toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reworked config! Fully working for VM, needs testing with rune now.

Browse source
This commit is contained in:
Chris Toph 2025-03-04 04:45:31 -05:00
parent 6581dbac20
commit 3bea0de7a1
144 changed files with 1975 additions and 3321 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.vscode/settings.json vendored Normal file
View file

@ -0,0 +1,8 @@
{
"explorer.fileNesting.patterns": {
".gitignore": ".gitattributes, .envrc, readme",
"flake.nix": "flake.lock, shell.nix, checks.nix"
},
"editor.formatOnSave": true,
"editor.formatOnSaveMode": "file"
}

1
common/archive/acme/cloudflare.ini.example
View file

@ -1 +0,0 @@
CF_DNS_API_TOKEN=

17
common/archive/acme/default.nix
View file

@ -1,17 +0,0 @@
{ config, lib, pkgs, ... }: {
# letsencrypt
security.acme = {
acceptTerms = true;
defaults = {
email = "chris@toph.cc";
dnsProvider = "cloudflare";
environmentFile = ./cloudflare.ini;
};
certs = {
"ryot.foo" = {
extraDomainNames = ["*.ryot.foo"];
};
};
};
}

17
common/archive/caddy/default.nix
View file

@ -1,17 +0,0 @@
{
services.caddy = {
enable = true;
virtualHosts = {
"*.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = builtins.readFile ./ryot.foo.conf;
};
"ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = builtins.readFile ./ryot.foo.conf;
};
};
};
}

13
common/archive/caddy/ryot.foo.conf
View file

@ -1,13 +0,0 @@
reverse_proxy http://localhost:8080 {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
}
reverse_proxy https://localhost:4433 {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
}

106
common/archive/forgejo/default.nix
View file

@ -1,106 +0,0 @@
# Configuration for Gitea instance
{
config,
pkgs,
admin,
...
}:
{
# users.users.git = {
# description = "git";
# uid = 993;
# group = "ryot";
# shell = pkgs.fish;
# # openssh.authorizedKeys.keys = [
# # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
# # ];
# };
# Forgejo configuration
services.forgejo = {
enable = true;
group = "ryot";
stateDir = "/pool/forgejo";
# Settings
dump = {
# :D idk what this does
enable = false;
interval = "weekly";
};
settings = {
DEFAULT = {
# Configuration for forgejo
I_AM_BEING_UNSAFE_RUNNING_AS_ROOT = "true";
APP_NAME = "Ryot Git";
RUN_MODE = "dev";
RUN_USER = "toph";
};
server = {
# Configuration for reverse proxy
DOMAIN = "git.ryot.foo";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3003;
ROOT_URL = "https://git.ryot.foo/";
START_SSH_SERVER = true;
BUILTIN_SSH_SERVER_USER = "git";
SSH_PORT = 222;
};
repository = {
DEFAULT_PRIVATE = true;
};
ui = {
DEFAULT_THEME = "forgejo-dark";
SHOW_USER_EMAIL = false;
};
"ui.meta" = {
AUTHOR = "Ryot";
DESCRIPTION = "Ryot Gitea instance";
KEYWORDS = "";
};
security = {
INSTALL_LOCK = true;
};
session = {
SESSION_LIFE_TIME = 86400 * 7; # 1 week
};
picture = {
DISABLE_GRAVATAR = true;
};
"cron.sync_external_users" = {
SCHEDULE = "@every 24h";
UPDATE_EXISTING = true;
};
log.LEVEL = "Info";
# Private server
service.DISABLE_REGISTRATION = false;
# Disable package manager functionality
packages.ENABLED = false;
};
};
users.users.forgejo = {
extraGroups = [ "ryot" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
];
};
# Give admin group access to forgejo config
# users.users.${admin}.extraGroups = [ "forgejo" ];
}

1
common/archive/mailserver/admin.pass
View file

@ -1 +0,0 @@
$2b$05$RAavFe61.2iBTeGdtCI5EuKmFXxRbh/OL199HjBN74hSBCXzxViqS

1
common/archive/mailserver/admin.pass.example
View file

@ -1 +0,0 @@
<HASHED_PASS>

19
common/archive/mailserver/default.nix
View file

@ -1,19 +0,0 @@
{
enable = true;
fqdn = "mail.ryot.foo";
domains = [ "ryot.foo" ];
enableImapSsl = true;
enableSubmissionSsl = true;
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"[REDACTED]" = {
hashedPassword = builtins.readFile ./admin.pass;
aliases = ["[REDACTED]"];
};
};
certificateScheme = "acme";
}

89
common/archive/nextcloud/default.nix
View file

@ -1,89 +0,0 @@
{ config, pkgs, ... }:
{
# The Nextcloud admin password is stored in a separate file to avoid
environment.etc."nextcloud-admin-pass".text = builtins.readFile ./nextcloud-admin-pass;
services.nextcloud = {
enable = true;
hostName = "cloud.ryot.foo";
# Need to manually increment with every major upgrade.
package = pkgs.nextcloud29;
# Let NixOS install and configure the database automatically.
database.createLocally = true;
# Let NixOS install and configure Redis caching automatically.
configureRedis = true;
# Increase the maximum file upload size to avoid problems uploading videos.
maxUploadSize = "5G";
https = true;
# appstoreEnable = true;
autoUpdateApps.enable = true;
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
inherit
calendar
contacts
mail
notes
tasks
registration
spreed
twofactor_nextcloud_notification
;
# breeze = pkgs.fetchNextcloudApp {
# sha256 = "sha256-9xMH9IcQrzzMJ5bL6RP/3CS1QGuByriCjGkJQJxQ4CU=";
# url = "https://github.com/mwalbeck/nextcloud-breeze-dark/releases/download/v29.0.0/breezedark.tar.gz";
# license = "agpl3Only";
# };
oidc_login = pkgs.fetchNextcloudApp {
sha256 = "sha256-DrbaKENMz2QJfbDKCMrNGEZYpUEvtcsiqw9WnveaPZA=";
url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.0/oidc_login.tar.gz";
license = "agpl3Only";
};
impersonate = pkgs.fetchNextcloudApp {
sha256 = "sha256-7NCfm2c861E1ZOZhpqjbsw2LC9I7ypp2J1LamqmWvtU=";
url = "https://github.com/nextcloud-releases/impersonate/releases/download/v1.16.0/impersonate-v1.16.0.tar.gz";
license = "agpl3Only";
};
# Custom app installation example.
# cookbook = pkgs.fetchNextcloudApp rec {
# url =
# "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
# sha256 = "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=";
# };
};
settings = {
overwriteProtocol = "https";
overwritehost = "cloud.ryot.foo";
trusted_domains = [ "cloud.ryot.foo" ];
default_phone_region = "US";
allow_user_to_change_display_name = "false";
lost_password_link = "disabled";
oidc_login_provider_url = "https://auth.ryot.foo/application/o/cloud-slug";
oidc_login_client_id = "Fmc7v4MFQ3Iv8bZwOdXIaqYZUdDkiL0bKbDuGWd3";
oidc_login_client_secret = "TPo7Q4uiusak2G6cneZMijMt45Y2FNCE2YT4hXWU9IjcywNhgzFXDY5sxC4SyyggkFmj3Dz3DYcZj295kjAES2W140EfjNRWI6xHd6B7Fxj8B6BzudJ5ii5Um1ZyjU47";
# oidc_login_logout_url = "https://openid.example.com/thankyou";
# oidc_login_end_session_redirect = "false";
oidc_login_button_text = "Authentik Login";
oidc_login_scope = "openid profile";
oidc_login_disable_registration = "false";
};
config = {
dbtype = "pgsql";
adminuser = "admin";
adminpassFile = "/etc/nextcloud-admin-pass";
};
};
}

1
common/archive/nextcloud/nextcloud-admin-pass
View file

@ -1 +0,0 @@
snYBkSxkFZ6a7Y

27
common/archive/nginx/default.nix
View file

@ -1,27 +0,0 @@
{
# Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"drive.ryot.foo" = {
## Force HTTP redirect to HTTPS
forceSSL = true;
## LetsEncrypt
enableACME = true;
};
};
};
}

12
common/fish/default.nix
View file

@ -1,12 +0,0 @@
{ pkgs, ... }:
{
programs.fish = {
enable = true;
interactiveShellInit = builtins.readFile ./init.fish;
plugins = [
# Enable a plugin (here grc for colorized command output) from nixpkgs
{ name = "grc"; src = pkgs.fishPlugins.grc.src; }
{ name = "tide"; src = pkgs.fishPlugins.tide.src; }
];
};
}

13
common/git/default.nix
View file

@ -1,13 +0,0 @@
{
# !!! FOR HOME MANAGER Not nix config
programs.git = {
enable = true;
userName = "[REDACTED]";
userEmail = "[REDACTED]";
extraConfig = {
init = {
defaultBranch = "main";
};
};
};
}

29
common/home/default.nix
View file

@ -1,29 +0,0 @@
{
pkgs,
hostName,
user,
...
}:
{
# Module imports
imports = [
# Common Modules
../fish
../fastfetch
];
home = {
username = user;
homeDirectory = "/home/${user}";
stateVersion = "24.05";
sessionVariables = {
HOSTNAME = hostName;
EDITOR = "micro";
VISUAL = "micro";
XDG_CONFIG_HOME = "$HOME/.config";
};
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
}

21
common/ssh/default.nix
View file

@ -1,21 +0,0 @@
{
lib,
...
}:
{
programs.ssh.startAgent = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
];
services.openssh = {
enable = true;
settings = {
AllowUsers = null; # everyone
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = lib.mkDefault "no";
};
};
}

10
common/vscode/default.nix
View file

@ -1,10 +0,0 @@
{ pkgs, ... }:
{
programs.vscode = {
enable = true;
extensions = with pkgs.vscode-extensions; [
# bbenoist.Nix
# brettm12345.nixfmt-vscode
];
};
}

