jan/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: Initialise new repository

Browse source
This commit is contained in:
Jan Kremer 2025-07-08 10:05:22 +02:00
commit 1eb25ada72
Signed by: jan
GPG key ID: A7DA689CB3B078EC
41 changed files with 1657 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

44
README.md Normal file
View file

@ -0,0 +1,44 @@
# Floccus
## Mac setup
### Installation
```sh
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
git clone git@github.com:jukremer/nix-config.git ~/.confin/nix
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
nix run nix-darwin -- switch --flake ~/.config/nix
```
### Switch
```sh
darwin-rebuild switch --flake ~/.config/nix
```
### Update
```sh
nix flake update --commit-lock-file ~/.config/nix
```
## NixOS setup
### Installation
```sh
git clone git@github.com:jukremer/nix-config.git ~/.confin/nix
```
### Switch
```sh
sudo nixos-rebuild switch --flake ~/.config/nix
```
### Update
```sh
nix flake update --commit-lock-file ~/.config/nix
```

151
flake.lock generated Normal file
View file

@ -0,0 +1,151 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"darwin_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1751313918,
"narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1751513147,
"narHash": "sha256-idSXM3Y0KNf/WDDqGfthiOSQMwZYwis1JZhTkdWrr6A=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "426b405d979d893832549b95f23c13537c65d244",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1751271578,
"narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"darwin": "darwin_2",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

45
flake.nix Normal file
View file

@ -0,0 +1,45 @@
{
description = "floccus";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
darwin = {
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
nixpkgs,
darwin,
...
}@inputs:
{
darwinConfigurations.Mac-von-Jan = darwin.lib.darwinSystem {
system = "aarch64-darwin";
specialArgs = {
inherit inputs;
};
modules = [ ./hosts/mac/configuration.nix ];
};
nixosConfigurations.galanthus = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [ ./hosts/galanthus/configuration.nix ];
};
formatter.aarch64-darwin = nixpkgs.legacyPackages.aarch64-darwin.nixfmt-tree;
};
}

68
hosts/galanthus/configuration.nix Normal file
View file

@ -0,0 +1,68 @@
{ inputs, pkgs, ... }:
{
imports = [
inputs.agenix.nixosModules.default
./hardware-configuration.nix
../../modules/nixos
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
networking = {
hostName = "galanthus";
networkmanager.enable = true;
};
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [ "jan" ];
};
gc = {
automatic = true;
dates = "weekly";
};
};
users.users.jan = {
isNormalUser = true;
description = "Jan Kremer";
extraGroups = [
"networkmanager"
"wheel"
];
};
services = {
openssh.enable = true;
};
programs = {
git.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
environment.systemPackages = [
pkgs.yt-dlp
pkgs.spotdl
pkgs.ffmpeg
];
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "de_DE.UTF-8";
system.stateVersion = "23.11"; # Don't change!
}

59
hosts/galanthus/hardware-configuration.nix Normal file
View file

@ -0,0 +1,59 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
initrd.kernelModules = [ ];
kernelModules = [
"fuse"
"kvm-intel"
"coretemp"
];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/a5d90a39-7b34-4112-9d76-90c279ececfb";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/F9B8-FABD";
fsType = "vfat";
};
## 8 TB HDD
"/mnt/sdb1" = {
device = "/dev/disk/by-uuid/10fef994-6ff0-4896-bc34-1ca4403af3d7";
fsType = "ext4";
};
};
swapDevices = [
{
device = "/swapfile";
size = 16 * 1024; # 16GB
}
];
networking = {
useDHCP = lib.mkDefault true;
interfaces.eno1.wakeOnLan.enable = true;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

