mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nixfmt

Browse Source
This commit is contained in:
mjallen18
2025-07-24 11:06:08 -05:00
parent f05972d6ae
commit 3d213c8769
164 changed files with 1777 additions and 1257 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
modules/nixos/actual/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.nas-apps.actual;
@@ -24,7 +29,8 @@ in
};
};
config = { lib, ... }:
config =
{ lib, ... }:
{
services.actual = {
enable = true;
@@ -63,13 +69,13 @@ in
'';
systemd.services = {
actual = {
actual = {
environment.ACTUAL_CONFIG_PATH = lib.mkForce "${dataDir}/config.json";
serviceConfig = {
ExecStart = lib.mkForce "${pkgs.actual-server}/bin/actual-server --config ${dataDir}/config.json";
WorkingDirectory = lib.mkForce dataDir;
StateDirectory = lib.mkForce dataDir;
StateDirectoryMode = lib.mkForce 0700;
StateDirectoryMode = lib.mkForce 700;
DynamicUser = lib.mkForce false;
ProtectSystem = lib.mkForce null;
};

2
modules/nixos/amd/default.nix
View File

@@ -6,7 +6,7 @@
}:
let
cfg = config.share.hardware.amd;
pkgsVersion = pkgs;#.unstable;
pkgsVersion = pkgs; # .unstable;
in
{
imports = [ ./options.nix ];

2
modules/nixos/appimage/default.nix
View File

@@ -11,4 +11,4 @@
magicOrExtension = "\\x7fELF....AI\\x02";
};
};
}
}

28
modules/nixos/arrs/default.nix
View File

@@ -40,9 +40,11 @@ in
{
nixpkgs.config = {
allowUnfree = lib.mkForce true;
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"unrar"
];
allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"unrar"
];
};
# Enable radarr service
@@ -207,7 +209,7 @@ in
};
networking = {
nat = {
nat = {
forwardPorts = [
{
destination = "${cfg.localAddress}:${toString cfg.radarr.port}";
@@ -232,8 +234,22 @@ in
];
};
firewall = {
allowedTCPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ];
allowedUDPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ];
allowedTCPPorts = [
cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
allowedUDPPorts = [
cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
};
};
};

11
modules/nixos/boot/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, system, lib, ... }:
{
pkgs,
system,
lib,
...
}:
let
isArm = ("aarch64-linux" == system);
in
@@ -14,7 +19,7 @@ in
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
openBinary = true;
interpreter = "${pkgs.box64}/bin/box64";
preserveArgvZero = true;
preserveArgvZero = true;
matchCredentials = true;
fixBinary = false;
};
@@ -22,4 +27,4 @@ in
};
zramSwap.enable = true;
}
}

9
modules/nixos/boot/lanzaboote/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.bootloader.lanzaboote;
@@ -15,4 +20,4 @@ in
configurationLimit = cfg.configLimit;
};
};
}
}

