Bun/ROCKPro64-Server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Full fork to new repo

Browse source
This commit is contained in:
Jimbo 2025-02-28 12:08:04 -05:00
parent fcc6d5cd96
commit ec3abf9fd4
41 changed files with 1034 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
modules/system/secrets/** filter=git-crypt diff=git-crypt

101
flake.lock generated Normal file
View file

@ -0,0 +1,101 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739841949,
"narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=",
"owner": "nix-community",
"repo": "disko",
"rev": "15dbf8cebd8e2655a883b74547108e089f051bf0",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739757849,
"narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1739758141,
"narHash": "sha256-uq6A2L7o1/tR6VfmYhZWoVAwb3gTy7j4Jx30MIrH0rE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c618e28f70257593de75a7044438efc1c1fc0791",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"type": "indirect"
}
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs",
"unstable": "unstable"
}
},
"unstable": {
"locked": {
"lastModified": 1739736696,
"narHash": "sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb+P+R4S8Jsw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d74a2335ac9c133d6bbec9fc98d91a77f1604c1f",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
}
},
"root": "root",
"version": 7
}

35
flake.nix Normal file
View file

@ -0,0 +1,35 @@
{
inputs = {
# System inputs
nixpkgs.url = "nixpkgs/nixos-24.11";
unstable.url = "nixpkgs/nixos-unstable";
impermanence.url = "github:nix-community/impermanence";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
# Home inputs
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
unstable,
impermanence,
disko,
home-manager,
...
}@inputs:
{
nixosConfigurations.rubble = nixpkgs.lib.nixosSystem {
modules = [ ./host ];
specialArgs = inputs;
};
};
}

19
host/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ ... }:
{
imports = [
./disko
./hardware
../modules/system
];
networking = {
hostName = "rubble";
hostId = "e0b1fcef";
};
system = {
extlinux.enable = true;
wireless.enable = true;
stateVersion = "24.11";
};
}

90
host/disko/default.nix Normal file
View file

@ -0,0 +1,90 @@
{ config, disko, ... }:
{
imports = [ disko.nixosModules.disko ];
disko.devices = {
disk = {
"${config.networking.hostName}" = {
type = "disk";
device = "/dev/mmcblk1";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "${config.networking.hostName}-disk";
settings.allowDiscards = true;
passwordFile = "/tmp/secret.key";
content = {
type = "lvm_pv";
vg = "${config.networking.hostName}";
};
};
};
};
};
};
};
lvm_vg = {
"${config.networking.hostName}" = {
type = "lvm_vg";
lvs = {
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
"/prev" = {
mountpoint = "/prev";
mountOptions = [ "compress=zstd" "noatime" "ssd" "noexec" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
# Impermanence
"/persist" = {
mountpoint = "/persist";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
"/persist/.snapshots" = { };
"/persist/home/${config.sysusers.main}" = { };
"/persist/home/${config.sysusers.main}/.snapshots" = { };
};
};
};
swap = {
size = "4G";
content = {
type = "swap";
discardPolicy = "both";
};
};
};
};
};
};
# Needed for impermanence
fileSystems."/persist".neededForBoot = true;
}

8
host/hardware/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.kernelModules = [ "ahci" "dm-snapshot" "mmc_core" "pcie_rockchip_host" "phy_rockchip_pcie" "rockchip_dfi" "rockchip_thermal" "rtc_rk808" "rockchip_saradc" "uas" "fusb302" ];
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

1
host/id_ed25519.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4oyz5yAvmVZDdr3NL2AmlnCA6Z17b2Vj0FXj07DFiv

10
modules/home/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ lib, ... }:
{
imports = [
./programs
./settings
./user
];
config.home.stateVersion = "24.11";
}

11
modules/home/programs/btop/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
programs.btop = {
enable = true;
settings = {
vim_keys = true;
rounded_corners = false;
theme_background = false;
};
};
}

16
modules/home/programs/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }:
{
imports = [
./btop
./eza
./fastfetch
./git
./headless
./neovim
./nh
./nix-index
./ranger
./tmux
./zsh
];
}

