swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: init nixos-server, work screenshare & qol

Browse source
This commit is contained in:
Swarsel 2024-09-23 21:18:36 +02:00
parent e4f38440f8
commit dcf7b84d94
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
34 changed files with 1644 additions and 298 deletions
Download patch file Download diff file Expand all files Collapse all files

854
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

8
flake.nix
View file

@ -98,6 +98,7 @@
outputs = outputs =
inputs@{ self inputs@{ self
, nixpkgs , nixpkgs
, nixpkgs-stable
, home-manager , home-manager
, systems , systems
, ... , ...
@ -214,6 +215,13 @@
]; ];
}; };
winters = lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = [
./profiles/server/winters
];
};
nginx = nixpkgs.lib.nixosSystem { nginx = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
modules = [ modules = [

5
modules/home/input.nix
View file

@ -29,5 +29,8 @@ in
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = { }; default = { };
}; };
options.swarselsystems.shellAliases = mkOption {
type = types.attrsOf types.str;
default = { };
};
} }

4
modules/home/monitors.nix
View file

@ -7,4 +7,8 @@ in
type = types.attrsOf (types.attrsOf types.str); type = types.attrsOf (types.attrsOf types.str);
default = { }; default = { };
}; };
options.swarselsystems.sharescreen = mkOption {
type = types.str;
default = "";
};
} }

1
modules/nixos/default.nix
View file

@ -4,4 +4,5 @@
setup = import ./setup.nix; setup = import ./setup.nix;
impermanence = import ./impermanence.nix; impermanence = import ./impermanence.nix;
filesystem = import ./filesystem.nix; filesystem = import ./filesystem.nix;
input = import ./input.nix;
} }

10
modules/nixos/input.nix Normal file
View file

@ -0,0 +1,10 @@
{ lib, config, ... }:
let
inherit (lib) mkOption types;
in
{
options.swarselsystems.shellAliases = mkOption {
type = types.attrsOf types.str;
default = { };
};
}

7
modules/nixos/setup.nix
View file

@ -2,4 +2,11 @@
{ {
options.swarselsystems.initialSetup = lib.mkEnableOption "initial setup (no sops keys available)"; options.swarselsystems.initialSetup = lib.mkEnableOption "initial setup (no sops keys available)";
options.swarselsystems.server.enable = lib.mkEnableOption "is a server machine";
options.swarselsystems.server.kavita = lib.mkEnableOption "enable kavita on server";
options.swarselsystems.server.jellyfin = lib.mkEnableOption "enable jellyfin on server";
options.swarselsystems.server.navidrome = lib.mkEnableOption "enable navidrome on server";
options.swarselsystems.server.spotifyd = lib.mkEnableOption "enable spotifyd on server";
options.swarselsystems.server.mpd = lib.mkEnableOption "enable mpd on server";
options.swarselsystems.server.matrix = lib.mkEnableOption "enable matrix on server";
} }

13
overlays/default.nix
View file

@ -17,11 +17,11 @@
]; ];
}; };
prismlauncher = _prev.prismlauncher.override { # prismlauncher = _prev.prismlauncher.override {
glfw = _prev.glfw-wayland-minecraft; # glfw = _prev.glfw-wayland-minecraft;
}; # };
# river = prev.river.overrideAttrs (oldAttrs: rec { # #river = prev.river.overrideAttrs (oldAttrs: rec {
# pname = "river"; # pname = "river";
# version = "git"; # version = "git";
# src = prev.fetchFromGitHub { # src = prev.fetchFromGitHub {
@ -35,7 +35,10 @@
}; };
nixpkgs-stable = final: _prev: { nixpkgs-stable = final: _prev: {
stable = import inputs.nixpkgs-stable { inherit (final) system; }; stable = import inputs.nixpkgs-stable {
inherit (final) system;
config.allowUnfree = true;
};
}; };
zjstatus = final: _prev: { zjstatus = final: _prev: {

