adriangl/nix-dotfiles-v2
1
1
Fork 0
Code Issues Pull Requests Releases Activity

styled code and dotfiles

Browse Source
This commit is contained in:
Adrian Gunnar Lauterer
2025-12-02 10:43:45 +01:00
parent b8906d74ef
commit a4c23dc36f
36 changed files with 1038 additions and 913 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
flake.nix
View File

@@ -10,7 +10,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nix-colors.url = "github:misterio77/nix-colors";
stylix = {
url = "github:nix-community/stylix";
@@ -29,8 +28,7 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
blog-generator.url = "github:adrlau/blog-generator";
blog-generator.url = "github:adrlau/blog-generator";
};
outputs =
@@ -65,28 +63,26 @@
home-manager.users.gunalx = import ./home/gunalx.nix;
home-manager.backupFileExtension = "bac";
home-manager.extraSpecialArgs = { inherit nix-colors inputs; };
home-manager.sharedModules = [
home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.stylix.homeModules.stylix
];
}
./modules/unstable.nix
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
nixos-hardware.nixosModules.dell-xps-13-9370
#temporarily for testing run my blog on my laptop
blog-generator.nixosModules.default
];
};
# aragon
nixosConfigurations.aragon = nixpkgs.lib.nixosSystem {
inherit system;
@@ -101,13 +97,13 @@
home-manager.users.gunalx = import ./home/gunalx.nix;
home-manager.backupFileExtension = "bac";
home-manager.extraSpecialArgs = { inherit nix-colors inputs; };
home-manager.sharedModules = [
home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.stylix.homeModules.stylix
];
}
./modules/unstable.nix
./modules/unstable.nix
sops-nix.nixosModules.sops
@@ -116,16 +112,13 @@
];
};
# galadriel
nixosConfigurations.galadriel = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs system; };
modules = [
./modules/unstable.nix
./modules/unstable.nix
./hosts/galadriel/configuration.nix
sops-nix.nixosModules.sops
@@ -135,7 +128,5 @@
];
};
};
}

6
home/bash.nix
View File

@@ -59,18 +59,18 @@
YELLOW='\[\e[33m\]'
MAGENTA='\[\e[35m\]'
RED='\[\e[31m\]'
if [[ -n "$SSH_CONNECTION" ]]; then
REMOTE_LABEL="\[''${YELLOW}\] (ssh)\[''${RESET}\]"
else
REMOTE_LABEL=""
fi
# Git branch function
parse_git_branch() {
git branch --show-current 2>/dev/null | awk '{print " (" $1 ")"}'
}
# Set prompt
if [[ $EUID -eq 0 ]]; then
PS1="''${BOLD}''${RED}\u''${RESET}:''${BOLD}''${RED}\h''${REMOTE_LABEL}''${RESET}:''${BOLD}''${GREEN}\w''${MAGENTA}\$(parse_git_branch) ''${BLUE}\A''${RESET}\$ "

5
home/colors.nix
View File

@@ -7,9 +7,8 @@
}:
{
imports = [
nix-colors.homeManagerModules.default
./stylix.nix
imports = [
nix-colors.homeManagerModules.default
];
colorScheme = {

11
home/fcitx5.nix
View File

@@ -10,7 +10,6 @@
fcitx5-mozc
fcitx5-gtk
qt6Packages.fcitx5-configtool
fcitx5-material-color # Add the theme package
];
settings = {
@@ -18,16 +17,6 @@
globalOptions.Hotkey = {
TriggerKey = "Control+space";
};
# Addon settings for the theme
addons.classicui = {
globalSection = {
Theme = "Material-Color-Dark";
DarkTheme = "Material-Color-Dark";
UseDarkTheme = true;
};
};
inputMethod = {
"Groups/0" = {
Name = "Default";

5
home/gunalx.nix
View File

@@ -12,8 +12,11 @@
./bash.nix
./xdg.nix
#graphical
# theming
./colors.nix
./stylix.nix
#graphical
./fuzzel.nix
./swaylock.nix
./gtklock.nix

2
home/kdeconnect.nix
View File

@@ -13,6 +13,6 @@
enable = true;
#package = pkgs.kdePackages.kdeconnect-kde;
package = pkgs.gnomeExtensions.gsconnect;
indicator = true;
indicator = true;
};
}

