alex/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' into worksway

Browse Source
This commit is contained in:
Alexander Wainwright
2026-01-20 10:44:18 +10:00
parent 5f4e768666 8ea4397b05
commit 8470bfe621
21 changed files with 824 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
hosts/alt/caddy.nix
View File

@@ -15,24 +15,27 @@ let
"ha.figtree.dev" = "http://192.168.1.50:8123";
# "budget.figtree.dev" = "http://192.168.80.1:5006";
# .box domains now automatically get "tls internal"
"home.box" = "http://192.168.1.63:3000";
"budget.box" = "http://192.168.80.1:5006";
"torrent.box" = "http://192.168.1.65:8080";
"books.box" = "http://192.168.80.4:8010";
# .lan domains now automatically get "tls internal"
"home.lan" = "http://192.168.1.63:3000";
"budget.lan" = "http://192.168.80.1:5006";
"torrent.lan" = "http://192.168.1.65:8080";
"books.lan" = "http://192.168.80.4:8010";
"recipes.lan" = "http://192.168.80.4:8222";
"jelly.lan" = "http://192.168.80.4:8096";
"plex.lan" = "http://192.168.1.63:32400";
};
# Normalize sites:
# 1. Turn strings into { backend = "..."; }.
# 2. Automatically prepend `tls internal` for any domain ending in .box.
# 2. Automatically prepend `tls internal` for any domain ending in .lan.
normalizedSites = lib.mapAttrs (domain: siteConfig:
let
# Ensure siteConfig is an attrset.
baseConfig = if lib.isString siteConfig then { backend = siteConfig; } else siteConfig;
# Check if it's a .box domain.
isBoxDomain = lib.hasSuffix ".box" domain;
# Check if it's a .lan domain.
isLanDomain = lib.hasSuffix ".lan" domain;
in
if isBoxDomain then
if isLanDomain then
baseConfig // {
extraBefore = ''
tls internal

5
hosts/alt/configuration.nix
View File

@@ -11,7 +11,9 @@
../modules/base.nix
../modules/kafka-mounts.nix
../modules/server.nix
../modules/syncthing.nix
./caddy.nix
./jellyfin.nix
];
nix.settings = { sandbox = false; };
@@ -20,6 +22,8 @@
privileged = true;
};
services.syncthing.guiAddress = "0.0.0.0:8384";
networking.firewall.allowedTCPPorts = [
80 443 # caddy
8000
@@ -27,6 +31,7 @@
8010 # audio bookshelf
8080 # file browser
8234 # shiori (non-standard)
8384 # syncthing
9117
8191 # flaresolverr
];

18
hosts/alt/jellyfin.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, pkgs, ... }:
{
services.jellyfin = {
enable = true;
openFirewall = true;
};
users.users.jellyfin.extraGroups = [ "users" "render" "video" ];
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver # Modern driver (iHD) - Best for QuickSync
intel-vaapi-driver # Legacy driver (i965) - Fallback
libvdpau-va-gl
];
};
}

4
hosts/case/configuration.nix
View File

@@ -10,8 +10,10 @@
./hardware-configuration.nix
../modules/base.nix
../modules/desktop.nix
../modules/home.nix
../modules/personal.nix
../modules/laptop.nix
../modules/sway.nix
../modules/syncthing.nix
];
# Bootloader.

4
hosts/count/configuration.nix
View File

@@ -11,7 +11,9 @@
../modules/base.nix
../modules/desktop.nix
../modules/brother-printer.nix
../modules/home.nix
../modules/personal.nix
../modules/sway.nix
../modules/syncthing.nix
];
# Bootloader.

11
hosts/modules/base.nix
View File

@@ -11,6 +11,16 @@
shell = pkgs.fish;
};
# this is to avoid some problem that happens apparently only when fish is
# enabled, where generating man cahes takes a very long time. note that it may
# break fish man completion and apropos.
documentation.man.generateCaches = false;
# enable a 1GB swap file
swapDevices = [{
device = "/swapfile";
size = 1024;
}];
# enable zram. not totally sure if this does it in physical ram or just swap
zramSwap.enable = true;
@@ -80,6 +90,7 @@
# domain = true; # Announce the locally used domain name (usually .local)
# userServices = true; # Publish services advertised by users
};
openFirewall = true;
# If you're using systemd-resolved alongside Avahi, ensure mDNS is also enabled there:
# services.resolved.enable = true;
# services.resolved.extraConfig = "MulticastDNS=yes";