109
hosts/mac/configuration.nix Normal file
View file

@ -0,0 +1,109 @@
{ inputs, ... }:
{
imports = [
inputs.home-manager.darwinModules.home-manager
inputs.agenix.darwinModules.default
../../modules/darwin
];
## Set username and home directory (required by home-manager)
users.users.jan = {
name = "jan";
home = "/Users/jan";
};
networking.hostName = "Mac-von-Jan";
nix = {
enable = false;
## Recommended for nixd
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"root"
"jan"
"@admin"
];
};
# gc.automatic = true;
};
nixpkgs = {
hostPlatform = "aarch64-darwin";
config.allowUnfree = true;
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.jan = import ../../modules/home-manager;
extraSpecialArgs = {
inherit inputs;
};
backupFileExtension = "backup";
};
homebrew = {
enable = true;
onActivation = {
upgrade = true;
cleanup = "zap";
};
};
programs = {
zsh.enable = true;
fish.enable = true;
};
security.pam.services.sudo_local.touchIdAuth = true;
system = {
primaryUser = "jan";
defaults = {
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 0.0;
orientation = "left";
mru-spaces = false;
largesize = 64;
magnification = false;
# persistent-apps = [
# "/Applications/Safari.app"
# "/System/Applications/Mail.app"
# "/System/Applications/Calendar.app"
# "/Applications/Things3.app"
# "/Applications/Ghostty.app"
# "/Applications/Obsidian.app"
# "/System/Applications/Preview.app"
# "/Applications/NetNewsWire.app"
# "/System/Applications/Music.app"
# "/System/Applications/Books.app"
# "/System/Applications/System Settings.app"
# ];
};
finder = {
AppleShowAllExtensions = true;
FXPreferredViewStyle = "clmv";
ShowPathbar = true;
_FXShowPosixPathInTitle = true;
};
# screencapture.location = "~/Pictures/Bildschirmfotos";
};
keyboard = {
enableKeyMapping = true;
remapCapsLockToEscape = true;
};
## Set Git commit hash for darwin-version.
configurationRevision = inputs.self.rev or inputs.self.dirtyRev or null;
## Used for backwards compatibility, please read the changelog before changing.
## $ darwin-rebuild changelog
stateVersion = 4;
};
}

14
modules/darwin/apps.nix Normal file
View file

@ -0,0 +1,14 @@
{
homebrew.masApps = {
"AdGuard for Safari" = 1440147259;
"Tailscale" = 1475387142;
"GarageBand" = 682658836;
"iMovie" = 408981434;
# Work
"Keynote" = 409183694;
"Numbers" = 409203825;
"Pages" = 409201541;
"Things" = 904280696;
};
}

22
modules/darwin/casks.nix Normal file
View file

@ -0,0 +1,22 @@
{
homebrew.casks = [
"glance-chamburr"
"iina"
"netnewswire"
"electrum"
"monero-wallet"
"keepassxc"
"element"
"signal"
# Work
"visual-studio-code"
"obsidian"
"chatgpt"
"ghostty"
# Games
"minecraft"
"modrinth"
];
}

7
modules/darwin/default.nix Normal file
View file

@ -0,0 +1,7 @@
{
imports = [
./apps.nix
./casks.nix
./fonts.nix
];
}

18
modules/darwin/fonts.nix Normal file
View file

@ -0,0 +1,18 @@
{ pkgs, ... }:
{
fonts.packages = with pkgs; [
atkinson-hyperlegible
jetbrains-mono
open-sans
];
homebrew.casks = [
"font-chomsky"
"font-cormorant-garamond"
"font-crimson-text"
"font-new-york"
"font-sf-compact"
"font-sf-mono"
"font-sf-pro"
"font-unifrakturmaguntia"
];
}

39
modules/home-manager/colors.nix Normal file
View file

@ -0,0 +1,39 @@
{ pkgs, ... }:
{
# Rosé Pine Moon (https://rosepinetheme.com)
programs = {
bat = {
config.theme = "rose-pine";
themes.rose-pine = {
src = pkgs.fetchFromGitHub {
owner = "rose-pine";
repo = "tm-theme";
rev = "c4235f9a65fd180ac0f5e4396e3a86e21a0884ec";
hash = "sha256-jji8WOKDkzAq8K+uSZAziMULI8Kh7e96cBRimGvIYKY=";
};
file = "dist/themes/rose-pine.tmTheme";
};
};
fzf.colors = {
"fg" = "#908caa";
"bg" = "#191724";
"hl" = "#ebbcba";
"fg+" = "#e0def4";
"bg+" = "#26233a";
"hl+" = "#ebbcba";
"border" = "#403d52";
"header" = "#31748f";
"gutter" = "#191724";
"spinner" = "#f6c177";
"info" = "#9ccfd8";
"pointer" = "#c4a7e7";
"marker" = "#eb6f92";
"prompt" = "#908caa";
};
ghostty.settings.theme = "rose-pine";
helix.settings.theme = "rose_pine";
};
}

