marty/config.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

server and other shit

Browse source
This commit is contained in:
martyTF 2026-04-11 17:21:28 +02:00
parent 270e1a0be4
commit 804371bf96
65 changed files with 1428 additions and 619 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/apps/audio/default.nix
View file

@ -24,6 +24,7 @@
[
pavucontrol
playerctl
streamrip
]
else
[ ]

2
modules/apps/default.nix
View file

@ -11,6 +11,8 @@
./development
./gaming
./image
./internet
./messaging
./misc
./peripherals
./video

12
modules/apps/development/editor.nix
View file

@ -7,7 +7,7 @@
{
options = {
development = {
apps.development = {
editor = {
vscodium.enable = lib.mkEnableOption "enable vscodium";
emacs.enable = lib.mkEnableOption "enable emacs";
@ -25,15 +25,15 @@
[
nixfmt
]
++ (if config.development.editor.vscodium.enable then [ vscodium ] else [ ]);
++ (if config.apps.development.editor.vscodium.enable then [ vscodium ] else [ ]);
programs = {
vscode =
if config.development.editor.vscodium.enable then
if config.apps.development.editor.vscodium.enable then
{
enable = true;
package = pkgs.vscodium;
defaultEditor = if (config.development.editor.default == "vscodium") then true else false;
defaultEditor = if (config.apps.development.editor.default == "vscodium") then true else false;
# profiles.default.extensions = with pkgs.vscode-extensions; [
# catppuccin.catppuccin-vsc
# catppuccin.catppuccin-vsc-icons
@ -51,11 +51,11 @@
};
services = {
emacs =
if config.development.editor.emacs.enable then
if config.apps.development.editor.emacs.enable then
{
enable = true;
install = true;
defaultEditor = if (config.development.editor.default == "emacs") then true else false;
defaultEditor = if (config.apps.development.editor.default == "emacs") then true else false;
}
else
{ };

21
modules/apps/internet/browser.nix
View file

@ -2,6 +2,7 @@
config,
lib,
pkgs,
inputs,
...
}:
@ -10,13 +11,25 @@
apps.internet.browsers = {
zen-browser = {
enable = lib.mkEnableOption "enable zen browser";
package = inputs.zen-browser.packages.${pkgs.stdenv.hostPlatform.system}.default;
binary = "${config.apps.internet.browsers.zen-browser.package}/bin/zen";
package = lib.mkOption {
default = inputs.zen-browser.packages.${pkgs.stdenv.hostPlatform.system}.default;
description = "zen browser package";
};
binary = lib.mkOption {
default = "${config.apps.internet.browsers.zen-browser.package}/bin/zen";
description = "zen browser binary";
};
};
tor-browser = {
enable = lib.mkEnableOption "enable tor browser";
package = pkgs.tor-browser;
binary = "${config.apps.internet.browsers.tor-browser.package}/bin/tor-browser";
package = lib.mkOption {
default = pkgs.tor-browser;
description = "zen browser package";
};
binary = lib.mkOption {
default = "${config.apps.internet.browsers.tor-browser.package}/bin/tor-browser";
description = "zen browser binary";
};
};
default = lib.mkOption {
default = "zen";

35
modules/apps/internet/mail.nix Normal file
View file

@ -0,0 +1,35 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
apps.internet = {
mail.enable = lib.mkEnableOption "enable e-mail";
mail.providers.protonmail.enable = lib.mkEnableOption "enable protonmail";
};
};
config = {
programs = {
thunderbird =
if config.apps.internet.mail.enable then
{
enable = true;
}
else
{ };
};
services = {
protonmail-bridge =
if config.apps.internet.mail.providers.protonmail.enable then
{
enable = true;
}
else
{ };
};
};
}

