jonas/nixos
1
0
Fork 0
mirror of https://github.com/Ascyii/nixos.git synced 2026-01-01 06:44:26 -05:00
Code Issues Packages Projects Releases Wiki Activity

Made it work

Browse Source
This commit is contained in:
Jonas Hahn
2025-08-30 21:19:51 +02:00
parent fdbaf09146
commit 75d30efc6c
23 changed files with 148 additions and 1356 deletions
Download Patch File Download Diff File Expand all files Collapse all files

422
flake.lock generated
View File

@@ -37,73 +37,6 @@
"type": "github" "type": "github"
} }
}, },
"base16": {
"inputs": {
"fromYaml": "fromYaml"
},
"locked": {
"lastModified": 1746562888,
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "base16.nix",
"type": "github"
}
},
"base16-fish": {
"flake": false,
"locked": {
"lastModified": 1622559957,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1748408240,
"narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1732806396,
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
}
},
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1751562746, "lastModified": 1751562746,
@@ -121,7 +54,7 @@
}, },
"devshell": { "devshell": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1741473158, "lastModified": 1741473158,
@@ -137,22 +70,6 @@
"type": "github" "type": "github"
} }
}, },
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1748383148,
"narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -170,48 +87,6 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
@@ -229,22 +104,6 @@
"type": "github" "type": "github"
} }
}, },
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1731966426,
"narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "106af9e2f715e2d828df706c386a685698f3223b",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -268,23 +127,6 @@
"type": "github" "type": "github"
} }
}, },
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1744584021,
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "48.1",
"repo": "gnome-shell",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -292,11 +134,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753592768, "lastModified": 1756245065,
"narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "narHash": "sha256-aAZNbGcWrVRZgWgkQbkabSGcDVRDMgON4BipMy69gvI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "fc3add429f21450359369af74c2375cb34a2d204", "rev": "54b2879ce622d44415e727905925e21b8f833a98",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -308,7 +150,7 @@
}, },
"home-manager_2": { "home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1751990210, "lastModified": 1751990210,
@@ -398,9 +240,9 @@
"hyprlang": "hyprlang", "hyprlang": "hyprlang",
"hyprutils": "hyprutils", "hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner", "hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_4",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_2", "systems": "systems",
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
@@ -607,11 +449,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1754563854, "lastModified": 1756469547,
"narHash": "sha256-YzNTExe3kMY9lYs23mZR7jsVHe5TWnpwNrsPOpFs/b8=", "narHash": "sha256-YvtD2E7MYsQ3r7K9K2G7nCslCKMPShoSEAtbjHLtH0k=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e728d7ae4bb6394bbd19eec52b7358526a44c414", "rev": "41d292bfc37309790f70f4c120b79280ce40af16",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -637,11 +479,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1754498491, "lastModified": 1756542300,
"narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -651,22 +493,6 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1751211869,
"narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1722073938, "lastModified": 1722073938,
"narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=", "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=",
@@ -682,7 +508,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1751637120, "lastModified": 1751637120,
"narHash": "sha256-xVNy/XopSfIG9c46nRmPaKfH1Gn/56vQ8++xWA8itO4=", "narHash": "sha256-xVNy/XopSfIG9c46nRmPaKfH1Gn/56vQ8++xWA8itO4=",
@@ -698,7 +524,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1751792365, "lastModified": 1751792365,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
@@ -714,7 +540,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1751949589, "lastModified": 1751949589,
"narHash": "sha256-mgFxAPLWw0Kq+C8P3dRrZrOYEQXOtKuYVlo9xvPntt8=", "narHash": "sha256-mgFxAPLWw0Kq+C8P3dRrZrOYEQXOtKuYVlo9xvPntt8=",
@@ -730,7 +556,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1747958103, "lastModified": 1747958103,
"narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=", "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=",
@@ -746,53 +572,6 @@
"type": "github" "type": "github"
} }
}, },
"nur": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1754657805,
"narHash": "sha256-mGjro2RFdIg/1894aL4oSK5GCT1ofiVEs0z9kyDdlsc=",
"owner": "nix-community",
"repo": "NUR",
"rev": "913d4b0c82222afcf6da3e972641c124afc5514d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"nur_2": {
"inputs": {
"flake-parts": [
"stylix",
"flake-parts"
],
"nixpkgs": [
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1751320053,
"narHash": "sha256-3m6RMw0FbbaUUa01PNaMLoO7D99aBClmY5ed9V3vz+0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "cbde1735782f9c2bb2c63d5e05fba171a14a4670",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@@ -822,9 +601,7 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"stylix": "stylix",
"xremap-flake": "xremap-flake" "xremap-flake": "xremap-flake"
} }
}, },
@@ -835,11 +612,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754328224, "lastModified": 1754988908,
"narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -848,55 +625,7 @@
"type": "github" "type": "github"
} }
}, },
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_2",
"gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_2",
"nur": "nur_2",
"systems": "systems",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1754599117,
"narHash": "sha256-AzAYdZlat002vCjCKWdFpGi2xUaiOU4DtIPnv1nomD8=",
"owner": "danth",
"repo": "stylix",
"rev": "312dec38b2231b21f36903d1bdce96daa11548ff",
"type": "github"
},
"original": {
"owner": "danth",
"ref": "release-25.05",
"repo": "stylix",
"type": "github"
}
},
"systems": { "systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -911,112 +640,9 @@
"type": "github" "type": "github"
} }
}, },
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1735730497,
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1750770351,
"narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "5a775c6ffd6e6125947b393872cde95867d85a2a",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1751159871,
"narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "bded5e24407cec9d01bd47a317d15b9223a1546c",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1751158968,
"narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "86a470d94204f7652b906ab0d378e4231a5b3384",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github"
}
},
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": "nixpkgs_6"
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1750931469, "lastModified": 1750931469,
@@ -1100,11 +726,11 @@
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"devshell": "devshell", "devshell": "devshell",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"hyprland": "hyprland", "hyprland": "hyprland",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_5",
"treefmt-nix": "treefmt-nix_2", "treefmt-nix": "treefmt-nix",
"xremap": "xremap" "xremap": "xremap"
}, },
"locked": { "locked": {