2
modules/nixos/boot/lanzaboote/options.nix
View File

@@ -9,4 +9,4 @@ with lib;
default = 10;
};
};
}
}

2
modules/nixos/boot/plymouth/default.nix
View File

@@ -3,4 +3,4 @@
boot.plymouth = {
enable = true;
};
}
}

63
modules/nixos/crowdsec/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.nas-apps.crowdsec;
@@ -7,23 +12,25 @@ in
imports = [ ./options.nix ];
config = lib.mkIf cfg.enable {
services = {
crowdsec = let
yaml = (pkgs.formats.yaml {}).generate;
acquisitions_file = yaml "acquisitions.yaml" {
source = "journalctl";
journalctl_filter = ["_SYSTEMD_UNIT=sshd.service"];
labels.type = "syslog";
};
in {
enable = true;
enrollKeyFile = "${cfg.dataDir}/enroll.key";
settings = {
crowdsec_service.acquisition_path = acquisitions_file;
api.server = {
listen_uri = "0.0.0.0:${toString cfg.port}";
crowdsec =
let
yaml = (pkgs.formats.yaml { }).generate;
acquisitions_file = yaml "acquisitions.yaml" {
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
labels.type = "syslog";
};
in
{
enable = true;
enrollKeyFile = "${cfg.dataDir}/enroll.key";
settings = {
crowdsec_service.acquisition_path = acquisitions_file;
api.server = {
listen_uri = "0.0.0.0:${toString cfg.port}";
};
};
};
};
crowdsec-firewall-bouncer = {
enable = true;
@@ -35,17 +42,19 @@ in
};
systemd.services.crowdsec.serviceConfig = {
ExecStartPre = let
script = pkgs.writeScriptBin "register-bouncer" ''
#!${pkgs.runtimeShell}
set -eu
set -o pipefail
ExecStartPre =
let
script = pkgs.writeScriptBin "register-bouncer" ''
#!${pkgs.runtimeShell}
set -eu
set -o pipefail
if ! cscli bouncers list | grep -q "nas-bouncer"; then
cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}"
fi
'';
in ["${script}/bin/register-bouncer"];
if ! cscli bouncers list | grep -q "nas-bouncer"; then
cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}"
fi
'';
in
[ "${script}/bin/register-bouncer" ];
};
networking = {
@@ -55,4 +64,4 @@ in
};
};
};
}
}

7
modules/nixos/desktop/cosmic/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.cosmic;
in

2
modules/nixos/desktop/cosmic/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.desktop.cosmic = {
enable = mkEnableOption "enable cosmic settings";
};
}
}

12
modules/nixos/desktop/gnome/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.gnome;
in
@@ -17,7 +23,7 @@ in
gnome.gnome-remote-desktop.enable = true;
};
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
programs = {
@@ -27,4 +33,4 @@ in
};
};
};
}
}

23
modules/nixos/desktop/hyprland/default.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, namespace, ... }:
{
config,
pkgs,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.hyprland;
@@ -26,7 +32,10 @@ in
imports = [ ../../../home/desktop/hyprland/options.nix ];
config = lib.mkIf cfg.enable {
environment.systemPackages = [ bing-wallpaper pkgs.jq ];
environment.systemPackages = [
bing-wallpaper
pkgs.jq
];
services = {
displayManager = {
@@ -66,7 +75,7 @@ in
xwayland.enable = true;
portalPackage = lib.mkDefault pkgs.xdg-desktop-portal-hyprland;
};
nm-applet.enable = true;
};
@@ -121,18 +130,18 @@ in
reload-bing-wallpaper = {
description = "Timer for reload-bing-wallpaper";
wantedBy = [ "timers.target" ];
# Timer configuration
timerConfig = {
OnCalendar = "daily"; # Check every day
Persistent = true; # Run immediately if last run was missed
OnCalendar = "daily"; # Check every day
Persistent = true; # Run immediately if last run was missed
Unit = "reload-bing-wallpaper.service";
};
};
};
};
extraConfig = ''
DefaultTimeoutStopSec=10s
DefaultTimeoutStopSec=10s
'';
};

10
modules/nixos/desktop/hyprland/settings.nix
View File

@@ -1,10 +1,10 @@
{ pkgs, ... }:
let
nord = import ./theme.nix;
themeSize = "compact"; # [ "standard" "compact" ]
themeAccent = "all"; # [ "default" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey" "all" ]
themeVariant = "nord"; # [ "nord" "dracula" "gruvbox" "everforest" "catppuccin" "all" "black" "rimless" "normal" "float" ]
themeColor = "dark"; # [ "standard" "light" "dark" ]
themeSize = "compact"; # [ "standard" "compact" ]
themeAccent = "all"; # [ "default" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey" "all" ]
themeVariant = "nord"; # [ "nord" "dracula" "gruvbox" "everforest" "catppuccin" "all" "black" "rimless" "normal" "float" ]
themeColor = "dark"; # [ "standard" "light" "dark" ]
iconThemeVariant = "all"; # [ "default" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey" "all" ]
iconScheme = "nord"; # [ "default" "nord" "dracula" "gruvbox" "everforest" "catppuccin" "all" ]
@@ -105,4 +105,4 @@ in
};
theme = nord;
}
}