149
flake.lock generated
View file

@ -1,149 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1740624780,
"narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1740367490,
"narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1682134069,
"narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1735471104,
"narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"vscode-server": "vscode-server",
"zen-browser": "zen-browser"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"vscode-server": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1729422940,
"narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=",
"owner": "nix-community",
"repo": "nixos-vscode-server",
"rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-vscode-server",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1740554227,
"narHash": "sha256-xpwZeMw2gGenixGQDyVv+ja+epcR+EJ1BPuGFdgFS18=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "7de16ae319e6f6852274fa90b0d41c00049767c9",
"type": "github"
},
"original": {
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

359
flake.nix
View file

@ -1,27 +1,32 @@
# FIXME: this shit is a mess i need to learn how to do this properly
{
description = "Unstable Flake";
description = "Toph's Nix-Config";
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# The next two are for pinning to stable vs unstable regardless of what the above is set to
# This is particularly useful when an upcoming stable release is in beta because you can effectively
# keep 'nixpkgs-stable' set to stable for critical packages while setting 'nixpkgs' to the beta branch to
# get a jump start on deprecation changes.
# See also 'stable-packages' and 'unstable-packages' overlays at 'overlays/default.nix"
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
# NixOs hardware flakes
hardware.url = "github:nixos/nixos-hardware";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
vscode-server = {
url = "github:nix-community/nixos-vscode-server";
# VM tools
nixvirt = {
url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
zen-browser = {
url = "github:0xc000022070/zen-browser-flake";
};
# nixvirt = {
# url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# arion = {
# url = "github:hercules-ci/arion";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# TODO: theming
# stylix.url = "github:danth/stylix/release-24.11";
};
outputs =
@ -30,290 +35,78 @@
inherit (self) outputs;
inherit (nixpkgs) lib;
admin = "toph";
user = "toph";
ARM = "aarch64-linux"; # ARM systems
X86 = "x86_64-linux"; # x86_64 systems
in
{
nixosConfigurations = {
caenus =
#
# ========= Architectures =========
#
forAllSystems = nixpkgs.lib.genAttrs [
ARM
X86
];
#
# ========= Host Config Functions =========
#
# Handle a given host config based on whether its underlying system is nixos or darwin
mkHost = host: isARM: {
${host} =
let
hostName = "caenus";
default = ./. + "/host/${hostName}";
func = if isARM then ARM else X86;
systemFunc = func;
in
lib.nixosSystem {
specialArgs = {
inherit admin hostName;
};
system = ARM;
modules = [
./nix
default
];
};
cloud =
let
hostName = "cloud";
default = ./. + "/host/${hostName}";
in
lib.nixosSystem {
specialArgs = {
inherit admin hostName;
};
system = X86;
modules = [
./nix
default
];
};
komodo =
let
hostName = "komodo";
default = ./. + "/host/${hostName}";
in
lib.nixosSystem {
specialArgs = {
inherit admin hostName;
};
system = X86;
modules = [
./nix
default
inputs.vscode-server.nixosModules.default
(
{ config, pkgs, ... }:
{
services.vscode-server.enable = true;
services.vscode-server.enableFHS = true;
programs.nix-ld = {
enable = true;
package = pkgs.nix-ld-rs;
};
}
)
];
};
nix =
let
hostName = "nix";
default = ./. + "/host/${hostName}";
in
lib.nixosSystem {
specialArgs = {
inherit admin hostName;
};
system = X86;
modules = [
./nix
default
inputs.vscode-server.nixosModules.default
(
{ config, pkgs, ... }:
{
services.vscode-server.enable = true;
}
)
];
};
proxy =
let
hostName = "proxy";
default = ./. + "/host/${hostName}";
in
lib.nixosSystem {
specialArgs = {
inherit admin hostName;
};
system = X86;
modules = [
./nix
default
];
};
rune =
let
hostName = "rune";
default = ./. + "/host/${hostName}";
in
lib.nixosSystem {
specialArgs = {
inherit admin hostName inputs;
};
system = X86;
modules = [
./nix
default
];
};
haze =
let
user = "cesar";
hostName = "haze";
default = ./. + "/host/${hostName}";
in
lib.nixosSystem {
specialArgs = {
inherit admin user hostName;
};
system = X86;
modules = [
./nix
default
];
};
};
homeConfigurations =
let
armPkgs = import nixpkgs {
system = ARM;
config.allowUnfree = true;
};
x86Pkgs = import nixpkgs {
system = X86;
config.allowUnfree = true;
# overlays = [ (import ./nixos/overlays) ];
};
in
{
"${admin}@caenus" =
let
hostName = "caenus";
pkgs = armPkgs;
home = ./. + "/host/${hostName}/home";
in
inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit admin user hostName;
};
modules = [ home ];
};
"${admin}@cloud" =
let
hostName = "cloud";
pkgs = x86Pkgs;
home = ./. + "/host/${hostName}/home";
in
inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit admin user hostName;
};
modules = [ home ];
};
"${admin}@komodo" =
let
hostName = "komodo";
pkgs = x86Pkgs;
home = ./. + "/host/${hostName}/home";
in
inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit admin user hostName;
};
modules = [ home ];
};
"${admin}@nix" =
let
hostName = "nix";
pkgs = x86Pkgs;
home = ./. + "/host/${hostName}/home";
in
inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit admin user hostName;
};
modules = [ home ];
};
"${admin}@proxy" =
let
hostName = "proxy";
pkgs = x86Pkgs;
home = ./. + "/host/${hostName}/home";
in
inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit admin user hostName;
};
modules = [ home ];
};
"${admin}@rune" =
let
hostName = "rune";
pkgs = x86Pkgs;
home = ./. + "/host/${hostName}/home";
zen = inputs.zen-browser.packages."${X86}".beta;
in
inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit
admin
user
hostName
zen
inputs
outputs
isARM
;
system = systemFunc;
# ========== Extend lib with lib.custom ==========
# NOTE: This approach allows lib.custom to propagate into hm
# see: https://github.com/nix-community/home-manager/pull/3454
lib = nixpkgs.lib.extend (self: super: { custom = import ./lib { inherit (nixpkgs) lib; }; });
};
modules = [ home ];
modules = [ ./hosts/nixos/${host} ];
};
"${admin}@haze" =
let
user = "cesar";
hostName = "haze";
pkgs = x86Pkgs;
home = ./. + "/host/${hostName}/home";
zen = inputs.zen-browser.packages."${X86}".beta;
};
# Invoke mkHost for each host config that is declared for either X86 or ARM
mkHostConfigs =
hosts: isARM: lib.foldl (acc: set: acc // set) { } (lib.map (host: mkHost host isARM) hosts);
# Return the hosts declared in the given directory
readHosts = folder: lib.attrNames (builtins.readDir ./hosts/${folder});
in
inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit
admin
user
hostName
zen
;
};
modules = [ home ];
};
{
#
# ========= Overlays =========
#
# Custom modifications/overrides to upstream packages.
overlays = import ./overlays { inherit inputs; };
"cesar@haze" =
#
# ========= Host Configurations =========
#
# Building configurations is available through `just rebuild` or `nixos-rebuild --flake .#hostname`
nixosConfigurations = mkHostConfigs (readHosts "nixos") false;
#
# ========= Packages =========
#
# Add custom packages to be shared or upstreamed.
packages = forAllSystems (
system:
let
hostName = "haze";
pkgs = x86Pkgs;
home = ./. + "/host/${hostName}/home";
zen = inputs.zen-browser.packages."${X86}".beta;
pkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
};
in
inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit
admin
user
hostName
zen
;
};
modules = [ home ];
};
};
lib.packagesFromDirectoryRecursive {
callPackage = lib.callPackageWith pkgs;
directory = ./pkgs/common;
}
);
};
}

14
home/toph/common/core/asdf.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, ... }:
{
programs.fish = {
shellInit = ''
source "${pkgs.asdf-vm}/share/asdf-vm/asdf.fish"
'';
};
home.packages = builtins.attrValues {
inherit (pkgs)
asdf-vm
;
};
}

76
home/toph/common/core/bash.nix Normal file
View file

@ -0,0 +1,76 @@
{
programs.bash = {
enable = true;
enableCompletion = true;
shellAliases = {
ll = "ls -alF";
la = "ls -A";
l = "ls -CF";
# Add an "alert" alias for long running commands. Use like so:
# sleep 10; alert
alert = "notify-send --urgency=low -i \"$([ $? = 0 ] && echo terminal || echo error)\" \"$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')\"";
};
initExtra = ''
# ~/.bashrc: executed by bash(1) for non-login shells.
# If not running interactively, don't do anything
case $- in
*i*) ;;
*) return;;
esac
# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# colored GCC warnings and errors
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
complete -C /usr/bin/terraform terraform
'';
};
}

33
home/toph/common/core/bat.nix Normal file
View file

@ -0,0 +1,33 @@
# https://github.com/sharkdp/bat
# https://github.com/eth-p/bat-extras
{ pkgs, ... }:
{
programs.bat = {
enable = true;
config = {
# Git modifications and file header (but no grid)
style = "changes,header";
# theme = "gruvbox-dark";
};
extraPackages = builtins.attrValues {
inherit (pkgs.bat-extras)
batgrep # search through and highlight files using ripgrep
batdiff # Diff a file against the current git index, or display the diff between to files
batman # read manpages using bat as the formatter
;
};
};
# Avoid [bat error]: The binary caches for the user-customized syntaxes and themes in
# '/home/<user>/.cache/bat' are not compatible with this version of bat (0.25.0).
home.activation.batCacheRebuild = {
after = [ "linkGeneration" ];
before = [ ];
data = ''
${pkgs.bat}/bin/bat cache --build
'';
};
}

