diff options
Diffstat (limited to 'modules/nixosModules')
| -rw-r--r-- | modules/nixosModules/createHost.nix | 83 | ||||
| -rw-r--r-- | modules/nixosModules/desktop/default.nix | 15 | ||||
| -rw-r--r-- | modules/nixosModules/desktop/gaming.nix | 24 | ||||
| -rw-r--r-- | modules/nixosModules/desktop/pipewire.nix | 12 | ||||
| -rw-r--r-- | modules/nixosModules/desktop/printing.nix | 13 | ||||
| -rw-r--r-- | modules/nixosModules/desktop/thunar.nix | 17 | ||||
| -rw-r--r-- | modules/nixosModules/server/arr.nix | 74 | ||||
| -rw-r--r-- | modules/nixosModules/server/cgit.nix | 57 | ||||
| -rw-r--r-- | modules/nixosModules/server/default.nix | 12 | ||||
| -rw-r--r-- | modules/nixosModules/server/jellyfin.nix | 44 | ||||
| -rw-r--r-- | modules/nixosModules/server/nginx.nix | 20 | ||||
| -rw-r--r-- | modules/nixosModules/server/radicale.nix | 45 |
12 files changed, 416 insertions, 0 deletions
diff --git a/modules/nixosModules/createHost.nix b/modules/nixosModules/createHost.nix new file mode 100644 index 0000000..a74ac53 --- /dev/null +++ b/modules/nixosModules/createHost.nix @@ -0,0 +1,83 @@ +{ + self, + inputs, + ... +}: { + flake.nixosModules.createHost = { + lib, + pkgs, + config, + ... + }: let + cfg = config.hostOptions; + in { + boot.loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; # ← use the same mount point here. + }; + grub = { + efiSupport = true; + device = "nodev"; + useOSProber = true; + theme = "${pkgs.fetchFromGitHub { + # blue screen of life grub theme + owner = "scouckel"; + repo = "bsol"; + rev = "a8eedad9e7163dce230ca7886be8e1b4ef81da99"; + sha256 = "sha256-P2q73uM1Ysn1a+0mOGOvee/Q1WAYRGQvfanrasx/8r8"; + }}/bsol"; + }; + }; + + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + hardware.firmware = with pkgs; [ + linux-firmware + ]; + hardware.enableRedistributableFirmware = true; + + system.name = cfg.host.name; + networking.hostName = cfg.host.name; + + networking.networkmanager.enable = true; + + time.timeZone = lib.mkDefault "US/Central"; + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + users.users.${cfg.user.name} = { + isNormalUser = true; + description = cfg.user.name; + extraGroups = ["networkmanager" "wheel"]; + shell = self.packages."${pkgs.stdenv.hostPlatform.system}".environment; + }; + + nixpkgs.config.allowUnfree = true; + nix.settings = { + experimental-features = ["nix-command" "flakes"]; + auto-optimise-store = true; + }; + + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + }; + + system.stateVersion = "25.05"; + }; +} diff --git a/modules/nixosModules/desktop/default.nix b/modules/nixosModules/desktop/default.nix new file mode 100644 index 0000000..4aa338c --- /dev/null +++ b/modules/nixosModules/desktop/default.nix @@ -0,0 +1,15 @@ +{ self, inputs, ... }: { + flake.nixosModules.desktop = {pkgs, ...}: { + imports = [ + self.nixosModules.gaming + self.nixosModules.pipewire + self.nixosModules.printing + self.nixosModules.thunar + ]; + + hardware.bluetooth.enable = true; + environment.systemPackages = [ + self.packages.${pkgs.stdenv.hostPlatform.system}.zen-browser + ]; + }; +} diff --git a/modules/nixosModules/desktop/gaming.nix b/modules/nixosModules/desktop/gaming.nix new file mode 100644 index 0000000..7314d8e --- /dev/null +++ b/modules/nixosModules/desktop/gaming.nix @@ -0,0 +1,24 @@ +{self, ...}: { + flake.nixosModules.gaming = { + pkgs, + lib, + ... + }: { + programs = { + steam = { + enable = true; + protontricks.enable = true; + extest.enable = true; + + extraCompatPackages = with pkgs; [ + proton-ge-bin + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + prismlauncher + heroic + ]; + }; +} diff --git a/modules/nixosModules/desktop/pipewire.nix b/modules/nixosModules/desktop/pipewire.nix new file mode 100644 index 0000000..46e3926 --- /dev/null +++ b/modules/nixosModules/desktop/pipewire.nix @@ -0,0 +1,12 @@ +{ + flake.nixosModules.pipewire = {pkgs, ...