Faris/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit - Reset history due to secrets

Browse Source
This commit is contained in:
Faris 2026-04-02 15:52:21 +01:00
commit 64c15d5260
14 changed files with 2903 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

171
config/common.nix Normal file
View File

@ -0,0 +1,171 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
home-manager,
lib,
...
}:
{
# Bootloader
#boot.loader.limine.enable = true;
#boot.loader.systemd-boot.enable = true;
#boot.loader.limine.secureBoot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
#programs.nix-ld = { enable = true; libraries = pkgs.steam-run.fhsenv.args.multiPkgs pkgs; }; # for dynamically links execs
# Enable networking
#networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/London";
# Select internationalisation properties.
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.admin = {
isNormalUser = true;
description = "admin";
shell = pkgs.zsh;
extraGroups = [
#"networkmanager"
"wheel"
"adbusers" # adb
"kvm" # virt
"networkmanager"
"lp" #printing
];
packages = with pkgs; [
];
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# Enable the OpenSSH daemon.
services.openssh.enable = true;
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
programs = {
zsh.enable = true;
};
nix = {
extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
gc.automatic = true;
gc.randomizedDelaySec = "14m";
gc.options = "--delete-older-than 10d";
optimise.automatic = true;
};
# unfree
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
# nvidia
"nvidia-x11"
"nvidia-settings"
# cuda
"cuda_cudart"
"cuda_nvcc"
"cuda_cccl"
"libcublas"
"cuda-merged"
"cuda_cuobjdump"
"cuda_gdb"
"cuda_nvdisasm"
"cuda_nvprune"
"cuda_cupti"
"cuda_cuxxfilt"
"cuda_nvml_dev"
"cuda_nvrtc"
"cuda_nvtx"
"cuda_profiler_api"
"cuda_sanitizer_api"
"libcufft"
"libcurand"
"libcusolver"
"libnvjitlink"
"libcusparse"
"libnpp"
# other
"proton-authenticator"
"obsidian"
"via"
"steam"
"steam-unwrapped"
"osu-lazer-bin"
"corefonts"
"claude-code"
"brgenml1lpr"
];
environment.systemPackages = with pkgs; [
zsh
htop
fastfetch
restic
nixpkgs-fmt
nixfmt-rfc-style
rsync
lm_sensors
pciutils # lspci
usbutils # lsusb
nmap
tree
p7zip
inetutils # telnet
# media
yt-dlp
exiftool
mediainfo
ffmpeg-full
# barcodes
qrencode
zbar
barcode
ghostscript
# documenation
man-pages
man-pages-posix
];
# enable developer documenation
documentation.dev.enable = true;
}