10
modules/home/programs/eza/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
programs.eza = {
enable = true;
git = true;
icons = "auto";
colors = "always";
extraOptions = [ "--group-directories-first" ];
};
}

97
modules/home/programs/fastfetch/config.jsonc Normal file
View file

@ -0,0 +1,97 @@
{
"$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
"logo": {
"source": "xenia",
"color": {
"1": "1;97",
"2": "red",
"3": "yellow"
}
},
"display": {
"separator": " \u001b[33m ",
"color": "red"
},
"modules": [
{
"type": "custom",
"format": "\u001b[1m—————————————————————————————————————"
},
{
"type": "host",
"key": "󰌢 "
},
{
"type": "cpu",
"key": " "
},
{
"type": "gpu",
"key": "󰢮 "
},
{
"type": "disk",
"folders": "/",
"key": " "
},
{
"type": "memory",
"format": "{/1}{-}{/}{/2}{-}{/}{} / {}",
"key": " "
},
{
"type": "display",
"compactType": "original",
"key": "󰍹 "
},
{
"type": "custom",
"format": "\u001b[1m—————————————————————————————————————"
},
{
"type": "os",
"format": "{3} {12}",
"key": "󰍛 "
},
{
"type": "kernel",
"format": "{1} {2}",
"key": " "
},
{
"type": "wm",
"key": " "
},
{
"type": "shell",
"key": " "
},
{
"type": "terminal",
"key": " "
},
{
"type": "packages",
"key": "󰆧 "
},
{
"type": "uptime",
"key": "󰅐 "
},
{
"type": "command",
"text": "date -d @$(stat -c %W /persist) '+%a %b %d %r %Z %Y'",
"key": "󰶡 "
},
{
"type": "custom",
"format": "\u001b[1m—————————————————————————————————————"
},
{
"type": "custom",
"format": "\u001b[90m󰮯 \u001b[31m󰊠 \u001b[32m󰊠 \u001b[33m󰊠 \u001b[34m󰊠 \u001b[35m󰊠 \u001b[36m󰊠 \u001b[37m󰊠"
}
]
}

7
modules/home/programs/fastfetch/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
imports = [ ./small ];
programs.fastfetch.enable = true;
xdg.configFile."fastfetch/config.jsonc".source = ./config.jsonc;
}

5
modules/home/programs/fastfetch/small/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [ (pkgs.writeScriptBin "pfetch" "fastfetch --config ~/.config/fastfetch/small.jsonc") ];
xdg.configFile."fastfetch/small.jsonc".source = ./small.jsonc;
}

34
modules/home/programs/fastfetch/small/small.jsonc Normal file
View file

@ -0,0 +1,34 @@
{
"logo": {
"type": "small"
},
"modules": [
{
"type": "os",
"format": "{3} {12}",
"key": "󰍛 "
},
{
"type": "host",
"key": "󰌢 "
},
{
"type": "kernel",
"format": "{1} {2}",
"key": " "
},
{
"type": "uptime",
"key": "󰅐 "
},
{
"type": "packages",
"key": "󰆧 "
},
{
"type": "memory",
"format": "{/1}{-}{/}{/2}{-}{/}{} / {}",
"key": " "
}
]
}

15
modules/home/programs/git/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ pkgs, ... }:
{
programs.git = {
enable = true;
userName = "Jimbo";
userEmail = "jimbo@nixfox.ca";
};
programs.lazygit.enable = true;
home.packages = with pkgs; [
gnupg
git-crypt
];
}

8
modules/home/programs/headless/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ lib, pkgs, ... }:
{
home.packages = with pkgs; [
dua
p7zip
vimv
];
}

