diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix index 3992183..3c3d7b5 100644 --- a/hosts/desktop/default.nix +++ b/hosts/desktop/default.nix @@ -2,9 +2,15 @@ networking.hostName = "desktop"; openrgb.enable = true; - games.enable = true; - lact.enable = true; + emulator.enable = true; + steam.enable = true; + norisk.enable = true; + amd-gpu.enable = true; gnome.enable = true; + bluetooth.enable = true; + systemd-boot.enable = true; + qemu.enable = true; + sync-client.enable = true; imports = [ ./hardware.nix diff --git a/hosts/laptop/default.nix b/hosts/laptop/default.nix index 0accc68..1c09f60 100644 --- a/hosts/laptop/default.nix +++ b/hosts/laptop/default.nix @@ -1,8 +1,13 @@ {username, ...}: { networking.hostName = "laptop"; - virtualisation.virtualbox.host.enable = true; + led.enable = true; gnome.enable = true; + virtual-box.enalbe = true; + bluetooth.enable = true; + systemd-boot.enable = true; + qemu.enable = true; + sync-client.enable = true; home-manager.users.${username} = { hypridle.enable = true; }; diff --git a/hosts/server/default.nix b/hosts/server/default.nix index 728c6ee..f766ea5 100644 --- a/hosts/server/default.nix +++ b/hosts/server/default.nix @@ -1,8 +1,14 @@ { networking.hostName = "server"; + services.logind.lidSwitch = "ignore"; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; + sync-server.enable = true; + nginx.enable = true; + forgejo.enable = true; + immich.enable = true; + docker.enable = true; imports = [ ./hardware.nix @@ -10,9 +16,5 @@ ../../modules/system ../../modules/secrets ../../modules/services - ../../modules/services/nginx - ../../modules/services/forgejo - ../../modules/services/syncthing - ../../modules/services/immich ]; } diff --git a/modules/games/emulator/default.nix b/modules/games/emulator/default.nix index 594ffc1..ac35935 100644 --- a/modules/games/emulator/default.nix +++ b/modules/games/emulator/default.nix @@ -19,7 +19,10 @@ }; }; in { - config = lib.mkIf config.games.enable { + options = { + emulator.enable = lib.mkEnableOption ""; + }; + config = lib.mkIf config.emulator.enable { environment.systemPackages = with pkgs; [ cemu customPkgs.suyu diff --git a/modules/games/norisk/default.nix b/modules/games/norisk/default.nix index 2b6dd28..fbc84a3 100644 --- a/modules/games/norisk/default.nix +++ b/modules/games/norisk/default.nix @@ -21,7 +21,10 @@ iconurl = "https://raw.githubusercontent.com/NoRiskClient/noriskclient-launcher/refs/heads/main/src/images/norisk_logo.png"; iconsha256 = "sha256-VwWwShUrT055mcabS8QTqqb8INgRB/08U2qEEIVYHlg="; in { - config = lib.mkIf config.games.enable { + options = { + norisk.enable = lib.mkEnableOption ""; + }; + config = lib.mkIf config.norisk.enable { environment.systemPackages = [ customPkgs.no-risk-client ]; diff --git a/modules/games/steam/default.nix b/modules/games/steam/default.nix index c4eb834..260e854 100644 --- a/modules/games/steam/default.nix +++ b/modules/games/steam/default.nix @@ -5,9 +5,9 @@ ... }: { options = { - games.enable = lib.mkEnableOption ""; + steam.enable = lib.mkEnableOption ""; }; - config = lib.mkIf config.games.enable { + config = lib.mkIf config.steam.enable { programs.steam.enable = true; nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ diff --git a/modules/hardware/lact/default.nix b/modules/hardware/amd-gpu/default.nix similarity index 77% rename from modules/hardware/lact/default.nix rename to modules/hardware/amd-gpu/default.nix index aa445ef..91c8b4c 100644 --- a/modules/hardware/lact/default.nix +++ b/modules/hardware/amd-gpu/default.nix @@ -5,10 +5,10 @@ ... }: { options = { - lact.enable = lib.mkEnableOption ""; + amd-gpu.enable = lib.mkEnableOption ""; }; - config = lib.mkIf config.lact.enable { + config = lib.mkIf config.amd-gpu.enable { environment.systemPackages = with pkgs; [lact]; systemd.packages = with pkgs; [lact]; systemd.services.lactd.wantedBy = ["multi-user.target"]; diff --git a/modules/hardware/bluetooth/default.nix b/modules/hardware/bluetooth/default.nix index 865dceb..7e383c5 100644 --- a/modules/hardware/bluetooth/default.nix +++ b/modules/hardware/bluetooth/default.nix @@ -1,4 +1,13 @@ { - services.blueman.enable = true; - hardware.bluetooth.enable = true; + lib, + config, + ... +}: { + options = { + bluetooth.enable = lib.mkEnableOption ""; + }; + config = lib.mkIf config.bluetooth.enable { + services.blueman.enable = true; + hardware.bluetooth.enable = true; + }; } diff --git a/modules/hardware/boot/default.nix b/modules/hardware/boot/default.nix deleted file mode 100644 index 2f5433b..0000000 --- a/modules/hardware/boot/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - boot.loader.systemd-boot.enable = true; -} diff --git a/modules/hardware/default.nix b/modules/hardware/default.nix index f32cc99..cfb48d3 100644 --- a/modules/hardware/default.nix +++ b/modules/hardware/default.nix @@ -3,9 +3,9 @@ ./powerkey ./bluetooth ./openrgb - ./sound - ./lact - ./boot + ./pipewire + ./amd-gpu + ./systemd-boot ./led ]; } diff --git a/modules/hardware/sound/default.nix b/modules/hardware/pipewire/default.nix similarity index 100% rename from modules/hardware/sound/default.nix rename to modules/hardware/pipewire/default.nix diff --git a/modules/hardware/systemd-boot/default.nix b/modules/hardware/systemd-boot/default.nix new file mode 100644 index 0000000..b67ee40 --- /dev/null +++ b/modules/hardware/systemd-boot/default.nix @@ -0,0 +1,12 @@ +{ + lib, + config, + ... +}: { + options = { + systemd-boot.enable = lib.mkEnableOption ""; + }; + config = lib.mkIf config.systemd-boot.enable { + boot.loader.systemd-boot.enable = true; + }; +} diff --git a/modules/services/default.nix b/modules/services/default.nix index 72507b9..2880bdf 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -1,8 +1,12 @@ { imports = [ - ./vm + ./virt + ./syncthing ./docker ./ssh ./misc + ./nginx + ./forgejo + ./immich ]; } diff --git a/modules/services/docker/default.nix b/modules/services/docker/default.nix index 9a9730b..155e6dc 100644 --- a/modules/services/docker/default.nix +++ b/modules/services/docker/default.nix @@ -1,5 +1,16 @@ -{username, ...}: { - virtualisation.docker.rootless.enable = true; - virtualisation.docker.enable = true; - users.users.${username}.extraGroups = ["docker"]; +{ + lib, + config, + username, + ... +}: { + options = { + docker.enable = lib.mkEnableOption ""; + }; + + config = lib.mkIf config.docker.enable { + virtualisation.docker.rootless.enable = true; + virtualisation.docker.enable = true; + users.users.${username}.extraGroups = ["docker"]; + }; } diff --git a/modules/services/forgejo/default.nix b/modules/services/forgejo/default.nix index ccb36ec..b9c58d2 100644 --- a/modules/services/forgejo/default.nix +++ b/modules/services/forgejo/default.nix @@ -1,32 +1,38 @@ { - config, domain, + lib, + config, ... }: let cfg = config.services.forgejo; srv = cfg.settings.server; in { - services.nginx = { - virtualHosts.${cfg.settings.server.DOMAIN} = { - forceSSL = true; - enableACME = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; - }; + options = { + forgejo.enable = lib.mkEnableOption ""; }; - - services.forgejo = { - enable = true; - lfs.enable = true; - settings = { - server = { - DOMAIN = "git.${domain}"; - ROOT_URL = "https://${srv.DOMAIN}/"; - HTTP_PORT = 2000; + config = lib.mkIf config.forgejo.enable { + services.nginx = { + virtualHosts.${cfg.settings.server.DOMAIN} = { + forceSSL = true; + enableACME = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; + }; + }; + + services.forgejo = { + enable = true; + lfs.enable = true; + settings = { + server = { + DOMAIN = "git.${domain}"; + ROOT_URL = "https://${srv.DOMAIN}/"; + HTTP_PORT = 2000; + }; + service.DISABLE_REGISTRATION = true; }; - service.DISABLE_REGISTRATION = true; }; }; } diff --git a/modules/services/immich/default.nix b/modules/services/immich/default.nix index d81bb01..c675a16 100644 --- a/modules/services/immich/default.nix +++ b/modules/services/immich/default.nix @@ -1,17 +1,27 @@ -{domain, ...}: { - services.nginx = { - virtualHosts."immich.${domain}" = { - forceSSL = true; - enableACME = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations."/".proxyPass = "http://localhost:2283"; +{ + domain, + lib, + config, + ... +}: { + options = { + immich.enable = lib.mkEnableOption ""; + }; + config = lib.mkIf config.immich.enable { + services.nginx = { + virtualHosts."immich.