chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wiiiiips

Browse source
This commit is contained in:
Chris Kruining 2026-03-25 16:26:04 +01:00
parent ac3dac322d
commit a7a1763fe0
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
105 changed files with 1152 additions and 1093 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/nixos/application/default.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./steam
];
}

29
modules/nixos/application/steam.nix Normal file
View file

@ -0,0 +1,29 @@
{
lib,
pkgs,
config,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.application.steam;
in {
options.sneeuwvlok.application.steam = {
enable = mkEnableOption "enable steam";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [steam];
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
extraCompatPackages = with pkgs; [
proton-ge-bin
];
};
};
};
}

64
modules/nixos/application/steam/default.nix
View file

@ -1,64 +0,0 @@
{
inputs,
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.steam;
in {
options.${namespace}.application.steam = {
enable = mkEnableOption "enable steam";
};
config = mkIf cfg.enable {
# environment.systemPackages = with pkgs; [ steam ];
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
extraCompatPackages = with pkgs; [
proton-ge-bin
];
# package = pkgs.steam.override {
# extraEnv = {
# DXVK_HUD = "compiler";
# MANGOHUD = true;
# };
# };
# gamescopeSession = {
# enable = true;
# args = ["--immediate-flips"];
# };
};
# https://github.com/FeralInteractive/gamemode
# gamemode = {
# enable = true;
# enableRenice = true;
# settings = {};
# };
# gamescope = {
# enable = true;
# capSysNice = true;
# env = {
# DXVK_HDR = "1";
# ENABLE_GAMESCOPE_WSI = "1";
# WINE_FULLSCREEN_FSR = "1";
# WLR_RENDERER = "vulkan";
# };
# args = ["--hdr-enabled"];
# };
};
};
}

26
modules/nixos/boot/default.nix
View file

@ -1,14 +1,18 @@
{ lib, namespace, config, pkgs, ... }:
let
{
lib,
namespace,
config,
pkgs,
...
}: let
inherit (lib) mkIf mkMerge mkDefault mkOption;
inherit (lib.types) enum bool;
cfg = config.${namespace}.boot;
in
{
options.${namespace}.boot = {
cfg = config.sneeuwvlok.boot;
in {
options.sneeuwvlok.boot = {
type = mkOption {
type = enum [ "bios" "uefi" ];
type = enum ["bios" "uefi"];
default = "uefi";
};
@ -24,7 +28,7 @@ in
};
config = mkMerge [
({
{
boot = {
kernelPackages = pkgs.linuxPackages_latest;
@ -39,9 +43,9 @@ in
};
};
supportedFilesystems = [ "nfs" ];
supportedFilesystems = ["nfs"];
};
})
}
(mkIf (cfg.type == "bios") {
boot.loader.grub.efiSupport = false;
@ -87,7 +91,7 @@ in
theme = mkDefault "pixels";
themePackages = with pkgs; [
(adi1090x-plymouth-themes.override {
selected_themes = [ "pixels" ];
selected_themes = ["pixels"];
})
];
};

19
modules/nixos/default.nix
View file

@ -1,14 +1,15 @@
{
imports = [
./application
./boot
./desktop
./editor
./hardware
./home-manager
./nix
./application/steam.nix
./boot/default.nix
./editor/nano/default.nix
./editor/nvim/default.nix
./hardware/audio/default.nix
./home-manager/default.nix
./services
./shells
./system
./system/networking
./system/security/boot
./system/security/sops
./system/security/sudo
];
}

6
modules/nixos/desktop/cosmic/default.nix
View file

@ -7,13 +7,13 @@
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.cosmic;
cfg = config.sneeuwvlok.desktop.cosmic;
in {
options.${namespace}.desktop.cosmic = {
options.sneeuwvlok.desktop.cosmic = {
enable =
mkEnableOption "Enable Cosmic desktop"
// {
default = config.${namespace}.desktop.use == "cosmic";
default = config.sneeuwvlok.desktop.use == "cosmic";
};
};