112
modules/home/programs/neovim/default.nix Normal file
View file

@ -0,0 +1,112 @@
{ config, pkgs, ... }:
{
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
plugins = with pkgs.vimPlugins; [
# Vim theme
vim-airline
vim-airline-themes
# Internal clipboard
vim-vsnip
cmp-vsnip
# Autocomplete manager
lspkind-nvim
# Autocomplete plugins
cmp-nvim-lsp
cmp-buffer
cmp-path
cmp-cmdline
nvim-cmp
# Hex color visualizer and color theme
nvim-colorizer-lua
vim-monokai-pro
# Discord RPC
vimsence
# Nerdtree
nerdtree
vim-nerdtree-syntax-highlight
# Misc languages
kdl-vim
];
extraConfig = ''
lua <<EOF
-- Set up nvim-cmp
local cmp = require'cmp'
cmp.setup({
snippet = {
-- REQUIRED - you must specify a snippet engine
expand = function(args)
vim.fn["vsnip#anonymous"](args.body)
end,
},
mapping = cmp.mapping.preset.insert({
['<C-b>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete(),
['<C-e>'] = cmp.mapping.abort(),
['<CR>'] = cmp.mapping.confirm({ select = true }), -- Accept currently selected item. Set `select` to `false` to only confirm explicitly selected items.
}),
sources = cmp.config.sources({
{ name = 'nvim_lsp' },
{ name = 'vsnip' }
}, {
{ name = 'buffer' },
})
})
-- Use buffer source for '/' and '?'
cmp.setup.cmdline({ '/', '?' }, {
mapping = cmp.mapping.preset.cmdline(),
sources = {
{ name = 'buffer' }
}
})
-- Use cmdline & path source for ':'
cmp.setup.cmdline(':', {
mapping = cmp.mapping.preset.cmdline(),
sources = cmp.config.sources({
{ name = 'path' }
}, {
{ name = 'cmdline' }
})
})
EOF
colorscheme monokai_pro
let g:airline_theme='onedark'
let g:airline#extensions#tabline#enabled = 1
hi Normal guibg=none ctermbg=235
hi Visual guibg=#202020 ctermbg=238
hi Pmenu guibg=#202020 ctermbg=238
hi EndOfBuffer guibg=none ctermbg=235
hi LineNr guibg=none ctermbg=none
lua require'colorizer'.setup()
set nu rnu
set termguicolors
set mouse=a
set undofile
set undodir=$HOME/.local/share/nvim/undo
set undolevels=100
set undoreload=10000
nmap <C-x> :bnext<CR>
nmap <C-z> :bprev<CR>
nmap <C-w> :bd<CR>
nmap <C-a> :NERDTreeToggleVCS<CR>
'';
};
}

7
modules/home/programs/nh/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
programs.nh = {
enable = true;
flake = "/etc/nixos";
};
}

4
modules/home/programs/nix-index/default.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }:
{
programs.nix-index.enable = true;
}

