Bos55/nix-config
2
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Initial commit

Browse source
This commit is contained in:
Tibo De Peuter 2025-01-09 22:25:00 +01:00
commit 32849cc5d2
Signed by: tdpeuter
GPG key ID: 38297DE43F75FFE2
44 changed files with 3811 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

180
hosts/Niko/default.nix Normal file
View file

@ -0,0 +1,180 @@
{ config, pkgs, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
homelab = {
apps.technitiumDNS.enable = true;
users.deploy.enable = true;
};
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# List packages installed in the system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
cifs-utils
];
hardware = {
enableRedistributableFirmware = true;
enableAllFirmware = true;
pulseaudio.enable = true;
opengl.enable = true;
};
# Select internationalisation properties.
i18n.defaultLocale = "en_GB.utf8";
networking = {
hostName = "Niko";
domain = "depeuter.dev";
enableIPv6 = true;
# Open ports in the firewall.
firewall = {
enable = true;
};
networkmanager.enable = true;
extraHosts = ''
192.168.0.11 jelly.depeuter.dev
'';
};
nixpkgs.config.allowUnfree = true;
# List services that you want to enable:
services = {
# Cage, a wayland kiosk service
cage = {
enable = true;
environment = {
# Do not fail when there are no input devices.
# WLR_LIBINPUT_NO_DEVICES = "1";
};
extraArguments = [
"-d" # Don't draw client side decorations, when possible
# "-m" "last" # Use only the last connected output
"-s" # Allow VT switching
];
program = "/home/jellyfin-mpv-shim/start.sh";
user = config.users.users.jellyfin-mpv-shim.name;
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
authKeyFile = "/etc/nixos/tailscale-authkey";
extraUpFlags = [
"--advertise-routes=192.168.0.0/24"
"--exit-node"
];
};
# Fix DNS issues. See:
# https://github.com/tailscale/tailscale/issues/4254
# resolved.enable = true;
};
sound.enable = true;
# Define a user account. Don't forget to set a password with 'passwd'.
users.users.jellyfin-mpv-shim = {
description = "Jellyfin MPV Shim User";
isNormalUser = true;
extraGroups = [
config.users.groups.audio.name
config.users.groups.video.name
];
packages = with pkgs; [
jellyfin-mpv-shim
mpv
socat
];
};
systemd.services."cage-tty1".serviceConfig.Restart = "always";
system.stateVersion = "24.05";
virtualisation = {
# Enable Android emulator
# waydroid.enable = true;
docker = {
enable = true;
autoPrune.enable = true;
};
oci-containers = {
backend = "docker";
containers = {
reverse-proxy = {
hostname = "traefik";
image = "traefik:v3.0";
cmd = [
"--api.insecure=true"
# Add Docker provider
"--providers.docker=true"
"--providers.docker.exposedByDefault=false"
# Add web entrypoint
"--entrypoints.web.address=:80/tcp"
"--entrypoints.web.http.redirections.entrypoint.to=websecure"
"--entrypoints.web.http.redirections.entrypoint.scheme=https"
# Add websecure entrypoint
"--entrypoints.websecure.address=:443/tcp"
"--entrypoints.websecure.http.tls=true"
"--entrypoints.websecure.http.tls.certResolver=letsencrypt"
"--entrypoints.websecure.http.tls.domains[0].main=depeuter.dev"
"--entrypoints.websecure.http.tls.domains[0].sans=*.depeuter.dev"
"--entrypoints.websecure.http.tls.domains[1].sans=*.niko.depeuter.dev"
# Certificates
"--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
"--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
"--certificatesresolvers.letsencrypt.acme.email=tibo.depeuter@telenet.be"
"--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
];
ports = [
"80:80/tcp"
"443:443/tcp"
# "8080:8080/tcp" # The Web UI (enabled by --api.insecure=true)
];
environment = {
# TODO Hide this!
"CLOUDFLARE_DNS_API_TOKEN" = "6Vz64Op_a6Ls1ljGeBxFoOVfQ-yB-svRbf6OyPv2";
};
environmentFiles = [
];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro" # So that Traefik can listen to the Docker events
"letsencrypt:/letsencrypt"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.traefik.rule" = "Host(`traefik.niko.depeuter.dev`)";
"traefik.http.services.traefik.loadbalancer.server.port" = "8080";
};
autoStart = true;
};
};
};
};
}

53
hosts/Niko/hardware-configuration.nix Normal file
View file

@ -0,0 +1,53 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/20b7eff3-fca5-4b60-a5a9-13219f70ce23";
fsType = "ext4";
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/0B6D-0DCD";
fsType = "vfat";
};
"/media/photos" = {
device = "//192.168.0.11/CANVAS";
fsType = "cifs";
options = let
# This line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1002,gid=100"];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/f3679da0-45b3-45c0-a1d0-af8d771a7dbf"; }
];
networking = {
hostId = "7a139e16";
useDHCP = lib.mkDefault true;
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}