Jimbo/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

More service changes start the move to nixfox.ca and replace the username

Browse source
This commit is contained in:
Jimbo 2025-01-01 18:32:50 -05:00
parent bf138bcd93
commit ab6f4f9946
33 changed files with 54 additions and 203 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -1,4 +1,4 @@
## Jimbo's Nix Systems ## Nix Systems
Thanks for taking a look at my Nix* flake! Thanks for taking a look at my Nix* flake!
While this is primarily organized for my own use, you may find each individual service or config useful to read, reference, learn from, and adapt for your own systems. While this is primarily organized for my own use, you may find each individual service or config useful to read, reference, learn from, and adapt for your own systems.

1
flake.nix
View file

@ -76,7 +76,6 @@
tower = mkNix [ ./hosts/tower ]; # Main Desktop tower = mkNix [ ./hosts/tower ]; # Main Desktop
envy = mkNix [ ./hosts/envy ]; # HP Convertable envy = mkNix [ ./hosts/envy ]; # HP Convertable
lacros = mkNix [ ./hosts/lacros ]; # Dell Chromebook
redmond = mkNix [ ./hosts/redmond ]; # Lenovo Dual-Boot redmond = mkNix [ ./hosts/redmond ]; # Lenovo Dual-Boot
extern = mkNix [ ./hosts/extern ]; # External Drive/USB extern = mkNix [ ./hosts/extern ]; # External Drive/USB

7
hosts/lacros/boot/default.nix
View file

@ -1,7 +0,0 @@
{ pkgs, ... }:
{
boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernel.sysctl."vm.max_map_count" = 2147483642;
};
}

22
hosts/lacros/default.nix
View file

@ -1,22 +0,0 @@
{ lib, ... }:
{
imports = [
./boot
./disko
./filesystems
./hardware
./users
../../modules/system
];
services.keyd.keyboards.default.settings.main = {
leftmeta = lib.mkForce "overload(control, esc)";
leftcontrol = lib.mkForce "leftmeta";
f13 = lib.mkForce "delete";
};
system.lanzaboote.enable = true;
networking.hostName = "lacros";
system.stateVersion = "24.11";
}

97
hosts/lacros/disko/default.nix
View file

@ -1,97 +0,0 @@
{ disko, config, ... }:
{
imports = [ disko.nixosModules.disko ];
disko.devices = {
disk = {
"${config.networking.hostName}" = {
type = "disk";
device = "/dev/mmcblk0";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
size = "1500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "${config.networking.hostName}-disk";
settings.allowDiscards = true;
passwordFile = "/tmp/secret.key";
content = {
type = "lvm_pv";
vg = "${config.networking.hostName}";
};
};
};
};
};
};
};
lvm_vg = {
"${config.networking.hostName}" = {
type = "lvm_vg";
lvs = {
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
"/prev" = {
mountpoint = "/prev";
mountOptions = [ "compress=zstd" "noatime" "ssd" "noexec" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
# Impermanence
"/persist" = {
mountpoint = "/persist";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
"/persist/.snapshots" = { };
"/jimbo" = {
mountpoint = "/persist/home/jimbo";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
"/jimbo/.snapshots" = { };
};
};
};
swap = {
size = "1500M";
content = {
type = "swap";
discardPolicy = "both";
};
};
};
};
};
};
# Needed for impermanence
fileSystems = {
"/persist".neededForBoot = true;
"/persist/home/jimbo".neededForBoot = true;
};
}

11
hosts/lacros/filesystems/default.nix
View file

@ -1,11 +0,0 @@
{ config, ... }:
{
fileSystems = {
# Network mounts
"/home/jimbo/JimboNFS" = {
device = "10.100.0.1:/export/JimboNFS";
fsType = "nfs4";
options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ];
};
};
}

11
hosts/lacros/hardware/default.nix
View file

@ -1,11 +0,0 @@
{ config, lib, ... }:
{
boot.kernelModules = [ "kvm-intel" ];
boot.initrd.availableKernelModules = [ "xhci_pci" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

