chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wiiiiips

Browse source
This commit is contained in:
Chris Kruining 2026-03-25 16:26:04 +01:00
parent ac3dac322d
commit a7a1763fe0
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
105 changed files with 1152 additions and 1093 deletions
Download patch file Download diff file Expand all files Collapse all files

154
clan.nix
View file

@ -1,7 +1,4 @@
{ {
baseNixosModules,
lib,
}: {
meta = { meta = {
name = "arda"; name = "arda";
domain = "arda"; domain = "arda";
@ -11,60 +8,60 @@
directory = ./.; directory = ./.;
inventory.machines = { inventory.machines = {
aule = { # aule = {
name = "aule"; # name = "aule";
description = "Planned build server."; # description = "Planned build server.";
machineClass = "nixos"; # machineClass = "nixos";
tags = ["planned" "build"]; # tags = ["planned" "build"];
}; # };
mandos = { # mandos = {
name = "mandos"; # name = "mandos";
description = "Living room Steam box."; # description = "Living room Steam box.";
machineClass = "nixos"; # machineClass = "nixos";
tags = ["gaming" "living-room"]; # tags = ["gaming" "living-room"];
}; # };
manwe = { # manwe = {
name = "manwe"; # name = "manwe";
description = "Main desktop."; # description = "Main desktop.";
machineClass = "nixos"; # machineClass = "nixos";
tags = ["desktop"]; # tags = ["desktop"];
}; # };
melkor = { # melkor = {
name = "melkor"; # name = "melkor";
description = "Planned machine with no defined role yet."; # description = "Planned machine with no defined role yet.";
machineClass = "nixos"; # machineClass = "nixos";
tags = []; # tags = [];
}; # };
orome = { # orome = {
name = "orome"; # name = "orome";
description = "Work laptop."; # description = "Work laptop.";
machineClass = "nixos"; # machineClass = "nixos";
tags = ["laptop" "work"]; # tags = ["laptop" "work"];
}; # };
tulkas = { # tulkas = {
name = "tulkas"; # name = "tulkas";
description = "Steam Deck."; # description = "Steam Deck.";
machineClass = "nixos"; # machineClass = "nixos";
tags = ["gaming" "handheld"]; # tags = ["gaming" "handheld"];
}; # };
ulmo = { ulmo = {
name = "ulmo"; name = "ulmo";
description = "Primary self-hosted services machine."; description = "Primary self-hosted services machine.";
machineClass = "nixos"; machineClass = "nixos";
tags = ["server" "services"]; tags = ["server" "services"];
}; };
varda = { # varda = {
name = "varda"; # name = "varda";
description = "Planned machine with no defined role yet."; # description = "Planned machine with no defined role yet.";
machineClass = "nixos"; # machineClass = "nixos";
tags = []; # tags = [];
}; # };
yavanna = { # yavanna = {
name = "yavanna"; # name = "yavanna";
description = "Planned machine with no defined role yet."; # description = "Planned machine with no defined role yet.";
machineClass = "nixos"; # machineClass = "nixos";
tags = []; # tags = [];
}; # };
}; };
inventory.instances = { inventory.instances = {
@ -79,7 +76,7 @@
roles.default.settings = { roles.default.settings = {
user = "chris"; user = "chris";
groups = [ "wheel" ]; groups = ["wheel"];
prompt = true; prompt = true;
share = true; share = true;
}; };
@ -87,53 +84,10 @@
}; };
machines = { machines = {
mandos = { # mandos = {};
imports = baseNixosModules ++ [ # manwe = {};
{ # orome = {};
networking.hostName = lib.mkDefault "mandos"; # tulkas = {};
} ulmo = {};
./machines/mandos/configuration.nix
./users/chris/mandos.nix
];
};
manwe = {
imports = baseNixosModules ++ [
{
networking.hostName = lib.mkDefault "manwe";
}
./machines/manwe/configuration.nix
./users/chris/manwe.nix
];
};
orome = {
imports = baseNixosModules ++ [
{
networking.hostName = lib.mkDefault "orome";
}
./machines/orome/configuration.nix
./users/chris/orome.nix
];
};
tulkas = {
imports = baseNixosModules ++ [
{
networking.hostName = lib.mkDefault "tulkas";
}
./machines/tulkas/configuration.nix
./users/chris/tulkas.nix
];
};
ulmo = {
imports = baseNixosModules ++ [
{
networking.hostName = lib.mkDefault "ulmo";
}
./machines/ulmo/configuration.nix
];
};
}; };
} }

0
shells/default/default.nix → devShell.nix
View file

100
flake.lock generated
View file

@ -184,11 +184,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1774250935, "lastModified": 1774423251,
"narHash": "sha256-mWID0WFgTnd9hbEeaPNX+YYWF70JN3r7zBouEqERJOE=", "narHash": "sha256-g/PP8G9WcP4vtZVOBNYwfGxLnwLQoTERHnef8irAMeQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "64d7705e8c37d650cfb1aa99c24a8ce46597f29e", "rev": "b70d7535088cd8a9e4322c372a475f66ffa18adf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -445,11 +445,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773992301, "lastModified": 1774387289,
"narHash": "sha256-lm1qy9P463cblBAFC2g8VaALR1Gje1oyYXCPtiEumus=", "narHash": "sha256-Z/0IfVHrb0lEdv1WcHEe/ni4utBMR2GXZIktzYcTDSU=",
"owner": "himmelblau-idm", "owner": "himmelblau-idm",
"repo": "himmelblau", "repo": "himmelblau",
"rev": "fcb8966990c24f97fe224fa0c8977fe730d4cf50", "rev": "b2eccc7cb188253e49bffdddd743d01f52ab9625",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -465,11 +465,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774210133, "lastModified": 1774379316,
"narHash": "sha256-yeiWCY9aAUUJ3ebMVjs0UZXRnT5x90MCtpbpOWiXrvM=", "narHash": "sha256-0nGNxWDUH2Hzlj/R3Zf4FEK6fsFNB/dvewuboSRZqiI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c6fe2944ad9f2444b2d767c4a5edee7c166e8a95", "rev": "1eb0549a1ab3fe3f5acf86668249be15fa0e64f7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -499,6 +499,21 @@
"type": "github" "type": "github"
} }
}, },
"import-tree": {
"locked": {
"lastModified": 1773693634,
"narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=",
"owner": "vic",
"repo": "import-tree",
"rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "import-tree",
"type": "github"
}
},
"jovian": { "jovian": {
"inputs": { "inputs": {
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
@ -507,11 +522,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774168156, "lastModified": 1774333446,
"narHash": "sha256-+pwZSARdlM2RQQ6V0q76+WMKW9aNIcxkSOIThcz/f0A=", "narHash": "sha256-jeAUd4mfLle7Zw8F3lDdXvw2cmeP3FgVphHq2XuEKbs=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "939caad56508542d0f19cab963e2bc693f5f2831", "rev": "79b45622eff2ae0437d7a712610044bbc7b87fa2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -645,11 +660,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1774060651, "lastModified": 1774407052,
"narHash": "sha256-sZiam+rmNcOZGnlbnqDD9oTwfMdQUM+uQmFqqSoe194=", "narHash": "sha256-rUkn7Bo3PAlpcZl8+0FDsTwFyDwvS4xwMT9+RJ+XJoE=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "46727bd27d32d63069ed26a690554373ae2b4702", "rev": "70daf1f48885f0b4a70797076cd2ff5d9139b46e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -752,11 +767,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1774259547, "lastModified": 1774449288,
"narHash": "sha256-5EQ1TL+R/tcsoGas1oALp5Tj2ACfSul+pfrrxP72xC0=", "narHash": "sha256-ukB6NS45Oi62fQM4RpZfx3dpqxIu66ADCCFl6h72Fjo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b3f8d82c4c685fb6f3080745dab8f07606ae50d3", "rev": "cd0256cd8c537170cf24827fa821efb57aed9f40",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -816,11 +831,11 @@
}, },
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1774273680, "lastModified": 1773840656,
"narHash": "sha256-a++tZ1RQsDb1I0NHrFwdGuRlR5TORvCEUksM459wKUA=", "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fdc7b8f7b30fdbedec91b71ed82f36e1637483ed", "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -865,11 +880,11 @@
"systems": "systems_3" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1774224548, "lastModified": 1774375131,
"narHash": "sha256-g45WZAZHNc7wJBkK4IdB5dq0Bh0JE7G0gcY2H5DFi44=", "narHash": "sha256-d22VIgsDXagQQWnAnebYeQWGHlmF81YRwuGCzAgNZAQ=",
"owner": "notashelf", "owner": "notashelf",
"repo": "nvf", "repo": "nvf",
"rev": "edfb73fa4ced576f587d259a70a513b4152f8cea", "rev": "d847d401bea4dcb1478d02a61a3209fa8512f71d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -911,6 +926,7 @@
"grub2-themes": "grub2-themes", "grub2-themes": "grub2-themes",
"himmelblau": "himmelblau", "himmelblau": "himmelblau",
"home-manager": "home-manager", "home-manager": "home-manager",
"import-tree": "import-tree",
"jovian": "jovian", "jovian": "jovian",
"mydia": "mydia", "mydia": "mydia",
"nix-minecraft": "nix-minecraft", "nix-minecraft": "nix-minecraft",
@ -922,6 +938,7 @@
"plasma-manager": "plasma-manager", "plasma-manager": "plasma-manager",
"sops-nix": "sops-nix_2", "sops-nix": "sops-nix_2",
"stylix": "stylix", "stylix": "stylix",
"systems": "systems_5",
"terranix": "terranix", "terranix": "terranix",
"zen-browser": "zen-browser" "zen-browser": "zen-browser"
} }
@ -929,11 +946,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1774221325, "lastModified": 1774376228,
"narHash": "sha256-aEIdkqB8gtQZtEbogdUb5iyfcZpKIlD3FkG8ANu73/I=", "narHash": "sha256-7oA0u4aghFjjIcIDKZ26NUpXH7hVXGPC0sI1OfK7NUk=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "b42b63f390a4dab14e6efa34a70e67f5b087cc62", "rev": "eabb84b771420b8396ab4bb4747694302d9be277",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -969,11 +986,11 @@
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1774154798, "lastModified": 1774303811,
"narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=", "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170", "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1089,13 +1106,28 @@
"type": "github" "type": "github"
} }
}, },
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"terranix": { "terranix": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_5", "flake-parts": "flake-parts_5",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_5" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1773700838, "lastModified": 1773700838,
@ -1221,11 +1253,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774242250, "lastModified": 1774352774,
"narHash": "sha256-pchbnY7KVnH26g4O3LZO8vpshInqNj937gAqlPob1Mk=", "narHash": "sha256-gibUM0pSnLxEeuFrYA8T1oEaixk+fjQpqXbYaxcEX/4=",
"owner": "0xc000022070", "owner": "0xc000022070",
"repo": "zen-browser-flake", "repo": "zen-browser-flake",
"rev": "f19c3e6683c2d2f3fcfcb88fb691931a104bc47c", "rev": "a0f3d47dbd8f8618a1920d5a5ca09b7993415895",
"type": "github" "type": "github"
}, },
"original": { "original": {