341
config/desktop.nix Normal file
View File

@ -0,0 +1,341 @@
{ pkgs, inputs, ... }:
{
#system.includeBuildDependencies = true; # THIS CAN'T BE INCLUDED IN COMMON YET BECAUSE SERVER DOES NOT HAVE ENOUGH STORAGE
hardware.graphics = {
enable = true;
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.displayManager.gdm.enable = false; # use sddm until gnome 50 due to https://github.com/systemd/systemd/issues/39259
services.displayManager.sddm.enable = true;
services.desktopManager.gnome.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
# Enable CUPS to print documents.
services.printing.enable = true;
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.tailscale.enable = true;
services.printing.drivers = [ pkgs.brlaser pkgs.brgenml1lpr pkgs.brgenml1cupswrapper ];
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Enable automatic login for the user.
# services.displayManager.autoLogin.enable = true;
# services.displayManager.autoLogin.user = "admin";
# services.gnome.gnome-keyring.enable = true;
# security.pam.services.gdm.enableGnomeKeyring = true; #unlock PAM
# Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
#services.xserver.desktopManager.retroarch.extraArgs = [
# "--config=/mnt/services/emulators/retroarch/retroarch.cfg"
#];
services.ollama = {
enable = true;
acceleration = "cuda";
openFirewall = true;
host = "0.0.0.0";
# Optional: preload models, see https://ollama.com/library
loadModels = [ "gemma3:4b-it-qat" ];
package = pkgs.unstable.ollama;
};
hardware.keyboard.qmk.enable = true;
boot = {
# Graphical boot
plymouth.enable = true;
# Allow higher virtual memory for games
kernel.sysctl."vm.max_map_count" = 2147483642;
};
#services.udev.packages = [ pkgs.via ];
environment.gnome.excludePackages = with pkgs; [
epiphany # web browser
geary # email
decibels #audio player
gnome-calendar
gnome-music
gnome-software
gnome-tour
totem # video player
xterm
yelp # help
];
nixpkgs.overlays = [
(final: _: {
# this allows you to access `pkgs.unstable` anywhere in your config
unstable = import inputs.nixpkgs-unstable {
inherit (final.stdenv.hostPlatform) system;
inherit (final) config;
};
})
];
environment.systemPackages = with pkgs; [
audacity
brave
blender
orca-slicer
firefox
gimp
gnomeExtensions.appindicator
gnomeExtensions.blur-my-shell
gnomeExtensions.caffeine
gnomeExtensions.dash-to-dock
inkscape
kiwix
libreoffice
obs-studio
obsidian
unstable.proton-authenticator
unstable.protonmail-desktop
unstable.protonvpn-gui
prismlauncher
unstable.signal-desktop
freecad
tor-browser
wireshark
monero-gui
moonlight-qt
nvtopPackages.nvidia
vscodium
dconf-editor
via
kdePackages.kdenlive
easyeffects
element-desktop
chirp
scrcpy
# AI?
claude-code
# games
heroic
lutris
cataclysm-dda
runelite
zeroad
unciv
endless-sky
wesnoth
mindustry
openrct2
openttd
xonotic
osu-lazer-bin
#ufoai
#inputs.nix-citizen.packages.${system}.rsi-launcher
# game utils
mangohud
umu-launcher
# emu
ryubing
xemu
xenia-canary
#retroarch-full
rpcs3
dolphin-emu
cemu
# backup
keepassxc
jdk
];
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
corefonts
fira-mono
];
fonts.fontconfig = {
antialias = true;
cache32Bit = true;
hinting.enable = true;
hinting.autohint = true;
};
services.sunshine = {
enable = true;
autoStart = true;
capSysAdmin = true;
openFirewall = true;
package = pkgs.sunshine.override {
cudaSupport = true;
};
};
programs = {
adb.enable = true;
localsend = {
enable = true;
openFirewall = true;
};
coolercontrol = {
enable = true;
};
gamescope = {
enable = true;
capSysNice = true;
};
steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
gamemode.enable = true;
dconf = {
enable = true;
profiles.user.databases = [{
lockAll = true; # prevents overriding
settings = {
"org/gnome/shell" = {
favorite-apps = [
"org.gnome.Nautilus.desktop"
"brave-browser.desktop"
"proton-mail.desktop"
"obsidian.desktop"
"signal.desktop"
"element-desktop.desktop"
"steam.desktop"
"org.gnome.Settings.desktop"
"org.gnome.Console.desktop"
];
enabled-extensions = [
pkgs.gnomeExtensions.appindicator.extensionUuid
pkgs.gnomeExtensions.blur-my-shell.extensionUuid
pkgs.gnomeExtensions.caffeine.extensionUuid
pkgs.gnomeExtensions.dash-to-dock.extensionUuid
];
};
"org/gnome/desktop/calendar" = {
show-weekdate = true;
};
"org/gnome/desktop/interface" = {
clock-show-weekday = true;
color-scheme = "prefer-dark";
document-font-name = "Noto Sans 11";
enable-hot-corners = false;
font-name = "Noto Sans 11";
gtk-theme = "Adwaita-dark";
monospace-font-name = "Fira Mono 12";
};
"org/gnome/desktop/peripherals/mouse" = {
accel-profile = "flat";
};
"org/gnome/desktop/wm/preferences" = {
button-layout = ":minimize,maximize,close";
};
"org/gnome/nautilus/list-view" = {
default-zoom-level = "small";
};
"org/gnome/nautilus/preferences" = {
default-folder-viewer = "list-view";
};
"org/gnome/shell/extensions/dash-to-dock" = {
click-action = "minimize-or-previews";
dock-fixed = true;
multi-monitor = true;
show-mounts = false;
show-show-apps-button = true;
apply-custom-theme = true;
};
"org/gnome/shell/keybindings" = {
show-screenshot-ui = ["<Shift><Super>s"];
};
#org.gnome.desktop.input-sources sources [('xkb', 'us'), ('xkb', 'dz+ar')]
};
}];
};
};
fileSystems."/mnt/media" = {
device = "//192.168.0.30/media";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-credentials,uid=1000,gid=1000"];
};
fileSystems."/mnt/services" = {
device = "//192.168.0.30/services";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-credentials,uid=1000,gid=1000"];
};
fileSystems."/mnt/data" = {
device = "//192.168.0.30/data";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-credentials,uid=1000,gid=1000"];
};
programs.virt-manager.enable = true;
users.groups.libvirtd.members = ["admin"];
virtualisation.libvirtd = {
enable = true;
qemu.swtpm.enable = true;
};
virtualisation.spiceUSBRedirection.enable = true;
services.flatpak.enable = true;
# programs.nix-ld = {
# enable = true;
# libraries = with pkgs; [
# (pkgs.runCommand "steamrun-lib" {} "mkdir $out; ln -s ${pkgs.steam-run.fhsenv}/usr/lib64 $out/lib")
# ];
# };
}

