initial commit

2024-07-15 16:20:16 +02:00 · 2024-07-15 16:20:16 +02:00 · 9a935f8431
commit 9a935f8431
27 changed files with 1309 additions and 0 deletions
--- a/modules/programs/communication.nix
+++ b/modules/programs/communication.nix
@ -0,0 +1,19 @@
+{ pkgs, config, ... }:
+{ 
+  environment.systemPackages = with pkgs; [
+    discord
+    webcord
+    teamspeak_client
+  ];
+
+#  config.xdg.desktopEntries.discord = {
+#    name = "Discord";
+#    genericName = "All-in-one cross-platform voice and text chat for gamers";
+#    exec = "Discord --in-process-gpu --use-gl=desktop";
+#    icon = "Discord";
+#    categories = [ "Network" "InstantMessaging" ];
+#    settings = {
+#      version = "1.4";
+#    };
+#  };
+}
--- a/modules/programs/desktop.nix
+++ b/modules/programs/desktop.nix
@ -0,0 +1,6 @@
+{ config, pkgs, options, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    ladybird
+  ];
+}
--- a/modules/programs/gaming.nix
+++ b/modules/programs/gaming.nix
@ -0,0 +1,51 @@
+{ config, pkgs, ... }:
+{
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+
+  # Nvidia
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia = {
+    modesetting.enable = true;
+    open = true;
+    nvidiaSettings = true;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+    
+    powerManagement = {
+      enable = true;
+      finegrained = false;
+    };
+
+    #prime = {
+    #  sync.enable = true;
+
+      # Integrated
+      # interBusId = "PCI:0:0:0";
+
+      # Dedicated
+    #  nvidiaBusId = "PCI:2:0:0";
+    #};
+  };
+
+  # Steam
+  programs.steam = {
+    enable = true;
+    gamescopeSession.enable = true;
+    remotePlay.openFirewall = true;
+    dedicatedServer.openFirewall = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    #mangohud
+    protonup
+  ];
+
+  environment.sessionVariables = {
+    STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/chris/.steam/root/compatibilitytools.d";
+  };
+
+  programs.gamemode.enable = true;
+}
--- a/modules/programs/harden.nix
+++ b/modules/programs/harden.nix
@ -0,0 +1,10 @@
+{ config, user, sensitive, lib, ... }: {
+  networking.firewall.enable = true;
+
+#  security.sudo.execWheelOnly = true;
+#  security.auditd.enable = true;
+#  security.audit.enable = !config.boot.isContainer;
+
+  # PGP set up.
+  programs.gnupg.agent.enable = true;
+}
--- a/modules/programs/media.nix
+++ b/modules/programs/media.nix
@ -0,0 +1,162 @@
+{ config, pkgs, lib, sensitive, ... }:
+{
+  imports = [
+    ../common/qbittorrent.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    podman-tui
+    jellyfin
+    jellyseerr
+    mediainfo
+    authelia
+  ];
+
+  users = {
+    groups = {
+      "jellyfin" = {};
+    };
+    users = {
+      "sonarr".extraGroups = [ "jellyfin" ];
+      "radarr".extraGroups = [ "jellyfin" ];
+    };
+  };
+
+  services = {
+    jellyfin = {
+      enable = true;
+      openFirewall = true;
+      group = "jellyfin";
+    };
+
+    radarr = {
+      enable = true;
+      openFirewall = true;
+      group = "jellyfin";
+    };
+
+    sonarr = {
+      enable = true;
+      openFirewall = true;
+      group = "jellyfin";
+    };
+
+    bazarr = {
+      enable = true;
+      openFirewall = true;
+      group = "jellyfin";
+    };
+
+    lidarr = {
+      enable = true;
+      openFirewall = true;
+      group = "jellyfin";
+    };
+
+    jellyseerr = {
+      enable = true;
+      openFirewall = true;
+    };
+
+    prowlarr = {
+      enable = true;
+      openFirewall = true;
+    };
+
+    qbittorrent = {
+      enable = true;
+      openFirewall = true;
+      dataDir = "/var/media/qbittorrent";
+      port = 58080;
+
+      user = "qbittorrent";
+      group = "jellyfin";
+    };
+
+    sabnzbd = {
+      enable = true;
+      openFirewall = true;
+      configFile = "/var/media/sabnzbd/config.ini";
+
+      user = "sabnzbd";
+      group = "jellyfin";
+    };
+
+#    authelia = {
+#      enable = true;
+#    };
+    
+    caddy = {
+      enable = true;
+      virtualHosts = {
+#        "movies.kruining.eu".extraConfig = ''
+#          reverse_proxy http://127.0.0.1:8989
+#        '';
+#        "series.kruining.eu".extraConfig = ''
+#          reverse_proxy http://127.0.0.1:7878
+#        '';
+        "http://media.kruining.eu".extraConfig = ''
+          basicauth {
+            chris $2a$12$JrsmxrEJj2wLMdcFmEHbWeMJF9gWH/fnE/1Zv67cKvBtq4E4xsSEe
+          }
+          reverse_proxy http://127.0.0.1:9494
+        '';
+        "https://media.kruining.eu".extraConfig = ''
+          basicauth {
+            chris $2a$12$JrsmxrEJj2wLMdcFmEHbWeMJF9gWH/fnE/1Zv67cKvBtq4E4xsSEe
+          }
+          reverse_proxy http://127.0.0.1:9494
+        '';
+      };
+    };
+  };
+
+  virtualisation = {
+    containers.enable = true;
+
+    podman = {
+      enable = true;
+      dockerCompat = true;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+