74
flake.nix
View file

@ -1,11 +1,17 @@
{ {
description = "Nixos config flake"; description = "Nixos config flake";
nixConfig = {
warn-dirty = false;
extra-experimental-features = ["nix-command" "flakes" "pipe-operators"];
};
inputs = { inputs = {
flake-parts = { flake-parts = {
url = "github:hercules-ci/flake-parts"; url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "clan-core/nixpkgs"; inputs.nixpkgs-lib.follows = "clan-core/nixpkgs";
}; };
import-tree.url = "github:vic/import-tree";
clan-core = { clan-core = {
url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
@ -13,6 +19,7 @@
}; };
nixpkgs.follows = "clan-core/nixpkgs"; nixpkgs.follows = "clan-core/nixpkgs";
systems.url = "github:nix-systems/default";
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
@ -25,21 +32,9 @@
inputs.home-manager.follows = "home-manager"; inputs.home-manager.follows = "home-manager";
}; };
# Legacy ISO flow removed in favor of Clan install workflows.
# nixos-generators = {
# url = "github:nix-community/nixos-generators";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# neovim # neovim
nvf.url = "github:notashelf/nvf"; nvf.url = "github:notashelf/nvf";
# Unused input retained as a comment for easy recovery.
# nixos-boot.url = "github:Melkor333/nixos-boot";
# Unused input retained as a comment for easy recovery.
# firefox.url = "github:nix-community/flake-firefox-nightly";
stylix.url = "github:nix-community/stylix"; stylix.url = "github:nix-community/stylix";
# Rust toolchain # Rust toolchain
@ -78,15 +73,6 @@
url = "github:vinceliuice/grub2-themes"; url = "github:vinceliuice/grub2-themes";
}; };
# Unused input retained as a comment for easy recovery.
# nixos-wsl = {
# url = "github:nix-community/nixos-wsl";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# flake-compat.follows = "";
# };
# };
terranix = { terranix = {
url = "github:terranix/terranix"; url = "github:terranix/terranix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -98,23 +84,41 @@
}; };
}; };
outputs = inputs@{flake-parts, ...}: outputs = inputs @ {
flake-parts,
nixpkgs,
systems,
...
}:
flake-parts.lib.mkFlake {inherit inputs;} { flake-parts.lib.mkFlake {inherit inputs;} {
systems = [ systems = import systems;
"x86_64-linux" clan = import ./clan.nix;
"aarch64-linux"
"x86_64-darwin" imports = with inputs; [
"aarch64-darwin" flake-parts.flakeModules.modules
clan-core.flakeModules.default
]; ];
imports = [ perSystem = {system, ...}: {
inputs.clan-core.flakeModules.default _module.args = {
inputs.home-manager.flakeModules.home-manager pkgs = import nixpkgs {
./lib/default.nix inherit system;
./machines/default.nix
./packages/default.nix overlays = with inputs; [
./shells/default/default.nix fenix.overlays.default
./users/default.nix nix-minecraft.overlay
flux.overlays.default
];
config = {
allowUnfree = true;
permittedInsecurePackages = [
# I think this is because of zen
"qtwebengine-5.15.19"
]; ];
}; };
};
};
};
};
} }

35
lib/default.nix
View file

@ -7,34 +7,6 @@
inherit (lib) mkOption types; inherit (lib) mkOption types;
namespace = "sneeuwvlok"; namespace = "sneeuwvlok";
channelConfig = {
allowUnfree = true;
permittedInsecurePackages = [
# Due to *arr stack
"dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36"
# I think this is because of zen
"qtwebengine-5.15.19"
# For Nheko, the matrix client
"olm-3.2.16"
];
};
systemOverlays = with inputs; [
fenix.overlays.default
nix-minecraft.overlay
flux.overlays.default
];
mkPkgs = system:
import inputs.nixpkgs {
inherit system;
overlays = systemOverlays;
config = channelConfig;
};
sharedContext = { sharedContext = {
inherit inputs namespace; inherit inputs namespace;
erosanixLib = inputs.erosanix.lib; erosanixLib = inputs.erosanix.lib;
@ -54,11 +26,6 @@
inputs.nvf.nixosModules.default inputs.nvf.nixosModules.default
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
{ {
nixpkgs = {
config = channelConfig;
overlays = systemOverlays;
};
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
@ -67,7 +34,7 @@
}; };
} }
] ]
++ [ ../modules/nixos ]; ++ [../modules/nixos];
in { in {
imports = [ imports = [
./options ./options