1
pkgs/default.nix
View file

@ -16,4 +16,5 @@ in
fs-diff = callPackage ./fs-diff { }; fs-diff = callPackage ./fs-diff { };
update-checker = callPackage ./update-checker { }; update-checker = callPackage ./update-checker { };
github-notifications = callPackage ./github-notifications { }; github-notifications = callPackage ./github-notifications { };
screenshare = callPackage ./screenshare { };
} }

7
pkgs/screenshare/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ writeShellApplication, sway }:
writeShellApplication {
name = "screenshare";
runtimeInputs = [ sway ];
text = builtins.readFile ../../scripts/screenshare.sh;
}

1
profiles/common/home/custom-packages.nix
View file

@ -15,6 +15,7 @@
fs-diff fs-diff
update-checker update-checker
github-notifications github-notifications
screenshare
(pkgs.writeScriptBin "project" '' (pkgs.writeScriptBin "project" ''
#! ${pkgs.bash}/bin/bash #! ${pkgs.bash}/bin/bash

2
profiles/common/home/sway.nix
View file

@ -53,6 +53,7 @@ in
"${modifier}+o" = "exec pass-fuzzel --otp"; "${modifier}+o" = "exec pass-fuzzel --otp";
"${modifier}+Shift+p" = "exec pass-fuzzel --type"; "${modifier}+Shift+p" = "exec pass-fuzzel --type";
"${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type";
"${modifier}+Ctrl+p" = "exec 1password --quick-acces";
"${modifier}+Escape" = "mode $exit"; "${modifier}+Escape" = "mode $exit";
"${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
"${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
@ -157,6 +158,7 @@ in
{ title = "Syncthing Tray"; } { title = "Syncthing Tray"; }
{ app_id = "SchildiChat"; } { app_id = "SchildiChat"; }
{ app_id = "Element"; } { app_id = "Element"; }
{ class = "1Password"; }
{ app_id = "com.nextcloud.desktopclient.nextcloud"; } { app_id = "com.nextcloud.desktopclient.nextcloud"; }
{ app_id = "gnome-system-monitor"; } { app_id = "gnome-system-monitor"; }
{ title = "(?:Open|Save) (?:File|Folder|As)"; } { title = "(?:Open|Save) (?:File|Folder|As)"; }

10
profiles/common/home/zsh.nix
View file

@ -1,8 +1,9 @@
{ pkgs, ... }: { config, pkgs, lib, ... }:
{ {
programs.zsh = { programs.zsh = {
enable = true; enable = true;
shellAliases = { shellAliases = lib.recursiveUpdate
{
hg = "history | grep"; hg = "history | grep";
hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;"; hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;";
nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
@ -19,7 +20,10 @@
cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\"";
nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff"; fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff";
}; lt = "ls -lath";
oldshell = "nix shell github:nixos/nixpkgs/\"$1\" \"$2\"";
}
config.swarselsystems.shellAliases;
autosuggestion.enable = true; autosuggestion.enable = true;
enableCompletion = true; enableCompletion = true;
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;

2
profiles/common/nixos/zsh.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { lib, config, pkgs, ... }:
{ {
programs.zsh.enable = true; programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;

15
profiles/nbl-imba-2/default.nix
View file

@ -92,6 +92,7 @@
{ command = "teams-for-linux"; } { command = "teams-for-linux"; }
{ command = "1password"; } { command = "1password"; }
]; ];
sharescreen = "eDP-2";
monitors = { monitors = {
main = { main = {
name = "BOE 0x0BC9 Unknown"; name = "BOE 0x0BC9 Unknown";
@ -139,7 +140,7 @@
scale = "1"; scale = "1";
position = "-1280,0"; position = "-1280,0";
workspace = "1:"; workspace = "1:";
output = "DP-8"; output = "DP-9";
}; };
work_middle_middle_side = { work_middle_middle_side = {
name = "Hewlett Packard HP Z24i CN44250RDT"; name = "Hewlett Packard HP Z24i CN44250RDT";
@ -148,13 +149,13 @@
scale = "1"; scale = "1";
position = "-2480,0"; position = "-2480,0";
workspace = "12:S"; workspace = "12:S";
output = "DP-9"; output = "DP-8";
}; };
work_seminary = { work_seminary = {
name = "Applied Creative Technology Transmitter QUATTRO201811"; name = "Applied Creative Technology Transmitter QUATTRO201811";
mode = "1280x720"; mode = "1280x720";
scale = "1"; scale = "1";
position = "10000,10000"; position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse
workspace = "12:S"; workspace = "12:S";
output = "DP-4"; output = "DP-4";
}; };
@ -184,7 +185,13 @@
}; };
}; };
keybindings = { keybindings = {
"Mod4+Ctrl+p" = "exec wl-mirror eDP-2"; "Mod4+Ctrl+Shift+p" = "exec screenshare";
};
shellAliases = {
ans2-15_3-9 = ". ~/.venvs/ansible39_2_15_0/bin/activate";
ans3-9 = ". ~/.venvs/ansible39/bin/activate";
ans = ". ~/.venvs/ansible/bin/activate";
ans2-15 = ". ~/.venvs/ansible2.15.0/bin/activate";
}; };
}; };
} }

