Faris/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of https://git.mektem.com/Faris/nixos

Browse Source
This commit is contained in:
Faris 2026-04-28 16:17:01 +01:00
commit fbabf36336
13 changed files with 558 additions and 732 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md Normal file
View File

@ -0,0 +1,26 @@
# Faris' NixOS config
This flake includes the complete NixOS setup for all my computers.
It includes the configuration of zsh, neovim, tmux, etc across all the machines. On Linux desktops it uses the Gnome desktop environment. On the main server it uses podman (docker drop-in replacement) containers for all the services.
Feel free to take a look and I hope it can be used for inspiration.
To update the flake run:
```
sudo nix flake update
```
To rebuild and switch to the configuration, first copy over the *hardware.nix* which by default on a NixOS install will be at `/etc/nixos/hardware-configuration.nix` and then run one of the following
```
sudo nixos-rebuild switch --flake .#desktop
```
```
sudo darwin-rebuild switch --flake .#admins-MacBook-Air
```
```
sudo nixos-rebuild switch --flake .#nixos-server
```
```
sudo nixos-rebuild switch --flake .#nixos-server-nut
```

100
config/common.nix
View File

@ -11,51 +11,13 @@
}:
{
# Bootloader
#boot.loader.limine.enable = true;
#boot.loader.systemd-boot.enable = true;
#boot.loader.limine.secureBoot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
#programs.nix-ld = { enable = true; libraries = pkgs.steam-run.fhsenv.args.multiPkgs pkgs; }; # for dynamically links execs
# Enable networking
#networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/London";
# Select internationalisation properties.
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.admin = {
isNormalUser = true;
description = "admin";
shell = pkgs.zsh;
extraGroups = [
#"networkmanager"
"wheel"
"adbusers" # adb
"kvm" # virt
"networkmanager"
"lp" #printing
];
packages = with pkgs; [
];
};
@ -86,68 +48,30 @@
keep-derivations = true
'';
gc.automatic = true;
gc.randomizedDelaySec = "14m";
gc.options = "--delete-older-than 10d";
optimise.automatic = true;
};
# unfree
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
# nvidia
"nvidia-x11"
"nvidia-settings"
# cuda
"cuda_cudart"
"cuda_nvcc"
"cuda_cccl"
"libcublas"
"cuda-merged"
"cuda_cuobjdump"
"cuda_gdb"
"cuda_nvdisasm"
"cuda_nvprune"
"cuda_cupti"
"cuda_cuxxfilt"
"cuda_nvml_dev"
"cuda_nvrtc"
"cuda_nvtx"
"cuda_profiler_api"
"cuda_sanitizer_api"
"libcufft"
"libcurand"
"libcusolver"
"libnvjitlink"
"libcusparse"
"libnpp"
# other
"proton-authenticator"
"obsidian"
"via"
"steam"
"steam-unwrapped"
"osu-lazer-bin"
"corefonts"
"claude-code"
"brgenml1lpr"
];
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
zsh
htop
fastfetch
restic
nixpkgs-fmt
nixfmt-rfc-style
nixfmt
rsync
lm_sensors
pciutils # lspci
usbutils # lsusb
nmap
tree
p7zip
unar
inetutils # telnet
wget
dnsutils
iftop
# media
yt-dlp
@ -166,6 +90,14 @@
man-pages-posix
];
# enable developer documenation
documentation.dev.enable = true;
environment.shellAliases = {
"server" = "ssh admin@192.168.0.30";
"desktop" = "ssh admin@192.168.30.40";
"server-nut" = "ssh admin@192.168.0.20";
"laptop" = "ssh admin@192.168.0.41";
".." = "cd ..";
"lsa" = "ls -al";
};
}