109
home/toph/common/core/default.nix Normal file
View file

@ -0,0 +1,109 @@
#FIXME: Move attrs that will only work on linux to nixos.nix
#FIXME: if pulling in homemanager for isMinimal maybe set up conditional for some packages
{
config,
lib,
pkgs,
hostSpec,
...
}:
{
imports = lib.flatten [
(map lib.custom.relativeToRoot [
"modules/common/host-spec.nix"
])
./asdf.nix
./bash.nix
./bat.nix
./direnv.nix
./fastfetch
./fish
./fonts.nix
./git.nix
./ranger.nix
./screen.nix
./ssh.nix
./zoxide.nix
];
inherit hostSpec;
services.ssh-agent.enable = true;
home = {
username = lib.mkDefault config.hostSpec.username;
homeDirectory = lib.mkDefault config.hostSpec.home;
stateVersion = lib.mkDefault "24.05";
sessionPath = [
"$HOME/.local/bin"
];
sessionVariables = {
FLAKE = "$HOME/git/dot.nix";
SHELL = "fish";
EDITOR = "micro";
VISUAL = "micro";
MANPAGER = "batman"; # see ./cli/bat.nix
};
preferXdgDirectories = true; # whether to make programs use XDG directories whenever supported
};
#TODO(xdg): maybe move this to its own xdg.nix?
# xdg packages are pulled in below
xdg = {
enable = true;
userDirs = {
enable = true;
createDirectories = true;
desktop = "${config.home.homeDirectory}/.desktop";
documents = "${config.home.homeDirectory}/doc";
download = "${config.home.homeDirectory}/downloads";
music = "${config.home.homeDirectory}/media/audio";
pictures = "${config.home.homeDirectory}/media/images";
videos = "${config.home.homeDirectory}/media/video";
# publicshare = "/var/empty"; #using this option with null or "/var/empty" barfs so it is set properly in extraConfig below
# templates = "/var/empty"; #using this option with null or "/var/empty" barfs so it is set properly in extraConfig below
extraConfig = {
# publicshare and templates defined as null here instead of as options because
XDG_PUBLICSHARE_DIR = "/var/empty";
XDG_TEMPLATES_DIR = "/var/empty";
};
};
};
home.packages = builtins.attrValues {
inherit (pkgs)
# Packages that don't have custom configs go here
btop # resource monitor
coreutils # basic gnu utils
curl
eza # ls replacement
dust # disk usage
pre-commit # git hooks
p7zip # compression & encryption
unzip # zip extraction
unrar # rar extraction
wget # downloader
xdg-utils # provide cli tools such as `xdg-mime` and `xdg-open`
xdg-user-dirs
zip # zip compression
;
};
nix = {
package = lib.mkDefault pkgs.nix;
settings = {
experimental-features = [
"nix-command"
"flakes"
];
warn-dirty = false;
};
};
programs.home-manager.enable = true;
# Nicely reload system units when changing configs
systemd.user.startServices = "sd-switch";
}

7
home/toph/common/core/direnv.nix Normal file
View file

@ -0,0 +1,7 @@
{
programs.direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true; # better than native direnv nix functionality - https://github.com/nix-community/nix-direnv
};
}

2
common/fastfetch/default.nix → home/toph/common/core/fastfetch/default.nix
View file

@ -7,7 +7,7 @@
{
programs.fastfetch =
let
hostname = config.home.sessionVariables.HOSTNAME;
hostname = config.hostSpec.hostName;
logoFile = ./. + "/host/${hostname}.txt";
in
{

0
common/fastfetch/host/caenus.txt → home/toph/common/core/fastfetch/host/caenus.txt
View file

0
common/fastfetch/host/cloud.txt → home/toph/common/core/fastfetch/host/cloud.txt
View file

0
common/fastfetch/host/images/caenus.png → home/toph/common/core/fastfetch/host/images/caenus.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 8.9 KiB

After

Width:  |  Height:  |  Size: 8.9 KiB

0
common/fastfetch/host/images/cloud.png → home/toph/common/core/fastfetch/host/images/cloud.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 18 KiB

After

Width:  |  Height:  |  Size: 18 KiB

0
common/fastfetch/host/images/komodo.png → home/toph/common/core/fastfetch/host/images/komodo.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 16 KiB

0
common/fastfetch/host/images/nix.png → home/toph/common/core/fastfetch/host/images/nix.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 31 KiB

After

Width:  |  Height:  |  Size: 31 KiB

0
common/fastfetch/host/images/proxy.png → home/toph/common/core/fastfetch/host/images/proxy.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.5 KiB

After

Width:  |  Height:  |  Size: 2.5 KiB

0
common/fastfetch/host/images/rune.png → home/toph/common/core/fastfetch/host/images/rune.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

0
common/fastfetch/host/komodo.txt → home/toph/common/core/fastfetch/host/komodo.txt
View file

0
common/fastfetch/host/nix.txt → home/toph/common/core/fastfetch/host/nix.txt
View file

0
common/fastfetch/host/proxy.txt → home/toph/common/core/fastfetch/host/proxy.txt
View file

0
common/fastfetch/host/rune.txt → home/toph/common/core/fastfetch/host/rune.txt
View file

13
home/toph/common/core/fastfetch/host/vm.txt Normal file
View file

@ -0,0 +1,13 @@
[?25l ▄▄▄ ▄▄▄ ▄▄▄ 
▄▄▄▄ ▄▄▄▄▄▄▄ 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄ 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄░▄ 
▄▄▄▄▄ ▄▄▄▄▄▄ 
▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄░
▄▄▄▄▄▄ ▄▄▄ 
░▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 
▄ ▄▄▄▄▄▄▄▄▄░░▄▄▄▄ 
▄▄▄▄▄▄▄ ▄░▄ 
▄▄▄ ▄▄▄▄ ▄▄▄ 
[?25h

27
home/toph/common/core/fish/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
fishPlugins.grc
fishPlugins.tide
grc
];
programs.fish = {
enable = true;
interactiveShellInit = builtins.readFile ./init.fish;
plugins = [
# Enable a plugin (here grc for colorized command output) from nixpkgs
{
name = "grc";
src = pkgs.fishPlugins.grc.src;
}
{
name = "tide";
src = pkgs.fishPlugins.tide.src;
}
];
shellInit = ''
source "${pkgs.asdf-vm}/share/asdf-vm/asdf.fish"
'';
};
}

0
common/fish/init.fish → home/toph/common/core/fish/init.fish
View file

10
home/toph/common/core/fonts.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
fonts.fontconfig.enable = true;
home.packages = with pkgs; [
noto-fonts
nerd-fonts.fira-code
meslo-lgs-nf
monocraft
];
}

89
home/toph/common/core/git.nix Normal file
View file

@ -0,0 +1,89 @@
# git is core no matter what but additional settings may could be added made in optional/foo eg: development.nix
{
pkgs,
lib,
config,
inputs,
...
}:
{
programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "[REDACTED]";
userEmail = "[REDACTED]";
ignores = [
".csvignore"
# nix
"*.drv"
"result"
# python
"*.py?"
"__pycache__/"
".venv/"
# direnv
".direnv"
];
# Anytime I use auth, I want to use my yubikey. But I don't want to always be having to touch it
# for things that don't need it. So I have to hardcode repos that require auth, and default to ssh for
# actions that require auth.
extraConfig = {
core.pager = "delta";
delta = {
enable = true;
features = [
"side-by-side"
"line-numbers"
"hyperlinks"
"line-numbers"
"commit-decoration"
];
};
url = lib.optionalAttrs (!config.hostSpec.isMinimal) {
# Only force ssh if it's not minimal
"ssh://git@github.com" = {
pushInsteadOf = "https://github.com";
};
"ssh://git@ryot.foo.com" = {
pushInsteadOf = "https://git.ryot.foo";
};
};
# pre-emptively ignore mac crap
core.excludeFiles = builtins.toFile "global-gitignore" ''
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
ehthumbs.db
Thumbs.db
node_modules
'';
core.attributesfile = builtins.toFile "global-gitattributes" ''
Cargo.lock -diff
flake.lock -diff
*.drawio -diff
*.svg -diff
*.json diff=json
*.bin diff=hex difftool=hex
*.dat diff=hex difftool=hex
*aarch64.bin diff=objdump-aarch64 difftool=objdump-aarch64
*arm.bin diff=objdump-arm difftool=objdump-arm
*x64.bin diff=objdump-x86_64 difftool=objdump-x64
*x86.bin diff=objdump-x86 difftool=objdump-x86
'';
extraConfig = {
init = {
defaultBranch = "main";
};
};
};
};
}

26
home/toph/common/core/ranger.nix Normal file
View file

@ -0,0 +1,26 @@
{
programs.ranger = {
enable = true;
plugins = [
{
name = "zoxide";
src = builtins.fetchGit {
url = "https://github.com/jchook/ranger-zoxide.git";
rev = "281828de060299f73fe0b02fcabf4f2f2bd78ab3";
};
}
{
name = "archives";
src = builtins.fetchGit {
url = "https://github.com/maximtrp/ranger-archives.git";
rev = "b4e136b24fdca7670e0c6105fb496e5df356ef25";
};
}
];
settings = {
show_hidden = true;
# preview_images = true;
# preview_images_method = w3m;
};
};
}

9
home/toph/common/core/screen.nix Normal file
View file

@ -0,0 +1,9 @@
{ pkgs, ... }:
{
home.packages = [ pkgs.screen ];
home.file.".screenrc".text = ''
startup_message off
defbce on
setenv TERM xterm-256color
'';
}

26
home/toph/common/core/ssh.nix Normal file
View file

@ -0,0 +1,26 @@
{
config,
inputs,
lib,
...
}:
{
programs.ssh = {
enable = true;
# Avoids infinite hang if control socket connection interrupted. ex: vpn goes down/up
serverAliveCountMax = 3;
serverAliveInterval = 5;
addKeysToAgent = "yes";
extraConfig = ''
IdentityFile ~/.ssh/pve
UpdateHostKeys ask
'';
matchBlocks = {
"git.ryot.foo" = {
identityFile = "~/git/.ssh/git";
};
};
};
}

10
home/toph/common/core/zoxide.nix Normal file
View file

@ -0,0 +1,10 @@
{
programs.zoxide = {
enable = true;
enableBashIntegration = true;
enableFishIntegration = true;
options = [
"--cmd cd" # replace cd with z and zi (via cdi)
];
};
}

9
home/toph/common/optional/browsers/chromium.nix Normal file
View file

@ -0,0 +1,9 @@
{
programs.chromium = {
enable = true;
commandLineArgs = [
"--no-default-browser-check"
"--restore-last-session"
];
};
}

