This commit is contained in:
joy 2024-11-24 20:15:38 +01:00
parent ea854d5559
commit 7575254865
27 changed files with 300 additions and 190 deletions

View file

@ -2,9 +2,15 @@
networking.hostName = "desktop";
openrgb.enable = true;
games.enable = true;
lact.enable = true;
emulator.enable = true;
steam.enable = true;
norisk.enable = true;
amd-gpu.enable = true;
gnome.enable = true;
bluetooth.enable = true;
systemd-boot.enable = true;
qemu.enable = true;
sync-client.enable = true;
imports = [
./hardware.nix

View file

@ -1,8 +1,13 @@
{username, ...}: {
networking.hostName = "laptop";
virtualisation.virtualbox.host.enable = true;
led.enable = true;
gnome.enable = true;
virtual-box.enalbe = true;
bluetooth.enable = true;
systemd-boot.enable = true;
qemu.enable = true;
sync-client.enable = true;
home-manager.users.${username} = {
hypridle.enable = true;
};

View file

@ -1,8 +1,14 @@
{
networking.hostName = "server";
services.logind.lidSwitch = "ignore";
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
sync-server.enable = true;
nginx.enable = true;
forgejo.enable = true;
immich.enable = true;
docker.enable = true;
imports = [
./hardware.nix
@ -10,9 +16,5 @@
../../modules/system
../../modules/secrets
../../modules/services
../../modules/services/nginx
../../modules/services/forgejo
../../modules/services/syncthing
../../modules/services/immich
];
}

View file

@ -19,7 +19,10 @@
};
};
in {
config = lib.mkIf config.games.enable {
options = {
emulator.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.emulator.enable {
environment.systemPackages = with pkgs; [
cemu
customPkgs.suyu

View file

@ -21,7 +21,10 @@
iconurl = "https://raw.githubusercontent.com/NoRiskClient/noriskclient-launcher/refs/heads/main/src/images/norisk_logo.png";
iconsha256 = "sha256-VwWwShUrT055mcabS8QTqqb8INgRB/08U2qEEIVYHlg=";
in {
config = lib.mkIf config.games.enable {
options = {
norisk.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.norisk.enable {
environment.systemPackages = [
customPkgs.no-risk-client
];

View file

@ -5,9 +5,9 @@
...
}: {
options = {
games.enable = lib.mkEnableOption "";
steam.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.games.enable {
config = lib.mkIf config.steam.enable {
programs.steam.enable = true;
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [

View file

@ -5,10 +5,10 @@
...
}: {
options = {
lact.enable = lib.mkEnableOption "";
amd-gpu.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.lact.enable {
config = lib.mkIf config.amd-gpu.enable {
environment.systemPackages = with pkgs; [lact];
systemd.packages = with pkgs; [lact];
systemd.services.lactd.wantedBy = ["multi-user.target"];

View file

@ -1,4 +1,13 @@
{
services.blueman.enable = true;
hardware.bluetooth.enable = true;
lib,
config,
...
}: {
options = {
bluetooth.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.bluetooth.enable {
services.blueman.enable = true;
hardware.bluetooth.enable = true;
};
}

View file

@ -1,3 +0,0 @@
{
boot.loader.systemd-boot.enable = true;
}

View file

@ -3,9 +3,9 @@
./powerkey
./bluetooth
./openrgb
./sound
./lact
./boot
./pipewire
./amd-gpu
./systemd-boot
./led
];
}

View file

@ -0,0 +1,12 @@
{
lib,
config,
...
}: {
options = {
systemd-boot.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.systemd-boot.enable {
boot.loader.systemd-boot.enable = true;
};
}

View file

@ -1,8 +1,12 @@
{
imports = [
./vm
./virt
./syncthing
./docker
./ssh
./misc
./nginx
./forgejo
./immich
];
}

View file

@ -1,5 +1,16 @@
{username, ...}: {
virtualisation.docker.rootless.enable = true;
virtualisation.docker.enable = true;
users.users.${username}.extraGroups = ["docker"];
{
lib,
config,
username,
...
}: {
options = {
docker.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.docker.enable {
virtualisation.docker.rootless.enable = true;
virtualisation.docker.enable = true;
users.users.${username}.extraGroups = ["docker"];
};
}

View file

@ -1,32 +1,38 @@
{
config,
domain,
lib,
config,
...
}: let
cfg = config.services.forgejo;
srv = cfg.settings.server;
in {
services.nginx = {
virtualHosts.${cfg.settings.server.DOMAIN} = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
};
options = {
forgejo.enable = lib.mkEnableOption "";
};
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.${domain}";
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 2000;
config = lib.mkIf config.forgejo.enable {
services.nginx = {
virtualHosts.${cfg.settings.server.DOMAIN} = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
};
};
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.${domain}";
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 2000;
};
service.DISABLE_REGISTRATION = true;
};
service.DISABLE_REGISTRATION = true;
};
};
}

View file

@ -1,17 +1,27 @@
{domain, ...}: {
services.nginx = {
virtualHosts."immich.${domain}" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:2283";
{
domain,
lib,
config,
...
}: {
options = {
immich.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.immich.enable {
services.nginx = {
virtualHosts."immich.${domain}" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:2283";
};
};
services.immich = {
enable = true;
environment.IMMICH_MACHINE_LEARNING_URL = "http://localhost:3003";
};
users.users.immich.extraGroups = ["video" "render"];
};
services.immich = {
enable = true;
environment.IMMICH_MACHINE_LEARNING_URL = "http://localhost:3003";
};
users.users.immich.extraGroups = ["video" "render"];
}

