diff --git a/flake.lock b/flake.lock index 28ecc41..84810d1 100644 --- a/flake.lock +++ b/flake.lock @@ -37,73 +37,6 @@ "type": "github" } }, - "base16": { - "inputs": { - "fromYaml": "fromYaml" - }, - "locked": { - "lastModified": 1746562888, - "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "base16.nix", - "type": "github" - } - }, - "base16-fish": { - "flake": false, - "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", - "owner": "tomyun", - "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", - "type": "github" - }, - "original": { - "owner": "tomyun", - "repo": "base16-fish", - "type": "github" - } - }, - "base16-helix": { - "flake": false, - "locked": { - "lastModified": 1748408240, - "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", - "owner": "tinted-theming", - "repo": "base16-helix", - "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-helix", - "type": "github" - } - }, - "base16-vim": { - "flake": false, - "locked": { - "lastModified": 1732806396, - "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - } - }, "crane": { "locked": { "lastModified": 1751562746, @@ -121,7 +54,7 @@ }, "devshell": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1741473158, @@ -137,22 +70,6 @@ "type": "github" } }, - "firefox-gnome-theme": { - "flake": false, - "locked": { - "lastModified": 1748383148, - "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", - "type": "github" - }, - "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -170,48 +87,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -229,22 +104,6 @@ "type": "github" } }, - "fromYaml": { - "flake": false, - "locked": { - "lastModified": 1731966426, - "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "106af9e2f715e2d828df706c386a685698f3223b", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "fromYaml", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -268,23 +127,6 @@ "type": "github" } }, - "gnome-shell": { - "flake": false, - "locked": { - "lastModified": 1744584021, - "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", - "owner": "GNOME", - "repo": "gnome-shell", - "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", - "type": "github" - }, - "original": { - "owner": "GNOME", - "ref": "48.1", - "repo": "gnome-shell", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -292,11 +134,11 @@ ] }, "locked": { - "lastModified": 1753592768, - "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "lastModified": 1756245065, + "narHash": "sha256-aAZNbGcWrVRZgWgkQbkabSGcDVRDMgON4BipMy69gvI=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "rev": "54b2879ce622d44415e727905925e21b8f833a98", "type": "github" }, "original": { @@ -308,7 +150,7 @@ }, "home-manager_2": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1751990210, @@ -398,9 +240,9 @@ "hyprlang": "hyprlang", "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "pre-commit-hooks": "pre-commit-hooks", - "systems": "systems_2", + "systems": "systems", "xdph": "xdph" }, "locked": { @@ -607,11 +449,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754563854, - "narHash": "sha256-YzNTExe3kMY9lYs23mZR7jsVHe5TWnpwNrsPOpFs/b8=", + "lastModified": 1756469547, + "narHash": "sha256-YvtD2E7MYsQ3r7K9K2G7nCslCKMPShoSEAtbjHLtH0k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e728d7ae4bb6394bbd19eec52b7358526a44c414", + "rev": "41d292bfc37309790f70f4c120b79280ce40af16", "type": "github" }, "original": { @@ -637,11 +479,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1754498491, - "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", + "lastModified": 1756542300, + "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", + "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", "type": "github" }, "original": { @@ -651,22 +493,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1751211869, - "narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1722073938, "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=", @@ -682,7 +508,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1751637120, "narHash": "sha256-xVNy/XopSfIG9c46nRmPaKfH1Gn/56vQ8++xWA8itO4=", @@ -698,7 +524,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1751792365, "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", @@ -714,7 +540,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1751949589, "narHash": "sha256-mgFxAPLWw0Kq+C8P3dRrZrOYEQXOtKuYVlo9xvPntt8=", @@ -730,7 +556,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1747958103, "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=", @@ -746,53 +572,6 @@ "type": "github" } }, - "nur": { - "inputs": { - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1754657805, - "narHash": "sha256-mGjro2RFdIg/1894aL4oSK5GCT1ofiVEs0z9kyDdlsc=", - "owner": "nix-community", - "repo": "NUR", - "rev": "913d4b0c82222afcf6da3e972641c124afc5514d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, - "nur_2": { - "inputs": { - "flake-parts": [ - "stylix", - "flake-parts" - ], - "nixpkgs": [ - "stylix", - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1751320053, - "narHash": "sha256-3m6RMw0FbbaUUa01PNaMLoO7D99aBClmY5ed9V3vz+0=", - "owner": "nix-community", - "repo": "NUR", - "rev": "cbde1735782f9c2bb2c63d5e05fba171a14a4670", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", @@ -822,9 +601,7 @@ "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", - "nur": "nur", "sops-nix": "sops-nix", - "stylix": "stylix", "xremap-flake": "xremap-flake" } }, @@ -835,11 +612,11 @@ ] }, "locked": { - "lastModified": 1754328224, - "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { @@ -848,55 +625,7 @@ "type": "github" } }, - "stylix": { - "inputs": { - "base16": "base16", - "base16-fish": "base16-fish", - "base16-helix": "base16-helix", - "base16-vim": "base16-vim", - "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_2", - "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_2", - "nur": "nur_2", - "systems": "systems", - "tinted-foot": "tinted-foot", - "tinted-kitty": "tinted-kitty", - "tinted-schemes": "tinted-schemes", - "tinted-tmux": "tinted-tmux", - "tinted-zed": "tinted-zed" - }, - "locked": { - "lastModified": 1754599117, - "narHash": "sha256-AzAYdZlat002vCjCKWdFpGi2xUaiOU4DtIPnv1nomD8=", - "owner": "danth", - "repo": "stylix", - "rev": "312dec38b2231b21f36903d1bdce96daa11548ff", - "type": "github" - }, - "original": { - "owner": "danth", - "ref": "release-25.05", - "repo": "stylix", - "type": "github" - } - }, "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -911,112 +640,9 @@ "type": "github" } }, - "tinted-foot": { - "flake": false, - "locked": { - "lastModified": 1726913040, - "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - } - }, - "tinted-kitty": { - "flake": false, - "locked": { - "lastModified": 1735730497, - "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", - "owner": "tinted-theming", - "repo": "tinted-kitty", - "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-kitty", - "type": "github" - } - }, - "tinted-schemes": { - "flake": false, - "locked": { - "lastModified": 1750770351, - "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", - "owner": "tinted-theming", - "repo": "schemes", - "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "schemes", - "type": "github" - } - }, - "tinted-tmux": { - "flake": false, - "locked": { - "lastModified": 1751159871, - "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", - "owner": "tinted-theming", - "repo": "tinted-tmux", - "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-tmux", - "type": "github" - } - }, - "tinted-zed": { - "flake": false, - "locked": { - "lastModified": 1751158968, - "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", - "owner": "tinted-theming", - "repo": "base16-zed", - "rev": "86a470d94204f7652b906ab0d378e4231a5b3384", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-zed", - "type": "github" - } - }, "treefmt-nix": { "inputs": { - "nixpkgs": [ - "stylix", - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { - "inputs": { - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1750931469, @@ -1100,11 +726,11 @@ "inputs": { "crane": "crane", "devshell": "devshell", - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts", "home-manager": "home-manager_2", "hyprland": "hyprland", - "nixpkgs": "nixpkgs_6", - "treefmt-nix": "treefmt-nix_2", + "nixpkgs": "nixpkgs_5", + "treefmt-nix": "treefmt-nix", "xremap": "xremap" }, "locked": { diff --git a/flake.nix b/flake.nix index d6da92e..ef877b2 100644 --- a/flake.nix +++ b/flake.nix @@ -1,23 +1,21 @@ -# This is the main flake containing all the nix related stuff - { - description = "Main nixos system configuration management von Jonas Hahn "; + description = "Main nixos system configuration management by Jonas Hahn"; inputs = { nixpkgs.url = "nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; sops-nix = { url = "github:Mic92/sops-nix"; - sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs"; }; home-manager = { url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - xremap-flake.url = "github:xremap/nix-flake?rev=8001f37b1ffe86e76b62f36afadee2f4acf90e70"; + xremap-flake.url = "github:xremap/nix-flake?rev=8001f37b1ffe86e76b62f36afadee2f4acf90e70"; # One commit behind head }; - outputs = { self, nixpkgs, sops-nix, nixpkgs-unstable, home-manager, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, home-manager, ... }@inputs: let system = "x86_64-linux"; @@ -26,41 +24,29 @@ }; helperModules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ({ config, pkgs, ... }: { + nixpkgs.overlays = [ overlay-unstable ]; + }) home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.extraSpecialArgs = { inherit inputs; }; - home-manager.users.jonas = import ./nixos/users/jonas/home.nix; + home-manager.users.jonas = import ./user/home.nix; } ]; + + mkHost = name: path: + nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs; }; + modules = [ path ] ++ helperModules; + }; in { nixosConfigurations = { - "thinix" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - # Use overlay magic with pkgs.unstable. - ./nixos/hosts/thinkpadt470s/configuration.nix - - ] ++ helperModules; - }; - "nixyos" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - ./nixos/hosts/asus-vivo/configuration.nix - ] ++ helperModules; - }; - "minoxy" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - ./nixos/hosts/minoxy/configuration.nix - ] ++ helperModules; - }; + thinix = mkHost "thinix" ./hosts/thinix-thinkpad/configuration.nix; + nixyos = mkHost "nixyos" ./hosts/nixyos-asus/configuration.nix; + minoxy = mkHost "minoxy" ./hosts/minoxy-workstation/configuration.nix; }; }; } - diff --git a/hosts/minoxy-workstation/configuration.nix b/hosts/minoxy-workstation/configuration.nix index f2b7f7c..b3bfdf8 100644 --- a/hosts/minoxy-workstation/configuration.nix +++ b/hosts/minoxy-workstation/configuration.nix @@ -1,116 +1,41 @@ -{ config, lib, pkgs, ... }: +{ pkgs, ... }: -let - var22 = "22"; -in - { - - nixpkgs.config.allowUnfree = true; +{ imports = [ ./hardware-configuration.nix + ./../../user/users.nix - # Installing needed modules - ../../modules/tweaks.nix - ../../users.nix - ../../modules/workstation.nix - # Disabling the powersaving to save the wifi? - # ../../modules/laptop.nix - ../../common.nix + ./../../modules/common.nix + + ./../../modules/hardware/xremap.nix + ./../../modules/hardware/nvidia.nix ]; networking.hostName = "minoxy"; - # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - # TODO: make this a module - hardware.graphics = { - enable = true; - }; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - nixpkgs.config.cudaSupport = true; - - hardware.nvidia = { - - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - #:powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.stable; - }; - hardware.enableAllFirmware = true; - - services = { - pipewire = { - enable = true; - wireplumber = { - enable = true; - }; - alsa = { - enable = true; - support32Bit = true; - }; - audio.enable = true; - pulse.enable = true; - jack.enable = false; - }; - }; - - - # Rest the Display manager for the computer machine - services.displayManager.ly.enable = lib.mkForce false; services.xserver.displayManager.gdm.enable = true; # We are pre 25.11 - # TODO MAke this work - services.colord.enable = true; systemd.targets.sleep.enable = true; systemd.targets.suspend.enable = true; environment.systemPackages = with pkgs; [ - # replace blender with this line (blender.override { cudaSupport = true; }) - go - libuuid - busybox - chromium ]; - # Fix VSC Speech plugin by manually linking those - environment = { - sessionVariables = { - LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib:${pkgs.libuuid.lib}/lib"; - }; - }; - virtualisation.docker.enable = true; virtualisation.docker.storageDriver = "btrfs"; + programs = { + hyprland.enable = true; + hyprlock.enable = true; + firefox.enable = true; + }; + # Never change this! system.stateVersion = "25.05"; } diff --git a/modules/common.nix b/modules/common.nix index 0cfbc72..bce35da 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -1,23 +1,22 @@ { pkgs, ... }: { - imports = [ - ./modules/smalls/bootmode.nix - ]; - + # Basic services services.locate.enable = true; services.printing.enable = true; - # nix fun + # Nix fun nixpkgs.config.allowUnfree = true; nix.settings.experimental-features = ["flakes" "nix-command"]; time.timeZone = "Europe/Berlin"; + programs.nix-ld.enable = true; + environment = { sessionVariables = { NIXOS_OZONE_WL = "1"; QTWEBENGINE_CHROMIUM_FLAGS="--blink-settings=darkModeEnabled=true"; - QT_QPA_PLATFORMTHEME = "qt6ct"; # kvantum for dolphin and qt for sioyek?? + QT_QPA_PLATFORMTHEME = "qt6ct"; WLR_NO_HARDWARE_CURSORS= "1"; QT_STYLE_OVERRIDE = "kvantum"; QT_QPA_PLATFORM="xcb"; @@ -31,16 +30,14 @@ lazygit unzip - # everywhere support + # Everywhere support starship zoxide kdePackages.qtsvg - # add sync support + # Add sync support rsync flock - - # curl for scripting curl ]; pathsToLink = [ @@ -55,32 +52,15 @@ }; fonts.packages = with pkgs; [ - nerd-fonts.fira-code - nerd-fonts.droid-sans-mono - noto-fonts - noto-fonts-cjk-sans - noto-fonts-emoji - fira-code - fira-code-symbols + nerd-fonts.fira-code ]; - i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "us"; }; - services.displayManager.ly = { - enable = true; - settings = { - clock = "%c"; - box_title = "HahnComp"; - clear_password = true; - default_input = "password"; - }; - }; - programs.zsh = { enable = true; autosuggestions.enable = true; @@ -96,13 +76,4 @@ ]; }; }; - - # In case of gui usage - programs = { - hyprland.enable = true; - hyprlock.enable = true; - nix-ld.enable = true; - firefox.enable = true; - }; - } diff --git a/modules/hardware/laptop.nix b/modules/hardware/battery.nix similarity index 57% rename from modules/hardware/laptop.nix rename to modules/hardware/battery.nix index 2e999e7..ed40dcd 100644 --- a/modules/hardware/laptop.nix +++ b/modules/hardware/battery.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: +{ config, lib, ... }: let inherit (lib) mkOption types; @@ -8,22 +8,8 @@ in options.batMode = mkOption { type = types.enum [ "single" "double" ]; default = "single"; - description = "Select 'single' for one battery and 'double' for dual setup"; }; - # Dont run a tandem with tlp - #options.services.auto-cpufreq.enable = true; - #options.services.auto-cpufreq.settings = { - # battery = { - # governor = "powersave"; - # turbo = "never"; - # }; - # charger = { - # governor = "performance"; - # turbo = "auto"; - # }; - #}; - config = { powerManagement.powertop.enable = true; services.upower = { @@ -34,7 +20,6 @@ in percentageCritical = 20; percentageAction = 10; - #percentageAction = "PowerOff"; criticalPowerAction = "PowerOff"; # This can destroy work usePercentageForPolicy = true; }; @@ -42,33 +27,20 @@ in services.tlp = if config.batMode == "single" then { enable = true; settings = { - #Optional helps save long term battery health - # Going almost full because the other bat is also charged - # 0 NEW first START_CHARGE_THRESH_BAT0 = 65; STOP_CHARGE_THRESH_BAT0 = 85; CPU_SCALING_GOVERNOR_ON_AC = "performance"; - #CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - - #CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; CPU_MIN_PERF_ON_AC = 0; CPU_MAX_PERF_ON_AC = 100; CPU_MIN_PERF_ON_BAT = 0; CPU_MAX_PERF_ON_BAT = 65; - - }; } else { enable = true; settings = { - # Have to keep it this way or - # Otherwise the buil in stop at 5% stops worky - # The problem is here that only the second battery gets seen from the charging cap - # Workaround. Just charge the battery when you use it and then turn manually the battery off - # I mean it is the state you generate now that you can use on any laptop. so CPU_SCALING_GOVERNOR_ON_AC = "performance"; CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; @@ -80,11 +52,11 @@ in CPU_MIN_PERF_ON_BAT = 0; CPU_MAX_PERF_ON_BAT = 75; - # 0 NEW first + # 0 is first START_CHARGE_THRESH_BAT0 = 60; STOP_CHARGE_THRESH_BAT0 = 85; - # 1 OLD second + # 1 is second START_CHARGE_THRESH_BAT1 = 60; STOP_CHARGE_THRESH_BAT1 = 85; }; diff --git a/modules/hardware/bootmode.nix b/modules/hardware/bootmode.nix deleted file mode 100644 index 5fa2bab..0000000 --- a/modules/hardware/bootmode.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, ... }: - -let - inherit (lib) mkOption types; -in -{ - options.bootMode = mkOption { - type = types.enum [ "uefi" "legacy" ]; - default = "uefi"; - description = "Select boot mode: 'uefi' or 'legacy'."; - }; - - config = { - boot.consoleLogLevel = 0; - boot.kernelParams = [ "quiet" "udev.log_level=3" ]; - - boot.loader = if config.bootMode == "uefi" then { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - timeout = 0; - } else { - grub.enable = true; - grub.device = "/dev/sda"; # <- replace with actual target disk - timeout = 0; - }; - }; -} - diff --git a/modules/hardware/gaming.nix b/modules/hardware/gaming.nix deleted file mode 100644 index c3e266a..0000000 --- a/modules/hardware/gaming.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - ########## TEsting - - # Load nvidia driver for Xorg and Wayland - services.steam.enable = true; - services.xserver.videoDrivers = ["nvidia"]; - - # Enable OpenGL - # Optional nvidia - hardware.graphics = { - enable = true; - }; - - hardware.nvidia = { - modesetting.enable = true; - open = false; - }; -}; diff --git a/modules/hardware/nvidia.nix b/modules/hardware/nvidia.nix new file mode 100644 index 0000000..c21c0b3 --- /dev/null +++ b/modules/hardware/nvidia.nix @@ -0,0 +1,17 @@ +{ config, ... }: + +{ + hardware.graphics = { + enable = true; + }; + services.xserver.videoDrivers = ["nvidia"]; + nixpkgs.config.cudaSupport = true; + hardware.enableAllFirmware = true; + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = false; + open = false; + nvidiaSettings = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; +} diff --git a/modules/hardware/virt.nix b/modules/hardware/virt.nix deleted file mode 100644 index 152f159..0000000 --- a/modules/hardware/virt.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, ... }: -{ - # Enable common container config files in /etc/containers - # virtualisation.containers.enable = true; - # virtualisation = { - # podman = { - # enable = true; - # dockerSocket.enable = true; - # dockerCompat = true; - # defaultNetwork.settings.dns_enabled = true; - # }; - # }; - # - # # Useful other development tools - # environment.systemPackages = with pkgs; [ - # dive # look into docker image layers - # podman-tui # status of containers in the terminal - # docker-compose # start group of containers for dev - # ]; - virtualisation.docker.enable = true; -} diff --git a/modules/hardware/workstation.nix b/modules/hardware/workstation.nix deleted file mode 100644 index a3bb19a..0000000 --- a/modules/hardware/workstation.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ pkgs, ... }: - -{ - # Experiments with services - systemd = { - timers."sync-manage-hourly" = { - enable = false; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "10s"; # Start 10 seconds after boot - OnUnitActiveSec = "1h"; # Repeat every hour - Unit = "sync-manage.service"; # Points to the service unit - }; - }; - services = { - "shutdown-script" = { - enable = false; - description = "Run custom script on shutdown"; - after = [ "shutdown.target" ]; # Ensure it runs during shutdown - script = "/home/jonas/projects/scripts/check_git.sh"; # Specify the path to your script - serviceConfig = { - Type = "oneshot"; - User = "jonas"; # Run as jonas - WorkingDirectory = "/home/jonas"; # Set working directory to jonas' home - execStop = "/home/jonas/projects/scripts/check_git.sh"; # Specify the path to your script - # To ensure the script finishes before the system powers off - TimeoutStopSec = "30"; # You can adjust this if necessary - }; - # To ensure the script finishes before the system powers off - }; - "sync-manage" = { - script = '' - # Run the script from jonas' home directory - /home/jonas/projects/scripts/sync_manage.sh - ''; - serviceConfig = { - Type = "oneshot"; - User = "jonas"; # Run as jonas - WorkingDirectory = "/home/jonas"; # Set working directory to jonas' home - }; - }; - "sync-manage-shutdown" = { - enable = false; - script = '' - # Check if the system is connected to Wi-Fi - /home/jonas/projects/scripts/sync_manage.sh - ''; - serviceConfig = { - Type = "oneshot"; - User = "jonas"; # Run as jonas - ExecStop = "/usr/bin/true"; - RemainAfterExit = true; - }; - }; - }; - }; -} - diff --git a/modules/hardware/xremap.nix b/modules/hardware/xremap.nix new file mode 100644 index 0000000..1fc5aa7 --- /dev/null +++ b/modules/hardware/xremap.nix @@ -0,0 +1,39 @@ +{ inputs, ... }: + +{ + imports = [ + inputs.xremap-flake.nixosModules.default + ]; + + services.xremap = { + withHypr = true; + userName = "jonas"; + config = { + modmap = [ + { + name = "Capslock to esc and ctrl"; + remap = { + "CAPSLOCK" = { + "alone" = "ESC"; + "held" = "CTRL_L"; + }; + "ESC" = "CAPSLOCK"; + }; + } + { + name = "Switch super and alt"; + remap = { + "SUPER_L" = { + "alone" = "ALT_L"; + "held" = "ALT_L"; + }; + "ALT_L" = { + "alone" = "SUPER_L"; + "held" = "SUPER_L"; + }; + }; + } + ]; + }; + }; +} diff --git a/modules/other/xremap.nix b/modules/other/xremap.nix deleted file mode 100644 index bb9578d..0000000 --- a/modules/other/xremap.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ pkgs, inputs, ... }: - -{ - imports = [ - inputs.xremap-flake.nixosModules.default - ]; - - services.xremap = { - withHypr = true; - userName = "jonas"; - config = { - #--------------- INFO ----------------- - # For the MOD2- part, the following prefixes can be used (also case-insensitive): - # Shift: SHIFT- - # Control: C- - # Alt: M- - # Windows: SUPER- - # You can use multiple prefixes like C-M-Shift-a. - # You may also suffix them with _L or _R (case-insensitive) so that remapping is triggered only on a left or right modifier, e.g. Ctrl_L-a. - # - # KEYS: https://github.com/emberian/evdev/blob/2d020f11b283b0648427a2844b6b980f1a268221/src/scancodes.rs#L26-L572 - modmap = [ - { - name = "Capslock -> Esc and Ctrl"; - remap = { - "CAPSLOCK" = { - "alone" = "ESC"; - "held" = "CTRL_L"; - "alone_timeout_millis"= 1000; - }; - "ESC" = "CAPSLOCK"; - # Disable this - "CTRL_L" = { - "alone" = "RESERVED"; - "held" = "RESERVED"; - }; - }; - } - { - name = "Switch Super and Alt"; - remap = { - "SUPER_L" = { - "alone" = "ALT_L"; - "held" = "ALT_L"; - }; - "ALT_L" = { - "alone" = "SUPER_L"; - "held" = "SUPER_L"; - }; - }; - } - ]; - #keymap = [ - # { - #name = "Remove the key next to z on a german keyboard"; - #remap = { - #"103ND" = "RESERVED"; - #}; - # For the cutting key KEY_SYSRQ RIGHTALT for altGR - # } - #]; - }; - }; -} diff --git a/modules/server/collabora.nix b/modules/server/collabora.nix deleted file mode 100644 index ffe49f1..0000000 --- a/modules/server/collabora.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, pkgs, inputs, ... }: - -{ - # setup collabora config declaratively - systemd.services.nextcloud-config-collabora = let - inherit (config.services.nextcloud) occ; - - wopi_url = "http://[::1]:${toString config.services.collabora-online.port}"; - public_wopi_url = "https://cool.hahn1.one"; - wopi_allowlist = lib.concatStringsSep "," [ - "127.0.0.1" - "::1" - ]; - in { - wantedBy = ["multi-user.target"]; - after = ["nextcloud-setup.service" "coolwsd.service"]; - requires = ["coolwsd.service"]; - script = '' - ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} - ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} - ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} - ${occ}/bin/nextcloud-occ richdocuments:setup - ''; - serviceConfig = { - Type = "oneshot"; - User = "nextcloud"; - }; - }; - - # setup the collabora server - services.collabora-online = { - enable = true; - port = 9980; # default - settings = { - # Rely on reverse proxy for SSL - ssl = { - enable = false; - termination = true; - - # this is for dev purposes - # can be enabled in production when there is a real certificate - ssl_verification = true; - }; - - # Listen on loopback interface only, and accept requests from ::1 - net = { - listen = "loopback"; - post_allow.host = ["::1"]; - }; - - # Set FQDN of server - server_name = "cool.hahn1.one"; - }; - }; -} diff --git a/modules/server/ddclient.nix b/modules/server/ddclient.nix deleted file mode 100644 index 4a37d3e..0000000 --- a/modules/server/ddclient.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, config, lib, inputs, ...}: - -{ - - imports = - [ - #inputs.sops-nix.nixosModules.sops - ]; - - # also one can access the path and then cat it - services.ddclient = { - enable = true; - configFile = config.sops.templates."ddclient-temp".path; - }; - -} diff --git a/modules/server/default.nix b/modules/server/default.nix deleted file mode 100644 index 2e58e93..0000000 --- a/modules/server/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, config, lib, inputs, ...}: -let - thisDir = ./.; - nixFiles = builtins.attrNames (builtins.readDir thisDir); - moduleFiles = builtins.filter (name: builtins.match ".*\\.nix" name != null && name != "default.nix") nixFiles; - modules = builtins.map (name: thisDir + "/${name}") moduleFiles; -in { - # Import all the old modules - imports = modules; - - - ############ TEMP Module inputs - - - # Got from here https://nixos.wiki/wiki/OpenLDAP#Setting_up_a_server_with_SSL_certs_via_ACME - - - -} - diff --git a/modules/server/email.nix b/modules/server/email.nix new file mode 100644 index 0000000..18c5416 --- /dev/null +++ b/modules/server/email.nix @@ -0,0 +1,25 @@ +{ ... }: { + imports = [ + (builtins.fetchTarball { + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.05/nixos-mailserver-nixos-25.05.tar.gz"; + sha256 = "0jpp086m839dz6xh6kw5r8iq0cm4nd691zixzy6z11c4z2vf8v85"; + }) + ]; + + mailserver = { + enable = true; + fqdn = "mail.hahn1.one"; + domains = [ "hahn1.one" ]; + + # A list of all login accounts. To create the password hashes, use + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' + loginAccounts = { + "jonas@hahn1.one" = { + hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C"; + aliases = ["postmaster@hahn1.one" "j@hahn1.one"]; + }; + }; + + certificateScheme = "acme-nginx"; + }; +} diff --git a/modules/server/monitor.nix b/modules/server/monitor.nix deleted file mode 100644 index e85f6e4..0000000 --- a/modules/server/monitor.nix +++ /dev/null @@ -1,144 +0,0 @@ - # MONITORING: services run on loopback interface - # nginx reverse proxy exposes services to network - -{ config, lib, pkgs, ... }: - -let - grafana_port = 7000; -in { - # Logging metrics - # Disable loki - services.loki = { - enable = false; - configuration = { - server.http_listen_port = 3100; - auth_enabled = false; - - ingester = { - lifecycler = { - address = "127.0.0.1"; - ring = { - kvstore = { - store = "inmemory"; - }; - replication_factor = 1; - }; - }; - chunk_idle_period = "1h"; - max_chunk_age = "1h"; - chunk_target_size = 999999; - chunk_retain_period = "30s"; - }; - - schema_config = { - configs = [{ - store = "tsdb"; - object_store = "filesystem"; - schema = "v13"; - index = { - prefix = "index_"; - period = "24h"; - }; - }]; - }; - - storage_config = { - tsdb_shipper = { - active_index_directory = "/var/lib/loki/tsdb-shipper-active"; - cache_location = "/var/lib/loki/tsdb-shipper-cache"; - cache_ttl = "24h"; - }; - - filesystem = { - directory = "/var/lib/loki/chunks"; - }; - }; - - limits_config = { - reject_old_samples = true; - reject_old_samples_max_age = "168h"; - }; - - - table_manager = { - retention_deletes_enabled = false; - retention_period = "0s"; - }; - - compactor = { - working_directory = "/var/lib/loki"; - compactor_ring = { - kvstore = { - store = "inmemory"; - }; - }; - }; - }; - }; - - # Disable - services.promtail = { - enable = false; - configuration = { - server = { - http_listen_port = 3031; - grpc_listen_port = 0; - }; - positions = { - filename = "/tmp/positions.yaml"; - }; - clients = [{ - url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; - }]; - scrape_configs = [{ - job_name = "journal"; - journal = { - max_age = "12h"; - labels = { - job = "systemd-journal"; - host = "misox"; - }; - }; - relabel_configs = [{ - source_labels = [ "__journal__systemd_unit" ]; - target_label = "unit"; - }]; - }]; - }; - }; - - # System metrics - services.prometheus = { - enable = true; - exporters = { - node = { - enable = true; - enabledCollectors = [ "systemd" "tcpstat" "processes" "interrupts" ]; - port = 9100; - }; - }; - #globalConfig.scrape_interval = "1m"; - scrapeConfigs = [{ - job_name = "node"; - static_configs = [{ - targets = [ - "localhost:${toString config.services.prometheus.exporters.node.port}" - ]; - }]; - }]; - }; - - # Dashboard - services.grafana = { - enable = true; - settings = { - server = { - http_addr = "127.0.0.1"; - http_port = 3000; - domain = "grafana.misox"; - #root_url = "http://misox:${toString grafana_port}/"; - }; - }; - }; -} - diff --git a/modules/server/networking.nix b/modules/server/networking.nix deleted file mode 100644 index 637d194..0000000 --- a/modules/server/networking.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - networking.hostName = "misox"; # Define your hostname. - - - # networking.interfaces.eno1 = { - - # Assign a static IPv6 address (same as your example) - # ipv6.addresses = [ - # { - # address = "2003:ca:7f20:cf00:dd2d:ebde:44e6:7eca"; # Static IPv6 address - # prefixLength = 64; # Prefix length (usually 64) - # } - # ]; - # - # Enable temporary addresses (privacy addresses) as well - #ipv6.useTempAddresses = true; - #}; - - # The ping behind fritzbox still does not work - networking.enableIPv6 = true; - networking.firewall.allowedTCPPorts = [ - # Opening ssh and the web - 22 - - 80 - 443 - - - ############ - # Jonas Stuff - - # LifeDash Deploy - 8000 - ]; - - - - # Rewrite for local host support - # to make this global you need to confifure a custom dns - networking.hosts = { - "127.0.0.1" = [ "hahn1.one" "cloud.hahn1.one" "cool.hahn1.one" "grafana.hahn1.one"]; - "::1" = [ "hahn1.one" "cloud.hahn1.one" "cool.hahn1.one" "grafana.hahn1.one"]; - #"127.0.0.1" = ["nextcloud.misox" "default.misox" "grafana.misox" "collabora.misox"]; - #"::1" = ["nextcloud.misox" "grafana.misox" "default.misox" "collabora.misox"]; - }; - - networking.networkmanager.wifi.powersave = false; -} diff --git a/modules/server/cloud.nix b/modules/server/nextcloud.nix similarity index 100% rename from modules/server/cloud.nix rename to modules/server/nextcloud.nix diff --git a/modules/server/nginx.nix b/modules/server/nginx.nix deleted file mode 100644 index b57c442..0000000 --- a/modules/server/nginx.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - security.acme = { - acceptTerms = true; - defaults.email = "jonashahn1@gmx.net"; - #defaults.dnsProvider = "route53"; - #defaults.dnsResolver = "2606:4700:4700::1111"; - certs = { - "cloud.hahn1.one" = { - webroot = "/var/lib/acme/.challenges"; - group = "nginx"; - }; - }; - }; - users.users.nginx.extraGroups = [ "acme" ]; - - # Setting the port for nextcloud - services.nginx = let - # support for local vars - mkDevCert = name: commonName: - pkgs.runCommandLocal "${name}-dev-cert" { buildInputs = [ pkgs.openssl ]; } '' - mkdir -p $out - openssl req -x509 -newkey rsa:4096 -keyout $out/key.pem -out $out/cert.pem -days 3650 -nodes \ - -subj "/CN=${commonName}" - ''; - - # dev certs - # collaboraCert = mkDevCert "collabora-misox-cert" "collabora.misox"; - # nextCert = mkDevCert "nextcloud-misox-cert" "nextcloud.misox"; - # defCert = mkDevCert "default-misox-cert" "misox"; - - # default domain to use in the configuration - domain = "hahn1.one"; - in { - # enable nginx - enable = true; - recommendedProxySettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - - # setup virtual hosts - virtualHosts = { - # Expose nextcloud - # this is how to setup a dev cert route with ssl - #"${config.services.nextcloud.hostName}" = { - # enableACME = false; - # forceSSL = true; - - # sslCertificate = "${nextCert}/cert.pem"; - # sslCertificateKey = "${nextCert}/key.pem"; - #}; - - "${config.services.nextcloud.hostName}" = { - enableACME = true; - addSSL = true; - }; - - "grafana.${domain}" = { - enableACME = true; - addSSL = true; - - # this is to create a default listener - #listen = [{ addr = "0.0.0.0"; port = grafana_port;}]; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}"; - proxyWebsockets = true; - }; - }; - "acmechallenge.${domain}" = { - # Catchall vhost, will redirect users to HTTPS for all vhosts - serverAliases = [ "*.example.com" ]; - locations."/.well-known/acme-challenge" = { - root = "/var/lib/acme/.challenges"; - }; - locations."/" = { - return = "301 https://$host$request_uri"; - }; - }; - "cool.${domain}" = { - enableACME = true; - addSSL = true; - - - locations."/" = { - proxyPass = "http://[::1]:${toString config.services.collabora-online.port}"; - proxyWebsockets = true; - }; - }; - # This is the last and therefor occupies the http://misox? - # NO! - "${domain}" = { - default = true; - enableACME = true; - addSSL = true; - - locations."/" = { - root = "${pkgs.nginx}/html"; - index = "index.html"; - }; - - }; - }; - }; - -} - diff --git a/modules/server/services.nix b/modules/server/services.nix deleted file mode 100644 index efc1f3f..0000000 --- a/modules/server/services.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ pkgs, config, lib, inputs, ...}: - -{ - # figure out how this works - services.openldap = { - enable = true; - - /* enable plain connections only */ - urlList = [ "ldap:///" ]; - - - settings = { - attrs = { - olcLogLevel = "conns config"; - }; - - children = { - "cn=schema".includes = [ - "${pkgs.openldap}/etc/schema/core.ldif" - "${pkgs.openldap}/etc/schema/cosine.ldif" - "${pkgs.openldap}/etc/schema/inetorgperson.ldif" - ]; - - "olcDatabase={1}mdb".attrs = { - objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; - - olcDatabase = "{1}mdb"; - olcDbDirectory = "/var/lib/openldap/data"; - - olcSuffix = "dc=example,dc=com"; - - /* your admin account, do not use writeText on a production system */ - olcRootDN = "cn=admin,dc=example,dc=com"; - olcRootPW.path = pkgs.writeText "olcRootPW" "pass"; - - olcAccess = [ - /* custom access rules for userPassword attributes */ - ''{0}to attrs=userPassword - by self write - by anonymous auth - by * none'' - - /* allow read on anything else */ - ''{1}to * - by * read'' - ]; - }; - }; - }; - }; - - # Enable all the old services on gullfoss - services.postgresql = { - enable = true; - ensureDatabases = [ "mydatabase" ]; - authentication = pkgs.lib.mkOverride 10 '' - #type database DBuser auth-method - local all all trust - ''; - }; - - # TODO: need to configure this - services.samba = { - enable = true; - openFirewall = true; - settings = { - global = { - "workgroup" = "WORKGROUP"; - "server string" = "smbnix"; - "netbios name" = "smbnix"; - "security" = "user"; - #"use sendfile" = "yes"; - #"max protocol" = "smb2"; - # note: localhost is the ipv6 localhost ::1 - "hosts allow" = "192.168.0. 127.0.0.1 localhost"; - "hosts deny" = "0.0.0.0/0"; - "guest account" = "nobody"; - "map to guest" = "bad user"; - }; - "public" = { - "path" = "/mnt/Shares/Public"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "username"; - "force group" = "groupname"; - }; - "private" = { - "path" = "/mnt/Shares/Private"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "username"; - "force group" = "groupname"; - }; - }; - }; - - services.samba-wsdd = { - enable = true; - openFirewall = true; - }; - - services.cron = { - enable = true; - systemCronJobs = [ - "*/5 * * * * root date >> /tmp/cron.log" - ]; - }; -} diff --git a/modules/services/mail.nix b/modules/services/mail.nix deleted file mode 100644 index eb02ac8..0000000 --- a/modules/services/mail.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, ... }: { - services.postfix = { - enable = true; - relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; - sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem"; - sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem"; - config = { - transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; - local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; - }; - }; - services.mailman = { - enable = true; - serve.enable = true; - hyperkitty.enable = true; - webHosts = ["lists.example.org"]; - siteOwner = "mailman@example.org"; - }; - services.nginx.virtualHosts."lists.example.org".enableACME = true; - #networking.firewall.allowedTCPPorts = [ 25 80 443 ]; -} diff --git a/modules/services/realmail.nix b/modules/services/realmail.nix deleted file mode 100644 index dede1a9..0000000 --- a/modules/services/realmail.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, pkgs, ... }: { - imports = [ - (builtins.fetchTarball { - # Pick a release version you are interested in and set its hash, e.g. - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.05/nixos-mailserver-nixos-25.05.tar.gz"; - # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command: - # release="nixos-25.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack - sha256 = "0jpp086m839dz6xh6kw5r8iq0cm4nd691zixzy6z11c4z2vf8v85"; - }) - ]; - - mailserver = { - enable = true; - fqdn = "mail.hahn1.one"; - domains = [ "hahn1.one" ]; - - # A list of all login accounts. To create the password hashes, use - # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' - loginAccounts = { - "jonas@hahn1.one" = { - # mail4jonas - hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C"; - aliases = ["postmaster@hahn1.one" "j@hahn1.one"]; - }; - "security@hahn1.one" = { - # mail4jonas - hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C"; - aliases = ["sec@hahn1.one"]; - }; - "christiane@hahn1.one" = { - # mail4jonas - hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q"; - aliases = ["ch@hahn1.one"]; - }; - "horst@hahn1.one" = { - # mail4jonas - hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q"; - aliases = ["ho@hahn1.one"]; - }; - "theo@hahn1.one" = { - # mail4jonas - hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q"; - aliases = ["th@hahn1.one"]; - }; - }; - - # Use Let's Encrypt certificates. Note that this needs to set up a stripped - # down nginx and opens port 80. - certificateScheme = "acme-nginx"; - }; -}