459
flake.lock generated Normal file
View File

@ -0,0 +1,459 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1762618334,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm",
"repo": "agenix",
"rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"cachyos-kernel": {
"flake": false,
"locked": {
"lastModified": 1770052877,
"narHash": "sha256-Ejj9F2obMjVoy0Jsugw6txHFaR9ziuErYIt58cIJqzE=",
"owner": "CachyOS",
"repo": "linux-cachyos",
"rev": "1f8a79ffeac6f319a8c0fc3abad27a3ec7762abf",
"type": "github"
},
"original": {
"owner": "CachyOS",
"repo": "linux-cachyos",
"type": "github"
}
},
"cachyos-kernel-patches": {
"flake": false,
"locked": {
"lastModified": 1770051966,
"narHash": "sha256-udCJTbUAEZm5zBrr4zVVjpBLQtCC/vQlkIOLnEGr5Ik=",
"owner": "CachyOS",
"repo": "kernel-patches",
"rev": "bfa4ff5231408610ffcc92898cd1e4c9bd55e452",
"type": "github"
},
"original": {
"owner": "CachyOS",
"repo": "kernel-patches",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769580047,
"narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"nix-cachyos-kernel": {
"inputs": {
"cachyos-kernel": "cachyos-kernel",
"cachyos-kernel-patches": "cachyos-kernel-patches",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1770055712,
"narHash": "sha256-VpbF4JDFPSW2crh0tP5EiegnuTkj3fACs0SLWDhlfPM=",
"owner": "xddxdd",
"repo": "nix-cachyos-kernel",
"rev": "220dce3edcb81188ecb896382699884243d1c2e3",
"type": "github"
},
"original": {
"owner": "xddxdd",
"ref": "release",
"repo": "nix-cachyos-kernel",
"type": "github"
}
},
"nix-citizen": {
"inputs": {
"flake-parts": "flake-parts_2",
"nix-gaming": "nix-gaming",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1769832985,
"narHash": "sha256-PKONM6JUGWviRsv3tZWj72HE0aeHKcHTrzTskj58MRM=",
"owner": "LovingMelody",
"repo": "nix-citizen",
"rev": "47823c1ea4c53153dabd43f08b26f3c67c557542",
"type": "github"
},
"original": {
"owner": "LovingMelody",
"repo": "nix-citizen",
"type": "github"
}
},
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1769653948,
"narHash": "sha256-vOKkxlAREINxBVFzsj+8D3WZkoOPHLcjhweE0hDMwbg=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "60855f0c988b2b4b787f54ddda18a3af44134623",
"type": "github"
},
"original": {
"owner": "fufexan",
"repo": "nix-gaming",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1737420293,
"narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1769302137,
"narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1770107345,
"narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4533d9293756b63904b7238acb84ac8fe4c8c2c4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1770056022,
"narHash": "sha256-yvCz+Qmci1bVucXEyac3TdoSPMtjqVJmVy5wro6j/70=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d04d8548aed39902419f14a8537006426dc1e4fa",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager_2",
"nix-cachyos-kernel": "nix-cachyos-kernel",
"nix-citizen": "nix-citizen",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1769515380,
"narHash": "sha256-CWWK3PaQ7zhr+Jcf5zyaTR2cfRBXPo09H7+5nWApL8s=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "9911802c2822def2eec3d22e2cafd1619ede94a5",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