7
modules/nixos/disko/aarch64-linux/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, system, ... }:
{
config,
lib,
system,
...
}:
let
isArm = builtins.match "aarch64*" system != null;
rootDisk = "/dev/nvme0n1";

2
modules/nixos/disko/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.hardware.disko = {
enable = mkEnableOption "enable disko";
};
}
}

8
modules/nixos/disko/x86_64-linux/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, system, namespace, ... }:
{
config,
lib,
system,
namespace,
...
}:
let
cfg = config.${namespace}.hardware.disko;
isArm = builtins.match "aarch64*" system != null;

15
modules/nixos/fonts/default.nix
View File

@@ -1,11 +1,14 @@
{ lib, pkgs, ... }:
{
fonts.packages = with pkgs; [
font-awesome
noto-fonts
noto-fonts-color-emoji
meslo-lgs-nf
] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
fonts.packages =
with pkgs;
[
font-awesome
noto-fonts
noto-fonts-color-emoji
meslo-lgs-nf
]
++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
fonts.fontconfig.defaultFonts = {
emoji = [

11
modules/nixos/gaming/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.share.gaming;
pkgsVersion = pkgs; #.unstable;
pkgsVersion = pkgs; # .unstable;
in
{
imports = [ ./options.nix ];
@@ -17,7 +22,7 @@ in
remotePlay.openFirewall = true;
# Open ports in the firewall for Source Dedicated Server
dedicatedServer.openFirewall = true;
extraCompatPackages = with pkgsVersion; [ proton-ge-bin];
extraCompatPackages = with pkgsVersion; [ proton-ge-bin ];
gamescopeSession = {
enable = true;
args = [

18
modules/nixos/gitea/default.nix
View File

@@ -34,7 +34,8 @@ in
};
};
config = { lib, ... }:
config =
{ lib, ... }:
{
services.gitea = {
enable = true;
@@ -71,7 +72,10 @@ in
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
allowedTCPPorts = [
cfg.httpPort
cfg.sshPort
];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
@@ -122,8 +126,14 @@ in
];
};
firewall = {
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
allowedUDPPorts = [ cfg.httpPort cfg.sshPort ];
allowedTCPPorts = [
cfg.httpPort
cfg.sshPort
];
allowedUDPPorts = [
cfg.httpPort
cfg.sshPort
];
};
};
};

2
modules/nixos/hardware/btrfs/default.nix
View File

@@ -11,4 +11,4 @@
"/home"
];
};
}
}

2
modules/nixos/hardware/default.nix
View File

@@ -1,6 +1,6 @@
{ lib, system, ... }:
let
isArm = "aarch64-linux" == system;
isArm = "aarch64-linux" == system;
in
{
hardware = {

27
modules/nixos/home/default.nix
View File

@@ -45,21 +45,26 @@ in
useGlobalPkgs = true;
useUserPackages = true;
# Pass inputs so external modules can access them
extraSpecialArgs = {
inherit inputs;
# Pass inputs so external modules can access them
extraSpecialArgs = {
inherit inputs;
};
# Make ALL external HM modules available globally
sharedModules = with inputs; [
sops-nix.homeManagerModules.sops
# Add any other external HM modules here
] ++ (if (!isArm) then with inputs; [ steam-rom-manager.homeManagerModules.default ] else [ ]);
users.${config.${namespace}.user.name} = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
# Make ALL external HM modules available globally
sharedModules =
with inputs;
[
sops-nix.homeManagerModules.sops
# Add any other external HM modules here
]
++ (if (!isArm) then with inputs; [ steam-rom-manager.homeManagerModules.default ] else [ ]);
users.${config.${namespace}.user.name} =
lib.mkAliasDefinitions
options.${namespace}.home.extraOptions;
# users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
verbose = true;
};
};
}
}