89
modules/home-manager/default.nix Normal file
View file

@ -0,0 +1,89 @@
{
config,
pkgs,
inputs,
...
}:
{
imports = [
inputs.agenix.homeManagerModules.default
./colors.nix
./ghostty.nix
./git
./helix.nix
./packages.nix
./shell
];
home = {
username = "jan";
homeDirectory = "/Users/jan";
stateVersion = "24.05";
## Mute login message in terminal
file.".hushlogin".text = "";
sessionVariables = {
DIRENV_LOG_FORMAT = "";
LEDGER_FILE = "${config.xdg.dataHome}/ledger/2024.journal";
OPENAI_API_KEY = "$(cat ${config.age.secrets.openai.path})";
};
shellAliases = {
"yt" = "yt-dlp";
"yta" = "yt-dlp -x";
};
packages = [ inputs.agenix.packages.${pkgs.system}.default ];
};
age = {
# identityPaths = [ "~/.ssh/id_ed25519" ];
secrets."openai".file = ../secrets/openai.age;
};
xdg = {
enable = true;
userDirs = {
videos = "${config.home.homeDirectory}/Movies/Videos";
};
};
programs = {
home-manager.enable = true;
gpg = {
enable = true;
homedir = "${config.xdg.dataHome}/gnupg";
settings = {
default-key = "20AF0A659F2B93AD918415D1A7DA689CB3B078EC";
keyserver = "hkps://keys.openpgp.org";
};
};
pandoc.enable = true;
ssh = {
enable = true;
addKeysToAgent = "yes";
extraConfig = ''
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
SetEnv TERM=xterm-256color
'';
};
yt-dlp = {
enable = true;
settings = {
output = "${config.xdg.userDirs.videos}/%(title)s.%(ext)s";
format-sort = "res:1080";
audio-quality = 0;
sponsorblock-mark = "default";
embed-metadata = true;
embed-thumbnail = true;
xattrs = true;
};
};
};
}

14
modules/home-manager/ghostty.nix Normal file
View file

@ -0,0 +1,14 @@
{
programs.ghostty = {
enable = true;
package = null;
enableZshIntegration = true;
settings = {
font-size = 16;
window-padding-x = 5;
window-padding-balance = true;
mouse-hide-while-typing = true;
macos-option-as-alt = "left";
};
};
}

68
modules/home-manager/git/default.nix Normal file
View file

@ -0,0 +1,68 @@
{
imports = [
./ignores.nix
];
home.sessionVariables = {
GITHUB_TOKEN = "$(gh auth token)";
};
programs = {
git = {
enable = true;
userName = "Jan Kremer";
userEmail = "mail@jankremer.eu";
lfs.enable = true;
difftastic.enable = true;
extraConfig = {
user.signingkey = "A7DA689CB3B078EC";
credential.helper = "osxkeychain";
merge.conflictstyle = "zdiff3";
commit = {
verbose = true;
gpgsign = true;
};
branch.sort = "-committerdate";
help.autocorrect = 10;
diff = {
algorithm = "histogram";
colorMoved = "default";
};
log.date = "iso";
rebase.autostash = true;
rerere.enabled = true;
push = {
followtags = true;
autoSetupRemote = true;
};
};
};
gh = {
enable = true;
settings.git_protocol = "ssh";
};
sapling = {
enable = true;
userName = "Jan Kremer";
userEmail = "mail@jankremer.eu";
};
jujutsu = {
enable = true;
settings = {
user = {
name = "Jan Kremer";
email = "mail@jankremer.eu";
};
signing = {
behavior = "own";
backend = "gpg";
};
ui.default-command = "log";
};
};
};
}

30
modules/home-manager/git/ignores.nix Normal file
View file

@ -0,0 +1,30 @@
{
programs.git.ignores = [
"*.7z"
"*.class"
"*.com"
"*.dll"
"*.dmg"
"*.exe"
"*.gz"
"*.iso"
"*.jar"
"*.log"
"*.o"
"*.pdf"
"*.rar"
"*.so"
"*.sql"
"*.sqlite"
"*.tar"
"*.zip"
".DS_Store"
".DS_Store?"
".Spotlight-V100"
".Trashes"
"._*"
".direnv"
"Thumbs.db"
"ehthumbs.db"
];
}