58
flake.nix Normal file
View File

@ -0,0 +1,58 @@
{
description = "A very basic flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nixos-hardware.url = "github:nixos/nixos-hardware/master";
home-manager.url = "github:nix-community/home-manager/release-25.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{ self, nixpkgs, home-manager, ... }@inputs:
{
nixosConfigurations.desktop = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs;};
#inherit system;
modules = [
./config/common.nix
./config/desktop.nix
./hosts/desktop/hardware.nix
./hosts/desktop/settings.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.admin = {
imports = [
./home/common.nix
./home/desktop.nix
];
};
}
];
};
nixosConfigurations.nixos-server = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs;};
modules = [
./config/common.nix
./hosts/server/hardware.nix
./hosts/server/settings.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.admin = {
imports = [
./home/common.nix
./home/podman.nix
];
};
}
];
};
};
}

77
home/common.nix Normal file
View File

@ -0,0 +1,77 @@
{ config, ...}:
{
home.sessionVariables = {
EDITOR = "nvim";
VISUAL = "nvim";
};
programs = {
neovim = {
enable = true;
viAlias = true;
vimAlias = true;
extraConfig = ''
set nocompatible
syntax on
set fileformat=unix
set encoding=utf8
set number relativenumber
set wrap
set tabstop=4
set shiftwidth=4
set softtabstop=4
set smarttab
set autoindent
set colorcolumn=80
highlight ColorColumn ctermbg=8
set clipboard=unnamed,unnamedplus
set list listchars=tab:>-,trail:_,extends:>,precedes:<,nbsp:~
set showbreak=>
let mapleader=" "
"# disable macro mode
map q <Nop>
'';
};
tmux = {
enable = true;
historyLimit = 10000;
mouse = true;
extraConfig = ''
'';
};
fzf = {
enable = true;
enableZshIntegration = true;
};
zsh = {
enable = true;
dotDir = "${config.xdg.configHome}/zsh";
#enableCompletions = true;
#autosuggestions.enable = true;
syntaxHighlighting.enable = true;
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
theme = "daveverwer";
};
};
git = {
enable = true;
settings.user.Name = "Faris";
settings.user.email = "faris@mektem.com";
};
};
}

55
home/desktop.nix Normal file
View File

@ -0,0 +1,55 @@
{ pkgs, ... }:
{
programs = {
# chromium = {
# enable = true;
# package = pkgs.brave;
# commandLineArgs = [
# #"--sync-url='http://192.168.0.30:8295/v2'"
# ];
# };
mpv = {
enable = true;
package = (
pkgs.mpv-unwrapped.wrapper {
scripts = with pkgs.mpvScripts; [
sponsorblock
];
mpv = pkgs.mpv-unwrapped.override {
waylandSupport = true;
};
}
);
config = {
profile = "high-quality";
ytdl-format = "bestvideo+bestaudio";
cache-default = 4000000;
loop-file = "inf";
};
extraInput = ''
r cycle_values video-rotate 90 180 270 0
'';
};
};
# add bookmarks for shared drives
xdg.configFile."gtk-3.0/bookmarks" = {
force = true;
text = ''
file:/// root
file:///mnt/data data
file:///mnt/media media
file:///mnt/services services
'';
};
# Don't touch
home.stateVersion = "24.11";
}

