diff --git a/README.md b/README.md new file mode 100644 index 0000000..202d207 --- /dev/null +++ b/README.md @@ -0,0 +1,26 @@ + +# Faris' NixOS config + +This flake includes the complete NixOS setup for all my computers. + +It includes the configuration of zsh, neovim, tmux, etc across all the machines. On Linux desktops it uses the Gnome desktop environment. On the main server it uses podman (docker drop-in replacement) containers for all the services. + +Feel free to take a look and I hope it can be used for inspiration. + +To update the flake run: +``` +sudo nix flake update +``` +To rebuild and switch to the configuration, first copy over the *hardware.nix* which by default on a NixOS install will be at `/etc/nixos/hardware-configuration.nix` and then run one of the following +``` +sudo nixos-rebuild switch --flake .#desktop +``` +``` +sudo darwin-rebuild switch --flake .#admins-MacBook-Air +``` +``` +sudo nixos-rebuild switch --flake .#nixos-server +``` +``` +sudo nixos-rebuild switch --flake .#nixos-server-nut +``` diff --git a/config/common.nix b/config/common.nix index 78dfa7f..5f142c2 100644 --- a/config/common.nix +++ b/config/common.nix @@ -11,51 +11,13 @@ }: { - # Bootloader - #boot.loader.limine.enable = true; - #boot.loader.systemd-boot.enable = true; - #boot.loader.limine.secureBoot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - #programs.nix-ld = { enable = true; libraries = pkgs.steam-run.fhsenv.args.multiPkgs pkgs; }; # for dynamically links execs - - # Enable networking - #networking.networkmanager.enable = true; - # Set your time zone. time.timeZone = "Europe/London"; - # Select internationalisation properties. - i18n.defaultLocale = "en_GB.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_GB.UTF-8"; - LC_IDENTIFICATION = "en_GB.UTF-8"; - LC_MEASUREMENT = "en_GB.UTF-8"; - LC_MONETARY = "en_GB.UTF-8"; - LC_NAME = "en_GB.UTF-8"; - LC_NUMERIC = "en_GB.UTF-8"; - LC_PAPER = "en_GB.UTF-8"; - LC_TELEPHONE = "en_GB.UTF-8"; - LC_TIME = "en_GB.UTF-8"; - }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - # Define a user account. Don't forget to set a password with ‘passwd’. users.users.admin = { - isNormalUser = true; description = "admin"; shell = pkgs.zsh; - extraGroups = [ - #"networkmanager" - "wheel" - "adbusers" # adb - "kvm" # virt - "networkmanager" - "lp" #printing - ]; packages = with pkgs; [ ]; }; @@ -86,68 +48,30 @@ keep-derivations = true ''; gc.automatic = true; - gc.randomizedDelaySec = "14m"; gc.options = "--delete-older-than 10d"; optimise.automatic = true; }; # unfree - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - # nvidia - "nvidia-x11" - "nvidia-settings" - # cuda - "cuda_cudart" - "cuda_nvcc" - "cuda_cccl" - "libcublas" - "cuda-merged" - "cuda_cuobjdump" - "cuda_gdb" - "cuda_nvdisasm" - "cuda_nvprune" - "cuda_cupti" - "cuda_cuxxfilt" - "cuda_nvml_dev" - "cuda_nvrtc" - "cuda_nvtx" - "cuda_profiler_api" - "cuda_sanitizer_api" - "libcufft" - "libcurand" - "libcusolver" - "libnvjitlink" - "libcusparse" - "libnpp" - # other - "proton-authenticator" - "obsidian" - "via" - "steam" - "steam-unwrapped" - "osu-lazer-bin" - "corefonts" - - "claude-code" - - "brgenml1lpr" - ]; + nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ zsh htop fastfetch restic - nixpkgs-fmt - nixfmt-rfc-style + nixfmt rsync - lm_sensors pciutils # lspci usbutils # lsusb nmap tree p7zip + unar inetutils # telnet + wget + dnsutils + iftop # media yt-dlp @@ -166,6 +90,14 @@ man-pages-posix ]; - # enable developer documenation - documentation.dev.enable = true; + environment.shellAliases = { + "server" = "ssh admin@192.168.0.30"; + "desktop" = "ssh admin@192.168.30.40"; + "server-nut" = "ssh admin@192.168.0.20"; + "laptop" = "ssh admin@192.168.0.41"; + + ".." = "cd .."; + "lsa" = "ls -al"; + }; + } diff --git a/config/desktop.nix b/config/desktop.nix index 019ba38..feb382b 100644 --- a/config/desktop.nix +++ b/config/desktop.nix @@ -35,16 +35,6 @@ services.tailscale.enable = true; services.printing.drivers = [ pkgs.brlaser pkgs.brgenml1lpr pkgs.brgenml1cupswrapper ]; - # Enable sound with pipewire. - services.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - # Enable automatic login for the user. # services.displayManager.autoLogin.enable = true; # services.displayManager.autoLogin.user = "admin"; @@ -141,9 +131,9 @@ element-desktop chirp scrcpy - - # AI? - claude-code + veracrypt + lmms + restic-browser # games heroic @@ -159,8 +149,7 @@ openttd xonotic osu-lazer-bin - #ufoai - #inputs.nix-citizen.packages.${system}.rsi-launcher + ufoai # game utils mangohud @@ -177,7 +166,6 @@ # backup keepassxc - jdk ]; fonts.packages = with pkgs; [ @@ -335,11 +323,4 @@ virtualisation.spiceUSBRedirection.enable = true; services.flatpak.enable = true; - - # programs.nix-ld = { - # enable = true; - # libraries = with pkgs; [ - # (pkgs.runCommand "steamrun-lib" {} "mkdir $out; ln -s ${pkgs.steam-run.fhsenv}/usr/lib64 $out/lib") - # ]; - # }; } diff --git a/config/linux.nix b/config/linux.nix new file mode 100644 index 0000000..7e524be --- /dev/null +++ b/config/linux.nix @@ -0,0 +1,47 @@ +{ + # Enable sound with pipewire. + services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + users.users.admin = { + isNormalUser = true; + extraGroups = [ + #"networkmanager" + "wheel" + "adbusers" # adb + "kvm" # virt + "networkmanager" + "lp" #printing + ]; + } + + # Select internationalisation properties. + i18n.defaultLocale = "en_GB.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + environment.systemPackages = with pkgs; [ + lm_sensors + iotop + dmidecode + ]; + + # enable developer documenation + documentation.dev.enable = true; +} \ No newline at end of file diff --git a/flake.lock b/flake.lock index 125f600..f7d851b 100644 --- a/flake.lock +++ b/flake.lock @@ -1,186 +1,17 @@ { "nodes": { - "agenix": { - "inputs": { - "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", - "systems": "systems" - }, - "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", - "owner": "ryantm", - "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, - "cachyos-kernel": { - "flake": false, - "locked": { - "lastModified": 1770052877, - "narHash": "sha256-Ejj9F2obMjVoy0Jsugw6txHFaR9ziuErYIt58cIJqzE=", - "owner": "CachyOS", - "repo": "linux-cachyos", - "rev": "1f8a79ffeac6f319a8c0fc3abad27a3ec7762abf", - "type": "github" - }, - "original": { - "owner": "CachyOS", - "repo": "linux-cachyos", - "type": "github" - } - }, - "cachyos-kernel-patches": { - "flake": false, - "locked": { - "lastModified": 1770051966, - "narHash": "sha256-udCJTbUAEZm5zBrr4zVVjpBLQtCC/vQlkIOLnEGr5Ik=", - "owner": "CachyOS", - "repo": "kernel-patches", - "rev": "bfa4ff5231408610ffcc92898cd1e4c9bd55e452", - "type": "github" - }, - "original": { - "owner": "CachyOS", - "repo": "kernel-patches", - "type": "github" - } - }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "nix-citizen", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ - "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "lastModified": 1775425411, + "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=", "owner": "nix-community", "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1769580047, - "narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826", + "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe", "type": "github" }, "original": { @@ -190,104 +21,55 @@ "type": "github" } }, - "nix-cachyos-kernel": { + "home-manager-unstable": { "inputs": { - "cachyos-kernel": "cachyos-kernel", - "cachyos-kernel-patches": "cachyos-kernel-patches", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", "nixpkgs": [ - "nixpkgs" + "nixpkgs-unstable" ] }, "locked": { - "lastModified": 1770055712, - "narHash": "sha256-VpbF4JDFPSW2crh0tP5EiegnuTkj3fACs0SLWDhlfPM=", - "owner": "xddxdd", - "repo": "nix-cachyos-kernel", - "rev": "220dce3edcb81188ecb896382699884243d1c2e3", - "type": "github" - }, - "original": { - "owner": "xddxdd", - "ref": "release", - "repo": "nix-cachyos-kernel", - "type": "github" - } - }, - "nix-citizen": { - "inputs": { - "flake-parts": "flake-parts_2", - "nix-gaming": "nix-gaming", - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_2", - "systems": "systems_2", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1769832985, - "narHash": "sha256-PKONM6JUGWviRsv3tZWj72HE0aeHKcHTrzTskj58MRM=", - "owner": "LovingMelody", - "repo": "nix-citizen", - "rev": "47823c1ea4c53153dabd43f08b26f3c67c557542", - "type": "github" - }, - "original": { - "owner": "LovingMelody", - "repo": "nix-citizen", - "type": "github" - } - }, - "nix-gaming": { - "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": [ - "nix-citizen", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1769653948, - "narHash": "sha256-vOKkxlAREINxBVFzsj+8D3WZkoOPHLcjhweE0hDMwbg=", - "owner": "fufexan", - "repo": "nix-gaming", - "rev": "60855f0c988b2b4b787f54ddda18a3af44134623", - "type": "github" - }, - "original": { - "owner": "fufexan", - "repo": "nix-gaming", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "nix-citizen", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737420293, - "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", + "lastModified": 1777258755, + "narHash": "sha256-EC07KwADRE2LdIk7vEDyAaD3I0ZUq24T9jQF9L0iEPk=", "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", + "repo": "home-manager", + "rev": "7f8bbc93d63401e41368d6ddc46a4f631610fa90", "type": "github" }, "original": { "owner": "nix-community", - "repo": "nix-github-actions", + "ref": "master", + "repo": "home-manager", + "type": "github" + } + }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1775037210, + "narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=", + "owner": "nix-darwin", + "repo": "nix-darwin", + "rev": "06648f4902343228ce2de79f291dd5a58ee12146", + "type": "github" + }, + "original": { + "owner": "nix-darwin", + "ref": "master", + "repo": "nix-darwin", "type": "github" } }, "nixos-hardware": { "locked": { - "lastModified": 1769302137, - "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=", + "lastModified": 1776830795, + "narHash": "sha256-PAfvLwuHc1VOvsLcpk6+HDKgMEibvZjCNvbM1BJOA7o=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8", + "rev": "72674a6b5599e844c045ae7449ba91f803d44ebc", "type": "github" }, "original": { @@ -299,89 +81,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754028485, - "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "59e69648d345d6e8fef86158c555730fa12af9de", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_2": { - "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1770107345, - "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", + "lastModified": 1776734388, + "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4533d9293756b63904b7238acb84ac8fe4c8c2c4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1770056022, - "narHash": "sha256-yvCz+Qmci1bVucXEyac3TdoSPMtjqVJmVy5wro6j/70=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d04d8548aed39902419f14a8537006426dc1e4fa", + "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", "type": "github" }, "original": { @@ -391,67 +95,31 @@ "type": "github" } }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1776329215, + "narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b86751bc4085f48661017fa226dee99fab6c651b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { - "agenix": "agenix", - "home-manager": "home-manager_2", - "nix-cachyos-kernel": "nix-cachyos-kernel", - "nix-citizen": "nix-citizen", + "home-manager": "home-manager", + "home-manager-unstable": "home-manager-unstable", + "nix-darwin": "nix-darwin", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nix-citizen", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1769515380, - "narHash": "sha256-CWWK3PaQ7zhr+Jcf5zyaTR2cfRBXPo09H7+5nWApL8s=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "9911802c2822def2eec3d22e2cafd1619ede94a5", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 3191113..3b7fe5c 100644 --- a/flake.nix +++ b/flake.nix @@ -6,17 +6,22 @@ nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixos-hardware.url = "github:nixos/nixos-hardware/master"; home-manager.url = "github:nix-community/home-manager/release-25.11"; + home-manager-unstable.url = "github:nix-community/home-manager/master"; + home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; + nix-darwin.url = "github:nix-darwin/nix-darwin/master"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs-unstable"; }; outputs = - { self, nixpkgs, home-manager, ... }@inputs: + { self, nixpkgs, home-manager, home-manager-unstable, nix-darwin, ... }@inputs: { nixosConfigurations.desktop = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; #inherit system; modules = [ ./config/common.nix + ./config/linux.nix ./config/desktop.nix ./hosts/desktop/hardware.nix ./hosts/desktop/settings.nix @@ -38,6 +43,7 @@ specialArgs = {inherit inputs;}; modules = [ ./config/common.nix + ./config/linux.nix ./hosts/server/hardware.nix ./hosts/server/settings.nix home-manager.nixosModules.home-manager @@ -53,6 +59,28 @@ } ]; }; + + darwinConfigurations."admins-MacBook-Air" = nix-darwin.lib.darwinSystem { + modules = [ + ./config/common.nix + ./hosts/macbook/settings.nix + home-manager-unstable.darwinModules.home-manager + { + users.users.admin = { + name = "admin"; + home = "/Users/admin"; + }; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.admin = { + home.stateVersion = "25.11"; + imports = [ + ./home/common.nix + ]; + }; + } + ]; + }; }; } diff --git a/home/common.nix b/home/common.nix index 27933d6..6a46548 100644 --- a/home/common.nix +++ b/home/common.nix @@ -1,6 +1,6 @@ -{ config, ...}: +{ config, pkgs, ...}: -{ +{ home.sessionVariables = { EDITOR = "nvim"; VISUAL = "nvim"; @@ -8,6 +8,25 @@ programs = { + mpv = { + enable = true; + package = pkgs.mpv.override { + scripts = with pkgs.mpvScripts; [ + sponsorblock + ]; + }; + config = { + profile = "high-quality"; + ytdl-format = "bestvideo+bestaudio"; + cache-default = 4000000; + loop-file = "inf"; + }; + + extraInput = '' + r cycle_values video-rotate 90 180 270 0 + ''; + }; + neovim = { enable = true; viAlias = true; @@ -57,8 +76,6 @@ zsh = { enable = true; dotDir = "${config.xdg.configHome}/zsh"; - #enableCompletions = true; - #autosuggestions.enable = true; syntaxHighlighting.enable = true; oh-my-zsh = { enable = true; diff --git a/home/desktop.nix b/home/desktop.nix index 0f1a926..853dcef 100644 --- a/home/desktop.nix +++ b/home/desktop.nix @@ -1,42 +1,7 @@ { pkgs, ... }: { - programs = { - # chromium = { - # enable = true; - # package = pkgs.brave; - # commandLineArgs = [ - # #"--sync-url='http://192.168.0.30:8295/v2'" - # ]; - # }; - mpv = { - enable = true; - - package = ( - pkgs.mpv-unwrapped.wrapper { - scripts = with pkgs.mpvScripts; [ - sponsorblock - ]; - - mpv = pkgs.mpv-unwrapped.override { - waylandSupport = true; - }; - } - ); - - config = { - profile = "high-quality"; - ytdl-format = "bestvideo+bestaudio"; - cache-default = 4000000; - loop-file = "inf"; - }; - - extraInput = '' - r cycle_values video-rotate 90 180 270 0 - ''; - }; - }; # add bookmarks for shared drives xdg.configFile."gtk-3.0/bookmarks" = { force = true; diff --git a/home/podman.nix b/home/podman.nix index 3ea7687..0e3415e 100644 --- a/home/podman.nix +++ b/home/podman.nix @@ -6,6 +6,30 @@ }: { + +systemd.user.services.podman-prune = { + Unit = { + Description = "Prune unused Podman resources for admin user"; + }; + Service = { + Type = "oneshot"; + ExecStart = "${pkgs.podman}/bin/podman system prune -f --all"; + }; +}; + +systemd.user.timers.podman-prune = { + Unit = { + Description = "Weekly Podman prune timer"; + }; + Timer = { + OnCalendar = "weekly"; + Persistent = true; + }; + Install = { + WantedBy = [ "timers.target" ]; + }; +}; + services.podman.networks = { internal_net = { driver = "bridge"; @@ -57,6 +81,50 @@ }; }; +# akaunting = { +# image = "docker.io/akaunting/akaunting:latest"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# "/pool/services/secrets/akaunting" +# ]; +# volumes = [ +# "/pool/services/podman/akaunting/data:/var/www/html/akaunting" +# ]; +# ports = [ +# "8003:80" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; +# +# akaunting-db = { +# image = "docker.io/mariadb:latest"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# "/pool/services/secrets/akaunting" +# ]; +# volumes = [ +# "/pool/services/podman/akaunting/db:/var/lib/mysql" +# ]; +# ports = [ +# "3307:3306" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; + archivebox = { image = "docker.io/archivebox/archivebox:latest"; autoStart = true; @@ -94,75 +162,6 @@ }; }; }; - - authentik-server = { - image = "ghcr.io/goauthentik/server:2026.2.1"; - autoStart = true; - autoUpdate = "registry"; - network = "internal_net"; - exec = "server"; - environmentFile = [ - "/pool/services/secrets/default" - "/pool/services/secrets/authentik" - ]; - volumes = [ - "/pool/services/podman/authentik/data:/data" - "/pool/services/podman/authentik/certs:/certs" - "/pool/services/podman/authentik/templates:/templates" - ]; - extraPodmanArgs = [ - "--shm-size=256m" - ]; - extraConfig = { - Service = { - TimeoutStartSec = 900; - }; - }; - }; - - authentik-postgresql = { - image = "docker.io/postgres:16-alpine"; - autoStart = true; - autoUpdate = "registry"; - network = "internal_net"; - environmentFile = [ - "/pool/services/secrets/default" - "/pool/services/secrets/authentik" - ]; - volumes = [ - "/pool/services/podman/authentik/db:/var/lib/postgresql/data" - ]; - extraConfig = { - Service = { - TimeoutStartSec = 900; - }; - }; - }; - - authentik-worker = { - image = "ghcr.io/goauthentik/server:2026.2.1"; - autoStart = true; - autoUpdate = "registry"; - network = "internal_net"; - exec = "worker"; - environmentFile = [ - "/pool/services/secrets/default" - "/pool/services/secrets/authentik" - ]; - volumes = [ - "/pool/services/podman/authentik/data:/data" - "/pool/services/podman/authentik/certs:/certs" - "/pool/services/podman/authentik/templates:/templates" - ]; - extraPodmanArgs = [ - "--shm-size=256m" - ]; - extraConfig = { - Service = { - TimeoutStartSec = 900; - }; - }; - }; caddy-local = { image = "ghcr.io/caddybuilds/caddy-cloudflare:latest"; autoStart = true; @@ -188,6 +187,25 @@ }; }; + cleanuparr = { + image = "ghcr.io/cleanuparr/cleanuparr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/cleanuparr:/config" + "/pool/media/torrents:/downloads" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + bazarr = { image = "lscr.io/linuxserver/bazarr:latest"; autoStart = true; @@ -253,10 +271,14 @@ autoStart = true; autoUpdate = "registry"; network = "internal_net"; - environmentFile = [ - "/pool/services/secrets/default" - "/pool/services/secrets/freshrss" - ]; + environment = { + OIDC_ENABLED="1"; + OIDC_PROVIDER_METADATA_URL="https://authentik.mektem.com/application/o/fresh-rss/.well-known/openid-configuration"; + OIDC_CLIENT_ID="PsqRnVLTezIKL7582E8pnKNFIF0W41kVyMhh4RoG"; + OIDC_CLIENT_SECRET="h1XsvbUcRn33rq7qBBS0GUENEgn6zTJQeHpVPhzcqG4ekdwlCghIn1ALhydYXF1pfS8HaskM3KntHXDTC8a7athLxLzT95Gxr8OpvN9iOY75pUXrNnLJXUrY9o4qKM7m"; + OIDC_X_FORWARDED_HEADERS="X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host"; + OIDC_SCOPES="openid email profile"; + }; volumes = [ "/pool/services/podman/freshrss:/config" ]; @@ -403,6 +425,9 @@ volumes = [ "/pool/services/podman/immich/db:/var/lib/postgresql/data:z" ]; + ports = [ + "5433:5432" + ]; userNS = "keep-id"; extraConfig = { Service = { @@ -423,6 +448,9 @@ volumes = [ "/pool/services/podman/immich/cache:/cache" ]; + ports = [ + "3003:3003" + ]; extraConfig = { Service = { TimeoutStartSec = 900; @@ -439,6 +467,9 @@ "/pool/services/secrets/default" "/pool/services/secrets/immich" ]; + ports = [ + "6379:6379" + ]; extraConfig = { Service = { TimeoutStartSec = 900; @@ -508,6 +539,47 @@ }; }; +# joplin = { +# image = "docker.io/joplin/server:latest"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# "/pool/services/secrets/joplin" +# ]; +# ports = [ +# "22300:22300" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; +# +# joplin-db = { +# image = "docker.io/postgres:15"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# "/pool/services/secrets/joplin" +# ]; +# volumes = [ +# "/pool/services/podman/joplin-db:/var/lib/postgresql/data" +# ]; +# ports = [ +# "5432:5432" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; + kiwix = { image = "ghcr.io/kiwix/kiwix-serve:latest"; autoStart = true; @@ -567,6 +639,71 @@ }; }; +# mastodon = { +# image = "ghcr.io/linuxserver/mastodon:amd64-latest"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# "/pool/services/secrets/mastodon" +# ]; +# volumes = [ +# "/pool/services/podman/mastodon/config:/config" +# ]; +# ports = [ +# "808:80" +# "8449:443" +# "3009:3000" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; +# +# mastodon-db = { +# image = "docker.io/postgres:16-alpine"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# "/pool/services/secrets/mastodon-db" +# ]; +# volumes = [ +# "/pool/services/podman/mastodon/db:/var/lib/postgresql/data" +# ]; +# ports = [ +# "5435:5432" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; +# +# mastodon-redis = { +# image = "registry.hub.docker.com/library/redis:6.2-alpine"; +# autoStart = true; +# autoUpdate = "registry"; +# network = "internal_net"; +# environmentFile = [ +# "/pool/services/secrets/default" +# ]; +# ports = [ +# "6382:6379" +# ]; +# extraConfig = { +# Service = { +# TimeoutStartSec = 900; +# }; +# }; +# }; + + metube = { image = "ghcr.io/alexta69/metube:latest"; autoStart = true; @@ -623,6 +760,88 @@ # }; # }; + #nginx-proxy-manager = { + # image = "docker.io/jc21/nginx-proxy-manager:2.9.22"; + # autoStart = true; + # autoUpdate = "registry"; + # network = "internal_net"; + # environmentFile = [ + # "/pool/services/secrets/default" + # ]; + # volumes = [ + # "/pool/services/podman/nginx-proxy-manager:/data" + # "/pool/services/podman/letsencrypt:/etc/letsencrypt" + # ]; + # ports = [ + # "80:80" + # "443:443" + # "81:81" + # ]; + # extraConfig = { + # Service = { + # TimeoutStartSec = 900; + # }; + # }; + #}; + + nextcloud = { + image = "docker.io/nextcloud"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/nextcloud" + ]; + volumes = [ + "/pool/services/podman/nextcloud/app:/var/www/html" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + nextcloud-db = { + image = "docker.io/mariadb:10.6"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + exec = "--transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/nextcloud" + ]; + volumes = [ + "/pool/services/podman/nextcloud/db:/var/lib/mysql" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + ntfy = { + image = "docker.io/binwiederhier/ntfy"; + autoStart = true; + autoUpdate = "registry"; + network = "internal_net"; + exec = "serve"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/ntfy" + ]; + volumes = [ + "/pool/services/podman/ntfy:/var/lib/ntfy" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; ntp = { image = "docker.io/cturra/ntp"; autoStart = true; @@ -631,6 +850,9 @@ environmentFile = [ "/pool/services/secrets/default" ]; + ports = [ + "123:123/udp" + ]; extraConfig = { Service = { TimeoutStartSec = 900; diff --git a/hosts/laptop/settings.nix b/hosts/laptop/settings.nix deleted file mode 100644 index d221ce8..0000000 --- a/hosts/laptop/settings.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - - networking = { - hostName = "nixos-laptop"; - interfaces.enp7s0 = { - ipv4.addresses = [ - { - address = "192.168.0.41"; - prefixLength = 24; - } - ]; - }; - defaultGateway = "192.168.0.1"; - nameservers = [ "192.168.0.1" "1.1.1.1" ]; - networkmanager.wifi.powersave = true; - }; - - services = { - auto-cpufreq = { - enable = true; - settings = { - battery = { - governor = "powersave"; - turbo = "never"; - }; - charger = { - governor = "performance"; - turbo = "auto"; - }; - }; - }; - # fwupdmgr update (bios updates) - fwupd.enable = true; - thermald.enable = true; - }; - - powerManagement.powertop.enable = true; - - system.stateVersion = "24.11"; -} \ No newline at end of file diff --git a/hosts/macbook/settings.nix b/hosts/macbook/settings.nix new file mode 100644 index 0000000..1ee1873 --- /dev/null +++ b/hosts/macbook/settings.nix @@ -0,0 +1,42 @@ +{ pkgs, ... }: + +{ + +nixpkgs.hostPlatform = "aarch64-darwin"; +system.stateVersion = 6; + + environment.systemPackages = with pkgs; [ + audacity + brave + firefox + signal-desktop + protonmail-desktop + prismlauncher + localsend + anki + bitwarden-desktop + element-desktop + wireshark + inkscape + moonlight-qt + nvtopPackages.apple + vscodium + chirp + scrcpy + restic-browser + + # games + unciv + wesnoth + osu-lazer-bin + + # emu + ryubing + xemu + dolphin-emu + + #backup + keepassxc + ]; + +} diff --git a/hosts/server/settings.nix b/hosts/server/settings.nix index adbc7f9..eaa5662 100644 --- a/hosts/server/settings.nix +++ b/hosts/server/settings.nix @@ -59,6 +59,21 @@ systemd.services.podman-network-vlan50 = { }; users.users.admin.linger = true; + #services.xserver.videoDrivers = [ "nvidia" ]; + + # hardware = { + # graphics.enable = true; + # nvidia = { + # modesetting.enable = true; + # powerManagement.enable = true; + # powerManagement.finegrained = false; + # open = false; + # nvidiaSettings = false; + # package = config.boot.kernelPackages.nvidiaPackages.stable; + # }; + # nvidia-container-toolkit.enable = true; + # }; + hardware.graphics = { enable = true; enable32Bit = true; # only needed if you run 32-bit apps @@ -138,6 +153,7 @@ systemd.services.podman-network-vlan50 = { boot.supportedFilesystems = [ "zfs" ]; boot.zfs.forceImportRoot = false; boot.zfs.extraPools = [ "pool" ]; + #environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path; services.zfs.autoScrub = { enable = true; @@ -146,45 +162,15 @@ systemd.services.podman-network-vlan50 = { services.smartd = { enable = true; - notifications = { - mail.enable = true; - mail.recipient = "faris@mektem.com"; - }; #devices = [ "DEVICESCAN -a" ]; # autodetect all drives }; - - programs.msmtp = { - enable = true; - accounts.default = { - auth = true; - tls = true; - host = "smtp.protonmail.ch"; - port = 587; - from = "faris@mektem.com"; - user = "faris@mektem.com"; - passwordeval = "cat /pool/services/secrets/mail.txt"; - }; - }; - environment.etc."zfs/zed-notify.sh" = { - mode = "0755"; - text = '' - #!/bin/sh - # ZED calls: ZED_EMAIL_PROG "subject" "recipient" - SUBJECT="$1" - TO="$2" - (echo "Subject: $SUBJECT"; echo "To: $TO"; echo ""; cat) | \ - ${pkgs.msmtp}/bin/msmtp "$TO" - ''; - }; - services.zfs.zed = { - enableMail = true; settings = { - ZED_EMAIL_ADDR = [ "faris@mektem.com" ]; - ZED_EMAIL_PROG = "/etc/zfs/zed-notify.sh"; # Or ssmtp - ZED_EMAIL_OPTS = ""; - ZED_NOTIFY_INTERVAL_SECS = 3600; + ZED_NTFY_URL="https://ntfy.mektem.com"; + ZED_NTFY_TOPIC="zfs"; + ZED_NTFY_ACCESS_TOKEN="tk_gtjia7itxhg1qik7j58wkgey2parr"; + ZED_NOTIFY_INTERVAL_SECS = 1; ZED_NOTIFY_VERBOSE = true; # Set to false to only get alerts on degradation }; }; @@ -274,29 +260,6 @@ systemd.services.podman-network-vlan50 = { # }; }; - # headscale = { - # image = "docker.io/headscale/headscale:stable"; - # autoStart = true; - # #utoUpdate = "registry"; - # networks = [ "vlan50" ]; - # cmd = [ "serve" ]; - # environmentFiles = [ - # "/pool/services/secrets/default" - # ]; - # volumes = [ - # "/pool/services/podman/headscale/config:/etc/headscale:ro" - # "/pool/services/podman/headscale/lib:/var/lib/headscale" - # ]; - # extraOptions = [ - # "--ip=192.168.50.38" - # ]; - # #extraConfig = { - # # Service = { - # # TimeoutStartSec = 900; - # # }; - # ##}; - # }; - matrix = { image = "ghcr.io/element-hq/synapse"; autoStart = true; @@ -342,29 +305,6 @@ systemd.services.podman-network-vlan50 = { # }; }; - ntfy = { - image = "docker.io/binwiederhier/ntfy"; - autoStart = true; - #autoUpdate = "registry"; - networks = [ "vlan50" ]; - cmd = [ "serve" ]; - environmentFiles = [ - "/pool/services/secrets/default" - "/pool/services/secrets/ntfy" - ]; - volumes = [ - "/pool/services/podman/ntfy:/var/lib/ntfy" - ]; - extraOptions = [ - "--ip=192.168.50.35" - ]; - # extraConfig = { - # Service = { - # TimeoutStartSec = 900; - # }; - # }; - }; - privatebin = { image = "docker.io/privatebin/nginx-fpm-alpine:latest"; autoStart = true; diff --git a/update-desktop.sh b/update-desktop.sh deleted file mode 100755 index a4a2a1a..0000000 --- a/update-desktop.sh +++ /dev/null @@ -1,2 +0,0 @@ -nix flake update -sudo nixos-rebuild switch --flake .#desktop