6
modules/nixos/desktop/default.nix
View file

@ -7,7 +7,7 @@
inherit (lib) mkIf mkOption mkEnableOption mkMerge;
inherit (lib.types) nullOr enum;
cfg = config.${namespace}.desktop;
cfg = config.sneeuwvlok.desktop;
in {
imports = [
./cosmic
@ -16,7 +16,7 @@ in {
./plasma
];
options.${namespace}.desktop = {
options.sneeuwvlok.desktop = {
use = mkOption {
type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]);
default = null;
@ -33,7 +33,7 @@ in {
}
# (mkIf (cfg.use != null) {
# ${namespace}.desktop.${cfg.use}.enable = true;
# sneeuwvlok.desktop.${cfg.use}.enable = true;
# })
];
}

25
modules/nixos/desktop/gamescope/default.nix
View file

@ -1,18 +1,23 @@
{ lib, config, namespace, ... }:
let
{
lib,
config,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkForce;
cfg = config.${namespace}.desktop.gamescope;
in
{
options.${namespace}.desktop.gamescope = {
enable = mkEnableOption "Enable Steamdeck ui" // {
default = (config.${namespace}.desktop.use == "gamescope");
};
cfg = config.sneeuwvlok.desktop.gamescope;
in {
options.sneeuwvlok.desktop.gamescope = {
enable =
mkEnableOption "Enable Steamdeck ui"
// {
default = config.sneeuwvlok.desktop.use == "gamescope";
};
};
config = mkIf cfg.enable {
${namespace}.desktop.plasma.enable = true;
sneeuwvlok.desktop.plasma.enable = true;
services.displayManager.sddm.enable = mkForce false;
services.displayManager.gdm.enable = mkForce false;

28
modules/nixos/desktop/gnome/default.nix
View file

@ -1,16 +1,22 @@
{ lib, config, namespace, ... }:
let
{
lib,
config,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.gnome;
in
{
options.${namespace}.desktop.gnome = {
enable = mkEnableOption "Enable Gnome" // {
default = (config.${namespace}.desktop.use == "gnome");
};
cfg = config.sneeuwvlok.desktop.gnome;
in {
options.sneeuwvlok.desktop.gnome = {
enable =
mkEnableOption "Enable Gnome"
// {
default = config.sneeuwvlok.desktop.use == "gnome";
};
};
config = mkIf cfg.enable {
};
config =
mkIf cfg.enable {
};
}

24
modules/nixos/desktop/plasma/default.nix
View file

@ -1,14 +1,20 @@
{ pkgs, lib, config, namespace, ... }:
let
{
pkgs,
lib,
config,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.plasma;
in
{
options.${namespace}.desktop.plasma = {
enable = mkEnableOption "Enable KDE Plasma" // {
default = (config.${namespace}.desktop.use == "plasma");
};
cfg = config.sneeuwvlok.desktop.plasma;
in {
options.sneeuwvlok.desktop.plasma = {
enable =
mkEnableOption "Enable KDE Plasma"
// {
default = config.sneeuwvlok.desktop.use == "plasma";
};
};
config = mkIf cfg.enable {

4
modules/nixos/editor/nano/default.nix
View file

@ -2,10 +2,10 @@
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.editor.nano;
cfg = config.sneeuwvlok.editor.nano;
in
{
options.${namespace}.editor.nano = {
options.sneeuwvlok.editor.nano = {
enable = mkEnableOption "nano";
};

4
modules/nixos/editor/nvim/default.nix
View file

@ -2,10 +2,10 @@
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.editor.nvim;
cfg = config.sneeuwvlok.editor.nvim;
in
{
options.${namespace}.editor.nvim = {
options.sneeuwvlok.editor.nvim = {
enable = mkEnableOption "enable nvim via nvf on system level";
};

4
modules/nixos/hardware/audio/default.nix
View file

@ -2,10 +2,10 @@
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.has.audio;
cfg = config.sneeuwvlok.hardware.has.audio;
in
{
options.${namespace}.hardware.has.audio = mkEnableOption "Enable bluetooth";
options.sneeuwvlok.hardware.has.audio = mkEnableOption "Enable bluetooth";
config = mkIf cfg {
environment.systemPackages = with pkgs; [

4
modules/nixos/hardware/bluetooth/default.nix
View file

@ -2,10 +2,10 @@
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.has.bluetooth;
cfg = config.sneeuwvlok.hardware.has.bluetooth;
in
{
options.${namespace}.hardware.has.bluetooth = mkEnableOption "Enable bluetooth";
options.sneeuwvlok.hardware.has.bluetooth = mkEnableOption "Enable bluetooth";
config = mkIf cfg {
hardware.bluetooth = {

