Faris/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

creds

Browse Source
This commit is contained in:
Faris 2025-07-16 12:10:32 +01:00
parent ba48c2c3a4
commit f71e9df93f
9 changed files with 483 additions and 292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
config/common.nix
View File

@ -10,6 +10,10 @@
}:
{
# Bootloader
boot.loader.limine.enable = true;
#boot.loader.limine.secureBoot.enable = true;
# Enable networking
networking.networkmanager.enable = true;
@ -69,22 +73,31 @@
zsh.enable = true;
};
fileSystems."/mnt/media" = {
device = "192.168.0.20:/mnt/pool/media";
fsType = "nfs";
};
fileSystems."/mnt/services" = {
device = "192.168.0.20:/mnt/pool/services";
fsType = "nfs";
};
fileSystems."/mnt/data" = {
device = "192.168.0.20:/mnt/pool/data";
fsType = "nfs";
};
nix = {
extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
gc.automatic = true;
optimise.automatic = true;
};
# unfree
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
zsh
htop
fastfetch
restic
nixpkgs-fmt
nixfmt-rfc-style
rsync
lm_sensors
pciutils # lspci
usbutils # lsusb
nmap
tree
];
}

144
config/desktop.nix
View File

@ -2,7 +2,7 @@
{
powerManagement.powertop.enable = true;
#system.includeBuildDependencies = true; # THIS CAN'T BE INCLUDED IN COMMON YET BECAUSE SERVER DOES NOT HAVE ENOUGH STORAGE
hardware.graphics = {
enable = true;
@ -14,6 +14,7 @@
# Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
services.gnome.gnome-keyring.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
@ -26,6 +27,26 @@
# Enable CUPS to print documents.
services.printing.enable = true;
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# services.printing.drivers = [ pkgs.brgenml1lpr pkgs.brgenml1cupswrapper ];
# hardware.printers = {
# ensurePrinters = [
# {
# name = "DCP-L8410CDWW";
# location = "Home";
# deviceUri = "http://192.168.0.177:631/ipp/print";
# model = "drv:///cupsfilters.drv/pwgrast.ppd";
# ppdOptions = {
# PageSize = "A4";
# };
# }
# ];
# ensureDefaultPrinter = "DCP-L8410CDWW";
# };
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
@ -45,8 +66,16 @@
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
services.ollama = {
enable = true;
acceleration = "cuda";
openFirewall = true;
host = "0.0.0.0";
# Optional: preload models, see https://ollama.com/library
loadModels = [ "deepseek-r1" ];
};
hardware.keyboard.qmk.enable = true;
boot = {
# Graphical boot
@ -55,9 +84,12 @@
kernel.sysctl."vm.max_map_count" = 2147483642;
};
#services.udev.packages = [ pkgs.via ];
environment.gnome.excludePackages = with pkgs; [
epiphany # web browser
geary # email
decibels #audio player
gnome-calendar
gnome-music
gnome-software
@ -77,48 +109,59 @@
gnomeExtensions.caffeine
gnomeExtensions.dash-to-dock
inkscape
joplin-desktop
kiwix
libreoffice
obs-studio
ollama
protonmail-desktop
prismlauncher
ungoogled-chromium
signal-desktop
tor-browser
wireshark
monero-gui
vscodium
zsh
brave
dconf-editor
localsend
via
kdePackages.kdenlive
#gaymig?
# games
heroic
lutris
cataclysm-dda
runelite
zeroad
unciv
endless-sky
wesnoth
mindustry
openrct2
openttd
xonotic
# game utils
mangohud
umu-launcher
#TUI
fastfetch
nixfmt-rfc-style
# emu
ryubing
xemu
retroarch-full
rpcs3
cemu
# media
yt-dlp
exiftool
#tree?
#ntfs-3g?
ffmpeg-full
htop
lm_sensors
mangohud
mediainfo
pciutils # lspci
usbutils # lsusb
ffmpeg-full
nmap
umu-launcher
# barcodes
qrencode
smartmontools
zbar
barcode
ghostscript
# backup
keepassxc
];
fonts.packages = with pkgs; [
@ -130,8 +173,20 @@
fantasque-sans-mono
];
services.sunshine = {
enable = true;
autoStart = true;
capSysAdmin = true;
openFirewall = true;
};
programs = {
adb.enable = true;
localsend = {
enable = true;
openFirewall = true;
};
coolercontrol = {
enable = true;
@ -202,11 +257,12 @@
default-folder-viewer = "list-view";
};
"org/gnome/shell/extensions/dash-to-dock" = {
click-action = "focus-minimize-or-previews";
click-action = "minimize-or-previews";
dock-fixed = true;
multi-monitor = true;
show-mounts = false;
show-show-apps-button = false;
show-show-apps-button = true;
apply-custom-theme = true;
};
"org/gnome/shell/keybindings" = {
show-screenshot-ui = ["<Shift><Super>s"];
@ -216,4 +272,40 @@
};
};
fileSystems."/mnt/media" = {
device = "//192.168.0.30/media";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},username=admin,password=Ch19blizz9,uid=1000,gid=1000"];
};
fileSystems."/mnt/services" = {
device = "//192.168.0.30/services";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},username=admin,password=Ch19blizz9,uid=1000,gid=1000"];
};
fileSystems."/mnt/data" = {
device = "//192.168.0.30/data";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},username=admin,password=Ch19blizz9,uid=1000,gid=1000"];
};
programs.virt-manager.enable = true;
users.groups.libvirtd.members = ["admin"];
virtualisation.libvirtd = {
enable = true;
qemu.swtpm.enable = true;
};
virtualisation.spiceUSBRedirection.enable = true;
}