26
modules/apps/messaging/default.nix Normal file
View file

@ -0,0 +1,26 @@
{
config,
lib,
pkgs,
inputs,
...
}:
{
options = {
apps.messaging = {
signal.enable = lib.mkEnableOption "enable signal";
element = {
enable = lib.mkEnableOption "enable element";
selfhosted = lib.mkEnableOption "selfhosted matrix server?";
};
};
};
config = {
environment.systemPackages =
with pkgs;
[ ]
++ (if config.apps.messaging.element.enable then [ element-desktop ] else [ ])
++ (if config.apps.messaging.signal.enable then [ signal-desktop ] else [ ]);
};
}

6
modules/apps/misc/default.nix
View file

@ -33,11 +33,13 @@
++ (
if (config.apps.misc.bitwarden.enable) then
[ rbw ]
[
rbw
pinentry-curses
]
++ (
if (config.desktop.shell.rofi.enable) then
[
pinentry-curses
rofi-rbw
]
else

14
modules/apps/sync/default.nix
View file

@ -12,6 +12,9 @@
kde-connect = {
enable = lib.mkEnableOption "enable kde-connect";
};
nextcloud = {
enable = lib.mkEnableOption "enable nextcloud client";
};
syncthing = {
enable = lib.mkEnableOption "enable syncthing";
devices = lib.mkOption {
@ -30,6 +33,17 @@
};
};
config = {
environment.systemPackages =
with pkgs;
[ ]
++ (
if config.apps.sync.nextcloud.enable then
[
nextcloud-client
]
else
[ ]
);
programs = {
kdeconnect =
if config.apps.sync.kde-connect.enable then

12
modules/apps/terminal/kitty.nix
View file

@ -14,14 +14,10 @@
};
config = {
# apps.terminal =
# if (config.apps.terminal.default == "kitty") then
# {
# package = pkgs.kitty;
# binary = "${pkgs.kitty}/bin/kitty";
# }
# else
# { };
apps.terminal = {
package = pkgs.kitty;
binary = "${pkgs.kitty}/bin/kitty";
};
environment.systemPackages =
with pkgs;
[ ]

5
modules/apps/video/default.nix
View file

@ -22,7 +22,10 @@
++ (
if config.apps.video.base.enable then
[ mpv ]
[
mpv
yt-dlp
]
else
[ ]
)

1
modules/default.nix
View file

@ -9,6 +9,7 @@
imports = [
./apps
./desktop
./server
./system
./user
];

40
modules/desktop/display-manager.nix
View file

@ -29,35 +29,35 @@
};
programs = {
uwsm = {
waylandCompositors = {
hyprland =
if config.desktop.window-managers.hyprland.enable then
{
enable = true;
waylandCompositors =
if config.desktop.window-managers.hyprland.enable then
{
hyprland = {
prettyName = "Hyprland";
comment = "Hyprland";
binPath = "${config.programs.hyprland.package}/bin/start-hyprland";
}
else
{ };
sway =
if config.desktop.window-managers.sway.enable then
{
};
}
else if config.desktop.window-managers.sway.enable then
{
sway = {
prettyName = "Sway";
comment = "Sway";
binPath = "${config.programs.sway.package}/bin/sway --session";
}
else
{ };
niri =
if config.desktop.window-managers.niri.enable then
{
};
}
else if config.desktop.window-managers.niri.enable then
{
niri = {
prettyName = "Niri";
comment = "Niri";
binPath = "${config.programs.niri.package}/bin/niri-session";
}
else
{ };
};
};
}
else
{ };
};
};
xdg.portal.enable = true;

4
modules/desktop/window-managers/default.nix
View file

@ -29,6 +29,10 @@
default = "E";
description = "editor hotkey";
};
close-window = lib.mkOption {
default = "Q";
description = "close window hotkey";
};
};
};
};

2
modules/desktop/window-managers/sway.nix
View file

@ -19,7 +19,7 @@
{
enable = true;
wrapperFeatures.gtk = true;
package = null;
package = pkgs.swayfx;
}
else
{ };