6
home/toph/common/optional/browsers/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./chromium.nix
./zen.nix
];
}

20
home/toph/common/optional/browsers/zen.nix Normal file
View file

@ -0,0 +1,20 @@
{
config,
pkgs,
inputs,
...
}:
{
home.packages = builtins.attrValues {
inherit (inputs.zen-browser.packages."${pkgs.system}")
twilight
;
};
xdg.mimeApps.defaultApplications = {
"text/html" = [ "zen.desktop" ];
"text/xml" = [ "zen.desktop" ];
"x-scheme-handler/http" = [ "zen.desktop" ];
"x-scheme-handler/https" = [ "zen.desktop" ];
};
}

6
home/toph/common/optional/desktops/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./gnome
# ./hyprland
];
}

0
host/rune/modules/gnome/home.nix → home/toph/common/optional/desktops/gnome/default.nix
View file

45
home/toph/common/optional/development/default.nix Normal file
View file

@ -0,0 +1,45 @@
# Development utilities I want across all systems
{
lib,
pkgs,
...
}:
{
imports = lib.custom.scanPaths ./.;
home.packages = lib.flatten [
(builtins.attrValues {
inherit (pkgs)
# Development
direnv
delta # diffing
gh # github cli
logisim-evolution
mcaselector
prettierd
# nix
nixpkgs-review
nixfmt-rfc-style
# networking
nmap
# Diffing
difftastic
# serial debugging
screen
# Standard man pages for linux API
man-pages
man-pages-posix
;
inherit (pkgs.jetbrains)
idea-ultimate
jetbrains-toolbox
;
})
];
}

10
home/toph/common/optional/development/vscode.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
programs.vscode = {
enable = true;
# extensions = with pkgs.vscode-extensions; [
# # bbenoist.Nix
# # brettm12345.nixfmt-vscode
# ];
};
}

0
home/toph/common/optional/foot/default.nix Normal file
View file

44
home/toph/common/optional/gaming/default.nix Normal file
View file

@ -0,0 +1,44 @@
# This module just provides a customized .desktop file with gamescope args dynamically created based on the
# host's monitors configuration
{
pkgs,
config,
lib,
...
}:
let
monitor = lib.head (lib.filter (m: m.primary) config.monitors);
steam-session =
let
gamescope = lib.concatStringsSep " " [
(lib.getExe pkgs.gamescope)
"--output-width ${toString monitor.width}"
"--output-height ${toString monitor.height}"
"--framerate-limit ${toString monitor.refreshRate}"
"--prefer-output ${monitor.name}"
"--adaptive-sync"
"--expose-wayland"
"--steam"
"--hdr-enabled"
];
steam = lib.concatStringsSep " " [
"steam"
#"steam://open/bigpicture"
];
in
pkgs.writeTextDir "share/applications/steam-session.desktop" ''
[Desktop Entry]
Name=Steam Session
Exec=${gamescope} -- ${steam}
Icon=steam
Type=Application
'';
in
{
home.packages = [
steam-session
prismlauncher
];
}

0
common/vscode-server/default.nix → home/toph/common/optional/vscode-server/default.nix
View file

52
home/toph/common/optional/xdg.nix Normal file
View file

@ -0,0 +1,52 @@
{
pkgs,
config,
...
}:
let
# FIXME(xdg): That should use config options and just reference whatever is configured as the default
browser = [ "zen.desktop" ];
editor = [ "code.desktop" ];
# Extensive list of associations here:
# https://github.com/iggut/GamiNiX/blob/8070528de419703e13b4d234ef39f05966a7fafb/system/desktop/home-main.nix#L77
associations = {
"text/*" = editor;
"text/plain" = editor;
# "text/html" = browser;
"application/x-zerosize" = editor; # empty files
"application/x-shellscript" = editor;
"application/x-perl" = editor;
"application/json" = editor;
"application/x-extension-htm" = browser;
"application/x-extension-html" = browser;
"application/x-extension-shtml" = browser;
"application/xhtml+xml" = browser;
"application/x-extension-xhtml" = browser;
"application/x-extension-xht" = browser;
"application/pdf" = browser;
"x-scheme-handler/http" = browser;
"x-scheme-handler/https" = browser;
"image/*" = browser;
};
in
{
# Enables app shorcuts
targets.genericLinux.enable = true;
xdg.mime.enable = true;
xdg.mimeApps.enable = true;
xdg.mimeApps.defaultApplications = associations;
xdg.mimeApps.associations.added = associations;
xdg.systemDirs.data = [ "${config.home.homeDirectory}/.nix-profile/share/applications" ];
home.packages = builtins.attrValues {
inherit (pkgs)
handlr-regex # better xdg-open for desktop apps
;
};
}

69
home/toph/rune/default.nix Normal file
View file

@ -0,0 +1,69 @@
{ pkgs, ... }:
{
imports = [
## Required Configs ##
../common/core # required
## Host-specific Optional Configs ##
../common/optional/browsers
../common/optional/desktops
../common/optional/development
../common/optional/gaming
../common/optional/xdg.nix # file associations
];
## Packages with no needed configs ##
home.packages = builtins.attrValues {
inherit (pkgs)
## Media ##
ffmpeg
spotify
gpu-screen-recorder-gtk
## Social ##
telegram-desktop
vesktop
## Tools ##
bitwarden-desktop
inspector
wezterm
## Productivity ##
gimp
inkscape
## Fonts ##
monocraft
nerd-fonts
;
};
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
autoconnect = [
"qemu:///session"
"qemu:///system"
];
uris = [
"qemu:///session"
"qemu:///system"
];
};
};
xdg.desktopEntries = {
win11 = {
name = "Windows 11";
comment = "Windows 11 VM";
exec = "virt-manager --connect qemu:///system --show-domain-console win11-sys";
icon = "windows95";
type = "Application";
terminal = false;
categories = [
"System"
"Application"
];
};
};
}

25
home/toph/vm/default.nix Normal file
View file

@ -0,0 +1,25 @@
{
pkgs,
...
}:
{
imports = [
## Required Configs ##
../common/core # required
## Host-specific Optional Configs ##
../common/optional/browsers
../common/optional/desktops
../common/optional/xdg.nix # file associations
];
## Packages with no needed configs ##
home.packages = builtins.attrValues {
inherit (pkgs)
## Tools ##
inspector
wezterm
;
};
}

63
host/caenus/default.nix
View file

@ -1,63 +0,0 @@
{
config,
hostName,
lib,
modulesPath,
pkgs,
...
}:
{
## MODULES & IMPORTS ##
## MODULES & IMPORTS ##
imports = [
# Common Modules
# ../../common/acme
../../common/ssh
# Import hardware configuration.
./hardware.nix
# Local Modules
./modules/frp
# ./modules/nginx
];
## BOOTLOADER ##
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
## NETWORKING ##
networking.firewall = {
allowedTCPPorts = [
22
80
443
4040
25565
];
allowedUDPPorts = [ 4040 ];
};
## SSH Override ##
services.openssh = {
settings = {
PermitRootLogin = lib.mkForce "yes";
};
};
## ENVIORMENT & PACKAGES ##
environment.systemPackages = with pkgs; [
git
micro
openssh
ranger
sshfs
wget
];
environment.variables = {
HOSTNAME = hostName;
};
}

26
host/caenus/home/default.nix
View file

@ -1,26 +0,0 @@
{ pkgs, ... }:
{
# Module imports
imports = [
# Common Modules
../../../common/home
../../../common/git
];
home.packages = with pkgs; [
fastfetch
fish
fishPlugins.grc
fishPlugins.tide
grc
];
home.file = {
git.dotfiles.source = builtins.fetchGit {
url = "git@github.com:TophC7/dotfiles.git";
ref = "hosts";
rev = "4c2f9faf24e2e90fb7b0b4bce7560da39cbb814a";
};
};
}

13
host/caenus/modules/frp/default.nix
View file

@ -1,13 +0,0 @@
{
services.frp = {
enable = true;
role = "server";
settings = {
bindPort = 4040;
auth = {
method = "token";
token = builtins.readFile ./frp.token;
};
};
};
}

1
host/caenus/modules/frp/frp.token
View file

@ -1 +0,0 @@
$2b$05$3hq3mA559Yxy679kKbzou..ao9d7annFWAo4MRo0tO04bYJsteWTu

1
host/caenus/modules/frp/frp.token.example
View file

@ -1 +0,0 @@
<SHA token>

36
host/caenus/modules/nginx/default.nix
View file

@ -1,36 +0,0 @@
{
users.users.nginx.extraGroups = [ "acme" ];
# Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"ryot.foo" = {
http2 = true;
forceSSL = true;
useACMEHost = "ryot.foo";
locations."/".proxyPass = "http://0.0.0.0:8080";
};
"*.ryot.foo" = {
http2 = true;
forceSSL = true;
useACMEHost = "ryot.foo";
locations."/" = {
proxyPass = "http://0.0.0.0:8080";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
proxy_pass_header Authorization;
'';
};
};
};
};
}

66
host/cloud/default.nix
View file

@ -1,66 +0,0 @@
{
modulesPath,
config,
pkgs,
hostName,
admin,
...
}:
{
## MODULES & IMPORTS ##
imports = [
# Common Modules
../../common/acme
../../common/lxc
../../common/ssh
# Import hardware configuration.
./hardware.nix
# Local Modules
# cron
./modules/cron
# Filerun
./modules/filerun
# Logrotate
./modules/logrotate
# Caddy
./modules/caddy
# Snapraid-runner
./modules/snapraid
];
## NETWORKING ##
networking.firewall = {
allowedTCPPorts = [
22
80
443
8181
];
allowedUDPPorts = [ ];
};
## USERS ##
users.users.${admin}.extraGroups = [ "docker" ];
## ENVIORMENT & PACKAGES ##
nixpkgs.overlays = [ (import ../../nix/overlays) ];
environment.systemPackages = with pkgs; [
arion
git
mergerfs
micro
openssh
ranger
sshfs
snapraid
snapraid-runner
wget
];
environment.variables = {
HOSTNAME = hostName;
};
}