1
hosts/lacros/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk6ALxn+zKrRys6/c1oYSoWJaUUEo3nAM224ElhjJQR

4
hosts/lacros/users/default.nix
View file

@ -1,4 +0,0 @@
{ ... }:
{
imports = [ ./jimbo ];
}

6
hosts/lacros/users/jimbo/default.nix
View file

@ -1,6 +0,0 @@
{ lib, ... }:
{
home-manager.users.jimbo = {
home.stateVersion = lib.mkForce "24.11";
};
}

7
modules/system/accounts/users/custom/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ home-manager, ... }:
{
imports = [
./jimbo
home-manager.nixosModules.home-manager
];
}

13
modules/system/accounts/users/jimbo/default.nix → modules/system/accounts/users/custom/jimbo/default.nix
View file

@ -5,14 +5,13 @@
hashedPassword = config.secrets.jimboAccPass; hashedPassword = config.secrets.jimboAccPass;
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
(builtins.readFile ../../../../../hosts/tower/id_ed25519.pub) (builtins.readFile ../../../../../../hosts/tower/id_ed25519.pub)
(builtins.readFile ../../../../../hosts/envy/id_ed25519.pub) (builtins.readFile ../../../../../../hosts/envy/id_ed25519.pub)
(builtins.readFile ../../../../../hosts/lacros/id_ed25519.pub) (builtins.readFile ../../../../../../hosts/redmond/id_ed25519.pub)
(builtins.readFile ../../../../../hosts/redmond/id_ed25519.pub)
(builtins.readFile ../../../../../hosts/kitty/id_ed25519.pub) (builtins.readFile ../../../../../../hosts/kitty/id_ed25519.pub)
(builtins.readFile ../../../../../hosts/prophet/id_ed25519.pub) (builtins.readFile ../../../../../../hosts/prophet/id_ed25519.pub)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
]; ];
@ -35,5 +34,5 @@
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
home-manager.users.jimbo = import ../../../../home; home-manager.users.jimbo = import ../../../../../home;
} }

9
modules/system/accounts/users/default.nix
View file

@ -1,11 +1,8 @@
{ home-manager, ... }: { ... }:
{ {
imports = [ imports = [
./jimbo ./custom
./liquidsoap ./system
./nextcloud
./nginx
home-manager.nixosModules.home-manager
]; ];
users.mutableUsers = false; users.mutableUsers = false;

8
modules/system/accounts/users/system/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
./liquidsoap
./nextcloud
./nginx
];
}

0
modules/system/accounts/users/liquidsoap/default.nix → modules/system/accounts/users/system/liquidsoap/default.nix
View file

0
modules/system/accounts/users/nextcloud/default.nix → modules/system/accounts/users/system/nextcloud/default.nix
View file

0
modules/system/accounts/users/nginx/default.nix → modules/system/accounts/users/system/nginx/default.nix
View file

2
modules/system/services/server/acme/default.nix
View file

@ -2,6 +2,6 @@
{ {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "jimjam4real@gmail.com"; defaults.email = "jimbo@${config.domains.p2}";
}; };
} }

20
modules/system/services/server/ddclient/default.nix
View file

@ -4,19 +4,19 @@
enable = config.system.server.enable; enable = config.system.server.enable;
protocol = "cloudflare"; protocol = "cloudflare";
usev4 = "web, web=https://ipinfo.io/ip"; usev4 = "web, web=https://ipinfo.io/ip";
zone = "${config.domains.p1}"; zone = "${config.domains.p2}";
username = "token"; username = "token";
passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}"; passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}";
domains = [ domains = [
"${config.domains.p1}" "${config.domains.p2}"
"*.${config.domains.p1}" "*.${config.domains.p2}"
"sv.${config.domains.p1}" "sv.${config.domains.p2}"
"git.${config.domains.p1}" "git.${config.domains.p2}"
"turn.${config.domains.p1}" "turn.${config.domains.p2}"
"dew.${config.domains.p1}" "dew.${config.domains.p2}"
"john.${config.domains.p1}" "john.${config.domains.p2}"
"beta.${config.domains.p1}" "beta.${config.domains.p2}"
"rogue.${config.domains.p1}" "rogue.${config.domains.p2}"
]; ];
}; };
} }

