chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial commit

Browse source
This commit is contained in:
Chris Kruining 2024-07-15 16:20:16 +02:00
commit 9a935f8431
27 changed files with 1309 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

277
flake.lock generated Normal file
View file

@ -0,0 +1,277 @@
{
"nodes": {
"base16": {
"inputs": {
"fromYaml": "fromYaml"
},
"locked": {
"lastModified": 1708890466,
"narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "665b3c6748534eb766c777298721cece9453fdae",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "base16.nix",
"type": "github"
}
},
"base16-fish": {
"flake": false,
"locked": {
"lastModified": 1622559957,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"type": "github"
}
},
"base16-foot": {
"flake": false,
"locked": {
"lastModified": 1696725948,
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
"owner": "tinted-theming",
"repo": "base16-foot",
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-foot",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1696727917,
"narHash": "sha256-FVrbPk+NtMra0jtlC5oxyNchbm8FosmvXIatkRbYy1g=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "dbe1480d99fe80f08df7970e471fac24c05f2ddb",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-kitty": {
"flake": false,
"locked": {
"lastModified": 1665001328,
"narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
"owner": "kdrag0n",
"repo": "base16-kitty",
"rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
"type": "github"
},
"original": {
"owner": "kdrag0n",
"repo": "base16-kitty",
"type": "github"
}
},
"base16-tmux": {
"flake": false,
"locked": {
"lastModified": 1696725902,
"narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
"owner": "tinted-theming",
"repo": "base16-tmux",
"rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-tmux",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1663659192,
"narHash": "sha256-uJvaYYDMXvoo0fhBZUhN8WBXeJ87SRgof6GEK2efFT0=",
"owner": "chriskempson",
"repo": "base16-vim",
"rev": "3be3cd82cd31acfcab9a41bad853d9c68d30478d",
"type": "github"
},
"original": {
"owner": "chriskempson",
"repo": "base16-vim",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1689549921,
"narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1713702291,
"narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "46.1",
"repo": "gnome-shell",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1714900398,
"narHash": "sha256-H7XYHpjk1G6dkA3AnbYrKtaTFjcCE7ul6nUVlVQxtsA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "fdaaf543bad047639ef0b356ea2e6caec2f1215c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1714981474,
"narHash": "sha256-b3/U21CJjCjJKmA9WqUbZGZgCvospO3ArOUTgJugkOY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6ebe7be2e67be7b9b54d61ce5704f6fb466c536f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1714763106,
"narHash": "sha256-DrDHo74uTycfpAF+/qxZAMlP/Cpe04BVioJb6fdI0YY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e9be42459999a253a9f92559b1f5b72e1b44c13d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1714912032,
"narHash": "sha256-clkcOIkg8G4xuJh+1onLG4HPMpbtzdLv4rHxFzgsH9c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ee4a6e0f566fe5ec79968c57a9c2c3c25f2cf41d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"stylix": "stylix"
}
},
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-foot": "base16-foot",
"base16-helix": "base16-helix",
"base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1716037261,
"narHash": "sha256-eF0A36GdegKkEiwFArjCysGU/XEYvzj7x5jfkFMtmqM=",
"owner": "danth",
"repo": "stylix",
"rev": "76e7daf5a16d442ac98e844582f7dc1354610886",
"type": "github"
},
"original": {
"owner": "danth",
"repo": "stylix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

28
flake.nix Normal file
View file

@ -0,0 +1,28 @@
{
description = "Nixos config flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix.url = "github:danth/stylix";
};
outputs = { self, nixpkgs, ... }@inputs: {
nixosConfigurations = {
default = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs;};
modules = [
./hosts/default/configuration.nix
inputs.home-manager.nixosModules.default
inputs.stylix.nixosModules.stylix
];
};
};
};
}