24
flake.lock generated
View File

@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1747575206,
"narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "4835b1dc898959d8547a871ef484930675cb47f1",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
@ -71,11 +71,11 @@
]
},
"locked": {
"lastModified": 1747556831,
"narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",
"lastModified": 1752208517,
"narHash": "sha256-aRY1cYOdVdXdNjcL/Twpa27CknO7pVHxooPsBizDraE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",
"rev": "c6a01e54af81b381695db796a43360bf6db5702f",
"type": "github"
},
"original": {
@ -87,11 +87,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1747129300,
"narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
"lastModified": 1752048960,
"narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "e81fd167b33121269149c57806599045fd33eeed",
"rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806",
"type": "github"
},
"original": {
@ -119,11 +119,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1747825515,
"narHash": "sha256-BWpMQymVI73QoKZdcVCxUCCK3GNvr/xa2Dc4DM1o2BE=",
"lastModified": 1751943650,
"narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "cd2812de55cf87df88a9e09bf3be1ce63d50c1a6",
"rev": "88983d4b665fb491861005137ce2b11a9f89f203",
"type": "github"
},
"original": {

8
home/desktop.nix
View File

@ -2,6 +2,13 @@
{
programs = {
chromium = {
enable = true;
package = pkgs.brave;
commandLineArgs = [
#"--sync-url='http://192.168.0.30:8295/v2'"
];
};
mpv = {
enable = true;
@ -9,7 +16,6 @@
package = (
pkgs.mpv-unwrapped.wrapper {
scripts = with pkgs.mpvScripts; [
#uosc
sponsorblock
];