4
modules/system/services/server/fileserver/nextcloud/default.nix
View file

@ -5,7 +5,7 @@
services.nextcloud = { services.nextcloud = {
enable = config.system.server.enable; enable = config.system.server.enable;
package = pkgs.nextcloud30; package = pkgs.nextcloud30;
hostName = "cloud.${config.domains.p1}"; hostName = "cloud.${config.domains.p2}";
datadir = "/mnt/nextcloud"; datadir = "/mnt/nextcloud";
https = true; https = true;
config = { config = {
@ -14,7 +14,7 @@
}; };
settings = { settings = {
trusted_proxies = [ "127.0.0.1" ]; trusted_proxies = [ "127.0.0.1" ];
trusted_domains = [ "cloud.${config.domains.p1}" ]; trusted_domains = [ "cloud.${config.domains.p2}" ];
overwriteprotocol = "https"; overwriteprotocol = "https";
mail_smtphost = "mx.${config.domains.p1}"; mail_smtphost = "mx.${config.domains.p1}";
mail_domain = "${config.domains.p1}"; mail_domain = "${config.domains.p1}";

2
modules/system/services/server/fileserver/nextcloud/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ lib, config, ... }: { lib, config, ... }:
{ {
services.nginx.virtualHosts."cloud.${config.domains.p1}" = lib.mkIf config.services.nextcloud.enable { services.nginx.virtualHosts."cloud.${config.domains.p2}" = lib.mkIf config.services.nextcloud.enable {
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
locations."/" = { locations."/" = {

2
modules/system/services/server/forgejo/default.nix
View file

@ -16,7 +16,7 @@
mailer = { mailer = {
ENABLED = true; ENABLED = true;
SMTP_ADDR = "mx.${config.domains.p1}"; SMTP_ADDR = "mx.${config.domains.p1}";
FROM = "Jimbo's Git <noreply@${config.domains.p1}>"; FROM = "NixFox Git <noreply@${config.domains.p1}>";
USER = "noreply@${config.domains.p1}"; USER = "noreply@${config.domains.p1}";
PASSWD = config.secrets.noreplyPassword; PASSWD = config.secrets.noreplyPassword;
PROTOCOL = "smtps"; PROTOCOL = "smtps";

2
modules/system/services/server/icecast/default.nix
View file

@ -8,7 +8,7 @@
services.icecast = { services.icecast = {
enable = config.system.server.enable; enable = config.system.server.enable;
listen.port = 265; listen.port = 265;
hostname = "icecast.${config.domains.p1}"; hostname = "radio.${config.domains.p2}";
admin = { admin = {
user = "jimbo"; user = "jimbo";
password = "${config.secrets.castAdminPass}"; password = "${config.secrets.castAdminPass}";

2
modules/system/services/server/icecast/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ lib, config, ... }: { lib, config, ... }:
{ {
services.nginx.virtualHosts."icecast.${config.domains.p1}" = lib.mkIf config.services.icecast.enable { services.nginx.virtualHosts."radio.${config.domains.p2}" = lib.mkIf config.services.icecast.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

2
modules/system/services/server/mailserver/roundcube/default.nix
View file

@ -2,7 +2,7 @@
{ {
services.roundcube = { services.roundcube = {
enable = config.system.mailserver.enable; enable = config.system.mailserver.enable;
hostName = "mail.${config.domains.p1}"; hostName = "mail.${config.domains.p2}";
extraConfig = '' extraConfig = ''
$config['smtp_server'] = "tls://mx.${config.domains.p1}"; $config['smtp_server'] = "tls://mx.${config.domains.p1}";
$config['smtp_user'] = "%u"; $config['smtp_user'] = "%u";

2
modules/system/services/server/minecraft/servers/roguecraft/default.nix
View file