1127
home/podman.nix Normal file
View File

File diff suppressed because it is too large Load Diff

47
hosts/desktop/hardware.nix Normal file
View File

@ -0,0 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "nvidia-uvm" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/bd28421d-7ec4-4b23-964d-c07a6f351e1f";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-e3a81f8e-3ae9-494b-a329-a6f860b10e34".device = "/dev/disk/by-uuid/e3a81f8e-3ae9-494b-a329-a6f860b10e34";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D47C-5FCE";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/be22d9db-283a-4dd9-93d5-1006e392724b"; }
];
fileSystems."/run/media/admin/08cabc7a-9a6e-4c21-8a07-6663af77b705" =
{ device = "/dev/disk/by-uuid/08cabc7a-9a6e-4c21-8a07-6663af77b705";
fsType = "ext4";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp42s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

72
hosts/desktop/settings.nix Normal file
View File

@ -0,0 +1,72 @@
{ config, pkgs, inputs, ... }:
{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
wireplumber.enable = true;
};
services.displayManager.gdm.enable = false;
services.displayManager.sddm.enable = true;
boot = {
initrd.luks.devices."luks-cbf20b12-90f7-4fbb-95d3-1320eece4d89".device = "/dev/disk/by-uuid/cbf20b12-90f7-4fbb-95d3-1320eece4d89";
kernelParams = [
"nvidia_drm.modeset=1"
"nvidia_drm.fbdev=1"
"nvidia.NVreg_PreserveVideoMemoryAllocations=1"
"module_blacklist=amdgpu"
];
};
networking = {
hostName = "nixos-desktop";
interfaces.enp42s0 = {
wakeOnLan.enable = true;
ipv4.addresses = [
{
address = "192.168.30.40";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.30.1";
nameservers = [ "192.168.0.1" "1.1.1.1" ];
};
services = {
xserver.videoDrivers = [ "nvidia" ];
};
hardware.nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = false;
open = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
# this fixes the sleep/wake issue
# systemd.services."systemd-suspend" = {
# serviceConfig = {
# Environment = ''"SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false"'';
# };
# };
# fixes hardware accel on nvidia open
hardware.graphics.extraPackages = [
pkgs.nvidia-vaapi-driver
];
environment.variables = {
NVD_BACKEND = "direct";
LIBVA_DRIVER_NAME = "nvidia";
};
system.stateVersion = "24.11";
}

40
hosts/laptop/settings.nix Normal file
View File

@ -0,0 +1,40 @@
{
networking = {
hostName = "nixos-laptop";
interfaces.enp7s0 = {
ipv4.addresses = [
{
address = "192.168.0.41";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.0.1";
nameservers = [ "192.168.0.1" "1.1.1.1" ];
networkmanager.wifi.powersave = true;
};
services = {
auto-cpufreq = {
enable = true;
settings = {
battery = {
governor = "powersave";
turbo = "never";
};
charger = {
governor = "performance";
turbo = "auto";
};
};
};
# fwupdmgr update (bios updates)
fwupd.enable = true;
thermald.enable = true;
};
powerManagement.powertop.enable = true;
system.stateVersion = "24.11";
}

22
hosts/server-nut/settings.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
{
networking = {
hostName = "nixos-server-nut";
hostId = "d5a2ce61";
firewall.enable = false;
interfaces.ens18 = {
ipv4.addresses = [
{
address = "192.168.0.20";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.0.1";
nameservers = [ "192.168.0.1" "1.1.1.1" ];
};
users.users.admin.linger = true;
system.stateVersion = "24.11";
}

40
hosts/server/hardware.nix Normal file
View File

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "mpt3sas" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/b9cc7972-36ae-4cb4-a6f4-e342eaca679e";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/542D-865C";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/1032bbd9-0124-419f-a696-a977755aaf17"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