2
profiles/nbl-imba-2/hardware-configuration.nix
View file

@ -9,7 +9,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "cryptd" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "cryptd" "usbhid" "sd_mod" "r8152" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

1
profiles/optional/home/work.nix
View file

@ -6,6 +6,7 @@
shellcheck shellcheck
dig dig
docker docker
postman
]; ];
programs = { programs = {

32
profiles/server/common/calibre.nix Normal file
View file

@ -0,0 +1,32 @@
{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
calibre
];
sops.secrets.kavita = { owner = "kavita"; };
services.kavita = {
enable = true;
user = "kavita";
port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
services.nginx = {
"scroll.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.22:8080";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};
}

53
profiles/server/common/default.nix Normal file
View file

@ -0,0 +1,53 @@
{ lib, config, inputs, ... }:
{
imports = [
../../common/nixos/xserver.nix
../../common/nixos/gc.nix
../../common/nixos/store.nix
../../common/nixos/time.nix
../../common/nixos/pipewire.nix
./packages.nix
./sops.nix
./ssh.nix
./nginx.nix
./kavita.nix
./jellyfin.nix
./navidrome.nix
./spotifyd.nix
./mpd.nix
./matrix.nix
];
nix =
let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in
{
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
];
trusted-users = [ "swarsel" ];
flake-registry = "";
warn-dirty = false;
};
channel.enable = false;
registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
environment.shellAliases = lib.recursiveUpdate
{
npswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
nswitch = "cd /.dotfiles; nixos-rebuild --flake .#$(hostname) switch; cd -;";
}
config.swarselsystems.shellAliases;
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
system.stateVersion = lib.mkDefault "23.05";
}

44
profiles/server/common/jellyfin.nix Normal file
View file

@ -0,0 +1,44 @@
{ pkgs, lib, config, ... }:
{
config = lib.mkIf config.swarselsystems.server.jellyfin {
users.users.jellyfin = {
extraGroups = [ "video" "render" ];
};
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
};
services.jellyfin = {
enable = true;
user = "jellyfin";
# openFirewall = true; # this works only for the default ports
};
services.nginx = {
virtualHosts = {
"screen.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.16:8096";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};
};
};
}

35
profiles/server/common/kavita.nix Normal file
View file

@ -0,0 +1,35 @@
{ pkgs, lib, config, ... }:
{
config = lib.mkIf config.swarselsystems.server.kavita {
environment.systemPackages = with pkgs; [
calibre
];
sops.secrets.kavita = { owner = "kavita"; };
services.kavita = {
enable = true;
user = "kavita";
settings.Port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
services.nginx = {
virtualHosts = {
"scroll.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.22:8080";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};
};
};
}