10
home/neovim.nix
View File

@@ -1,8 +1,6 @@
{ pkgs, ... }:
{
programs.neovim = {
enable = true;
viAlias = true;
@@ -10,7 +8,7 @@
defaultEditor = true;
withPython3 = true;
withNodeJs = true;
extraConfig = ''
set backspace=indent,eol,start
syntax on
@@ -28,16 +26,15 @@
set clipboard=unnamed,unnamedplus
set mouse=a
'';
extraLuaConfig = ''
vim.wo.number = true
-- vim.wo.relativenumber = true
vim.api.nvim_set_option("clipboard", "unnamedplus")
'';
extraPackages = [ pkgs.fzf ]; # For fzf-vim functionality
plugins = with pkgs.vimPlugins; [
@@ -51,7 +48,6 @@
aider-nvim
];
# CoC configuration (replacing coc-rust-analyzer plugin)
coc.enable = true;
coc.settings = {

1156
home/niri.nix
View File

File diff suppressed because it is too large Load Diff

31
home/stylix.nix
View File

@@ -3,10 +3,17 @@
{
stylix = {
enable = true;
autoEnable = false;
targets.gtk.enable = true;
targets.qt.enable = true;
#autoEnable = false;
#targets.gtk.enable = true;
#targets.qt.enable = true;
#manually disable stuff i have done manually
targets.mako.enable = false;
targets.foot.enable = false;
targets.swaylock.enable = false;
targets.fuzzel.enable = false;
targets.zed.enable = false;
base16Scheme = {
scheme = config.colorScheme.name;
@@ -29,5 +36,23 @@
base0F = config.colorScheme.palette.base0F;
};
fonts = {
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
monospace = {
package = pkgs.notonoto;
name = "NOTONOTO";
};
emoji = {
package = pkgs.noto-fonts-monochrome-emoji;
name = "Noto Emoji";
};
};
};
}

35
home/zed.nix
View File

@@ -17,16 +17,43 @@
programs.zed-editor = {
enable = true;
package = pkgs.unstable.zed-editor-fhs;
extraPackages = with pkgs; [
#nodejs
nodejs
copilot-language-server
github-copilot-cli
nixd
#nodejs-slim
vscode-extensions.github.copilot
];
extensions = [ "nix" "toml" "rust" "html" "yaml" "python" "make" "xml" "dockerfile" "vue" "latex" "csv" "rainbow csv" "snippets" "typst" "mermaid" "markdownlint" "markdown oxide" "java" "dart" "go" "c#" "json" "flask snippets" "python snippets" "flutter snippets" "tokyo night themes"];
extensions = [
"nix"
"toml"
"rust"
"html"
"yaml"
"python"
"make"
"xml"
"dockerfile"
"vue"
"latex"
"csv"
"rainbow csv"
"snippets"
"typst"
"mermaid"
"markdownlint"
"markdown oxide"
"java"
"dart"
"go"
"c#"
"json"
"flask snippets"
"python snippets"
"flutter snippets"
"tokyo night themes"
"opencode"
];
userSettings = {
theme = {
mode = "system";