177
hosts/default/configuration.nix Normal file
View file

@ -0,0 +1,177 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, inputs, ... }:
{
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/programs/security.nix
../../modules/programs/theme.nix
../../modules/programs/shell.nix
../../modules/programs/gaming.nix
../../modules/programs/harden.nix
../../modules/programs/communication.nix
../../modules/programs/office.nix
../../modules/programs/desktop.nix
inputs.home-manager.nixosModules.default
];
nixpkgs.config = {
allowUnfree = true;
};
# Use the GRUB 2 boot loader.
# boot.loader.grub.enable = true;
boot.loader.systemd-boot.enable = true;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
# fileSystems."/home/chris/games" = {
# device = "/dev/disk/by-label/Games";
# fsType = "ntfs-3g";
# options = [ "rw" "uid=chris" ];
# };
fileSystems."/home/chris/new_games" = {
device = "/dev/disk/by-label/games";
fsType = "ext4";
# options = [ "rw" "uid=chris" ];
};
fileSystems."/home/chris/data" = {
device = "/dev/disk/by-label/Data";
fsType = "ntfs-3g";
options = [ "rw" "uid=chris" ];
};
networking.hostName = "chris-pc";
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the Plasma 5 Desktop Environment.
services.displayManager = {
sddm = {
enable = true;
wayland.enable = true;
};
autoLogin = {
enable = true;
user = "chris";
};
};
# services.xserver.desktopManager.plasma5.enable = true;
services.desktopManager.plasma6.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
sound.enable = true;
# hardware.pulseaudio.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
# Define a user account. Don't forget to set a password with passwd.
users.users.chris = {
isNormalUser = true;
extraGroups = [ "wheel" "audio" ]; # Enable sudo for the user.
packages = with pkgs; [];
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit inputs; };
backupFileExtension = "backup";
users = {
chris.imports = [ ../../users/chris.nix ];
# root.imports = [ ../../users/root.nix ];
};
};
environment.systemPackages = with pkgs; [
neovim
wget
chromium
thunderbird
zoxide
bottles
atuin
btop
dust
bat
tldr
eza
nextcloud-client
];
# session variable for chrome/electron wayland
environment.sessionVariables.NIXOS_OZONE_WL = "1";
systemd.services.numLockOnTty = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = lib.mkForce (pkgs.writeShellScript "numLockOnTty" ''
for tty in /dev/tty{1..6}; do
${pkgs.kbd}/bin/setleds -D +num < "$tty";
done
'');
};
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

40
hosts/default/hardware-configuration.nix Normal file
View file

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8c4eaf57-fdb2-4c4c-bcc0-74e85a1c7985";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C842-316A";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/0ddf001a-5679-482e-b254-04a1b9094794"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

123
modules/common/qbittorrent.nix Normal file
View file

@ -0,0 +1,123 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.qbittorrent;
UID = 888;
GID = 888;
in
{
options.services.qbittorrent = {
enable = mkEnableOption (lib.mdDoc "qBittorrent headless");
dataDir = mkOption {
type = types.path;
default = "/var/lib/qbittorrent";
description = lib.mdDoc ''
The directory where qBittorrent stores its data files.
'';
};
user = mkOption {
type = types.str;
default = "qbittorrent";
description = lib.mdDoc ''
User account under which qBittorrent runs.
'';
};
group = mkOption {
type = types.str;
default = "qbittorrent";
description = lib.mdDoc ''
Group under which qBittorrent runs.
'';
};
port = mkOption {
type = types.port;
default = 8080;
description = lib.mdDoc ''
qBittorrent web UI port.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Open services.qBittorrent.port to the outside network.
'';
};
package = mkOption {
type = types.package;
default = pkgs.qbittorrent-nox;
defaultText = literalExpression "pkgs.qbittorrent-nox";
description = lib.mdDoc ''
The qbittorrent package to use.
'';
};
};
config = mkIf cfg.enable {
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
systemd.services.qbittorrent = {
# based on the plex.nix service module and
# https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in
description = "qBittorrent-nox service";
documentation = [ "man:qbittorrent-nox(1)" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
# Run the pre-start script with full permissions (the "!" prefix) so it
# can create the data directory if necessary.
ExecStartPre = let
preStartScript = pkgs.writeScript "qbittorrent-run-prestart" ''
#!${pkgs.bash}/bin/bash
# Create data directory if it doesn't exist
if ! test -d "$QBT_PROFILE"; then
echo "Creating initial qBittorrent data directory in: $QBT_PROFILE"
install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$QBT_PROFILE"
fi
'';
in
"!${preStartScript}";
#ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox";
ExecStart = "${cfg.package}/bin/qbittorrent-nox";
# To prevent "Quit & shutdown daemon" from working; we want systemd to
# manage it!
#Restart = "on-success";
#UMask = "0002";
#LimitNOFILE = cfg.openFilesLimit;
};
environment = {
QBT_PROFILE=cfg.dataDir;
QBT_WEBUI_PORT=toString cfg.port;
};
};
users.users = mkIf (cfg.user == "qbittorrent") {
qbittorrent = {
group = cfg.group;
uid = UID;
};
};
users.groups = mkIf (cfg.group == "qbittorrent") {
qbittorrent = { gid = GID; };
};
};
}