273
profiles/server/common/matrix.nix Normal file
View file

@ -0,0 +1,273 @@
{ config, lib, pkgs, modulesPath, sops, ... }:
let
matrixDomain = "swatrix.swarsel.win";
in
{
config = lib.mkIf config.swarselsystems.server.matrix {
environment.systemPackages = with pkgs; [
matrix-synapse
lottieconverter
ffmpeg
];
sops = {
secrets = {
matrixsharedsecret = { owner = "matrix-synapse"; };
mautrixtelegram_as = { owner = "matrix-synapse"; };
mautrixtelegram_hs = { owner = "matrix-synapse"; };
mautrixtelegram_api_id = { owner = "matrix-synapse"; };
mautrixtelegram_api_hash = { owner = "matrix-synapse"; };
};
templates = {
"matrix_user_register.sh".content = ''
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
'';
matrixshared = {
owner = "matrix-synapse";
content = ''
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
'';
};
mautrixtelegram = {
owner = "matrix-synapse";
content = ''
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
'';
};
};
};
services.postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
services.matrix-synapse = {
enable = true;
settings = {
app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
"/var/lib/matrix-synapse/signal-registration.yaml"
"/var/lib/matrix-synapse/doublepuppet.yaml"
];
server_name = matrixDomain;
public_baseurl = "https://${matrixDomain}";
listeners = [
{
port = 8008;
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = true;
}
];
}
];
};
extraConfigFiles = [
config.sops.templates.matrixshared.path
];
};
services.mautrix-telegram = {
enable = true;
environmentFile = config.sops.templates.mautrixtelegram.path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29317";
hostname = "0.0.0.0";
port = "29317";
provisioning.enabled = true;
id = "telegram";
# ephemeral_events = true; # not needed due to double puppeting
public = {
enabled = false;
};
database = "postgresql:///mautrix-telegram?host=/run/postgresql";
};
bridge = {
relaybot.authless_portals = true;
allow_avatar_remove = true;
allow_contact_info = true;
sync_channel_members = true;
startup_sync = true;
sync_create_limit = 0;
sync_direct_chats = true;
telegram_link_preview = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
animated_sticker = {
target = "gif";
args = {
width = 256;
height = 256;
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
};
};
};
};
};
systemd.services.mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
];
services.mautrix-whatsapp = {
enable = true;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29318";
hostname = "0.0.0.0";
port = 29318;
database = {
type = "postgres";
uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql";
};
};
bridge = {
displayname_template = "{{or .FullName .PushName .JID}} (WA)";
history_sync = {
backfill = true;
max_initial_conversations = -1;
message_count = -1;
request_full_sync = true;
full_sync_config = {
days_limit = 900;
size_mb_limit = 5000;
storage_quota_mb = 5000;
};
};
login_shared_secret_map = {
matrixDomain = "as_token:doublepuppet";
};
sync_manual_marked_unread = true;
send_presence_on_typing = true;
parallel_member_sync = true;
url_previews = true;
caption_in_message = true;
extev_polls = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
};
};
};
services.mautrix-signal = {
enable = true;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
database = {
type = "postgres";
uri = "postgresql:///mautrix-signal?host=/run/postgresql";
};
};
bridge = {
displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)";
login_shared_secret_map = {
matrixDomain = "as_token:doublepuppet";
};
caption_in_message = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
};
};
};
# restart the bridges daily. this is done for the signal bridge mainly which stops carrying
# messages out after a while.
systemd.timers."restart-bridges" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
Unit = "restart-bridges.service";
};
};
systemd.services."restart-bridges" = {
script = ''
systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
services.nginx = {
virtualHosts = {
"swatrix.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.23:8008";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};
};
};
}

51
profiles/server/common/mpd.nix Normal file
View file

@ -0,0 +1,51 @@
{ pkgs, lib, config, ... }:
{
config = lib.mkIf config.swarselsystems.server.mpd {
users = {
groups = {
mpd = { };
};
users = {
mpd = {
isSystemUser = true;
group = "mpd";
extraGroups = [ "audio" "utmp" ];
};
};
};
sops = {
secrets.mpdpass = { owner = "mpd"; };
};
environment.systemPackages = with pkgs; [
pciutils
alsa-utils
mpv
];
services.mpd = {
enable = true;
musicDirectory = "/media";
user = "mpd";
group = "mpd";
network = {
port = 3254;
listenAddress = "any";
};
credentials = [
{
passwordFile = config.sops.secrets.mpdpass.path;
permissions = [
"read"
"add"
"control"
"admin"
];
}
];
};
};
}

