Merge branch 'main' of github.com:fwastring/nix

2025-09-10 09:33:46 +02:00 · 2025-09-10 09:33:46 +02:00 · 8dafce156f
commit 8dafce156f
parent 14ba2cc1ef f8bfb3cb69
8 changed files with 165 additions and 47 deletions
--- a/maskiner/desktop/configuration.nix
+++ b/maskiner/desktop/configuration.nix
@ -14,6 +14,8 @@
    ./hardware-configuration.nix
    ../../moduler/base.nix
    ../../moduler/users.nix
+    ../../moduler/kitchenowl.nix
+    ../../moduler/radicale.nix
    #../../moduler/nginx.nix
    #../../moduler/k3s.nix
    ../../moduler/vaultwarden.nix
@ -22,12 +24,43 @@

  environment.systemPackages = with pkgs; [
    unstable.lego
-k9s
-neovim
+    k9s
+    neovim
+    git
  ];

-  services.tailscale.enable = true;
-  services.tailscale.package = pkgs.unstable.tailscale;
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "fredrik@wastring.com";
+    certs."shop.wastring.com" = {
+      dnsProvider = "gandiv5";
+      webroot = null;
+      credentialsFile = /run/secrets/gandi_key;
+      dnsPropagationCheck = true;
+    };
+  };
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."shop.wastring.com" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        proxyWebsockets = true;
+        extraConfig =
+          "proxy_ssl_server_name on;"
+          +
+            # required when the server wants to use HTTP Authentication
+            "proxy_pass_header Authorization;";
+      };
+    };
+  };
+
+  # services.tailscale.enable = true;
+  # services.tailscale.package = pkgs.unstable.tailscale;

  networking.hostName = myhostname;

--- a/maskiner/laptop/configuration.nix
+++ b/maskiner/laptop/configuration.nix
@ -1,59 +1,60 @@
-# This is your system's configuration file.
-# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
 {
  inputs,
-  lib,
  config,
  pkgs,
  myhostname,
  ...
 }:
+let
+in
 {
-  # You can import other NixOS modules here
  imports = [
    ./hardware-configuration.nix
+
    ../../moduler/base.nix
+
+    inputs.home-manager.nixosModules.home-manager
    ../../moduler/users.nix
+    ../../moduler/network.nix
+    ../../moduler/programs.nix
+    ../../moduler/system.nix
+    ../../moduler/dev.nix
+    ../../moduler/lsp.nix
+    ../../moduler/hyprland.nix
+    ../../moduler/sound.nix
  ];

+  home-manager.extraSpecialArgs = { inherit inputs pkgs; };
+  home-manager.users.fw = {
+    imports = [
+      ./../../moduler/home.nix
+    ];
+  };
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
  networking.hostName = myhostname;

-  services.xserver.dpi = 140;

  services = {
-    openssh = {
+    tailscale = {
      enable = true;
-      ports = [ 55504 ];
-      settings = {
-        PermitRootLogin = "no";
-        PasswordAuthentication = false;
-        X11Forwarding = true;
+      package = pkgs.unstable.tailscale;
+    };
+    searx = {
+      enable = true;
+      redisCreateLocally = true;
+      settings.server = {
+        bind_address = "::1";
+        port = 8000;
+        secret_key = "alsjdioefj.asdi";
      };
-      extraConfig = ''
-        			  AllowUsers fw
-        			'';
    };
  };
-  services.syncthing = {
-	  enable = true;
-	  user = "fw";
-	  openDefaultPorts = true; # Open ports in the firewall for Syncthing
-	  dataDir = "/home/fw";  # default location for new folders
-		configDir = "/home/fw/.config/syncthing";
-	  settings = {
-		  devices = {
-			  "laptop" = { id = "SCW3Z3J-NQHIKXZ-T4MR7JR-YE2VL4S-RDZ7W4F-PMSPWCQ-SGF2XLQ-CDQ3SQT"; };
-			  "fw-iphone" = { id = "CWKHS4T-PTMW6A7-EBKRQJW-YOLUWIX-CC5IBYD-Z4LDXTO-MMRHXYM-A2FA2AQ"; };
-			};
-		  folders = {
-			  "vaults" = {
-				path = "/home/fw/vaults";
-				devices = [ "laptop" "fw-iphone" ];
-				ignorePerms = false; # Enable file permission syncing
-			  };
-			};
-		};
-	};

-  system.stateVersion = "23.11";
+  system.stateVersion = "25.05";
 }
--- a/maskiner/laptop/hardware-configuration.nix
+++ b/maskiner/laptop/hardware-configuration.nix
@ -8,24 +8,24 @@
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

-  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/0f9de0d5-cdca-42a8-bb8a-070e3147396a";
+    { device = "/dev/disk/by-uuid/9c9b1ed1-a641-4ac5-a468-74a7ee5d33a9";
      fsType = "ext4";
    };

  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/3340-1019";
+    { device = "/dev/disk/by-uuid/C8FB-C0AC";
      fsType = "vfat";
      options = [ "fmask=0077" "dmask=0077" ];
    };

  swapDevices =
-    [ { device = "/dev/disk/by-uuid/36870c0d-2200-4850-a8af-7021f6776651"; }
+    [ { device = "/dev/disk/by-uuid/8a224134-94e1-4df8-9c17-f60b5881ff1c"; }
    ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -33,7 +33,7 @@
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;