View file

@ -1,13 +0,0 @@
{domain, ...}: {
services.invidious = {
enable = true;
settings = {
db = {
user = "invidious";
dbname = "invidious";
};
};
};
services.invidious.domain = "yt.${domain}";
services.invidious.nginx.enable = true;
}

View file

@ -1,50 +1,57 @@
{
domain,
mail,
lib,
config,
...
}: {
services.nginx = {
virtualHosts."xn--xck.xyz" = {
forceSSL = true;
enableACME = true;
root = "/var/www/www.${domain}";
};
virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
root = "/var/www/www.${domain}";
};
virtualHosts."www.${domain}" = {
forceSSL = true;
enableACME = true;
root = "/var/www/www.${domain}";
};
virtualHosts."wallpapers.${domain}" = {
forceSSL = true;
enableACME = true;
root = "/var/www/wallpapers.${domain}";
};
virtualHosts."4get.${domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:8080";
};
virtualHosts."pin.${domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:6060";
};
virtualHosts."trans.${domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:5000";
};
virtualHosts."yt.${domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:3000";
};
options = {
nginx.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.nginx.enable {
services.nginx = {
virtualHosts."xn--xck.xyz" = {
forceSSL = true;
enableACME = true;
root = "/var/www/www.${domain}";
};
virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
root = "/var/www/www.${domain}";
};
virtualHosts."www.${domain}" = {
forceSSL = true;
enableACME = true;
root = "/var/www/www.${domain}";
};
virtualHosts."wallpapers.${domain}" = {
forceSSL = true;
enableACME = true;
root = "/var/www/wallpapers.${domain}";
};
virtualHosts."4get.${domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:8080";
};
virtualHosts."pin.${domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:6060";
};
virtualHosts."trans.${domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:5000";
};
virtualHosts."yt.${domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:3000";
};
};
security.acme.defaults.email = "${mail}";
security.acme.acceptTerms = true;
};
security.acme.defaults.email = "${mail}";
security.acme.acceptTerms = true;
}

View file

@ -0,0 +1,20 @@
{
username,
lib,
config,
...
}: {
options = {
sync-client.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.sync-client.enable {
services.syncthing = {
enable = true;
dataDir = "/home/${username}";
openDefaultPorts = true;
configDir = "/home/${username}/.config/syncthing";
user = username;
group = "users";
};
};
}

View file

@ -1,31 +1,6 @@
{
username,
domain,
...
}: {
services.syncthing = {
enable = true;
dataDir = "/home/${username}";
openDefaultPorts = true;
configDir = "/home/${username}/.config/syncthing";
user = username;
group = "users";
guiAddress = "0.0.0.0:8384";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."sync.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8384";
proxyWebsockets = true;
extraConfig =
"proxy_ssl_server_name on;"
+ "proxy_pass_header Authorization;";
};
};
};
imports = [
./server
./client
];
}

View file

@ -0,0 +1,38 @@
{
username,
domain,
lib,
config,
...
}: {
options = {
sync-server.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.sync-server.enable {
services.syncthing = {
enable = true;
dataDir = "/home/${username}";
openDefaultPorts = true;
configDir = "/home/${username}/.config/syncthing";
user = username;
group = "users";
guiAddress = "0.0.0.0:8384";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."sync.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8384";
proxyWebsockets = true;
extraConfig =
"proxy_ssl_server_name on;"
+ "proxy_pass_header Authorization;";
};
};
};
};
}

View file

@ -0,0 +1,6 @@
{
imports = [
./qemu
./virtual-box
];
}

View file

@ -0,0 +1,41 @@
{
pkgs,
username,
lib,
config,
...
}: {
options = {
qemu.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.qemu.enable {
programs.dconf.enable = true;
users.users.${username}.extraGroups = ["libvirtd"];
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
spice
spice-gtk
spice-protocol
win-virtio
win-spice
virtiofsd
freerdp
];
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [pkgs.OVMFFull.fd];
};
};
spiceUSBRedirection.enable = true;
};
services.spice-vdagentd.enable = true;
};
}

View file

@ -0,0 +1,13 @@
{
lib,
config,
...
}: {
options = {
virtual-box.enable = lib.mkEnableOption "";
};
config = lib.mkIf config.virtual-box.enable {
virtualisation.virtualbox.host.enable = true;
};
}

View file

@ -1,34 +0,0 @@
{
pkgs,
username,
...
}: {
programs.dconf.enable = true;
users.users.${username}.extraGroups = ["libvirtd"];
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
spice
spice-gtk
spice-protocol
win-virtio
win-spice
virtiofsd
freerdp
];
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [pkgs.OVMFFull.fd];
};
};
spiceUSBRedirection.enable = true;
};
services.spice-vdagentd.enable = true;
}

View file

@ -9,7 +9,6 @@
./gnome
./hyprland
./polkit
./syncthing
];
home-manager = {
extraSpecialArgs = {

View file

@ -1,10 +0,0 @@
{username, ...}: {
services.syncthing = {
enable = true;
dataDir = "/home/${username}";
openDefaultPorts = true;
configDir = "/home/${username}/.config/syncthing";
user = username;
group = "users";
};
}