marty/config.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

commit message

Browse source
This commit is contained in:
martyTF 2026-04-11 17:30:53 +02:00
parent 270e1a0be4
commit 77afca4525
57 changed files with 971 additions and 423 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/apps/audio/default.nix
View file

@ -24,6 +24,7 @@
[
pavucontrol
playerctl
streamrip
]
else
[ ]

2
modules/apps/default.nix
View file

@ -11,6 +11,8 @@
./development
./gaming
./image
./internet
./messaging
./misc
./peripherals
./video

12
modules/apps/development/editor.nix
View file

@ -7,7 +7,7 @@
{
options = {
development = {
apps.development = {
editor = {
vscodium.enable = lib.mkEnableOption "enable vscodium";
emacs.enable = lib.mkEnableOption "enable emacs";
@ -25,15 +25,15 @@
[
nixfmt
]
++ (if config.development.editor.vscodium.enable then [ vscodium ] else [ ]);
++ (if config.apps.development.editor.vscodium.enable then [ vscodium ] else [ ]);
programs = {
vscode =
if config.development.editor.vscodium.enable then
if config.apps.development.editor.vscodium.enable then
{
enable = true;
package = pkgs.vscodium;
defaultEditor = if (config.development.editor.default == "vscodium") then true else false;
defaultEditor = if (config.apps.development.editor.default == "vscodium") then true else false;
# profiles.default.extensions = with pkgs.vscode-extensions; [
# catppuccin.catppuccin-vsc
# catppuccin.catppuccin-vsc-icons
@ -51,11 +51,11 @@
};
services = {
emacs =
if config.development.editor.emacs.enable then
if config.apps.development.editor.emacs.enable then
{
enable = true;
install = true;
defaultEditor = if (config.development.editor.default == "emacs") then true else false;
defaultEditor = if (config.apps.development.editor.default == "emacs") then true else false;
}
else
{ };

21
modules/apps/internet/browser.nix
View file

@ -2,6 +2,7 @@
config,
lib,
pkgs,
inputs,
...
}:
@ -10,13 +11,25 @@
apps.internet.browsers = {
zen-browser = {
enable = lib.mkEnableOption "enable zen browser";
package = inputs.zen-browser.packages.${pkgs.stdenv.hostPlatform.system}.default;
binary = "${config.apps.internet.browsers.zen-browser.package}/bin/zen";
package = lib.mkOption {
default = inputs.zen-browser.packages.${pkgs.stdenv.hostPlatform.system}.default;
description = "zen browser package";
};
binary = lib.mkOption {
default = "${config.apps.internet.browsers.zen-browser.package}/bin/zen";
description = "zen browser binary";
};
};
tor-browser = {
enable = lib.mkEnableOption "enable tor browser";
package = pkgs.tor-browser;
binary = "${config.apps.internet.browsers.tor-browser.package}/bin/tor-browser";
package = lib.mkOption {
default = pkgs.tor-browser;
description = "zen browser package";
};
binary = lib.mkOption {
default = "${config.apps.internet.browsers.tor-browser.package}/bin/tor-browser";
description = "zen browser binary";
};
};
default = lib.mkOption {
default = "zen";

35
modules/apps/internet/mail.nix Normal file
View file

@ -0,0 +1,35 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
apps.internet = {
mail.enable = lib.mkEnableOption "enable e-mail";
mail.providers.protonmail.enable = lib.mkEnableOption "enable protonmail";
};
};
config = {
programs = {
thunderbird =
if config.apps.internet.mail.enable then
{
enable = true;
}
else
{ };
};
services = {
protonmail-bridge =
if config.apps.internet.mail.providers.protonmail.enable then
{
enable = true;
}
else
{ };
};
};
}

26
modules/apps/messaging/default.nix Normal file
View file

@ -0,0 +1,26 @@
{
config,
lib,
pkgs,
inputs,
...
}:
{
options = {
apps.messaging = {
signal.enable = lib.mkEnableOption "enable signal";
element = {
enable = lib.mkEnableOption "enable element";
selfhosted = lib.mkEnableOption "selfhosted matrix server?";
};
};
};
config = {
environment.systemPackages =
with pkgs;
[ ]
++ (if config.apps.messaging.element.enable then [ element-desktop ] else [ ])
++ (if config.apps.messaging.signal.enable then [ signal-desktop ] else [ ]);
};
}