+    oci-containers = {
+      backend = "podman";
+
+      containers = {
+        flaresolverr = {
+          image = "flaresolverr/flaresolverr";
+          autoStart = true;
+          ports = [ "127.0.0.1:8191:8191" ];
+        };
+        
+        homarr = {
+          image = "ghcr.io/ajnart/homarr:latest";
+          autoStart = true;
+          ports = [ "127.0.0.1:7575:7575" ];
+        };
+
+        reiverr = {
+          image = "ghcr.io/aleksilassila/reiverr:v2.0.0-alpha.5";
+          autoStart = true;
+          ports = [ "127.0.0.1:9494:9494" ];
+          volumes = [ "/var/media/reiverr/config:/config" ];
+        };
+      };
+    };
+  };
+
+  # Config file for nabnzbd
+#  environment.etc."nabnzbd.ini" = {
+#    mode = "0775"
+#    text = ''
+#      host = 127.0.0.1
+#      port = 9595
+#    '';
+#  };
+
+  # Open firewall for caddy
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
+}
--- a/modules/programs/nextcloud.nix
+++ b/modules/programs/nextcloud.nix
@ -0,0 +1,27 @@
+{ pkgs, config, ... }:
+{
+  imports = [
+    "${fetchTarball {
+      url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
+      sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";}}/nextcloud-extras.nix"
+  ];
+
+  environment.etc."nextcloud-admin-pass".text = "KaasIsAwesome!";
+
+  services.nextcloud = {
+    enable = true;
+    https = true;
+    package = pkgs.nextcloud29;
+    hostName = "localhost";
+    webserver = "caddy";
+    config = {
+      adminpassFile = "/etc/nextcloud-admin-pass";
+      dbtype = "sqlite";
+    };
+
+#    extraApps = {
+#      inherit (config.services.nextcloud.package.packages.apps) contacts calendar;
+#    };
+#    extraAppsEnable = true;
+  };
+}
--- a/modules/programs/nvidia.nix
+++ b/modules/programs/nvidia.nix
--- a/modules/programs/office.nix
+++ b/modules/programs/office.nix
@ -0,0 +1,13 @@
+{ pkgs, lib, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    onlyoffice-bin
+  ];
+
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [ "corefonts" ];
+
+  fonts.packages = with pkgs; [
+    corefonts
+  ];
+}
--- a/modules/programs/security.nix
+++ b/modules/programs/security.nix
@ -0,0 +1,12 @@
+{ pkgs, security, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    kdePackages.kwallet-pam
+    bitwarden
+  ];
+
+  security.pam.services.kwallet = {
+    name = "kwallet";
+    enableKwallet = true;
+  };
+}
--- a/modules/programs/shell.nix
+++ b/modules/programs/shell.nix
@ -0,0 +1,38 @@
+{ pkgs, config, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    git
+    gitkraken
+    zsh
+    bat
+    zoxide
+    eza
+    starship
+    alacritty
+    zed-editor
+    corepack_22
+    bun
+  ];
+
+  users.defaultUserShell = pkgs.zsh;
+
+  fonts = {
+    fontconfig.enable = true;
+    packages = with pkgs; [
+      noto-fonts
+      noto-fonts-cjk
+      noto-fonts-emoji
+      liberation_ttf
+      fira-code
+      fira-code-symbols
+      mplus-outline-fonts.githubRelease
+      dina-font
+      proggyfonts
+      (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; })
+    ];
+  };
+  
+  programs.zsh.enable = true;
+  programs.starship.enable = true;
+}
+
--- a/modules/programs/shell/rust.nix
+++ b/modules/programs/shell/rust.nix
@ -0,0 +1,40 @@
+{ pkgs ? import<nixpkgs> {} }:
+let
+  overrides = (builtins.fromTOML (builtins.readFile ./rust-toolchain.toml));
+  libPath = with pkgs; lib.makeLibraryPath [];
+
+in
+{
+  pkgs.mkShell rec {
+    buildInputs = with pkgs; [
+      clang
+      llvmPackages.bintools
+      rustup
+    ]:
+
+    RUSTC_VERSION = overrides.toolchain.channel
+    LIBCLANG_PATH = pkgs.lib.makeLibraryPath [ pkgs.llvmPackages_latest.libclang.lib ];
+    shellHook = ''
+      export PATH=$PATH:''${CARGO_HOME:-~/.cargo}/bin
+      export PATH=$PATH:''${RUSTUP_HOME:-~/.rustup}/toolchains/$RUSTC_VERSION-x86_64-unknown-linux-gnu/bin/
+      '';
+    # Add precompiled library to rustc search path
+    RUSTFLAGS = (builtins.map (a: ''-L ${a}/lib'') [
+      # add libraries here (e.g. pkgs.libvmi)
+    ]);
+    LD_LIBRARY_PATH = libPath;
+    # Add glibc, clang, glib, and other headers to bindgen search path
+    BINDGEN_EXTRA_CLANG_ARGS =
+    # Includes normal include path
+    (builtins.map (a: ''-I"${a}/include"'') [
+      # add dev libraries here (e.g. pkgs.libvmi.dev)
+      pkgs.glibc.dev
+    ])
+    # Includes with special directory paths
+    ++ [
+      ''-I"${pkgs.llvmPackages_latest.libclang.lib}/lib/clang/${pkgs.llvmPackages_latest.libclang.version}/include"''
+      ''-I"${pkgs.glib.dev}/include/glib-2.0"''
+      ''-I${pkgs.glib.out}/lib/glib-2.0/include/''
+    ];
+  };
+}
--- a/modules/programs/theme.nix
+++ b/modules/programs/theme.nix
@ -0,0 +1,5 @@
+{ pkgs, ... }:
+{
+  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/everforest.yaml";
+  stylix.image = ./wallpaper.jpg;
+}
--- a/modules/programs/wallpaper.jpg
+++ b/modules/programs/wallpaper.jpg