103
modules/home-manager/helix.nix Normal file
View file

@ -0,0 +1,103 @@
{ pkgs, ... }:
{
programs.helix = {
enable = true;
defaultEditor = true;
extraPackages = with pkgs; [
markdown-oxide
nixd
nixfmt-rfc-style
];
settings = {
editor = {
line-number = "relative";
cursorline = true;
color-modes = true;
mouse = true;
end-of-line-diagnostics = "hint";
inline-diagnostics.cursor-line = "warning";
cursor-shape = {
insert = "bar";
normal = "block";
select = "underline";
};
soft-wrap.enable = true;
statusline = {
left = [
"mode"
"spinner"
"version-control"
"read-only-indicator"
"file-modification-indicator"
];
center = [ "file-name" ];
right = [
"diagnostics"
"selections"
"register"
"position"
"position-percentage"
"file-encoding"
"file-type"
];
mode = {
normal = "NORMAL";
insert = "INSERT";
select = "SELECT";
};
};
};
keys = {
normal = {
X = [
"extend_line_up"
"extend_to_line_bounds"
];
};
};
};
languages = {
language-server = {
tinymist.command = "tinymist";
nixd = {
command = "nixd";
config = {
formatting.command = [ "nixfmt" ];
nixpkgs.expr = "import (builtins.getFlake \"~/.config/nix\").inputs.nixpkgs { }";
options = {
nixos.expr = "(builtins.getFlake \"~/.config/nix\").nixosConfigurations.galanthus.options";
darwin.expr = "(builtins.getFlake \"~/.config/nix\").darwinConfigurations.Mac-von-Jan.options";
home-manager.expr = "(builtins.getFlake \"~/.config/nix\").homeConfigurations.jan.options";
};
};
};
};
language = [
{
name = "nix";
language-servers = [ "nixd" ];
formatter.command = "nixfmt";
auto-format = true;
}
{
name = "typst";
language-servers = [ "tinymist" ];
formatter.command = "typstyle";
auto-format = true;
}
];
};
};
}

24
modules/home-manager/packages.nix Normal file
View file

@ -0,0 +1,24 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
darwin.trash
curl
nh
cachix
hledger
hledger-web
ffmpeg
imagemagick
# Work
codex
typst
hayagriva
# quarto
# R
# rPackages.reticulate
# texliveFull
plantuml
ditaa
];
}

12
modules/home-manager/shell/bat.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
programs.bat = {
enable = true;
extraPackages = with pkgs.bat-extras; [ batman ];
};
home.shellAliases = {
"cat" = "bat";
"man" = "batman";
};
}

49
modules/home-manager/shell/default.nix Normal file
View file

@ -0,0 +1,49 @@
{
imports = [
./bat.nix
# ./fish.nix
./starship.nix
./zsh.nix
];
home.shellAliases = {
"deploy" =
"ssh -t galanthus 'cd ~/.config/nix; git pull --rebase; sudo nixos-rebuild switch --flake ~/.config/nix'";
"mv" = "mv -i";
"rm" = "trash";
"tree" = "lt";
"zz" = "z -";
};
programs = {
direnv = {
enable = true;
nix-direnv.enable = true;
config = {
warn_timeout = "1m";
hide_env_diff = true;
};
};
eza = {
enable = true;
git = true;
};
fzf = {
enable = true;
defaultCommand = "fd --type f --strip-cwd-prefix --hidden --follow --exclude .git";
fileWidgetCommand = "fd --type f --strip-cwd-prefix --hidden --follow --exclude .git";
fileWidgetOptions = [ "--preview 'bat --color=always {}'" ];
};
fd.enable = true;
ripgrep = {
enable = true;
arguments = [ "--ignore-case" ];
};
zoxide.enable = true;
};
}

22
modules/home-manager/shell/fish.nix Normal file
View file

@ -0,0 +1,22 @@
{
programs.fish = {
enable = true;
interactiveShellInit = # fish
''
set fish_greeting
set fish_vi_key_bindings
set fish_vi_cursor
eval $(/opt/homebrew/bin/brew shellenv fish)
'';
shellAbbrs = {
gs = "git status";
gc = "git commit";
gca = "git commit -a";
gcaa = "git commit -a --amend";
gco = "git checkout";
};
};
}