50
flake.nix
View File

@@ -1,23 +1,21 @@
# This is the main flake containing all the nix related stuff
{ {
description = "Main nixos system configuration management von Jonas Hahn "; description = "Main nixos system configuration management by Jonas Hahn";
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-25.05"; nixpkgs.url = "nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-25.05"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
xremap-flake.url = "github:xremap/nix-flake?rev=8001f37b1ffe86e76b62f36afadee2f4acf90e70"; xremap-flake.url = "github:xremap/nix-flake?rev=8001f37b1ffe86e76b62f36afadee2f4acf90e70"; # One commit behind head
}; };
outputs = { self, nixpkgs, sops-nix, nixpkgs-unstable, home-manager, ... }@inputs: outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, home-manager, ... }@inputs:
let let
system = "x86_64-linux"; system = "x86_64-linux";
@@ -26,41 +24,29 @@
}; };
helperModules = [ helperModules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ({ config, pkgs, ... }: {
nixpkgs.overlays = [ overlay-unstable ];
})
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit inputs; }; home-manager.extraSpecialArgs = { inherit inputs; };
home-manager.users.jonas = import ./nixos/users/jonas/home.nix; home-manager.users.jonas = import ./user/home.nix;
} }
]; ];
mkHost = name: path:
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [ path ] ++ helperModules;
};
in { in {
nixosConfigurations = { nixosConfigurations = {
"thinix" = nixpkgs.lib.nixosSystem { thinix = mkHost "thinix" ./hosts/thinix-thinkpad/configuration.nix;
system = "x86_64-linux"; nixyos = mkHost "nixyos" ./hosts/nixyos-asus/configuration.nix;
specialArgs = { inherit inputs; }; minoxy = mkHost "minoxy" ./hosts/minoxy-workstation/configuration.nix;
modules = [
# Use overlay magic with pkgs.unstable.<name>
./nixos/hosts/thinkpadt470s/configuration.nix
] ++ helperModules;
};
"nixyos" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./nixos/hosts/asus-vivo/configuration.nix
] ++ helperModules;
};
"minoxy" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./nixos/hosts/minoxy/configuration.nix
] ++ helperModules;
};
}; };
}; };
} }

