xqtc/nixos-config
1
0
Fork 0
mirror of https://git.gay/xqtc/nixos-config synced 2024-11-22 09:10:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

idk

Browse source
This commit is contained in:
xqtc161 2024-07-06 16:42:49 +02:00
parent 8781412520
commit 3678a3f2b6
11 changed files with 309 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
common/default.nix
View file

@ -26,7 +26,11 @@
networking.firewall.allowedTCPPorts = [8384 22000]; networking.firewall.allowedTCPPorts = [8384 22000];
networking.firewall.allowedUDPPorts = [22000 21027]; networking.firewall.allowedUDPPorts = [22000 21027];
environment.systemPackages = with pkgs; [sops]; environment.systemPackages = with pkgs; [
sops
tldr
inputs.compose2nix.packages.${pkgs.system}.default
];
programs.nix-ld = { programs.nix-ld = {
enable = true; enable = true;
@ -37,9 +41,11 @@
trusted-users = ["xqtc"]; trusted-users = ["xqtc"];
substituters = [ substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.saumon.network/proxmox-nixoshttps://cache.saumon.network/proxmox-nixos"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"proxmox-nixos:nveXDuVVhFDRFx8Dn19f1WDEaNRJjPrF2CPD2D+m1ys="
]; ];
}; };
} }

78
flake.lock
View file

@ -20,6 +20,26 @@
"type": "github" "type": "github"
} }
}, },
"compose2nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1720032541,
"narHash": "sha256-PqBjivVCJS3qUXVBMeTLj03OlY2E5/TfJssd/p2m8js=",
"owner": "aksiksi",
"repo": "compose2nix",
"rev": "923f6bc058118f76e69ed96332e40a472d8fd702",
"type": "github"
},
"original": {
"owner": "aksiksi",
"repo": "compose2nix",
"type": "github"
}
},
"devshell": { "devshell": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_4",
@ -49,11 +69,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1720065790, "lastModified": 1720238603,
"narHash": "sha256-zZH4PDvXP0yR2b9WN4t1odiP2l/5vhrQHDb1lNLrVbA=", "narHash": "sha256-XWcTKM/uVy7GP7QT8skZ9ywPqIPLhb9Sw7qBH+ZF5YM=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "b359c6cd1a96f9c0c1325d375ffc7c0ffd8fb31c", "rev": "c8799be7f004121f87ad702d61980d738405a51a",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -287,11 +307,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720045378, "lastModified": 1720188602,
"narHash": "sha256-lmE7B+QXw7lWdBu5GQlUABSpzPk3YBb9VbV+IYK5djk=", "narHash": "sha256-lC3byBmhVZFzWl/dCic8+cKUEEAXAswWOYjq4paFmbo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0a30138c694ab3b048ac300794c2eb599dc40266", "rev": "e3582e5151498bc4d757e8361431ace8529e7bb7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -446,13 +466,29 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-master": { "nixpkgs-2405": {
"locked": { "locked": {
"lastModified": 1720112438, "lastModified": 1720110830,
"narHash": "sha256-oALk4w8/wxwriVLUiAVef2h2rMw8Vzsc3IJmxeY4KgE=", "narHash": "sha256-E5dN9GDV4LwMEduhBLSkyEz51zM17XkWZ3/9luvNOPs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "225b5d75242add18ffaf67579acb6549510ca2f7", "rev": "c0d0be00d4ecc4b51d2d6948e37466194c1e6c51",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1720263701,
"narHash": "sha256-fKYOxXAXAv7zgfPVC1jWPJH6QrJ650IdJpFD9Mm5j0Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "731dc15f156f9d28a60bf6b4629994d6bf883975",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -464,16 +500,16 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1719663039, "lastModified": 1719720450,
"narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=", "narHash": "sha256-57+R2Uj3wPeDeq8p8un19tzFFlgWiXJ8PbzgKtBgBX8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119", "rev": "78f8641796edff3bfabbf1ef5029deadfe4a21d0",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "release-23.11", "ref": "release-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -572,11 +608,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1720021470, "lastModified": 1720222362,
"narHash": "sha256-wJ8NGzPRkwDao4Om9/P+RLxussLGvtGGH2XdjDgJqRE=", "narHash": "sha256-3chuZmpQDhod758MzQJQQnoa08NalySx6gyv/T6LEIQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "9b25eaaa6f64a584ffccdd90b23d0962d9138352", "rev": "edc8602d4723e172405ae00e778c7b407885d6c8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -588,6 +624,7 @@
"root": { "root": {
"inputs": { "inputs": {
"apple-silicon": "apple-silicon", "apple-silicon": "apple-silicon",
"compose2nix": "compose2nix",
"firefox-addons": "firefox-addons", "firefox-addons": "firefox-addons",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"home-manager": "home-manager", "home-manager": "home-manager",
@ -596,6 +633,7 @@
"nixos-aarch64-widevine": "nixos-aarch64-widevine", "nixos-aarch64-widevine": "nixos-aarch64-widevine",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_5",
"nixpkgs-2405": "nixpkgs-2405",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"nixvim": "nixvim", "nixvim": "nixvim",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
@ -626,11 +664,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1719873517, "lastModified": 1720187017,
"narHash": "sha256-D1dxZmXf6M2h5lNE1m6orojuUawVPjogbGRsqSBX+1g=", "narHash": "sha256-Zq+T1Bvd0ShZB9XM+bP0VJK3HjsSVQBLolkaCLBQnfQ=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "a11224af8d824935f363928074b4717ca2e280db", "rev": "1b11e208cee97c47677439625dc22e5289dcdead",
"type": "github" "type": "github"
}, },
"original": { "original": {