76
profiles/server/common/navidrome.nix Normal file
View file

@ -0,0 +1,76 @@
{ pkgs, lib, config, ... }:
{
config = lib.mkIf config.swarselsystems.server.navidrome {
environment.systemPackages = with pkgs; [
pciutils
alsa-utils
mpv
];
users = {
groups = {
navidrome = {
gid = 61593;
};
};
users = {
navidrome = {
isSystemUser = true;
uid = 61593;
group = "navidrome";
extraGroups = [ "audio" "utmp" ];
};
};
};
hardware.enableAllFirmware = true;
services.navidrome = {
enable = true;
settings = {
Address = "0.0.0.0";
Port = 4040;
MusicFolder = "/media";
EnableSharing = true;
EnableTranscodingConfig = true;
Scanner.GroupAlbumReleases = true;
ScanSchedule = "@every 1d";
# Insert these values locally as sops-nix does not work for them
# LastFM.ApiKey = TEMPLATE;
# LastFM.Secret = TEMPLATE;
# Spotify.ID = TEMPLATE;
# Spotify.Secret = TEMPLATE;
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~";
};
};
services.nginx = {
virtualHosts = {
"sound.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.13:4040";
proxyWebsockets = true;
extraConfig = ''
proxy_redirect http:// https://;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
'';
};
};
};
};
};
};
}

30
profiles/server/common/nginx.nix Normal file
View file

@ -0,0 +1,30 @@
{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
lego
];
sops = {
secrets.dnstokenfull = { owner = "acme"; };
templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
};
security.acme = {
acceptTerms = true;
preliminarySelfsigned = false;
defaults.email = "mrswarsel@gmail.com";
defaults.dnsProvider = "cloudflare";
defaults.environmentFile = "${config.sops.templates."certs.secret".path}";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
# virtualHosts are defined in the respective sections
};
}

9
profiles/server/common/packages.nix Normal file
View file

@ -0,0 +1,9 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gnupg
nix-index
ssh-to-age
git
];
}

9
profiles/server/common/sops.nix Normal file
View file

@ -0,0 +1,9 @@
{ pkgs, ... }:
{
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/server/secrets.yaml";
validateSopsFiles = false;
};
}

29
profiles/server/common/spotifyd.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, lib, config, ... }:
{
config = lib.mkIf config.swarselsystems.server.spotifyd {
users.groups.spotifyd = {
gid = 65136;
};
users.users.spotifyd = {
isSystemUser = true;
uid = 65136;
group = "spotifyd";
extraGroups = [ "audio" "utmp" ];
};
services.spotifyd = {
enable = true;
settings = {
global = {
dbus_type = "session";
use_mpris = false;
device = "default:CARD=PCH";
device_name = "SwarselSpot";
mixer = "alsa";
zeroconf_port = 1025;
};
};
};
};
}

11
profiles/server/common/ssh.nix Normal file
View file

@ -0,0 +1,11 @@
_:
{
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
}

54
profiles/server/winters/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ inputs, outputs, config, pkgs, lib, ... }:
{
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../optional/nixos/autologin.nix
../../server/common
] ++ (builtins.attrValues outputs.nixosModules);
nixpkgs = {
inherit (outputs) overlays;
config = {
allowUnfree = true;
};
};
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
kernelPackages = pkgs.linuxPackages_latest;
};
networking = {
hostName = "winters";
firewall.enable = true;
};
swarselsystems = {
hasBluetooth = false;
hasFingerprint = false;
impermanence = false;
isBtrfs = false;
server = {
enable = true;
kavita = true;
navidrome = true;
jellyfin = true;
spotifyd = true;
mpd = true;
matrix = true;
};
shellAliases = {
nswitch = "cd /.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
};
}