11
hosts/modules/certs/alt-caddy.crt Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBpDCCAUqgAwIBAgIRAO4kQX8a7Nof29aVPoDM0p4wCgYIKoZIzj0EAwIwMDEu
MCwGA1UEAxMlQ2FkZHkgTG9jYWwgQXV0aG9yaXR5IC0gMjAyNSBFQ0MgUm9vdDAe
Fw0yNTA5MDQxMzAzNTFaFw0zNTA3MTQxMzAzNTFaMDAxLjAsBgNVBAMTJUNhZGR5
IExvY2FsIEF1dGhvcml0eSAtIDIwMjUgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAASWhBhJwcavZ/tI6bVqRGPfj0J5vZOZo8xcO4QYFdXkc/2rzWOt
kJic/Z/rEi64rXDc2mGQszT2dmk+wasnxIA/o0UwQzAOBgNVHQ8BAf8EBAMCAQYw
EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUTGymcFS/WrGNAK+4frV1qEcZ
djcwCgYIKoZIzj0EAwIDSAAwRQIhANu5ZzCZJhLmkMGJt7fvmWW0Vi4cl/cjhhv4
f2f8rNECAiBwLaVmz34G4vXKcGH9Hi9PXM3HrMkVQgOo3pCyWxrIug==
-----END CERTIFICATE-----

42
hosts/modules/desktop.nix
View File

@@ -1,18 +1,26 @@
{ config, pkgs, inputs, ... }:
{
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "dvorak";
services.xserver = {
enable = true;
xkb = {
layout = "us";
variant = "dvorak";
};
};
# Trust the Caddy Local Authority
security.pki.certificateFiles = [
./certs/alt-caddy.crt
];
services.displayManager.gdm = {
enable = true;
wayland = true;
};
services.desktopManager.gnome.enable = true;
# enable japanese input
i18n.inputMethod = {
enable = true;
@@ -28,7 +36,6 @@
enableDefaultPackages = true;
packages = with pkgs; [
bitwarden-desktop
khmeros
libreoffice-fresh
nerd-fonts.lilex
@@ -41,6 +48,12 @@
];
};
environment.systemPackages = with pkgs; [
libreoffice-fresh
meld
showtime
];
# Enable networking
networking.networkmanager.enable = true;
@@ -67,5 +80,10 @@
# services.xserver.libinput.enable = true;
# Install firefox.
programs.firefox.enable = true;
programs.firefox = {
enable = true;
languagePacks = [
"en-GB"
];
};
}

24
hosts/modules/home.nix
View File

@@ -1,24 +0,0 @@
{ config, pkgs, inputs, ... }:
{
# Mullvad vpn
services.mullvad-vpn = {
enable = true;
};
environment.systemPackages = with pkgs; [
foliate
inputs.locutus.packages.${pkgs.system}.default
jrnl
mullvad-browser
mullvad-vpn
tor-browser
exiftool
darktable
digikam
shotwell
nextcloud-client
bitwarden-desktop
signal-desktop
spotify
];
}

9
hosts/modules/personal.nix Normal file
View File

@@ -0,0 +1,9 @@
{ config, pkgs, inputs, ... }:
{
# Mullvad vpn
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
hardware.ledger.enable = true;
}

27
hosts/modules/sway.nix Normal file
View File

@@ -0,0 +1,27 @@
{ config, pkgs, ... }:
{
# Enable the Sway binary and hardware wrappers
programs.sway = {
enable = true;
package = pkgs.swayfx;
wrapperFeatures.gtk = true;
};
# Ensure xdg-desktop-portal is working (needed for file pickers/open with)
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
# Hardware and security services that must be system-wide
services.gnome.gnome-keyring.enable = true;
security.polkit.enable = true;
programs.light.enable = true; # Allow brightness control
# Move system-wide packages here
environment.systemPackages = with pkgs; [
pavucontrol
light
];
}

11
hosts/modules/syncthing.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, inputs, ... }:
{
# sync thing
services.syncthing = {
enable = true;
openDefaultPorts = true;
user = "alex";
configDir = "/home/alex/.config/syncthing";
dataDir = "/home/alex";
};
}