235
modules/nixos/homeassistant/default.nix
View File

@@ -1,9 +1,15 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.services.home-assistant;
mosquittoPort = 1883;
zigbee2mqttPort = 8080;
# In configuration.nix or a separate file
python-steam = pkgs.python3Packages.buildPythonPackage rec {
pname = "steam";
@@ -74,7 +80,7 @@ in
"wyoming"
"zha"
];
customComponents = with pkgs.home-assistant-custom-components; [
# nixpkgs
auth-header
@@ -106,113 +112,114 @@ in
zigbee2mqtt-networkmap
];
# use postgresql instead of sqlite
extraPackages = ps: with ps; [
# Core functionality
aiohttp
aiodns
paho-mqtt
pillow
pytz
pyyaml
sqlalchemy
# Discovery & networking
zeroconf
netdisco
ifaddr
ssdp
# Device protocols
pyserial # Serial communications
bluepy # Bluetooth LE
# Smart home ecosystems
mutagen # Media file metadata
pysonos # Sonos
pywemo # Belkin WeMo
python-miio # Xiaomi devices
python-kasa # TP-Link
# Sensors & monitoring
meteocalc # Weather calculations
speedtest-cli # Internet speed
# Visualization & UI
matplotlib # Graphing
# Security
bcrypt
cryptography
pyjwt
# Media
ha-ffmpeg # Camera streams
# Specialized integrations
python-matter-server # Matter protocol
# System integrations
psutil # System monitoring
psycopg2
numpy
hassil
pyturbojpeg
paho-mqtt
pychromecast
pyatv
python-otbr-api
brother
pyipp
govee-ble
adguardhome
nextcord
aiogithubapi
jellyfin-apiclient-python
pylitterbot
dateparser
aionut
nextcloudmonitor
ollama
pynecil
aiopyarr
pysabnzbd
getmac
zigpy
bellows # For Zigbee EmberZNet-based adapters
zigpy-xbee # For XBee adapters
zigpy-deconz # For ConBee/RaspBee adapters
pyicloud # iCloud
pyatv # Apple TV
opencv-python
face-recognition
ibeacon-ble
gehomesdk
onedrive-personal-sdk
python-roborock
python-steam
apple-weatherkit
extraPackages =
ps: with ps; [
# Core functionality
aiohttp
aiodns
paho-mqtt
pillow
pytz
pyyaml
sqlalchemy
samsungctl
samsungtvws
# Discovery & networking
zeroconf
netdisco
ifaddr
ssdp
aiohomekit
# Device protocols
pyserial # Serial communications
bluepy # Bluetooth LE
# Smart home ecosystems
mutagen # Media file metadata
pysonos # Sonos
pywemo # Belkin WeMo
python-miio # Xiaomi devices
python-kasa # TP-Link
# Sensors & monitoring
meteocalc # Weather calculations
speedtest-cli # Internet speed
# Visualization & UI
matplotlib # Graphing
# Security
bcrypt
cryptography
pyjwt
# Media
ha-ffmpeg # Camera streams
# Specialized integrations
python-matter-server # Matter protocol
# System integrations
psutil # System monitoring
psycopg2
numpy
hassil
pyturbojpeg
paho-mqtt
pychromecast
pyatv
python-otbr-api
brother
pyipp
govee-ble
adguardhome
nextcord
aiogithubapi
jellyfin-apiclient-python
pylitterbot
dateparser
aionut
nextcloudmonitor
ollama
pynecil
aiopyarr
pysabnzbd
getmac
zigpy
bellows # For Zigbee EmberZNet-based adapters
zigpy-xbee # For XBee adapters
zigpy-deconz # For ConBee/RaspBee adapters
pyicloud # iCloud
pyatv # Apple TV
opencv-python
face-recognition
ibeacon-ble
gehomesdk
onedrive-personal-sdk
python-roborock
python-steam
apple-weatherkit
samsungctl
samsungtvws
aiohomekit
icmplib
aioelectricitymaps
wyoming
pysmartthings
wakeonlan
ephem
];
icmplib
aioelectricitymaps
wyoming
pysmartthings
wakeonlan
ephem
];
config = {
# Includes dependencies for a basic setup
# https://www.home-assistant.io/integrations/default_config/
default_config = {};
default_config = { };
cloud = false;
frontend = {
themes = "!include_dir_merge_named themes";
};
@@ -262,10 +269,12 @@ in
postgresql = {
enable = true;
ensureDatabases = [ "hass" ];
ensureUsers = [{
name = "hass";
ensureDBOwnership = true;
}];
ensureUsers = [
{
name = "hass";
ensureDBOwnership = true;
}
];
};
# Enable and configure Mosquitto MQTT broker
@@ -303,7 +312,7 @@ in
permit_join = true;
# Web interface
frontend = {
port = zigbee2mqttPort; # Choose an available port
port = zigbee2mqttPort; # Choose an available port
};
# MQTT configuration
mqtt = {
@@ -380,24 +389,24 @@ in
};
# Enable required hardware support for the Zigbee adapter
hardware.bluetooth.enable = true; # Some adapters use Bluetooth
hardware.bluetooth.enable = true; # Some adapters use Bluetooth
# Ensure proper permissions for Zigbee USB devices
# services.udev.extraRules = ''
# # For CC2531, CC2530, CC1352P-2, CC2538 and similar adapters
# SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="zigbee", MODE="0666"
# SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="zigbee", MODE="0666"
# # For ConBee/RaspBee by Dresden Elektronik
# SUBSYSTEM=="tty", ATTRS{idVendor}=="1cf1", ATTRS{idProduct}=="0030", SYMLINK+="zigbee", MODE="0666"
# # For Electrolama zig-a-zig-ah (zzh!)
# SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="zigbee", MODE="0666"
# '';
environment.systemPackages = with pkgs; [
mosquitto # MQTT command-line tools
usbutils # For lsusb to help identify your adapter
mosquitto # MQTT command-line tools
usbutils # For lsusb to help identify your adapter
];
networking.firewall.allowedTCPPorts = [

