liv/nixos-config
1
0
Fork 0
mirror of https://github.com/Ahwxorg/nixos-config.git synced 2025-12-05 15:15:39 +01:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: liv:92ded40fd7d2f9e9fe1286d1a625bd4500642c5d
Branches Tags
liv:master
...
compare: liv:378029b6bb37527cdde0aa2a5bfe93538d45d024
Branches Tags
liv:master

10 commits
92ded40fd7 ... 378029b6bb

Author SHA1 Message Date
Ahwx
378029b6bb feat: enable tailscale for dandelion 2025-06-03 21:52:35 +02:00
Ahwx
c9fb9e22f0 chore: merge remote-tracking branch 'refs/remotes/origin/master' 2025-06-03 21:52:21 +02:00
Ahwx
730364b7f8 chore: disable avahi as it doesn't work anyways 2025-06-03 21:02:38 +02:00
Ahwx
ae99b36e63 chore: move ssh port 2025-06-03 21:02:24 +02:00
Ahwx
24dce0c042 chore: close firewall more 2025-06-03 21:01:54 +02:00
Ahwx
90bf2a8891 chore: switch back to frp since haproxy was causing a lot of issues 2025-06-03 21:00:03 +02:00
Ahwx
c07d0c5f9b chore: allow to use imv 2025-06-03 16:14:44 +02:00
Ahwx
6dc8ddcfc9 fix: music player script 2025-06-03 16:14:31 +02:00
Ahwx
59678dc58a feat: adds freecad to creative group 2025-06-03 16:14:23 +02:00
Ahwx
1e47d47dbd feat: move partitions (1) 2025-05-28 10:59:58 +02:00
10 changed files with 92 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

35
hosts/sakura/hardware-configuration.nix
View file

@ -1,29 +1,44 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97"; device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97";
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."luks-156453ac-bbad-452c-ad92-4fc569db9347".device = "/dev/disk/by-uuid/156453ac-bbad-452c-ad92-4fc569db9347"; boot.initrd.luks.devices."luks-root".device = "/dev/nvme0n1p3";
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/0EFD-4B3F"; device = "/dev/disk/by-uuid/0EFD-4B3F";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ]; options = [
"fmask=0022"
"dmask=0022"
];
}; };
swapDevices = [ ]; swapDevices = [ ];

2
modules/core/printing.nix
View file

@ -1,7 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
services.avahi = { services.avahi = {
enable = true; enable = false;
nssmdns4 = true; nssmdns4 = true;
openFirewall = true; openFirewall = true;
}; };

2
modules/core/sshd.nix
View file

@ -2,7 +2,7 @@
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ 22 ]; ports = [ 9123 ];
settings = { settings = {
PasswordAuthentication = lib.mkDefault false; PasswordAuthentication = lib.mkDefault false;
AllowUsers = null; AllowUsers = null;

33
modules/home/waybar/scripts.nix
View file

@ -155,27 +155,24 @@
"/home/${username}/.local/bin/waybar-music" = { "/home/${username}/.local/bin/waybar-music" = {
executable = true; executable = true;
text = '' text = ''
#!/usr/bin/env bash #!/usr/bin/env sh
class=$(playerctl metadata --player=ncspot --format '{{lc(status)}}') META="{{ trunc(artist,17) }} - {{ trunc(title,17) }}"
PLAYERS="spotify ncspot mpv mpd"
if [[ $class == "playing" ]]; then for PLAYER in $PLAYERS; do
info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}') # if the player is not playing, continue to the next player, until we find one that is playing
if [[ $\{#info} > 40 ]]; then [ "$(playerctl --player=$PLAYER status 2>/dev/null)" != "Playing" ] && continue
info=$(echo $info | cut -c1-40)"..." text=$(playerctl metadata --player $PLAYER --format "$META")
fi echo -e "{\"text\":\""$text"\", \"class\":\"Playing\"}"
text="$info" exit 0
elif [[ $class == "paused" ]]; then done
info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}')
if [[ $\{#info} > 40 ]]; then
info=$(echo $info | cut -c1-40)"..."
fi
text=" $info"
elif [[ $class == "stopped" ]]; then
text=""
fi
echo -e "{\"text\":\""$text"\", \"class\":\""$class"\"}" ICON=" "
PAUSERS="spotify ncspot mpd"
for PAUSER in $PAUSERS; do
[ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Paused" ] || [ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Stopped" ] && text="$ICON"$(playerctl metadata --player $PAUSER --format "$META") && echo -e "{\"text\":\""$text"\", \"class\":\""paused"\"}" && exit 0
done
''; '';
}; };
"/home/${username}/.local/bin/waybar-devices" = { "/home/${username}/.local/bin/waybar-devices" = {