6
modules/apps/misc/default.nix
View file

@ -33,11 +33,13 @@
++ (
if (config.apps.misc.bitwarden.enable) then
[ rbw ]
[
rbw
pinentry-curses
]
++ (
if (config.desktop.shell.rofi.enable) then
[
pinentry-curses
rofi-rbw
]
else

14
modules/apps/sync/default.nix
View file

@ -12,6 +12,9 @@
kde-connect = {
enable = lib.mkEnableOption "enable kde-connect";
};
nextcloud = {
enable = lib.mkEnableOption "enable nextcloud client";
};
syncthing = {
enable = lib.mkEnableOption "enable syncthing";
devices = lib.mkOption {
@ -30,6 +33,17 @@
};
};
config = {
environment.systemPackages =
with pkgs;
[ ]
++ (
if config.apps.sync.nextcloud.enable then
[
nextcloud-client
]
else
[ ]
);
programs = {
kdeconnect =
if config.apps.sync.kde-connect.enable then

12
modules/apps/terminal/kitty.nix
View file

@ -14,14 +14,10 @@
};
config = {
# apps.terminal =
# if (config.apps.terminal.default == "kitty") then
# {
# package = pkgs.kitty;
# binary = "${pkgs.kitty}/bin/kitty";
# }
# else
# { };
apps.terminal = {
package = pkgs.kitty;
binary = "${pkgs.kitty}/bin/kitty";
};
environment.systemPackages =
with pkgs;
[ ]

5
modules/apps/video/default.nix
View file

@ -22,7 +22,10 @@
++ (
if config.apps.video.base.enable then
[ mpv ]
[
mpv
yt-dlp
]
else
[ ]
)

1
modules/default.nix
View file

@ -9,6 +9,7 @@
imports = [
./apps
./desktop
./server
./system
./user
];

1
modules/desktop/display-manager.nix
View file

@ -29,6 +29,7 @@
};
programs = {
uwsm = {
enable = true;
waylandCompositors = {
hyprland =
if config.desktop.window-managers.hyprland.enable then

4
modules/desktop/window-managers/default.nix
View file

@ -29,6 +29,10 @@
default = "E";
description = "editor hotkey";
};
close-window = lib.mkOption {
default = "Q";
description = "close window hotkey";
};
};
};
};

2
modules/desktop/window-managers/sway.nix
View file

@ -19,7 +19,7 @@
{
enable = true;
wrapperFeatures.gtk = true;
package = null;
package = pkgs.swayfx;
}
else
{ };

14
modules/server/arr/default.nix
View file

@ -42,13 +42,13 @@
default = 8088;
};
password = lib.mkOption {
default = "EO3HgIK+QJNQN53efrF6zQ==:Ju6k++dsM4pLLgYjP9sLbUWOiNuQMrUH/g6QArdtKXzYisuzaR+XeJL4hEC9Zo3ekVa8EVnPnQu/mJoHxxkLOA==";
}
default = "";
};
};
};
};
config = {
config.server.arr = lib.mkIf config.server.arr.enable {
server.arr = lib.mkIf config.server.arr.enable {
prowlarr.enable = lib.mkDefault true;
radarr.enable = lib.mkDefault true;
sonarr.enable = lib.mkDefault true;
@ -58,28 +58,28 @@
services = {
prowlarr = lib.mkIf config.server.arr.prowlarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.prowlarr.port;
};
};
radarr = lib.mkIf config.server.arr.radarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.radarr.port;
};
};
sonarr = lib.mkIf config.server.arr.sonarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.sonarr.port;
};
};
lidarr = lib.mkIf config.server.arr.lidarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.lidarr.port;
};