2
modules/nixos/homeassistant/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.services.home-assistant = {
enable = mkEnableOption "enable home-assistant";
};
}
}

9
modules/nixos/immich/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.immich;
@@ -8,7 +13,7 @@ let
dbPassword = config.sops.secrets."jallen-nas/immich/db-password".path;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
# Enable immich service

2
modules/nixos/immich/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.services.immich = {
enable = mkEnableOption "enable immich";
};
}
}

9
modules/nixos/jellyfin/default.nix
View File

@@ -1,10 +1,15 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.jellyfin;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
services.jellyfin = {

2
modules/nixos/jellyfin/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.services.jellyfin = {
enable = mkEnableOption "enable jellyfin";
};
}
}

9
modules/nixos/jellyseerr/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.jellyseerr;
@@ -7,7 +12,7 @@ let
dataDir = "/var/lib/private/jellyseerr";
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
containers.jellyseerr = {

2
modules/nixos/jellyseerr/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.services.jellyseerr = {
enable = mkEnableOption "enable jellyseerr";
};
}
}

13
modules/nixos/lubelogger/default.nix
View File

@@ -1,17 +1,22 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.lubelogger;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.lubelogger = {
autoStart = true;
image = "ghcr.io/hargata/lubelogger";
ports = [ "6754:8080" ];
volumes = [
volumes = [
"/media/nas/ssd/nix-app-data/lubelogger:/App/data"
"/media/nas/ssd/nix-app-data/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
];
@@ -25,4 +30,4 @@ in
};
};
};
}
}

2
modules/nixos/lubelogger/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.services.lubelogger = {
enable = mkEnableOption "enable lubelogger";
};
}
}