44
hosts/aragon/configuration.nix
View File

@@ -2,70 +2,73 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Core system modules
../../modules/boot.nix
../../modules/nix.nix
../../modules/pam.nix
../../modules/polkit.nix
../../modules/zram.nix
# Networking and remote access
../../modules/openssh.nix
../../modules/tailscale.nix
# User interface and desktop
../../modules/displaymanager.nix
../../modules/xdg.nix
../../modules/sound.nix
../../modules/bluetooth.nix
../../modules/desktopApplications.nix
# Development tools and user configuration
../../modules/basePackages.nix
../../modules/develPackages.nix
../../modules/gunalx.nix
# Containerization and cloud
../../modules/podman.nix
# Scientific and data tools
../../modules/jupyterhub.nix
# Software and gaming
../../modules/steam.nix
# SDR (Software Defined Radio)
../../modules/rtlsdr.nix
../../modules/websdr.nix
# Secrets management
../../secrets/sops.nix
../../secrets/sopsconf.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
# Enable swap on luks
boot.initrd.luks.devices."luks-08650b6b-6143-4503-8bf5-a3d32ef62d73".device = "/dev/disk/by-uuid/08650b6b-6143-4503-8bf5-a3d32ef62d73";
boot.initrd.luks.devices."luks-08650b6b-6143-4503-8bf5-a3d32ef62d73".keyFile = "/crypto_keyfile.bin";
boot.initrd.luks.devices."luks-08650b6b-6143-4503-8bf5-a3d32ef62d73".device =
"/dev/disk/by-uuid/08650b6b-6143-4503-8bf5-a3d32ef62d73";
boot.initrd.luks.devices."luks-08650b6b-6143-4503-8bf5-a3d32ef62d73".keyFile =
"/crypto_keyfile.bin";
networking.hostName = "aragon"; # Define your hostname.
time.timeZone = "Europe/Amsterdam";
@@ -79,15 +82,14 @@
# sleep wakeup rules
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="pci", DRIVER=="pcieport", ATTR{power/wakeup}="disabled"
'';
ACTION=="add", SUBSYSTEM=="pci", DRIVER=="pcieport", ATTR{power/wakeup}="disabled"
'';
#comment out to enable sleep. Uncommented over vacations
# systemd.targets.sleep.enable = false;
# systemd.targets.suspend.enable = false;
# systemd.targets.hibernate.enable = false;
# systemd.targets.hybrid-sleep.enable = false;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];

95
hosts/aragon/hardware-configuration.nix
View File

@@ -1,15 +1,29 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = ["amdgpu" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
@@ -17,7 +31,7 @@
hardware.amdgpu.opencl.enable = true;
hardware.amdgpu.amdvlk.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
hardware.graphics = {
enable = true;
};
@@ -28,53 +42,52 @@
];
nixpkgs.config.rocmSupport = true;
environment.variables = {
HSA_OVERRIDE_GFX_VERSION="10.3.0";
HSA_OVERRIDE_GFX_VERSION = "10.3.0";
};
#hardware.opengl.extraPackages32 = with pkgs; [
# driversi686Linux.amdvlk
#];
environment.systemPackages = with pkgs; [
lact
rocmPackages.rocminfo
rocmPackages.rocm-smi
rocmPackages.rocm-runtime
rocmPackages.rocm-device-libs
rocmPackages.rocm-core
rocmPackages.rocm-cmake
rocmPackages.rocgdb
rocmPackages.rocblas
rocmPackages.rccl
];
systemd.packages = with pkgs; [ lact ];
systemd.services.lactd.wantedBy = ["multi-user.target"];
environment.systemPackages = with pkgs; [
lact
rocmPackages.rocminfo
rocmPackages.rocm-smi
rocmPackages.rocm-runtime
rocmPackages.rocm-device-libs
rocmPackages.rocm-core
rocmPackages.rocm-cmake
rocmPackages.rocgdb
rocmPackages.rocblas
rocmPackages.rccl
];
systemd.packages = with pkgs; [ lact ];
systemd.services.lactd.wantedBy = [ "multi-user.target" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/8ab16ad5-08d2-44f9-a9e4-2e6240bfd8f8";
fsType = "ext4";
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8ab16ad5-08d2-44f9-a9e4-2e6240bfd8f8";
fsType = "ext4";
};
fileSystems."/mnt/steam" = {
device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_2TB_S7HPNJ0X304250L-part1";
fsType = "ext4";
};
fileSystems."/mnt/steam" =
{ device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_2TB_S7HPNJ0X304250L-part1";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-31bf11fb-518a-408a-af06-93af528a5985".device =
"/dev/disk/by-uuid/31bf11fb-518a-408a-af06-93af528a5985";
boot.initrd.luks.devices."luks-31bf11fb-518a-408a-af06-93af528a5985".device = "/dev/disk/by-uuid/31bf11fb-518a-408a-af06-93af528a5985";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/9A50-906F";
fsType = "vfat";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/9A50-906F";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/c7cdfab4-2c92-42de-b951-ccc6fcd7b7d7"; }
];
swapDevices = [
{ device = "/dev/disk/by-uuid/c7cdfab4-2c92-42de-b951-ccc6fcd7b7d7"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

