fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of github.com:fwastring/nix

Browse source
This commit is contained in:
fwastring 2025-09-10 09:33:46 +02:00
commit 8dafce156f
8 changed files with 165 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

41
maskiner/desktop/configuration.nix
View file

@ -14,6 +14,8 @@
./hardware-configuration.nix ./hardware-configuration.nix
../../moduler/base.nix ../../moduler/base.nix
../../moduler/users.nix ../../moduler/users.nix
../../moduler/kitchenowl.nix
../../moduler/radicale.nix
#../../moduler/nginx.nix #../../moduler/nginx.nix
#../../moduler/k3s.nix #../../moduler/k3s.nix
../../moduler/vaultwarden.nix ../../moduler/vaultwarden.nix
@ -22,12 +24,43 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
unstable.lego unstable.lego
k9s k9s
neovim neovim
git
]; ];
services.tailscale.enable = true;
services.tailscale.package = pkgs.unstable.tailscale; security.acme = {
acceptTerms = true;
defaults.email = "fredrik@wastring.com";
certs."shop.wastring.com" = {
dnsProvider = "gandiv5";
webroot = null;
credentialsFile = /run/secrets/gandi_key;
dnsPropagationCheck = true;
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."shop.wastring.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true;
extraConfig =
"proxy_ssl_server_name on;"
+
# required when the server wants to use HTTP Authentication
"proxy_pass_header Authorization;";
};
};
};
# services.tailscale.enable = true;
# services.tailscale.package = pkgs.unstable.tailscale;
networking.hostName = myhostname; networking.hostName = myhostname;

71
maskiner/laptop/configuration.nix
View file

@ -1,59 +1,60 @@
# This is your system's configuration file. # Edit this configuration file to define what should be installed on
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ {
inputs, inputs,
lib,
config, config,
pkgs, pkgs,
myhostname, myhostname,
... ...
}: }:
let
in
{ {
# You can import other NixOS modules here
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../moduler/base.nix ../../moduler/base.nix
inputs.home-manager.nixosModules.home-manager
../../moduler/users.nix ../../moduler/users.nix
../../moduler/network.nix
../../moduler/programs.nix
../../moduler/system.nix
../../moduler/dev.nix
../../moduler/lsp.nix
../../moduler/hyprland.nix
../../moduler/sound.nix
]; ];
home-manager.extraSpecialArgs = { inherit inputs pkgs; };
home-manager.users.fw = {
imports = [
./../../moduler/home.nix
];
};
boot.kernelPackages = pkgs.linuxPackages_latest;
networking.hostName = myhostname; networking.hostName = myhostname;
services.xserver.dpi = 140;
services = { services = {
openssh = { tailscale = {
enable = true; enable = true;
ports = [ 55504 ]; package = pkgs.unstable.tailscale;
settings = { };
PermitRootLogin = "no"; searx = {
PasswordAuthentication = false; enable = true;
X11Forwarding = true; redisCreateLocally = true;
settings.server = {
bind_address = "::1";
port = 8000;
secret_key = "alsjdioefj.asdi";
}; };
extraConfig = ''
AllowUsers fw
'';
}; };
}; };
services.syncthing = {
enable = true;
user = "fw";
openDefaultPorts = true; # Open ports in the firewall for Syncthing
dataDir = "/home/fw"; # default location for new folders
configDir = "/home/fw/.config/syncthing";
settings = {
devices = {
"laptop" = { id = "SCW3Z3J-NQHIKXZ-T4MR7JR-YE2VL4S-RDZ7W4F-PMSPWCQ-SGF2XLQ-CDQ3SQT"; };
"fw-iphone" = { id = "CWKHS4T-PTMW6A7-EBKRQJW-YOLUWIX-CC5IBYD-Z4LDXTO-MMRHXYM-A2FA2AQ"; };
};
folders = {
"vaults" = {
path = "/home/fw/vaults";
devices = [ "laptop" "fw-iphone" ];
ignorePerms = false; # Enable file permission syncing
};
};
};
};
system.stateVersion = "23.11"; system.stateVersion = "25.05";
} }