299
home/podman.nix
View File

@ -17,10 +17,10 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/actual:/data"
"/pool/services/podman/actual:/data"
];
ports = [
"5006:5006"
@ -38,11 +38,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/archivebox"
"/pool/services/secrets/default"
"/pool/services/secrets/archivebox"
];
volumes = [
"/mnt/services/podman/archivebox:/data"
"/pool/services/podman/archivebox:/data"
];
ports = [
"8002:8000"
@ -60,12 +60,12 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/bazarr:/config"
"/mnt/media/video/movies:/movies"
"/mnt/media/video/tv:/tv"
"/pool/services/podman/bazarr:/config"
"/pool/media/video/movies:/movies"
"/pool/media/video/tv:/tv"
];
ports = [
"6767:6767"
@ -83,10 +83,10 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/ddclient:/config"
"/pool/services/podman/ddclient:/config"
];
extraConfig = {
Service = {
@ -101,10 +101,10 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/eclipse-mosquitto:/mosquitto"
"/pool/services/podman/eclipse-mosquitto:/mosquitto"
];
ports = [
"1883:1883"
@ -123,10 +123,10 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/home/admin/podman/freshrss:/config"
"/pool/services/podman/freshrss:/config"
];
ports = [
"8555:80"
@ -145,13 +145,13 @@
network = "bridge";
devices = [ "nvidia.com/gpu=all" ];
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/frigate"
"/pool/services/secrets/default"
"/pool/services/secrets/frigate"
];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/mnt/services/podman/frigate:/config"
"/mnt/services/cctv:/media/frigate"
"/pool/services/podman/frigate:/config"
"/pool/services/cctv:/media/frigate"
];
ports = [
"5005:5000"
@ -172,11 +172,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/gitea"
"/pool/services/secrets/default"
"/pool/services/secrets/gitea"
];
volumes = [
"/mnt/services/podman/gitea:/data"
"/pool/services/podman/gitea:/data"
];
ports = [
"3001:3000"
@ -195,11 +195,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/mnt/services/podman/homeassistant:/config"
"/pool/services/podman/homeassistant:/config"
];
ports = [
"8123:8123"
@ -217,11 +217,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/immich"
"/pool/services/secrets/default"
"/pool/services/secrets/immich"
];
volumes = [
"/mnt/services/podman/immich/db:/var/lib/postgresql/data:z"
"/pool/services/podman/immich/db:/var/lib/postgresql/data:z"
];
ports = [
"5433:5432"
@ -240,11 +240,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/immich"
"/pool/services/secrets/default"
"/pool/services/secrets/immich"
];
volumes = [
"/mnt/services/podman/immich/cache:/cache"
"/pool/services/podman/immich/cache:/cache"
];
ports = [
"3003:3003"
@ -262,8 +262,8 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/immich"
"/pool/services/secrets/default"
"/pool/services/secrets/immich"
];
ports = [
"6379:6379"
@ -281,11 +281,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/immich"
"/pool/services/secrets/default"
"/pool/services/secrets/immich"
];
volumes = [
"/mnt/services/immich:/usr/src/app/upload"
"/pool/services/immich:/usr/src/app/upload"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
@ -304,15 +304,15 @@
network = "bridge";
devices = [ "nvidia.com/gpu=all" ];
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/jellyfin:/config"
"/mnt/media/video/movies:/movies"
"/mnt/media/video/tv:/tv"
"/mnt/media/audio/music/flac:/music"
"/mnt/media/video/family:/family"
"/mnt/media/video/livetv:/livetv"
"/pool/services/podman/jellyfin:/config"
"/pool/media/video/movies:/movies"
"/pool/media/video/tv:/tv"
"/pool/media/audio/music/flac:/music"
"/pool/media/video/family:/family"
"/pool/media/video/livetv:/livetv"
];
ports = [
"8096:8096"
@ -330,10 +330,10 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/jellyseerr:/app/config"
"/pool/services/podman/jellyseerr:/app/config"
];
ports = [
"5055:5055"
@ -351,8 +351,8 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/joplin"
"/pool/services/secrets/default"
"/pool/services/secrets/joplin"
];
ports = [
"22300:22300"
@ -370,11 +370,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/joplin"
"/pool/services/secrets/default"
"/pool/services/secrets/joplin"
];
volumes = [
"/home/admin/podman/joplin-db:/var/lib/postgresql/data"
"/pool/services/podman/joplin-db:/var/lib/postgresql/data"
];
ports = [
"5432:5432"
@ -393,10 +393,10 @@
network = "bridge";
exec = "*.zim";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/media/kiwix:/data"
"/pool/media/kiwix:/data"
];
ports = [
"8088:8080"
@ -414,12 +414,12 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/lidarr:/config"
"/mnt/media/audio/music/flac:/music"
"/mnt/media/torrents:/downloads"
"/pool/services/podman/lidarr:/config"
"/pool/media/audio/music/flac:/music"
"/pool/media/torrents:/downloads"
];
ports = [
"8686:8686"
@ -437,11 +437,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/media/youtube-dl:/downloads"
"/mnt/media/audio/music/flac:/music"
"/pool/media/youtube-dl:/downloads"
"/pool/media/audio/music/flac:/music"
];
ports = [
"8081:8081"
@ -459,12 +459,12 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/nginx"
"/pool/services/secrets/default"
"/pool/services/secrets/nginx"
];
volumes = [
"/mnt/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"
"/mnt/services/podman/nginx/html:/usr/share/nginx/html"
"/pool/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"
"/pool/services/podman/nginx/html:/usr/share/nginx/html"
];
ports = [
"888:80"
@ -482,11 +482,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/nginx-proxy-manager:/data"
"/mnt/services/podman/letsencrypt:/etc/letsencrypt"
"/pool/services/podman/nginx-proxy-manager:/data"
"/pool/services/podman/letsencrypt:/etc/letsencrypt"
];
ports = [
"80:80"
@ -500,6 +500,24 @@
};
};
ntp = {
image = "docker.io/cturra/ntp";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
