From 64c15d5260ea8f2e7ecb41c64f27ff1fdfc22e99 Mon Sep 17 00:00:00 2001 From: Faris Date: Thu, 2 Apr 2026 15:52:21 +0100 Subject: [PATCH] Initial commit - Reset history due to secrets --- config/common.nix | 171 +++++ config/desktop.nix | 341 ++++++++++ flake.lock | 459 ++++++++++++++ flake.nix | 58 ++ home/common.nix | 77 +++ home/desktop.nix | 55 ++ home/podman.nix | 1127 +++++++++++++++++++++++++++++++++ hosts/desktop/hardware.nix | 47 ++ hosts/desktop/settings.nix | 72 +++ hosts/laptop/settings.nix | 40 ++ hosts/server-nut/settings.nix | 22 + hosts/server/hardware.nix | 40 ++ hosts/server/settings.nix | 392 ++++++++++++ update-desktop.sh | 2 + 14 files changed, 2903 insertions(+) create mode 100644 config/common.nix create mode 100644 config/desktop.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 home/common.nix create mode 100644 home/desktop.nix create mode 100644 home/podman.nix create mode 100644 hosts/desktop/hardware.nix create mode 100644 hosts/desktop/settings.nix create mode 100644 hosts/laptop/settings.nix create mode 100644 hosts/server-nut/settings.nix create mode 100644 hosts/server/hardware.nix create mode 100644 hosts/server/settings.nix create mode 100755 update-desktop.sh diff --git a/config/common.nix b/config/common.nix new file mode 100644 index 0000000..78dfa7f --- /dev/null +++ b/config/common.nix @@ -0,0 +1,171 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ + config, + pkgs, + home-manager, + lib, + ... +}: + +{ + # Bootloader + #boot.loader.limine.enable = true; + #boot.loader.systemd-boot.enable = true; + #boot.loader.limine.secureBoot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + #programs.nix-ld = { enable = true; libraries = pkgs.steam-run.fhsenv.args.multiPkgs pkgs; }; # for dynamically links execs + + # Enable networking + #networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/London"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_GB.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.admin = { + isNormalUser = true; + description = "admin"; + shell = pkgs.zsh; + extraGroups = [ + #"networkmanager" + "wheel" + "adbusers" # adb + "kvm" # virt + "networkmanager" + "lp" #printing + ]; + packages = with pkgs; [ + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + programs = { + zsh.enable = true; + }; + + nix = { + extraOptions = '' + keep-outputs = true + keep-derivations = true + ''; + gc.automatic = true; + gc.randomizedDelaySec = "14m"; + gc.options = "--delete-older-than 10d"; + optimise.automatic = true; + }; + + # unfree + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # nvidia + "nvidia-x11" + "nvidia-settings" + # cuda + "cuda_cudart" + "cuda_nvcc" + "cuda_cccl" + "libcublas" + "cuda-merged" + "cuda_cuobjdump" + "cuda_gdb" + "cuda_nvdisasm" + "cuda_nvprune" + "cuda_cupti" + "cuda_cuxxfilt" + "cuda_nvml_dev" + "cuda_nvrtc" + "cuda_nvtx" + "cuda_profiler_api" + "cuda_sanitizer_api" + "libcufft" + "libcurand" + "libcusolver" + "libnvjitlink" + "libcusparse" + "libnpp" + # other + "proton-authenticator" + "obsidian" + "via" + "steam" + "steam-unwrapped" + "osu-lazer-bin" + "corefonts" + + "claude-code" + + "brgenml1lpr" + ]; + + environment.systemPackages = with pkgs; [ + zsh + htop + fastfetch + restic + nixpkgs-fmt + nixfmt-rfc-style + rsync + lm_sensors + pciutils # lspci + usbutils # lsusb + nmap + tree + p7zip + inetutils # telnet + + # media + yt-dlp + exiftool + mediainfo + ffmpeg-full + + # barcodes + qrencode + zbar + barcode + ghostscript + + # documenation + man-pages + man-pages-posix + ]; + + # enable developer documenation + documentation.dev.enable = true; +} diff --git a/config/desktop.nix b/config/desktop.nix new file mode 100644 index 0000000..714c4b1 --- /dev/null +++ b/config/desktop.nix @@ -0,0 +1,341 @@ +{ pkgs, inputs, ... }: + +{ + + #system.includeBuildDependencies = true; # THIS CAN'T BE INCLUDED IN COMMON YET BECAUSE SERVER DOES NOT HAVE ENOUGH STORAGE + + hardware.graphics = { + enable = true; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.displayManager.gdm.enable = false; # use sddm until gnome 50 due to https://github.com/systemd/systemd/issues/39259 + services.displayManager.sddm.enable = true; + services.desktopManager.gnome.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + + # Enable CUPS to print documents. + services.printing.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + services.tailscale.enable = true; + services.printing.drivers = [ pkgs.brlaser pkgs.brgenml1lpr pkgs.brgenml1cupswrapper ]; + + # Enable sound with pipewire. + services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + # Enable automatic login for the user. + # services.displayManager.autoLogin.enable = true; + # services.displayManager.autoLogin.user = "admin"; + # services.gnome.gnome-keyring.enable = true; + # security.pam.services.gdm.enableGnomeKeyring = true; #unlock PAM + + # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 + systemd.services."getty@tty1".enable = false; + systemd.services."autovt@tty1".enable = false; + + #services.xserver.desktopManager.retroarch.extraArgs = [ + # "--config=/mnt/services/emulators/retroarch/retroarch.cfg" + #]; + + services.ollama = { + enable = true; + acceleration = "cuda"; + openFirewall = true; + host = "0.0.0.0"; + # Optional: preload models, see https://ollama.com/library + loadModels = [ "gemma3:4b-it-qat" ]; + package = pkgs.unstable.ollama; + + }; + + hardware.keyboard.qmk.enable = true; + + boot = { + # Graphical boot + plymouth.enable = true; + # Allow higher virtual memory for games + kernel.sysctl."vm.max_map_count" = 2147483642; + }; + + #services.udev.packages = [ pkgs.via ]; + + environment.gnome.excludePackages = with pkgs; [ + epiphany # web browser + geary # email + decibels #audio player + gnome-calendar + gnome-music + gnome-software + gnome-tour + totem # video player + xterm + yelp # help + ]; + + nixpkgs.overlays = [ + (final: _: { + # this allows you to access `pkgs.unstable` anywhere in your config + unstable = import inputs.nixpkgs-unstable { + inherit (final.stdenv.hostPlatform) system; + inherit (final) config; + }; + }) + ]; + + environment.systemPackages = with pkgs; [ + audacity + brave + blender + orca-slicer + firefox + gimp + gnomeExtensions.appindicator + gnomeExtensions.blur-my-shell + gnomeExtensions.caffeine + gnomeExtensions.dash-to-dock + inkscape + kiwix + libreoffice + obs-studio + obsidian + unstable.proton-authenticator + unstable.protonmail-desktop + unstable.protonvpn-gui + prismlauncher + unstable.signal-desktop + freecad + tor-browser + wireshark + monero-gui + moonlight-qt + nvtopPackages.nvidia + vscodium + dconf-editor + via + kdePackages.kdenlive + easyeffects + element-desktop + chirp + scrcpy + + # AI? + claude-code + + # games + heroic + lutris + cataclysm-dda + runelite + zeroad + unciv + endless-sky + wesnoth + mindustry + openrct2 + openttd + xonotic + osu-lazer-bin + #ufoai + #inputs.nix-citizen.packages.${system}.rsi-launcher + + # game utils + mangohud + umu-launcher + + # emu + ryubing + xemu + xenia-canary + #retroarch-full + rpcs3 + dolphin-emu + cemu + + # backup + keepassxc + jdk + ]; + + fonts.packages = with pkgs; [ + noto-fonts + noto-fonts-cjk-sans + noto-fonts-color-emoji + corefonts + fira-mono + ]; + fonts.fontconfig = { + antialias = true; + cache32Bit = true; + hinting.enable = true; + hinting.autohint = true; + }; + + services.sunshine = { + enable = true; + autoStart = true; + capSysAdmin = true; + openFirewall = true; + package = pkgs.sunshine.override { + cudaSupport = true; + }; + }; + + programs = { + adb.enable = true; + + localsend = { + enable = true; + openFirewall = true; + }; + + coolercontrol = { + enable = true; + }; + + gamescope = { + enable = true; + capSysNice = true; + }; + + steam = { + enable = true; + gamescopeSession.enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + + gamemode.enable = true; + + dconf = { + enable = true; + profiles.user.databases = [{ + lockAll = true; # prevents overriding + settings = { + "org/gnome/shell" = { + favorite-apps = [ + "org.gnome.Nautilus.desktop" + "brave-browser.desktop" + "proton-mail.desktop" + "obsidian.desktop" + "signal.desktop" + "element-desktop.desktop" + "steam.desktop" + "org.gnome.Settings.desktop" + "org.gnome.Console.desktop" + ]; + enabled-extensions = [ + pkgs.gnomeExtensions.appindicator.extensionUuid + pkgs.gnomeExtensions.blur-my-shell.extensionUuid + pkgs.gnomeExtensions.caffeine.extensionUuid + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + ]; + }; + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + "org/gnome/desktop/interface" = { + clock-show-weekday = true; + color-scheme = "prefer-dark"; + document-font-name = "Noto Sans 11"; + enable-hot-corners = false; + font-name = "Noto Sans 11"; + gtk-theme = "Adwaita-dark"; + monospace-font-name = "Fira Mono 12"; + }; + "org/gnome/desktop/peripherals/mouse" = { + accel-profile = "flat"; + }; + "org/gnome/desktop/wm/preferences" = { + button-layout = ":minimize,maximize,close"; + }; + "org/gnome/nautilus/list-view" = { + default-zoom-level = "small"; + }; + "org/gnome/nautilus/preferences" = { + default-folder-viewer = "list-view"; + }; + "org/gnome/shell/extensions/dash-to-dock" = { + click-action = "minimize-or-previews"; + dock-fixed = true; + multi-monitor = true; + show-mounts = false; + show-show-apps-button = true; + apply-custom-theme = true; + }; + "org/gnome/shell/keybindings" = { + show-screenshot-ui = ["s"]; + }; + #org.gnome.desktop.input-sources sources [('xkb', 'us'), ('xkb', 'dz+ar')] + }; + }]; + }; + }; + + fileSystems."/mnt/media" = { + device = "//192.168.0.30/media"; + fsType = "cifs"; + options = let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + + in ["${automount_opts},credentials=/etc/nixos/smb-credentials,uid=1000,gid=1000"]; + }; + fileSystems."/mnt/services" = { + device = "//192.168.0.30/services"; + fsType = "cifs"; + options = let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + + in ["${automount_opts},credentials=/etc/nixos/smb-credentials,uid=1000,gid=1000"]; + }; + fileSystems."/mnt/data" = { + device = "//192.168.0.30/data"; + fsType = "cifs"; + options = let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + + in ["${automount_opts},credentials=/etc/nixos/smb-credentials,uid=1000,gid=1000"]; + }; + + programs.virt-manager.enable = true; + users.groups.libvirtd.members = ["admin"]; + virtualisation.libvirtd = { + enable = true; + qemu.swtpm.enable = true; + }; + virtualisation.spiceUSBRedirection.enable = true; + + services.flatpak.enable = true; + + # programs.nix-ld = { + # enable = true; + # libraries = with pkgs; [ + # (pkgs.runCommand "steamrun-lib" {} "mkdir $out; ln -s ${pkgs.steam-run.fhsenv}/usr/lib64 $out/lib") + # ]; + # }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..125f600 --- /dev/null +++ b/flake.lock @@ -0,0 +1,459 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "owner": "ryantm", + "repo": "agenix", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "cachyos-kernel": { + "flake": false, + "locked": { + "lastModified": 1770052877, + "narHash": "sha256-Ejj9F2obMjVoy0Jsugw6txHFaR9ziuErYIt58cIJqzE=", + "owner": "CachyOS", + "repo": "linux-cachyos", + "rev": "1f8a79ffeac6f319a8c0fc3abad27a3ec7762abf", + "type": "github" + }, + "original": { + "owner": "CachyOS", + "repo": "linux-cachyos", + "type": "github" + } + }, + "cachyos-kernel-patches": { + "flake": false, + "locked": { + "lastModified": 