14
modules/server/arr/default.nix
View file

@ -42,13 +42,13 @@
default = 8088;
};
password = lib.mkOption {
default = "EO3HgIK+QJNQN53efrF6zQ==:Ju6k++dsM4pLLgYjP9sLbUWOiNuQMrUH/g6QArdtKXzYisuzaR+XeJL4hEC9Zo3ekVa8EVnPnQu/mJoHxxkLOA==";
}
default = "";
};
};
};
};
config = {
config.server.arr = lib.mkIf config.server.arr.enable {
server.arr = lib.mkIf config.server.arr.enable {
prowlarr.enable = lib.mkDefault true;
radarr.enable = lib.mkDefault true;
sonarr.enable = lib.mkDefault true;
@ -58,28 +58,28 @@
services = {
prowlarr = lib.mkIf config.server.arr.prowlarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.prowlarr.port;
};
};
radarr = lib.mkIf config.server.arr.radarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.radarr.port;
};
};
sonarr = lib.mkIf config.server.arr.sonarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.sonarr.port;
};
};
lidarr = lib.mkIf config.server.arr.lidarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.lidarr.port;
};

13
modules/server/cloud/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./immich.nix
./nextcloud.nix
];
}

70
modules/server/cloud/immich.nix Normal file
View file

@ -0,0 +1,70 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.cloud.immich = {
enable = lib.mkEnableOption "enable immich";
port = lib.mkOption {
default = 2283;
description = "immich port";
};
public = lib.mkEnableOption "public immich";
subdomain = lib.mkOption {
default = "photos";
description = "immich subdomain";
};
};
};
config = {
users =
if config.server.cloud.immich.enable then
{
users.immich = {
isSystemUser = true;
createHome = true;
home = "/var/lib/immich";
group = "immich";
extraGroups = [
"video"
"render"
];
};
groups.immich = { };
}
else
{ };
services = {
immich = {
enable = config.server.cloud.immich.enable;
port = config.server.cloud.immich.port;
host = "127.0.0.1";
machine-learning = {
enable = true;
environment = {
MACHINE_LEARNING_MODEL_TTL = "600";
MACHINE_LEARNING_REQUEST_THREADS = "4";
MACHINE_LEARNING_MODEL_INTER_OP_THREADS = "2";
};
};
};
nginx =
if config.server.cloud.immich.enable && config.server.cloud.immich.public then
{
virtualHosts."${config.server.cloud.immich.subdomain}.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.cloud.immich.port}";
};
};
}
else
{ };
};
};
}

93
modules/server/cloud/nextcloud.nix Normal file
View file

@ -0,0 +1,93 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.cloud.nextcloud = {
enable = lib.mkEnableOption "enable nextcloud";
port = lib.mkOption {
default = 8009;
description = "nextcloud port";
};
public = lib.mkEnableOption "make nextcloud public";
subdomain = lib.mkOption {
default = "nextcloud";
description = "nextcloud subdomain";
};
};
};
config = {
services = {
nextcloud = {
enable = config.server.cloud.nextcloud.enable;
configureRedis = true;
package = pkgs.nextcloud33;
hostName = "nextcloud-net";
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
adminpassFile = "/home/marty/secrets/nextcloud";
adminuser = "admin";
};
settings = {
trusted_proxies = [
"localhost"
"127.0.0.1"
"${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}"
config.networking.hostName
];
trusted_domains = [
"${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}"
config.networking.hostName
];
skeletondirectory = "";
preview_ffmpeg_path = "${pkgs.ffmpeg}/bin/ffmpeg";
log_type = "file";
logfile = "nextcloud.log";
loglevel = 0;
};
};
postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";
ensureDBOwnership = true;
}
];
};
nginx = {
virtualHosts = {
"nextcloud-net".listen = [
{
addr = "0.0.0.0";
port = config.server.cloud.nextcloud.port;
}
];
"${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}" =
if config.server.cloud.nextcloud.public then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.cloud.nextcloud.port}";
};
}
else
{ };
};
};
};
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
};
}

