chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial commit

Browse source
This commit is contained in:
Chris Kruining 2024-07-15 16:20:16 +02:00
commit 9a935f8431
27 changed files with 1309 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

123
modules/common/qbittorrent.nix Normal file
View file

@ -0,0 +1,123 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.qbittorrent;
UID = 888;
GID = 888;
in
{
options.services.qbittorrent = {
enable = mkEnableOption (lib.mdDoc "qBittorrent headless");
dataDir = mkOption {
type = types.path;
default = "/var/lib/qbittorrent";
description = lib.mdDoc ''
The directory where qBittorrent stores its data files.
'';
};
user = mkOption {
type = types.str;
default = "qbittorrent";
description = lib.mdDoc ''
User account under which qBittorrent runs.
'';
};
group = mkOption {
type = types.str;
default = "qbittorrent";
description = lib.mdDoc ''
Group under which qBittorrent runs.
'';
};
port = mkOption {
type = types.port;
default = 8080;
description = lib.mdDoc ''
qBittorrent web UI port.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Open services.qBittorrent.port to the outside network.
'';
};
package = mkOption {
type = types.package;
default = pkgs.qbittorrent-nox;
defaultText = literalExpression "pkgs.qbittorrent-nox";
description = lib.mdDoc ''
The qbittorrent package to use.
'';
};
};
config = mkIf cfg.enable {
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
systemd.services.qbittorrent = {
# based on the plex.nix service module and
# https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in
description = "qBittorrent-nox service";
documentation = [ "man:qbittorrent-nox(1)" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
# Run the pre-start script with full permissions (the "!" prefix) so it
# can create the data directory if necessary.
ExecStartPre = let
preStartScript = pkgs.writeScript "qbittorrent-run-prestart" ''
#!${pkgs.bash}/bin/bash
# Create data directory if it doesn't exist
if ! test -d "$QBT_PROFILE"; then
echo "Creating initial qBittorrent data directory in: $QBT_PROFILE"
install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$QBT_PROFILE"
fi
'';
in
"!${preStartScript}";
#ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox";
ExecStart = "${cfg.package}/bin/qbittorrent-nox";
# To prevent "Quit & shutdown daemon" from working; we want systemd to
# manage it!
#Restart = "on-success";
#UMask = "0002";
#LimitNOFILE = cfg.openFilesLimit;
};
environment = {
QBT_PROFILE=cfg.dataDir;
QBT_WEBUI_PORT=toString cfg.port;
};
};
users.users = mkIf (cfg.user == "qbittorrent") {
qbittorrent = {
group = cfg.group;
uid = UID;
};
};
users.groups = mkIf (cfg.group == "qbittorrent") {
qbittorrent = { gid = GID; };
};
};
}

9
modules/home-manager/desktop.nix Normal file
View file

@ -0,0 +1,9 @@
{ pkgs, ... }:
{
services = {
kdeconnect = {
enable = true;
package = pkgs.kdePackages.kdeconnect-kde;
};
};
}

17
modules/home-manager/gpg.nix Normal file
View file

@ -0,0 +1,17 @@
{ home, pkgs, ... }:
{
home.packages = with pkgs; [
gnupg
];
home.file = {
".gnupg/gpg-agent.conf".text = ''
default-cache-ttl 34560000
max-cache-ttl 34560000
allow-loopback-pinentry
'';
".gnupg/gpg.conf".text = ''
pinentry-mode loopback
'';
};
}