122
modules/home/programs/ranger/default.nix Normal file
View file

@ -0,0 +1,122 @@
{ pkgs, config, ... }:
{
programs.ranger = {
enable = true;
settings = {
preview_images = true;
preview_images_method = "sixel";
dirname_in_tabs = true;
autosave_bookmarks = false;
show_hidden = true;
wrap_scroll = true;
column_ratios = "2,2,4";
hidden_filter = ''^\.|\.(?:pyc|pyo|bak|swp)$|^lost\+found$|^__(py)?cache__$'';
};
rifle = [
# Media
{
condition = ''mime ^image, has imv, X, flag f'';
command = ''imv -- "$@"'';
}
{
condition = ''mime ^video, terminal, has mpv'';
command = ''mpv -- "$@"'';
}
{
condition = ''mime ^video, terminal, has mpv'';
command = ''mpv --video-rotate=270 -- "$@"'';
}
{
condition = ''mime ^audio|ogg$, terminal, has mpv'';
command = ''mpv --no-audio-display -- "$@"'';
}
{
condition = ''mime ^audio|ogg$, terminal, has mpv'';
command = ''mpv --shuffle --no-audio-display -- "$@"'';
}
{
condition = ''ext x?html?|pdf, has firefox, X, flag f'';
command = ''firefox -- "$@"'';
}
{
condition = ''ext pptx?|od[dfgpst]|docx?|sxc|xlsx?|xlt|xlw|gnm|gnumeric, has libreoffice, X, flag f'';
command = ''libreoffice "$@"'';
}
# Scripts
{
condition = ''sh'';
command = ''sh -- "$1"'';
}
{
condition = ''py'';
command = ''python -- "$1"'';
}
{
condition = ''pl'';
command = ''perl -- "$1"'';
}
{
condition = ''js'';
command = ''node -- "$1"'';
}
{
condition = ''php'';
command = ''php -- "$1"'';
}
# Misc
{
condition = ''ext exe|msi'';
command = ''wine "$1"'';
}
{
condition = ''ext 7z|ace|ar|arc|bz2?|cab|cpio|cpt|deb|dgc|dmg|gz|iso|jar|pkg|rar|shar|tar|tgz|xar|xpi|xz|zip|zst, has 7z'';
command = ''7z x -- "$@"'';
}
{
condition = ''label open, has xdg-open'';
command = ''vim -- "$@"'';
}
];
plugins = [
{
name = "devicons2";
src = builtins.fetchGit {
url = "https://github.com/cdump/ranger-devicons2";
rev = "94bdcc19218681debb252475fd9d11cfd274d9b1";
};
}
];
extraConfig = ''
default_linemode devicons2
'';
};
# Ranger's bookmarks and necessary tools
home = {
file = {
".local/share/ranger/bookmarks".text = ''
# Local files
h:/home/${config.home.username}/
k:/home/${config.home.username}/Keepers
j:/home/${config.home.username}/Downloads
v:/home/${config.home.username}/Videos
c:/home/${config.home.username}/.config
l:/home/${config.home.username}/.local
d:/mnt
n:/etc/nixos
# Remote files
J:/home/${config.home.username}/KittyNFS
K:/home/${config.home.username}/KittyNFS/Files
V:/home/${config.home.username}/KittyNFS/Media
M:/home/${config.home.username}/KittyNFS/Music
'';
};
packages = with pkgs; [
imagemagick
poppler_utils
];
};
}

24
modules/home/programs/tmux/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ ... }:
{
programs.tmux = {
enable = true;
keyMode = "vi";
mouse = true;
terminal = "st-256color";
historyLimit = 4096;
baseIndex = 1;
extraConfig = ''
set -g status on
set -g status-left ""
set -g status-position bottom
set -g status-right "#[bg=brightblack]#[fg=dark_purple] #T "
set -g status-style "bg=black"
set -g set-titles on
set -g set-titles-string "#T"
setw -g window-status-format "#[bg=brightmagenta]#[fg=black] #I #[bg=brightblack]#[fg=white] #W "
setw -g window-status-current-format "#[bg=brightmagenta]#[fg=black] #I #[bg=white]#[fg=black] #W "
'';
};
}

23
modules/home/programs/zsh/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ pkgs, ... }:
{
programs.zsh = {
enable = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
oh-my-zsh = {
enable = true;
theme = "agnoster";
plugins = [
"git"
"history"
];
};
initExtra = ''
pfetch
source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh
source ${pkgs.zsh-you-should-use}/share/zsh/plugins/you-should-use/you-should-use.plugin.zsh
setopt HIST_IGNORE_SPACE
setopt RM_STAR_WAIT
'';
};
}

7
modules/home/settings/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./aliases
./nix
];
}

16
modules/home/settings/nix/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, lib, pkgs, unstable, ... }:
{
nix = {
package = lib.mkForce pkgs.nix;
settings.experimental-features = [
"nix-command"
"flakes"
];
registry.unstable.flake = unstable;
};
_module.args.pkgsUnstable = import unstable {
inherit (pkgs.stdenv.hostPlatform) system;
inherit (config.nixpkgs) config;
};
}

14
modules/home/user/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, ... }:
{
home = {
username = "jimbo";
homeDirectory = "/home/${config.home.username}";
sessionVariables = {
EDITOR = "nvim";
MANPAGER = "nvim +Man!";
LIBVIRT_DEFAULT_URI = "qemu:///system";
HISTCONTROL = "ignoreboth";
NIXPKGS_ALLOW_UNFREE = 1;
};
};
}