12
modules/server/cloud/default.nix Normal file
View file

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./immich.nix
];
}

70
modules/server/cloud/immich.nix Normal file
View file

@ -0,0 +1,70 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.cloud.immich = {
enable = lib.mkEnableOption "enable immich";
port = lib.mkOption {
default = 2283;
description = "immich port";
};
public = lib.mkEnableOption "public immich";
subdomain = lib.mkOption {
default = "photos";
description = "immich subdomain";
};
};
};
config = {
users =
if config.server.cloud.immich.enable then
{
users.immich = {
isSystemUser = true;
createHome = true;
home = "/var/lib/immich";
group = "immich";
extraGroups = [
"video"
"render"
];
};
groups.immich = { };
}
else
{ };
services = {
immich = {
enable = config.server.cloud.immich.enable;
port = config.server.cloud.immich.port;
host = "127.0.0.1";
machine-learning = {
enable = true;
environment = {
MACHINE_LEARNING_MODEL_TTL = "600";
MACHINE_LEARNING_REQUEST_THREADS = "4";
MACHINE_LEARNING_MODEL_INTER_OP_THREADS = "2";
};
};
};
nginx =
if config.server.cloud.immich.enable && config.server.cloud.immich.public then
{
virtualHosts."${config.server.cloud.immich.subdomain}.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.cloud.immich.port}";
};
};
}
else
{ };
};
};
}

7
modules/server/default.nix
View file

@ -7,6 +7,11 @@
{
imports = [
./docker
./arr
./cloud
./media
./misc
./social
./nginx.nix
];
}

14
modules/server/docker/default.nix
View file

@ -1,14 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs = {
lazydocker = {
enable = true;
};
};
}

12
modules/server/media/default.nix Normal file
View file

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./jellyfin.nix
];
}

75
modules/server/media/jellyfin.nix
View file

@ -11,64 +11,67 @@
enable = lib.mkEnableOption "enable jelyfin";
port = lib.mkOption {
default = 8096;
description = "set jellyfin port"
description = "set jellyfin port";
};
public = {
enable = lib.mkEnableOption "make jellyfin public";
subdomain = lib.mkOption {
default = "watch";
description = "set jellyfin subdomain";
};
public = lib.mkEnableOption "make jellyfin public";
subdomain = lib.mkOption {
default = "watch";
description = "set jellyfin subdomain";
};
};
jellyseer = {
enable = lib.mkEnableOption "enable jellyseer";
port = lib.mkOption {
default = 8097;
description = "set jellyseer port"
description = "set jellyseer port";
};
public = {
enable = lib.mkEnableOption "make jellyseer public";
subdomain = lib.mkOption {
default = "jellyseer";
description = "set jellyseer subdomain";
};
public = lib.mkEnableOption "make jellyseer public";
subdomain = lib.mkOption {
default = "jellyseer";
description = "set jellyseer subdomain";
};
};
};
config = {
environment.systemPackages = config.server.jellyfin.enable [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
environment.systemPackages =
[ ]
++ (
if config.server.jellyfin.enable then
[
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
]
else
[ ]
);
services = {
jellyfin = lib.mkIf config.server.jellyfin.enable {
enable = true;
};
jellyseer = lib.mkIf config.server-jellyseer.enable {
seerr = lib.mkIf config.server.jellyseer.enable {
enable = true;
};
nginx.virtualHosts = {
"${config.server.jellyfin.public.subdomain}.${config.domain}" =
lib.mkIf config.server.jellyfin.public.enable
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyfin.port}";
"${config.server.jellyfin.subdomain}.${config.networking.domain}" =
lib.mkIf config.server.jellyfin.public
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyfin.port}";
};
};
};
"${config.server.jellyseer.public.subdomain}.${config.domain}" = lib.mkIf config.server.jellyfin.public.enable {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyseer.port}";
"${config.server.jellyseer.subdomain}.${config.networking.domain}" =
lib.mkIf config.server.jellyfin.public
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyseer.port}";
};
};
};
};
};
};
};
};

34
modules/server/misc/dawarich.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.misc.dawarich = {
enable = lib.mkEnableOption "enable dawarich";
port = lib.mkOption {
default = 2975;
description = "dawarich port";
};
public = lib.mkEnableOption "make dawarich public";
subdomain = lib.mkOption {
default = "dawarich";
description = "dawarich subdomain";
};
};
};
config = {
services.dawarich = {
enable = config.server.misc.dawarich.enable;
webPort = config.server.misc.dawarich.port;
localDomain =
if config.server.misc.dawarich.public then
"${config.server.misc.dawarich.subdomain}.${config.networking.domain}"
else
config.networking.hostName;
};
};
}