9
modules/home-manager/desktop.nix Normal file
View file

@ -0,0 +1,9 @@
{ pkgs, ... }:
{
services = {
kdeconnect = {
enable = true;
package = pkgs.kdePackages.kdeconnect-kde;
};
};
}

17
modules/home-manager/gpg.nix Normal file
View file

@ -0,0 +1,17 @@
{ home, pkgs, ... }:
{
home.packages = with pkgs; [
gnupg
];
home.file = {
".gnupg/gpg-agent.conf".text = ''
default-cache-ttl 34560000
max-cache-ttl 34560000
allow-loopback-pinentry
'';
".gnupg/gpg.conf".text = ''
pinentry-mode loopback
'';
};
}

163
modules/home-manager/terminals/default.nix Normal file
View file

@ -0,0 +1,163 @@
{ pkgs, config, ... }:
{
# environment.systemPackages = with pkgs; [
# zsh
# starship
# ];
# users.defaultUserShell = pkgs.zsh;
fonts.fontconfig.enable = true;
home.packages = [
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; })
];
home.sessionVariables._ZO_ECHO = "1";
programs = {
git = {
enable = true;
extraConfig = {
push = { autoSetupRemote = true; };
credential.helper = "${ pkgs.git.override { withLibsecret = true; } }/bin/git-credential-libsecret";
};
};
zsh = {
enable = true;
autosuggestion.enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
shellAliases = {
rebuild = "nixos-rebuild switch --flake /etc/nixos#default";
};
history = {
size = 10000;
path = "${config.xdg.dataHome}/zsh/history";
};
envExtra = ''
export SOME_ZSH_VARIABLE="something"
'';
oh-my-zsh = {
enable = true;
plugins = ["git" "docker-compose" "zoxide"];
};
plugins = [
{
name = "zsh-autosuggestion";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-autosuggestions";
rev = "v0.7.0";
sha256 = "1g3pij5qn2j7v7jjac2a63lxd97mcsgw6xq6k5p7835q9fjiid98";
};
}
{
name = "zsh-completions";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-completions";
rev = "0.34.0";
sha256 = "0jjgvzj3v31yibjmq50s80s3sqi4d91yin45pvn3fpnihcrinam9";
};
}
{
name = "zsh-syntax-highlighting";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-syntax-highlighting";
rev = "0.7.0";
sha256 = "0s1z3whzwli5452h2yzjzzj27pf1hd45g223yv0v6hgrip9f853r";
};
}
];
};
bat.enable = true;
zoxide.enable = true;
fzf.enable = true;
eza = {
enable = true;
enableZshIntegration = true;
};
starship = {
enable = true;
enableZshIntegration = true;
settings = {
add_newline = true;
format = "$username$hostname$nix_shell$git_branch$git_commit$git_state$git_status$directory$jobs$cmd_duration$character";
username = {
style_user = "blue bold";
style_root = "red bold";
format = "[$user]($style) ";
disabled = false;
show_always = true;
};
hostname = {
ssh_only = false;
ssh_symbol = "🌐 ";
format = "on [$hostname](bold red) ";
trim_at = ".local";
disabled = false;
};
nix_shell = {
symbol = " ";
format = "[$symbol$name]($style) ";
style = "bright-purple bold";
};
git_branch = {
only_attached = true;
format = "[$symbol$branch]($style) ";
symbol = "";
style = "bright-yellow bold";
};
git_commit = {
only_detached = true;
format = "[$hash]($style) ";
style = "bright-yellow bold";
};
git_state = {
style = "bright-purple bold";
};
git_status = {
style = "bright-green bold";
};
directory = {
read_only = " ";
truncation_length = 0;
};
cmd_duration = {
format = "[$duration]($style) ";
style = "bright-blue";
};
jobs = {
style = "bright-green bold";
};
character = {
success_symbol = "[\\$](bright-green bold)";
error_symbol = "[\\$](bright-red bold)";
};
};
};
};
}