${domain}" = { + forceSSL = true; + enableACME = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "http://localhost:2283"; + }; }; + services.immich = { + enable = true; + environment.IMMICH_MACHINE_LEARNING_URL = "http://localhost:3003"; + }; + users.users.immich.extraGroups = ["video" "render"]; }; - services.immich = { - enable = true; - environment.IMMICH_MACHINE_LEARNING_URL = "http://localhost:3003"; - }; - users.users.immich.extraGroups = ["video" "render"]; } diff --git a/modules/services/invidious/default.nix b/modules/services/invidious/default.nix deleted file mode 100644 index d45606e..0000000 --- a/modules/services/invidious/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{domain, ...}: { - services.invidious = { - enable = true; - settings = { - db = { - user = "invidious"; - dbname = "invidious"; - }; - }; - }; - services.invidious.domain = "yt.${domain}"; - services.invidious.nginx.enable = true; -} diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix index 4275c59..b2cfe06 100644 --- a/modules/services/nginx/default.nix +++ b/modules/services/nginx/default.nix @@ -1,50 +1,57 @@ { domain, mail, + lib, + config, ... }: { - services.nginx = { - virtualHosts."xn--xck.xyz" = { - forceSSL = true; - enableACME = true; - root = "/var/www/www.${domain}"; - }; - virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - root = "/var/www/www.${domain}"; - }; - virtualHosts."www.${domain}" = { - forceSSL = true; - enableACME = true; - root = "/var/www/www.${domain}"; - }; - virtualHosts."wallpapers.${domain}" = { - forceSSL = true; - enableACME = true; - root = "/var/www/wallpapers.${domain}"; - }; - virtualHosts."4get.${domain}" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:8080"; - }; - virtualHosts."pin.${domain}" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:6060"; - }; - virtualHosts."trans.${domain}" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:5000"; - }; - virtualHosts."yt.${domain}" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:3000"; - }; + options = { + nginx.enable = lib.mkEnableOption ""; + }; + config = lib.mkIf config.nginx.enable { + services.nginx = { + virtualHosts."xn--xck.xyz" = { + forceSSL = true; + enableACME = true; + root = "/var/www/www.${domain}"; + }; + virtualHosts."${domain}" = { + forceSSL = true; + enableACME = true; + root = "/var/www/www.${domain}"; + }; + virtualHosts."www.${domain}" = { + forceSSL = true; + enableACME = true; + root = "/var/www/www.${domain}"; + }; + virtualHosts."wallpapers.${domain}" = { + forceSSL = true; + enableACME = true; + root = "/var/www/wallpapers.${domain}"; + }; + virtualHosts."4get.${domain}" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:8080"; + }; + virtualHosts."pin.${domain}" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:6060"; + }; + virtualHosts."trans.${domain}" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:5000"; + }; + virtualHosts."yt.${domain}" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:3000"; + }; + }; + security.acme.defaults.email = "${mail}"; + security.acme.acceptTerms = true; }; - security.acme.defaults.email = "${mail}"; - security.acme.acceptTerms = true; } diff --git a/modules/services/syncthing/client/default.nix b/modules/services/syncthing/client/default.nix new file mode 100644 index 0000000..74e7a89 --- /dev/null +++ b/modules/services/syncthing/client/default.nix @@ -0,0 +1,20 @@ +{ + username, + lib, + config, + ... +}: { + options = { + sync-client.enable = lib.mkEnableOption ""; + }; + config = lib.mkIf config.sync-client.enable { + services.syncthing = { + enable = true; + dataDir = "/home/${username}"; + openDefaultPorts = true; + configDir = "/home/${username}/.config/syncthing"; + user = username; + group = "users"; + }; + }; +} diff --git a/modules/services/syncthing/default.nix b/modules/services/syncthing/default.nix index 4b76b3b..bb756e4 100644 --- a/modules/services/syncthing/default.nix +++ b/modules/services/syncthing/default.nix @@ -1,31 +1,6 @@ { - username, - domain, - ... -}: { - services.syncthing = { - enable = true; - dataDir = "/home/${username}"; - openDefaultPorts = true; - configDir = "/home/${username}/.config/syncthing"; - user = username; - group = "users"; - guiAddress = "0.0.0.0:8384"; - }; - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts."sync.