37
host/cloud/hardware.nix
View file

@ -1,37 +0,0 @@
{
admin,
...
}:
{
# for sshfs
programs.fuse.userAllowOther = true;
# TODO: use tempfls to set the acls in nix config
fileSystems = {
"/pool" = {
fsType = "fuse.mergerfs";
device = "/mnt/data*";
options = [
"cache.files=auto-full"
"defaults"
"allow_other"
"minfreespace=50G"
"fsname=mergerfs"
"category.create=mfs"
"nonempty"
"uid=1000"
"gid=1004" # Ryot group
"posix_acl=true"
];
};
"/home/${admin}/git" = {
fsType = "none";
device = "/pool/git";
options = [
"bind"
"nofail"
];
};
};
}

17
host/cloud/home/default.nix
View file

@ -1,17 +0,0 @@
{ pkgs, ... }:
{
# Module imports
imports = [
# Common Modules
../../../common/home
];
home.packages = with pkgs; [
fastfetch
fish
fishPlugins.grc
fishPlugins.tide
grc
lazydocker
];
}

19
host/cloud/modules/caddy/default.nix
View file

@ -1,19 +0,0 @@
{
services.caddy = {
enable = true;
virtualHosts = {
"drive.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://localhost:8181 {
header_up Host {host}
# header_up X-Forwarded-For {remote}
# header_up X-Forwarded-Proto {scheme}
# header_up X-Forwarded-Protocol {scheme}
# header_up X-Forwarded-Port {server_port}
}
'';
};
};
};
}

13
host/cloud/modules/cron/default.nix
View file

@ -1,13 +0,0 @@
{
services.cron = {
enable = true;
systemCronJobs = [
# Runs snapraid-runner every day at 3am
"0 3 * * * root snapraid-runner"
# Runs a backup of the Docker storage directory every Monday at 4am
"0 4 * * 0 root tar -Pzcf /pool/Backups/DockerStorage/DockerStorage.tar.gz -C /mnt/drive1/DockerStorage ."
# Runs a backup of the forgejo directory every 2 days at 4am
"0 4 */2 * * root tar -Pzcf /pool/Backups/forgejo/forgejo.tar.gz -C /pool/forgejo ."
];
};
}

4
host/cloud/modules/filerun/.env
View file

@ -1,4 +0,0 @@
DB_NAME=filerun
DB_USER=admin
DB_PASS=m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY
DB_ROOT_PASS=pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm

41
host/cloud/modules/filerun/arion-compose.nix
View file

@ -1,41 +0,0 @@
{
services = {
db.service = {
image = "mariadb:10.11";
user = "1000:1004";
environment = {
MYSQL_ROOT_PASSWORD = "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm";
MYSQL_USER = "admin";
MYSQL_PASSWORD = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY";
MYSQL_DATABASE = "filerun";
};
volumes = [
"/pool/filerun/db:/var/lib/mysql"
];
};
web.service = {
image = "filerun/filerun:8.1";
user = "root";
tty = true;
environment = {
FR_DB_HOST = "db";
FR_DB_PORT = "3306";
FR_DB_NAME = "filerun";
FR_DB_USER = "admin";
FR_DB_PASS = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY";
APACHE_RUN_USER = "toph";
APACHE_RUN_USER_ID = "1000";
APACHE_RUN_GROUP = "ryot";
APACHE_RUN_GROUP_ID = "1004";
};
depends_on = [ "db" ];
ports = [ "8181:80" ];
volumes = [
"/pool/filerun/html:/var/www/html"
"/pool/filerun/user-files:/user-files"
"/pool/:/pool"
];
};
};
}

58
host/cloud/modules/filerun/arion-compose.yml
View file

@ -1,58 +0,0 @@
{
"networks": { "default": { "name": "filerun" } },
"services":
{
"db":
{
"environment":
{
"MYSQL_DATABASE": "filerun",
"MYSQL_PASSWORD": "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY",
"MYSQL_ROOT_PASSWORD": "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm",
"MYSQL_USER": "admin",
},
"image": "mariadb:10.11",
"sysctls": {},
"user": "1000:1004",
"volumes": ["/pool/filerun/db:/var/lib/mysql"],
},
"web":
{
"depends_on": ["db"],
"environment":
{
"APACHE_RUN_GROUP": "ryot",
"APACHE_RUN_GROUP_ID": "1004",
"APACHE_RUN_USER": "toph",
"APACHE_RUN_USER_ID": "1000",
"FR_DB_HOST": "db",
"FR_DB_NAME": "filerun",
"FR_DB_PASS": "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY",
"FR_DB_PORT": "3306",
"FR_DB_USER": "admin",
},
"image": "filerun/filerun:8.1",
"ports": ["8181:80"],
"sysctls": {},
"tty": true,
"user": "root",
"volumes":
[
"/pool/filerun/html:/var/www/html",
"/pool/filerun/user-files:/user-files",
],
},
},
"version": "3.4",
"volumes": {},
"x-arion":
{
"images": [],
"project": { "name": "filerun" },
"serviceInfo":
{
"db": { "defaultExec": ["/bin/sh"] },
"web": { "defaultExec": ["/bin/sh"] },
},
},
}

37
host/cloud/modules/filerun/compose.yml
View file

@ -1,37 +0,0 @@
name: filerun
services:
db:
image: mariadb:10.5
user: 1001:1004
environment:
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
MYSQL_USER: ${DB_USER}
MYSQL_PASSWORD: ${DB_PASS}
MYSQL_DATABASE: ${DB_NAME}
restart: unless-stopped
volumes:
- /pool/filerun/db:/var/lib/mysql
web:
image: filerun/filerun:8.1
user: root
environment:
FR_DB_HOST: db
FR_DB_PORT: 3306
FR_DB_NAME: ${DB_NAME}
FR_DB_USER: ${DB_USER}
FR_DB_PASS: ${DB_PASS}
APACHE_RUN_USER: toph
APACHE_RUN_USER_ID: 1001
APACHE_RUN_GROUP: toph
APACHE_RUN_GROUP_ID: 1004
depends_on:
- db
links:
- db:db
ports:
- "8181:80"
restart: unless-stopped
volumes:
- /pool/filerun/html:/var/www/html
- /pool/filerun/user-files:/user-files

29
host/cloud/modules/filerun/default.nix
View file

@ -1,29 +0,0 @@
{
imports =
let
commit = "9f01fb79f61f53fe31d5ef831e420ab9ad252b99";
in
[
"${
builtins.fetchTarball {
name = "arion-v0.2.2.0";
url = "https://github.com/hercules-ci/arion/archive/${commit}.tar.gz";
# obtained via nix-prefetch-url --unpack <url>
sha256 = "1y2wi9kjb1agrvzaj6417lap4qg969hdfz3cmw3v3sz1q5mqcaw5";
}
}/nixos-module.nix"
];
virtualisation.docker.enable = true;
virtualisation.arion = {
backend = "docker"; # or "docker"
projects.filerun = {
# serviceName = "filerun";
settings = {
# Specify you project here, or import it from a file.
imports = [ ./arion-compose.nix ];
};
};
};
}

126
host/cloud/modules/filerun/oci.nix
View file

@ -1,126 +0,0 @@
# Auto-generated using compose2nix v0.3.1.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
# Containers
virtualisation.oci-containers.containers."filerun-db" = {
image = "mariadb:10.5";
environment = {
"MYSQL_DATABASE" = "filerun";
"MYSQL_PASSWORD" = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY";
"MYSQL_ROOT_PASSWORD" = "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm";
"MYSQL_USER" = "admin";
};
volumes = [
"/pool/filerun/db:/var/lib/mysql:rw"
];
user = "root";
log-driver = "journald";
extraOptions = [
"--network-alias=db"
"--network=filerun_default"
];
};
systemd.services."docker-filerun-db" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-filerun_default.service"
];
requires = [
"docker-network-filerun_default.service"
];
partOf = [
"docker-compose-filerun-root.target"
];
wantedBy = [
"docker-compose-filerun-root.target"
];
};
virtualisation.oci-containers.containers."filerun-web" = {
image = "filerun/filerun:8.1";
environment = {
"APACHE_RUN_GROUP" = "toph";
"APACHE_RUN_GROUP_ID" = "100";
"APACHE_RUN_USER" = "toph";
"APACHE_RUN_USER_ID" = "1000";
"FR_DB_HOST" = "db";
"FR_DB_NAME" = "filerun";
"FR_DB_PASS" = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY";
"FR_DB_PORT" = "3306";
"FR_DB_USER" = "admin";
};
volumes = [
"/pool/filerun/html:/var/www/html:rw"
"/pool/filerun/user-files:/user-files:rw"
];
ports = [
"8181:80/tcp"
];
dependsOn = [
"filerun-db"
];
user = "root";
log-driver = "journald";
extraOptions = [
"--network-alias=web"
"--network=filerun_default"
];
};
systemd.services."docker-filerun-web" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-filerun_default.service"
];
requires = [
"docker-network-filerun_default.service"
];
partOf = [
"docker-compose-filerun-root.target"
];
wantedBy = [
"docker-compose-filerun-root.target"
];
};
# Networks
systemd.services."docker-network-filerun_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f filerun_default";
};
script = ''
docker network inspect filerun_default || docker network create filerun_default
'';
partOf = [ "docker-compose-filerun-root.target" ];
wantedBy = [ "docker-compose-filerun-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-filerun-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

6
host/cloud/modules/logrotate/default.nix
View file

@ -1,6 +0,0 @@
{
services.logrotate = {
enable = true;
configFile = ./logrotate.conf;
};
}

18
host/cloud/modules/logrotate/logrotate.conf
View file

@ -1,18 +0,0 @@
dateext
missingok
notifempty
rotate 4
"/pool/Backups/DockerStorage/DockerStorage.tar.gz" {
weekly
rotate 8
nocompress
su root root
}
"/pool/Backups/forgejo/forgejo.tar.gz" {
daily
rotate 20
nocompress
su root root
}