561
machines/ulmo/configuration.nix
View file

@ -1,276 +1,301 @@
{...}: { {
pkgs,
inputs,
...
}: {
imports = [ imports = [
./disks.nix ./disks.nix
./hardware.nix ./hardware.nix
../../modules/nixos
]; ];
sneeuwvlok.application.steam.enable = true;
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
networking = {
interfaces.enp2s0 = {
ipv6.addresses = [
{
address = "2a0d:6e00:1dc9:0::dead:beef";
prefixLength = 64;
}
];
useDHCP = true;
};
defaultGateway = {
address = "192.168.1.1";
interface = "enp2s0";
};
defaultGateway6 = {
address = "fe80::1";
interface = "enp2s0";
};
};
# virtualisation = {
# containers.enable = true;
# podman = {
# enable = true;
# dockerCompat = true;
# };
# oci-containers = {
# backend = "podman";
# containers = {
# homey = {
# image = "ghcr.io/athombv/homey-shs:latest";
# autoStart = true;
# privileged = true;
# volumes = [
# "/home/chris/.homey-shs:/homey/user"
# ];
# ports = [
# "4859:4859"
# ];
# };
# };
# };
# };
sneeuwvlok = {
services = {
backup.borg.enable = true;
authentication.zitadel = {
enable = true;
organization = {
nix = {
user = {
chris = {
email = "chris@kruining.eu";
firstName = "Chris";
lastName = "Kruining";
roles = ["ORG_OWNER"];
instanceRoles = ["IAM_OWNER"];
};
kaas = {
email = "chris+kaas@kruining.eu";
firstName = "Kaas";
lastName = "Kruining";
};
};
project = {
ulmo = {
projectRoleCheck = true;
projectRoleAssertion = true;
hasProjectCheck = true;
role = {
jellyfin = {
group = "jellyfin";
};
jellyfin_admin = {
group = "jellyfin";
};
};
assign = {
chris = ["jellyfin" "jellyfin_admin"];
kaas = ["jellyfin"];
};
application = {
jellyfin = {
redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
};
forgejo = {
redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
};
vaultwarden = {
redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
exportMap = {
client_id = "SSO_CLIENT_ID";
client_secret = "SSO_CLIENT_SECRET";
};
};
matrix = {
redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
};
mydia = {
redirectUris = ["http://localhost:2010/auth/oidc/callback"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
};
grafana = {
redirectUris = ["http://localhost:9001/login/generic_oauth"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
};
};
};
convex = {
projectRoleCheck = true;
projectRoleAssertion = true;
hasProjectCheck = true;
application = {
scry = {
redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
};
};
};
};
action = {
flattenRoles = {
script = ''
(ctx, api) => {
if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) {
return;
}
const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role));
api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles }));
};
'';
};
};
triggers = [
{
flowType = "customiseToken";
triggerType = "preUserinfoCreation";
actions = ["flattenRoles"];
}
{
flowType = "customiseToken";
triggerType = "preAccessTokenCreation";
actions = ["flattenRoles"];
}
];
};
};
};
communication.matrix.enable = true;
development.forgejo.enable = true;
networking.ssh.enable = true;
networking.caddy.hosts = {
# Expose amarht cloud stuff like this until I have a proper solution
"auth.amarth.cloud" = ''
reverse_proxy http://192.168.1.223:9092
'';
"amarth.cloud" = ''
reverse_proxy http://192.168.1.223:8080
'';
};
media.enable = true;
media.glance.enable = true;
media.mydia.enable = true;
media.nfs.enable = true;
media.jellyfin.enable = true;
media.servarr = {
radarr = {
enable = true;
port = 2001;
rootFolders = [
"/var/media/movies"
];
};
sonarr = {
enable = true;
# debug = true;
port = 2002;
rootFolders = [
"/var/media/series"
];
};
lidarr = {
enable = true;
debug = true;
port = 2003;
rootFolders = [
"/var/media/music"
];
};
prowlarr = {
enable = true;
# debug = true;
port = 2004;
};
};
observability = {
grafana.enable = true;
prometheus.enable = true;
loki.enable = true;
promtail.enable = true;
# uptime-kuma.enable = true;
};
security.vaultwarden = {
enable = true;
database = {
# type = "sqlite";
# file = "/var/lib/vaultwarden/state.db";
type = "postgresql";
host = "localhost";
port = 5432;
sslMode = "disabled";
};
};
};
editor = {
nano.enable = true;
};
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = false;
efi.canTouchEfiVariables = true;
grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = false;
device = "nodev"; # INFO: https://discourse.nixos.org/t/question-about-grub-and-nodev
};
};
supportedFilesystems = ["nfs"];
};
# sneeuwvlok.application.steam.enable = true;
# networking = {
# interfaces.enp2s0 = {
# ipv6.addresses = [
# {
# address = "2a0d:6e00:1dc9:0::dead:beef";
# prefixLength = 64;
# }
# ];
# useDHCP = true;
# };
# defaultGateway = {
# address = "192.168.1.1";
# interface = "enp2s0";
# };
# defaultGateway6 = {
# address = "fe80::1";
# interface = "enp2s0";
# };
# };
# # virtualisation = {
# # containers.enable = true;
# # podman = {
# # enable = true;
# # dockerCompat = true;
# # };
# # oci-containers = {
# # backend = "podman";
# # containers = {
# # homey = {
# # image = "ghcr.io/athombv/homey-shs:latest";
# # autoStart = true;
# # privileged = true;
# # volumes = [
# # "/home/chris/.homey-shs:/homey/user"
# # ];
# # ports = [
# # "4859:4859"
# # ];
# # };
# # };
# # };
# # };
# # sneeuwvlok = {
# # services = {
# # backup.borg.enable = true;
# # authentication.zitadel = {
# # enable = true;
# # organization = {
# # nix = {
# # user = {
# # chris = {
# # email = "chris@kruining.eu";
# # firstName = "Chris";
# # lastName = "Kruining";
# # roles = ["ORG_OWNER"];
# # instanceRoles = ["IAM_OWNER"];
# # };
# # kaas = {
# # email = "chris+kaas@kruining.eu";
# # firstName = "Kaas";
# # lastName = "Kruining";
# # };
# # };
# # project = {
# # ulmo = {
# # projectRoleCheck = true;
# # projectRoleAssertion = true;
# # hasProjectCheck = true;
# # role = {
# # jellyfin = {
# # group = "jellyfin";
# # };
# # jellyfin_admin = {
# # group = "jellyfin";
# # };
# # };
# # assign = {
# # chris = ["jellyfin" "jellyfin_admin"];
# # kaas = ["jellyfin"];
# # };
# # application = {
# # jellyfin = {
# # redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # forgejo = {
# # redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # vaultwarden = {
# # redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # exportMap = {
# # client_id = "SSO_CLIENT_ID";
# # client_secret = "SSO_CLIENT_SECRET";
# # };
# # };
# # matrix = {
# # redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # mydia = {
# # redirectUris = ["http://localhost:2010/auth/oidc/callback"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # grafana = {
# # redirectUris = ["http://localhost:9001/login/generic_oauth"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # };
# # };
# # convex = {
# # projectRoleCheck = true;
# # projectRoleAssertion = true;
# # hasProjectCheck = true;
# # application = {
# # scry = {
# # redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"];
# # grantTypes = ["authorizationCode"];
# # responseTypes = ["code"];
# # };
# # };
# # };
# # };
# # action = {
# # flattenRoles = {
# # script = ''
# # (ctx, api) => {
# # if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) {
# # return;
# # }
# # const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role));
# # api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles }));
# # };
# # '';
# # };
# # };
# # triggers = [
# # {
# # flowType = "customiseToken";
# # triggerType = "preUserinfoCreation";
# # actions = ["flattenRoles"];
# # }
# # {
# # flowType = "customiseToken";
# # triggerType = "preAccessTokenCreation";
# # actions = ["flattenRoles"];
# # }
# # ];
# # };
# # };
# # };
# # communication.matrix.enable = true;
# # development.forgejo.enable = true;
# # networking.ssh.enable = true;
# # networking.caddy.hosts = {
# # # Expose amarht cloud stuff like this until I have a proper solution
# # "auth.amarth.cloud" = ''
# # reverse_proxy http://192.168.1.223:9092
# # '';
# # "amarth.cloud" = ''
# # reverse_proxy http://192.168.1.223:8080
# # '';
# # };
# # media.enable = true;
# # media.glance.enable = true;
# # media.mydia.enable = true;
# # media.nfs.enable = true;
# # media.jellyfin.enable = true;
# # media.servarr = {
# # radarr = {
# # enable = true;
# # port = 2001;
# # rootFolders = [
# # "/var/media/movies"
# # ];
# # };
# # sonarr = {
# # enable = true;
# # # debug = true;
# # port = 2002;
# # rootFolders = [
# # "/var/media/series"
# # ];
# # };
# # lidarr = {
# # enable = true;
# # debug = true;
# # port = 2003;
# # rootFolders = [
# # "/var/media/music"
# # ];
# # };
# # prowlarr = {
# # enable = true;
# # # debug = true;
# # port = 2004;
# # };
# # };
# # observability = {
# # grafana.enable = true;
# # prometheus.enable = true;
# # loki.enable = true;
# # promtail.enable = true;
# # # uptime-kuma.enable = true;
# # };
# # security.vaultwarden = {
# # enable = true;
# # database = {
# # # type = "sqlite";
# # # file = "/var/lib/vaultwarden/state.db";
# # type = "postgresql";
# # host = "localhost";
# # port = 5432;
# # sslMode = "disabled";
# # };
# # };
# # };
# # editor = {
# # nano.enable = true;
# # };
# # };
} }

4
modules/home/application/bitwarden/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.bitwarden; cfg = config.sneeuwvlok.application.bitwarden;
in in
{ {
options.${namespace}.application.bitwarden = { options.sneeuwvlok.application.bitwarden = {
enable = mkEnableOption "enable bitwarden"; enable = mkEnableOption "enable bitwarden";
}; };

17
modules/home/application/chrome/default.nix
View file

@ -1,11 +1,16 @@
{ inputs, config, lib, pkgs, namespace, ... }: {
let inputs,
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.chrome; cfg = config.sneeuwvlok.application.chrome;
in in {
{ options.sneeuwvlok.application.chrome = {
options.${namespace}.application.chrome = {
enable = mkEnableOption "enable chrome"; enable = mkEnableOption "enable chrome";
}; };

19
modules/home/application/discord/default.nix
View file

@ -1,15 +1,20 @@
{ inputs, config, lib, pkgs, namespace, ... }: {
let inputs,
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.discord; cfg = config.sneeuwvlok.application.discord;
in in {
{ options.sneeuwvlok.application.discord = {
options.${namespace}.application.discord = {
enable = mkEnableOption "enable discord (vesktop)"; enable = mkEnableOption "enable discord (vesktop)";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ vesktop ]; home.packages = with pkgs; [vesktop];
}; };
} }

4
modules/home/application/ladybird/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.ladybird; cfg = config.sneeuwvlok.application.ladybird;
in in
{ {
options.${namespace}.application.ladybird = { options.sneeuwvlok.application.ladybird = {
enable = mkEnableOption "enable ladybird"; enable = mkEnableOption "enable ladybird";
}; };

4
modules/home/application/matrix/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.matrix; cfg = config.sneeuwvlok.application.matrix;
in in
{ {
options.${namespace}.application.matrix = { options.sneeuwvlok.application.matrix = {
enable = mkEnableOption "enable Matrix client (Fractal)"; enable = mkEnableOption "enable Matrix client (Fractal)";
}; };

17
modules/home/application/obs/default.nix
View file

@ -1,11 +1,16 @@
{ config, lib, pkgs, namespace, osConfig ? {}, ... }: {
let config,
lib,
pkgs,
namespace,
osConfig ? {},
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.obs; cfg = config.sneeuwvlok.application.obs;
in in {
{ options.sneeuwvlok.application.obs = {
options.${namespace}.application.obs = {
enable = mkEnableOption "enable obs"; enable = mkEnableOption "enable obs";
}; };

4
modules/home/application/onlyoffice/default.nix
View file

@ -8,9 +8,9 @@
}: let }: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.onlyoffice; cfg = config.sneeuwvlok.application.onlyoffice;
in { in {
options.${namespace}.application.onlyoffice = { options.sneeuwvlok.application.onlyoffice = {
enable = mkEnableOption "enable onlyoffice"; enable = mkEnableOption "enable onlyoffice";
}; };

4
modules/home/application/signal/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.signal; cfg = config.sneeuwvlok.application.signal;
in in
{ {
options.${namespace}.application.signal = { options.sneeuwvlok.application.signal = {
enable = mkEnableOption "enable signal"; enable = mkEnableOption "enable signal";
}; };

19
modules/home/application/steam/default.nix
View file

@ -1,16 +1,21 @@
{ inputs, config, lib, pkgs, namespace, ... }: {
let inputs,
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.steam; cfg = config.sneeuwvlok.application.steam;
in in {
{ options.sneeuwvlok.application.steam = {
options.${namespace}.application.steam = {
enable = mkEnableOption "enable steam"; enable = mkEnableOption "enable steam";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ protonup-ng ]; home.packages = with pkgs; [protonup-ng];
home.sessionVariables = { home.sessionVariables = {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";

4
modules/home/application/studio/default.nix
View file

@ -2,13 +2,13 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.studio; cfg = config.sneeuwvlok.application.studio;
studioPackage = pkgs.callPackage (repoRoot + "/packages/studio/package.nix") { studioPackage = pkgs.callPackage (repoRoot + "/packages/studio/package.nix") {
inherit erosanixLib; inherit erosanixLib;
}; };
in in
{ {
options.${namespace}.application.studio = { options.sneeuwvlok.application.studio = {
enable = mkEnableOption "enable Bricklink Studio"; enable = mkEnableOption "enable Bricklink Studio";
}; };

4
modules/home/application/teamspeak/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.teamspeak; cfg = config.sneeuwvlok.application.teamspeak;
in in
{ {
options.${namespace}.application.teamspeak = { options.sneeuwvlok.application.teamspeak = {
enable = mkEnableOption "enable teamspeak"; enable = mkEnableOption "enable teamspeak";
}; };

4
modules/home/application/thunderbird/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.thunderbird; cfg = config.sneeuwvlok.application.thunderbird;
in in
{ {
options.${namespace}.application.thunderbird = { options.sneeuwvlok.application.thunderbird = {
enable = mkEnableOption "enable thunderbird"; enable = mkEnableOption "enable thunderbird";
}; };