1770051966, + "narHash": "sha256-udCJTbUAEZm5zBrr4zVVjpBLQtCC/vQlkIOLnEGr5Ik=", + "owner": "CachyOS", + "repo": "kernel-patches", + "rev": "bfa4ff5231408610ffcc92898cd1e4c9bd55e452", + "type": "github" + }, + "original": { + "owner": "CachyOS", + "repo": "kernel-patches", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nix-citizen", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769580047, + "narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "home-manager", + "type": "github" + } + }, + "nix-cachyos-kernel": { + "inputs": { + "cachyos-kernel": "cachyos-kernel", + "cachyos-kernel-patches": "cachyos-kernel-patches", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1770055712, + "narHash": "sha256-VpbF4JDFPSW2crh0tP5EiegnuTkj3fACs0SLWDhlfPM=", + "owner": "xddxdd", + "repo": "nix-cachyos-kernel", + "rev": "220dce3edcb81188ecb896382699884243d1c2e3", + "type": "github" + }, + "original": { + "owner": "xddxdd", + "ref": "release", + "repo": "nix-cachyos-kernel", + "type": "github" + } + }, + "nix-citizen": { + "inputs": { + "flake-parts": "flake-parts_2", + "nix-gaming": "nix-gaming", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_2", + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1769832985, + "narHash": "sha256-PKONM6JUGWviRsv3tZWj72HE0aeHKcHTrzTskj58MRM=", + "owner": "LovingMelody", + "repo": "nix-citizen", + "rev": "47823c1ea4c53153dabd43f08b26f3c67c557542", + "type": "github" + }, + "original": { + "owner": "LovingMelody", + "repo": "nix-citizen", + "type": "github" + } + }, + "nix-gaming": { + "inputs": { + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "nix-citizen", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769653948, + "narHash": "sha256-vOKkxlAREINxBVFzsj+8D3WZkoOPHLcjhweE0hDMwbg=", + "owner": "fufexan", + "repo": "nix-gaming", + "rev": "60855f0c988b2b4b787f54ddda18a3af44134623", + "type": "github" + }, + "original": { + "owner": "fufexan", + "repo": "nix-gaming", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "nix-citizen", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737420293, + "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1769302137, + "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1754028485, + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "72716169fe93074c333e8d0173151350670b824c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_2": { + "locked": { + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1770107345, + "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4533d9293756b63904b7238acb84ac8fe4c8c2c4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1770056022, + "narHash": "sha256-yvCz+Qmci1bVucXEyac3TdoSPMtjqVJmVy5wro6j/70=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d04d8548aed39902419f14a8537006426dc1e4fa", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "home-manager": "home-manager_2", + "nix-cachyos-kernel": "nix-cachyos-kernel", + "nix-citizen": "nix-citizen", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_3", + "nixpkgs-unstable": "nixpkgs-unstable" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nix-citizen", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769515380, + "narHash": "sha256-CWWK3PaQ7zhr+Jcf5zyaTR2cfRBXPo09H7+5nWApL8s=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9911802c2822def2eec3d22e2cafd1619ede94a5", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..3191113 --- /dev/null +++ b/flake.nix @@ -0,0 +1,58 @@ +{ + description = "A very basic flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + nixos-hardware.url = "github:nixos/nixos-hardware/master"; + home-manager.url = "github:nix-community/home-manager/release-25.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = + { self, nixpkgs, home-manager, ... }@inputs: + { + nixosConfigurations.desktop = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + #inherit system; + modules = [ + ./config/common.nix + ./config/desktop.nix + ./hosts/desktop/hardware.nix + ./hosts/desktop/settings.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.admin = { + imports = [ + ./home/common.nix + ./home/desktop.nix + ]; + }; + } + ]; + }; + + nixosConfigurations.nixos-server = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./config/common.nix + ./hosts/server/hardware.nix + ./hosts/server/settings.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.admin = { + imports = [ + ./home/common.nix + ./home/podman.nix + ]; + }; + } + ]; + }; + + }; +} diff --git a/home/common.nix b/home/common.nix new file mode 100644 index 0000000..27933d6 --- /dev/null +++ b/home/common.nix @@ -0,0 +1,77 @@ +{ config, ...}: + +{ + home.sessionVariables = { + EDITOR = "nvim"; + VISUAL = "nvim"; + }; + + programs = { + + neovim = { + enable = true; + viAlias = true; + vimAlias = true; + extraConfig = '' + set nocompatible + syntax on + + set fileformat=unix + set encoding=utf8 + set number relativenumber + set wrap + + set tabstop=4 + set shiftwidth=4 + set softtabstop=4 + set smarttab + set autoindent + set colorcolumn=80 + highlight ColorColumn ctermbg=8 + + set clipboard=unnamed,unnamedplus + set list listchars=tab:>-,trail:_,extends:>,precedes:<,nbsp:~ + set showbreak=> + + let mapleader=" " + + "# disable macro mode + map q + ''; + }; + + tmux = { + enable = true; + historyLimit = 10000; + mouse = true; + extraConfig = '' + + ''; + }; + + fzf = { + enable = true; + enableZshIntegration = true; + }; + + zsh = { + enable = true; + dotDir = "${config.xdg.configHome}/zsh"; + #enableCompletions = true; + #autosuggestions.enable = true; + syntaxHighlighting.enable = true; + oh-my-zsh = { + enable = true; + plugins = [ "git" ]; + theme = "daveverwer"; + }; + }; + + git = { + enable = true; + settings.user.Name = "Faris"; + settings.user.email = "faris@mektem.com"; + }; + }; + +} diff --git a/home/desktop.nix b/home/desktop.nix new file mode 100644 index 0000000..0f1a926 --- /dev/null +++ b/home/desktop.nix @@ -0,0 +1,55 @@ +{ pkgs, ... }: + +{ + programs = { + # chromium = { + # enable = true; + # package = pkgs.brave; + # commandLineArgs = [ + # #"--sync-url='http://192.168.0.30:8295/v2'" + # ]; + # }; + + mpv = { + enable = true; + + package = ( + pkgs.mpv-unwrapped.wrapper { + scripts = with pkgs.mpvScripts; [ + sponsorblock + ]; + + mpv = pkgs.mpv-unwrapped.override { + waylandSupport = true; + }; + } + ); + + config = { + profile = "high-quality"; + ytdl-format = "bestvideo+bestaudio"; + cache-default = 4000000; + loop-file = "inf"; + }; + + extraInput = '' + r cycle_values video-rotate 90 180 270 0 + ''; + }; + }; + # add bookmarks for shared drives + xdg.configFile."gtk-3.0/bookmarks" = { + force = true; + text = '' + file:/// root + file:///mnt/data data + file:///mnt/media media + file:///mnt/services services + ''; + }; + + + + # Don't touch + home.stateVersion = "24.11"; +} diff --git a/home/podman.nix b/home/podman.nix new file mode 100644 index 0000000..3ea7687 --- /dev/null +++ b/home/podman.nix @@ -0,0 +1,1127 @@ +{ + lib, + pkgs, + config, + ... +}: + +{ + services.podman.networks = { + internal_net = { + driver = "bridge"; + }; + }; + services.podman.enable = true; + services.podman.autoUpdate.enable = true; + services.podman.autoUpdate.onCalendar = "*-*-* 00:00"; + services.podman.containers = { + +# palworld = { +# image = "docker.io/thijsvanloef/palworld-server-docker:latest"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# "/pool/services/secrets/palworld" +# ]; +# volumes = [ +# "/pool/services/podman/palworld:/palworld" +# ]; +# ports = [ +# "8211:8211/udp" +# "27015:27015/udp" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; + + actual = { + image = "docker.io/actualbudget/actual-server:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/actual:/data" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + archivebox = { + image = "docker.io/archivebox/archivebox:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/archivebox" + ]; + volumes = [ + "/pool/services/podman/archivebox:/data" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + authelia = { + image = "docker.io/authelia/authelia:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/authelia" + ]; + volumes = [ + "/pool/services/podman/authelia/config:/config" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + authentik-server = { + image = "ghcr.io/goauthentik/server:2026.2.1"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + exec = "server"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/authentik" + ]; + volumes = [ + "/pool/services/podman/authentik/data:/data" + "/pool/services/podman/authentik/certs:/certs" + "/pool/services/podman/authentik/templates:/templates" + ]; + extraPodmanArgs = [ + "--shm-size=256m" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + authentik-postgresql = { + image = "docker.io/postgres:16-alpine"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/authentik" + ]; + volumes = [ + "/pool/services/podman/authentik/db:/var/lib/postgresql/data" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + authentik-worker = { + image = "ghcr.io/goauthentik/server:2026.2.1"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + exec = "worker"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/authentik" + ]; + volumes = [ + "/pool/services/podman/authentik/data:/data" + "/pool/services/podman/authentik/certs:/certs" + "/pool/services/podman/authentik/templates:/templates" + ]; + extraPodmanArgs = [ + "--shm-size=256m" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + caddy-local = { + image = "ghcr.io/caddybuilds/caddy-cloudflare:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/caddy-local/conf:/etc/caddy" + "/pool/services/podman/caddy-local/site:/srv" + "/pool/services/podman/caddy-local/data:/data" + "/pool/services/podman/caddy-local/config:/config" + ]; + ports = [ + "80:80" + "443:443" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + bazarr = { + image = "lscr.io/linuxserver/bazarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/bazarr:/config" + "/pool/media/video/movies:/movies" + "/pool/media/video/tv:/tv" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + ddclient = { + image = "lscr.io/linuxserver/ddclient:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/ddclient:/config" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + eclipse-mosquitto = { + image = "docker.io/eclipse-mosquitto:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/eclipse-mosquitto:/mosquitto" + ]; + ports = [ + "1883:1883" + "9001:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + freshrss = { + image = "lscr.io/linuxserver/freshrss:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/freshrss" + ]; + volumes = [ + "/pool/services/podman/freshrss:/config" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + frigate = { + image = "ghcr.io/blakeblackshear/frigate:0.17.0"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + devices = [ "/dev/dri/renderD128:/dev/dri/renderD128" ]; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/frigate" + ]; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/pool/services/podman/frigate:/config" + "/pool/services/cctv:/media/frigate" + ]; + ports = [ + "1935:1935" + "8554:8554" + ]; + extraPodmanArgs = [ + "--shm-size=256m" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + +# gitea-anubis = { +# image = "ghcr.io/techarohq/anubis:latest"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# "/pool/services/secrets/anubis-default" #WHY DOES THIS NOT WORK???? +# "/pool/services/secrets/anubis-nginx" +# ]; +# environment = { +# DIFFICULTY = "4"; +# SERVE_ROBOTS_TXT = "true"; +# POLICY_FNAME = "/data/cfg/botPolicy.json"; +# OG_PASSTHROUGH = "true"; +# OG_EXPIRY_TIME = "24h"; +# BIND = ":3002"; +# METRICS_BIND = ":9090"; +# TARGET = "http://192.168.0.30:3001"; +# }; +# +# volumes = [ +# "/pool/services/podman/anubis/botPolicy.json:/data/cfg/botPolicy.json:ro" +# ]; +# ports = [ +# "3002:3002" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; + + + home-assistant = { + image = "ghcr.io/home-assistant/home-assistant:stable"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/pool/services/podman/homeassistant:/config" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + homer = { + image = "docker.io/b4bz/homer"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/homer:/www/assets" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + hugo = { + image = "docker.io/hugomods/hugo:latest"; + autoStart = true; + autoUpdate = "registry"; + exec = "server -s /src/mektem.com -D"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/hugo/src:/src" + "/pool/services/podman/hugo/cache:/tmp/hugo_cache" + ]; + ports = [ + "1313:1313" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-db = { + image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/immich" + ]; + volumes = [ + "/pool/services/podman/immich/db:/var/lib/postgresql/data:z" + ]; + userNS = "keep-id"; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-machine-learning = { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/immich" + ]; + volumes = [ + "/pool/services/podman/immich/cache:/cache" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-redis = { + image = "registry.hub.docker.com/library/redis:6.2-alpine"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/immich" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-server = { + image = "ghcr.io/immich-app/immich-server:release"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/immich" + ]; + volumes = [ + "/pool/services/immich:/usr/src/app/upload" + "/etc/localtime:/etc/localtime:ro" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + jellyfin = { + image = "docker.io/jellyfin/jellyfin:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + devices = [ "/dev/dri/renderD128:/dev/dri/renderD128" ]; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/jellyfin:/config" + "/pool/media/video/movies:/movies" + "/pool/media/video/tv:/tv" + "/pool/media/audio/music/flac:/music" + "/pool/media/video/family:/family" + "/pool/media/video/livetv:/livetv" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + jellyseerr = { + image = "ghcr.io/fallenbagel/jellyseerr"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/jellyseerr:/app/config" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + kiwix = { + image = "ghcr.io/kiwix/kiwix-serve:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + exec = "*.zim"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/media/kiwix:/data" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + lazylibrarian = { + image = "lscr.io/linuxserver/lazylibrarian:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/lazylibrarian:/config" + "/pool/media/torrents:/downloads" + "/pool/media/books:/books" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + lidarr = { + image = "lscr.io/linuxserver/lidarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/lidarr:/config" + "/pool/media/audio/music/flac:/music" + "/pool/media/torrents:/downloads" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + metube = { + image = "ghcr.io/alexta69/metube:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/media/youtube-dl:/downloads" + "/pool/media/audio/music/flac:/music" + ]; + ports = [ + "8081:8081" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + # nginx-anubis = { + # image = "ghcr.io/techarohq/anubis:latest"; + # autoStart = true; + # autoUpdate = "registry"; + # network = "vlan50_web"; + # environmentFile = [ + # "/pool/services/secrets/default" + # "/pool/services/secrets/anubis-default" #WHY DOES THIS NOT WORK???? + # "/pool/services/secrets/anubis-nginx" + # ]; + # environment = { + # DIFFICULTY = "4"; + # SERVE_ROBOTS_TXT = "true"; + # POLICY_FNAME = "/data/cfg/botPolicy.json"; + # OG_PASSTHROUGH = "true"; + # OG_EXPIRY_TIME = "24h"; + # BIND = ":8881"; + # METRICS_BIND = ":9090"; + # TARGET = "http://192.168.0.30:888"; + # }; + + # volumes = [ + # "/pool/services/podman/anubis/botPolicy.json:/data/cfg/botPolicy.json:ro" + # ]; + # ports = [ + # "8881:8881" + # ]; + # extraConfig = { + # Service = { + # TimeoutStartSec = 900; + # }; + # }; + # }; + + ntp = { + image = "docker.io/cturra/ntp"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + obsidian-livesync = { + image = "docker.io/oleduc/docker-obsidian-livesync-couchdb"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/obsidian-livesync" + ]; + volumes = [ + "/pool/services/podman/obsidian-livesync/data:/opt/couchdb/data" + ]; + ports = [ + "5984:5984" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + ollama = { + image = "docker.io/ollama/ollama:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/ollama" + ]; + volumes = [ + "/pool/services/podman/ollama:/root/.ollama" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + open-webui = { + image = "ghcr.io/open-webui/open-webui:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/open-webui" + ]; + volumes = [ + "/pool/services/podman/open-webui:/app/backend/data" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + paperless-ngx = { + image = "ghcr.io/paperless-ngx/paperless-ngx:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/paperless-ngx" + ]; + volumes = [ + "/pool/services/podman/paperless-ngx/data:/usr/src/paperless/data" + "/pool/services/podman/paperless-ngx/media:/usr/src/paperless/media" + "/pool/services/podman/paperless-ngx/export:/usr/src/paperless/export" + "/pool/data/scans:/usr/src/paperless/consume" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + paperless-ngx-redis = { + image = "registry.hub.docker.com/library/redis:6.2-alpine"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + prowlarr = { + image = "lscr.io/linuxserver/prowlarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/prowlarr:/config" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + radarr = { + image = "lscr.io/linuxserver/radarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/radarr:/config" + "/pool/media/video/movies:/movies" + "/pool/media/torrents:/downloads" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + romm = { + image = "docker.io/rommapp/romm:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/romm" + ]; + volumes = [ + "/pool/services/podman/romm/resources:/romm/resources" + "/pool/services/podman/romm/redis:/redis-data" + "/pool/services/podman/romm/assets:/romm/assets" + "/pool/services/podman/romm/config:/romm/config" + "/pool/media/romm:/romm/library" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + romm-db = { + image = "docker.io/mariadb:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/romm" + ]; + volumes = [ + "/pool/services/podman/romm/db:/var/lib/mysql" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; +# rlcraft = { +# image = "docker.io/itzg/minecraft-server:java8"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# "/pool/services/secrets/rlcraft" +# ]; +# volumes = [ +# "/pool/services/podman/minecraft/rlcraft/data:/data" +# ]; +# ports = [ +# "25565:25565" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; + + rutorrent = { + image = "docker.io/crazymax/rtorrent-rutorrent:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/rutorrent/passwd:/passwd" + "/pool/services/podman/rutorrent/data:/data" + "/pool/media/torrents:/downloads" + ]; + ports = [ + "50000:50000" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + searxng = { + image = "docker.io/searxng/searxng:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/searxng:/etc/searxng" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + sonarr = { + image = "lscr.io/linuxserver/sonarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/sonarr:/config" + "/pool/media/video/tv:/tv" + "/pool/media/torrents:/downloads" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + +# tandoor = { +# image = "docker.io/vabene1111/recipes"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# "/pool/services/secrets/tandoor" +# ]; +# volumes = [ +# "/pool/services/podman/tandoor/staticfiles:/opt/recipes/staticfiles" +# "/pool/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles" +# ]; +# ports = [ +# "9092:80" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; +# +# tandoor-db = { +# image = "docker.io/postgres:16-alpine"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# "/pool/services/secrets/tandoor" +# ]; +# volumes = [ +# "/pool/services/podman/tandoor/db:/var/lib/postgresql/data" +# ]; +# ports = [ +# "5434:5432" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; + + + thelounge = { + image = "lscr.io/linuxserver/thelounge:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/thelounge:/config" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + tinyauth = { + image = "ghcr.io/steveiliop56/tinyauth:v5"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/tinyauth" + ]; + volumes = [ + "/pool/services/podman/tinyauth/:/data" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + tubearchivist = { + image = "docker.io/bbilly1/tubearchivist"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/tubearchivist" + ]; + volumes = [ + "/pool/media/video/youtube:/youtube" + "/pool/services/podman/tubearchivist/cache:/cache" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + tubearchivist-redis = { + image = "docker.io/redis"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/tubearchivist/redis:/data" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + tubearchivist-es = { + image = "docker.io/bbilly1/tubearchivist-es"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/tubearchivist-es" + ]; + volumes = [ + "/pool/services/podman/tubearchivist/es:/usr/share/elasticsearch/data" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + uptime-kuma = { + image = "docker.io/louislam/uptime-kuma"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/uptime-kuma:/app/data" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + vaultwarden = { + image = "docker.io/vaultwarden/server:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/vaultwarden" + ]; + volumes = [ + "/pool/services/podman/vaultwarden:/data" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + webdav = { + image = "docker.io/bytemark/webdav:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/webdav" + ]; + volumes = [ + "/pool/services/webdav:/var/lib/dav" + ]; + ports = [ + "8009:80" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + +# zigbee2mqtt = { +# image = "docker.io/koenkk/zigbee2mqtt"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# devices = [ "/dev/ttyACM0:/dev/ttyACM0" ]; +# environmentFile = [ +# "/pool/services/secrets/default" +# ]; +# volumes = [ +# "/pool/services/podman/zigbee2mqtt:/app/data" +# ]; +# ports = [ +# "8808:8080" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; + + }; + + # Don't touch + home.stateVersion = "24.11"; +} diff --git a/hosts/desktop/hardware.nix b/hosts/desktop/hardware.nix new file mode 100644 index 0000000..9585799 --- /dev/null +++ b/hosts/desktop/hardware.nix @@ -0,0 +1,47 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "nvidia-uvm" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/bd28421d-7ec4-4b23-964d-c07a6f351e1f"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-e3a81f8e-3ae9-494b-a329-a6f860b10e34".device = "/dev/disk/by-uuid/e3a81f8e-3ae9-494b-a329-a6f860b10e34"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/D47C-5FCE"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/be22d9db-283a-4dd9-93d5-1006e392724b"; } + ]; + + fileSystems."