];
ports = [
"123:123/udp"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
ollama = {
image = "docker.io/ollama/ollama:latest";
autoStart = true;
@ -507,11 +525,11 @@
network = "bridge";
devices = [ "nvidia.com/gpu=all" ];
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/ollama"
"/pool/services/secrets/default"
"/pool/services/secrets/ollama"
];
volumes = [
"/mnt/services/podman/ollama:/root/.ollama"
"/pool/services/podman/ollama:/root/.ollama"
];
ports = [
"11434:11434"
@ -529,11 +547,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/open-webui"
"/pool/services/secrets/default"
"/pool/services/secrets/open-webui"
];
volumes = [
"/mnt/services/podman/open-webui:/app/backend/data"
"/pool/services/podman/open-webui:/app/backend/data"
];
ports = [
"3000:8080"
@ -551,14 +569,14 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/paperless-ngx"
"/pool/services/secrets/default"
"/pool/services/secrets/paperless-ngx"
];
volumes = [
"/mnt/services/podman/paperless-ngx/data:/usr/src/paperless/data"
"/mnt/services/podman/paperless-ngx/media:/usr/src/paperless/media"
"/mnt/services/podman/paperless-ngx/export:/usr/src/paperless/export"
"/mnt/data/scans:/usr/src/paperless/consume"
"/pool/services/podman/paperless-ngx/data:/usr/src/paperless/data"
"/pool/services/podman/paperless-ngx/media:/usr/src/paperless/media"
"/pool/services/podman/paperless-ngx/export:/usr/src/paperless/export"
"/pool/data/scans:/usr/src/paperless/consume"
];
ports = [
"8010:8000"
@ -576,7 +594,7 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
ports = [
"6380:6379"
@ -594,10 +612,10 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/prowlarr:/config"
"/pool/services/podman/prowlarr:/config"
];
ports = [
"9696:9696"
@ -615,12 +633,12 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/radarr:/config"
"/mnt/media/video/movies:/movies"
"/mnt/media/torrents:/downloads"
"/pool/services/podman/radarr:/config"
"/pool/media/video/movies:/movies"
"/pool/media/torrents:/downloads"
];
ports = [
"7878:7878"
@ -638,12 +656,12 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/readarr:/config"
"/mnt/media/books:/books"
"/mnt/media/torrents:/downloads"
"/pool/services/podman/readarr:/config"
"/pool/media/books:/books"
"/pool/media/torrents:/downloads"
];
ports = [
"8787:8787"
@ -661,12 +679,12 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/home/admin/podman/rutorrent/passwd:/passwd"
"/home/admin/podman/rutorrent/data:/data"
"/mnt/media/torrents:/downloads"
"/pool/services/podman/rutorrent/passwd:/passwd"
"/pool/services/podman/rutorrent/data:/data"
"/pool/media/torrents:/downloads"
];
ports = [
"8888:8080"
@ -686,10 +704,10 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/searxng:/etc/searxng"
"/pool/services/podman/searxng:/etc/searxng"
];
ports = [
"8880:8080"
@ -707,12 +725,12 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/sonarr:/config"
"/mnt/media/video/tv:/tv"
"/mnt/media/torrents:/downloads"
"/pool/services/podman/sonarr:/config"
"/pool/media/video/tv:/tv"
"/pool/media/torrents:/downloads"
];
ports = [
"8989:8989"
@ -730,12 +748,12 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/tandoor"
"/pool/services/secrets/default"
"/pool/services/secrets/tandoor"
];
volumes = [
"/mnt/services/podman/tandoor/staticfiles:/opt/recipes/staticfiles"
"/mnt/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles"
"/pool/services/podman/tandoor/staticfiles:/opt/recipes/staticfiles"
"/pool/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles"
];
ports = [
"9092:8080"
@ -753,11 +771,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/tandoor"
"/pool/services/secrets/default"
"/pool/services/secrets/tandoor"
];
volumes = [
"/home/admin/podman/tandoor/db:/var/lib/postgresql/data"
"/pool/services/podman/tandoor/db:/var/lib/postgresql/data"
];
ports = [
"5434:5432"
@ -775,10 +793,10 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/thelounge:/config"
"/pool/services/podman/thelounge:/config"
];
ports = [
"9000:9000"
@ -790,62 +808,17 @@
};
};
unifi-network-application = {
image = "lscr.io/linuxserver/unifi-network-application:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/unifi-network-application"
];
volumes = [
"/mnt/services/podman/unifi-network-application:/config"
];
ports = [
"8443:8443"
"10001:10001/udp"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
unifi-network-application-db = {
image = "docker.io/mongo:7.0";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/unifi-network-application"
];
volumes = [
"/mnt/services/podman/unifi-network-application-db"
];
ports = [
"27017:27017"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
vaultwarden = {
image = "docker.io/vaultwarden/server:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/vaultwarden"
"/pool/services/secrets/default"
"/pool/services/secrets/vaultwarden"
];
volumes = [
"/mnt/services/podman/vaultwarden:/data/"
"/pool/services/podman/vaultwarden:/data/"
];
ports = [
"8000:80"
@ -864,11 +837,11 @@
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/webdav"
"/pool/services/secrets/default"
"/pool/services/secrets/webdav"
];
volumes = [
"/mnt/services/webdav:/var/lib/dav"
"/pool/services/webdav:/var/lib/dav"
];
ports = [
"8009:80"
@ -891,11 +864,11 @@
"SYS_MODULE"
];
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/wireguard"
"/pool/services/secrets/default"
"/pool/services/secrets/wireguard"
];
volumes = [
"/mnt/services/podman/wireguard:/config"
"/pool/services/podman/wireguard:/config"
#"/lib/modules:/lib/modules"
];
ports = [
@ -915,10 +888,10 @@
network = "bridge";
devices = [ "/dev/ttyACM0:/dev/ttyACM0" ];
environmentFile = [
"/mnt/services/secrets/default"
"/pool/services/secrets/default"
];
volumes = [
"/mnt/services/podman/zigbee2mqtt:/app/data"
"/pool/services/podman/zigbee2mqtt:/app/data"
];
ports = [
"8808:8080"