19
modules/home/application/zen/default.nix
View file

@ -1,11 +1,15 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.zen; cfg = config.sneeuwvlok.application.zen;
in in {
{ options.sneeuwvlok.application.zen = {
options.${namespace}.application.zen = {
enable = mkEnableOption "enable zen"; enable = mkEnableOption "enable zen";
}; };
@ -50,8 +54,7 @@ in
install_url = "https://addons.mozilla.org/firefox/downloads/latest/${builtins.toString id}/latest.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/${builtins.toString id}/latest.xpi";
installation_mode = "force_installed"; installation_mode = "force_installed";
}; };
in in {
{
ublock_origin = 4531307; ublock_origin = 4531307;
ghostry = 4562168; ghostry = 4562168;
bitwarden = 4562769; bitwarden = 4562769;

21
modules/home/default.nix
View file

@ -1,9 +1,14 @@
{ pkgs, config, lib, namespace, ... }: {
let pkgs,
config,
lib,
namespace,
...
}: let
inherit (lib) mkOption; inherit (lib) mkOption;
inherit (lib.types) enum; inherit (lib.types) enum;
cfg = config.${namespace}.defaults; cfg = config.sneeuwvlok.defaults;
in { in {
imports = [ imports = [
./application ./application
@ -17,30 +22,30 @@ in {
./themes ./themes
]; ];
options.${namespace}.defaults = { options.sneeuwvlok.defaults = {
editor = mkOption { editor = mkOption {
type = enum [ "nano" "nvim" "zed" ]; type = enum ["nano" "nvim" "zed"];
default = "nano"; default = "nano";
description = "Default editor for text manipulation"; description = "Default editor for text manipulation";
example = "nvim"; example = "nvim";
}; };
shell = mkOption { shell = mkOption {
type = enum [ "fish" "zsh" "bash" ]; type = enum ["fish" "zsh" "bash"];
default = "zsh"; default = "zsh";
description = "Default shell"; description = "Default shell";
example = "zsh"; example = "zsh";
}; };
terminal = mkOption { terminal = mkOption {
type = enum [ "ghostty" "alacritty" ]; type = enum ["ghostty" "alacritty"];
default = "ghostty"; default = "ghostty";
description = "Default terminal"; description = "Default terminal";
example = "ghostty"; example = "ghostty";
}; };
browser = mkOption { browser = mkOption {
type = enum [ "chrome" "ladybird" "zen" ]; type = enum ["chrome" "ladybird" "zen"];
default = "zen"; default = "zen";
description = "Default terminal"; description = "Default terminal";
example = "zen"; example = "zen";

6
modules/home/desktop/plasma/default.nix
View file

@ -2,11 +2,11 @@
let let
inherit (lib) mkIf; inherit (lib) mkIf;
cfg = config.${namespace}.desktop.plasma; cfg = config.sneeuwvlok.desktop.plasma;
osCfg = osConfig.${namespace}.desktop.plasma or { enable = false; }; osCfg = osConfig.sneeuwvlok.desktop.plasma or { enable = false; };
in in
{ {
options.${namespace}.desktop.plasma = { options.sneeuwvlok.desktop.plasma = {
}; };

4
modules/home/development/dotnet/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.development.dotnet; cfg = config.sneeuwvlok.development.dotnet;
in in
{ {
options.${namespace}.development.dotnet = { options.sneeuwvlok.development.dotnet = {
enable = mkEnableOption "Enable dotnet development tools"; enable = mkEnableOption "Enable dotnet development tools";
}; };

4
modules/home/development/javascript/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.development.javascript; cfg = config.sneeuwvlok.development.javascript;
in in
{ {
options.${namespace}.development.javascript = { options.sneeuwvlok.development.javascript = {
enable = mkEnableOption "Enable javascript development tools"; enable = mkEnableOption "Enable javascript development tools";
}; };

20
modules/home/development/rust/default.nix
View file

@ -1,15 +1,19 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.development.rust; cfg = config.sneeuwvlok.development.rust;
in in {
{ options.sneeuwvlok.development.rust = {
options.${namespace}.development.rust = {
enable = mkEnableOption "Enable rust development tools"; enable = mkEnableOption "Enable rust development tools";
}; };
config = mkIf cfg.enable { config =
mkIf cfg.enable {
}; };
} }

19
modules/home/editor/nano/default.nix
View file

@ -1,16 +1,21 @@
{ config, options, lib, pkgs, namespace, ... }: {
let config,
options,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.editor.nano; cfg = config.sneeuwvlok.editor.nano;
in in {
{ options.sneeuwvlok.editor.nano = {
options.${namespace}.editor.nano = {
enable = mkEnableOption "nano"; enable = mkEnableOption "nano";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ nano ]; home.packages = with pkgs; [nano];
# programs.nano = { # programs.nano = {
# enable = true; # enable = true;

17
modules/home/editor/nvim/default.nix
View file

@ -1,15 +1,20 @@
{ inputs, config, lib, pkgs, namespace, ... }: {
let inputs,
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.editor.nvim; cfg = config.sneeuwvlok.editor.nvim;
in in {
{
# imports = [ # imports = [
# inputs.nvf.nixosModules.default # inputs.nvf.nixosModules.default
# ]; # ];
options.${namespace}.editor.nvim = { options.sneeuwvlok.editor.nvim = {
enable = mkEnableOption "enable nvim via nvf on user level"; enable = mkEnableOption "enable nvim via nvf on user level";
}; };

4
modules/home/editor/zed/default.nix
View file

@ -1,9 +1,9 @@
{ config, lib, pkgs, namespace, ... }: let { config, lib, pkgs, namespace, ... }: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.editor.zed; cfg = config.sneeuwvlok.editor.zed;
in { in {
options.${namespace}.editor.zed = { options.sneeuwvlok.editor.zed = {
enable = mkEnableOption "zed"; enable = mkEnableOption "zed";
}; };

19
modules/home/game/minecraft/default.nix
View file

@ -1,15 +1,20 @@
{ inputs, config, lib, pkgs, namespace, ... }: {
let inputs,
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.game.minecraft; cfg = config.sneeuwvlok.game.minecraft;
in in {
{ options.sneeuwvlok.game.minecraft = {
options.${namespace}.game.minecraft = {
enable = mkEnableOption "enable minecraft"; enable = mkEnableOption "enable minecraft";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ prismlauncher ]; home.packages = with pkgs; [prismlauncher];
}; };
} }

6
modules/home/shell/default.nix
View file

@ -2,7 +2,7 @@
let let
inherit (lib) mkIf mkMerge mkEnableOption mkDefault; inherit (lib) mkIf mkMerge mkEnableOption mkDefault;
cfg = config.${namespace}.shell; cfg = config.sneeuwvlok.shell;
in in
{ {
imports = [ imports = [
@ -10,13 +10,13 @@ in
./zsh ./zsh
]; ];
options.${namespace}.shell = { options.sneeuwvlok.shell = {
corePkgs.enable = mkEnableOption "core shell packages"; corePkgs.enable = mkEnableOption "core shell packages";
}; };
config = mkMerge [ config = mkMerge [
(mkIf (cfg.corePkgs.enable) { (mkIf (cfg.corePkgs.enable) {
${namespace}.shell.toolset = mkDefault { sneeuwvlok.shell.toolset = mkDefault {
bat.enable = true; bat.enable = true;
btop.enable = true; btop.enable = true;
eza.enable = true; eza.enable = true;

18
modules/home/shell/toolset/bat/default.nix
View file

@ -1,16 +1,20 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.toolset.bat; cfg = config.sneeuwvlok.shell.toolset.bat;
in in {
{ options.sneeuwvlok.shell.toolset.bat = {
options.${namespace}.shell.toolset.bat = {
enable = mkEnableOption "cat replacement"; enable = mkEnableOption "cat replacement";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ bat ]; home.packages = with pkgs; [bat];
programs.bat = { programs.bat = {
enable = true; enable = true;

18
modules/home/shell/toolset/btop/default.nix
View file

@ -1,17 +1,21 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
inherit (lib.strings) concatStringsSep; inherit (lib.strings) concatStringsSep;
cfg = config.${namespace}.shell.toolset.btop; cfg = config.sneeuwvlok.shell.toolset.btop;
in in {
{ options.sneeuwvlok.shell.toolset.btop = {
options.${namespace}.shell.toolset.btop = {
enable = mkEnableOption "system-monitor"; enable = mkEnableOption "system-monitor";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ btop ]; home.packages = with pkgs; [btop];
programs.btop = { programs.btop = {
enable = true; enable = true;

18
modules/home/shell/toolset/eza/default.nix
View file

@ -1,16 +1,20 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.toolset.eza; cfg = config.sneeuwvlok.shell.toolset.eza;
in in {
{ options.sneeuwvlok.shell.toolset.eza = {
options.${namespace}.shell.toolset.eza = {
enable = mkEnableOption "system-monitor"; enable = mkEnableOption "system-monitor";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ eza ]; home.packages = with pkgs; [eza];
programs.eza = { programs.eza = {
enable = true; enable = true;

18
modules/home/shell/toolset/fzf/default.nix
View file

@ -1,16 +1,20 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.toolset.fzf; cfg = config.sneeuwvlok.shell.toolset.fzf;
in in {
{ options.sneeuwvlok.shell.toolset.fzf = {
options.${namespace}.shell.toolset.fzf = {
enable = mkEnableOption "TUI Fuzzy Finder."; enable = mkEnableOption "TUI Fuzzy Finder.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ fzf ]; home.packages = with pkgs; [fzf];
programs.fzf = { programs.fzf = {
enable = true; enable = true;

4
modules/home/shell/toolset/git/default.nix
View file

@ -7,9 +7,9 @@
}: let }: let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.shell.toolset.git; cfg = config.sneeuwvlok.shell.toolset.git;
in { in {
options.${namespace}.shell.toolset.git = { options.sneeuwvlok.shell.toolset.git = {
enable = mkEnableOption "version-control system"; enable = mkEnableOption "version-control system";
}; };

16
modules/home/shell/toolset/gnugpg/default.nix
View file

@ -1,11 +1,15 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.toolset.gnupg; cfg = config.sneeuwvlok.shell.toolset.gnupg;
in in {
{ options.sneeuwvlok.shell.toolset.gnupg = {
options.${namespace}.shell.toolset.gnupg = {
enable = mkEnableOption "cryptographic suite"; enable = mkEnableOption "cryptographic suite";
}; };