18
modules/nixos/hardware/gpu/amd/default.nix
View file

@ -1,14 +1,18 @@
{ pkgs, lib, namespace, config, ... }:
let
{
pkgs,
lib,
namespace,
config,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.has.gpu;
in
{
options.${namespace}.hardware.has.gpu.amd = mkEnableOption "Enable AMD gpu configuration";
cfg = config.sneeuwvlok.hardware.has.gpu;
in {
options.sneeuwvlok.hardware.has.gpu.amd = mkEnableOption "Enable AMD gpu configuration";
config = mkIf cfg.amd {
services.xserver.videoDrivers = [ "amd" ];
services.xserver.videoDrivers = ["amd"];
hardware = {
graphics = {

4
modules/nixos/hardware/gpu/nvidia.nix
View file

@ -2,10 +2,10 @@
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.has.gpu.nvidia;
cfg = config.sneeuwvlok.hardware.has.gpu.nvidia;
in
{
options.${namespace}.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration";
options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration";
config = mkIf cfg {
services.xserver.videoDrivers = [ "nvidia" ];

18
modules/nixos/hardware/gpu/nvidia/default.nix
View file

@ -1,14 +1,18 @@
{ pkgs, lib, namespace, config, ... }:
let
{
pkgs,
lib,
namespace,
config,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.has.gpu;
in
{
options.${namespace}.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration";
cfg = config.sneeuwvlok.hardware.has.gpu;
in {
options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration";
config = mkIf cfg.nvidia {
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.videoDrivers = ["nvidia"];
hardware = {
graphics = {

16
modules/nixos/hardware/keyboard/voyager.nix
View file

@ -1,11 +1,15 @@
{ lib, config, pkgs, namespace, ... }:
let
{
lib,
config,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.keyboard.voyager;
in
{
options.${namespace}.hardware.keyboard.voyager = {
cfg = config.sneeuwvlok.hardware.keyboard.voyager;
in {
options.sneeuwvlok.hardware.keyboard.voyager = {
enble = mkEnableOption "Enable tools for ZSA Voyager";
};

20
modules/nixos/nix/default.nix
View file

@ -1,9 +1,13 @@
{ pkgs, lib, namespace, config, ... }:
let
cfg = config.${namespace}.nix;
in
{
options.${namespace}.nix = {};
pkgs,
lib,
namespace,
config,
...
}: let
cfg = config.sneeuwvlok.nix;
in {
options.sneeuwvlok.nix = {};
config = {
programs.git.enable = true;
@ -14,9 +18,9 @@ in
extraOptions = "experimental-features = nix-command flakes pipe-operators";
settings = {
experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
allowed-users = [ "@wheel" ];
trusted-users = [ "@wheel" ];
experimental-features = ["nix-command" "flakes" "pipe-operators"];
allowed-users = ["@wheel"];
trusted-users = ["@wheel"];
auto-optimise-store = true;
connect-timeout = 5;

6
modules/nixos/services/authentication/authelia/default.nix
View file

@ -8,14 +8,14 @@
inherit (lib) mkIf mkEnableOption;
user = "authelia-testing";
cfg = config.${namespace}.services.authentication.authelia;
cfg = config.sneeuwvlok.services.authentication.authelia;
in {
options.${namespace}.services.authentication.authelia = {
options.sneeuwvlok.services.authentication.authelia = {
enable = mkEnableOption "Authelia";
};
config = mkIf cfg.enable {
${namespace}.services.networking.caddy = {
sneeuwvlok.services.networking.caddy = {
hosts = {
"auth.kruining.eu".extraConfig = ''
reverse_proxy http://127.0.0.1:9091

4
modules/nixos/services/authentication/himmelblau/default.nix
View file

@ -6,9 +6,9 @@
}: let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.services.authentication.himmelblau;
cfg = config.sneeuwvlok.services.authentication.himmelblau;
in {
options.${namespace}.services.authentication.himmelblau = {
options.sneeuwvlok.services.authentication.himmelblau = {
enable = mkEnableOption "enable azure entra ID authentication";
};