@ -9,7 +9,7 @@ in {
serverProperties = common.serverProperties // { serverProperties = common.serverProperties // {
difficulty = 3; difficulty = 3;
server-port = 30014; server-port = 30014;
motd = "\\u00A7l\\u00A7bJimbo's \\u00A7cRoguecraft \\u00A7bserver."; motd = "\\u00A7l\\u00A7bNixFox \\u00A7cRoguecraft \\u00A7bserver.";
require-resource-pack = true; require-resource-pack = true;
resource-pack = "https://${config.domains.p1}/roguecraftresourcepackredir"; resource-pack = "https://${config.domains.p1}/roguecraftresourcepackredir";
resource-pack-sha1 = "b540c0562aba90c3ead2356bb9cb74fcf0db36b3"; resource-pack-sha1 = "b540c0562aba90c3ead2356bb9cb74fcf0db36b3";

2
modules/system/services/server/nginx/rtmp/default.nix
View file

@ -34,7 +34,7 @@
}; };
systemd.services.nginx.serviceConfig = { systemd.services.nginx.serviceConfig = {
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ]; ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
}; };
}; };
} }

2
modules/system/services/server/nginx/virtualhosts/default.nix
View file

@ -1,6 +1,6 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
./p1 ./p2
]; ];
} }

8
modules/system/services/server/nginx/virtualhosts/p1/default.nix → modules/system/services/server/nginx/virtualhosts/p2/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."${config.domains.p1}" = lib.mkIf config.system.server.enable { services.nginx.virtualHosts."${config.domains.p2}" = lib.mkIf config.system.server.enable {
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
root = "/var/www/landing-page"; root = "/var/www/landing-page";
@ -10,13 +10,13 @@
return 200 ' return 200 '
{ {
"m.homeserver": { "m.homeserver": {
"base_url": "https://matrix.${config.domains.p1}" "base_url": "https://matrix.${config.domains.p2}"
}, },
"m.identity_server": { "m.identity_server": {
"base_url": "https://matrix.org" "base_url": "https://matrix.org"
}, },
"org.matrix.msc3575.proxy": { "org.matrix.msc3575.proxy": {
"url": "https://matrix.${config.domains.p1}" "url": "https://matrix.${config.domains.p2}"
} }
} }
'; ';
@ -24,7 +24,7 @@
"/.well-known/matrix/server".extraConfig = '' "/.well-known/matrix/server".extraConfig = ''
default_type application/json; default_type application/json;
return 200 '{ "m.server": "matrix.${config.domains.p1}:443" }'; return 200 '{ "m.server": "matrix.${config.domains.p2}:443" }';
''; '';
}; };
}; };

2
modules/system/services/server/social/lemmy/default.nix
View file

@ -11,7 +11,7 @@
email = { email = {
smtp_server = "mx.${config.domains.p1}:587"; smtp_server = "mx.${config.domains.p1}:587";
smtp_login = "noreply@${config.domains.p1}"; smtp_login = "noreply@${config.domains.p1}";
smtp_from_address = "Jimbo's Lemmy <noreply@${config.domains.p1}>"; smtp_from_address = "NixFox Lemmy <noreply@${config.domains.p1}>";
smtp_password = config.secrets.noreplyPassword; smtp_password = config.secrets.noreplyPassword;
tls_type = "starttls"; tls_type = "starttls";
}; };

2
modules/system/services/server/transmission/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."torrent.${config.domains.p1}" = lib.mkIf config.services.transmission.enable { services.nginx.virtualHosts."tor.${config.domains.p2}" = lib.mkIf config.services.transmission.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

2
modules/system/services/server/vaultwarden/default.nix
View file

@ -5,7 +5,7 @@
services.vaultwarden = { services.vaultwarden = {
enable = config.system.server.enable; enable = config.system.server.enable;
config = { config = {
DOMAIN = "https://warden.${config.domains.p1}"; DOMAIN = "https://pass.${config.domains.p2}";
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222; ROCKET_PORT = 8222;

2
modules/system/services/server/vaultwarden/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."warden.${config.domains.p1}" = lib.mkIf config.services.vaultwarden.enable { services.nginx.virtualHosts."pass.${config.domains.p1}" = lib.mkIf config.services.vaultwarden.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {