From bc5649390fb29009ce5d012f7d2c93c4a3fb0bc8 Mon Sep 17 00:00:00 2001 From: death916 Date: Mon, 30 Jun 2025 14:29:03 -0700 Subject: [PATCH] modularize configs --- modules/home-manager/common.nix | 65 +++++++++++ modules/home-manager/default.nix | 6 - modules/nixos/common/base.nix | 21 ++++ modules/nixos/common/tailscale.nix | 15 +++ modules/nixos/default.nix | 6 - modules/nixos/homelab/networking.nix | 64 +++++++++++ modules/nixos/homelab/services.nix | 161 +++++++++++++++++++++++++++ modules/nixos/homelab/user.nix | 19 ++++ modules/nixos/laptop/desktop.nix | 51 +++++++++ modules/nixos/laptop/user.nix | 16 +++ 10 files changed, 412 insertions(+), 12 deletions(-) create mode 100644 modules/home-manager/common.nix delete mode 100644 modules/home-manager/default.nix create mode 100644 modules/nixos/common/base.nix create mode 100644 modules/nixos/common/tailscale.nix delete mode 100644 modules/nixos/default.nix create mode 100644 modules/nixos/homelab/networking.nix create mode 100644 modules/nixos/homelab/services.nix create mode 100644 modules/nixos/homelab/user.nix create mode 100644 modules/nixos/laptop/desktop.nix create mode 100644 modules/nixos/laptop/user.nix diff --git a/modules/home-manager/common.nix b/modules/home-manager/common.nix new file mode 100644 index 0000000..9074b8d --- /dev/null +++ b/modules/home-manager/common.nix @@ -0,0 +1,65 @@ +# ~/nixconfig/modules.new/home-manager/common.nix +{ + config, + pkgs, + lib, + ... +}: + +{ + programs.git = { + enable = true; + userName = "death916"; + userEmail = "mail@trentnelson.dev"; + extraConfig = { + credential.helper = "store"; + }; + }; + + programs.tmux.enable = true; + + programs.helix = { + enable = true; + settings = { + theme = "autumn_night_transparent"; + editor = { + cursor-shape = { + normal = "block"; + insert = "bar"; + select = "underline"; + }; + true-color = true; + soft-wrap = { enable = true; }; + }; + }; + languages.language = [ + { + name = "nix"; + auto-format = true; + formatter.command = lib.getExe pkgs.nixfmt-rfc-style; + } + { + name = "python"; + language-servers = [ "pylsp" ]; + auto-format = true; + } + ]; + themes = { + autumn_night_transparent = { + "inherits" = "autumn_night"; + "ui.background" = { }; + }; + }; + extraPackages = [ pkgs.python3Packages.python-lsp-server ]; + }; + + programs.atuin = { + enable = true; + settings = { search_mode = "fuzzy"; }; + }; + + home.sessionVariables = { EDITOR = "hx"; }; + + home.stateVersion = "24.11"; + programs.home-manager.enable = true; +} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix deleted file mode 100644 index 45aae31..0000000 --- a/modules/home-manager/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -# Add your reusable home-manager modules to this directory, on their own file (https://nixos.wiki/wiki/Module). -# These should be stuff you would like to share with others, not your personal configurations. -{ - # List your module files here - # my-module = import ./my-module.nix; -} diff --git a/modules/nixos/common/base.nix b/modules/nixos/common/base.nix new file mode 100644 index 0000000..0421b49 --- /dev/null +++ b/modules/nixos/common/base.nix @@ -0,0 +1,21 @@ +# ~/nixconfig/modules.new/nixos/common/base.nix +{ + config, + lib, + pkgs, + inputs, + ... +}: + +{ + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + powerManagement.cpuFreqGovernor = "ondemand"; # hopefully fix low cpu freq + hardware.cpu.amd.updateMicrocode = true; # same + + time.timeZone = "America/Los_Angeles"; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + system.stateVersion = "24.11"; +} diff --git a/modules/nixos/common/tailscale.nix b/modules/nixos/common/tailscale.nix new file mode 100644 index 0000000..c04ace8 --- /dev/null +++ b/modules/nixos/common/tailscale.nix @@ -0,0 +1,15 @@ +# ~/nixconfig/modules.new/nixos/common/tailscale.nix +{ + config, + pkgs, + ... +}: + +{ + services.tailscale = { + enable = true; + useRoutingFeatures = "both"; + }; + + networking.firewall.checkReversePath = "loose"; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix deleted file mode 100644 index 8605069..0000000 --- a/modules/nixos/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module). -# These should be stuff you would like to share with others, not your personal configurations. -{ - # List your module files here - # my-module = import ./my-module.nix; -} diff --git a/modules/nixos/homelab/networking.nix b/modules/nixos/homelab/networking.nix new file mode 100644 index 0000000..093735a --- /dev/null +++ b/modules/nixos/homelab/networking.nix @@ -0,0 +1,64 @@ +# ~/nixconfig/modules.new/nixos/homelab/networking.nix +{ + config, + pkgs, + ... +}: + +{ + networking.hostName = "homelab"; + + boot.initrd.kernelModules = [ "dm_mod" "dm_thin_pool" ]; + boot.initrd.availableKernelModules = [ "ext4" "xfs" ]; + + services.lvm.enable = true; + services.lvm.boot.thin.enable = true; + + fileSystems."/media" = { + device = "/dev/media/vm-101-disk-0"; + fsType = "ext4"; + options = [ "defaults" "nofail" ]; + }; + + fileSystems."/storage" = { + device = "/dev/Storage/data_lv"; + fsType = "ext4"; + options = [ "defaults" "nofail" ]; + }; + + networking.nftables.enable = true; + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 22 53 8096 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; + + networking.bridges.br0.interfaces = [ "enp41s0" ]; + + networking.interfaces.br0 = { + ipv4.addresses = [ + { + address = "192.168.0.116"; + prefixLength = 24; + } + ]; + }; + + networking.defaultGateway = "192.168.0.1"; + networking.nameservers = [ "192.168.0.116" ]; + + networking.interfaces.enp41s0.useDHCP = false; + + networking.firewall.trustedInterfaces = [ "tailscale0" "docker0" "br0" ]; + + services.openssh = { + enable = true; + ports = [ 22 ]; + openFirewall = true; + settings.PasswordAuthentication = false; + settings.PermitRootLogin = "no"; + }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; +} diff --git a/modules/nixos/homelab/services.nix b/modules/nixos/homelab/services.nix new file mode 100644 index 0000000..9c0e44f --- /dev/null +++ b/modules/nixos/homelab/services.nix @@ -0,0 +1,161 @@ +# ~/nixconfig/modules.new/nixos/homelab/services.nix +{ + config, + pkgs, + ... +}: + +{ + arrSuite.enable = true; + services.samba.shares.Media.path = "/media/storage/media"; + + virtualisation.incus.enable = true; + + users.users.death916.extraGroups = config.users.users.death916.extraGroups ++ [ "media_services" "nextcloud" "docker" "qbittorent" "incus-admin" ]; + + users.users.audiobookshelf = { + isSystemUser = true; + group = "media_services"; + }; + + users.groups.media_services = { }; + + services.plex = { + enable = true; + openFirewall = true; + user = "death916"; + }; + + services.audiobookshelf = { + enable = true; + user = "audiobookshelf"; + group = "media_services"; + host = "0.0.0.0"; + port = 13378; + }; + + services.netdata = { + enable = true; + config = { + global = { + "memory mode" = "ram"; + "debug log" = "none"; + "access log" = "none"; + "error log" = "syslog"; + }; + }; + }; + + users.users.qbittorrent.extraGroups = [ "media_services" ]; + users.groups.qbittorrent = { }; + + services.qbittorrent = { + enable = true; + dataDir = "/media/storage/media/downloads/"; + user = "qbittorrent"; + group = "qbittorrent"; + port = 8090; + openFirewall = true; + package = pkgs.qbittorrent-nox; + }; + + systemd.tmpfiles.rules = [ + "d /media/storage/media/downloads/qBittorrent 0775 root media_services - -" + "d /storage/services/qbittorrent 0755 qbittorrent qbittorrent - -" + "d /storage/services/qbittorrent/config 0755 qbittorrent qbittorrent - -" + ]; + + services.jellyfin.enable = true; + + services.actual = { + enable = true; + settings = { + port = 5006; + }; + }; + + virtualisation.docker.enable = true; + + virtualisation.oci-containers = { + backend = "docker"; + containers = { + dufs = { + image = "sigoden/dufs:latest"; + ports = [ "5000:5000" ]; + volumes = [ "/media/storage/media/:/data" ]; + cmd = [ "/data" "-A" ]; + }; + c2c-scraper = { + image = "death916/c2cscrape:latest"; + volumes = [ + "/media/storage/media/books/audio/podcasts/C2C:/downloads" + "/media/storage/media/docker/volumes/c2cscrape:/app/data" + ]; + environment = { TZ = "America/Los_Angeles"; }; + autoStart = true; + extraOptions = [ "--dns=8.8.8.8" ]; + }; + adguardhome = { + image = "adguard/adguardhome:latest"; + autoStart = true; + volumes = [ + "/storage/services/adguard/work:/opt/adguardhome/work" + "/storage/services/adguard/data:/opt/adguardhome/conf" + ]; + extraOptions = [ "--network=host" ]; + }; + }; + }; + + systemd.services.kopia-backup = { + description = "Kopia backup service for NixOS server"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "/usr/local/bin/nixos-kopia-backup.sh"; + path = with pkgs; [ coreutils kopia ]; + }; + }; + + systemd.timers.kopia-backup = { + description = "Daily Kopia backup timer"; + wantedBy = [ "timers.target" ]; + partOf = [ "kopia-backup.service" ]; + timerConfig = { + OnCalendar = "hourly"; + Persistent = true; + Unit = "kopia-backup.service"; + }; + }; + + users.users.adguardhome = { + isSystemUser = true; + group = "adguardhome"; + extraGroups = [ "adgaurdhome-access" ]; + }; + users.groups.adguardhome-access = { }; + users.groups.adguardhome = { }; + + security.sudo.wheelNeedsPassword = true; + + environment.systemPackages = with pkgs; [ + git + vim + htop + tmux + tailscale + lvm2 + rsync + multipath-tools + btop + wget + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + pkgs.jellyfin + unzip + kopia + manix + nh + qemu + ]; +} diff --git a/modules/nixos/homelab/user.nix b/modules/nixos/homelab/user.nix new file mode 100644 index 0000000..c28c2b5 --- /dev/null +++ b/modules/nixos/homelab/user.nix @@ -0,0 +1,19 @@ +# ~/nixconfig/modules.new/nixos/homelab/user.nix +{ + config, + pkgs, + primaryUser, + ... +}: + +{ + users.users.${primaryUser} = { + isNormalUser = true; + home = "/home/${primaryUser}"; + description = "${primaryUser}"; + extraGroups = [ "wheel" "media_services" "nextcloud" "docker" "qbittorent" "incus-admin" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCte9KjJUSn4xBPEKCk9QER6+jF+C0uBatVl27zIamYsryyHdFrmqK2DAg7OhqTHqzjxID6sp6d57MsJqOUAtwXbUDMLffqBSerUxfTm+1SPDrhL0GSvo0QVjMLVseOEq8d2qXgW1R7dIk412VbO5e9SAump5aJOHI/SzT6VLoUczalmqrjnDacWQMeLu/TSOZHcfrhjYSg+b1xbc1vHp6C4obOb8JIj/anAieT/1P36MhlNW79ow6PWenLemBYeeezFrKtESF1oMc8jmcxogzgLamlqhKYAHlKhOuBF6u0nRneI5IPDbbMF5zwEv5szCEKj8XZJVYUk8uUg7ARyppjcA7yAXuaNKBNxa7tfjqWrDWOACn97ufE5FFJt0XH5JzkXcDh96K8ZSZaWxMRu2s+GlIu/1F415xtVfe1d79HYkWke/ewaQ4NqgOt8f7wRvyzabpQZDzkaXO0UoK65O2HyUur33XWCEmV+1pB6BrS8pD+1I4Tvbnc+rOgtHTTRfKqezKqZmaErEOxClBwvWjvn0PzhGSoClTGXPjhl239/sH0JGY09dTBh8GtAVbfv+jFO6nm6aR7O/OwSaohY3uOdRo8XyxJr4XyGAaBNRdm6BUJRnB4W51J49IQBZzIe2NUkNMHeUT4jkxFpfhkujnSFw2ZnOLkERpwkltAlbwuLw== tavn1992@gmail.com" + ]; + }; +} diff --git a/modules/nixos/laptop/desktop.nix b/modules/nixos/laptop/desktop.nix new file mode 100644 index 0000000..7ea56ee --- /dev/null +++ b/modules/nixos/laptop/desktop.nix @@ -0,0 +1,51 @@ +# ~/nixconfig/modules.new/nixos/laptop/desktop.nix +{ + config, + pkgs, + inputs, + ... +}: + +{ + services.xserver.enable = true; + services.gnome.gnome-keyring.enable = true; + services.dbus.enable = true; # for nextcloud client + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = false; + services.xserver.desktopManager.gnome.enable = false; + #cosmic instead + services.desktopManager.cosmic.enable = true; + services.displayManager.cosmic-greeter.enable = true; + services.desktopManager.cosmic.xwayland.enable = true; + + nix.settings.trusted-substituters = [ "https://cache.flox.dev" ]; + nix.settings.trusted-public-keys = [ + "flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs=" + ]; + + environment.systemPackages = with pkgs; [ + git + vim + wget + tailscale + halloy # Add halloy to your system packages + conda + inputs.flox.packages.${pkgs.system}.flox + kopia-ui + stremio + wl-clipboard + tail-tray + ]; + + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + + programs.firefox.enable = true; + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 7d --keep 10"; + flake = "/home/death916/Documents/nix-config/"; + }; + services.fprintd.enable = true; +} diff --git a/modules/nixos/laptop/user.nix b/modules/nixos/laptop/user.nix new file mode 100644 index 0000000..372611f --- /dev/null +++ b/modules/nixos/laptop/user.nix @@ -0,0 +1,16 @@ +# ~/nixconfig/modules.new/nixos/laptop/user.nix +{ + config, + pkgs, + primaryUser, + ... +}: + +{ + users.users.${primaryUser} = { + isNormalUser = true; + home = "/home/${primaryUser}"; + description = "${primaryUser}"; + extraGroups = [ "wheel" "networkmanager" ]; + }; +}