108
profiles/winters/home.nix
View file

@ -1,108 +0,0 @@
{ config, pkgs, ... }:
{
home = {
username = "swarsel";
homeDirectory = "/home/swarsel";
stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing.
keyboard.layout = "us"; # TEMPLATE
packages = with pkgs; [
];
};
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}";
temperature.hwmon-path.abs = "/sys/devices/platform/thinkpad_hwmon/hwmon/";
temperature.input-filename = "temp1_input";
};
programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
"custom/pseudobat"
"battery"
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
wayland.windowManager.sway = {
config = rec {
# update for actual inputs here,
input = {
"36125:53060:splitkb.com_Kyria_rev3" = {
xkb_layout = "us";
xkb_variant = "altgr-intl";
};
"1:1:AT_Translated_Set_2_keyboard" = {
# TEMPLATE
xkb_layout = "us";
xkb_options = "grp:win_space_toggle";
xkb_variant = "altgr-intl";
};
"type:touchpad" = {
dwt = "enabled";
tap = "enabled";
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
eDP-1 = {
mode = "1920x1080"; # TEMPLATE
scale = "1";
position = "1920,0";
# bg = "~/.dotfiles/wallpaper/lenovowp.png fill";
};
# external monitor
HDMI-A-1 = {
mode = "2560x1440";
scale = "1";
# bg = "~/.dotfiles/wallpaper/lenovowp.png fill";
position = "0,0";
};
};
workspaceOutputAssign = [
{ output = "eDP-1"; workspace = "1:"; }
{ output = "HDMI-A-1"; workspace = "2:"; }
];
# keybindings = let
# inherit (config.wayland.windowManager.sway.config) modifier;
# in {
# };
startup = [
{ command = "nextcloud --background"; }
{ command = "discord --start-minimized"; }
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
];
};
};
}

142
profiles/winters/nixos.nix
View file

@ -1,142 +0,0 @@
{ pkgs, ... }:
{
#
# imports =
# [
# ./hardware-configuration.nix
# ];
#
imports =
[
./hardware-configuration.nix
];
services = {
getty.autologinUser = "swarsel";
greetd.settings.initial_session.user = "swarsel";
};
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
kernelPackages = pkgs.linuxPackages_latest;
};
networking = {
hostName = "winters"; # Define your hostname.
nftables.enable = true;
enableIPv6 = true;
firewall.checkReversePath = "strict";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
allowedTCPPortRanges = [
];
allowedUDPPortRanges = [
];
};
};
virtualisation.virtualbox = {
host = {
enable = true;
enableExtensionPack = true;
};
# leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
guest = {
enable = false;
};
};
stylix.image = ../../wallpaper/lenovowp.png;
enable = true;
base16Scheme = ../../../wallpaper/swarsel.yaml;
# base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
polarity = "dark";
opacity.popups = 0.5;
cursor = {
package = pkgs.capitaine-cursors;
name = "capitaine-cursors";
size = 16;
};
fonts = {
sizes = {
terminal = 10;
applications = 11;
};
serif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
# package = pkgs.montserrat;
name = "Cantarell";
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
sansSerif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
# package = pkgs.montserrat;
name = "Cantarell";
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
monospace = {
package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
name = "FiraCode Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
hardware = {
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
];
};
bluetooth.enable = true;
};
programs.steam = {
enable = true;
extraCompatPackages = [
pkgs.proton-ge-bin
];
};
services.power-profiles-daemon.enable = true;
users.users.swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
sbctl
teams-for-linux
# gog games installing
heroic
# minecraft
temurin-bin-17
(prismlauncher.override {
glfw = pkgs.glfw-wayland-minecraft;
})
];
system.stateVersion = "23.05";
}

6
programs/swayidle/config
View file

@ -1,4 +1,4 @@
timeout 300 'swaylock -f --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2' timeout 300 'swaylock -f --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2'
timeout 600 'swaymsg "output * dpms off"' # timeout 600 'swaymsg "output * dpms off"'
resume 'swaymsg "output * dpms on"' # resume 'swaymsg "output * dpms on"'
before-sleep 'swaylock -f --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2' # before-sleep 'swaylock -f --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2'

5
scripts/screenshare.sh Normal file
View file

@ -0,0 +1,5 @@
SHARESCREEN="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$(hostname)".config.home-manager.users."$(whoami)".swarselsystems.sharescreen)"
wl-mirror "$SHARESCREEN" & sleep 0.1
swaymsg '[app_id=at.yrlf.wl_mirror] move to workspace 12:S'
swaymsg '[app_id=at.yrlf.wl_mirror] fullscreen'