12
modules/nixos/network/default.nix
View File

@@ -10,7 +10,7 @@ let
in
{
options.${namespace}.network = with types; {
hostName = lib.mkOption {
hostName = lib.mkOption {
type = str;
default = "nixos";
description = "The hostname of the system.";
@@ -56,8 +56,8 @@ in
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = if (cfg.ipv4.method == "auto")
then
ipv4 =
if (cfg.ipv4.method == "auto") then
{
method = "auto";
}
@@ -87,8 +87,8 @@ in
id = "Joey's Jungle 5G";
type = "wifi";
};
ipv4 = if (cfg.ipv4.method == "auto")
then
ipv4 =
if (cfg.ipv4.method == "auto") then
{
method = "auto";
}
@@ -126,4 +126,4 @@ in
};
};
};
}
}

27
modules/nixos/nextcloud/default.nix
View File

@@ -1,11 +1,17 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.nextcloud;
adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid;
hostAddress = "10.0.1.3";
@@ -15,7 +21,7 @@ let
onlyofficePortExt = 9943;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
containers.nextcloud = {
@@ -33,7 +39,7 @@ in
isReadOnly = true;
mountPoint = "/run/secrets/jallen-nas/nextcloud";
};
secrets2 = {
hostPath = "/run/secrets/jallen-nas/onlyoffice-key";
isReadOnly = true;
@@ -60,12 +66,17 @@ in
};
config =
{ pkgs, lib, namespace, ... }:
{
pkgs,
lib,
namespace,
...
}:
{
nixpkgs.config.allowUnfree = true;
networking.extraHosts = ''
${hostAddress} host.containers protonmail-bridge
'';
${hostAddress} host.containers protonmail-bridge
'';
services = {
nextcloud = {

2
modules/nixos/nextcloud/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.services.nextcloud = {
enable = mkEnableOption "enable nextcloud";
};
}
}

2
modules/nixos/nix/default.nix
View File

@@ -33,4 +33,4 @@
];
};
};
}
}

16
modules/nixos/nvidia/default.nix
View File

@@ -15,11 +15,11 @@ in
hardware = {
# Nvidia
nvidia = {
package =
if cfg.enableBeta then
config.boot.kernelPackages.nvidiaPackages.beta
else
config.boot.kernelPackages.nvidiaPackages.latest;
package =
if cfg.enableBeta then
config.boot.kernelPackages.nvidiaPackages.beta
else
config.boot.kernelPackages.nvidiaPackages.latest;
# Modesetting is required.
modesetting.enable = true;
@@ -33,9 +33,9 @@ in
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = cfg.enableOpen;

16
modules/nixos/ollama/default.nix
View File

@@ -1,13 +1,19 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.ollama;
llamaPackage = pkgs.llama-cpp.overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "ggml-org";
repo = "llama.cpp";
rev = "b4920";
owner = "ggml-org";
repo = "llama.cpp";
rev = "b4920";
sha256 = "sha256-SnQIeY74JpAPRMxWcpklDH5D4CQvAgi0GYx5+ECk2J4=";
};
# Optionally override other attributes if you need to
@@ -16,7 +22,7 @@ let
});
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
services.ollama = {

2
modules/nixos/ollama/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.services.ollama = {
enable = mkEnableOption "enable ollama";
};
}
}

9
modules/nixos/paperless/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.paperless;
@@ -10,7 +15,7 @@ let
paperlessPkg = pkgs.paperless-ngx;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
containers.paperless = {

2
modules/nixos/paperless/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.services.paperless = {
enable = mkEnableOption "enable paperless";
};
}
}

2
modules/nixos/programs/default.nix
View File

@@ -75,4 +75,4 @@
nixd
];
};
}
}

2
modules/nixos/security/default.nix
View File

@@ -28,4 +28,4 @@
];
};
};
}
}

4
modules/nixos/services/default.nix
View File

@@ -1,7 +1,7 @@
{ lib, pkgs, ... }:
{
services = {
kmscon = {
enable = lib.mkDefault false;
hwRender = true;
@@ -30,7 +30,7 @@
# Enable Avahi for .local hostname resolution
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true; # For modern systems, use nssmdns4 instead of nssmdns
nssmdns4 = lib.mkDefault true; # For modern systems, use nssmdns4 instead of nssmdns
openFirewall = lib.mkDefault true;
publish = {
enable = lib.mkDefault true;