16
flake.nix
View file

@ -1,10 +1,15 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-2405.url = "github:NixOS/nixpkgs/nixos-24.05";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
nixos-aarch64-widevine.url = "github:epetousis/nixos-aarch64-widevine"; nixos-aarch64-widevine.url = "github:epetousis/nixos-aarch64-widevine";
nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixpkgs-master.url = "github:NixOS/nixpkgs/master";
apple-silicon.url = "github:tpwrules/nixos-apple-silicon"; apple-silicon.url = "github:tpwrules/nixos-apple-silicon";
compose2nix = {
url = "github:aksiksi/compose2nix";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager/master"; url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -53,15 +58,12 @@
}; };
in { in {
nixosConfigurations = { nixosConfigurations = {
#pkgs.util.mapHostAttrs (host: host) (host:
# lib.nixosSystem {
# system = "x86_64-linux";
# modules = [./hosts/x86_64-linux/${host}];
# specialArgs = {inherit inputs;};
# });
"asmodeus" = lib.nixosSystem { "asmodeus" = lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [./hosts/x86_64-linux/asmodeus lix-module.nixosModules.default]; modules = [
./hosts/x86_64-linux/asmodeus
lix-module.nixosModules.default
];
specialArgs = {inherit inputs;}; specialArgs = {inherit inputs;};
}; };
"seraphim" = lib.nixosSystem { "seraphim" = lib.nixosSystem {

5
home/modules/git.nix
View file

@ -8,5 +8,10 @@
enable = true; enable = true;
userName = "xqtc161"; userName = "xqtc161";
userEmail = "xqtc@tutanota.com"; userEmail = "xqtc@tutanota.com";
extraConfig = {
init = {
defaultBranch = "main";
};
};
}; };
} }

1
home/modules/nixvim.nix
View file

@ -42,6 +42,7 @@
lsp = { lsp = {
enable = true; enable = true;
servers = { servers = {
docker-compose-language-service.enable = true;
pylsp.enable = true; pylsp.enable = true;
bashls.enable = true; bashls.enable = true;
lua-ls.enable = true; lua-ls.enable = true;

2
hosts/x86_64-linux/beleth/default.nix
View file

@ -18,7 +18,7 @@ with lib; {
./git.nix ./git.nix
./nextcloud.nix ./nextcloud.nix
./paperless.nix ./paperless.nix
./docker.nix # ./docker-compose-crime.nix
# ./borg.nix # ./borg.nix
# ./nfs.nix # ./nfs.nix
../../gc.nix ../../gc.nix