14
modules/server/misc/default.nix Normal file
View file

@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./dawarich.nix
./forgejo.nix
./lauti.nix
];
}

72
modules/server/misc/forgejo.nix Normal file
View file

@ -0,0 +1,72 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.misc.forgejo = {
enable = lib.mkEnableOption "enable forgejo";
port = lib.mkOption {
default = 2934;
description = "forgejo port";
};
public = lib.mkEnableOption "public forgejo";
subdomain = lib.mkOption {
default = "git";
description = "forgejo subdomain";
};
settings = {
app_name = lib.mkOption {
default = "${config.user.userName}'s code dump";
description = "forgejo app name";
};
app_slogan = lib.mkOption {
default = "if code could talk, mine would cry";
description = "forgejo app slogan";
};
};
};
};
config = {
services = {
forgejo = {
enable = config.server.misc.forgejo.enable;
database.type = "postgres";
settings = {
server = {
DOMAIN = "${config.server.misc.forgejo.subdomain}.${config.networking.domain}";
ROOT_URL = "https://${config.server.misc.forgejo.subdomain}.${config.networking.domain}";
HTTP_PORT = config.server.misc.forgejo.port;
};
DEFAULT = {
APP_NAME = config.server.misc.forgejo.settings.app_name;
APP_SLOGAN = config.server.misc.forgejo.settings.app_slogan;
};
REPOSITORY = {
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
};
service.DISABLE_REGISTRATION = true;
};
};
nginx = {
virtualHosts = {
"${config.server.misc.forgejo.subdomain}.${config.networking.domain}" =
if config.server.misc.forgejo.public then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.misc.forgejo.port}";
};
}
else
{ };
};
};
};
};
}

51
modules/server/misc/lauti.nix Normal file
View file

@ -0,0 +1,51 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.misc.lauti = {
enable = lib.mkEnableOption "enable lauti";
port = lib.mkOption {
default = 3333;
description = "lauti port";
};
public = lib.mkEnableOption "make lauti public";
subdomain = lib.mkOption {
default = "lauti";
description = "lauti subdomain";
};
};
};
config = {
services = {
eintopf = {
enable = config.server.misc.lauti.enable;
settings = {
LAUTI_ADMIN_EMAIL = "test@example.org";
LAUTI_BASE_URL = "https://freising.space";
LAUTI_OSM_TILE_CACHE_DIR = "/var/lib/eintopf/osm";
LAUTI_OSM_TILE_SERVER = "https://tile.openstreetmap.org/{z}/{x}/{y}.png";
LAUTI_TIMEZONE = "Europe/Berlin";
LAUTI_LANGUAGE = "en";
};
secrets = [ /etc/lauti-secrets ];
};
nginx = {
virtualHosts = {
${"freising.space"} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3333";
};
};
};
};
};
};
}

16
modules/server/nginx.nix
View file

@ -6,20 +6,6 @@
}:
{
options = {
domain = lib.mkOption {
default = "marty.tf";
description = "set domain name";
};
email = lib.mkOption {
default = "${config.user.userName}@${config.domain}";
description = "set email";
};
nginx = {
};
};
config = {
users = {
users = {
@ -50,7 +36,7 @@
security = {
acme = {
acceptTerms = true;
defaults.email = config.email;
defaults.email = config.user.email;
};
};
};

13
modules/server/social/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./gotosocial.nix
./synapse.nix
];
}