2
modules/nixos/shell/default.nix
View File

@@ -12,4 +12,4 @@
enableZshIntegration = lib.mkDefault true;
};
};
}
}

95
modules/nixos/traefik/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.traefik;
@@ -45,10 +50,10 @@ let
metricsPort = 8082;
forwardPorts = [
httpPort
httpsPort
traefikPort
metricsPort
httpPort
httpsPort
traefikPort
metricsPort
];
# misc
@@ -57,7 +62,7 @@ let
authentikAddress = "http://${serverIp}:9000/outpost.goauthentik.io/auth/traefik";
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
sops = {
@@ -76,7 +81,9 @@ in
"traefik.env" = {
content = ''
CLOUDFLARE_DNS_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"}
CLOUDFLARE_ZONE_API_TOKEN = ${
config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"
}
CLOUDFLARE_API_KEY = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
'';
@@ -95,7 +102,7 @@ in
services.traefik = {
enable = true;
dataDir = dataDir;
group = "jallen-nas";#group;
group = "jallen-nas"; # group;
environmentFiles = [ "${config.services.traefik.dataDir}/traefik.env" ]; # todo: sops
staticConfigOptions = {
@@ -129,7 +136,12 @@ in
entryPoint = "metrics";
addEntryPointsLabels = true;
addServicesLabels = true;
buckets = [0.1 0.3 1.2 5.0]; # Response time buckets
buckets = [
0.1
0.3
1.2
5.0
]; # Response time buckets
};
};
@@ -215,8 +227,7 @@ in
};
};
};
internal-ipallowlist =
{
internal-ipallowlist = {
ipAllowList = {
sourceRange = [
"127.0.0.1/32"
@@ -305,7 +316,10 @@ in
entryPoints = [ "websecure" ];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 15;
tls.certResolver = "letsencrypt";
};
@@ -314,21 +328,30 @@ in
entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)";
service = "actual";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
authentik = {
entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)";
service = "authentik";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
cache = {
entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)";
service = "cache";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 10;
tls.certResolver = "letsencrypt";
};
@@ -336,21 +359,31 @@ in
entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)";
service = "cloud";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)";
service = "gitea";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
hass = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
service = "hass";
middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
"authentik"
];
priority = 10;
tls.certResolver = "letsencrypt";
};
@@ -358,35 +391,51 @@ in
entryPoints = [ "websecure" ];
rule = "Host(`immich.${domain}`)";
service = "immich";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
jellyfin = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
jellyseerr = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
lubelogger = {
entryPoints = [ "websecure" ];
rule = "Host(`lubelogger.${domain}`)";
service = "lubelogger";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
onlyoffice = {
entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)";
service = "onlyoffice";
middlewares = [ "crowdsec" "whitelist-geoblock" "onlyoffice-websocket" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
"onlyoffice-websocket"
];
tls.certResolver = "letsencrypt";
};
};

2
modules/nixos/traefik/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.services.traefik = {
enable = mkEnableOption "enable traefik";
};
}
}

4
modules/nixos/user/default.nix
View File

@@ -11,7 +11,7 @@ let
in
{
options.${namespace}.user = with types; {
email = lib.mkOption {
email = lib.mkOption {
type = str;
default = "jalle008@proton.me";
description = "The email of the user.";
@@ -74,4 +74,4 @@ in
hashedPasswordFile = cfg.passwordFile;
} // cfg.extraOptions;
};
}
}

11
modules/nixos/wyoming/default.nix
View File

@@ -1,10 +1,15 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.wyoming;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
services.wyoming = {
@@ -24,4 +29,4 @@ in
};
};
};
}
}

2
modules/nixos/wyoming/options.nix
View File

@@ -4,4 +4,4 @@ with lib;
options.${namespace}.services.wyoming = {
enable = mkEnableOption "enable wyoming";
};
}
}