18
modules/home/shell/toolset/just/default.nix
View file

@ -1,15 +1,19 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.shell.toolset.just; cfg = config.sneeuwvlok.shell.toolset.just;
in in {
{ options.sneeuwvlok.shell.toolset.just = {
options.${namespace}.shell.toolset.just = {
enable = mkEnableOption "version-control system"; enable = mkEnableOption "version-control system";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ just gum ]; home.packages = with pkgs; [just gum];
}; };
} }

4
modules/home/shell/toolset/starship/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.toolset.starship; cfg = config.sneeuwvlok.shell.toolset.starship;
in in
{ {
options.${namespace}.shell.toolset.starship = { options.sneeuwvlok.shell.toolset.starship = {
enable = mkEnableOption "fancy pansy shell prompt"; enable = mkEnableOption "fancy pansy shell prompt";
}; };

4
modules/home/shell/toolset/tmux/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.toolset.tmux; cfg = config.sneeuwvlok.shell.toolset.tmux;
in in
{ {
options.${namespace}.shell.toolset.tmux = { options.sneeuwvlok.shell.toolset.tmux = {
enable = mkEnableOption "terminal multiplexer"; enable = mkEnableOption "terminal multiplexer";
}; };

18
modules/home/shell/toolset/yazi/default.nix
View file

@ -1,16 +1,20 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.toolset.yazi; cfg = config.sneeuwvlok.shell.toolset.yazi;
in in {
{ options.sneeuwvlok.shell.toolset.yazi = {
options.${namespace}.shell.toolset.yazi = {
enable = mkEnableOption "cli file browser"; enable = mkEnableOption "cli file browser";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ yazi ]; home.packages = with pkgs; [yazi];
programs.yazi = { programs.yazi = {
enable = true; enable = true;

4
modules/home/shell/toolset/zellij/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.toolset.zellij; cfg = config.sneeuwvlok.shell.toolset.zellij;
in in
{ {
options.${namespace}.shell.toolset.zellij = { options.sneeuwvlok.shell.toolset.zellij = {
enable = mkEnableOption "terminal multiplexer"; enable = mkEnableOption "terminal multiplexer";
}; };

18
modules/home/shell/toolset/zoxide/default.nix
View file

@ -1,16 +1,20 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.toolset.zoxide; cfg = config.sneeuwvlok.shell.toolset.zoxide;
in in {
{ options.sneeuwvlok.shell.toolset.zoxide = {
options.${namespace}.shell.toolset.zoxide = {
enable = mkEnableOption "cd replacement"; enable = mkEnableOption "cd replacement";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ zoxide ]; home.packages = with pkgs; [zoxide];
programs.zoxide = { programs.zoxide = {
enable = true; enable = true;

6
modules/home/shell/zsh/default.nix
View file

@ -2,15 +2,15 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.zsh; cfg = config.sneeuwvlok.shell.zsh;
in in
{ {
options.${namespace}.shell.zsh = { options.sneeuwvlok.shell.zsh = {
enable = mkEnableOption "enable ZSH"; enable = mkEnableOption "enable ZSH";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# ${namespace}.shell = { # sneeuwvlok.shell = {
# zsh.enable = true; # zsh.enable = true;
# }; # };

15
modules/home/terminal/alacritty/default.nix
View file

@ -1,11 +1,14 @@
{ config, lib, namespace, ... }: {
let config,
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.terminal.alacritty; cfg = config.sneeuwvlok.terminal.alacritty;
in in {
{ options.sneeuwvlok.terminal.alacritty = {
options.${namespace}.terminal.alacritty = {
enable = mkEnableOption "enable alacritty"; enable = mkEnableOption "enable alacritty";
}; };

19
modules/home/terminal/ghostty/default.nix
View file

@ -1,11 +1,14 @@
{ config, lib, namespace, ... }: {
let config,
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.terminal.ghostty; cfg = config.sneeuwvlok.terminal.ghostty;
in in {
{ options.sneeuwvlok.terminal.ghostty = {
options.${namespace}.terminal.ghostty = {
enable = mkEnableOption "enable ghostty"; enable = mkEnableOption "enable ghostty";
}; };
@ -13,10 +16,10 @@ in
programs.ghostty = { programs.ghostty = {
enable = true; enable = true;
settings = { settings = {
command = config.${namespace}.defaults.shell; command = config.sneeuwvlok.defaults.shell;
background-blur-radius = 20; background-blur-radius = 20;
theme = "dark:stylix,light:stylix"; theme = "dark:stylix,light:stylix";
window-theme = (config.${namespace}.themes.polarity or "dark"); window-theme = config.sneeuwvlok.themes.polarity or "dark";
background-opacity = 0.8; background-opacity = 0.8;
minimum-contrast = 1.1; minimum-contrast = 1.1;
}; };

22
modules/home/themes/default.nix
View file

@ -1,24 +1,30 @@
{ config, lib, pkgs, namespace, osConfig ? {}, ... }: {
let config,
lib,
pkgs,
namespace,
osConfig ? {},
...
}: let
inherit (lib) mkIf mkDefault; inherit (lib) mkIf mkDefault;
inherit (lib.options) mkOption mkEnableOption; inherit (lib.options) mkOption mkEnableOption;
inherit (lib.types) nullOr enum; inherit (lib.types) nullOr enum;
cfg = config.${namespace}.themes; cfg = config.sneeuwvlok.themes;
osCfg = osConfig.${namespace}.theming; osCfg = osConfig.sneeuwvlok.theming;
in { in {
options.${namespace}.themes = { options.sneeuwvlok.themes = {
enable = mkEnableOption "Theming (Stylix)"; enable = mkEnableOption "Theming (Stylix)";
theme = mkOption { theme = mkOption {
type = nullOr (enum [ "everforest" "catppuccin-latte" "chalk" ]); type = nullOr (enum ["everforest" "catppuccin-latte" "chalk"]);
default = "everforest"; default = "everforest";
description = "The theme to set the system to"; description = "The theme to set the system to";
example = "everforest"; example = "everforest";
}; };
polarity = mkOption { polarity = mkOption {
type = nullOr (enum [ "dark" "light" ]); type = nullOr (enum ["dark" "light"]);
default = "dark"; default = "dark";
description = "determine if system is in dark or light mode"; description = "determine if system is in dark or light mode";
}; };
@ -33,7 +39,7 @@ in {
polarity = cfg.polarity; polarity = cfg.polarity;
targets.qt.platform = mkDefault "kde"; targets.qt.platform = mkDefault "kde";
targets.zen-browser.profileNames = [ "Chris" ]; targets.zen-browser.profileNames = ["Chris"];
fonts = { fonts = {
serif = { serif = {

5
modules/nixos/application/default.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./steam
];
}

29
modules/nixos/application/steam.nix Normal file
View file

@ -0,0 +1,29 @@
{
lib,
pkgs,
config,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.application.steam;
in {
options.sneeuwvlok.application.steam = {
enable = mkEnableOption "enable steam";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [steam];
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
extraCompatPackages = with pkgs; [
proton-ge-bin
];
};
};
};
}

64
modules/nixos/application/steam/default.nix
View file

@ -1,64 +0,0 @@
{
inputs,
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.steam;
in {
options.${namespace}.application.steam = {
enable = mkEnableOption "enable steam";
};
config = mkIf cfg.enable {
# environment.systemPackages = with pkgs; [ steam ];
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
extraCompatPackages = with pkgs; [
proton-ge-bin
];
# package = pkgs.steam.override {
# extraEnv = {
# DXVK_HUD = "compiler";
# MANGOHUD = true;
# };
# };
# gamescopeSession = {
# enable = true;
# args = ["--immediate-flips"];
# };
};
# https://github.com/FeralInteractive/gamemode
# gamemode = {
# enable = true;
# enableRenice = true;
# settings = {};
# };
# gamescope = {
# enable = true;
# capSysNice = true;
# env = {
# DXVK_HDR = "1";
# ENABLE_GAMESCOPE_WSI = "1";
# WINE_FULLSCREEN_FSR = "1";
# WLR_RENDERER = "vulkan";
# };
# args = ["--hdr-enabled"];
# };
};
};
}

26
modules/nixos/boot/default.nix
View file

@ -1,14 +1,18 @@
{ lib, namespace, config, pkgs, ... }: {
let lib,
namespace,
config,
pkgs,
...
}: let
inherit (lib) mkIf mkMerge mkDefault mkOption; inherit (lib) mkIf mkMerge mkDefault mkOption;
inherit (lib.types) enum bool; inherit (lib.types) enum bool;
cfg = config.${namespace}.boot; cfg = config.sneeuwvlok.boot;
in in {
{ options.sneeuwvlok.boot = {
options.${namespace}.boot = {
type = mkOption { type = mkOption {
type = enum [ "bios" "uefi" ]; type = enum ["bios" "uefi"];
default = "uefi"; default = "uefi";
}; };
@ -24,7 +28,7 @@ in
}; };
config = mkMerge [ config = mkMerge [
({ {
boot = { boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
@ -39,9 +43,9 @@ in
}; };
}; };
supportedFilesystems = [ "nfs" ]; supportedFilesystems = ["nfs"];
}; };
}) }
(mkIf (cfg.type == "bios") { (mkIf (cfg.type == "bios") {
boot.loader.grub.efiSupport = false; boot.loader.grub.efiSupport = false;
@ -87,7 +91,7 @@ in
theme = mkDefault "pixels"; theme = mkDefault "pixels";
themePackages = with pkgs; [ themePackages = with pkgs; [
(adi1090x-plymouth-themes.override { (adi1090x-plymouth-themes.override {
selected_themes = [ "pixels" ]; selected_themes = ["pixels"];
}) })
]; ];
}; };

19
modules/nixos/default.nix
View file

@ -1,14 +1,15 @@
{ {
imports = [ imports = [
./application ./application/steam.nix
./boot ./boot/default.nix
./desktop ./editor/nano/default.nix
./editor ./editor/nvim/default.nix
./hardware ./hardware/audio/default.nix
./home-manager ./home-manager/default.nix
./nix
./services ./services
./shells ./system/networking
./system ./system/security/boot
./system/security/sops
./system/security/sudo
]; ];
} }