163
modules/home-manager/terminals/default.nix Normal file
View file

@ -0,0 +1,163 @@
{ pkgs, config, ... }:
{
# environment.systemPackages = with pkgs; [
# zsh
# starship
# ];
# users.defaultUserShell = pkgs.zsh;
fonts.fontconfig.enable = true;
home.packages = [
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; })
];
home.sessionVariables._ZO_ECHO = "1";
programs = {
git = {
enable = true;
extraConfig = {
push = { autoSetupRemote = true; };
credential.helper = "${ pkgs.git.override { withLibsecret = true; } }/bin/git-credential-libsecret";
};
};
zsh = {
enable = true;
autosuggestion.enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
shellAliases = {
rebuild = "nixos-rebuild switch --flake /etc/nixos#default";
};
history = {
size = 10000;
path = "${config.xdg.dataHome}/zsh/history";
};
envExtra = ''
export SOME_ZSH_VARIABLE="something"
'';
oh-my-zsh = {
enable = true;
plugins = ["git" "docker-compose" "zoxide"];
};
plugins = [
{
name = "zsh-autosuggestion";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-autosuggestions";
rev = "v0.7.0";
sha256 = "1g3pij5qn2j7v7jjac2a63lxd97mcsgw6xq6k5p7835q9fjiid98";
};
}
{
name = "zsh-completions";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-completions";
rev = "0.34.0";
sha256 = "0jjgvzj3v31yibjmq50s80s3sqi4d91yin45pvn3fpnihcrinam9";
};
}
{
name = "zsh-syntax-highlighting";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-syntax-highlighting";
rev = "0.7.0";
sha256 = "0s1z3whzwli5452h2yzjzzj27pf1hd45g223yv0v6hgrip9f853r";
};
}
];
};
bat.enable = true;
zoxide.enable = true;
fzf.enable = true;
eza = {
enable = true;
enableZshIntegration = true;
};
starship = {
enable = true;
enableZshIntegration = true;
settings = {
add_newline = true;
format = "$username$hostname$nix_shell$git_branch$git_commit$git_state$git_status$directory$jobs$cmd_duration$character";
username = {
style_user = "blue bold";
style_root = "red bold";
format = "[$user]($style) ";
disabled = false;
show_always = true;
};
hostname = {
ssh_only = false;
ssh_symbol = "🌐 ";
format = "on [$hostname](bold red) ";
trim_at = ".local";
disabled = false;
};
nix_shell = {
symbol = " ";
format = "[$symbol$name]($style) ";
style = "bright-purple bold";
};
git_branch = {
only_attached = true;
format = "[$symbol$branch]($style) ";
symbol = "";
style = "bright-yellow bold";
};
git_commit = {
only_detached = true;
format = "[$hash]($style) ";
style = "bright-yellow bold";
};
git_state = {
style = "bright-purple bold";
};
git_status = {
style = "bright-green bold";
};
directory = {
read_only = " ";
truncation_length = 0;
};
cmd_duration = {
format = "[$duration]($style) ";
style = "bright-blue";
};
jobs = {
style = "bright-green bold";
};
character = {
success_symbol = "[\\$](bright-green bold)";
error_symbol = "[\\$](bright-red bold)";
};
};
};
};
}

19
modules/programs/communication.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
discord
webcord
teamspeak_client
];
# config.xdg.desktopEntries.discord = {
# name = "Discord";
# genericName = "All-in-one cross-platform voice and text chat for gamers";
# exec = "Discord --in-process-gpu --use-gl=desktop";
# icon = "Discord";
# categories = [ "Network" "InstantMessaging" ];
# settings = {
# version = "1.4";
# };
# };
}

6
modules/programs/desktop.nix Normal file
View file

@ -0,0 +1,6 @@
{ config, pkgs, options, ... }:
{
environment.systemPackages = with pkgs; [
ladybird
];
}

51
modules/programs/gaming.nix Normal file
View file

@ -0,0 +1,51 @@
{ config, pkgs, ... }:
{
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
# Nvidia
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
modesetting.enable = true;
open = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
powerManagement = {
enable = true;
finegrained = false;
};
#prime = {
# sync.enable = true;
# Integrated
# interBusId = "PCI:0:0:0";
# Dedicated
# nvidiaBusId = "PCI:2:0:0";
#};
};
# Steam
programs.steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
environment.systemPackages = with pkgs; [
#mangohud
protonup
];
environment.sessionVariables = {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/chris/.steam/root/compatibilitytools.d";
};
programs.gamemode.enable = true;
}

10
modules/programs/harden.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, user, sensitive, lib, ... }: {
networking.firewall.enable = true;
# security.sudo.execWheelOnly = true;
# security.auditd.enable = true;
# security.audit.enable = !config.boot.isContainer;
# PGP set up.
programs.gnupg.agent.enable = true;
}

162
modules/programs/media.nix Normal file
View file

@ -0,0 +1,162 @@
{ config, pkgs, lib, sensitive, ... }:
{
imports = [
../common/qbittorrent.nix
];
environment.systemPackages = with pkgs; [
podman-tui
jellyfin
jellyseerr
mediainfo
authelia
];
users = {
groups = {
"jellyfin" = {};
};
users = {
"sonarr".extraGroups = [ "jellyfin" ];
"radarr".extraGroups = [ "jellyfin" ];
};
};
services = {
jellyfin = {
enable = true;
openFirewall = true;
group = "jellyfin";
};
radarr = {
enable = true;
openFirewall = true;
group = "jellyfin";
};
sonarr = {
enable = true;
openFirewall = true;
group = "jellyfin";
};
bazarr = {
enable = true;
openFirewall = true;
group = "jellyfin";
};
lidarr = {
enable = true;
openFirewall = true;
group = "jellyfin";
};
jellyseerr = {
enable = true;
openFirewall = true;
};
prowlarr = {
enable = true;
openFirewall = true;
};
qbittorrent = {
enable = true;
openFirewall = true;
dataDir = "/var/media/qbittorrent";
port = 58080;
user = "qbittorrent";
group = "jellyfin";
};
sabnzbd = {
enable = true;
openFirewall = true;
configFile = "/var/media/sabnzbd/config.ini";
user = "sabnzbd";
group = "jellyfin";
};
# authelia = {
# enable = true;
# };
caddy = {
enable = true;
virtualHosts = {
# "movies.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:8989
# '';
# "series.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:7878
# '';
"http://media.kruining.eu".extraConfig = ''
basicauth {
chris $2a$12$JrsmxrEJj2wLMdcFmEHbWeMJF9gWH/fnE/1Zv67cKvBtq4E4xsSEe
}
reverse_proxy http://127.0.0.1:9494
'';
"https://media.kruining.eu".extraConfig = ''
basicauth {
chris $2a$12$JrsmxrEJj2wLMdcFmEHbWeMJF9gWH/fnE/1Zv67cKvBtq4E4xsSEe
}
reverse_proxy http://127.0.0.1:9494
'';
};
};
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = {
backend = "podman";
containers = {
flaresolverr = {
image = "flaresolverr/flaresolverr";
autoStart = true;
ports = [ "127.0.0.1:8191:8191" ];
};
homarr = {
image = "ghcr.io/ajnart/homarr:latest";
autoStart = true;
ports = [ "127.0.0.1:7575:7575" ];
};
reiverr = {
image = "ghcr.io/aleksilassila/reiverr:v2.0.0-alpha.5";
autoStart = true;
ports = [ "127.0.0.1:9494:9494" ];
volumes = [ "/var/media/reiverr/config:/config" ];
};
};
};
};
# Config file for nabnzbd
# environment.etc."nabnzbd.ini" = {
# mode = "0775"
# text = ''
# host = 127.0.0.1
# port = 9595
# '';
# };
# Open firewall for caddy
networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
}