64
modules/server/social/gotosocial.nix Normal file
View file

@ -0,0 +1,64 @@
{
config,
pkgs,
inputs,
lib,
...
}:
{
options = {
server.social.gotosocial = {
enable = lib.mkEnableOption "enable gotosocial";
port = lib.mkOption {
default = 8008;
description = "gotosocial port";
};
public = lib.mkOption {
default = true;
description = "public gotosocial";
};
subdomain = lib.mkOption {
default = "fedi";
description = "gotosocial subdomain";
};
};
};
config = {
services = {
gotosocial = {
enable = config.server.social.gotosocial.enable;
settings = {
application_name = "The Martyverse";
host = "${config.server.social.gotosocial.subdomain}.${config.networking.domain}";
bind-address = "127.0.0.1";
port = config.server.social.gotosocial.port;
protocol = "https";
landing-page-user = "${config.user.userName}";
db-address = "/home/${config.user.userName}/gotosocial/storage/sqlite.db";
storage-local-base-path = "/home/${config.user.userName}/gotosocial/storage";
db-type = "sqlite";
accounts-allow-custom-css = true;
accounts-registration-open = true;
accounts-reason-required = true;
accounts-registration-backlog-limit = 20;
};
};
nginx = {
virtualHosts = {
"${config.server.social.gotosocial.subdomain}.${config.networking.domain}" =
if config.server.social.gotosocial.public && config.server.social.gotosocial.enable then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.social.gotosocial.port}";
proxyWebsockets = true;
};
}
else
{ };
};
};
};
};
}

116
modules/server/social/synapse.nix Normal file
View file

@ -0,0 +1,116 @@
{
config,
lib,
pkgs,
...
}:
let
fqdn = "${config.server.synapse.subdomain}.${config.networking.domain}";
baseUrl = "https://${fqdn}";
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${fqdn}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in
{
options = {
server.synapse = {
enable = lib.mkEnableOption "enable synapse";
subdomain = lib.mkOption {
default = "yap";
description = "synapse subdomain";
};
port = lib.mkOption {
default = 8008;
description = "synapse port";
};
};
};
config = {
services =
if config.server.synapse.enable then
{
postgresql.enable = true;
matrix-synapse = {
enable = true;
configureRedisLocally = true;
extras = [
"cache-memory" # Provide statistics about caching memory consumption
"jwt" # JSON Web Token authentication
"oidc" # OpenID Connect authentication
"postgres" # PostgreSQL database backend
"redis" # Redis support for the replication stream between worker processes
#"saml2" # SAML2 authentication
"sentry" # Error tracking and performance metrics
"systemd" # Provide the JournalHandler used in the default log_config
"url-preview" # Support for oEmbed URL previews
];
settings = {
url_preview_enabled = true;
server_name = "${config.networking.domain}";
public_baseurl = baseUrl;
media_store_path = "/mnt/Data/Matrix/Media";
max_upload_size = "10G";
enable_registration = false;
generic = {
enabled = true;
outbound = true;
urlPrefix = "https://https://yap.marty.tf/webhooks/";
allowJsTransformationFunctions = false;
waitForComplete = false;
enableHttpGet = false;
};
listeners = [
{
port = config.server.synapse.port;
bind_addresses = [ "127.0.0.1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [
"client"
"federation"
];
compress = true;
}
];
}
];
};
};
nginx = {
virtualHosts = {
"${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
"${config.server.synapse.subdomain}.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations = {
"~ ^(/_matrix|/_synapse/client|/)" = {
proxyPass = "http://127.0.0.1:${toString config.server.synapse.port}";
proxyWebsockets = true;
extraConfig =
"proxy_set_header X-Forwarded-For $remote_addr;"
+ "proxy_set_header X-Forwarded-Proto $scheme;"
+ "proxy_set_header Host $host:$server_port;";
};
};
};
};
};
}
else
{ };
};
}

13
modules/system/bluetooth.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
...
}:
{
environment.systemPackages = with pkgs; [
bluez
bluetuith
];
}

3
modules/system/default.nix
View file

@ -7,12 +7,13 @@
{
imports = [
./bluetooth.nix
./boot.nix
./git.nix
./shell.nix
./networking.nix
./localization.nix
./fira-code.nix
./fonts.nix
./nixos-cli.nix
./ssh.nix
];

0
modules/system/fira-code.nix → modules/system/fonts.nix
View file

5
modules/system/networking.nix
View file

@ -2,7 +2,7 @@
{
networking = {
domain = "maty.tf";
domain = "marty.tf";
networkmanager.enable = true;
firewall = {
enable = true;
@ -39,4 +39,7 @@
};
};
};
environment.systemPackages = with pkgs; [
oniux
];
}