392
hosts/server/settings.nix Normal file
View File

@ -0,0 +1,392 @@
{ config, pkgs, ... }:
{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
#boot.loader.limine.biosDevice = "/dev/vda";
#boot.loader.efi.efiSysMountPoint = "/boot";
systemd.services.podman-network-vlan50 = {
description = "Create podman vlan50 network";
after = [ "network.target" ];
before = [ "podman-nginx.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
if ! ${pkgs.podman}/bin/podman network exists vlan50; then
${pkgs.podman}/bin/podman network create \
--driver macvlan \
--opt parent=vlan50 \
--subnet 192.168.50.0/24 \
--gateway 192.168.50.1 \
vlan50
fi
'';
};
networking = {
vlans = {
vlan50 = {
id = 50;
interface = "enp7s0";
};
};
hostName = "nixos-server";
hostId = "bbe3b289";
firewall.enable = false;
interfaces.vlan50 = {
ipv4.addresses = [
{
address = "192.168.50.30";
prefixLength = 24;
}
];
};
interfaces.enp7s0 = {
ipv4.addresses = [
{
address = "192.168.0.30";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.0.1";
nameservers = [ "192.168.0.1" "1.1.1.1" ];
};
users.users.admin.linger = true;
hardware.graphics = {
enable = true;
enable32Bit = true; # only needed if you run 32-bit apps
extraPackages = with pkgs; [
mesa.drivers
libva
libva-utils # provides vainfo
];
};
boot.kernel.sysctl = {
"net.ipv4.ip_unprivileged_port_start" = 0;
"net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.conf.all.forwarding" = 1;
"net.ipv4.ip_forward" = 1;
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
autoPrune.enable = true;
autoPrune.flags = [ "--all" ];
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
services.restic.backups.backup = {
initialize = true;
environmentFile = "/pool/services/secrets/restic/environmentFile";
repositoryFile = "/pool/services/secrets/restic/repositoryFile";
passwordFile = "/pool/services/secrets/restic/passwordFile";
paths = [
"/pool/services"
"/pool/data"
];
exclude = [
"/pool/services/cctv"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
];
};
# systemd.timers."prune-podman" = {
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnCalendar = "weekly";
# Persistent = true;
# Unit = "podman-prune.service";
# };
# };
# systemd.services."prune-podman" = {
# script = ''
# set -eu
# ${pkgs.podman}/bin/podman system prune -af
# '';
# serviceConfig = {
# Type = "oneshot";
# User = "admin";
# };
# };
# give permissions for zigbee USB transceiver
system.activationScripts.script.text = ''chmod o+rw /dev/ttyACM0'';
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false;
boot.zfs.extraPools = [ "pool" ];
services.zfs.autoScrub = {
enable = true;
};
services.zfs.autoSnapshot.enable = true;
services.smartd = {
enable = true;
notifications = {
mail.enable = true;
mail.recipient = "faris@mektem.com";
};
#devices = [ "DEVICESCAN -a" ]; # autodetect all drives
};
programs.msmtp = {
enable = true;
accounts.default = {
auth = true;
tls = true;
host = "smtp.protonmail.ch";
port = 587;
from = "faris@mektem.com";
user = "faris@mektem.com";
passwordeval = "cat /pool/services/secrets/mail.txt";
};
};
environment.etc."zfs/zed-notify.sh" = {
mode = "0755";
text = ''
#!/bin/sh
# ZED calls: ZED_EMAIL_PROG "subject" "recipient"
SUBJECT="$1"
TO="$2"
(echo "Subject: $SUBJECT"; echo "To: $TO"; echo ""; cat) | \
${pkgs.msmtp}/bin/msmtp "$TO"
'';
};
services.zfs.zed = {
enableMail = true;
settings = {
ZED_EMAIL_ADDR = [ "faris@mektem.com" ];
ZED_EMAIL_PROG = "/etc/zfs/zed-notify.sh"; # Or ssmtp
ZED_EMAIL_OPTS = "";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NOTIFY_VERBOSE = true; # Set to false to only get alerts on degradation
};
};