6
modules/nixos/desktop/cosmic/default.nix
View file

@ -7,13 +7,13 @@
}: let }: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.cosmic; cfg = config.sneeuwvlok.desktop.cosmic;
in { in {
options.${namespace}.desktop.cosmic = { options.sneeuwvlok.desktop.cosmic = {
enable = enable =
mkEnableOption "Enable Cosmic desktop" mkEnableOption "Enable Cosmic desktop"
// { // {
default = config.${namespace}.desktop.use == "cosmic"; default = config.sneeuwvlok.desktop.use == "cosmic";
}; };
}; };

6
modules/nixos/desktop/default.nix
View file

@ -7,7 +7,7 @@
inherit (lib) mkIf mkOption mkEnableOption mkMerge; inherit (lib) mkIf mkOption mkEnableOption mkMerge;
inherit (lib.types) nullOr enum; inherit (lib.types) nullOr enum;
cfg = config.${namespace}.desktop; cfg = config.sneeuwvlok.desktop;
in { in {
imports = [ imports = [
./cosmic ./cosmic
@ -16,7 +16,7 @@ in {
./plasma ./plasma
]; ];
options.${namespace}.desktop = { options.sneeuwvlok.desktop = {
use = mkOption { use = mkOption {
type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]); type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]);
default = null; default = null;
@ -33,7 +33,7 @@ in {
} }
# (mkIf (cfg.use != null) { # (mkIf (cfg.use != null) {
# ${namespace}.desktop.${cfg.use}.enable = true; # sneeuwvlok.desktop.${cfg.use}.enable = true;
# }) # })
]; ];
} }

23
modules/nixos/desktop/gamescope/default.nix
View file

@ -1,18 +1,23 @@
{ lib, config, namespace, ... }: {
let lib,
config,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkForce; inherit (lib) mkIf mkEnableOption mkForce;
cfg = config.${namespace}.desktop.gamescope; cfg = config.sneeuwvlok.desktop.gamescope;
in in {
{ options.sneeuwvlok.desktop.gamescope = {
options.${namespace}.desktop.gamescope = { enable =
enable = mkEnableOption "Enable Steamdeck ui" // { mkEnableOption "Enable Steamdeck ui"
default = (config.${namespace}.desktop.use == "gamescope"); // {
default = config.sneeuwvlok.desktop.use == "gamescope";
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
${namespace}.desktop.plasma.enable = true; sneeuwvlok.desktop.plasma.enable = true;
services.displayManager.sddm.enable = mkForce false; services.displayManager.sddm.enable = mkForce false;
services.displayManager.gdm.enable = mkForce false; services.displayManager.gdm.enable = mkForce false;

24
modules/nixos/desktop/gnome/default.nix
View file

@ -1,16 +1,22 @@
{ lib, config, namespace, ... }: {
let lib,
config,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.gnome; cfg = config.sneeuwvlok.desktop.gnome;
in in {
{ options.sneeuwvlok.desktop.gnome = {
options.${namespace}.desktop.gnome = { enable =
enable = mkEnableOption "Enable Gnome" // { mkEnableOption "Enable Gnome"
default = (config.${namespace}.desktop.use == "gnome"); // {
default = config.sneeuwvlok.desktop.use == "gnome";
}; };
}; };
config = mkIf cfg.enable { config =
mkIf cfg.enable {
}; };
} }

22
modules/nixos/desktop/plasma/default.nix
View file

@ -1,13 +1,19 @@
{ pkgs, lib, config, namespace, ... }: {
let pkgs,
lib,
config,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.plasma; cfg = config.sneeuwvlok.desktop.plasma;
in in {
{ options.sneeuwvlok.desktop.plasma = {
options.${namespace}.desktop.plasma = { enable =
enable = mkEnableOption "Enable KDE Plasma" // { mkEnableOption "Enable KDE Plasma"
default = (config.${namespace}.desktop.use == "plasma"); // {
default = config.sneeuwvlok.desktop.use == "plasma";
}; };
}; };

4
modules/nixos/editor/nano/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.editor.nano; cfg = config.sneeuwvlok.editor.nano;
in in
{ {
options.${namespace}.editor.nano = { options.sneeuwvlok.editor.nano = {
enable = mkEnableOption "nano"; enable = mkEnableOption "nano";
}; };

4
modules/nixos/editor/nvim/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.editor.nvim; cfg = config.sneeuwvlok.editor.nvim;
in in
{ {
options.${namespace}.editor.nvim = { options.sneeuwvlok.editor.nvim = {
enable = mkEnableOption "enable nvim via nvf on system level"; enable = mkEnableOption "enable nvim via nvf on system level";
}; };

4
modules/nixos/hardware/audio/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.has.audio; cfg = config.sneeuwvlok.hardware.has.audio;
in in
{ {
options.${namespace}.hardware.has.audio = mkEnableOption "Enable bluetooth"; options.sneeuwvlok.hardware.has.audio = mkEnableOption "Enable bluetooth";
config = mkIf cfg { config = mkIf cfg {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

4
modules/nixos/hardware/bluetooth/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.has.bluetooth; cfg = config.sneeuwvlok.hardware.has.bluetooth;
in in
{ {
options.${namespace}.hardware.has.bluetooth = mkEnableOption "Enable bluetooth"; options.sneeuwvlok.hardware.has.bluetooth = mkEnableOption "Enable bluetooth";
config = mkIf cfg { config = mkIf cfg {
hardware.bluetooth = { hardware.bluetooth = {

18
modules/nixos/hardware/gpu/amd/default.nix
View file

@ -1,14 +1,18 @@
{ pkgs, lib, namespace, config, ... }: {
let pkgs,
lib,
namespace,
config,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.has.gpu; cfg = config.sneeuwvlok.hardware.has.gpu;
in in {
{ options.sneeuwvlok.hardware.has.gpu.amd = mkEnableOption "Enable AMD gpu configuration";
options.${namespace}.hardware.has.gpu.amd = mkEnableOption "Enable AMD gpu configuration";
config = mkIf cfg.amd { config = mkIf cfg.amd {
services.xserver.videoDrivers = [ "amd" ]; services.xserver.videoDrivers = ["amd"];
hardware = { hardware = {
graphics = { graphics = {

4
modules/nixos/hardware/gpu/nvidia.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.has.gpu.nvidia; cfg = config.sneeuwvlok.hardware.has.gpu.nvidia;
in in
{ {
options.${namespace}.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration";
config = mkIf cfg { config = mkIf cfg {
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];

18
modules/nixos/hardware/gpu/nvidia/default.nix
View file

@ -1,14 +1,18 @@
{ pkgs, lib, namespace, config, ... }: {
let pkgs,
lib,
namespace,
config,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.has.gpu; cfg = config.sneeuwvlok.hardware.has.gpu;
in in {
{ options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration";
options.${namespace}.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration";
config = mkIf cfg.nvidia { config = mkIf cfg.nvidia {
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = ["nvidia"];
hardware = { hardware = {
graphics = { graphics = {

16
modules/nixos/hardware/keyboard/voyager.nix
View file

@ -1,11 +1,15 @@
{ lib, config, pkgs, namespace, ... }: {
let lib,
config,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.keyboard.voyager; cfg = config.sneeuwvlok.hardware.keyboard.voyager;
in in {
{ options.sneeuwvlok.hardware.keyboard.voyager = {
options.${namespace}.hardware.keyboard.voyager = {
enble = mkEnableOption "Enable tools for ZSA Voyager"; enble = mkEnableOption "Enable tools for ZSA Voyager";
}; };

20
modules/nixos/nix/default.nix
View file

@ -1,9 +1,13 @@
{ pkgs, lib, namespace, config, ... }:
let
cfg = config.${namespace}.nix;
in
{ {
options.${namespace}.nix = {}; pkgs,
lib,
namespace,
config,
...
}: let
cfg = config.sneeuwvlok.nix;
in {
options.sneeuwvlok.nix = {};
config = { config = {
programs.git.enable = true; programs.git.enable = true;
@ -14,9 +18,9 @@ in
extraOptions = "experimental-features = nix-command flakes pipe-operators"; extraOptions = "experimental-features = nix-command flakes pipe-operators";
settings = { settings = {
experimental-features = [ "nix-command" "flakes" "pipe-operators" ]; experimental-features = ["nix-command" "flakes" "pipe-operators"];
allowed-users = [ "@wheel" ]; allowed-users = ["@wheel"];
trusted-users = [ "@wheel" ]; trusted-users = ["@wheel"];
auto-optimise-store = true; auto-optimise-store = true;
connect-timeout = 5; connect-timeout = 5;

6
modules/nixos/services/authentication/authelia/default.nix
View file

@ -8,14 +8,14 @@
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
user = "authelia-testing"; user = "authelia-testing";
cfg = config.${namespace}.services.authentication.authelia; cfg = config.sneeuwvlok.services.authentication.authelia;
in { in {
options.${namespace}.services.authentication.authelia = { options.sneeuwvlok.services.authentication.authelia = {
enable = mkEnableOption "Authelia"; enable = mkEnableOption "Authelia";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
${namespace}.services.networking.caddy = { sneeuwvlok.services.networking.caddy = {
hosts = { hosts = {
"auth.kruining.eu".extraConfig = '' "auth.kruining.eu".extraConfig = ''
reverse_proxy http://127.0.0.1:9091 reverse_proxy http://127.0.0.1:9091

4
modules/nixos/services/authentication/himmelblau/default.nix
View file

@ -6,9 +6,9 @@
}: let }: let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.services.authentication.himmelblau; cfg = config.sneeuwvlok.services.authentication.himmelblau;
in { in {
options.${namespace}.services.authentication.himmelblau = { options.sneeuwvlok.services.authentication.himmelblau = {
enable = mkEnableOption "enable azure entra ID authentication"; enable = mkEnableOption "enable azure entra ID authentication";
}; };

6
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -3,12 +3,12 @@ let
inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames;
inherit (sneeuwvlokLib.strings) toSnakeCase; inherit (sneeuwvlokLib.strings) toSnakeCase;
cfg = config.${namespace}.services.authentication.zitadel; cfg = config.sneeuwvlok.services.authentication.zitadel;
database = "zitadel"; database = "zitadel";
in in
{ {
options.${namespace}.services.authentication.zitadel = { options.sneeuwvlok.services.authentication.zitadel = {
enable = mkEnableOption "Zitadel"; enable = mkEnableOption "Zitadel";
organization = mkOption { organization = mkOption {
@ -537,7 +537,7 @@ in
}; };
in in
mkIf cfg.enable { mkIf cfg.enable {
${namespace}.services = { sneeuwvlok.services = {
persistance.postgresql.enable = true; persistance.postgresql.enable = true;
networking.caddy = { networking.caddy = {

