xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

lots of stuff

Browse source
This commit is contained in:
xunuwu 2024-06-26 20:49:16 +02:00
parent 30bd03615f
commit 1ed9ce6864
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
30 changed files with 223 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

9
system/core/default.nix
View file

@ -2,15 +2,11 @@
imports = [
./security.nix
./users.nix
./tools.nix
./ssh.nix
./compat.nix
../nix
../programs/zsh.nix
];
documentation.dev.enable = true;
i18n = {
defaultLocale = "en_US.UTF-8";
supportedLocales = [
@ -19,8 +15,5 @@
};
services.xserver.xkb.layout = "eu";
# don't touch this
system.stateVersion = lib.mkDefault "23.11";
time.timeZone = lib.mkDefault "Europe/Stockholm";
time.timeZone = lib.mkDefault "Europe/Berlin";
}

15
system/core/docs.nix Normal file
View file

@ -0,0 +1,15 @@
{pkgs, ...}: {
documentation = {
dev.enable = true;
man.generateCaches = true;
man = {
man-db.enable = false;
mandoc.enable = true;
};
};
environment.systemPackages = with pkgs; [
linux-manual
man-pages
man-pages-posix
];
}

4
system/core/harden.nix Normal file
View file

@ -0,0 +1,4 @@
{
#TODO: add stuff here
# use lynis mayb
}

4
system/default.nix
View file

@ -1,7 +1,9 @@
let
desktop = [
./core
./core/compat.nix
./core/boot.nix
./core/docs.nix
./core/gvfs.nix
./hardware/opengl.nix
@ -13,6 +15,7 @@ let
./network/avahi.nix
./network/localsend.nix
./network/tailscale.nix
./network/goldberg.nix
./desktop
./desktop/awesome.nix
@ -20,6 +23,7 @@ let
#./desktop/hyprland.nix
./programs
./programs/tools.nix
./services
./services/pipewire.nix

2
system/hardware/opengl.nix
View file

@ -1,4 +1,4 @@
{...}: {
{
hardware.opengl = {
enable = true;
driSupport = true;

6
system/network/goldberg.nix Normal file
View file

@ -0,0 +1,6 @@
{
networking.firewall = {
allowedTCPPorts = [47584];
allowedUDPPorts = [47584];
};
}

0
system/core/tools.nix → system/programs/tools.nix
View file

5
system/programs/zsh.nix
View file

@ -3,7 +3,10 @@
environment.pathsToLink = ["/share/zsh"];
programs = {
less.enable = true;
less = {
enable = true;
envVariables.LESS = "--mouse";
};
zsh = {
enable = true;

38
system/services/containers/experimental/default.nix
View file

@ -15,14 +15,14 @@
reloadServices = ["podman-caddy.service"];
};
certs = {
"xun.cam" = {
"xunuwu.xyz" = {
dnsProvider = "cloudflare";
credentialFiles = {
CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path;
};
extraDomainNames = [
"jellyfin.xun.cam"
"wakapi.xun.cam"
"jellyfin.xunuwu.xyz"
"wakapi.xunuwu.xyz"
];
};
};
@ -137,25 +137,25 @@
caddy = {
image = "caddy";
volumes = [
#alt.xun.cam:8336 {
#alt.xunuwu.xyz:8336 {
#tls internal
#reverse_proxy
#localhost:5030
#}
"${builtins.toFile "Caddyfile" ''
https://jellyfin.xun.cam:8336 {
tls /etc/ssl/certs/xun.cam/cert.pem /etc/ssl/certs/xun.cam/key.pem
https://jellyfin.xunuwu.xyz:8336 {
tls /etc/ssl/certs/xunuwu.xyz/cert.pem /etc/ssl/certs/xunuwu.xyz/key.pem
reverse_proxy localhost:8096
}
https://wakapi.xun.cam:8336 {
tls /etc/ssl/certs/xun.cam/cert.pem /etc/ssl/certs/xun.cam/key.pem
https://wakapi.xunuwu.xyz:8336 {
tls /etc/ssl/certs/xunuwu.xyz/cert.pem /etc/ssl/certs/xunuwu.xyz/key.pem
reverse_proxy localhost:3000
}
''}:/etc/caddy/Caddyfile"
#tls /etc/ssl/certs/cloudflare/cert.pem /etc/ssl/certs/cloudflare/key.pem
#"${config.sops.secrets.xun-cam-cert.path}:/etc/ssl/certs/cloudflare/cert.pem"
#"${config.sops.secrets.xun-cam-key.path}:/etc/ssl/certs/cloudflare/key.pem"
"/var/lib/acme/xun.cam:/etc/ssl/certs/xun.cam"
#"${config.sops.secrets.xunuwu.xyz-cert.path}:/etc/ssl/certs/cloudflare/cert.pem"
#"${config.sops.secrets.xunuwu.xyz-key.path}:/etc/ssl/certs/cloudflare/key.pem"
"/var/lib/acme/xunuwu.xyz:/etc/ssl/certs/xunuwu.xyz"
"/media/config/caddy/data:/data"
"/media/config/caddy/config:/config"
];
@ -192,7 +192,7 @@
# "${config.sops.secrets.authelia_encryption_key.path}:/secrets/STORAGE_ENCRYPTION_KEY"
# "${builtins.toFile "users_database.yml" ''
# them: auto
# default_redirection_url: https://auth.xun.cam:8336
# default_redirection_url: https://auth.xunuwu.xyz:8336
# authentication_backend:
# ldap:
@ -215,14 +215,14 @@
# notifier:
# smtp:
# host: smtp.xun.cam
# host: smtp.xunuwu.xyz
# port: 8336
# username: auth@xun.cam
# sender: "Authelia <auth@xun.cam"
# username: auth@xunuwu.xyz
# sender: "Authelia <auth@xunuwu.xyz"
# ''}:/config/configuration.yml"
# "${builtins.toFile "configuration.yml" ''
# them: auto
# default_redirection_url: https://auth.xun.cam:8336
# default_redirection_url: https://auth.xunuwu.xyz:8336
# authentication_backend:
# file:
@ -248,10 +248,10 @@
# notifier:
# smtp:
# host: smtp.xun.cam
# host: smtp.xunuwu.xyz
# port: 8336
# username: auth@xun.cam
# sender: "Authelia <auth@xun.cam"
# username: auth@xunuwu.xyz
# sender: "Authelia <auth@xunuwu.xyz"
# ''}:/config/configuration.yml"
# ];
# dependsOn = ["gluetun"];

2
system/services/default.nix
View file

@ -1,4 +1,4 @@
{...}: {
{
services = {
dbus.implementation = "broker";

5
system/services/ollama.nix
View file

@ -1,9 +1,6 @@
{
services.ollama = {
enable = true;
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "10.3.0";
};
listenAddress = "127.0.0.1:11434";
#rocmOverrideGfx = "10.3.0";
};
}