/run/media/admin/08cabc7a-9a6e-4c21-8a07-6663af77b705" = + { device = "/dev/disk/by-uuid/08cabc7a-9a6e-4c21-8a07-6663af77b705"; + fsType = "ext4"; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/desktop/settings.nix b/hosts/desktop/settings.nix new file mode 100644 index 0000000..cd88ba5 --- /dev/null +++ b/hosts/desktop/settings.nix @@ -0,0 +1,72 @@ +{ config, pkgs, inputs, ... }: + +{ + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + +services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + wireplumber.enable = true; +}; +services.displayManager.gdm.enable = false; +services.displayManager.sddm.enable = true; + + boot = { + initrd.luks.devices."luks-cbf20b12-90f7-4fbb-95d3-1320eece4d89".device = "/dev/disk/by-uuid/cbf20b12-90f7-4fbb-95d3-1320eece4d89"; + kernelParams = [ + "nvidia_drm.modeset=1" + "nvidia_drm.fbdev=1" + "nvidia.NVreg_PreserveVideoMemoryAllocations=1" + "module_blacklist=amdgpu" + ]; + }; + + networking = { + hostName = "nixos-desktop"; + interfaces.enp42s0 = { + wakeOnLan.enable = true; + ipv4.addresses = [ + { + address = "192.168.30.40"; + prefixLength = 24; + } + ]; + }; + defaultGateway = "192.168.30.1"; + nameservers = [ "192.168.0.1" "1.1.1.1" ]; + }; + + services = { + xserver.videoDrivers = [ "nvidia" ]; + }; + + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = true; + powerManagement.finegrained = false; + open = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + + # this fixes the sleep/wake issue +# systemd.services."systemd-suspend" = { +# serviceConfig = { +# Environment = ''"SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false"''; +# }; +# }; + + # fixes hardware accel on nvidia open + hardware.graphics.extraPackages = [ + pkgs.nvidia-vaapi-driver + ]; + + environment.variables = { + NVD_BACKEND = "direct"; + LIBVA_DRIVER_NAME = "nvidia"; + }; + + system.stateVersion = "24.11"; +} diff --git a/hosts/laptop/settings.nix b/hosts/laptop/settings.nix new file mode 100644 index 0000000..d221ce8 --- /dev/null +++ b/hosts/laptop/settings.nix @@ -0,0 +1,40 @@ +{ + + networking = { + hostName = "nixos-laptop"; + interfaces.enp7s0 = { + ipv4.addresses = [ + { + address = "192.168.0.41"; + prefixLength = 24; + } + ]; + }; + defaultGateway = "192.168.0.1"; + nameservers = [ "192.168.0.1" "1.1.1.1" ]; + networkmanager.wifi.powersave = true; + }; + + services = { + auto-cpufreq = { + enable = true; + settings = { + battery = { + governor = "powersave"; + turbo = "never"; + }; + charger = { + governor = "performance"; + turbo = "auto"; + }; + }; + }; + # fwupdmgr update (bios updates) + fwupd.enable = true; + thermald.enable = true; + }; + + powerManagement.powertop.enable = true; + + system.stateVersion = "24.11"; +} \ No newline at end of file diff --git a/hosts/server-nut/settings.nix b/hosts/server-nut/settings.nix new file mode 100644 index 0000000..a8fda71 --- /dev/null +++ b/hosts/server-nut/settings.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + networking = { + hostName = "nixos-server-nut"; + hostId = "d5a2ce61"; + firewall.enable = false; + interfaces.ens18 = { + ipv4.addresses = [ + { + address = "192.168.0.20"; + prefixLength = 24; + } + ]; + }; + defaultGateway = "192.168.0.1"; + nameservers = [ "192.168.0.1" "1.1.1.1" ]; + }; + + users.users.admin.linger = true; + system.stateVersion = "24.11"; +} \ No newline at end of file diff --git a/hosts/server/hardware.nix b/hosts/server/hardware.nix new file mode 100644 index 0000000..b4858ac --- /dev/null +++ b/hosts/server/hardware.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "mpt3sas" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/b9cc7972-36ae-4cb4-a6f4-e342eaca679e"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/542D-865C"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/1032bbd9-0124-419f-a696-a977755aaf17"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/server/settings.nix b/hosts/server/settings.nix new file mode 100644 index 0000000..adbc7f9 --- /dev/null +++ b/hosts/server/settings.nix @@ -0,0 +1,392 @@ +{ config, pkgs, ... }: + +{ + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + #boot.loader.limine.biosDevice = "/dev/vda"; + #boot.loader.efi.efiSysMountPoint = "/boot"; + +systemd.services.podman-network-vlan50 = { + description = "Create podman vlan50 network"; + after = [ "network.target" ]; + before = [ "podman-nginx.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + if ! ${pkgs.podman}/bin/podman network exists vlan50; then + ${pkgs.podman}/bin/podman network create \ + --driver macvlan \ + --opt parent=vlan50 \ + --subnet 192.168.50.0/24 \ + --gateway 192.168.50.1 \ + vlan50 + fi + ''; +}; + + networking = { + vlans = { + vlan50 = { + id = 50; + interface = "enp7s0"; + }; + }; + hostName = "nixos-server"; + hostId = "bbe3b289"; + firewall.enable = false; + interfaces.vlan50 = { + ipv4.addresses = [ + { + address = "192.168.50.30"; + prefixLength = 24; + } + ]; + }; + interfaces.enp7s0 = { + ipv4.addresses = [ + { + address = "192.168.0.30"; + prefixLength = 24; + } + ]; + }; + defaultGateway = "192.168.0.1"; + nameservers = [ "192.168.0.1" "1.1.1.1" ]; + }; + users.users.admin.linger = true; + + hardware.graphics = { + enable = true; + enable32Bit = true; # only needed if you run 32-bit apps + extraPackages = with pkgs; [ + mesa.drivers + libva + libva-utils # provides vainfo + ]; + }; + + boot.kernel.sysctl = { + "net.ipv4.ip_unprivileged_port_start" = 0; + "net.ipv4.conf.all.src_valid_mark" = 1; + "net.ipv4.conf.all.forwarding" = 1; + "net.ipv4.ip_forward" = 1; + }; + + virtualisation = { + containers.enable = true; + podman = { + enable = true; + autoPrune.enable = true; + autoPrune.flags = [ "--all" ]; + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + }; + }; + + services.restic.backups.backup = { + initialize = true; + environmentFile = "/pool/services/secrets/restic/environmentFile"; + repositoryFile = "/pool/services/secrets/restic/repositoryFile"; + passwordFile = "/pool/services/secrets/restic/passwordFile"; + + paths = [ + "/pool/services" + "/pool/data" + ]; + + exclude = [ + "/pool/services/cctv" + ]; + + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + ]; + + }; + + # systemd.timers."prune-podman" = { + # wantedBy = [ "timers.target" ]; + # timerConfig = { + # OnCalendar = "weekly"; + # Persistent = true; + # Unit = "podman-prune.service"; + # }; + # }; + + # systemd.services."prune-podman" = { + # script = '' + # set -eu + # ${pkgs.podman}/bin/podman system prune -af + # ''; + # serviceConfig = { + # Type = "oneshot"; + # User = "admin"; + # }; + # }; + + # give permissions for zigbee USB transceiver + system.activationScripts.script.text = ''chmod o+rw /dev/ttyACM0''; + + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.forceImportRoot = false; + boot.zfs.extraPools = [ "pool" ]; + + services.zfs.autoScrub = { + enable = true; + }; + services.zfs.autoSnapshot.enable = true; + + services.smartd = { + enable = true; + notifications = { + mail.enable = true; + mail.recipient = "faris@mektem.com"; + }; + #devices = [ "DEVICESCAN -a" ]; # autodetect all drives + }; + + + programs.msmtp = { + enable = true; + accounts.default = { + auth = true; + tls = true; + host = "smtp.protonmail.ch"; + port = 587; + from = "faris@mektem.com"; + user = "faris@mektem.com"; + passwordeval = "cat /pool/services/secrets/mail.txt"; + }; + }; + environment.etc."zfs/zed-notify.sh" = { + mode = "0755"; + text = '' + #!/bin/sh + # ZED calls: ZED_EMAIL_PROG "subject" "recipient" + SUBJECT="$1" + TO="$2" + (echo "Subject: $SUBJECT"; echo "To: $TO"; echo ""; cat) | \ + ${pkgs.msmtp}/bin/msmtp "$TO" + ''; + }; + + services.zfs.zed = { + enableMail = true; + settings = { + ZED_EMAIL_ADDR = [ "faris@mektem.com" ]; + ZED_EMAIL_PROG = "/etc/zfs/zed-notify.sh"; # Or ssmtp + ZED_EMAIL_OPTS = ""; + ZED_NOTIFY_INTERVAL_SECS = 3600; + ZED_NOTIFY_VERBOSE = true; # Set to false to only get alerts on degradation + }; + }; + + services.samba = { + enable = true; + openFirewall = true; + settings = { + global = { + "server min protocol" = "SMB2_10"; + "workgroup" = "WORKGROUP"; + "server string" = "smbnix"; + "netbios name" = "smbnix"; + "security" = "user"; + "hosts allow" = "192.168.0. 192.168.30. 192.168.40.10 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "never"; + }; + "data" = { + "path" = "/pool/data"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + }; + + "media" = { + "path" = "/pool/media"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + }; + + "services" = { + "path" = "/pool/services"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + }; + }; + }; + + virtualisation.oci-containers.containers = { + caddy = { + image = "docker.io/caddy"; + autoStart = true; + #autoUpdate = "registry"; + networks = [ "vlan50" ]; + environmentFiles = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/caddy/conf:/etc/caddy" + "/pool/services/podman/caddy/site:/srv" + "/pool/services/podman/caddy/data:/data" + "/pool/services/podman/caddy/config:/config" + ]; + extraOptions = [ + "--ip=192.168.50.31" + ]; + # extraConfig = { + # Service = { + # TimeoutStartSec = 900; + # }; + # }; + }; + + gitea = { + image = "docker.gitea.com/gitea:1.23.7"; + autoStart = true; + #autoUpdate = "registry"; + networks = [ "vlan50" ]; + environmentFiles = [ + "/pool/services/secrets/default" + "/pool/services/secrets/gitea" + ]; + volumes = [ + "/pool/services/podman/gitea:/data" + ]; + extraOptions = [ + "--ip=192.168.50.32" + ]; + # extraConfig = { + # Service = { + # TimeoutStartSec = 900; + # }; + # }; + }; + + # headscale = { + # image = "docker.io/headscale/headscale:stable"; + # autoStart = true; + # #utoUpdate = "registry"; + # networks = [ "vlan50" ]; + # cmd = [ "serve" ]; + # environmentFiles = [ + # "/pool/services/secrets/default" + # ]; + # volumes = [ + # "/pool/services/podman/headscale/config:/etc/headscale:ro" + # "/pool/services/podman/headscale/lib:/var/lib/headscale" + # ]; + # extraOptions = [ + # "--ip=192.168.50.38" + # ]; + # #extraConfig = { + # # Service = { + # # TimeoutStartSec = 900; + # # }; + # ##}; + # }; + + matrix = { + image = "ghcr.io/element-hq/synapse"; + autoStart = true; + #autoUpdate = "registry"; + networks = [ "vlan50" ]; + environmentFiles = [ + "/pool/services/secrets/default" + "/pool/services/secrets/synapse" + ]; + volumes = [ + "/pool/services/podman/synapse:/data" + ]; + extraOptions = [ + "--ip=192.168.50.33" + ]; + # extraConfig = { + # Service = { + # TimeoutStartSec = 900; + # }; + # }; + }; + + nginx = { + image = "docker.io/nginx:latest"; + autoStart = true; + #autoUpdate = "registry"; + networks = [ "vlan50" ]; + environmentFiles = [ + "/pool/services/secrets/default" + "/pool/services/secrets/nginx" + ]; + volumes = [ + "/pool/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro" + "/pool/services/podman/hugo/src/mektem.com/public:/usr/share/nginx/html" + ]; + extraOptions = [ + "--ip=192.168.50.34" + ]; + # extraConfig = { + # Service = { + # TimeoutStartSec = 900; + # }; + # }; + }; + + ntfy = { + image = "docker.io/binwiederhier/ntfy"; + autoStart = true; + #autoUpdate = "registry"; + networks = [ "vlan50" ]; + cmd = [ "serve" ]; + environmentFiles = [ + "/pool/services/secrets/default" + "/pool/services/secrets/ntfy" + ]; + volumes = [ + "/pool/services/podman/ntfy:/var/lib/ntfy" + ]; + extraOptions = [ + "--ip=192.168.50.35" + ]; + # extraConfig = { + # Service = { + # TimeoutStartSec = 900; + # }; + # }; + }; + + privatebin = { + image = "docker.io/privatebin/nginx-fpm-alpine:latest"; + autoStart = true; + #autoUpdate = "registry"; + networks = [ "vlan50" ]; + environmentFiles = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/media/privatebin:/srv/data" + ]; + extraOptions = [ + "--ip=192.168.50.36" + ]; + # extraConfig = { + # Service = { + # TimeoutStartSec = 900; + # }; + # }; + }; + + }; + + system.stateVersion = "24.11"; +} diff --git a/update-desktop.sh b/update-desktop.sh new file mode 100755 index 0000000..a4a2a1a --- /dev/null +++ b/update-desktop.sh @@ -0,0 +1,2 @@ +nix flake update +sudo nixos-rebuild switch --flake .#desktop