48
modules/system/accounts/users/custom/jules/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ config, lib, pkgs, ... }:
{
options.sysusers = lib.mkOption {
type = lib.types.attrs;
};
config = {
sysusers.main = "jimbo";
users.users."${config.sysusers.main}" = {
hashedPassword = config.secrets.mainAccPass;
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [
../../../../../../hosts/tower/id_ed25519.pub
../../../../../../hosts/envy/id_ed25519.pub
../../../../../../hosts/redmond/id_ed25519.pub
../../../../../../hosts/kitty/id_ed25519.pub
../../../../../../hosts/midas/id_ed25519.pub
../../../../../../hosts/prophet/id_ed25519.pub
../../../../../../hosts/rubble/id_ed25519.pub
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
];
extraGroups = [
"wheel"
"audio"
"video"
"input"
"disk"
"dialout"
"rtkit"
"kvm"
"libvirtd"
"qemu-libvirtd"
"nginx"
"minecraft"
"nfsShare"
];
uid = 1000;
shell = pkgs.zsh;
};
home-manager.users."${config.sysusers.main}" = import ../../../../../home;
};
}

38
modules/system/accounts/users/custom/main/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, lib, pkgs, ... }:
{
options.sysusers = lib.mkOption {
type = lib.types.attrs;
};
config = {
sysusers.main = "jimbo";
users.users."${config.sysusers.main}" = {
hashedPassword = config.secrets.mainAccPass;
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFGHaxdTeC1xnTx2BY5LLR5LxhdSkmYoWuOeEuRIz0k"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
];
extraGroups = [
"wheel"
"audio"
"video"
"input"
"disk"
"dialout"
"rtkit"
"kvm"
"libvirtd"
"qemu-libvirtd"
"nginx"
"nfsShare"
];
uid = 1000;
shell = pkgs.zsh;
};
home-manager.users."${config.sysusers.main}" = import ../../../../../home;
};
}

16
modules/system/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, ... }:
{
imports = [
./accounts
./devices
./programs
./secrets
./services
./settings
];
options.system = with lib; {
desktop.enable = lib.mkEnableOption "Enable desktop apps and services";
server.enable = lib.mkEnableOption "Enable server apps and services";
};
}

12
modules/system/devices/boot/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
imports = [
./extlinux
./services
];
boot.kernel.sysctl = {
"vm.max_map_count" = 2147483642;
"kernel.sysrq" = 1;
};
}

8
modules/system/devices/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
./boot
./disks
./networking
];
}

24
modules/system/devices/networking/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, ... }:
{
imports = [ ./wireless ];
networking = {
wireless.enable = false;
dhcpcd.enable = true;
nftables.enable = true;
firewall.allowPing = false;
useNetworkd = true;
nameservers = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
};
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = config.networking.nameservers;
dnsovertls = "true";
};
}

8
modules/system/programs/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
./git
./home-manager
./shells
];
}

12
modules/system/programs/home-manager/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ unstable, ... }:
{
home-manager = {
useUserPackages = true;
backupFileExtension = "bak";
extraSpecialArgs = {
inherit
unstable
;
};
};
}

7
modules/system/programs/shells/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
programs.zsh.enable = true;
}

BIN
modules/system/secrets/default.nix Normal file
View file

Binary file not shown.

11
modules/system/services/general/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
imports = [
./earlyoom
./libvirtd
./snowflake
./ssh
./tlp
./userborn
];
}

13
modules/system/services/server/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
imports = [
./cfdyndns
./fileserver
./forgejo
./mysql
./socialserver
./transmission
./vaultwarden
./webserver
];
}

24
modules/system/services/server/webserver/nginx/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, ... }:
{
imports = [
./rtmp
./virtualhosts
];
config = lib.mkIf config.system.server.enable {
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
environment.persistence."/persist".directories = [ "/var/www" ];
networking.firewall.allowedTCPPorts = [
80
443
];
};
}

9
modules/system/settings/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
imports = [
./minimal
./nix
./security
./timezone
];
}

7
modules/system/settings/security/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./apparmor
./privilege
];
}