94
modules/home-manager/shell/starship.nix Normal file
View file

@ -0,0 +1,94 @@
{ lib, ... }:
{
programs.starship = {
enable = true;
enableTransience = true;
settings = {
add_newline = false;
format = lib.concatStrings [
"$username"
"$hostname"
"$directory"
"$git_branch"
"$git_status"
"$git_metrics"
"$git_state"
"$nodejs"
"$rust"
"$golang"
"$python"
"$typst"
"$gleam"
"$fill"
"$nix_shell"
"$shell"
"$line_break"
"$character"
];
fill = {
symbol = " ";
};
character = {
success_symbol = "[](green)";
error_symbol = "[](red)";
vimcmd_symbol = "[](blue)";
};
directory = {
style = "blue";
};
git_branch = {
format = "[$branch(:$remote_branch)](white) ";
};
git_status = {
style = "cyan";
};
nodejs = {
symbol = "nodejs";
format = "[$symbol ($version )](green)";
};
rust = {
symbol = "rust";
format = "[$symbol ($version )](red)";
};
python = {
symbol = "python";
format = "[$symbol ($version )](yellow)";
};
golang = {
symbol = "go";
format = "[$symbol ($version )](green)";
};
typst = {
symbol = "typst";
format = "[$symbol ($version )](green)";
};
gleam = {
symbol = "gleam";
format = "[$symbol ($version )](purple)";
};
nix_shell = {
symbol = "nix";
heuristic = true;
format = "[$symbol ($state $name )](red)";
};
shell = {
disabled = false;
fish_indicator = "fish ";
format = "[$indicator](purple)";
};
};
};
}

40
modules/home-manager/shell/zsh.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, ... }:
{
programs.zsh = {
enable = true;
# enableVteIntegration = true;
dotDir = ".config/zsh";
history = {
path = "${config.xdg.stateHome}/zsh/zsh_history";
extended = true;
};
autosuggestion.enable = true;
autocd = true;
syntaxHighlighting = {
enable = true;
highlighters = [
"main"
"cursor"
"brackets"
"root"
];
};
initContent = # sh
''
eval "$(/opt/homebrew/bin/brew shellenv)"
setopt COMPLETE_IN_WORD
setopt ALWAYS_TO_END
setopt PATH_DIRS
setopt AUTO_MENU
setopt AUTO_LIST
setopt MENU_COMPLETE
'';
completionInit = # sh
''
autoload -U compinit && compinit
zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
'';
};
}

6
modules/nixos/adguardhome.nix Normal file
View file

@ -0,0 +1,6 @@
{
services.adguardhome = {
enable = true;
port = 3000;
};
}

31
modules/nixos/audiobookshelf.nix Normal file
View file

@ -0,0 +1,31 @@
{
containers.audiobooks = {
autoStart = true;
bindMounts = {
"/var/lib/audiobookshelf" = {
hostPath = "/mnt/sdb1/media/audiobooks";
isReadOnly = false;
};
};
config =
{ pkgs, ... }:
{
services = {
audiobookshelf = {
enable = true;
# port = 8000;
# host = "audiobooks.alpine-centauri.ts.net";
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

18
modules/nixos/default.nix Normal file
View file

@ -0,0 +1,18 @@
{
imports = [
# ./adguardhome.nix
./audiobookshelf.nix
./forgejo.nix
# ./freshrss.nix
# ./immich.nix
./jellyfin.nix
./mealie.nix
./minecraft.nix
./navidrome.nix
# ./nextcloud.nix
# ./pinchflat.nix
./samba.nix
./tailscale.nix
# ./vaultwarden.nix
];
}