}: { + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + jack.enable = true; + pulse.enable = true; + socketActivation = true; + }; + }; +} diff --git a/modules/nixosModules/desktop/printing.nix b/modules/nixosModules/desktop/printing.nix new file mode 100644 index 0000000..925a73d --- /dev/null +++ b/modules/nixosModules/desktop/printing.nix @@ -0,0 +1,13 @@ +{ + flake.nixosModules.printing = {pkgs, ...}: { + services.printing = { + enable = true; + drivers = with pkgs; [ + brlaser + gutenprint + brgenml1lpr + brgenml1cupswrapper + ]; + }; + }; +} diff --git a/modules/nixosModules/desktop/thunar.nix b/modules/nixosModules/desktop/thunar.nix new file mode 100644 index 0000000..bef8fa6 --- /dev/null +++ b/modules/nixosModules/desktop/thunar.nix @@ -0,0 +1,17 @@ +{ + flake.nixosModules.thunar = {pkgs, ...}: { + programs.thunar = { + enable = true; + + plugins = with pkgs; [ + thunar-archive-plugin + thunar-media-tags-plugin + thunar-volman + ]; + }; + + programs.xfconf.enable = true; + services.gvfs.enable = true; + services.tumbler.enable = true; + }; +} diff --git a/modules/nixosModules/server/arr.nix b/modules/nixosModules/server/arr.nix new file mode 100644 index 0000000..40261ef --- /dev/null +++ b/modules/nixosModules/server/arr.nix @@ -0,0 +1,74 @@ +{self, ...}: { + flake.nixosModules.arr = { + pkgs, + config, + lib, + ... + }: let + cfg = config.hostOptions.server; + in { + imports = [ + self.nixosModules.hostOptions + ]; + + services.radarr = { + enable = true; + openFirewall = false; + dataDir = "${cfg.dataPath}/arr/radarr/"; + settings.server = { + bindAddress = "*"; + port = 7878; + }; + }; + + services.lidarr = { + enable = true; + openFirewall = false; + dataDir = "${cfg.dataPath}/arr/lidarr/"; + settings.server = { + bindAddress = "*"; + port = 8686; + }; + }; + + services.sonarr = { + enable = true; + openFirewall = false; + dataDir = "${cfg.dataPath}/arr/sonarr/"; + settings.server = { + bindAddress = "*"; + port = 8989; + }; + }; + + services.prowlarr = { + enable = true; + openFirewall = false; + dataDir = "${cfg.dataPath}/arr/prowlarr/"; + settings.server = { + bindAddress = "*"; + port = 9696; + }; + }; + + users.users.prowlarr = { + isSystemUser = true; + group = "prowlarr"; + }; + users.groups.prowlarr = {}; + systemd.services.prowlarr.serviceConfig = { + DynamicUser = lib.mkForce false; + User = lib.mkForce "prowlarr"; + Group = lib.mkForce "prowlarr"; + ReadWritePaths = ["${cfg.dataPath}/arr/prowlarr/"]; + ExecStart = lib.mkForce "${pkgs.prowlarr}/bin/Prowlarr -nobrowser -data=${cfg.dataPath}/arr/prowlarr"; + }; + + services.flaresolverr.enable = true; + + users.groups.arr = {}; + users.users.radarr.extraGroups = ["arr"]; + users.users.lidarr.extraGroups = ["arr"]; + users.users.sonarr.extraGroups = ["arr"]; + }; +} diff --git a/modules/nixosModules/server/cgit.nix b/modules/nixosModules/server/cgit.nix new file mode 100644 index 0000000..09a5829 --- /dev/null +++ b/modules/nixosModules/server/cgit.nix @@ -0,0 +1,57 @@ +{ + self, + lib, + ... +}: { + flake.nixosModules.cgit = { + config, + pkgs, + ... + }: let + cfg = config.hostOptions.server; + in { + imports = [ + self.nixosModules.hostOptions + self.nixosModules.nginx + ]; + + users.users.git = { + isSystemUser = true; + group = "git"; + home = "${cfg.dataPath}/git"; + createHome = true; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = cfg.sshKeys; + }; + users.groups.git = {}; + + services.cgit."git.