19
modules/programs/communication.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
discord
webcord
teamspeak_client
];
# config.xdg.desktopEntries.discord = {
# name = "Discord";
# genericName = "All-in-one cross-platform voice and text chat for gamers";
# exec = "Discord --in-process-gpu --use-gl=desktop";
# icon = "Discord";
# categories = [ "Network" "InstantMessaging" ];
# settings = {
# version = "1.4";
# };
# };
}

6
modules/programs/desktop.nix Normal file
View file

@ -0,0 +1,6 @@
{ config, pkgs, options, ... }:
{
environment.systemPackages = with pkgs; [
ladybird
];
}

51
modules/programs/gaming.nix Normal file
View file

@ -0,0 +1,51 @@
{ config, pkgs, ... }:
{
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
# Nvidia
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
modesetting.enable = true;
open = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
powerManagement = {
enable = true;
finegrained = false;
};
#prime = {
# sync.enable = true;
# Integrated
# interBusId = "PCI:0:0:0";
# Dedicated
# nvidiaBusId = "PCI:2:0:0";
#};
};
# Steam
programs.steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
environment.systemPackages = with pkgs; [
#mangohud
protonup
];
environment.sessionVariables = {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/chris/.steam/root/compatibilitytools.d";
};
programs.gamemode.enable = true;
}

10
modules/programs/harden.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, user, sensitive, lib, ... }: {
networking.firewall.enable = true;
# security.sudo.execWheelOnly = true;
# security.auditd.enable = true;
# security.audit.enable = !config.boot.isContainer;
# PGP set up.
programs.gnupg.agent.enable = true;
}