211
hosts/x86_64-linux/beleth/docker-compose-crime.nix Normal file
View file

@ -0,0 +1,211 @@
# Auto-generated using compose2nix v0.2.0-pre.
{
pkgs,
lib,
config,
inputs,
...
}:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
defaultNetwork.settings = {
# Required for container networking to be able to use names.
dns_enabled = true;
};
};
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."crime-gluetun" = {
image = "qmcgaw/gluetun";
environment = {
SERVER_CITIES = "Frankfurt";
VPN_SERVICE_PROVIDER = "mullvad";
VPN_TYPE = "wireguard";
WIREGUARD_ADDRESSES = "10.71.178.75/32";
WIREGUARD_PRIVATE_KEY = "";
};
ports = [
"6881:6881/tcp"
"6881:6881/udp"
"8085:8085/tcp"
"7878:7878/tcp"
"8989:8989/tcp"
"9696:9696/tcp"
];
log-driver = "journald";
extraOptions = [
"--cap-add=NET_ADMIN"
"--network-alias=gluetun"
"--network=crime_default"
];
};
systemd.services."podman-crime-gluetun" = {
serviceConfig = {
Restart = lib.mkOverride 500 "\"no\"";
};
after = [
"podman-network-crime_default.service"
];
requires = [
"podman-network-crime_default.service"
];
partOf = [
"podman-compose-crime-root.target"
];
wantedBy = [
"podman-compose-crime-root.target"
];
};
virtualisation.oci-containers.containers."prowlarr" = {
image = "lscr.io/linuxserver/prowlarr:latest";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "Etc/UTC";
};
volumes = [
"/home/crime/prowlarr/data:/config:rw"
];
dependsOn = [
"crime-gluetun"
];
log-driver = "journald";
extraOptions = [
"--network=container:crime-gluetun"
];
};
systemd.services."podman-prowlarr" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-crime-root.target"
];
wantedBy = [
"podman-compose-crime-root.target"
];
};
virtualisation.oci-containers.containers."qbittorrent" = {
image = "lscr.io/linuxserver/qbittorrent";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "Europe/Berlin";
WEBUI_PORT = "8085";
};
volumes = [
"/home/crime/qbittorrent:/config:rw"
"/home/crime/qbittorrent/downloads:/downloads:rw"
];
dependsOn = [
"crime-gluetun"
];
log-driver = "journald";
extraOptions = [
"--network=container:crime-gluetun"
];
};
systemd.services."podman-qbittorrent" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-crime-root.target"
];
wantedBy = [
"podman-compose-crime-root.target"
];
};
virtualisation.oci-containers.containers."radarr" = {
image = "lscr.io/linuxserver/radarr:latest";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "Etc/UTC";
};
volumes = [
"/home/crime/radarr/data:/config:rw"
"/home/crime/radarr/downloadclient-downloads:/downloads:rw"
"/home/crime/radarr/movies:/movies:rw"
];
dependsOn = [
"crime-gluetun"
];
log-driver = "journald";
extraOptions = [
"--network=container:crime-gluetun"
];
};
systemd.services."podman-radarr" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-crime-root.target"
];
wantedBy = [
"podman-compose-crime-root.target"
];
};
virtualisation.oci-containers.containers."sonarr" = {
image = "lscr.io/linuxserver/sonarr:latest";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "Etc/UTC";
};
volumes = [
"/home/crime/sonarr/data:/config:rw"
"/home/crime/sonarr/downloadclient-downloads:/downloads:rw"
"/home/crime/sonarr/tvseries:/tv:rw"
];
dependsOn = [
"crime-gluetun"
];
log-driver = "journald";
extraOptions = [
"--network=container:crime-gluetun"
];
};
systemd.services."podman-sonarr" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-crime-root.target"
];
wantedBy = [
"podman-compose-crime-root.target"
];
};
# Networks
systemd.services."podman-network-crime_default" = {
path = [pkgs.podman];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.podman}/bin/podman network rm -f crime_default";
};
script = ''
podman network inspect crime_default || podman network create crime_default
'';
partOf = ["podman-compose-crime-root.target"];
wantedBy = ["podman-compose-crime-root.target"];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-crime-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = ["multi-user.target"];
};
}