58
modules/nixos/forgejo.nix Normal file
View file

@ -0,0 +1,58 @@
{ inputs, ... }:
{
containers.git = {
autoStart = true;
bindMounts."/etc/ssh/ssh_host_ed25519_key".hostPath = "/etc/ssh/ssh_host_ed25519_key";
config = {
imports = [ inputs.agenix.nixosModules.default ];
age = {
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets."forgejo-runner-token" = {
file = ../secrets/forgejo-runner-token.age;
mode = "400";
owner = "forgejo";
};
};
services = {
forgejo = {
enable = true;
database.type = "postgres";
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.alpine-centauri.ts.net";
ROOT_URL = "https://git.alpine-centauri.ts.net/";
HTTP_PORT = 3000;
};
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
};
};
};
# gitea-actions-runner = {
# package = pkgs.forgejo-runner;
# instances.native = {
# enable = true;
# name = "native";
# url = "https://git.alpine-centauri.ts.net";
# tokenFile = config.age.secrets.forgejo-runner-token.path;
# labels = [ "native:host" ];
# };
# };
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

24
modules/nixos/freshrss.nix Normal file
View file

@ -0,0 +1,24 @@
{
containers.freshrss = {
autoStart = true;
config = {
services = {
freshrss = {
enable = true;
language = "de";
authType = "none";
baseUrl = "https://freshrss.alpine-centauri.ts.net";
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

29
modules/nixos/immich.nix Normal file
View file

@ -0,0 +1,29 @@
{
containers.immich = {
autoStart = true;
bindMounts = {
"/var/lib/immich" = {
hostPath = "/mnt/sdb1/photos";
isReadOnly = false;
};
};
config = {
services = {
immich = {
enable = true;
host = "immich.alpine-centauri.ts.net";
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

69
modules/nixos/jellyfin.nix Normal file
View file

@ -0,0 +1,69 @@
{
containers.jellyfin = {
autoStart = true;
bindMounts = {
"/media" = {
hostPath = "/mnt/sdb1/media";
isReadOnly = false;
};
};
config =
{ pkgs, ... }:
{
services = {
jellyfin = {
enable = true; # port = 8096
openFirewall = true;
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
## Hardware transcoding
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver # previously vaapiIntel
vaapiVdpau
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
# vpl-gpu-rt # QSV on 11th gen or newer
intel-media-sdk # QSV up to 11th gen
];
};
## Grab EPG data daily
systemd = {
services.epg = {
script = "${pkgs.nodejs_18}/bin/npm run --prefix /media/TV/epg/ grab -- --channels=custom.channels.xml";
path = [
pkgs.bash
pkgs.nodejs_18
];
serviceConfig = {
Type = "oneshot";
User = "root";
};
startAt = "daily"; # Creates a timer
};
timers.epg.timerConfig.Persistent = true;
};
system.stateVersion = "24.05";
};
};
}

22
modules/nixos/mealie.nix Normal file
View file

@ -0,0 +1,22 @@
{
containers.mealie = {
autoStart = true;
config = {
services = {
mealie = {
enable = true;
port = 9000;
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

36
modules/nixos/minecraft.nix Normal file
View file

@ -0,0 +1,36 @@
{ lib, ... }:
{
containers.minecraft = {
autoStart = true;
bindMounts = {
"/var/lib/minecraft" = {
hostPath = "/mnt/sdb1/minecraft";
isReadOnly = false;
};
};
config = {
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"minecraft-server"
];
services = {
minecraft-server = {
enable = true;
eula = true;
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

31
modules/nixos/navidrome.nix Normal file
View file

@ -0,0 +1,31 @@
{
containers.music = {
autoStart = true;
bindMounts = {
"/Music" = {
hostPath = "/mnt/sdb1/media/Music";
isReadOnly = false;
};
};
config = {
services = {
navidrome = {
enable = true;
settings = {
MusicFolder = "/Music";
port = 4533;
};
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