${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8384"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" - + "proxy_pass_header Authorization;"; - }; - }; - }; + imports = [ + ./server + ./client + ]; } diff --git a/modules/services/syncthing/server/default.nix b/modules/services/syncthing/server/default.nix new file mode 100644 index 0000000..769d606 --- /dev/null +++ b/modules/services/syncthing/server/default.nix @@ -0,0 +1,38 @@ +{ + username, + domain, + lib, + config, + ... +}: { + options = { + sync-server.enable = lib.mkEnableOption ""; + }; + config = lib.mkIf config.sync-server.enable { + services.syncthing = { + enable = true; + dataDir = "/home/${username}"; + openDefaultPorts = true; + configDir = "/home/${username}/.config/syncthing"; + user = username; + group = "users"; + guiAddress = "0.0.0.0:8384"; + }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."sync.${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8384"; + proxyWebsockets = true; + extraConfig = + "proxy_ssl_server_name on;" + + "proxy_pass_header Authorization;"; + }; + }; + }; + }; +} diff --git a/modules/services/virt/default.nix b/modules/services/virt/default.nix new file mode 100644 index 0000000..672d1df --- /dev/null +++ b/modules/services/virt/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./qemu + ./virtual-box + ]; +} diff --git a/modules/services/virt/qemu/default.nix b/modules/services/virt/qemu/default.nix new file mode 100644 index 0000000..8e569bc --- /dev/null +++ b/modules/services/virt/qemu/default.nix @@ -0,0 +1,41 @@ +{ + pkgs, + username, + lib, + config, + ... +}: { + options = { + qemu.enable = lib.mkEnableOption ""; + }; + config = lib.mkIf config.qemu.enable { + programs.dconf.enable = true; + + users.users.${username}.extraGroups = ["libvirtd"]; + + environment.systemPackages = with pkgs; [ + virt-manager + virt-viewer + spice + spice-gtk + spice-protocol + win-virtio + win-spice + virtiofsd + freerdp + ]; + + virtualisation = { + libvirtd = { + enable = true; + qemu = { + swtpm.enable = true; + ovmf.enable = true; + ovmf.packages = [pkgs.OVMFFull.fd]; + }; + }; + spiceUSBRedirection.enable = true; + }; + services.spice-vdagentd.enable = true; + }; +} diff --git a/modules/services/virt/virtual-box/default.nix b/modules/services/virt/virtual-box/default.nix new file mode 100644 index 0000000..9263a96 --- /dev/null +++ b/modules/services/virt/virtual-box/default.nix @@ -0,0 +1,13 @@ +{ + lib, + config, + ... +}: { + options = { + virtual-box.enable = lib.mkEnableOption ""; + }; + + config = lib.mkIf config.virtual-box.enable { + virtualisation.virtualbox.host.enable = true; + }; +} diff --git a/modules/services/vm/default.nix b/modules/services/vm/default.nix deleted file mode 100644 index 9b91cec..0000000 --- a/modules/services/vm/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - pkgs, - username, - ... -}: { - programs.dconf.enable = true; - - users.users.${username}.extraGroups = ["libvirtd"]; - - environment.systemPackages = with pkgs; [ - virt-manager - virt-viewer - spice - spice-gtk - spice-protocol - win-virtio - win-spice - virtiofsd - freerdp - ]; - - virtualisation = { - libvirtd = { - enable = true; - qemu = { - swtpm.enable = true; - ovmf.enable = true; - ovmf.packages = [pkgs.OVMFFull.fd]; - }; - }; - spiceUSBRedirection.enable = true; - }; - services.spice-vdagentd.enable = true; -} diff --git a/modules/wm/default.nix b/modules/wm/default.nix index b513430..3bf42d5 100644 --- a/modules/wm/default.nix +++ b/modules/wm/default.nix @@ -9,7 +9,6 @@ ./gnome ./hyprland ./polkit - ./syncthing ]; home-manager = { extraSpecialArgs = { diff --git a/modules/wm/syncthing/default.nix b/modules/wm/syncthing/default.nix deleted file mode 100644 index 9487fa0..0000000 --- a/modules/wm/syncthing/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{username, ...}: { - services.syncthing = { - enable = true; - dataDir = "/home/${username}"; - openDefaultPorts = true; - configDir = "/home/${username}/.config/syncthing"; - user = username; - group = "users"; - }; -}