42
hosts/desktop/settings.nix
View File

@ -1,21 +1,37 @@
{ config, ... }:
{
boot.kernelParams = [
"nvidia_drm.modeset=1"
"nvidia_drm.fbdev=1"
"nvidia.NVreg_PreserveVideoMemoryAllocations=1"
"module_blacklist=amdgpu"
];
networking.hostName = "nixos-desktop";
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices."luks-d6ea38c1-693a-4aa1-b844-24f005b321ab".device =
"/dev/disk/by-uuid/d6ea38c1-693a-4aa1-b844-24f005b321ab";
boot = {
initrd.luks.devices."luks-d6ea38c1-693a-4aa1-b844-24f005b321ab".device =
"/dev/disk/by-uuid/d6ea38c1-693a-4aa1-b844-24f005b321ab";
kernelParams = [
"nvidia_drm.modeset=1"
"nvidia_drm.fbdev=1"
"nvidia.NVreg_PreserveVideoMemoryAllocations=1"
"module_blacklist=amdgpu"
];
};
services.xserver.videoDrivers = [ "nvidia" ];
networking = {
hostName = "nixos-desktop";
interfaces.enp7s0 = {
wakeOnLan.enable = true;
ipv4.addresses = [
{
address = "192.168.0.40";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.0.1";
nameservers = [ "192.168.0.1" "1.1.1.1" ];
};
services = {
ollama.loadModels = [ "deepseek-r1:14b" ];
xserver.videoDrivers = [ "nvidia" ];
};
hardware.nvidia = {
modesetting.enable = true;

40
hosts/laptop/settings.nix Normal file
View File

@ -0,0 +1,40 @@
{
networking = {
hostName = "nixos-laptop";
interfaces.enp7s0 = {
ipv4.addresses = [
{
address = "192.168.0.41";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.0.1";
nameservers = [ "192.168.0.1" "1.1.1.1" ];
networkmanager.wifi.powersave = true;
};
services = {
auto-cpufreq = {
enable = true;
settings = {
battery = {
governor = "powersave";
turbo = "never";
};
charger = {
governor = "performance";
turbo = "auto";
};
};
};
# fwupdmgr update (bios updates)
fwupd.enable = true;
thermald.enable = true;
};
powerManagement.powertop.enable = true;
system.stateVersion = "24.11";
}

