diff --git a/hosts/laptop/home.nix b/hosts/laptop/home.nix index fa69f11..3af688b 100644 --- a/hosts/laptop/home.nix +++ b/hosts/laptop/home.nix @@ -8,20 +8,22 @@ homeDirectory = "/home/k"; stateVersion = "23.11"; enableNixpkgsReleaseCheck = false; - packages = with pkgs;[ - nerdfonts - firefox - keepassxc - thunderbird - blender - vesktop - btop - zip - spotify - distrobox + packages = [ + pkgs.nerdfonts + pkgs.firefox + pkgs.keepassxc + pkgs.syncthing + pkgs.thunderbird + pkgs.blender + pkgs.vesktop + pkgs.btop + pkgs.zip + pkgs.spotify + pkgs.distrobox - modrinth-app - direnv + pkgs.modrinth-app + pkgs.emacs + pkgs.direnv ]; }; @@ -32,12 +34,6 @@ userEmail = "markers711@gmail.com"; }; - direnv = { - enable = true; - enableZshIntegration = true; - nix-direnv.enable = true; - }; - starship.enable = true; zsh = { enable = true; @@ -58,12 +54,5 @@ }; }; - services = { - syncthing.enable = true; - activitywatch.enable = true; - emacs = { - enable = true; - defaultEditor = true; - }; - }; + services = { syncthing.enable = true; }; } diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index c5bb3f4..f8636d1 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -1,36 +1,82 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + { config, pkgs, inputs, ... }: { - imports = [ ./hardware-configuration.nix ./service.nix ]; + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./service.nix + ]; + nix.settings.experimental-features = ["nix-command" "flakes"]; + nixpkgs.config.allowUnfree = true; + + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/New_York"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + + # Enable CUPS to print documents. + services.auto-cpufreq.enable = true; + services.thermald.enable = true; + powerManagement.powertop.enable = true; powerManagement.enable = true; - system.autoUpgrade.enable = true; - nix = { - settings.experimental-features = [ "nix-command" "flakes" ]; - gc.automatic = true; - }; - - programs = { - nix-ld.enable = true; - nix-ld.libraries = with pkgs; [ glibc glib ]; - zsh.enable = true; - }; + programs.nix-ld.enable = true; + programs.nix-ld.libraries = with pkgs; [ + ]; + programs.zsh.enable = true; users.users.k = { isNormalUser = true; description = "k"; extraGroups = [ "networkmanager" "wheel" ]; - packages = with pkgs; [ zsh ]; + packages = with pkgs; [zsh]; shell = pkgs.zsh; }; + home-manager = { + users = { + "k" = import ./home.nix; + }; + }; - home-manager = { users = { "k" = import ./home.nix; }; }; + system.autoUpgrade.enable = true; + nix.gc.automatic = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget environment.systemPackages = with pkgs; [ - intel-vaapi-driver - intel-compute-runtime - intel-media-driver - microcodeIntel + docker-compose + intel-vaapi-driver + intel-compute-runtime + intel-media-driver + microcodeIntel ]; # This value determines the NixOS release from which the default diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix index dc454e8..7b7f673 100644 --- a/hosts/server/hardware-configuration.nix +++ b/hosts/server/hardware-configuration.nix @@ -4,10 +4,11 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = - [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; @@ -16,19 +17,21 @@ boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "nixserver"; # Define your hostname. + - fileSystems."/" = { - device = "/dev/disk/by-uuid/aaf4a4be-fed2-42b2-be79-4ca920bb7292"; - fsType = "ext4"; - }; + fileSystems."/" = + { device = "/dev/disk/by-uuid/aaf4a4be-fed2-42b2-be79-4ca920bb7292"; + fsType = "ext4"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/150F-09C6"; - fsType = "vfat"; - }; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/150F-09C6"; + fsType = "vfat"; + }; swapDevices = - [{ device = "/dev/disk/by-uuid/ecde85bd-abea-4926-80d5-810b01d0e364"; }]; + [ { device = "/dev/disk/by-uuid/ecde85bd-abea-4926-80d5-810b01d0e364"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -38,6 +41,5 @@ # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/server/home.nix b/hosts/server/home.nix index 03c6ee2..982a8b5 100644 --- a/hosts/server/home.nix +++ b/hosts/server/home.nix @@ -1,32 +1,34 @@ { config, pkgs, inputs, ... }: { + home.enableNixpkgsReleaseCheck = false; nixpkgs.config.allowUnfree = true; - home = { - username = "k"; - homeDirectory = "/home/k"; - stateVersion = "23.11"; - enableNixpkgsReleaseCheck = false; + home.username = "k"; + home.homeDirectory = "/home/k"; + home.stateVersion = "23.11"; - packages = [ pkgs.neovim pkgs.btop ]; + home.packages = [ + pkgs.syncthing + pkgs.neovim + pkgs.btop + ]; + + programs.git = { + enable = true; + userName = "k"; + userEmail = "markers711@gmail.com"; }; - programs = { - git = { - enable = true; - userName = "k"; - userEmail = "markers711@gmail.com"; - }; - - starship.enable = true; - zsh = { - enable = true; - autosuggestion.enable = true; - enableCompletion = true; - syntaxHighlighting.enable = true; - autocd = true; - plugins = [{ + programs.starship.enable = true; + programs.zsh = { + enable = true; + autosuggestion.enable = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + autocd = true; + plugins = [ + { name = "zsh-nix-shell"; file = "nix-shell.plugin.zsh"; src = pkgs.fetchFromGitHub { @@ -35,9 +37,8 @@ rev = "v0.8.0"; sha256 = "1lzrn0n4fxfcgg65v0qhnj7wnybybqzs4adz7xsrkgmcsr0ii8b7"; }; - }]; - }; + } + ]; }; - services.syncthing.enable = true; } diff --git a/hosts/server/service.nix b/hosts/server/service.nix index fd7c95b..f1e5b6c 100644 --- a/hosts/server/service.nix +++ b/hosts/server/service.nix @@ -1,150 +1,151 @@ -{ pkgs, lib, ... }: { +{pkgs,lib,...