103
hosts/minoxy-workstation/configuration.nix
View File

@@ -1,116 +1,41 @@
{ config, lib, pkgs, ... }: { pkgs, ... }:
let {
var22 = "22";
in
{
nixpkgs.config.allowUnfree = true;
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./../../user/users.nix
# Installing needed modules ./../../modules/common.nix
../../modules/tweaks.nix
../../users.nix ./../../modules/hardware/xremap.nix
../../modules/workstation.nix ./../../modules/hardware/nvidia.nix
# Disabling the powersaving to save the wifi?
# ../../modules/laptop.nix
../../common.nix
]; ];
networking.hostName = "minoxy"; networking.hostName = "minoxy";
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
# TODO: make this a module
hardware.graphics = {
enable = true;
};
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = ["nvidia"];
nixpkgs.config.cudaSupport = true;
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
#:powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
hardware.enableAllFirmware = true;
services = {
pipewire = {
enable = true;
wireplumber = {
enable = true;
};
alsa = {
enable = true;
support32Bit = true;
};
audio.enable = true;
pulse.enable = true;
jack.enable = false;
};
};
# Rest the Display manager for the computer machine
services.displayManager.ly.enable = lib.mkForce false;
services.xserver.displayManager.gdm.enable = true; # We are pre 25.11 services.xserver.displayManager.gdm.enable = true; # We are pre 25.11
# TODO MAke this work
services.colord.enable = true;
systemd.targets.sleep.enable = true; systemd.targets.sleep.enable = true;
systemd.targets.suspend.enable = true; systemd.targets.suspend.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# replace blender with this line
(blender.override { (blender.override {
cudaSupport = true; cudaSupport = true;
}) })
go
libuuid
busybox
chromium
]; ];
# Fix VSC Speech plugin by manually linking those
environment = {
sessionVariables = {
LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib:${pkgs.libuuid.lib}/lib";
};
};
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
virtualisation.docker.storageDriver = "btrfs"; virtualisation.docker.storageDriver = "btrfs";
programs = {
hyprland.enable = true;
hyprlock.enable = true;
firefox.enable = true;
};
# Never change this! # Never change this!
system.stateVersion = "25.05"; system.stateVersion = "25.05";
} }

45
modules/common.nix
View File

@@ -1,23 +1,22 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = [ # Basic services
./modules/smalls/bootmode.nix
];
services.locate.enable = true; services.locate.enable = true;
services.printing.enable = true; services.printing.enable = true;
# nix fun # Nix fun
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nix.settings.experimental-features = ["flakes" "nix-command"]; nix.settings.experimental-features = ["flakes" "nix-command"];
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
programs.nix-ld.enable = true;
environment = { environment = {
sessionVariables = { sessionVariables = {
NIXOS_OZONE_WL = "1"; NIXOS_OZONE_WL = "1";
QTWEBENGINE_CHROMIUM_FLAGS="--blink-settings=darkModeEnabled=true"; QTWEBENGINE_CHROMIUM_FLAGS="--blink-settings=darkModeEnabled=true";
QT_QPA_PLATFORMTHEME = "qt6ct"; # kvantum for dolphin and qt for sioyek?? QT_QPA_PLATFORMTHEME = "qt6ct";
WLR_NO_HARDWARE_CURSORS= "1"; WLR_NO_HARDWARE_CURSORS= "1";
QT_STYLE_OVERRIDE = "kvantum"; QT_STYLE_OVERRIDE = "kvantum";
QT_QPA_PLATFORM="xcb"; QT_QPA_PLATFORM="xcb";
@@ -31,16 +30,14 @@
lazygit lazygit
unzip unzip
# everywhere support # Everywhere support
starship starship
zoxide zoxide
kdePackages.qtsvg kdePackages.qtsvg
# add sync support # Add sync support
rsync rsync
flock flock
# curl for scripting
curl curl
]; ];
pathsToLink = [ pathsToLink = [
@@ -55,32 +52,15 @@
}; };
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
nerd-fonts.fira-code nerd-fonts.fira-code
nerd-fonts.droid-sans-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
fira-code
fira-code-symbols
]; ];
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
console = { console = {
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";
keyMap = "us"; keyMap = "us";
}; };
services.displayManager.ly = {
enable = true;
settings = {
clock = "%c";
box_title = "HahnComp";
clear_password = true;
default_input = "password";
};
};
programs.zsh = { programs.zsh = {
enable = true; enable = true;
autosuggestions.enable = true; autosuggestions.enable = true;
@@ -96,13 +76,4 @@
]; ];
}; };
}; };
# In case of gui usage
programs = {
hyprland.enable = true;
hyprlock.enable = true;
nix-ld.enable = true;
firefox.enable = true;
};
} }

34
modules/hardware/laptop.nix → modules/hardware/battery.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, lib, ... }: { config, lib, ... }:
let let
inherit (lib) mkOption types; inherit (lib) mkOption types;
@@ -8,22 +8,8 @@ in
options.batMode = mkOption { options.batMode = mkOption {
type = types.enum [ "single" "double" ]; type = types.enum [ "single" "double" ];
default = "single"; default = "single";
description = "Select 'single' for one battery and 'double' for dual setup";
}; };
# Dont run a tandem with tlp
#options.services.auto-cpufreq.enable = true;
#options.services.auto-cpufreq.settings = {
# battery = {
# governor = "powersave";
# turbo = "never";
# };
# charger = {
# governor = "performance";
# turbo = "auto";
# };
#};
config = { config = {
powerManagement.powertop.enable = true; powerManagement.powertop.enable = true;
services.upower = { services.upower = {
@@ -34,7 +20,6 @@ in
percentageCritical = 20; percentageCritical = 20;
percentageAction = 10; percentageAction = 10;
#percentageAction = "PowerOff";
criticalPowerAction = "PowerOff"; # This can destroy work criticalPowerAction = "PowerOff"; # This can destroy work
usePercentageForPolicy = true; usePercentageForPolicy = true;
}; };
@@ -42,33 +27,20 @@ in
services.tlp = if config.batMode == "single" then { services.tlp = if config.batMode == "single" then {
enable = true; enable = true;
settings = { settings = {
#Optional helps save long term battery health
# Going almost full because the other bat is also charged
# 0 NEW first
START_CHARGE_THRESH_BAT0 = 65; START_CHARGE_THRESH_BAT0 = 65;
STOP_CHARGE_THRESH_BAT0 = 85; STOP_CHARGE_THRESH_BAT0 = 85;
CPU_SCALING_GOVERNOR_ON_AC = "performance"; CPU_SCALING_GOVERNOR_ON_AC = "performance";
#CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
#CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
CPU_MIN_PERF_ON_AC = 0; CPU_MIN_PERF_ON_AC = 0;
CPU_MAX_PERF_ON_AC = 100; CPU_MAX_PERF_ON_AC = 100;
CPU_MIN_PERF_ON_BAT = 0; CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 65; CPU_MAX_PERF_ON_BAT = 65;
}; };
} else { } else {
enable = true; enable = true;
settings = { settings = {
# Have to keep it this way or
# Otherwise the buil in stop at 5% stops worky
# The problem is here that only the second battery gets seen from the charging cap
# Workaround. Just charge the battery when you use it and then turn manually the battery off
# I mean it is the state you generate now that you can use on any laptop. so
CPU_SCALING_GOVERNOR_ON_AC = "performance"; CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
@@ -80,11 +52,11 @@ in
CPU_MIN_PERF_ON_BAT = 0; CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 75; CPU_MAX_PERF_ON_BAT = 75;
# 0 NEW first # 0 is first
START_CHARGE_THRESH_BAT0 = 60; START_CHARGE_THRESH_BAT0 = 60;
STOP_CHARGE_THRESH_BAT0 = 85; STOP_CHARGE_THRESH_BAT0 = 85;
# 1 OLD second # 1 is second
START_CHARGE_THRESH_BAT1 = 60; START_CHARGE_THRESH_BAT1 = 60;
STOP_CHARGE_THRESH_BAT1 = 85; STOP_CHARGE_THRESH_BAT1 = 85;
}; };

28
modules/hardware/bootmode.nix
View File

@@ -1,28 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkOption types;
in
{
options.bootMode = mkOption {
type = types.enum [ "uefi" "legacy" ];
default = "uefi";
description = "Select boot mode: 'uefi' or 'legacy'.";
};
config = {
boot.consoleLogLevel = 0;
boot.kernelParams = [ "quiet" "udev.log_level=3" ];
boot.loader = if config.bootMode == "uefi" then {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
timeout = 0;
} else {
grub.enable = true;
grub.device = "/dev/sda"; # <- replace with actual target disk
timeout = 0;
};
};
}