27
config/desktop.nix
View File

@ -35,16 +35,6 @@
services.tailscale.enable = true;
services.printing.drivers = [ pkgs.brlaser pkgs.brgenml1lpr pkgs.brgenml1cupswrapper ];
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Enable automatic login for the user.
# services.displayManager.autoLogin.enable = true;
# services.displayManager.autoLogin.user = "admin";
@ -141,9 +131,9 @@
element-desktop
chirp
scrcpy
# AI?
claude-code
veracrypt
lmms
restic-browser
# games
heroic
@ -159,8 +149,7 @@
openttd
xonotic
osu-lazer-bin
#ufoai
#inputs.nix-citizen.packages.${system}.rsi-launcher
ufoai
# game utils
mangohud
@ -177,7 +166,6 @@
# backup
keepassxc
jdk
];
fonts.packages = with pkgs; [
@ -335,11 +323,4 @@
virtualisation.spiceUSBRedirection.enable = true;
services.flatpak.enable = true;
# programs.nix-ld = {
# enable = true;
# libraries = with pkgs; [
# (pkgs.runCommand "steamrun-lib" {} "mkdir $out; ln -s ${pkgs.steam-run.fhsenv}/usr/lib64 $out/lib")
# ];
# };
}

47
config/linux.nix Normal file
View File

@ -0,0 +1,47 @@
{
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
users.users.admin = {
isNormalUser = true;
extraGroups = [
#"networkmanager"
"wheel"
"adbusers" # adb
"kvm" # virt
"networkmanager"
"lp" #printing
];
}
# Select internationalisation properties.
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
environment.systemPackages = with pkgs; [
lm_sensors
iotop
dmidecode
];
# enable developer documenation
documentation.dev.enable = true;
}

448
flake.lock generated
View File

@ -1,186 +1,17 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1762618334,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm",
"repo": "agenix",
"rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"cachyos-kernel": {
"flake": false,
"locked": {
"lastModified": 1770052877,
"narHash": "sha256-Ejj9F2obMjVoy0Jsugw6txHFaR9ziuErYIt58cIJqzE=",
"owner": "CachyOS",
"repo": "linux-cachyos",
"rev": "1f8a79ffeac6f319a8c0fc3abad27a3ec7762abf",
"type": "github"
},
"original": {
"owner": "CachyOS",
"repo": "linux-cachyos",
"type": "github"
}
},
"cachyos-kernel-patches": {
"flake": false,
"locked": {
"lastModified": 1770051966,
"narHash": "sha256-udCJTbUAEZm5zBrr4zVVjpBLQtCC/vQlkIOLnEGr5Ik=",
"owner": "CachyOS",
"repo": "kernel-patches",
"rev": "bfa4ff5231408610ffcc92898cd1e4c9bd55e452",
"type": "github"
},
"original": {
"owner": "CachyOS",
"repo": "kernel-patches",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"lastModified": 1775425411,
"narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769580047,
"narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826",
"rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
"type": "github"
},
"original": {
@ -190,104 +21,55 @@
"type": "github"
}
},
"nix-cachyos-kernel": {
"home-manager-unstable": {
"inputs": {
"cachyos-kernel": "cachyos-kernel",
"cachyos-kernel-patches": "cachyos-kernel-patches",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1770055712,
"narHash": "sha256-VpbF4JDFPSW2crh0tP5EiegnuTkj3fACs0SLWDhlfPM=",
"owner": "xddxdd",
"repo": "nix-cachyos-kernel",
"rev": "220dce3edcb81188ecb896382699884243d1c2e3",
"type": "github"
},
"original": {
"owner": "xddxdd",
"ref": "release",
"repo": "nix-cachyos-kernel",
"type": "github"
}
},
"nix-citizen": {
"inputs": {
"flake-parts": "flake-parts_2",
"nix-gaming": "nix-gaming",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1769832985,
"narHash": "sha256-PKONM6JUGWviRsv3tZWj72HE0aeHKcHTrzTskj58MRM=",
"owner": "LovingMelody",
"repo": "nix-citizen",
"rev": "47823c1ea4c53153dabd43f08b26f3c67c557542",
"type": "github"
},
"original": {
"owner": "LovingMelody",
"repo": "nix-citizen",
"type": "github"
}
},
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1769653948,
"narHash": "sha256-vOKkxlAREINxBVFzsj+8D3WZkoOPHLcjhweE0hDMwbg=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "60855f0c988b2b4b787f54ddda18a3af44134623",
"type": "github"
},
"original": {
"owner": "fufexan",
"repo": "nix-gaming",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1737420293,
"narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
"lastModified": 1777258755,
"narHash": "sha256-EC07KwADRE2LdIk7vEDyAaD3I0ZUq24T9jQF9L0iEPk=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
"repo": "home-manager",
"rev": "7f8bbc93d63401e41368d6ddc46a4f631610fa90",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1775037210,
"narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "06648f4902343228ce2de79f291dd5a58ee12146",
"type": "github"
},
"original": {
"owner": "nix-darwin",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1769302137,
"narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
"lastModified": 1776830795,
"narHash": "sha256-PAfvLwuHc1VOvsLcpk6+HDKgMEibvZjCNvbM1BJOA7o=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
"rev": "72674a6b5599e844c045ae7449ba91f803d44ebc",
"type": "github"
},
"original": {
@ -299,89 +81,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1770107345,
"narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=",
"lastModified": 1776734388,
"narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4533d9293756b63904b7238acb84ac8fe4c8c2c4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1770056022,
"narHash": "sha256-yvCz+Qmci1bVucXEyac3TdoSPMtjqVJmVy5wro6j/70=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d04d8548aed39902419f14a8537006426dc1e4fa",
"rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac",
"type": "github"
},
"original": {
@ -391,67 +95,31 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1776329215,
"narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b86751bc4085f48661017fa226dee99fab6c651b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager_2",
"nix-cachyos-kernel": "nix-cachyos-kernel",
"nix-citizen": "nix-citizen",
"home-manager": "home-manager",
"home-manager-unstable": "home-manager-unstable",
"nix-darwin": "nix-darwin",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1769515380,
"narHash": "sha256-CWWK3PaQ7zhr+Jcf5zyaTR2cfRBXPo09H7+5nWApL8s=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "9911802c2822def2eec3d22e2cafd1619ede94a5",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

30
flake.nix
View File

@ -6,17 +6,22 @@
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nixos-hardware.url = "github:nixos/nixos-hardware/master";
home-manager.url = "github:nix-community/home-manager/release-25.11";
home-manager-unstable.url = "github:nix-community/home-manager/master";
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nix-darwin.url = "github:nix-darwin/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs-unstable";
};
outputs =
{ self, nixpkgs, home-manager, ... }@inputs:
{ self, nixpkgs, home-manager, home-manager-unstable, nix-darwin, ... }@inputs:
{
nixosConfigurations.desktop = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs;};
#inherit system;
modules = [
./config/common.nix
./config/linux.nix
./config/desktop.nix
./hosts/desktop/hardware.nix
./hosts/desktop/settings.nix
@ -38,6 +43,7 @@
specialArgs = {inherit inputs;};
modules = [
./config/common.nix
./config/linux.nix
./hosts/server/hardware.nix
./hosts/server/settings.nix
home-manager.nixosModules.home-manager
@ -53,6 +59,28 @@
}
];
};
darwinConfigurations."admins-MacBook-Air" = nix-darwin.lib.darwinSystem {
modules = [
./config/common.nix
./hosts/macbook/settings.nix
home-manager-unstable.darwinModules.home-manager
{
users.users.admin = {
name = "admin";
home = "/Users/admin";
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.admin = {
home.stateVersion = "25.11";
imports = [
./home/common.nix
];
};
}
];
};
};
}

25
home/common.nix
View File

@ -1,6 +1,6 @@
{ config, ...}:
{ config, pkgs, ...}:
{
{
home.sessionVariables = {
EDITOR = "nvim";
VISUAL = "nvim";
@ -8,6 +8,25 @@
programs = {
mpv = {
enable = true;
package = pkgs.mpv.override {
scripts = with pkgs.mpvScripts; [
sponsorblock
];
};
config = {
profile = "high-quality";
ytdl-format = "bestvideo+bestaudio";
cache-default = 4000000;
loop-file = "inf";
};
extraInput = ''
r cycle_values video-rotate 90 180 270 0
'';
};
neovim = {
enable = true;
viAlias = true;
@ -57,8 +76,6 @@
zsh = {
enable = true;
dotDir = "${config.xdg.configHome}/zsh";
#enableCompletions = true;
#autosuggestions.enable = true;
syntaxHighlighting.enable = true;
oh-my-zsh = {
enable = true;

35
home/desktop.nix
View File

@ -1,42 +1,7 @@
{ pkgs, ... }:
{
programs = {
# chromium = {
# enable = true;
# package = pkgs.brave;
# commandLineArgs = [
# #"--sync-url='http://192.168.0.30:8295/v2'"
# ];
# };
mpv = {
enable = true;
package = (
pkgs.mpv-unwrapped.wrapper {
scripts = with pkgs.mpvScripts; [
sponsorblock
];
mpv = pkgs.mpv-unwrapped.override {
waylandSupport = true;
};
}
);
config = {
profile = "high-quality";
ytdl-format = "bestvideo+bestaudio";
cache-default = 4000000;
loop-file = "inf";
};
extraInput = ''
r cycle_values video-rotate 90 180 270 0
'';
};
};
# add bookmarks for shared drives
xdg.configFile."gtk-3.0/bookmarks" = {
force = true;

368
home/podman.nix
View File

@ -6,6 +6,30 @@
}:
{
systemd.user.services.podman-prune = {
Unit = {
Description = "Prune unused Podman resources for admin user";
};
Service = {
Type = "oneshot";
ExecStart = "${pkgs.podman}/bin/podman system prune -f --all";
};
};
systemd.user.timers.podman-prune = {
Unit = {
Description = "Weekly Podman prune timer";
};
Timer = {
OnCalendar = "weekly";
Persistent = true;
};
Install = {
WantedBy = [ "timers.target" ];
};
};
services.podman.networks = {
internal_net = {
driver = "bridge";
@ -57,6 +81,50 @@
};
};
# akaunting = {
# image = "docker.io/akaunting/akaunting:latest";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/akaunting"
# ];
# volumes = [
# "/pool/services/podman/akaunting/data:/var/www/html/akaunting"
# ];
# ports = [
# "8003:80"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
#
# akaunting-db = {
# image = "docker.io/mariadb:latest";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/akaunting"
# ];
# volumes = [
# "/pool/services/podman/akaunting/db:/var/lib/mysql"
# ];
# ports = [
# "3307:3306"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
archivebox = {
image = "docker.io/archivebox/archivebox:latest";
autoStart = true;
@ -94,75 +162,6 @@
};
};
};
authentik-server = {
image = "ghcr.io/goauthentik/server:2026.2.1";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
exec = "server";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/authentik"
];
volumes = [
"/pool/services/podman/authentik/data:/data"
"/pool/services/podman/authentik/certs:/certs"
"/pool/services/podman/authentik/templates:/templates"
];
extraPodmanArgs = [
"--shm-size=256m"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
authentik-postgresql = {
image = "docker.io/postgres:16-alpine";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/authentik"
];
volumes = [
"/pool/services/podman/authentik/db:/var/lib/postgresql/data"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
authentik-worker = {
image = "ghcr.io/goauthentik/server:2026.2.1";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
exec = "worker";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/authentik"
];
volumes = [
"/pool/services/podman/authentik/data:/data"
"/pool/services/podman/authentik/certs:/certs"
"/pool/services/podman/authentik/templates:/templates"
];
extraPodmanArgs = [
"--shm-size=256m"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
caddy-local = {
image = "ghcr.io/caddybuilds/caddy-cloudflare:latest";
autoStart = true;
@ -188,6 +187,25 @@
};
};
cleanuparr = {
image = "ghcr.io/cleanuparr/cleanuparr:latest";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
environmentFile = [
"/pool/services/secrets/default"
];
volumes = [
"/pool/services/podman/cleanuparr:/config"
"/pool/media/torrents:/downloads"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
bazarr = {
image = "lscr.io/linuxserver/bazarr:latest";
autoStart = true;
@ -253,10 +271,14 @@
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/freshrss"
];
environment = {
OIDC_ENABLED="1";
OIDC_PROVIDER_METADATA_URL="https://authentik.mektem.com/application/o/fresh-rss/.well-known/openid-configuration";
OIDC_CLIENT_ID="PsqRnVLTezIKL7582E8pnKNFIF0W41kVyMhh4RoG";
OIDC_CLIENT_SECRET="h1XsvbUcRn33rq7qBBS0GUENEgn6zTJQeHpVPhzcqG4ekdwlCghIn1ALhydYXF1pfS8HaskM3KntHXDTC8a7athLxLzT95Gxr8OpvN9iOY75pUXrNnLJXUrY9o4qKM7m";
OIDC_X_FORWARDED_HEADERS="X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host";
OIDC_SCOPES="openid email profile";
};
volumes = [
"/pool/services/podman/freshrss:/config"
];
@ -403,6 +425,9 @@
volumes = [
"/pool/services/podman/immich/db:/var/lib/postgresql/data:z"
];
ports = [
"5433:5432"
];
userNS = "keep-id";
extraConfig = {
Service = {
@ -423,6 +448,9 @@
volumes = [
"/pool/services/podman/immich/cache:/cache"
];
ports = [
"3003:3003"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
@ -439,6 +467,9 @@
"/pool/services/secrets/default"
"/pool/services/secrets/immich"
];
ports = [
"6379:6379"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
@ -508,6 +539,47 @@
};
};
# joplin = {
# image = "docker.io/joplin/server:latest";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/joplin"
# ];
# ports = [
# "22300:22300"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
#
# joplin-db = {
# image = "docker.io/postgres:15";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/joplin"
# ];
# volumes = [
# "/pool/services/podman/joplin-db:/var/lib/postgresql/data"
# ];
# ports = [
# "5432:5432"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
kiwix = {
image = "ghcr.io/kiwix/kiwix-serve:latest";
autoStart = true;
@ -567,6 +639,71 @@
};
};
# mastodon = {
# image = "ghcr.io/linuxserver/mastodon:amd64-latest";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/mastodon"
# ];
# volumes = [
# "/pool/services/podman/mastodon/config:/config"
# ];
# ports = [
# "808:80"
# "8449:443"
# "3009:3000"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
#
# mastodon-db = {
# image = "docker.io/postgres:16-alpine";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/mastodon-db"
# ];
# volumes = [
# "/pool/services/podman/mastodon/db:/var/lib/postgresql/data"
# ];
# ports = [
# "5435:5432"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
#
# mastodon-redis = {
# image = "registry.hub.docker.com/library/redis:6.2-alpine";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# ];
# ports = [
# "6382:6379"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
metube = {
image = "ghcr.io/alexta69/metube:latest";
autoStart = true;
@ -623,6 +760,88 @@
# };
# };
#nginx-proxy-manager = {
# image = "docker.io/jc21/nginx-proxy-manager:2.9.22";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# ];
# volumes = [
# "/pool/services/podman/nginx-proxy-manager:/data"
# "/pool/services/podman/letsencrypt:/etc/letsencrypt"
# ];
# ports = [
# "80:80"
# "443:443"
# "81:81"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
#};
nextcloud = {
image = "docker.io/nextcloud";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/nextcloud"
];
volumes = [
"/pool/services/podman/nextcloud/app:/var/www/html"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
nextcloud-db = {
image = "docker.io/mariadb:10.6";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
exec = "--transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/nextcloud"
];
volumes = [
"/pool/services/podman/nextcloud/db:/var/lib/mysql"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
ntfy = {
image = "docker.io/binwiederhier/ntfy";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
exec = "serve";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/ntfy"
];
volumes = [
"/pool/services/podman/ntfy:/var/lib/ntfy"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
ntp = {
image = "docker.io/cturra/ntp";
autoStart = true;
@ -631,6 +850,9 @@
environmentFile = [
"/pool/services/secrets/default"
];
ports = [
"123:123/udp"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;

40
hosts/laptop/settings.nix
View File

@ -1,40 +0,0 @@
{
networking = {
hostName = "nixos-laptop";
interfaces.enp7s0 = {
ipv4.addresses = [
{
address = "192.168.0.41";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.0.1";
nameservers = [ "192.168.0.1" "1.1.1.1" ];
networkmanager.wifi.powersave = true;
};
services = {
auto-cpufreq = {
enable = true;
settings = {
battery = {
governor = "powersave";
turbo = "never";
};
charger = {
governor = "performance";
turbo = "auto";
};
};
};
# fwupdmgr update (bios updates)
fwupd.enable = true;
thermald.enable = true;
};
powerManagement.powertop.enable = true;
system.stateVersion = "24.11";
}

42
hosts/macbook/settings.nix Normal file
View File

@ -0,0 +1,42 @@
{ pkgs, ... }:
{
nixpkgs.hostPlatform = "aarch64-darwin";
system.stateVersion = 6;
environment.systemPackages = with pkgs; [
audacity
brave
firefox
signal-desktop
protonmail-desktop
prismlauncher
localsend
anki
bitwarden-desktop
element-desktop
wireshark
inkscape
moonlight-qt
nvtopPackages.apple
vscodium
chirp
scrcpy
restic-browser
# games
unciv
wesnoth
osu-lazer-bin
# emu
ryubing
xemu
dolphin-emu
#backup
keepassxc
];
}