6
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -3,12 +3,12 @@ let
inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames;
inherit (sneeuwvlokLib.strings) toSnakeCase;
cfg = config.${namespace}.services.authentication.zitadel;
cfg = config.sneeuwvlok.services.authentication.zitadel;
database = "zitadel";
in
{
options.${namespace}.services.authentication.zitadel = {
options.sneeuwvlok.services.authentication.zitadel = {
enable = mkEnableOption "Zitadel";
organization = mkOption {
@ -537,7 +537,7 @@ in
};
in
mkIf cfg.enable {
${namespace}.services = {
sneeuwvlok.services = {
persistance.postgresql.enable = true;
networking.caddy = {

4
modules/nixos/services/backup/borg/default.nix
View file

@ -2,10 +2,10 @@
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.backup.borg;
cfg = config.sneeuwvlok.services.backup.borg;
in
{
options.${namespace}.services.backup.borg = {
options.sneeuwvlok.services.backup.borg = {
enable = mkEnableOption "Borg Backup";
};

6
modules/nixos/services/communication/matrix/default.nix
View file

@ -8,7 +8,7 @@
inherit (builtins) toString toJSON;
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.communication.matrix;
cfg = config.sneeuwvlok.services.communication.matrix;
domain = "kruining.eu";
fqn = "matrix.${domain}";
@ -17,12 +17,12 @@
database = "synapse";
keyFile = "/var/lib/element-call/key";
in {
options.${namespace}.services.communication.matrix = {
options.sneeuwvlok.services.communication.matrix = {
enable = mkEnableOption "Matrix server (Synapse)";
};
config = mkIf cfg.enable {
${namespace}.services = {
sneeuwvlok.services = {
persistance.postgresql.enable = true;
# virtualisation.podman.enable = true;

6
modules/nixos/services/development/forgejo/default.nix
View file

@ -8,10 +8,10 @@
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption;
cfg = config.${namespace}.services.development.forgejo;
cfg = config.sneeuwvlok.services.development.forgejo;
domain = "git.amarth.cloud";
in {
options.${namespace}.services.development.forgejo = {
options.sneeuwvlok.services.development.forgejo = {
enable = mkEnableOption "Forgejo";
port = mkOption {
@ -25,7 +25,7 @@ in {
};
config = mkIf cfg.enable {
${namespace}.services = {
sneeuwvlok.services = {
persistance.postgresql.enable = true;
virtualisation.podman.enable = true;

4
modules/nixos/services/games/minecraft/default.nix
View file

@ -8,9 +8,9 @@
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str;
cfg = config.${namespace}.services.games.minecraft;
cfg = config.sneeuwvlok.services.games.minecraft;
in {
options.${namespace}.services.games.minecraft = {
options.sneeuwvlok.services.games.minecraft = {
enable = mkEnableOption "Minecraft";
user = mkOption {

18
modules/nixos/services/games/openrct.nix
View file

@ -1,11 +1,15 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.games.openrct;
in
{
options.${namespace}.services.games.openrct = {
cfg = config.sneeuwvlok.services.games.openrct;
in {
options.sneeuwvlok.services.games.openrct = {
enable = mkEnableOption "OpenRCT2";
};
@ -16,7 +20,7 @@ in
systemd.services.openrct = {
enable = true;
after = [ "network.target"];
after = ["network.target"];
description = "OpenRCT2 Server";
serviceConfig = {
Type = "";

4
modules/nixos/services/games/palworld/default.nix
View file

@ -6,9 +6,9 @@
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.games.palworld;
cfg = config.sneeuwvlok.services.games.palworld;
in {
options.${namespace}.services.games.palworld = {
options.sneeuwvlok.services.games.palworld = {
enable = mkEnableOption "Palworld";
};

4
modules/nixos/services/media/default.nix
View file

@ -8,7 +8,7 @@
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str;
cfg = config.${namespace}.services.media;
cfg = config.sneeuwvlok.services.media;
in {
imports = [
./glance
@ -19,7 +19,7 @@ in {
./servarr
];
options.${namespace}.services.media = {
options.sneeuwvlok.services.media = {
enable = mkEnableOption "Enable media services";
user = mkOption {