10
maskiner/laptop/hardware-configuration.nix
View file

@ -8,24 +8,24 @@
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/0f9de0d5-cdca-42a8-bb8a-070e3147396a"; { device = "/dev/disk/by-uuid/9c9b1ed1-a641-4ac5-a468-74a7ee5d33a9";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3340-1019"; { device = "/dev/disk/by-uuid/C8FB-C0AC";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [ "fmask=0077" "dmask=0077" ];
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/36870c0d-2200-4850-a8af-7021f6776651"; } [ { device = "/dev/disk/by-uuid/8a224134-94e1-4df8-9c17-f60b5881ff1c"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -33,7 +33,7 @@
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

1
moduler/hyprland.nix
View file

@ -94,6 +94,7 @@ in
wallpaper = [ wallpaper = [
"DP-1,/home/fw/nix/wallpapers/blue.png" "DP-1,/home/fw/nix/wallpapers/blue.png"
"eDP-1,/home/fw/nix/wallpapers/blue.png"
]; ];
}; };
}; };

26
moduler/kitchenowl.nix Normal file
View file

@ -0,0 +1,26 @@
{
lib,
config,
pkgs,
...
}:
let
in
{
virtualisation.oci-containers = {
backend = "podman";
containers = {
kitchenowl = {
image = "tombursch/kitchenowl:latest";
volumes = [
"/var/kitchenowl:/data"
];
ports = [ "127.0.0.1:8080:8080" ];
environment = {
JWT_SECRET_KEY = "jkdlaksjdljlkjlq";
}
;
};
};
};
}

32
moduler/radicale.nix Normal file
View file

@ -0,0 +1,32 @@
{
...
}:
{
security.acme = {
certs."cal.wastring.com" = {
dnsProvider = "gandiv5";
webroot = null;
credentialsFile = /run/secrets/gandi_key;
dnsPropagationCheck = true;
};
};
services.nginx = {
virtualHosts."cal.wastring.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5232";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
};
};
};
services.radicale = {
enable = true;
settings = {
auth.type = "none";
server.hosts = [ "0.0.0.0:5232" ];
};
};
}

8
moduler/vaultwarden.nix
View file

@ -3,14 +3,17 @@
}: }:
{ {
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "fredrik@wastring.com"; defaults.email = "fredrik@wastring.com";
certs."pass.wastring.com" = { certs."pass.wastring.com" = {
dnsProvider = "gandiv5"; dnsProvider = "gandiv5";
webroot = null; webroot = null;
credentialsFile = /run/secrets/gandi_key; credentialsFile = /run/secrets/gandi_key;
dnsPropagationCheck = true; dnsPropagationCheck = true;
}; };
}; };
services.nginx = { services.nginx = {
@ -42,7 +45,6 @@
ROCKET_PORT = 8222; ROCKET_PORT = 8222;
DOMAIN = "https://pass.wastring.com"; DOMAIN = "https://pass.wastring.com";
SIGNUPS_ALLOWED = true; SIGNUPS_ALLOWED = true;
LOG_FILE = "/var/lib/bitwarden_rs/access.log";
}; };
}; };
} }

23
uninstall.sh Executable file
View file

@ -0,0 +1,23 @@
#!/bin/sh
set -x
systemctl stop k3s
systemctl disable k3s
systemctl daemon-reload
rm -f /etc/systemd/system/k3s.service
rm -f /usr/local/bin/k3s
if [ -L /usr/local/bin/kubectl ]; then
rm -f /usr/local/bin/kubectl
fi
if [ -L /usr/local/bin/crictl ]; then
rm -f /usr/local/bin/crictl
fi
if [ -e /sys/fs/cgroup/systemd/system.slice/k3s.service/cgroup.procs ]; then
kill -9 `cat /sys/fs/cgroup/systemd/system.slice/k3s.service/cgroup.procs`
fi
umount `cat /proc/self/mounts | awk '{print $2}' | grep '^/run/k3s'`
umount `cat /proc/self/mounts | awk '{print $2}' | grep '^/var/lib/rancher/k3s'`
rm -rf /var/lib/rancher/k3s
rm -rf /etc/rancher/k3s
rm -f /usr/local/bin/k3s-uninstall.sh