100
hosts/server/settings.nix
View File

@ -59,6 +59,21 @@ systemd.services.podman-network-vlan50 = {
};
users.users.admin.linger = true;
#services.xserver.videoDrivers = [ "nvidia" ];
# hardware = {
# graphics.enable = true;
# nvidia = {
# modesetting.enable = true;
# powerManagement.enable = true;
# powerManagement.finegrained = false;
# open = false;
# nvidiaSettings = false;
# package = config.boot.kernelPackages.nvidiaPackages.stable;
# };
# nvidia-container-toolkit.enable = true;
# };
hardware.graphics = {
enable = true;
enable32Bit = true; # only needed if you run 32-bit apps
@ -138,6 +153,7 @@ systemd.services.podman-network-vlan50 = {
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false;
boot.zfs.extraPools = [ "pool" ];
#environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path;
services.zfs.autoScrub = {
enable = true;
@ -146,45 +162,15 @@ systemd.services.podman-network-vlan50 = {
services.smartd = {
enable = true;
notifications = {
mail.enable = true;
mail.recipient = "faris@mektem.com";
};
#devices = [ "DEVICESCAN -a" ]; # autodetect all drives
};
programs.msmtp = {
enable = true;
accounts.default = {
auth = true;
tls = true;
host = "smtp.protonmail.ch";
port = 587;
from = "faris@mektem.com";
user = "faris@mektem.com";
passwordeval = "cat /pool/services/secrets/mail.txt";
};
};
environment.etc."zfs/zed-notify.sh" = {
mode = "0755";
text = ''
#!/bin/sh
# ZED calls: ZED_EMAIL_PROG "subject" "recipient"
SUBJECT="$1"
TO="$2"
(echo "Subject: $SUBJECT"; echo "To: $TO"; echo ""; cat) | \
${pkgs.msmtp}/bin/msmtp "$TO"
'';
};
services.zfs.zed = {
enableMail = true;
settings = {
ZED_EMAIL_ADDR = [ "faris@mektem.com" ];
ZED_EMAIL_PROG = "/etc/zfs/zed-notify.sh"; # Or ssmtp
ZED_EMAIL_OPTS = "";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NTFY_URL="https://ntfy.mektem.com";
ZED_NTFY_TOPIC="zfs";
ZED_NTFY_ACCESS_TOKEN="tk_gtjia7itxhg1qik7j58wkgey2parr";
ZED_NOTIFY_INTERVAL_SECS = 1;
ZED_NOTIFY_VERBOSE = true; # Set to false to only get alerts on degradation
};
};
@ -274,29 +260,6 @@ systemd.services.podman-network-vlan50 = {
# };
};
# headscale = {
# image = "docker.io/headscale/headscale:stable";
# autoStart = true;
# #utoUpdate = "registry";
# networks = [ "vlan50" ];
# cmd = [ "serve" ];
# environmentFiles = [
# "/pool/services/secrets/default"
# ];
# volumes = [
# "/pool/services/podman/headscale/config:/etc/headscale:ro"
# "/pool/services/podman/headscale/lib:/var/lib/headscale"
# ];
# extraOptions = [
# "--ip=192.168.50.38"
# ];
# #extraConfig = {
# # Service = {
# # TimeoutStartSec = 900;
# # };
# ##};
# };
matrix = {
image = "ghcr.io/element-hq/synapse";
autoStart = true;
@ -342,29 +305,6 @@ systemd.services.podman-network-vlan50 = {
# };
};
ntfy = {
image = "docker.io/binwiederhier/ntfy";
autoStart = true;
#autoUpdate = "registry";
networks = [ "vlan50" ];
cmd = [ "serve" ];
environmentFiles = [
"/pool/services/secrets/default"
"/pool/services/secrets/ntfy"
];
volumes = [
"/pool/services/podman/ntfy:/var/lib/ntfy"
];
extraOptions = [
"--ip=192.168.50.35"
];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
};
privatebin = {
image = "docker.io/privatebin/nginx-fpm-alpine:latest";
autoStart = true;

2
update-desktop.sh
View File

@ -1,2 +0,0 @@
nix flake update
sudo nixos-rebuild switch --flake .#desktop