}: +{ + networking.firewall = { enable = true; - allowedTCPPorts = [ 80 443 22 ]; + allowedTCPPorts = [80 443 22 ]; }; + services.openssh = { + enable = true; + }; + + services.jellyfin = { + enable = true; + }; + + services.gitea = { + enable = true; + settings = { + service.DISABLE_REGISTRATION = true; + server = { + HTTP_PORT = 8001; + DOMAIN = "dhilton.xyz"; + ROOT_URL = "https://git.dhilton.xyz"; + ENABLE_PUSH_CREATE_USER = true; + }; + }; + }; + + services.gitea-actions-runner.instances.home = { + enable = true; + url = "https://git.dhilton.xyz"; + name = "nixsrv"; + token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj"; + labels = ["ubuntu-latest:docker://catthehacker/ubuntu:act-latest" "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" "ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04" "native:host"]; + }; + + services.home-assistant = { + enable = true; + extraComponents = ["wiz" "fail2ban"]; + config = { + default_config={}; + "automation ui" = "!include automations.yaml"; + http = { + use_x_forwarded_for="true"; + trusted_proxies=["127.0.0.1"]; + server_port=8003; + }; + }; + }; + + + services.ntfy-sh = { + enable = true; + settings = { + listen-http = ":8004"; + auth-file = "/var/lib/ntfy.db"; + auth-default-access = "read-only"; + base-url = "https://ntfy.dhilton.xyz"; + }; + }; + + services.searx = { + enable=true; + settings = { server.port = 8005; server.secret_key = "secretlol";}; + }; + + services.fail2ban = { + enable=true; + }; + + virtualisation.docker = { + enable = true; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + }; + + services.nginx.virtualHosts = { + + "dhilton.xyz" = { + enableACME = true; + forceSSL = true; + root = "/var/www/dhilton"; + }; + + "git.dhilton.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8001"; + proxyWebsockets = true; + }; + }; + + "ntfy.dhilton.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8004"; + proxyWebsockets = true; + }; + }; + + "jel.dhilton.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8096"; + proxyWebsockets = true; + }; + }; + + "puf.dhilton.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8002"; + proxyWebsockets = true; + }; + }; + + "srx.dhilton.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8005"; + proxyWebsockets = true; + }; + }; + + "hom.dhilton.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8003"; + proxyWebsockets = true; + }; + }; + }; + + security.acme = { acceptTerms = true; defaults.email = "markers711@gmail.com"; }; - - virtualisation.docker = { enable = true; }; - - services = { - openssh = { enable = true; }; - - jellyfin = { enable = true; }; - - fail2ban = { enable = true; }; - - gitea = { - enable = true; - settings = { - service.DISABLE_REGISTRATION = true; - server = { - HTTP_PORT = 8001; - DOMAIN = "dhilton.xyz"; - ROOT_URL = "https://git.dhilton.xyz"; - ENABLE_PUSH_CREATE_USER = true; - }; - }; - }; - - gitea-actions-runner.instances.home = { - enable = true; - url = "https://git.dhilton.xyz"; - name = "nixsrv"; - token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj"; - labels = [ - "ubuntu-latest:docker://catthehacker/ubuntu:act-latest" - "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" - "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" - "ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04" - "native:host" - ]; - }; - - home-assistant = { - enable = true; - extraComponents = [ "wiz" "fail2ban" ]; - config = { - default_config = { }; - "automation ui" = "!include automations.yaml"; - http = { - use_x_forwarded_for = "true"; - trusted_proxies = [ "127.0.0.1" ]; - server_port = 8003; - }; - }; - }; - - ntfy-sh = { - enable = true; - settings = { - listen-http = ":8004"; - auth-file = "/var/lib/ntfy.db"; - auth-default-access = "read-only"; - base-url = "https://ntfy.dhilton.xyz"; - }; - }; - - searx = { - enable = true; - settings = { - server.port = 8005; - server.secret_key = "secretlol"; - }; - }; - - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - virtualHosts = { - - "dhilton.xyz" = { - enableACME = true; - forceSSL = true; - root = "/var/www/dhilton"; - }; - - "git.dhilton.xyz" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8001"; - proxyWebsockets = true; - }; - }; - - "ntfy.dhilton.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8004"; - proxyWebsockets = true; - }; - }; - - "jel.dhilton.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8096"; - proxyWebsockets = true; - }; - }; - - "puf.dhilton.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8002"; - proxyWebsockets = true; - }; - }; - - "srx.dhilton.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8005"; - proxyWebsockets = true; - }; - }; - - "hom.dhilton.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8003"; - proxyWebsockets = true; - }; - }; - }; - }; - }; }