20
modules/hardware/gaming.nix
View File

@@ -1,20 +0,0 @@
{ pkgs, ... }:
{
########## TEsting
# Load nvidia driver for Xorg and Wayland
services.steam.enable = true;
services.xserver.videoDrivers = ["nvidia"];
# Enable OpenGL
# Optional nvidia
hardware.graphics = {
enable = true;
};
hardware.nvidia = {
modesetting.enable = true;
open = false;
};
};

17
modules/hardware/nvidia.nix Normal file
View File

@@ -0,0 +1,17 @@
{ config, ... }:
{
hardware.graphics = {
enable = true;
};
services.xserver.videoDrivers = ["nvidia"];
nixpkgs.config.cudaSupport = true;
hardware.enableAllFirmware = true;
hardware.nvidia = {
modesetting.enable = true;
powerManagement.enable = false;
open = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

21
modules/hardware/virt.nix
View File

@@ -1,21 +0,0 @@
{ pkgs, ... }:
{
# Enable common container config files in /etc/containers
# virtualisation.containers.enable = true;
# virtualisation = {
# podman = {
# enable = true;
# dockerSocket.enable = true;
# dockerCompat = true;
# defaultNetwork.settings.dns_enabled = true;
# };
# };
#
# # Useful other development tools
# environment.systemPackages = with pkgs; [
# dive # look into docker image layers
# podman-tui # status of containers in the terminal
# docker-compose # start group of containers for dev
# ];
virtualisation.docker.enable = true;
}

58
modules/hardware/workstation.nix
View File

@@ -1,58 +0,0 @@
{ pkgs, ... }:
{
# Experiments with services
systemd = {
timers."sync-manage-hourly" = {
enable = false;
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "10s"; # Start 10 seconds after boot
OnUnitActiveSec = "1h"; # Repeat every hour
Unit = "sync-manage.service"; # Points to the service unit
};
};
services = {
"shutdown-script" = {
enable = false;
description = "Run custom script on shutdown";
after = [ "shutdown.target" ]; # Ensure it runs during shutdown
script = "/home/jonas/projects/scripts/check_git.sh"; # Specify the path to your script
serviceConfig = {
Type = "oneshot";
User = "jonas"; # Run as jonas
WorkingDirectory = "/home/jonas"; # Set working directory to jonas' home
execStop = "/home/jonas/projects/scripts/check_git.sh"; # Specify the path to your script
# To ensure the script finishes before the system powers off
TimeoutStopSec = "30"; # You can adjust this if necessary
};
# To ensure the script finishes before the system powers off
};
"sync-manage" = {
script = ''
# Run the script from jonas' home directory
/home/jonas/projects/scripts/sync_manage.sh
'';
serviceConfig = {
Type = "oneshot";
User = "jonas"; # Run as jonas
WorkingDirectory = "/home/jonas"; # Set working directory to jonas' home
};
};
"sync-manage-shutdown" = {
enable = false;
script = ''
# Check if the system is connected to Wi-Fi
/home/jonas/projects/scripts/sync_manage.sh
'';
serviceConfig = {
Type = "oneshot";
User = "jonas"; # Run as jonas
ExecStop = "/usr/bin/true";
RemainAfterExit = true;
};
};
};
};
}

39
modules/hardware/xremap.nix Normal file
View File

@@ -0,0 +1,39 @@
{ inputs, ... }:
{
imports = [
inputs.xremap-flake.nixosModules.default
];
services.xremap = {
withHypr = true;
userName = "jonas";
config = {
modmap = [
{
name = "Capslock to esc and ctrl";
remap = {
"CAPSLOCK" = {
"alone" = "ESC";
"held" = "CTRL_L";
};
"ESC" = "CAPSLOCK";
};
}
{
name = "Switch super and alt";
remap = {
"SUPER_L" = {
"alone" = "ALT_L";
"held" = "ALT_L";
};
"ALT_L" = {
"alone" = "SUPER_L";
"held" = "SUPER_L";
};
};
}
];
};
};
}