6
modules/nixos/services/media/glance/default.nix
View file

@ -6,14 +6,14 @@
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.glance;
cfg = config.sneeuwvlok.services.media.glance;
in {
options.${namespace}.services.media.glance = {
options.sneeuwvlok.services.media.glance = {
enable = mkEnableOption "Enable Glance";
};
config = mkIf cfg.enable {
${namespace}.services.networking.caddy.hosts = {
sneeuwvlok.services.networking.caddy.hosts = {
"https://${config.networking.hostName}:443" = ''
reverse_proxy http://[::1]:2000
'';

6
modules/nixos/services/media/jellyfin/default.nix
View file

@ -9,14 +9,14 @@
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.jellyfin;
cfg = config.sneeuwvlok.services.media.jellyfin;
in {
options.${namespace}.services.media.jellyfin = {
options.sneeuwvlok.services.media.jellyfin = {
enable = mkEnableOption "Enable jellyfin server";
};
config = mkIf cfg.enable {
${namespace}.services.networking.caddy = {
sneeuwvlok.services.networking.caddy = {
hosts = {
"jellyfin.kruining.eu" = ''
reverse_proxy http://[::1]:8096

4
modules/nixos/services/media/mydia/default.nix
View file

@ -6,9 +6,9 @@
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.mydia;
cfg = config.sneeuwvlok.services.media.mydia;
in {
options.${namespace}.services.media.mydia = {
options.sneeuwvlok.services.media.mydia = {
enable = mkEnableOption "Enable Mydia";
};

6
modules/nixos/services/media/nextcloud/default.nix
View file

@ -8,9 +8,9 @@
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str;
cfg = config.${namespace}.services.media.nextcloud;
cfg = config.sneeuwvlok.services.media.nextcloud;
in {
options.${namespace}.services.media.nextcloud = {
options.sneeuwvlok.services.media.nextcloud = {
enable = mkEnableOption "Nextcloud";
user = mkOption {
@ -25,7 +25,7 @@ in {
};
config = mkIf cfg.enable {
${namespace}.services.networking.caddy = {
sneeuwvlok.services.networking.caddy = {
hosts."cloud.kruining.eu" = ''
php_fastcgi unix//run/phpfpm/nextcloud.sock {
env front_controller_active true

4
modules/nixos/services/media/nfs/default.nix
View file

@ -2,10 +2,10 @@
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.nfs;
cfg = config.sneeuwvlok.services.media.nfs;
in
{
options.${namespace}.services.media.nfs = {
options.sneeuwvlok.services.media.nfs = {
enable = mkEnableOption "Enable NFS";
};

4
modules/nixos/services/media/servarr/default.nix
View file

@ -9,11 +9,11 @@
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.servarr;
cfg = config.sneeuwvlok.services.media.servarr;
servarr = import ./lib.nix {inherit lib;};
anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0);
in {
options.${namespace}.services.media = {
options.sneeuwvlok.services.media = {
servarr = mkOption {
type = types.attrsOf (types.submodule ({name, ...}: {
options = {

4
modules/nixos/services/networking/caddy/default.nix
View file

@ -8,14 +8,14 @@
inherit (builtins) length;
inherit (lib) mkIf mkEnableOption mkOption types attrNames mapAttrs;
cfg = config.${namespace}.services.networking.caddy;
cfg = config.sneeuwvlok.services.networking.caddy;
hasHosts = (cfg.hosts |> attrNames |> length) > 0;
caddyPackage = pkgs.caddy.withPlugins {
plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs=";
};
in {
options.${namespace}.services.networking.caddy = {
options.sneeuwvlok.services.networking.caddy = {
enable = mkEnableOption "enable caddy" // {default = true;};
hosts = mkOption {

19
modules/nixos/services/networking/ssh/default.nix
View file

@ -1,12 +1,15 @@
{ config, lib, namespace, ... }:
let
{
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.networking.ssh;
in
{
options.${namespace}.services.networking.ssh = {
cfg = config.sneeuwvlok.services.networking.ssh;
in {
options.sneeuwvlok.services.networking.ssh = {
enable = mkEnableOption "enable ssh";
};
@ -14,10 +17,10 @@ in
services.openssh = {
enable = true;
openFirewall = true;
ports = [ 22 ];
ports = [22];
settings = {
PasswordAuthentication = true;
AllowUsers = [ "chris" "root" ];
AllowUsers = ["chris" "root"];
UseDns = true;
UsePAM = true;
PermitRootLogin = "prohibit-password";

4
modules/nixos/services/networking/wireguard/default.nix
View file

@ -8,10 +8,10 @@
inherit (builtins) length;
inherit (lib) mkIf mkEnableOption mkOption types attrNames attrsToList listToAttrs;
cfg = config.${namespace}.services.networking.wireguard;
cfg = config.sneeuwvlok.services.networking.wireguard;
hasPeers = (cfg.peer |> attrNames |> length) > 0;
in {
options.${namespace}.services.networking.wireguard = {
options.sneeuwvlok.services.networking.wireguard = {
# enable = mkEnableOption "enable wireguard" // {default = true;};
peer = mkOption {

4
modules/nixos/services/observability/grafana/default.nix
View file

@ -8,12 +8,12 @@
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.observability.grafana;
cfg = config.sneeuwvlok.services.observability.grafana;
db_user = "grafana";
db_name = "grafana";
in {
options.${namespace}.services.observability.grafana = {
options.sneeuwvlok.services.observability.grafana = {
enable = mkEnableOption "enable Grafana";
};

18
modules/nixos/services/observability/loki/default.nix
View file

@ -1,12 +1,16 @@
{ pkgs, config, lib, namespace, ... }:
let
{
pkgs,
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.observability.loki;
in
{
options.${namespace}.services.observability.loki = {
cfg = config.sneeuwvlok.services.observability.loki;
in {
options.sneeuwvlok.services.observability.loki = {
enable = mkEnableOption "enable Grafana Loki";
};
@ -44,6 +48,6 @@ in
};
};
networking.firewall.allowedTCPPorts = [ 9003 ];
networking.firewall.allowedTCPPorts = [9003];
};
}

4
modules/nixos/services/observability/prometheus/default.nix
View file

@ -3,10 +3,10 @@ let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.observability.prometheus;
cfg = config.sneeuwvlok.services.observability.prometheus;
in
{
options.${namespace}.services.observability.prometheus = {
options.sneeuwvlok.services.observability.prometheus = {
enable = mkEnableOption "enable Prometheus";
};

4
modules/nixos/services/observability/promtail/default.nix
View file

@ -8,9 +8,9 @@
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.observability.promtail;
cfg = config.sneeuwvlok.services.observability.promtail;
in {
options.${namespace}.services.observability.promtail = {
options.sneeuwvlok.services.observability.promtail = {
enable = mkEnableOption "enable Grafana Promtail";
};

20
modules/nixos/services/observability/uptime-kuma/default.nix
View file

@ -1,12 +1,16 @@
{ pkgs, config, lib, namespace, ... }:
let
{
pkgs,
config,
lib,
namespace,
...
}: let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.observability.uptime-kuma;
in
{
options.${namespace}.services.observability.uptime-kuma = {
cfg = config.sneeuwvlok.services.observability.uptime-kuma;
in {
options.sneeuwvlok.services.observability.uptime-kuma = {
enable = mkEnableOption "enable uptime kuma";
};
@ -19,7 +23,7 @@ in
HOST = "0.0.0.0";
};
};
networking.firewall.allowedTCPPorts = [ 9006 ];
networking.firewall.allowedTCPPorts = [9006];
};
}

4
modules/nixos/services/persistance/postgesql/default.nix
View file

@ -7,9 +7,9 @@
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.persistance.postgresql;
cfg = config.sneeuwvlok.services.persistance.postgresql;
in {
options.${namespace}.services.persistance.postgresql = {
options.sneeuwvlok.services.persistance.postgresql = {
enable = mkEnableOption "Postgresql";
};

6
modules/nixos/services/security/vaultwarden/default.nix
View file

@ -10,7 +10,7 @@
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep;
cfg = config.${namespace}.services.security.vaultwarden;
cfg = config.sneeuwvlok.services.security.vaultwarden;
databaseProviderSqlite = types.submodule ({...}: {
options = {
@ -78,7 +78,7 @@
// (urlOptions |> getAttrs ["protocol" "host" "port"]);
});
in {
options.${namespace}.services.security.vaultwarden = {
options.sneeuwvlok.services.security.vaultwarden = {
enable = mkEnableOption "enable vaultwarden";
database = mkOption {
@ -93,7 +93,7 @@ in {
};
config = mkIf cfg.enable {
${namespace}.services.networking.caddy.hosts = {
sneeuwvlok.services.networking.caddy.hosts = {
"vault.kruining.eu" = ''
encode zstd gzip