4
modules/nixos/services/backup/borg/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.backup.borg; cfg = config.sneeuwvlok.services.backup.borg;
in in
{ {
options.${namespace}.services.backup.borg = { options.sneeuwvlok.services.backup.borg = {
enable = mkEnableOption "Borg Backup"; enable = mkEnableOption "Borg Backup";
}; };

6
modules/nixos/services/communication/matrix/default.nix
View file

@ -8,7 +8,7 @@
inherit (builtins) toString toJSON; inherit (builtins) toString toJSON;
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.communication.matrix; cfg = config.sneeuwvlok.services.communication.matrix;
domain = "kruining.eu"; domain = "kruining.eu";
fqn = "matrix.${domain}"; fqn = "matrix.${domain}";
@ -17,12 +17,12 @@
database = "synapse"; database = "synapse";
keyFile = "/var/lib/element-call/key"; keyFile = "/var/lib/element-call/key";
in { in {
options.${namespace}.services.communication.matrix = { options.sneeuwvlok.services.communication.matrix = {
enable = mkEnableOption "Matrix server (Synapse)"; enable = mkEnableOption "Matrix server (Synapse)";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
${namespace}.services = { sneeuwvlok.services = {
persistance.postgresql.enable = true; persistance.postgresql.enable = true;
# virtualisation.podman.enable = true; # virtualisation.podman.enable = true;

6
modules/nixos/services/development/forgejo/default.nix
View file

@ -8,10 +8,10 @@
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption; inherit (lib) mkIf mkEnableOption mkOption;
cfg = config.${namespace}.services.development.forgejo; cfg = config.sneeuwvlok.services.development.forgejo;
domain = "git.amarth.cloud"; domain = "git.amarth.cloud";
in { in {
options.${namespace}.services.development.forgejo = { options.sneeuwvlok.services.development.forgejo = {
enable = mkEnableOption "Forgejo"; enable = mkEnableOption "Forgejo";
port = mkOption { port = mkOption {
@ -25,7 +25,7 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
${namespace}.services = { sneeuwvlok.services = {
persistance.postgresql.enable = true; persistance.postgresql.enable = true;
virtualisation.podman.enable = true; virtualisation.podman.enable = true;

4
modules/nixos/services/games/minecraft/default.nix
View file

@ -8,9 +8,9 @@
inherit (lib) mkIf mkEnableOption mkOption; inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str; inherit (lib.types) str;
cfg = config.${namespace}.services.games.minecraft; cfg = config.sneeuwvlok.services.games.minecraft;
in { in {
options.${namespace}.services.games.minecraft = { options.sneeuwvlok.services.games.minecraft = {
enable = mkEnableOption "Minecraft"; enable = mkEnableOption "Minecraft";
user = mkOption { user = mkOption {

18
modules/nixos/services/games/openrct.nix
View file

@ -1,11 +1,15 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.games.openrct; cfg = config.sneeuwvlok.services.games.openrct;
in in {
{ options.sneeuwvlok.services.games.openrct = {
options.${namespace}.services.games.openrct = {
enable = mkEnableOption "OpenRCT2"; enable = mkEnableOption "OpenRCT2";
}; };
@ -16,7 +20,7 @@ in
systemd.services.openrct = { systemd.services.openrct = {
enable = true; enable = true;
after = [ "network.target"]; after = ["network.target"];
description = "OpenRCT2 Server"; description = "OpenRCT2 Server";
serviceConfig = { serviceConfig = {
Type = ""; Type = "";

4
modules/nixos/services/games/palworld/default.nix
View file

@ -6,9 +6,9 @@
}: let }: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.games.palworld; cfg = config.sneeuwvlok.services.games.palworld;
in { in {
options.${namespace}.services.games.palworld = { options.sneeuwvlok.services.games.palworld = {
enable = mkEnableOption "Palworld"; enable = mkEnableOption "Palworld";
}; };

4
modules/nixos/services/media/default.nix
View file

@ -8,7 +8,7 @@
inherit (lib) mkIf mkEnableOption mkOption; inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str; inherit (lib.types) str;
cfg = config.${namespace}.services.media; cfg = config.sneeuwvlok.services.media;
in { in {
imports = [ imports = [
./glance ./glance
@ -19,7 +19,7 @@ in {
./servarr ./servarr
]; ];
options.${namespace}.services.media = { options.sneeuwvlok.services.media = {
enable = mkEnableOption "Enable media services"; enable = mkEnableOption "Enable media services";
user = mkOption { user = mkOption {

6
modules/nixos/services/media/glance/default.nix
View file

@ -6,14 +6,14 @@
}: let }: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.glance; cfg = config.sneeuwvlok.services.media.glance;
in { in {
options.${namespace}.services.media.glance = { options.sneeuwvlok.services.media.glance = {
enable = mkEnableOption "Enable Glance"; enable = mkEnableOption "Enable Glance";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
${namespace}.services.networking.caddy.hosts = { sneeuwvlok.services.networking.caddy.hosts = {
"https://${config.networking.hostName}:443" = '' "https://${config.networking.hostName}:443" = ''
reverse_proxy http://[::1]:2000 reverse_proxy http://[::1]:2000
''; '';

6
modules/nixos/services/media/jellyfin/default.nix
View file

@ -9,14 +9,14 @@
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types; inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.jellyfin; cfg = config.sneeuwvlok.services.media.jellyfin;
in { in {
options.${namespace}.services.media.jellyfin = { options.sneeuwvlok.services.media.jellyfin = {
enable = mkEnableOption "Enable jellyfin server"; enable = mkEnableOption "Enable jellyfin server";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
${namespace}.services.networking.caddy = { sneeuwvlok.services.networking.caddy = {
hosts = { hosts = {
"jellyfin.kruining.eu" = '' "jellyfin.kruining.eu" = ''
reverse_proxy http://[::1]:8096 reverse_proxy http://[::1]:8096

4
modules/nixos/services/media/mydia/default.nix
View file

@ -6,9 +6,9 @@
}: let }: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.mydia; cfg = config.sneeuwvlok.services.media.mydia;
in { in {
options.${namespace}.services.media.mydia = { options.sneeuwvlok.services.media.mydia = {
enable = mkEnableOption "Enable Mydia"; enable = mkEnableOption "Enable Mydia";
}; };

6
modules/nixos/services/media/nextcloud/default.nix
View file

@ -8,9 +8,9 @@
inherit (lib) mkIf mkEnableOption mkOption; inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str; inherit (lib.types) str;
cfg = config.${namespace}.services.media.nextcloud; cfg = config.sneeuwvlok.services.media.nextcloud;
in { in {
options.${namespace}.services.media.nextcloud = { options.sneeuwvlok.services.media.nextcloud = {
enable = mkEnableOption "Nextcloud"; enable = mkEnableOption "Nextcloud";
user = mkOption { user = mkOption {
@ -25,7 +25,7 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
${namespace}.services.networking.caddy = { sneeuwvlok.services.networking.caddy = {
hosts."cloud.kruining.eu" = '' hosts."cloud.kruining.eu" = ''
php_fastcgi unix//run/phpfpm/nextcloud.sock { php_fastcgi unix//run/phpfpm/nextcloud.sock {
env front_controller_active true env front_controller_active true

4
modules/nixos/services/media/nfs/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.nfs; cfg = config.sneeuwvlok.services.media.nfs;
in in
{ {
options.${namespace}.services.media.nfs = { options.sneeuwvlok.services.media.nfs = {
enable = mkEnableOption "Enable NFS"; enable = mkEnableOption "Enable NFS";
}; };

4
modules/nixos/services/media/servarr/default.nix
View file

@ -9,11 +9,11 @@
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types; inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.servarr; cfg = config.sneeuwvlok.services.media.servarr;
servarr = import ./lib.nix {inherit lib;}; servarr = import ./lib.nix {inherit lib;};
anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0); anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0);
in { in {
options.${namespace}.services.media = { options.sneeuwvlok.services.media = {
servarr = mkOption { servarr = mkOption {
type = types.attrsOf (types.submodule ({name, ...}: { type = types.attrsOf (types.submodule ({name, ...}: {
options = { options = {

4
modules/nixos/services/networking/caddy/default.nix
View file

@ -8,14 +8,14 @@
inherit (builtins) length; inherit (builtins) length;
inherit (lib) mkIf mkEnableOption mkOption types attrNames mapAttrs; inherit (lib) mkIf mkEnableOption mkOption types attrNames mapAttrs;
cfg = config.${namespace}.services.networking.caddy; cfg = config.sneeuwvlok.services.networking.caddy;
hasHosts = (cfg.hosts |> attrNames |> length) > 0; hasHosts = (cfg.hosts |> attrNames |> length) > 0;
caddyPackage = pkgs.caddy.withPlugins { caddyPackage = pkgs.caddy.withPlugins {
plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs="; hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs=";
}; };
in { in {
options.${namespace}.services.networking.caddy = { options.sneeuwvlok.services.networking.caddy = {
enable = mkEnableOption "enable caddy" // {default = true;}; enable = mkEnableOption "enable caddy" // {default = true;};
hosts = mkOption { hosts = mkOption {

19
modules/nixos/services/networking/ssh/default.nix
View file

@ -1,12 +1,15 @@
{ config, lib, namespace, ... }: {
let config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf; inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption; inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.networking.ssh; cfg = config.sneeuwvlok.services.networking.ssh;
in in {
{ options.sneeuwvlok.services.networking.ssh = {
options.${namespace}.services.networking.ssh = {
enable = mkEnableOption "enable ssh"; enable = mkEnableOption "enable ssh";
}; };
@ -14,10 +17,10 @@ in
services.openssh = { services.openssh = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
ports = [ 22 ]; ports = [22];
settings = { settings = {
PasswordAuthentication = true; PasswordAuthentication = true;
AllowUsers = [ "chris" "root" ]; AllowUsers = ["chris" "root"];
UseDns = true; UseDns = true;
UsePAM = true; UsePAM = true;
PermitRootLogin = "prohibit-password"; PermitRootLogin = "prohibit-password";