24
hosts/galadriel/configuration.nix
View File

@@ -2,12 +2,17 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/boot.nix
../../modules/zram.nix
../../modules/zfs.nix
@@ -23,19 +28,17 @@
../../modules/basePackages.nix
../../modules/develPackages.nix
../../modules/vaultvarden.nix
../../modules/jellyfin.nix
../../modules/jupyterhub.nix
../../modules/qbittorrent.nix # broken for now?: Yes, just need to add the zfs disc again, to enable the paths this depends on. Lets redo that maybe?
../../modules/qbittorrent.nix # broken for now?: Yes, just need to add the zfs disc again, to enable the paths this depends on. Lets redo that maybe?
../../modules/mealie.nix
../../modules/miniflux.nix
../../modules/ollama.nix
../../modules/openwebui.nix
../../modules/immich.nix
];
];
#Load zfs pool
boot.zfs.extraPools = [ "Main" ];
@@ -44,8 +47,8 @@
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "galadriel";
networking.networkmanager.enable = true;
networking.hostName = "galadriel";
networking.networkmanager.enable = true;
time.timeZone = "Europe/Amsterdam";
@@ -69,4 +72,3 @@
system.stateVersion = "25.05"; # Did you read the comment?
}

47
hosts/galadriel/hardware-configuration.nix
View File

@@ -1,30 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/7789ad41-d578-40bc-bf86-b761e0a4921e";
fsType = "btrfs";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/7789ad41-d578-40bc-bf86-b761e0a4921e";
fsType = "btrfs";
};
boot.initrd.luks.devices."NIXROOT".device = "/dev/disk/by-uuid/082790fd-3d4b-4307-8a43-b9c56bd86e03";
boot.initrd.luks.devices."NIXROOT".device =
"/dev/disk/by-uuid/082790fd-3d4b-4307-8a43-b9c56bd86e03";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3DE0-D86E";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3DE0-D86E";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ ];

5
hosts/legolas/configuration.nix
View File

@@ -45,12 +45,10 @@
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
#testing terminal from printer cable.
services.printing.enable = true;
boot.kernelModules = [ "usblp" ];
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.videoDrivers = [
@@ -67,8 +65,7 @@
enableSSHSupport = true;
};
services.desktopManager.gnome.enable=true;
services.desktopManager.gnome.enable = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.

39
hosts/legolas/hardware-configuration.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
@@ -11,10 +17,15 @@
"mem_sleep_default=deep"
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "uas" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"uas"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
@@ -24,11 +35,14 @@
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
options = [
"fmask=0022"
"dmask=0022"
];
};
boot.initrd.luks.devices.luks_secure = {
device = "/dev/disk/by-uuid/c21c8089-29a7-4266-a8a6-6e80ccca167c";
device = "/dev/disk/by-uuid/c21c8089-29a7-4266-a8a6-6e80ccca167c";
crypttabExtraOpts = [
#"tpm2-device=auto"
#"tpm2-measure-pcr=yes"
@@ -42,11 +56,8 @@
systemd.targets.hibernate.enable = false;
#services.logind.lidSwitch = "suspend";
powerManagement.enable = true;
powerManagement.enable = true;
# Disable hibernation
systemd.sleep = {
extraConfig = ''
@@ -55,16 +66,14 @@
AllowSuspendThenHibernate=no
'';
};
# Disable PCIe wakeups
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="pci", DRIVER=="pcieport", ATTR{power/wakeup}="disabled"
'';
hardware.graphics = {
enable = true;
enable = true;
extraPackages = with pkgs; [ vpl-gpu-rt ];
};

6
modules/blog.nix
View File

@@ -1,8 +1,8 @@
{ pkgs, ... }:
{ pkgs, ... }:
{
services.blog-generator = {
enable = true;
contentDir = "/var/lib/www/blog/content";
port = 8080;
};
}
};
}

3
modules/develPackages.nix
View File

@@ -46,7 +46,7 @@
python3
python3Packages.uv
python3Packages.ipykernel
python3Packages.flask
python3Packages.flask-sqlalchemy
python3Packages.flask-socketio
@@ -59,7 +59,6 @@
python3Packages.torch
python3Packages.litellm
python3Packages.pycryptodome
github-copilot-cli

10
modules/displaymanager.nix
View File

@@ -8,15 +8,15 @@
{
imports = [ ];
environment.systemPackages = [(
pkgs.catppuccin-sddm.override {
environment.systemPackages = [
(pkgs.catppuccin-sddm.override {
flavor = "mocha";
font = "Noto Sans";
font = "Noto Sans";
fontSize = "24";
background = "${../home/Wallpapers/1346679.jpg}";
loginBackground = true;
}
)];
})
];
services.displayManager = {
enable = true;

1
modules/immich.nix
View File

@@ -15,7 +15,6 @@
mediaLocation = "/Main/Data/media/pictures";
accelerationDevices = null;
settings = {
newVersionCheck.enabled = false;
};

11
modules/jellyfin.nix
View File

@@ -1,9 +1,14 @@
{ config, pkgs, lib, ... }:
{
users.groups.media.members = ["jellyfin"]; #have media directory owned by media group
config,
pkgs,
lib,
...
}:
{
users.groups.media.members = [ "jellyfin" ]; # have media directory owned by media group
services.jellyfin = {
enable = true;
group = "media";
group = "media";
openFirewall = true;
};

138
modules/jupyterhub.nix
View File

@@ -1,33 +1,42 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
myPython = pkgs.python3;
myPython = pkgs.python3;
myJupyterHubEnv = myPython.withPackages (ps: with ps; [
jupyterhub
jupyterhub-systemdspawner
ipython
jupyterlab
notebook
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]);
myJupyterHubEnv = myPython.withPackages (
ps: with ps; [
jupyterhub
jupyterhub-systemdspawner
ipython
jupyterlab
notebook
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]
);
myJupyterLabEnv = myPython.withPackages (ps: with ps; [
jupyterhub
jupyterlab
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]);
myJupyterLabEnv = myPython.withPackages (
ps: with ps; [
jupyterhub
jupyterlab
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]
);
in
{
@@ -39,12 +48,12 @@ in
python3Packages.seaborn
python3Packages.scikit-learn
];
users.users.tdt4117 = {
isNormalUser = true;
home = "/home/tdt4117";
description = "tdt4117 - delete after h25";
extraGroups = [ ];
extraGroups = [ ];
# openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... " ];
};
@@ -58,11 +67,14 @@ in
c.Authenticator.allow_all = True
c.ConfigurableHTTPProxy.api_url = 'http://0.0.0.0:8770'
c.JupyterHub.bind_url = 'http://0.0.0.0:8771'
'';
'';
kernels = {
python3 = let
env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
python3 =
let
env = (
pkgs.python3.withPackages (
pythonPackages: with pythonPackages; [
ipykernel
pandas
scikit-learn
@@ -74,39 +86,37 @@ in
numpy
scipy
pip
torch
torchvision
lightning
numpy
scipy
matplotlib
scikit-image
jupyterlab
ipykernel
pillow
tqdm
pandas
pip
torch
torchvision
lightning
numpy
scipy
matplotlib
scikit-image
jupyterlab
ipykernel
pillow
tqdm
pandas
]));
in {
displayName = "Python 3 for machine learning";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
]
)
);
in
{
displayName = "Python 3 for machine learning";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
};
};
}

7
modules/kdeconnect.nix
View File

@@ -16,7 +16,12 @@
enable = true;
};
networking.firewall = rec {
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = allowedTCPPortRanges;
};
}

7
modules/mealie.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
services.mealie = {
enable = true;

22
modules/miniflux.nix
View File

@@ -1,13 +1,17 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
sops.secrets."miniflux/adminCredentialsFile" = {
restartUnits = [ "miniflux.service" ];
mode = "0755";
};
sops.secrets."miniflux/adminCredentialsFile" = {
restartUnits = [ "miniflux.service" ];
mode = "0755";
};
services.miniflux.enable = true;
services.miniflux.config.LISTEN_ADDR = "0.0.0.0:8089";
services.miniflux.adminCredentialsFile = config.sops.secrets."miniflux/adminCredentialsFile".path;
services.miniflux.enable = true;
services.miniflux.config.LISTEN_ADDR = "0.0.0.0:8089";
services.miniflux.adminCredentialsFile = config.sops.secrets."miniflux/adminCredentialsFile".path;
}

8
modules/ollama.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, unstable, ... }:
{
config,
pkgs,
lib,
unstable,
...
}:
let
hostname = config.networking.hostName;

10
modules/openssh.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
sshLookup = pkgs.writeShellScriptBin "ssh-lookup-root-pubs" ''
#!/bin/sh
@@ -27,6 +32,5 @@ in
port = 22;
openFirewall = true;
};
services.sshguard.enable = true; #protection against brute force attacks
services.sshguard.enable = true; # protection against brute force attacks
}

8
modules/openwebui.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
stateDir = "/var/lib/open-webui";
@@ -40,7 +45,6 @@ in
WEBUI_HOST = "0.0.0.0";
};
};
# Create persistent state directories (like StateDirectory in systemd)

105
modules/qbittorrent.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
sops.secrets."qbittorrent/interfaceAddress" = {
restartUnits = [ "qbittorrent-nox.service" ];
@@ -11,11 +16,10 @@
'';
sops.templates."qbittorrent-interface-addr.conf".owner = "qbittorrent";
users.users.qbittorrent = {
group = lib.mkForce "media";
};
users.groups.qbittorrent = {};
users.groups.qbittorrent = { };
services.qbittorrent = {
enable = true;
@@ -25,61 +29,60 @@
serverConfig = {
LegalNotice.Accepted = true;
Meta.MigrationVersion=6;
Network.PortForwardingEnabled=true;
Meta.MigrationVersion = 6;
Network.PortForwardingEnabled = true;
Preferences = {
WebUI = {
AuthSubnetWhitelist="192.168.1.0/24, 100.0.0.0/8";
AuthSubnetWhitelistEnabled=true;
UseUPnP=false;
AuthSubnetWhitelist = "192.168.1.0/24, 100.0.0.0/8";
AuthSubnetWhitelistEnabled = true;
UseUPnP = false;
};
BitTorrent = {
Session = {
AddExtensionToIncompleteFiles=true;
AlternativeGlobalDLSpeedLimit=1000;
AlternativeGlobalUPSpeedLimit=1000;
AnonymousModeEnabled=false;
BTProtocol="Both";
BandwidthSchedulerEnabled=false;
DefaultSavePath="/Main/Data/media/Downloads";
Encryption=1;
FinishedTorrentExportDirectory="/Main/Data/media/Downloads/torrents-complete";
GlobalDLSpeedLimit=0;
GlobalMaxRatio=1.5;
GlobalUPSpeedLimit=0;
I2P.Enabled=true;
IgnoreLimitsOnLAN=true;
IncludeOverheadInLimits=true;
Interface="tun0";
InterfaceAddress="${config.sops.placeholder."qbittorrent/interfaceAddress"}";
#InterfaceAddress="${interfaceaddress}";
InterfaceName="tun0";
LSDEnabled="true";
MaxActiveCheckingTorrents=15;
MaxRatioAction=1;
Port=44183;
Preallocation=true;
QueueingSystemEnabled=false;
SubcategoriesEnabled=true;
Tags="movie, anime";
TempPath="/Main/Data/media/Downloads/temp";
TempPathEnabled=true;
TorrentContentLayout="Subfolder";
TorrentExportDirectory="/Main/Data/media/Downloads/torrents";
UseAlternativeGlobalSpeedLimit=false;
BitTorrent = {
Session = {
AddExtensionToIncompleteFiles = true;
AlternativeGlobalDLSpeedLimit = 1000;
AlternativeGlobalUPSpeedLimit = 1000;
AnonymousModeEnabled = false;
BTProtocol = "Both";
BandwidthSchedulerEnabled = false;
DefaultSavePath = "/Main/Data/media/Downloads";
Encryption = 1;
FinishedTorrentExportDirectory = "/Main/Data/media/Downloads/torrents-complete";
GlobalDLSpeedLimit = 0;
GlobalMaxRatio = 1.5;
GlobalUPSpeedLimit = 0;
I2P.Enabled = true;
IgnoreLimitsOnLAN = true;
IncludeOverheadInLimits = true;
Interface = "tun0";
InterfaceAddress = "${config.sops.placeholder."qbittorrent/interfaceAddress"}";
#InterfaceAddress="${interfaceaddress}";
InterfaceName = "tun0";
LSDEnabled = "true";
MaxActiveCheckingTorrents = 15;
MaxRatioAction = 1;
Port = 44183;
Preallocation = true;
QueueingSystemEnabled = false;
SubcategoriesEnabled = true;
Tags = "movie, anime";
TempPath = "/Main/Data/media/Downloads/temp";
TempPathEnabled = true;
TorrentContentLayout = "Subfolder";
TorrentExportDirectory = "/Main/Data/media/Downloads/torrents";
UseAlternativeGlobalSpeedLimit = false;
};
};
};
RSS = {
AutoDownloader = {
DownloadRepacks=true;
EnableProcessing=true;
SmartEpisodeFilter="s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
RSS = {
AutoDownloader = {
DownloadRepacks = true;
EnableProcessing = true;
SmartEpisodeFilter = "s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
};
Session.EnableProcessing = true;
};
Session.EnableProcessing=true;
};
General.Locale = "en";
};
};
};
}

2
modules/rtlsdr.nix
View File

@@ -8,7 +8,7 @@
{
hardware.rtl-sdr.enable = true;
environment.systemPackages = with pkgs; [
libusb1
pkgs.rtl-sdr

13
modules/unstable.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, inputs, system, ... }:
{
config,
pkgs,
inputs,
system,
...
}:
let
unstableOverlay = final: prev: {
@@ -7,8 +13,7 @@ let
config = prev.config;
};
};
in {
in
{
nixpkgs.overlays = [ unstableOverlay ];
}

35
modules/vaultvarden.nix
View File

@@ -1,21 +1,26 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
environment.systemPackages = [
pkgs.system-sendmail
];
environment.systemPackages = [
pkgs.system-sendmail
];
sops.secrets."vaultwarden/environmentFile" = {
restartUnits = [ "vaultwarden.service" ];
owner = "vaultwarden";
mode = "0755";
};
sops.secrets."vaultwarden/environmentFile" = {
restartUnits = [ "vaultwarden.service" ];
owner = "vaultwarden";
mode = "0755";
};
services.vaultwarden = {
enable = true;
environmentFile = config.sops.secrets."vaultwarden/environmentFile".path;
dbBackend = "sqlite";
backupDir = "/var/backup/vaultwarden";
};
services.vaultwarden = {
enable = true;
environmentFile = config.sops.secrets."vaultwarden/environmentFile".path;
dbBackend = "sqlite";
backupDir = "/var/backup/vaultwarden";
};
}

2
modules/websdr.nix
View File

@@ -8,6 +8,6 @@
{
hardware.rtl-sdr.enable = true;
services.openwebrx.enable = true;
services.openwebrx.enable = true;
}

6
modules/xdg.nix
View File

@@ -14,9 +14,9 @@
xdg = {
autostart.enable = true;
menus.enable= true;
icons.enable= true;
sounds.enable= true;
menus.enable = true;
icons.enable = true;
sounds.enable = true;
portal = {
enable = true;
xdgOpenUsePortal = true;

9
modules/zfs.nix
View File

@@ -1,5 +1,10 @@
{ config, pkgs, lib, ... }:
{
{
config,
pkgs,
lib,
...
}:
{
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false;
networking.hostId = "1ccccd3a";

6
secrets/secrets.yaml
View File

@@ -3,7 +3,7 @@
acme:
certs: ENC[AES256_GCM,data:v3eIoxXPCGU3nnj9LbpC6q9TIbmw0pwlBCjyfsmMxAMgp5oZttHUimXU3jmrFSDNLMXKyKp5ibBpL+pJDl+HGXbZ2ERWUfV0xqI+vUWetnO8tN4VrW0NZNs/TxdwdTVEA/st8zYON+Qnxrd0xUYAz2TzM9T4cEaRCpTKdIg=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:eFmep+I41nVf51/i3v/53Q==,type:str]
github:
api: ENC[AES256_GCM,data:cX6+tGgEvM06jfkP1KhYi09sLsvJV7fUZoyn1d9oDb1fRVfq5E0r2FVlowz33aWvUds2d0K+hlV8KizN1gDvp/HBky72+LTNUxiqS5MKLzJTAuYVqDBZJnWRB7jJNKI1Uz3XAPzu35jNVoMltstdOwbKTmrygwUzjy26Q11SUQ==,iv:bVdSkDeUkqdMvZN8iuFBbJ+oO2hC4164pFYKjOOeNLo=,tag:/M4f7AXGBWUqP4zKakmBkw==,type:str]
api: ENC[AES256_GCM,data:PcalL0rNd0nfNPMlWP05FWh3ff6rp5eQUmu3NzKmuSPcS5w6zSKCLsoCegltENjTWomGAJDoJF8rYfE3tTo4xQBAzFsK7v3GFXfefB+Ec7/FrUT6jjcHK4+c0e1u3cAgUkFpKq+IzS0yDBgMtXuC5oRzw0u0cEjXT4akiyO9Hg==,iv:GVPXrS9gwpw5JgsO6+YAMT96CsX7dz0NAcaq/IxXzec=,tag:Vxb4LOf0mm52W7Ege7mi6A==,type:str]
nginx:
defaultpass: ENC[AES256_GCM,data:dJn/Q0jV83PgfFH2ODJO/nXGqew2TZG3ItudJZQ/eCo7Ek2IPlHHQq52bzaVYPqhxUsvXpLV9FgR3FQVOHyiUK3MBsLDNvCTzpnALSflnpj0nKqrXWg3YgEKfi+FdHQ1s0SFQqBOsEw+Xt6eWkNykrl9Jgq5UF7Bp4iC4jmDwQeAFIWaIsWK0117X4seBRQc5rxz1XYNsTaVTzp102I1QmrWLRHGjuvpT5jLVvNEoaU/imT+beAmQAnq5pFOMiEwd4q5FFUdy8XHi7CcT4fql92m2I61pgQbjnHwGklLZvRYO5gIKLwj7u19x8lnFBefDoAshuZOch8397T+vjTxVe0fsuZeLAtLXdPKwoF3L0jp4ffNmPq8H3BTnFwJ2NZo,iv:h6gn2VKancyy6dZlON99zjRj4smArwt6I4a3PRjGfZ8=,tag:Gt4yl0zK7vF3Is/g8cow0g==,type:str]
qbittorrent:
@@ -46,7 +46,7 @@ sops:
TEhuRFBFQUppVjFKL3JKa0ozNmRLcTAKDrrS8mpHoQoZ54VkY+SYbjoE6AS0fLjc
uHuFCrUWqQIwfqHXGlXn7EPUweTfwQ7Od+4JeVp1GbgNLIyH5xNN1g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-01T13:31:39Z"
mac: ENC[AES256_GCM,data:mj+2/Hl7xIZZZLdi1S7IY5VCXjR/5PbBtLVoY/4IxwHMrdGWtZdhkvgslsbFDiK+z/o0ocofTuBAn/AnHz+tBfKWF50q6sVAQYhMayQl/cFj34dhTbvrfmLAp3dnUdrOs5qa61dwmkKu51dxr22NESv4zZ96hOL1qYjq6xMSaNE=,iv:ZHnqSEI9nesJNBa4fLJkreuT6tqXlhsfUhuoR5Ydj1E=,tag:XsNJOR5eC6obwTRiJV5zRQ==,type:str]
lastmodified: "2025-12-01T15:16:22Z"
mac: ENC[AES256_GCM,data:e+nLoUc3ybRoznmQqUdEF01dOIPleG7Hxv9U05f2y68eLo+QzP8/dznIhdc8DC4dAB7IkS4qXGiCyyWfzhVTPy8Aor4pAO0wwHR3cylKswetX0RVJErRO2r6mDMz6bjOseo1WZ6Jq6EOo2Z0SZli+lnLrxTpnoVDlOL6XO6TP2A=,iv:57LHCw0SY5cG2woS5op378RhhgqJGSRhA8oO+76/maM=,tag:aYs9KnXSQyRyawRcc+MITw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0