162
modules/programs/media.nix Normal file
View file

@ -0,0 +1,162 @@
{ config, pkgs, lib, sensitive, ... }:
{
imports = [
../common/qbittorrent.nix
];
environment.systemPackages = with pkgs; [
podman-tui
jellyfin
jellyseerr
mediainfo
authelia
];
users = {
groups = {
"jellyfin" = {};
};
users = {
"sonarr".extraGroups = [ "jellyfin" ];
"radarr".extraGroups = [ "jellyfin" ];
};
};
services = {
jellyfin = {
enable = true;
openFirewall = true;
group = "jellyfin";
};
radarr = {
enable = true;
openFirewall = true;
group = "jellyfin";
};
sonarr = {
enable = true;
openFirewall = true;
group = "jellyfin";
};
bazarr = {
enable = true;
openFirewall = true;
group = "jellyfin";
};
lidarr = {
enable = true;
openFirewall = true;
group = "jellyfin";
};
jellyseerr = {
enable = true;
openFirewall = true;
};
prowlarr = {
enable = true;
openFirewall = true;
};
qbittorrent = {
enable = true;
openFirewall = true;
dataDir = "/var/media/qbittorrent";
port = 58080;
user = "qbittorrent";
group = "jellyfin";
};
sabnzbd = {
enable = true;
openFirewall = true;
configFile = "/var/media/sabnzbd/config.ini";
user = "sabnzbd";
group = "jellyfin";
};
# authelia = {
# enable = true;
# };
caddy = {
enable = true;
virtualHosts = {
# "movies.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:8989
# '';
# "series.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:7878
# '';
"http://media.kruining.eu".extraConfig = ''
basicauth {
chris $2a$12$JrsmxrEJj2wLMdcFmEHbWeMJF9gWH/fnE/1Zv67cKvBtq4E4xsSEe
}
reverse_proxy http://127.0.0.1:9494
'';
"https://media.kruining.eu".extraConfig = ''
basicauth {
chris $2a$12$JrsmxrEJj2wLMdcFmEHbWeMJF9gWH/fnE/1Zv67cKvBtq4E4xsSEe
}
reverse_proxy http://127.0.0.1:9494
'';
};
};
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = {
backend = "podman";
containers = {
flaresolverr = {
image = "flaresolverr/flaresolverr";
autoStart = true;
ports = [ "127.0.0.1:8191:8191" ];
};
homarr = {
image = "ghcr.io/ajnart/homarr:latest";
autoStart = true;
ports = [ "127.0.0.1:7575:7575" ];
};
reiverr = {
image = "ghcr.io/aleksilassila/reiverr:v2.0.0-alpha.5";
autoStart = true;
ports = [ "127.0.0.1:9494:9494" ];
volumes = [ "/var/media/reiverr/config:/config" ];
};
};
};
};
# Config file for nabnzbd
# environment.etc."nabnzbd.ini" = {
# mode = "0775"
# text = ''
# host = 127.0.0.1
# port = 9595
# '';
# };
# Open firewall for caddy
networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
}

27
modules/programs/nextcloud.nix Normal file
View file

@ -0,0 +1,27 @@
{ pkgs, config, ... }:
{
imports = [
"${fetchTarball {
url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";}}/nextcloud-extras.nix"
];
environment.etc."nextcloud-admin-pass".text = "KaasIsAwesome!";
services.nextcloud = {
enable = true;
https = true;
package = pkgs.nextcloud29;
hostName = "localhost";
webserver = "caddy";
config = {
adminpassFile = "/etc/nextcloud-admin-pass";
dbtype = "sqlite";
};
# extraApps = {
# inherit (config.services.nextcloud.package.packages.apps) contacts calendar;
# };
# extraAppsEnable = true;
};
}

0
modules/programs/nvidia.nix Normal file
View file

13
modules/programs/office.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
onlyoffice-bin
];
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [ "corefonts" ];
fonts.packages = with pkgs; [
corefonts
];
}

12
modules/programs/security.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, security, ... }:
{
environment.systemPackages = with pkgs; [
kdePackages.kwallet-pam
bitwarden
];
security.pam.services.kwallet = {
name = "kwallet";
enableKwallet = true;
};
}

38
modules/programs/shell.nix Normal file
View file

@ -0,0 +1,38 @@
{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
git
gitkraken
zsh
bat
zoxide
eza
starship
alacritty
zed-editor
corepack_22
bun
];
users.defaultUserShell = pkgs.zsh;
fonts = {
fontconfig.enable = true;
packages = with pkgs; [
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
liberation_ttf
fira-code
fira-code-symbols
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; })
];
};
programs.zsh.enable = true;
programs.starship.enable = true;
}