64
modules/other/xremap.nix
View File

@@ -1,64 +0,0 @@
{ pkgs, inputs, ... }:
{
imports = [
inputs.xremap-flake.nixosModules.default
];
services.xremap = {
withHypr = true;
userName = "jonas";
config = {
#--------------- INFO -----------------
# For the MOD2- part, the following prefixes can be used (also case-insensitive):
# Shift: SHIFT-
# Control: C-
# Alt: M-
# Windows: SUPER-
# You can use multiple prefixes like C-M-Shift-a.
# You may also suffix them with _L or _R (case-insensitive) so that remapping is triggered only on a left or right modifier, e.g. Ctrl_L-a.
#
# KEYS: https://github.com/emberian/evdev/blob/2d020f11b283b0648427a2844b6b980f1a268221/src/scancodes.rs#L26-L572
modmap = [
{
name = "Capslock -> Esc and Ctrl";
remap = {
"CAPSLOCK" = {
"alone" = "ESC";
"held" = "CTRL_L";
"alone_timeout_millis"= 1000;
};
"ESC" = "CAPSLOCK";
# Disable this
"CTRL_L" = {
"alone" = "RESERVED";
"held" = "RESERVED";
};
};
}
{
name = "Switch Super and Alt";
remap = {
"SUPER_L" = {
"alone" = "ALT_L";
"held" = "ALT_L";
};
"ALT_L" = {
"alone" = "SUPER_L";
"held" = "SUPER_L";
};
};
}
];
#keymap = [
# {
#name = "Remove the key next to z on a german keyboard";
#remap = {
#"103ND" = "RESERVED";
#};
# For the cutting key KEY_SYSRQ RIGHTALT for altGR
# }
#];
};
};
}

55
modules/server/collabora.nix
View File

@@ -1,55 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
{
# setup collabora config declaratively
systemd.services.nextcloud-config-collabora = let
inherit (config.services.nextcloud) occ;
wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
public_wopi_url = "https://cool.hahn1.one";
wopi_allowlist = lib.concatStringsSep "," [
"127.0.0.1"
"::1"
];
in {
wantedBy = ["multi-user.target"];
after = ["nextcloud-setup.service" "coolwsd.service"];
requires = ["coolwsd.service"];
script = ''
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
${occ}/bin/nextcloud-occ richdocuments:setup
'';
serviceConfig = {
Type = "oneshot";
User = "nextcloud";
};
};
# setup the collabora server
services.collabora-online = {
enable = true;
port = 9980; # default
settings = {
# Rely on reverse proxy for SSL
ssl = {
enable = false;
termination = true;
# this is for dev purposes
# can be enabled in production when there is a real certificate
ssl_verification = true;
};
# Listen on loopback interface only, and accept requests from ::1
net = {
listen = "loopback";
post_allow.host = ["::1"];
};
# Set FQDN of server
server_name = "cool.hahn1.one";
};
};
}

16
modules/server/ddclient.nix
View File

@@ -1,16 +0,0 @@
{ pkgs, config, lib, inputs, ...}:
{
imports =
[
#inputs.sops-nix.nixosModules.sops
];
# also one can access the path and then cat it
services.ddclient = {
enable = true;
configFile = config.sops.templates."ddclient-temp".path;
};
}

20
modules/server/default.nix
View File

@@ -1,20 +0,0 @@
{ pkgs, config, lib, inputs, ...}:
let
thisDir = ./.;
nixFiles = builtins.attrNames (builtins.readDir thisDir);
moduleFiles = builtins.filter (name: builtins.match ".*\\.nix" name != null && name != "default.nix") nixFiles;
modules = builtins.map (name: thisDir + "/${name}") moduleFiles;
in {
# Import all the old modules
imports = modules;
############ TEMP Module inputs
# Got from here https://nixos.wiki/wiki/OpenLDAP#Setting_up_a_server_with_SSL_certs_via_ACME
}

25
modules/server/email.nix Normal file
View File

@@ -0,0 +1,25 @@
{ ... }: {
imports = [
(builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.05/nixos-mailserver-nixos-25.05.tar.gz";
sha256 = "0jpp086m839dz6xh6kw5r8iq0cm4nd691zixzy6z11c4z2vf8v85";
})
];
mailserver = {
enable = true;
fqdn = "mail.hahn1.one";
domains = [ "hahn1.one" ];
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"jonas@hahn1.one" = {
hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C";
aliases = ["postmaster@hahn1.one" "j@hahn1.one"];
};
};
certificateScheme = "acme-nginx";
};
}