5
secrets.yaml
View file

@ -5,6 +5,7 @@ public_keys:
nextcloud_password: ENC[AES256_GCM,data:lwqQio1I1xTv07bLRyrvig1HRyCxcueSPgDpPRhXBqCi8d42OJt7rA==,iv:R0JxpCJz9zycph9p7Ewwt4QTEXQxaxJ691aWCXfEsFE=,tag:Qz3dD2cOkmneEWP7tI54Dg==,type:str] nextcloud_password: ENC[AES256_GCM,data:lwqQio1I1xTv07bLRyrvig1HRyCxcueSPgDpPRhXBqCi8d42OJt7rA==,iv:R0JxpCJz9zycph9p7Ewwt4QTEXQxaxJ691aWCXfEsFE=,tag:Qz3dD2cOkmneEWP7tI54Dg==,type:str]
nextcloud_user_password: ENC[AES256_GCM,data:fkX/1pOgRLvhHTtoK9i5F0kO+mRKj40BH2s7VD7ifPEnyJhWqy5mvg==,iv:iEnW4Z8vCY9oapOpVZNuLMa50SXT01clYaScUN+q/k8=,tag:0G0Y8XCSj+dBAy6Cw8YOHg==,type:str] nextcloud_user_password: ENC[AES256_GCM,data:fkX/1pOgRLvhHTtoK9i5F0kO+mRKj40BH2s7VD7ifPEnyJhWqy5mvg==,iv:iEnW4Z8vCY9oapOpVZNuLMa50SXT01clYaScUN+q/k8=,tag:0G0Y8XCSj+dBAy6Cw8YOHg==,type:str]
paperless_password: ENC[AES256_GCM,data:OCrc00vUb+lgel8TmFm+9Ee4QJZZV7W6+Jl9+R7AfjfDh6v590ibvw==,iv:emM7g0JRcEH4xuYdvZN64drOhduXyQy6HwF1xByaLvE=,tag:D2O1qAeKtYWGf+Zd3RuBTQ==,type:str] paperless_password: ENC[AES256_GCM,data:OCrc00vUb+lgel8TmFm+9Ee4QJZZV7W6+Jl9+R7AfjfDh6v590ibvw==,iv:emM7g0JRcEH4xuYdvZN64drOhduXyQy6HwF1xByaLvE=,tag:D2O1qAeKtYWGf+Zd3RuBTQ==,type:str]
#ENC[AES256_GCM,data:UmGDAz/qalmP6Z2r4VSH802m9ddAoCQ8IaAtAmyQV+Psg0rNpLF7du5ykDepTyHAb6YAG1k2k9ziqfV8P9SUNMvLC7D3TmFk9oZtW8HLrN84tcbp9i4HDFfQ+Q==,iv:PzHlSFj0H4/eSab9j3y9lYAFUPMEb+G74M2/2cmv70A=,tag:GFstk6NgtJCNm207zO1fjQ==,type:comment]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -56,8 +57,8 @@ sops:
a2ZHZmQ0dEVMZFlJRENmU2lGejFuMzAKOO3kTP/VWRYn5CrwPyjUIGS7kjxPvNYZ a2ZHZmQ0dEVMZFlJRENmU2lGejFuMzAKOO3kTP/VWRYn5CrwPyjUIGS7kjxPvNYZ
HMt+cCG9FYeJdqPpHWiM0TeHYUG0h7XlltIMg7KhE4Qj/GARegmuZQ== HMt+cCG9FYeJdqPpHWiM0TeHYUG0h7XlltIMg7KhE4Qj/GARegmuZQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-05T15:42:51Z" lastmodified: "2024-07-06T14:20:40Z"
mac: ENC[AES256_GCM,data:HKjqJxfseQcrP/hViiY933NQdZQpTYS+wHigWlIOKDUhW4HOjVcRPc/lcbtb/41RBXl5xPKJyYSNzj3AdSM6kMznE0USEmYU9+XHFDd845n1YVg6qRHYUH/fFKsdDF2L5tEZ9DPEZQ6mW2EpxW+9AVVlU1L7wNsm7rtpcPTPcb4=,iv:arNw7DvxMfMBALJjp63bwNrsBedohhVWRJZFboXaZpI=,tag:OKQNf28nm/LrgUueOtwDsg==,type:str] mac: ENC[AES256_GCM,data:tiYyfsKlYF4j5YqIezO34L8nkGmHTWQeR7y6e3M2PFFujCqw87Q/WdAdKiyErvPmPwMbkyfXQZgIs2fAKx/C6t5lh5TFFQYZyvCV9A17y4vn8f5SK1HFDePQTfaCqQ4IlSXAXZYpBMMFJn+WBVJQUCb3xM5meuVYTTZpqE8dmso=,iv:NwLsBzVa/Kf9YS6lfS+4VpWkYxpqxPEbRHquuNJ0klY=,tag:LgsV5KBk0Dwij4jEbB99xA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1