40
modules/programs/shell/rust.nix Normal file
View file

@ -0,0 +1,40 @@
{ pkgs ? import<nixpkgs> {} }:
let
overrides = (builtins.fromTOML (builtins.readFile ./rust-toolchain.toml));
libPath = with pkgs; lib.makeLibraryPath [];
in
{
pkgs.mkShell rec {
buildInputs = with pkgs; [
clang
llvmPackages.bintools
rustup
]:
RUSTC_VERSION = overrides.toolchain.channel
LIBCLANG_PATH = pkgs.lib.makeLibraryPath [ pkgs.llvmPackages_latest.libclang.lib ];
shellHook = ''
export PATH=$PATH:''${CARGO_HOME:-~/.cargo}/bin
export PATH=$PATH:''${RUSTUP_HOME:-~/.rustup}/toolchains/$RUSTC_VERSION-x86_64-unknown-linux-gnu/bin/
'';
# Add precompiled library to rustc search path
RUSTFLAGS = (builtins.map (a: ''-L ${a}/lib'') [
# add libraries here (e.g. pkgs.libvmi)
]);
LD_LIBRARY_PATH = libPath;
# Add glibc, clang, glib, and other headers to bindgen search path
BINDGEN_EXTRA_CLANG_ARGS =
# Includes normal include path
(builtins.map (a: ''-I"${a}/include"'') [
# add dev libraries here (e.g. pkgs.libvmi.dev)
pkgs.glibc.dev
])
# Includes with special directory paths
++ [
''-I"${pkgs.llvmPackages_latest.libclang.lib}/lib/clang/${pkgs.llvmPackages_latest.libclang.version}/include"''
''-I"${pkgs.glib.dev}/include/glib-2.0"''
''-I${pkgs.glib.out}/lib/glib-2.0/include/''
];
};
}

5
modules/programs/theme.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/everforest.yaml";
stylix.image = ./wallpaper.jpg;
}

BIN
modules/programs/wallpaper.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 183 KiB

7
ssh/server Normal file
View file

@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACC3ZNPLQnZnaEFOhHgOfWZz6blXsxQZSZl1T4ZFJn3gWwAAAJDtFyAB7Rcg
AQAAAAtzc2gtZWQyNTUxOQAAACC3ZNPLQnZnaEFOhHgOfWZz6blXsxQZSZl1T4ZFJn3gWw
AAAEDi4rTcY08810d2512b6IN9/O5618CfabqoG22OyF/HIbdk08tCdmdoQU6EeA59ZnPp
uVezFBlJmXVPhkUmfeBbAAAADXJvb3RAY2hyaXMtcGM=
-----END OPENSSH PRIVATE KEY-----

1
ssh/server.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdk08tCdmdoQU6EeA59ZnPpuVezFBlJmXVPhkUmfeBb root@chris-pc

0
systems/x86_64-linux/hostname/default.nix Normal file
View file

0
systems/x86_64-linux/hostname/hardware-config.nix Normal file
View file

42
users/chris.nix Normal file
View file

@ -0,0 +1,42 @@
{ config, pkgs, ... }:
{
home = {
username = "chris";
homeDirectory = "/home/chris";
stateVersion = "23.11"; # DO NOT CHANGE
packages = [
];
file = {
};
sessionVariables = {
EDITOR = "nvim";
};
};
imports = [
../modules/home-manager/gpg.nix
../modules/home-manager/desktop.nix
../modules/home-manager/terminals/default.nix
];
programs = {
home-manager.enable = true;
git = {
enable = true;
userName = "Chris Kruining";
userEmail = "chris@kruining.eu";
ignores = [ "*~" "*.swp" ];
aliases = {
ci = "commit";
};
extraConfig = {};
};
lazygit.enable = true;
};
}

42
users/root.nix Normal file
View file

@ -0,0 +1,42 @@
{ config, pkgs, ... }:
{
home = {
username = "root";
homeDirectory = "/home/root";
stateVersion = "23.11"; # DO NOT CHANGE
packages = [
];
file = {
};
sessionVariables = {
EDITOR = "nvim";
};
};
imports = [
../modules/home-manager/gpg.nix
../modules/home-manager/desktop.nix
../modules/home-manager/terminals/default.nix
];
programs = {
home-manager.enable = true;
git = {
enable = true;
userName = "Chris Kruining";
userEmail = "chris@kruining.eu";
ignores = [ "*~" "*.swp" ];
aliases = {
ci = "commit";
};
extraConfig = {};
};
lazygit.enable = true;
};
}