144
modules/server/monitor.nix
View File

@@ -1,144 +0,0 @@
# MONITORING: services run on loopback interface
# nginx reverse proxy exposes services to network
{ config, lib, pkgs, ... }:
let
grafana_port = 7000;
in {
# Logging metrics
# Disable loki
services.loki = {
enable = false;
configuration = {
server.http_listen_port = 3100;
auth_enabled = false;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
};
schema_config = {
configs = [{
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}];
};
storage_config = {
tsdb_shipper = {
active_index_directory = "/var/lib/loki/tsdb-shipper-active";
cache_location = "/var/lib/loki/tsdb-shipper-cache";
cache_ttl = "24h";
};
filesystem = {
directory = "/var/lib/loki/chunks";
};
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
compactor = {
working_directory = "/var/lib/loki";
compactor_ring = {
kvstore = {
store = "inmemory";
};
};
};
};
};
# Disable
services.promtail = {
enable = false;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [{
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}];
scrape_configs = [{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "misox";
};
};
relabel_configs = [{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}];
}];
};
};
# System metrics
services.prometheus = {
enable = true;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" "tcpstat" "processes" "interrupts" ];
port = 9100;
};
};
#globalConfig.scrape_interval = "1m";
scrapeConfigs = [{
job_name = "node";
static_configs = [{
targets = [
"localhost:${toString config.services.prometheus.exporters.node.port}"
];
}];
}];
};
# Dashboard
services.grafana = {
enable = true;
settings = {
server = {
http_addr = "127.0.0.1";
http_port = 3000;
domain = "grafana.misox";
#root_url = "http://misox:${toString grafana_port}/";
};
};
};
}

50
modules/server/networking.nix
View File

@@ -1,50 +0,0 @@
{ config, lib, pkgs, ... }:
{
networking.hostName = "misox"; # Define your hostname.
# networking.interfaces.eno1 = {
# Assign a static IPv6 address (same as your example)
# ipv6.addresses = [
# {
# address = "2003:ca:7f20:cf00:dd2d:ebde:44e6:7eca"; # Static IPv6 address
# prefixLength = 64; # Prefix length (usually 64)
# }
# ];
#
# Enable temporary addresses (privacy addresses) as well
#ipv6.useTempAddresses = true;
#};
# The ping behind fritzbox still does not work
networking.enableIPv6 = true;
networking.firewall.allowedTCPPorts = [
# Opening ssh and the web
22
80
443
############
# Jonas Stuff
# LifeDash Deploy
8000
];
# Rewrite for local host support
# to make this global you need to confifure a custom dns
networking.hosts = {
"127.0.0.1" = [ "hahn1.one" "cloud.hahn1.one" "cool.hahn1.one" "grafana.hahn1.one"];
"::1" = [ "hahn1.one" "cloud.hahn1.one" "cool.hahn1.one" "grafana.hahn1.one"];
#"127.0.0.1" = ["nextcloud.misox" "default.misox" "grafana.misox" "collabora.misox"];
#"::1" = ["nextcloud.misox" "grafana.misox" "default.misox" "collabora.misox"];
};
networking.networkmanager.wifi.powersave = false;
}

0
modules/server/cloud.nix → modules/server/nextcloud.nix
View File

107
modules/server/nginx.nix
View File

@@ -1,107 +0,0 @@
{ config, lib, pkgs, ... }:
{
security.acme = {
acceptTerms = true;
defaults.email = "jonashahn1@gmx.net";
#defaults.dnsProvider = "route53";
#defaults.dnsResolver = "2606:4700:4700::1111";
certs = {
"cloud.hahn1.one" = {
webroot = "/var/lib/acme/.challenges";
group = "nginx";
};
};
};
users.users.nginx.extraGroups = [ "acme" ];
# Setting the port for nextcloud
services.nginx = let
# support for local vars
mkDevCert = name: commonName:
pkgs.runCommandLocal "${name}-dev-cert" { buildInputs = [ pkgs.openssl ]; } ''
mkdir -p $out
openssl req -x509 -newkey rsa:4096 -keyout $out/key.pem -out $out/cert.pem -days 3650 -nodes \
-subj "/CN=${commonName}"
'';
# dev certs
# collaboraCert = mkDevCert "collabora-misox-cert" "collabora.misox";
# nextCert = mkDevCert "nextcloud-misox-cert" "nextcloud.misox";
# defCert = mkDevCert "default-misox-cert" "misox";
# default domain to use in the configuration
domain = "hahn1.one";
in {
# enable nginx
enable = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
# setup virtual hosts
virtualHosts = {
# Expose nextcloud
# this is how to setup a dev cert route with ssl
#"${config.services.nextcloud.hostName}" = {
# enableACME = false;
# forceSSL = true;
# sslCertificate = "${nextCert}/cert.pem";
# sslCertificateKey = "${nextCert}/key.pem";
#};
"${config.services.nextcloud.hostName}" = {
enableACME = true;
addSSL = true;
};
"grafana.${domain}" = {
enableACME = true;
addSSL = true;
# this is to create a default listener
#listen = [{ addr = "0.0.0.0"; port = grafana_port;}];
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
};
"acmechallenge.${domain}" = {
# Catchall vhost, will redirect users to HTTPS for all vhosts
serverAliases = [ "*.example.com" ];
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/.challenges";
};
locations."/" = {
return = "301 https://$host$request_uri";
};
};
"cool.${domain}" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://[::1]:${toString config.services.collabora-online.port}";
proxyWebsockets = true;
};
};
# This is the last and therefor occupies the http://misox?
# NO!
"${domain}" = {
default = true;
enableACME = true;
addSSL = true;
locations."/" = {
root = "${pkgs.nginx}/html";
index = "index.html";
};
};
};
};
}

114
modules/server/services.nix
View File

@@ -1,114 +0,0 @@
{ pkgs, config, lib, inputs, ...}:
{
# figure out how this works
services.openldap = {
enable = true;
/* enable plain connections only */
urlList = [ "ldap:///" ];
settings = {
attrs = {
olcLogLevel = "conns config";
};
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
];
"olcDatabase={1}mdb".attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=example,dc=com";
/* your admin account, do not use writeText on a production system */
olcRootDN = "cn=admin,dc=example,dc=com";
olcRootPW.path = pkgs.writeText "olcRootPW" "pass";
olcAccess = [
/* custom access rules for userPassword attributes */
''{0}to attrs=userPassword
by self write
by anonymous auth
by * none''
/* allow read on anything else */
''{1}to *
by * read''
];
};
};
};
};
# Enable all the old services on gullfoss
services.postgresql = {
enable = true;
ensureDatabases = [ "mydatabase" ];
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all all trust
'';
};
# TODO: need to configure this
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "smbnix";
"netbios name" = "smbnix";
"security" = "user";
#"use sendfile" = "yes";
#"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "192.168.0. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
"public" = {
"path" = "/mnt/Shares/Public";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "username";
"force group" = "groupname";
};
"private" = {
"path" = "/mnt/Shares/Private";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "username";
"force group" = "groupname";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.cron = {
enable = true;
systemCronJobs = [
"*/5 * * * * root date >> /tmp/cron.log"
];
};
}

21
modules/services/mail.nix
View File

@@ -1,21 +0,0 @@
{ config, ... }: {
services.postfix = {
enable = true;
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem";
sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem";
config = {
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
};
};
services.mailman = {
enable = true;
serve.enable = true;
hyperkitty.enable = true;
webHosts = ["lists.example.org"];
siteOwner = "mailman@example.org";
};
services.nginx.virtualHosts."lists.example.org".enableACME = true;
#networking.firewall.allowedTCPPorts = [ 25 80 443 ];
}

51
modules/services/realmail.nix
View File

@@ -1,51 +0,0 @@
{ config, pkgs, ... }: {
imports = [
(builtins.fetchTarball {
# Pick a release version you are interested in and set its hash, e.g.
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.05/nixos-mailserver-nixos-25.05.tar.gz";
# To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
# release="nixos-25.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
sha256 = "0jpp086m839dz6xh6kw5r8iq0cm4nd691zixzy6z11c4z2vf8v85";
})
];
mailserver = {
enable = true;
fqdn = "mail.hahn1.one";
domains = [ "hahn1.one" ];
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"jonas@hahn1.one" = {
# mail4jonas
hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C";
aliases = ["postmaster@hahn1.one" "j@hahn1.one"];
};
"security@hahn1.one" = {
# mail4jonas
hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C";
aliases = ["sec@hahn1.one"];
};
"christiane@hahn1.one" = {
# mail4jonas
hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q";
aliases = ["ch@hahn1.one"];
};
"horst@hahn1.one" = {
# mail4jonas
hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q";
aliases = ["ho@hahn1.one"];
};
"theo@hahn1.one" = {
# mail4jonas
hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q";
aliases = ["th@hahn1.one"];
};
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = "acme-nginx";
};
}