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"server min protocol" = "SMB2_10";
"workgroup" = "WORKGROUP";
"server string" = "smbnix";
"netbios name" = "smbnix";
"security" = "user";
"hosts allow" = "192.168.0. 192.168.30. 192.168.40.10 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "never";
};
"data" = {
"path" = "/pool/data";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
};
"media" = {
"path" = "/pool/media";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
};
"services" = {
"path" = "/pool/services";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
};
};
};
virtualisation.oci-containers.containers = {
caddy = {
image = "docker.io/caddy";
autoStart = true;
#autoUpdate = "registry";
networks = [ "vlan50" ];
environmentFiles = [
"/pool/services/secrets/default"
];
volumes = [
"/pool/services/podman/caddy/conf:/etc/caddy"
"/pool/services/podman/caddy/site:/srv"
"/pool/services/podman/caddy/data:/data"
"/pool/services/podman/caddy/config:/config"
];
extraOptions = [
"--ip=192.168.50.31"
];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
};
gitea = {
image = "docker.gitea.com/gitea:1.23.7";
autoStart = true;
#autoUpdate = "registry";
networks = [ "vlan50" ];
environmentFiles = [
"/pool/services/secrets/default"
"/pool/services/secrets/gitea"
];
volumes = [
"/pool/services/podman/gitea:/data"
];
extraOptions = [
"--ip=192.168.50.32"
];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
};
# headscale = {
# image = "docker.io/headscale/headscale:stable";
# autoStart = true;
# #utoUpdate = "registry";
# networks = [ "vlan50" ];
# cmd = [ "serve" ];
# environmentFiles = [
# "/pool/services/secrets/default"
# ];
# volumes = [
# "/pool/services/podman/headscale/config:/etc/headscale:ro"
# "/pool/services/podman/headscale/lib:/var/lib/headscale"
# ];
# extraOptions = [
# "--ip=192.168.50.38"
# ];
# #extraConfig = {
# # Service = {
# # TimeoutStartSec = 900;
# # };
# ##};
# };
matrix = {
image = "ghcr.io/element-hq/synapse";
autoStart = true;
#autoUpdate = "registry";
networks = [ "vlan50" ];
environmentFiles = [
"/pool/services/secrets/default"
"/pool/services/secrets/synapse"
];
volumes = [
"/pool/services/podman/synapse:/data"
];
extraOptions = [
"--ip=192.168.50.33"
];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
};
nginx = {
image = "docker.io/nginx:latest";
autoStart = true;
#autoUpdate = "registry";
networks = [ "vlan50" ];
environmentFiles = [
"/pool/services/secrets/default"
"/pool/services/secrets/nginx"
];
volumes = [
"/pool/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"
"/pool/services/podman/hugo/src/mektem.com/public:/usr/share/nginx/html"
];
extraOptions = [
"--ip=192.168.50.34"
];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
};
ntfy = {
image = "docker.io/binwiederhier/ntfy";
autoStart = true;
#autoUpdate = "registry";
networks = [ "vlan50" ];
cmd = [ "serve" ];
environmentFiles = [
"/pool/services/secrets/default"
"/pool/services/secrets/ntfy"
];
volumes = [
"/pool/services/podman/ntfy:/var/lib/ntfy"
];
extraOptions = [
"--ip=192.168.50.35"
];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
};
privatebin = {
image = "docker.io/privatebin/nginx-fpm-alpine:latest";
autoStart = true;
#autoUpdate = "registry";
networks = [ "vlan50" ];
environmentFiles = [
"/pool/services/secrets/default"
];
volumes = [
"/pool/media/privatebin:/srv/data"
];
extraOptions = [
"--ip=192.168.50.36"
];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
};
};
system.stateVersion = "24.11";
}

2
update-desktop.sh Executable file
View File

@ -0,0 +1,2 @@
nix flake update
sudo nixos-rebuild switch --flake .#desktop