4
modules/nixos/services/networking/wireguard/default.nix
View file

@ -8,10 +8,10 @@
inherit (builtins) length; inherit (builtins) length;
inherit (lib) mkIf mkEnableOption mkOption types attrNames attrsToList listToAttrs; inherit (lib) mkIf mkEnableOption mkOption types attrNames attrsToList listToAttrs;
cfg = config.${namespace}.services.networking.wireguard; cfg = config.sneeuwvlok.services.networking.wireguard;
hasPeers = (cfg.peer |> attrNames |> length) > 0; hasPeers = (cfg.peer |> attrNames |> length) > 0;
in { in {
options.${namespace}.services.networking.wireguard = { options.sneeuwvlok.services.networking.wireguard = {
# enable = mkEnableOption "enable wireguard" // {default = true;}; # enable = mkEnableOption "enable wireguard" // {default = true;};
peer = mkOption { peer = mkOption {

4
modules/nixos/services/observability/grafana/default.nix
View file

@ -8,12 +8,12 @@
inherit (lib.modules) mkIf; inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption; inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.observability.grafana; cfg = config.sneeuwvlok.services.observability.grafana;
db_user = "grafana"; db_user = "grafana";
db_name = "grafana"; db_name = "grafana";
in { in {
options.${namespace}.services.observability.grafana = { options.sneeuwvlok.services.observability.grafana = {
enable = mkEnableOption "enable Grafana"; enable = mkEnableOption "enable Grafana";
}; };

18
modules/nixos/services/observability/loki/default.nix
View file

@ -1,12 +1,16 @@
{ pkgs, config, lib, namespace, ... }: {
let pkgs,
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf; inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption; inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.observability.loki; cfg = config.sneeuwvlok.services.observability.loki;
in in {
{ options.sneeuwvlok.services.observability.loki = {
options.${namespace}.services.observability.loki = {
enable = mkEnableOption "enable Grafana Loki"; enable = mkEnableOption "enable Grafana Loki";
}; };
@ -44,6 +48,6 @@ in
}; };
}; };
networking.firewall.allowedTCPPorts = [ 9003 ]; networking.firewall.allowedTCPPorts = [9003];
}; };
} }

4
modules/nixos/services/observability/prometheus/default.nix
View file

@ -3,10 +3,10 @@ let
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.observability.prometheus; cfg = config.sneeuwvlok.services.observability.prometheus;
in in
{ {
options.${namespace}.services.observability.prometheus = { options.sneeuwvlok.services.observability.prometheus = {
enable = mkEnableOption "enable Prometheus"; enable = mkEnableOption "enable Prometheus";
}; };

4
modules/nixos/services/observability/promtail/default.nix
View file

@ -8,9 +8,9 @@
inherit (lib.modules) mkIf; inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption; inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.observability.promtail; cfg = config.sneeuwvlok.services.observability.promtail;
in { in {
options.${namespace}.services.observability.promtail = { options.sneeuwvlok.services.observability.promtail = {
enable = mkEnableOption "enable Grafana Promtail"; enable = mkEnableOption "enable Grafana Promtail";
}; };

18
modules/nixos/services/observability/uptime-kuma/default.nix
View file

@ -1,12 +1,16 @@
{ pkgs, config, lib, namespace, ... }: {
let pkgs,
config,
lib,
namespace,
...
}: let
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.observability.uptime-kuma; cfg = config.sneeuwvlok.services.observability.uptime-kuma;
in in {
{ options.sneeuwvlok.services.observability.uptime-kuma = {
options.${namespace}.services.observability.uptime-kuma = {
enable = mkEnableOption "enable uptime kuma"; enable = mkEnableOption "enable uptime kuma";
}; };
@ -20,6 +24,6 @@ in
}; };
}; };
networking.firewall.allowedTCPPorts = [ 9006 ]; networking.firewall.allowedTCPPorts = [9006];
}; };
} }

4
modules/nixos/services/persistance/postgesql/default.nix
View file

@ -7,9 +7,9 @@
}: let }: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.persistance.postgresql; cfg = config.sneeuwvlok.services.persistance.postgresql;
in { in {
options.${namespace}.services.persistance.postgresql = { options.sneeuwvlok.services.persistance.postgresql = {
enable = mkEnableOption "Postgresql"; enable = mkEnableOption "Postgresql";
}; };

6
modules/nixos/services/security/vaultwarden/default.nix
View file

@ -10,7 +10,7 @@
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep; inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep;
cfg = config.${namespace}.services.security.vaultwarden; cfg = config.sneeuwvlok.services.security.vaultwarden;
databaseProviderSqlite = types.submodule ({...}: { databaseProviderSqlite = types.submodule ({...}: {
options = { options = {
@ -78,7 +78,7 @@
// (urlOptions |> getAttrs ["protocol" "host" "port"]); // (urlOptions |> getAttrs ["protocol" "host" "port"]);
}); });
in { in {
options.${namespace}.services.security.vaultwarden = { options.sneeuwvlok.services.security.vaultwarden = {
enable = mkEnableOption "enable vaultwarden"; enable = mkEnableOption "enable vaultwarden";
database = mkOption { database = mkOption {
@ -93,7 +93,7 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
${namespace}.services.networking.caddy.hosts = { sneeuwvlok.services.networking.caddy.hosts = {
"vault.kruining.eu" = '' "vault.kruining.eu" = ''
encode zstd gzip encode zstd gzip

17
modules/nixos/services/virtualisation/podman/default.nix
View file

@ -1,11 +1,16 @@
{ config, options, lib, pkgs, namespace, ... }: {
let config,
options,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.virtualisation.podman; cfg = config.sneeuwvlok.services.virtualisation.podman;
in in {
{ options.sneeuwvlok.services.virtualisation.podman = {
options.${namespace}.services.virtualisation.podman = {
enable = mkEnableOption "enable podman"; enable = mkEnableOption "enable podman";
}; };

2
modules/nixos/shells/default.nix
View file

@ -1,2 +0,0 @@
{...}: {
}

17
modules/nixos/shells/zsh/default.nix
View file

@ -1,11 +1,16 @@
{ inputs, config, lib, pkgs, namespace, ... }: {
let inputs,
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.shell.zsh; cfg = config.sneeuwvlok.shell.zsh;
in in {
{ options.sneeuwvlok.shell.zsh = {
options.${namespace}.shell.zsh = {
enable = mkEnableOption "enable zsh shell"; enable = mkEnableOption "enable zsh shell";
}; };

6
modules/nixos/system/default.nix
View file

@ -1,6 +0,0 @@
{
imports = [
./networking
./security
];
}

4
modules/nixos/system/networking/default.nix
View file

@ -2,10 +2,10 @@
let let
inherit (lib) mkDefault; inherit (lib) mkDefault;
cfg = config.${namespace}.system.networking; cfg = config.sneeuwvlok.system.networking;
in in
{ {
options.${namespace}.system.networking = {}; options.sneeuwvlok.system.networking = {};
config = { config = {
systemd.services.NetworkManager-wait-online.enable = false; systemd.services.NetworkManager-wait-online.enable = false;

15
modules/nixos/system/security/boot/default.nix
View file

@ -1,13 +1,16 @@
{ config, namespace, inputs, ... }:
let
cfg = config.${namespace}.system.security.boot;
in
{ {
options.${namespace}.system.security.boot = {}; config,
namespace,
inputs,
...
}: let
cfg = config.sneeuwvlok.system.security.boot;
in {
options.sneeuwvlok.system.security.boot = {};
config = { config = {
boot = { boot = {
kernelModules = [ "tcp_bbr" ]; kernelModules = ["tcp_bbr"];
kernel.sysctl = { kernel.sysctl = {
## TCP hardening ## TCP hardening
# Prevent bogus ICMP errors from filling up logs. # Prevent bogus ICMP errors from filling up logs.

23
modules/nixos/system/security/default.nix
View file

@ -1,15 +1,13 @@
{ config, namespace, inputs, ... }: {...}: {
let flake.modules.nixos.sneeuwvlok.system.security = {
cfg = config.${namespace}.system.security; config,
in namespace,
{ inputs,
imports = [ ...
./boot }: let
./sops cfg = config.sneeuwvlok.system.security;
./sudo in {
]; options.sneeuwvlok.system.security = {};
options.${namespace}.system.security = {};
config = { config = {
security = { security = {
@ -26,4 +24,5 @@ in
programs.gnupg.agent.enable = true; programs.gnupg.agent.enable = true;
}; };
};
} }

16
modules/nixos/system/security/sops/default.nix
View file

@ -1,12 +1,16 @@
{ pkgs, config, namespace, repoRoot, ... }:
let
cfg = config.${namespace}.system.security.sops;
in
{ {
options.${namespace}.system.security.sops = {}; pkgs,
config,
namespace,
repoRoot,
...
}: let
cfg = config.sneeuwvlok.system.security.sops;
in {
options.sneeuwvlok.system.security.sops = {};
config = { config = {
environment.systemPackages = with pkgs; [ sops ]; environment.systemPackages = with pkgs; [sops];
sops = { sops = {
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";

4
modules/nixos/system/security/sudo/default.nix
View file

@ -1,9 +1,9 @@
{ config, namespace, ... }: { config, namespace, ... }:
let let
cfg = config.${namespace}.system.security.sudo; cfg = config.sneeuwvlok.system.security.sudo;
in in
{ {
options.${namespace}.system.security.sudo = {}; options.sneeuwvlok.system.security.sudo = {};
config = { config = {
security = { security = {

24
packages/default.nix
View file

@ -1,24 +0,0 @@
{
config,
lib,
mkPkgs,
...
}: {
imports = [
./studio
./vaultwarden
];
perSystem = {system, ...}: let
pkgs = mkPkgs system;
in {
_module.args.pkgs = pkgs;
clan.pkgs = pkgs;
};
flake.overlays.default = lib.composeManyExtensions [
config.flake.overlays."package/studio"
config.flake.overlays."package/vaultwarden"
];
}

Some files were not shown because too many files have changed in this diff Show more