17
modules/nixos/services/virtualisation/podman/default.nix
View file

@ -1,11 +1,16 @@
{ config, options, lib, pkgs, namespace, ... }:
let
{
config,
options,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.virtualisation.podman;
in
{
options.${namespace}.services.virtualisation.podman = {
cfg = config.sneeuwvlok.services.virtualisation.podman;
in {
options.sneeuwvlok.services.virtualisation.podman = {
enable = mkEnableOption "enable podman";
};

2
modules/nixos/shells/default.nix
View file

@ -1,2 +0,0 @@
{...}: {
}

17
modules/nixos/shells/zsh/default.nix
View file

@ -1,11 +1,16 @@
{ inputs, config, lib, pkgs, namespace, ... }:
let
{
inputs,
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.zsh;
in
{
options.${namespace}.shell.zsh = {
cfg = config.sneeuwvlok.shell.zsh;
in {
options.sneeuwvlok.shell.zsh = {
enable = mkEnableOption "enable zsh shell";
};

6
modules/nixos/system/default.nix
View file

@ -1,6 +0,0 @@
{
imports = [
./networking
./security
];
}

4
modules/nixos/system/networking/default.nix
View file

@ -2,10 +2,10 @@
let
inherit (lib) mkDefault;
cfg = config.${namespace}.system.networking;
cfg = config.sneeuwvlok.system.networking;
in
{
options.${namespace}.system.networking = {};
options.sneeuwvlok.system.networking = {};
config = {
systemd.services.NetworkManager-wait-online.enable = false;

17
modules/nixos/system/security/boot/default.nix
View file

@ -1,13 +1,16 @@
{ config, namespace, inputs, ... }:
let
cfg = config.${namespace}.system.security.boot;
in
{
options.${namespace}.system.security.boot = {};
config,
namespace,
inputs,
...
}: let
cfg = config.sneeuwvlok.system.security.boot;
in {
options.sneeuwvlok.system.security.boot = {};
config = {
boot = {
kernelModules = [ "tcp_bbr" ];
kernelModules = ["tcp_bbr"];
kernel.sysctl = {
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
@ -43,4 +46,4 @@ in
};
};
};
}
}

43
modules/nixos/system/security/default.nix
View file

@ -1,29 +1,28 @@
{ config, namespace, inputs, ... }:
let
cfg = config.${namespace}.system.security;
in
{
imports = [
./boot
./sops
./sudo
];
{...}: {
flake.modules.nixos.sneeuwvlok.system.security = {
config,
namespace,
inputs,
...
}: let
cfg = config.sneeuwvlok.system.security;
in {
options.sneeuwvlok.system.security = {};
options.${namespace}.system.security = {};
config = {
security = {
acme.acceptTerms = true;
polkit.enable = true;
config = {
security = {
acme.acceptTerms = true;
polkit.enable = true;
pam = {
u2f = {
enable = true;
settings.cue = true;
pam = {
u2f = {
enable = true;
settings.cue = true;
};
};
};
};
programs.gnupg.agent.enable = true;
programs.gnupg.agent.enable = true;
};
};
}

16
modules/nixos/system/security/sops/default.nix
View file

@ -1,12 +1,16 @@
{ pkgs, config, namespace, repoRoot, ... }:
let
cfg = config.${namespace}.system.security.sops;
in
{
options.${namespace}.system.security.sops = {};
pkgs,
config,
namespace,
repoRoot,
...
}: let
cfg = config.sneeuwvlok.system.security.sops;
in {
options.sneeuwvlok.system.security.sops = {};
config = {
environment.systemPackages = with pkgs; [ sops ];
environment.systemPackages = with pkgs; [sops];
sops = {
defaultSopsFormat = "yaml";

4
modules/nixos/system/security/sudo/default.nix
View file

@ -1,9 +1,9 @@
{ config, namespace, ... }:
let
cfg = config.${namespace}.system.security.sudo;
cfg = config.sneeuwvlok.system.security.sudo;
in
{
options.${namespace}.system.security.sudo = {};
options.sneeuwvlok.system.security.sudo = {};
config = {
security = {