27
modules/programs/nextcloud.nix Normal file
View file

@ -0,0 +1,27 @@
{ pkgs, config, ... }:
{
imports = [
"${fetchTarball {
url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";}}/nextcloud-extras.nix"
];
environment.etc."nextcloud-admin-pass".text = "KaasIsAwesome!";
services.nextcloud = {
enable = true;
https = true;
package = pkgs.nextcloud29;
hostName = "localhost";
webserver = "caddy";
config = {
adminpassFile = "/etc/nextcloud-admin-pass";
dbtype = "sqlite";
};
# extraApps = {
# inherit (config.services.nextcloud.package.packages.apps) contacts calendar;
# };
# extraAppsEnable = true;
};
}

0
modules/programs/nvidia.nix Normal file
View file

13
modules/programs/office.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
onlyoffice-bin
];
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [ "corefonts" ];
fonts.packages = with pkgs; [
corefonts
];
}

12
modules/programs/security.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, security, ... }:
{
environment.systemPackages = with pkgs; [
kdePackages.kwallet-pam
bitwarden
];
security.pam.services.kwallet = {
name = "kwallet";
enableKwallet = true;
};
}

38
modules/programs/shell.nix Normal file
View file

@ -0,0 +1,38 @@
{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
git
gitkraken
zsh
bat
zoxide
eza
starship
alacritty
zed-editor
corepack_22
bun
];
users.defaultUserShell = pkgs.zsh;
fonts = {
fontconfig.enable = true;
packages = with pkgs; [
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
liberation_ttf
fira-code
fira-code-symbols
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; })
];
};
programs.zsh.enable = true;
programs.starship.enable = true;
}

40
modules/programs/shell/rust.nix Normal file
View file

@ -0,0 +1,40 @@
{ pkgs ? import<nixpkgs> {} }:
let
overrides = (builtins.fromTOML (builtins.readFile ./rust-toolchain.toml));
libPath = with pkgs; lib.makeLibraryPath [];
in
{
pkgs.mkShell rec {
buildInputs = with pkgs; [
clang
llvmPackages.bintools
rustup
]:
RUSTC_VERSION = overrides.toolchain.channel
LIBCLANG_PATH = pkgs.lib.makeLibraryPath [ pkgs.llvmPackages_latest.libclang.lib ];
shellHook = ''
export PATH=$PATH:''${CARGO_HOME:-~/.cargo}/bin
export PATH=$PATH:''${RUSTUP_HOME:-~/.rustup}/toolchains/$RUSTC_VERSION-x86_64-unknown-linux-gnu/bin/
'';
# Add precompiled library to rustc search path
RUSTFLAGS = (builtins.map (a: ''-L ${a}/lib'') [
# add libraries here (e.g. pkgs.libvmi)
]);
LD_LIBRARY_PATH = libPath;
# Add glibc, clang, glib, and other headers to bindgen search path
BINDGEN_EXTRA_CLANG_ARGS =
# Includes normal include path
(builtins.map (a: ''-I"${a}/include"'') [
# add dev libraries here (e.g. pkgs.libvmi.dev)
pkgs.glibc.dev
])
# Includes with special directory paths
++ [
''-I"${pkgs.llvmPackages_latest.libclang.lib}/lib/clang/${pkgs.llvmPackages_latest.libclang.version}/include"''
''-I"${pkgs.glib.dev}/include/glib-2.0"''
''-I${pkgs.glib.out}/lib/glib-2.0/include/''
];
};
}

5
modules/programs/theme.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/everforest.yaml";
stylix.image = ./wallpaper.jpg;
}

BIN
modules/programs/wallpaper.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 183 KiB