37
host/cloud/modules/snapraid/default.nix
View file

@ -1,37 +0,0 @@
{ pkgs, ... }:
{
environment.etc."snapraid.conf".text = builtins.readFile ./snapraid.conf;
environment.etc."snapraid-runner.conf".text = ''
[snapraid]
executable = ${pkgs.snapraid}/bin/snapraid
config = /etc/snapraid.conf
deletethreshold = 40
touch = false
[logging]
file = /var/log/snapraid-runner.log
maxsize = 5000
[email]
sendon =
short = true
subject = [SnapRAID] Status Report:
from = cloud@ryot.foo
to = [REDACTED]
maxsize = 500
[smtp]
host = ryot.foo
port =
ssl = true
tls = true
user = admin
password = [REDACTED]
[scrub]
enabled = true
plan = 12
older-than = 10
'';
}

21
host/cloud/modules/snapraid/snapraid.conf
View file

@ -1,21 +0,0 @@
## /etc/snapraid.conf ##
# Defines the file to use as parity storage
parity /mnt/parity/snapraid.parity
# Defines the files to use as content list
content /var/snapraid.content
content /mnt/drive1/snapraid.content
content /mnt/drive2/snapraid.content
content /mnt/drive3/snapraid.content
content /mnt/parity/snapraid.content
# Defines the data disks to use
data d1 /mnt/drive1/
data d2 /mnt/drive2/
data d3 /mnt/drive3/
# Defines files and directories to exclude
exclude *.unrecoverable
exclude /tmp/
exclude /lost+found/

81
host/haze/default.nix
View file

@ -1,81 +0,0 @@
{
modulesPath,
config,
pkgs,
hostName,
user,
...
}:
{
## MODULES & IMPORTS ##
imports = [
# Common Modules
../../common/ssh
# Import hardware configuration.
./hardware.nix
# Modules
./modules/steam
./modules/gnome
];
## USERS ##
users.mutableUsers = false;
users.users."${user}" = {
isNormalUser = true;
createHome = true;
description = "${user}";
homeMode = "750";
home = "/home/${user}";
password = "198913";
extraGroups = [
"networkmanager"
"wheel"
"i2c"
];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
];
};
## NETWORKING ##
networking.networkmanager.enable = true;
## ENVIORMENT & PACKAGES ##
environment.systemPackages = with pkgs; [
ddcutil
git
micro
nixfmt-rfc-style
openssh
ranger
sshfs
wezterm
wget
];
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
programs.java = {
enable = true;
package = pkgs.jdk;
};
environment.variables = {
HOSTNAME = hostName;
GTK_THEME = "Gruvbox-Dark";
};
}

80
host/haze/hardware.nix
View file

@ -1,80 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
admin,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# Bootloader
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernelModules = [
"kvm-amd"
"i2c-dev"
];
# for ddcutil to work
hardware.i2c.enable = true;
services.udev.extraRules = ''
KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
'';
programs.fuse.userAllowOther = true;
fileSystems = {
# "/" = {
# device = "/dev/disk/by-uuid/28a9ac4d-1e87-4731-9c06-916711d83cb2";
# fsType = "ext4";
# };
# "/boot" = {
# device = "/dev/disk/by-uuid/B182-E50E";
# fsType = "vfat";
# options = [
# "fmask=0077"
# "dmask=0077"
# ];
# };
"/pool" = {
device = "${admin}@104.40.4.24:/pool";
fsType = "sshfs";
options = [
"defaults"
"reconnect"
"_netdev"
"allow_other"
"identityfile=/home/${admin}/.ssh/pve"
];
};
"/home/${admin}/git" = {
fsType = "none";
device = "/pool/git";
options = [
"bind"
"nofail"
];
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/81b6fa27-af94-41d4-9070-8754087a4c26"; } ];
networking.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

43
host/haze/home/default.nix
View file

@ -1,43 +0,0 @@
{
pkgs,
zen,
config,
...
}:
{
# Module imports
imports = [
# Common Modules
../../../common/home
# ../../../common/git
../../../common/vscode
# Modules
../modules/gnome/home.nix
];
# Enables app shorcuts
targets.genericLinux.enable = true;
xdg.mime.enable = true;
xdg.systemDirs.data = [ "${config.home.homeDirectory}/.nix-profile/share/applications" ];
home.packages = with pkgs; [
chafa
fastfetch
fish
fishPlugins.grc
fishPlugins.tide
grc
inspector
monocraft
nerd-fonts.fira-code
nodejs_22
pnpm
prettierd
prismlauncher
spotify
telegram-desktop
vesktop
zen
];
}

56
host/haze/modules/gnome/default.nix
View file

@ -1,56 +0,0 @@
{ pkgs, ... }:
{
# Enable the X11 windowing system.
services.xserver = {
enable = true;
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
# Configure keymap in X11
xkb = {
layout = "us";
variant = "";
};
};
services.udev.packages = with pkgs; [ gnome-settings-daemon ];
environment.systemPackages = with pkgs; [
gnome-tweaks
gnomeExtensions.appindicator
gnomeExtensions.blur-my-shell
gnomeExtensions.clipboard-indicator
gnomeExtensions.dash-to-panel
gnomeExtensions.tiling-shell
gnomeExtensions.vitals
];
environment.gnome.excludePackages = (
with pkgs;
[
atomix # puzzle game
epiphany # web browser
evince # document viewer
gedit # text editor
gnome-maps
gnome-music
gnome-photos
gnome-tour
gnomeExtensions.applications-menu
gnomeExtensions.launch-new-instance
gnomeExtensions.light-style
gnomeExtensions.places-status-indicator
gnomeExtensions.status-icons
gnomeExtensions.system-monitor
gnomeExtensions.window-list
gnomeExtensions.windownavigator
gnomeExtensions.control-monitor-brightness-and-volume-with-ddcutil
hitori # sudoku game
iagno # go game
tali # poker game
yelp
]
);
}

147
host/haze/modules/gnome/home.nix
View file

@ -1,147 +0,0 @@
{
pkgs,
config,
lib,
...
}:
{
home.packages = with pkgs; [
gruvbox-gtk-theme
papirus-icon-theme
numix-cursor-theme
];
gtk = {
enable = true;
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
};
theme = {
name = "Gruvbox-Dark";
package = pkgs.gruvbox-gtk-theme;
};
cursorTheme = {
name = "Numix-Cursor";
package = pkgs.numix-cursor-theme;
};
gtk3.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
gtk4.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
};
dconf = {
enable = true;
settings = {
"org/gnome/shell" = {
favorite-apps = [
"org.gnome.Nautilus.desktop"
"org.wezfurlong.wezterm.desktop"
"zen.desktop"
"spotify.desktop"
"vesktop.desktop"
"org.telegram.desktop.desktop"
"code.desktop"
"Marvel Rivals.desktop"
"steam.desktop"
];
disable-user-extensions = false;
enabled-extensions = with pkgs.gnomeExtensions; [
appindicator.extensionUuid
blur-my-shell.extensionUuid
clipboard-indicator.extensionUuid
dash-to-panel.extensionUuid
native-window-placement.extensionUuid
screenshot-window-sizer.extensionUuid
tiling-shell.extensionUuid
user-themes.extensionUuid
vitals.extensionUuid
control-monitor-brightness-and-volume-with-ddcutil.extensionUuid
];
};
## Fix some annoying keybindings
"org/gnome/desktop/wm/keybindings" = {
close = [ "<Super>q" ];
switch-to-workspace-up = [ "" ];
switch-to-workspace-down = [ "" ];
shift-overview-up = [ "" ];
shift-overview-down = [ "" ];
toggle-application-view = [ "" ];
toggle-message-tray = [ "<Super>a" ];
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings" = {
custom0 = "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
name = "Terminal";
command = "wezterm";
binding = "<Super>t";
};
"org/gnome/desktop/peripherals/mouse" = {
speed = 0.0;
natural-scroll = false;
accel-profile = "flat";
};
"org/gnome/desktop/input-sources/xkb-options" = {
xkb-options = [
"compose:menu"
"lv3:ralt_switch"
"terminate:ctrl_alt_bksp"
];
};
"org/gnome/shell/extensions/clipboard-indicator" = {
toggle-menu = [ "<Super>v" ];
cache-size = 120;
history-size = 40;
pinned-on-bottom = true;
};
"org/gnome/shell/extensions/blur-my-shell/panel" = {
static-blur = false;
sigma = 50;
};
"org/gnome/shell/extensions/dash-to-panel" = {
appicon-margin = 6;
appicon-padding = 8;
dot-position = "TOP";
dot-style-focused = "DASHES";
dot-style-unfocused = "DASHES";
multi-monitors = false;
panel-positions = builtins.toJSON {
"0" = "TOP";
"1" = "TOP";
};
scroll-icon-action = "CYCLE_WINDOWS";
scroll-panel-action = "SWITCH_WORKSPACE";
trans-panel-opacity = "0.40";
trans-use-custom-opacity = true;
tray-padding = 8;
};
"org/gnome/shell/extensions/user-theme" = {
name = "Gruvbox-Dark";
};
};
};
}

8
host/haze/modules/steam/default.nix
View file

@ -1,8 +0,0 @@
{
programs.steam = {
enable = true;
# remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
# dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
# localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
}

76
host/komodo/default.nix
View file

@ -1,76 +0,0 @@
{
modulesPath,
config,
pkgs,
hostName,
...
}:
{
## MODULES & IMPORTS ##
imports = [
# Common Modules
../../common/acme
../../common/lxc
../../common/ssh
# ../../common/vscode-server
# Import hardware configuration.
./hardware.nix
# Local Modules
./modules/caddy
./modules/frp
# ./modules/forgejo
./modules/komodo
];
## NETWORKING ##
networking.firewall = {
allowedTCPPorts = [
[REDACTED]
[REDACTED]
[REDACTED]
222 # Forgejo SSH
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
8080 # File Browser
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
];
# Game Server Ports
allowedTCPPortRanges = [
{
[REDACTED]
[REDACTED]
}
];
allowedUDPPorts = [
8089 # Grafana
];
};
## ENVIORMENT & PACKAGES ##
environment.systemPackages = with pkgs; [
compose2nix
git
micro
openssh
ranger
sshfs
wget
];
environment.variables = {
HOSTNAME = hostName;
};
## PROGRAMS & SERVICES ##
}