86
modules/nixos/nextcloud.nix Normal file
View file

@ -0,0 +1,86 @@
{ inputs, ... }:
{
containers.nextcloud = {
autoStart = true;
bindMounts = {
"/etc/ssh/ssh_host_ed25519_key".hostPath = "/etc/ssh/ssh_host_ed25519_key";
"/var/lib/nextcloud/data" = {
hostPath = "/mnt/sdb1/data";
isReadOnly = false;
};
};
config =
{ pkgs, config, ... }:
{
imports = [ inputs.agenix.nixosModules.default ];
age = {
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets."nextcloud" = {
file = ../secrets/nextcloud.age;
mode = "400";
owner = "nextcloud";
};
};
services = {
nextcloud = {
enable = true;
package = pkgs.nextcloud30;
hostName = "nextcloud";
https = true;
config = {
adminpassFile = config.age.secrets.nextcloud.path;
};
settings = {
trusted_domains = [ "nextcloud.alpine-centauri.ts.net" ];
enabledPreviewProviders = [
"OC\\Preview\\AVI"
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\HEIC"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MKV"
"OC\\Preview\\MP3"
"OC\\Preview\\MP4"
"OC\\Preview\\MarkDown"
"OC\\Preview\\Movie"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PDF"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
];
};
database.createLocally = true;
configureRedis = true;
maxUploadSize = "1G";
## Set up non-declaratively for now
# extraAppsEnable = true;
# autoUpdateApps.enable = true;
# extraApps = {
# inherit (config.services.nextcloud.package.packages.apps)
# news
# contacts
# calendar
# tasks
# ;
# };
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

31
modules/nixos/pinchflat.nix Normal file
View file

@ -0,0 +1,31 @@
{
virtualisation.oci-containers = {
containers = {
pinchflat = {
image = "ghcr.io/kieraneglin/pinchflat:latest";
environment.TZ = "Europe/Berlin";
ports = [ "127.0.0.1:8945:8945" ];
volumes = [
"/mnt/sdb1/media/youtube/config:/config"
"/mnt/sdb1/media/youtube/downloads:/downloads"
];
};
};
};
containers.youtube = {
autoStart = true;
config = {
services = {
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

34
modules/nixos/samba.nix Normal file
View file

@ -0,0 +1,34 @@
{
services.samba = {
enable = true;
settings = {
global = {
"vfs objects" = "catia fruit streams_xattr";
"guest account" = "jan";
"fruit:model" = "MacPro7,1@ECOLOR=226,226,224";
};
Media = {
path = "/mnt/sdb1/media";
writeable = "yes";
};
TimeMachine = {
path = "/mnt/sdb1/timemachine";
writeable = "yes";
"fruit:time machine" = "yes";
};
};
};
## Used to advertise the shares to Windows hosts
services.samba-wsdd = {
enable = true;
};
services.avahi = {
enable = true;
nssmdns4 = true;
};
}

9
modules/nixos/tailscale.nix Normal file
View file

@ -0,0 +1,9 @@
{
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
extraUpFlags = [ "--ssh" ];
};
networking.firewall.checkReversePath = "loose";
}

32
modules/nixos/vaultwarden.nix Normal file
View file

@ -0,0 +1,32 @@
{
containers.vault = {
autoStart = true;
bindMounts = {
"/var/backup/vaultwarden" = {
hostPath = "/mnt/sdb1/vaultwarden";
isReadOnly = false;
};
};
config = {
services = {
vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
dbBackend = "postgresql";
config = {
# SIGNUPS_ALLOWED = false;
};
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

BIN
modules/secrets/forgejo-runner-token.age Normal file
View file

Binary file not shown.

7
modules/secrets/nextcloud.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 2otpcg 3veZJ75b0D5gej3P4fHkM8yGzVH5ldkGOCYBkdztoSw
KXDhfvj/wfpMXqQ1MspymfJBBqRJktcSngIkEBDSUu4
-> ssh-ed25519 40YjXQ L1yJYjyAmCi7W05BAVeFZi3mSCzBNU0/hqm2prEV/wI
J6lFx4DD+Lj4tjsBntIlzuvZfqTQ3P7xzNZs0vcZBko
--- 0uC4zy+Xahwt3nuFJyNyHVCIPcgwxVX8cXo0ivwQUaU
Q€½áÁã²±•!ÅR<C385>GÃEØ)®c¦@Ç n²‡¿ âôû…ŠÚ ñ‰nz„hµk²—µ€r

BIN
modules/secrets/openai.age Normal file
View file

Binary file not shown.

13
modules/secrets/secrets.nix Normal file
View file

@ -0,0 +1,13 @@
let
Mac-von-Jan = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE";
galanthus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZYQao2OKQxyic+I327VZ7lQECh9hSS9cgsls3e/a1u";
all = [
Mac-von-Jan
galanthus
];
in
{
"nextcloud.age".publicKeys = all;
"forgejo-runner-token.age".publicKeys = all;
"openai.age".publicKeys = all;
}