.git}/bin/git-shell";
+      openssh.authorizedKeys.keys = cfg.sshKeys;
+    };
+    users.groups.git = {};
+
+    services.cgit."git.${cfg.domain}" = {
+      enable = true;
+
+      user = "git";
+      group = "git";
+
+      scanPath = "${cfg.dataPath}/git";
+
+      settings = {
+        enable-index-owner = false;
+        enable-commit-graph = 1;
+        enable-log-filecount = 1;
+        enable-log-linecount = 1;
+        clone-url = "https://git.${cfg.domain}/$CGIT_REPO_URL ssh://git@git.${cfg.domain}:${cfg.dataPath}/git/$CGIT_REPO_URL";
+        source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
+        about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh";
+      };
+
+      gitHttpBackend = {
+        enable = true;
+        checkExportOkFiles = false;
+      };
+    };
+
+    services.nginx.virtualHosts."git.${cfg.domain}" = {
+      enableACME = true;
+      forceSSL = true;
+    };
+  };
+}
diff --git a/modules/nixosModules/server/default.nix b/modules/nixosModules/server/default.nix
new file mode 100644
index 0000000..c9bbfa9
--- /dev/null
+++ b/modules/nixosModules/server/default.nix
@@ -0,0 +1,12 @@
+{ self, inputs, ... }:
+{
+  flake.nixosModules.server = {
+    imports = [
+      self.nixosModules.arr
+      self.nixosModules.cgit
+      self.nixosModules.jellyfin
+      self.nixosModules.nginx
+      self.nixosModules.radicale
+    ];
+  };
+}
diff --git a/modules/nixosModules/server/jellyfin.nix b/modules/nixosModules/server/jellyfin.nix
new file mode 100644
index 0000000..431022d
--- /dev/null
+++ b/modules/nixosModules/server/jellyfin.nix
@@ -0,0 +1,44 @@
+{
+  self,
+  lib,
+  ...
+}: {
+  flake.nixosModules.jellyfin = {
+    config,
+    pkgs,
+    ...
+  }: let
+    cfg = config.hostOptions.server;
+  in {
+    imports = [
+      self.nixosModules.hostOptions
+      self.nixosModules.nginx
+    ];
+
+    services.jellyfin = {
+      enable = true;
+      openFirewall = false;
+      dataDir = "${cfg.dataPath}/jellyfin/";
+      hardwareAcceleration = {
+        enable = true;
+        device = lib.mkDefault "/dev/dri/renderD128";
+      };
+    };
+
+    # transcoding
+    users.users.jellyfin.extraGroups = ["video" "render"];
+    environment.systemPackages = with pkgs; [jellyfin-ffmpeg];
+
+    services.nginx.virtualHosts."jellyfin.${cfg.domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8096";
+        proxyWebsockets = true;
+        extraConfig = ''
+          proxy_buffering off;
+        '';
+      };
+    };
+  };
+}
diff --git a/modules/nixosModules/server/nginx.nix b/modules/nixosModules/server/nginx.nix
new file mode 100644
index 0000000..9d014b0
--- /dev/null
+++ b/modules/nixosModules/server/nginx.nix
@@ -0,0 +1,20 @@
+{self, ...}: {
+  flake.nixosModules.nginx = {config, ...}: {
+    imports = [
+      self.nixosModules.hostOptions
+    ];
+
+    services.nginx = {
+      enable = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedOptimization = true;
+    };
+
+    security.acme = {
+      enable = true;
+      defaults.email = config.hostOptions.user.email;
+    };
+  };
+}
diff --git a/modules/nixosModules/server/radicale.nix b/modules/nixosModules/server/radicale.nix
new file mode 100644
index 0000000..7f62b70
--- /dev/null
+++ b/modules/nixosModules/server/radicale.nix
@@ -0,0 +1,45 @@
+{
+  self,
+  lib,
+  ...
+}: {
+  flake.nixosModules.radicale = {config, ...}: let
+    cfg = config.hostOptions.server;
+  in {
+    imports = [
+      self.nixosModules.hostOptions
+      self.nixosModules.nginx
+    ];
+
+    services.radicale = {
+      enable = true;
+      settings = {
+        server.hosts = ["127.0.0.1:5232"];
+        auth = {
+          type = "htpasswd";
+          htpasswd_filename = "${cfg.dataPath}/radicale/users";
+          htpasswd_encryption = "autodetect";
+        };
+        storage.filesystem_folder = "${cfg.dataPath}/radicale/calendars/";
+      };
+    };
+
+    users.users.radicale = {
+      isSystemUser = true;
+      group = "radicale";
+    };
+    users.groups.radicale = {};
+    systemd.services.radicale.serviceConfig = {
+      DynamicUser = lib.mkForce false;
+      User = lib.mkForce "radicale";
+      Group = lib.mkForce "radicale";
+      ReadWritePaths = ["${cfg.dataPath}/arr/radicale/"];
+    };
+
+    services.nginx.virtualHosts."radicale.${cfg.domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/".proxyPass = "http://127.0.0.1:5232";
+    };
+  };
+}
author	scouckel <james.krinsky@gmail.com>	2026-04-02 20:49:34 -0400
committer	scouckel <james.krinsky@gmail.com>	2026-04-02 20:49:34 -0400
commit	50044b7a87bc9f59452855a96a2013c9b000a0a1 (patch)
tree	c00948706d76ab9b9eceb051c4b1c45d16dc7e3d /modules/nixosModules
parent	eae1e605a04e7e78cac7052a5cc284de5f9ee87f (diff)