13
modules/home/zsh.nix
View file

@ -111,12 +111,12 @@
export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/" export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/"
if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then # if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then
alias imv="sxiv" # alias imv="sxiv"
elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then # elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then
alias imv="nsxiv" # alias imv="nsxiv"
alias sxiv="nsxiv" # alias sxiv="nsxiv"
fi # fi
''; '';
zsh-abbr = { zsh-abbr = {
@ -173,6 +173,7 @@
# nvim = "nix run /home/liv/Development/nixvim --"; # nvim = "nix run /home/liv/Development/nixvim --";
vim = "nvim"; vim = "nvim";
doas = "sudo"; doas = "sudo";
sxiv = "nsxiv";
# NixOS # NixOS
ns = "nix-shell --run zsh"; ns = "nix-shell --run zsh";

1
modules/services/dandelion.nix
View file

@ -7,5 +7,6 @@
++ [ (import ./home-assistant.nix) ] ++ [ (import ./home-assistant.nix) ]
++ [ (import ./monitoring.nix) ] ++ [ (import ./monitoring.nix) ]
++ [ (import ./smart-monitoring.nix) ] ++ [ (import ./smart-monitoring.nix) ]
++ [ (import ./tailscale.nix) ]
++ [ (import ./hd-idle.nix) ]; ++ [ (import ./hd-idle.nix) ];
} }

10
modules/services/monitoring.nix
View file

@ -23,9 +23,9 @@
]; ];
}; };
}; };
networking.firewall = { # networking.firewall = {
allowedTCPPorts = [ # allowedTCPPorts = [
9001 # 9001
]; # ];
}; # };
} }

2
modules/services/mumble.nix
View file

@ -2,6 +2,6 @@
{ {
services.murmur = { services.murmur = {
enable = true; enable = true;
openFirewall = true; openFirewall = false;
}; };
} }

59
modules/services/nginx.nix
View file

@ -37,41 +37,35 @@
recommendedProxySettings = true; recommendedProxySettings = true;
clientMaxBodySize = lib.mkDefault "10G"; clientMaxBodySize = lib.mkDefault "10G";
defaultListen = #defaultListen =
let # let
listen = [ # listen = [
{ # {
addr = "[::]"; # addr = "[::]";
port = 80; # port = 80;
extraParameters = [ "proxy_protocol" ]; # extraParameters = [ "proxy_protocol" ];
} # }
{ # {
addr = "[::]"; # addr = "[::]";
port = 443; # port = 443;
ssl = true; # ssl = true;
extraParameters = [ "proxy_protocol" ]; # extraParameters = [ "proxy_protocol" ];
} # }
]; # ];
in # in
map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen; # map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
# Hardened TLS and HSTS preloading # Hardened TLS and HSTS preloading
appendHttpConfig = '' appendHttpConfig = ''
# Proxying # Proxying
# real_ip_header proxy_protocol; # real_ip_header proxy_protocol;
server {
listen 80 proxy_protocol;
listen 443 ssl proxy_protocol;
# set_real_ip_from 10.7.0.0/24;
}
ssl_certificate /var/lib/acme/quack.social/cert.pem; ssl_certificate /var/lib/acme/quack.social/cert.pem;
ssl_certificate_key /var/lib/acme/quack.social/key.pem; ssl_certificate_key /var/lib/acme/quack.social/key.pem;
proxy_set_header Host $host; # proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr; # proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr; # proxy_set_header X-Forwarded-For $proxy_protocol_addr;
# Add HSTS header with preloading to HTTPS requests. # Add HSTS header with preloading to HTTPS requests.
# Do not add HSTS header to HTTP requests. # Do not add HSTS header to HTTP requests.
@ -98,19 +92,6 @@
add_header pronouns "any but neopronouns"; add_header pronouns "any but neopronouns";
add_header locale "[en_US, nl_NL]"; add_header locale "[en_US, nl_NL]";
''; '';
appendConfig = ''
# https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
# set_real_ip_from 213.210.34.27;
# real_ip_header proxy_protocol;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $proxy_protocol_addr;
# proxy_set_header X-Forwarded-For $proxy_protocol_addr;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Server $host;
'';
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [

13
roles/creative.nix
View file

@ -1,8 +1,16 @@
{ lib, pkgs, config, username, home-manager, ... }: {
lib,
pkgs,
config,
username,
home-manager,
...
}:
with lib; with lib;
let let
cfg = config.liv.creative; cfg = config.liv.creative;
in { in
{
options.liv.creative = { options.liv.creative = {
enable = mkEnableOption "Enable creative workflow"; enable = mkEnableOption "Enable creative workflow";
}; };
@ -17,6 +25,7 @@ in {
obs-studio obs-studio
kdePackages.kdenlive kdePackages.kdenlive
orca-slicer orca-slicer
freecad
]; ];
}; };
}; };