30
host/komodo/hardware.nix
View file

@ -1,30 +0,0 @@
{
admin,
...
}:
{
programs.fuse.userAllowOther = true;
fileSystems = {
"/pool" = {
device = "${admin}@104.40.4.24:/pool";
fsType = "sshfs";
options = [
"defaults"
"reconnect"
"_netdev"
"allow_other"
"identityfile=/home/${admin}/.ssh/pve"
];
};
"/home/${admin}/git" = {
fsType = "none";
device = "/pool/git";
options = [
"bind"
"nofail"
];
};
};
}

22
host/komodo/home/default.nix
View file

@ -1,22 +0,0 @@
{ pkgs, config, ... }:
{
# Module imports
imports = [
# Common Modules
../../../common/home
];
home.file = {
Pool.source = config.lib.file.mkOutOfStoreSymlink "/pool";
DockerStorage.source = config.lib.file.mkOutOfStoreSymlink "/mnt/DockerStorage";
};
home.packages = with pkgs; [
fastfetch
fish
fishPlugins.grc
fishPlugins.tide
grc
lazydocker
];
}

103
host/komodo/modules/caddy/default.nix
View file

@ -1,103 +0,0 @@
{
services.caddy = {
enable = true;
virtualHosts = {
# "ryot.foo" = {
# useACMEHost = "ryot.foo";
# extraConfig = ''
# reverse_proxy 104.40.4.44:80
# '';
# };
"auth.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9000 {
header_up Host {host}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
"frp.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:4041
'';
};
"grafana.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3001
'';
};
"git.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3003
'';
};
"influx.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8086
'';
};
"home.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:7475
'';
};
"komodo.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9120
'';
};
"mail.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9002
'';
};
"map.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:25566
'';
};
"outline.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3480
'';
};
"plane.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3000
'';
};
"upsnap.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8090
'';
};
};
};
}

13
host/komodo/modules/frp/default.nix
View file

@ -1,13 +0,0 @@
{
# services.frp = {
# enable = true;
# role = "server";
# settings = {
# bindPort = 4040;
# auth = {
# method = "token";
# token = builtins.readFile ./frp.token;
# };
# };
# };
}

1
host/komodo/modules/frp/frp.token
View file

@ -1 +0,0 @@
$2b$05$3hq3mA559Yxy679kKbzou..ao9d7annFWAo4MRo0tO04bYJsteWTu

1
host/komodo/modules/frp/frp.token.example
View file

@ -1 +0,0 @@
<SHA token>

102
host/komodo/modules/komodo/compose.yaml
View file

@ -1,102 +0,0 @@
################################
# 🦎 KOMODO COMPOSE - MONGO 🦎 #
################################
## This compose file will deploy:
## 1. MongoDB
## 2. Komodo Core
## 3. Komodo Periphery
name: komodo
services:
mongo:
image: mongo
labels:
komodo.skip: # Prevent Komodo from stopping with StopAllContainers
command: --quiet --wiredTigerCacheSizeGB 0.25
restart: unless-stopped
logging:
driver: ${COMPOSE_LOGGING_DRIVER:-local}
networks:
- default
# ports:
# - 27017:27017
volumes:
- mongo-data:/data/db
- mongo-config:/data/configdb
environment:
MONGO_INITDB_ROOT_USERNAME: ${DB_USERNAME}
MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD}
core:
image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
labels:
komodo.skip: # Prevent Komodo from stopping with StopAllContainers
restart: unless-stopped
depends_on:
- mongo
logging:
driver: ${COMPOSE_LOGGING_DRIVER:-local}
networks:
- default
ports:
- 9120:9120
env_file: ./komodo.env
environment:
KOMODO_DATABASE_ADDRESS: mongo:27017
KOMODO_DATABASE_USERNAME: ${DB_USERNAME}
KOMODO_DATABASE_PASSWORD: ${DB_PASSWORD}
volumes:
## Core cache for repos for latest commit hash / contents
- repo-cache:/repo-cache
## Store sync files on server
# - /path/to/syncs:/syncs
## Optionally mount a custom core.config.toml
# - /path/to/core.config.toml:/config/config.toml
## Allows for systemd Periphery connection at
## "http://host.docker.internal:8120"
# extra_hosts:
# - host.docker.internal:host-gateway
## Deploy Periphery container using this block,
## or deploy the Periphery binary with systemd using
## https://github.com/mbecker20/komodo/tree/main/scripts
periphery:
image: ghcr.io/mbecker20/periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
labels:
komodo.skip: # Prevent Komodo from stopping with StopAllContainers
restart: unless-stopped
logging:
driver: ${COMPOSE_LOGGING_DRIVER:-local}
networks:
- default
env_file: ./komodo.env
volumes:
## Mount external docker socket
- /var/run/docker.sock:/var/run/docker.sock
## Allow Periphery to see processes outside of container
- /proc:/proc
## use self signed certs in docker volume,
## or mount your own signed certs.
- ssl-certs:/etc/komodo/ssl
## manage repos in a docker volume,
## or change it to an accessible host directory.
- repos:/etc/komodo/repos
## manage stack files in a docker volume,
## or change it to an accessible host directory.
- stacks:/etc/komodo/stacks
## Optionally mount a path to store compose files
# - /path/to/compose:/host/compose
volumes:
# Mongo
mongo-data:
mongo-config:
# Core
repo-cache:
# Periphery
ssl-certs:
repos:
stacks:
networks:
default: {}

332
host/komodo/modules/komodo/default.nix
View file

@ -1,332 +0,0 @@
# Auto-generated using compose2nix v0.3.1.
{
pkgs,
lib,
admin,
...
}:
{
# Runtime
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
# Containers
virtualisation.oci-containers.containers."komodo-core" = {
image = "ghcr.io/mbecker20/komodo:latest";
environment = {
"COMPOSE_KOMODO_IMAGE_TAG" = "latest";
"DB_PASSWORD" = "[REDACTED]";
"DB_USERNAME" = "admin";
"KOMODO_DATABASE_ADDRESS" = "mongo:27017";
"KOMODO_DATABASE_PASSWORD" = "[REDACTED]";
"KOMODO_DATABASE_USERNAME" = "admin";
"KOMODO_DISABLE_CONFIRM_DIALOG" = "true";
"KOMODO_DISABLE_NON_ADMIN_CREATE" = "false";
"KOMODO_DISABLE_USER_REGISTRATION" = "false";
"KOMODO_ENABLE_NEW_USERS" = "false";
"KOMODO_FIRST_SERVER" = "https://periphery:8120";
"KOMODO_GITHUB_OAUTH_ENABLED" = "false";
"KOMODO_GOOGLE_OAUTH_ENABLED" = "false";
"KOMODO_JWT_SECRET" = "x5jVLA6ClfJKaOVymKtLUbFJbWnA2mGS5AbKL5FoJmB9fdZ30BzMAzXXcfLbFdxT";
"KOMODO_JWT_TTL" = "1-day";
"KOMODO_LOCAL_AUTH" = "true";
"KOMODO_MONITORING_INTERVAL" = "15-sec";
"KOMODO_PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
"KOMODO_RESOURCE_POLL_INTERVAL" = "5-min";
"KOMODO_TITLE" = "Komodo";
"KOMODO_TRANSPARENT_MODE" = "false";
"KOMODO_WEBHOOK_SECRET" = "ZUjiO97F9z3gliI8nIfmxzhbtP1TZ9FJUGr870sGxIhtxXMshRwHfhELScXMnQxK";
"PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
"PERIPHERY_INCLUDE_DISK_MOUNTS" = "/etc/hostname";
"PERIPHERY_PASSKEYS" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
"PERIPHERY_SSL_ENABLED" = "true";
"KOMODO_OIDC_ENABLED" = "true";
"KOMODO_OIDC_PROVIDER" = "https://auth.ryot.foo/application/o/komodo-slug/";
"KOMODO_OIDC_CLIENT_ID" = "pxwhNNc31cpTRvMlVU6ZPhWl9wQJMGnbq9fTbCN2";
"KOMODO_OIDC_CLIENT_SECRET" =
"l8lFe5P8YN9FSji0zPVL8byqb5tKx8AcN2acQri0nFhDwf2jRtqNL8ICqjKmpJyMMJnitaUVTgOO442pWbsi6cMkqEXAf8Cx7sEomhThXiZfj7SShkrKGbQrCva4khP2";
"KOMODO_OIDC_USE_FULL_EMAIL" = "false";
};
environmentFiles = [
"/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env"
];
volumes = [
"/mnt/DockerStorage/komodo/cache:/repo-cache:rw"
];
ports = [
"9120:9120/tcp"
];
labels = {
"komodo.skip" = "";
};
dependsOn = [
"komodo-mongo"
];
log-driver = "local";
extraOptions = [
"--network-alias=core"
"--network=komodo_default"
];
};
systemd.services."docker-komodo-core" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-komodo_default.service"
# "docker-volume-komodo_repo-cache.service"
];
requires = [
"docker-network-komodo_default.service"
# "docker-volume-komodo_repo-cache.service"
];
partOf = [
"docker-compose-komodo-root.target"
];
wantedBy = [
"docker-compose-komodo-root.target"
];
};
virtualisation.oci-containers.containers."komodo-mongo" = {
image = "mongo";
environment = {
"MONGO_INITDB_ROOT_PASSWORD" = "[REDACTED]";
"MONGO_INITDB_ROOT_USERNAME" = "admin";
};
environmentFiles = [
"/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env"
];
volumes = [
"/mnt/DockerStorage/komodo/mongo/config:/data/configdb:rw"
"/mnt/DockerStorage/komodo/mongo/data:/data/db:rw"
];
cmd = [
"--quiet"
"--wiredTigerCacheSizeGB"
"0.25"
];
labels = {
"komodo.skip" = "";
};
log-driver = "local";
extraOptions = [
"--network-alias=mongo"
"--network=komodo_default"
];
};
systemd.services."docker-komodo-mongo" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-komodo_default.service"
# "docker-volume-komodo_mongo-config.service"
# "docker-volume-komodo_mongo-data.service"
];
requires = [
"docker-network-komodo_default.service"
# "docker-volume-komodo_mongo-config.service"
# "docker-volume-komodo_mongo-data.service"
];
partOf = [
"docker-compose-komodo-root.target"
];
wantedBy = [
"docker-compose-komodo-root.target"
];
};
virtualisation.oci-containers.containers."komodo-periphery" = {
image = "ghcr.io/mbecker20/periphery:latest";
environment = {
"COMPOSE_KOMODO_IMAGE_TAG" = "latest";
"DB_PASSWORD" = "[REDACTED]";
"DB_USERNAME" = "admin";
"KOMODO_DISABLE_CONFIRM_DIALOG" = "true";
"KOMODO_DISABLE_NON_ADMIN_CREATE" = "false";
"KOMODO_DISABLE_USER_REGISTRATION" = "false";
"KOMODO_ENABLE_NEW_USERS" = "false";
"KOMODO_FIRST_SERVER" = "https://periphery:8120";
"KOMODO_GITHUB_OAUTH_ENABLED" = "false";
"KOMODO_GOOGLE_OAUTH_ENABLED" = "false";
"KOMODO_JWT_SECRET" = "x5jVLA6ClfJKaOVymKtLUbFJbWnA2mGS5AbKL5FoJmB9fdZ30BzMAzXXcfLbFdxT";
"KOMODO_JWT_TTL" = "1-day";
"KOMODO_LOCAL_AUTH" = "true";
"KOMODO_MONITORING_INTERVAL" = "15-sec";
"KOMODO_PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
"KOMODO_RESOURCE_POLL_INTERVAL" = "5-min";
"KOMODO_TITLE" = "Komodo";
"KOMODO_TRANSPARENT_MODE" = "false";
"KOMODO_WEBHOOK_SECRET" = "ZUjiO97F9z3gliI8nIfmxzhbtP1TZ9FJUGr870sGxIhtxXMshRwHfhELScXMnQxK";
"PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
"PERIPHERY_INCLUDE_DISK_MOUNTS" = "/etc/hostname";
"PERIPHERY_PASSKEYS" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
"PERIPHERY_SSL_ENABLED" = "true";
# FIXES relative paths for komodo
"PERIPHERY_STACK_DIR" = "/mnt/DockerStorage/komodo/stacks";
"KOMODO_OIDC_ENABLED" = "true";
"KOMODO_OIDC_PROVIDER" = "https://auth.ryot.foo/application/o/komodo-slug/";
"KOMODO_OIDC_CLIENT_ID" = "pxwhNNc31cpTRvMlVU6ZPhWl9wQJMGnbq9fTbCN2";
"KOMODO_OIDC_CLIENT_SECRET" =
"l8lFe5P8YN9FSji0zPVL8byqb5tKx8AcN2acQri0nFhDwf2jRtqNL8ICqjKmpJyMMJnitaUVTgOO442pWbsi6cMkqEXAf8Cx7sEomhThXiZfj7SShkrKGbQrCva4khP2";
"KOMODO_OIDC_USE_FULL_EMAIL" = "false";
};
environmentFiles = [
"/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env"
];
volumes = [
"/proc:/proc:rw"
"/var/run/docker.sock:/var/run/docker.sock:rw"
"/mnt/DockerStorage/komodo/repos:/etc/komodo/repos:rw"
"/mnt/DockerStorage/komodo/ssl:/etc/komodo/ssl:rw"
"/mnt/DockerStorage/komodo/stacks:/mnt/DockerStorage/komodo/stacks:rw"
];
labels = {
"komodo.skip" = "";
};
log-driver = "local";
extraOptions = [
"--network-alias=periphery"
"--network=komodo_default"
];
};
systemd.services."docker-komodo-periphery" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-komodo_default.service"
# "docker-volume-komodo_repos.service"
# "docker-volume-komodo_ssl-certs.service"
# "docker-volume-komodo_stacks.service"
];
requires = [
"docker-network-komodo_default.service"
# "docker-volume-komodo_repos.service"
# "docker-volume-komodo_ssl-certs.service"
# "docker-volume-komodo_stacks.service"
];
partOf = [
"docker-compose-komodo-root.target"
];
wantedBy = [
"docker-compose-komodo-root.target"
];
};
# Networks
systemd.services."docker-network-komodo_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f komodo_default";
};
script = ''
docker network inspect komodo_default || docker network create komodo_default
'';
partOf = [ "docker-compose-komodo-root.target" ];
wantedBy = [ "docker-compose-komodo-root.target" ];
};
# # Volumes
# systemd.services."docker-volume-komodo_mongo-config" = {
# path = [ pkgs.docker ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# };
# script = ''
# docker volume inspect komodo_mongo-config || docker volume create komodo_mongo-config
# '';
# partOf = [ "docker-compose-komodo-root.target" ];
# wantedBy = [ "docker-compose-komodo-root.target" ];
# };
# systemd.services."docker-volume-komodo_mongo-data" = {
# path = [ pkgs.docker ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# };
# script = ''
# docker volume inspect komodo_mongo-data || docker volume create komodo_mongo-data
# '';
# partOf = [ "docker-compose-komodo-root.target" ];
# wantedBy = [ "docker-compose-komodo-root.target" ];
# };
# systemd.services."docker-volume-komodo_repo-cache" = {
# path = [ pkgs.docker ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# };
# script = ''
# docker volume inspect komodo_repo-cache || docker volume create komodo_repo-cache
# '';
# partOf = [ "docker-compose-komodo-root.target" ];
# wantedBy = [ "docker-compose-komodo-root.target" ];
# };
# systemd.services."docker-volume-komodo_repos" = {
# path = [ pkgs.docker ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# };
# script = ''
# docker volume inspect komodo_repos || docker volume create komodo_repos
# '';
# partOf = [ "docker-compose-komodo-root.target" ];
# wantedBy = [ "docker-compose-komodo-root.target" ];
# };
# systemd.services."docker-volume-komodo_ssl-certs" = {
# path = [ pkgs.docker ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# };
# script = ''
# docker volume inspect komodo_ssl-certs || docker volume create komodo_ssl-certs
# '';
# partOf = [ "docker-compose-komodo-root.target" ];
# wantedBy = [ "docker-compose-komodo-root.target" ];
# };
# systemd.services."docker-volume-komodo_stacks" = {
# path = [ pkgs.docker ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# };
# script = ''
# docker volume inspect komodo_stacks || docker volume create komodo_stacks
# '';
# partOf = [ "docker-compose-komodo-root.target" ];
# wantedBy = [ "docker-compose-komodo-root.target" ];
# };
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-komodo-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

50
host/nix/default.nix
View file

@ -1,50 +0,0 @@
{
modulesPath,
config,
pkgs,
hostName,
...
}:
{
## MODULES & IMPORTS ##
imports = [
# Common Modules
../../common/lxc
../../common/ssh
../../common/vscode-server
# Import hardware configuration.
./hardware.nix
];
## NETWORKING ##
networking.firewall = {
allowedTCPPorts = [
22
80
443
];
allowedUDPPorts = [ ];
};
## ENVIORMENT & PACKAGES ##
environment.systemPackages = with pkgs; [
git
micro
openbox
openssh
ranger
sshfs
wget
x2goserver
];
programs.java = {
enable = true;
package = pkgs.jdk;
};
environment.variables = {
HOSTNAME = hostName;
};
}

30
host/nix/hardware.nix
View file

@ -1,30 +0,0 @@
{
admin,
...
}:
{
programs.fuse.userAllowOther = true;
fileSystems = {
"/pool" = {
device = "${admin}@104.40.4.24:/pool";
fsType = "sshfs";
options = [
"defaults"
"reconnect"
"_netdev"
"allow_other"
"identityfile=/home/${admin}/.ssh/pve"
];
};
"/home/${admin}/git" = {
fsType = "none";
device = "/pool/git";
options = [
"bind"
"nofail"
];
};
};
}

21
host/nix/home/default.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ... }:
{
# Module imports
imports = [
# Common Modules
../../../common/home
../../../common/git
];
home.packages = with pkgs; [
chafa
fastfetch
fish
fishPlugins.grc
fishPlugins.tide
grc
nodejs_22
pnpm
prettierd
];
}

64
host/proxy/default.nix
View file

@ -1,64 +0,0 @@
{
modulesPath,
config,
pkgs,
hostName,
...
}:
{
## MODULES & IMPORTS ##
imports = [
# Common Modules
../../common/acme
../../common/lxc
../../common/ssh
# Import hardware configuration.
./hardware.nix
# Local Modules
# caddy
./modules/caddy
./modules/cloudflared
];
## NETWORKING ##
networking.firewall = {
allowedTCPPorts = [
22
80
443
14333
];
allowedUDPPorts = [ 53 ];
interfaces.podman1 = {
# so that containers find eachother's names
allowedUDPPorts = [ 53 ];
};
};
## ENVIORMENT & PACKAGES ##
environment.systemPackages = with pkgs; [
git
micro
openssh
ranger
sshfs
];
environment.etc = {
"cloudflared/.keep" = {
text = "This directory is used to store cloudflared configuration files.";
};
};
environment.variables = {
HOSTNAME = hostName;
};
## PROGRAMS & SERVICES ##
# Enable podman
virtualisation.podman.enable = true;
virtualisation.oci-containers.backend = "podman";
}

30
host/proxy/hardware.nix
View file

@ -1,30 +0,0 @@
{
admin,
...
}:
{
programs.fuse.userAllowOther = true;
fileSystems = {
"/pool" = {
device = "${admin}@104.40.4.24:/pool";
fsType = "sshfs";
options = [
"defaults"
"reconnect"
"_netdev"
"allow_other"
"identityfile=/home/${admin}/.ssh/pve"
];
};
"/home/${admin}/git" = {
fsType = "none";
device = "/pool/git";
options = [
"bind"
"nofail"
];
};
};
}

Some files were not shown because too many files have changed in this diff Show more