${cfg.domain}" = { + enable = true; + + user = "git"; + group = "git"; + + scanPath = "${cfg.dataPath}/git"; + + settings = { + enable-index-owner = false; + enable-commit-graph = 1; + enable-log-filecount = 1; + enable-log-linecount = 1; + clone-url = "https://git.${cfg.domain}/$CGIT_REPO_URL ssh://git@git.${cfg.domain}:${cfg.dataPath}/git/$CGIT_REPO_URL"; + source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; + about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh"; + }; + + gitHttpBackend = { + enable = true; + checkExportOkFiles = false; + }; + }; + + services.nginx.virtualHosts."git.${cfg.domain}" = { + enableACME = true; + forceSSL = true; + }; + }; +} diff --git a/modules/nixosModules/server/default.nix b/modules/nixosModules/server/default.nix new file mode 100644 index 0000000..c9bbfa9 --- /dev/null +++ b/modules/nixosModules/server/default.nix @@ -0,0 +1,12 @@ +{ self, inputs, ... }: +{ + flake.nixosModules.server = { + imports = [ + self.nixosModules.arr + self.nixosModules.cgit + self.nixosModules.jellyfin + self.nixosModules.nginx + self.nixosModules.radicale + ]; + }; +} diff --git a/modules/nixosModules/server/jellyfin.nix b/modules/nixosModules/server/jellyfin.nix new file mode 100644 index 0000000..431022d --- /dev/null +++ b/modules/nixosModules/server/jellyfin.nix @@ -0,0 +1,44 @@ +{ + self, + lib, + ... +}: { + flake.nixosModules.jellyfin = { + config, + pkgs, + ... + }: let + cfg = config.hostOptions.server; + in { + imports = [ + self.nixosModules.hostOptions + self.nixosModules.nginx + ]; + + services.jellyfin = { + enable = true; + openFirewall = false; + dataDir = "${cfg.dataPath}/jellyfin/"; + hardwareAcceleration = { + enable = true; + device = lib.mkDefault "/dev/dri/renderD128"; + }; + }; + + # transcoding + users.users.jellyfin.extraGroups = ["video" "render"]; + environment.systemPackages = with pkgs; [jellyfin-ffmpeg]; + + services.nginx.virtualHosts."jellyfin.${cfg.domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8096"; + proxyWebsockets = true; + extraConfig = '' + proxy_buffering off; + ''; + }; + }; + }; +} diff --git a/modules/nixosModules/server/nginx.nix b/modules/nixosModules/server/nginx.nix new file mode 100644 index 0000000..9d014b0 --- /dev/null +++ b/modules/nixosModules/server/nginx.nix @@ -0,0 +1,20 @@ +{self, ...}: { + flake.nixosModules.nginx = {config, ...}: { + imports = [ + self.nixosModules.hostOptions + ]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimization = true; + }; + + security.acme = { + enable = true; + defaults.email = config.hostOptions.user.email; + }; + }; +} diff --git a/modules/nixosModules/server/radicale.nix b/modules/nixosModules/server/radicale.nix new file mode 100644 index 0000000..7f62b70 --- /dev/null +++ b/modules/nixosModules/server/radicale.nix @@ -0,0 +1,45 @@ +{ + self, + lib, + ... +}: { + flake.nixosModules.radicale = {config, ...}: let + cfg = config.hostOptions.server; + in { + imports = [ + self.nixosModules.hostOptions + self.nixosModules.nginx + ]; + + services.radicale = { + enable = true; + settings = { + server.hosts = ["127.0.0.1:5232"]; + auth = { + type = "htpasswd"; + htpasswd_filename = "${cfg.dataPath}/radicale/users"; + htpasswd_encryption = "autodetect"; + }; + storage.filesystem_folder = "${cfg.dataPath}/radicale/calendars/"; + }; + }; + + users.users.radicale = { + isSystemUser = true; + group = "radicale"; + }; + users.groups.radicale = {}; + systemd.services.radicale.serviceConfig = { + DynamicUser = lib.mkForce false; + User = lib.mkForce "radicale"; + Group = lib.mkForce "radicale"; + ReadWritePaths = ["${cfg.dataPath}/arr/radicale/"]; + }; + + services.nginx.virtualHosts."radicale.${cfg.domain}" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://127.0.0.1:5232"; + }; + }; +} |