177
hosts/server/settings.nix
View File

@ -1,50 +1,48 @@
{ config, pkgs, ... }:
{
networking = {
hostName = "nixos-server";
hostId = "bbe3b289";
firewall.enable = false;
interfaces.ens18 = {
ipv4.addresses = [
{
address = "192.168.0.40";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.0.1";
nameservers = [ "192.168.0.1" "1.1.1.1" ];
};
age.secrets = {
"restic/environmentFile".file = ../../secrets/restic/environmentFile.age;
"restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age;
"restic/passwordFile".file = ../../secrets/restic/passwordFile.age;
"zfs/pool.key".file = ../../secrets/zfs/pool.key.age
};
users.users.admin.linger = true;
age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ];
nixpkgs.config.allowUnfree = true;
hardware.nvidia-container-toolkit.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.graphics.enable = true;
hardware.nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = false;
open = false;
nvidiaSettings = false;
package = config.boot.kernelPackages.nvidiaPackages.stable;
hardware = {
graphics.enable = true;
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = false;
open = false;
nvidiaSettings = false;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
nvidia-container-toolkit.enable = true;
};
networking.hostName = "nixos-server";
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
boot.loader.grub.useOSProber = true;
environment.systemPackages = with pkgs; [
zsh
htop
fastfetch
restic
nixpkgs-fmt
nixfmt-rfc-style
];
networking.firewall.enable = false;
networking.interfaces.ens18.ipv4.addresses = [
{
address = "192.168.0.30";
prefixLength = 24;
}
];
networking.defaultGateway = "192.168.0.1";
networking.nameservers = [ "1.1.1.1" ];
boot.kernel.sysctl = {
"net.ipv4.ip_unprivileged_port_start" = 80;
"net.ipv4.conf.all.src_valid_mark" = 1;
@ -64,12 +62,6 @@
};
};
age.secrets = {
"restic/environmentFile".file = ../../secrets/restic/environmentFile.age;
"restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age;
"restic/passwordFile".file = ../../secrets/restic/passwordFile.age;
};
services.restic.backups.backup = {
initialize = true;
environmentFile = config.age.secrets."restic/environmentFile".path;
@ -77,12 +69,12 @@
passwordFile = config.age.secrets."restic/passwordFile".path;
paths = [
"/mnt/services"
"/mnt/data"
"/pool/services"
"/pool/data"
];
exclude = [
"/mnt/services/cctv"
"/pool/services/cctv"
];
pruneOpts = [
@ -93,29 +85,86 @@
};
systemd.timers."prune-podman" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
Unit = "podman-prune.service";
# systemd.timers."prune-podman" = {
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnCalendar = "weekly";
# Persistent = true;
# Unit = "podman-prune.service";
# };
# };
# systemd.services."prune-podman" = {
# script = ''
# set -eu
# ${pkgs.podman}/bin/podman system prune -af
# '';
# serviceConfig = {
# Type = "oneshot";
# User = "admin";
# };
# };
# give permissions for zigbee USB transceiver
system.activationScripts.script.text = ''chmod o+rw /dev/ttyACM0'';
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false;
boot.zfs.extraPools = [ "pool" ];
environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path;
services.zfs.autoScrub = {
enable = true;
interval = "weekly";
};
services.zfs.autoSnapshot.enable = true;
services.zfs.trim.enable = true;
services.smartd = {
enable = true;
notifications = {
mail.enable = true;
mail.recipient = "accelarion@protonmail.com";
};
devices = [ "DEVICESCAN -a" ]; # autodetect all drives
};
systemd.services."prune-podman" = {
script = ''
set -eu
${pkgs.coreutils}/bin/echo "heeeeelpppppp"
${pkgs.podman}/bin/podman system prune -af
'';
serviceConfig = {
Type = "oneshot";
User = "admin";
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "smbnix";
"netbios name" = "smbnix";
"security" = "user";
"hosts allow" = "192.168.0. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "never";
};
"data" = {
"path" = "/pool/data";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
};
"media" = {
"path" = "/pool/media";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
};
"services" = {
"path" = "/pool/services";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
};
};
};
system.stateVersion = "24.11";
# give permissions for zigbee USB transceiver
system.activationScripts.script.text = ''chmod o+rw /dev/ttyACM0'';
}

2
secrets/secrets.nix
View File

@ -19,4 +19,6 @@ in
"restic/environmentFile.age".publicKeys = [ agenix ];
"restic/passwordFile.age".publicKeys = [ agenix ];
"restic/repositoryFile.age".publicKeys = [ agenix ];
"zfs/pool.key.age".publicKeys = [ agenix ];
}