7
modules/server/default.nix
View file

@ -7,6 +7,11 @@
{
imports = [
./docker
./arr
./cloud
./media
./misc
./social
./nginx.nix
];
}

14
modules/server/docker/default.nix
View file

@ -1,14 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs = {
lazydocker = {
enable = true;
};
};
}

13
modules/server/media/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./jellyfin.nix
./navidrome.nix
];
}

75
modules/server/media/jellyfin.nix
View file

@ -11,64 +11,67 @@
enable = lib.mkEnableOption "enable jelyfin";
port = lib.mkOption {
default = 8096;
description = "set jellyfin port"
description = "set jellyfin port";
};
public = {
enable = lib.mkEnableOption "make jellyfin public";
subdomain = lib.mkOption {
default = "watch";
description = "set jellyfin subdomain";
};
public = lib.mkEnableOption "make jellyfin public";
subdomain = lib.mkOption {
default = "watch";
description = "set jellyfin subdomain";
};
};
jellyseer = {
enable = lib.mkEnableOption "enable jellyseer";
port = lib.mkOption {
default = 8097;
description = "set jellyseer port"
description = "set jellyseer port";
};
public = {
enable = lib.mkEnableOption "make jellyseer public";
subdomain = lib.mkOption {
default = "jellyseer";
description = "set jellyseer subdomain";
};
public = lib.mkEnableOption "make jellyseer public";
subdomain = lib.mkOption {
default = "jellyseer";
description = "set jellyseer subdomain";
};
};
};
config = {
environment.systemPackages = config.server.jellyfin.enable [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
environment.systemPackages =
[ ]
++ (
if config.server.jellyfin.enable then
[
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
]
else
[ ]
);
services = {
jellyfin = lib.mkIf config.server.jellyfin.enable {
enable = true;
};
jellyseer = lib.mkIf config.server-jellyseer.enable {
seerr = lib.mkIf config.server.jellyseer.enable {
enable = true;
};
nginx.virtualHosts = {
"${config.server.jellyfin.public.subdomain}.${config.domain}" =
lib.mkIf config.server.jellyfin.public.enable
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyfin.port}";
"${config.server.jellyfin.subdomain}.${config.networking.domain}" =
lib.mkIf config.server.jellyfin.public
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyfin.port}";
};
};
};
"${config.server.jellyseer.public.subdomain}.${config.domain}" = lib.mkIf config.server.jellyfin.public.enable {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyseer.port}";
"${config.server.jellyseer.subdomain}.${config.networking.domain}" =
lib.mkIf config.server.jellyfin.public
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyseer.port}";
};
};
};
};
};
};
};
};

66
modules/server/media/navidrome.nix Normal file
View file

@ -0,0 +1,66 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.media.navidrome = {
enable = lib.mkEnableOption "enable navidrome";
port = lib.mkOption {
default = 4533;
description = "navidrome port";
};
public = lib.mkEnableOption "make navidrome public";
subdomain = lib.mkOption {
default = "music";
description = "navidrome subdomain";
};
};
};
config = {
services = {
navidrome = {
enable = config.server.media.navidrome.enable;
user = config.user.userName;
group = "users";
settings = {
Address = "0.0.0.0";
Port = config.server.media.navidrome.port;
MusicFolder = "/mnt/Data/Media/Music";
Agents = "lastfm";
AlbumPlayCountMode = "normalized";
EnableDownloads = true;
EnableFavourites = true;
EnableNowPlaying = true;
EnableStarRating = true;
EnableUserEditing = true;
LastFM.Enabled = true;
LastFM.Language = "en";
LastFM.ScrobbleFirstArtistOnly = false;
ListenBrainz.Enabled = true;
Scanner.Enabled = true;
Scanner.Schedule = "1h";
Subsonic.ArtistParticipations = true;
};
};
nginx = {
virtualHosts = {
"${config.server.media.navidrome.subdomain}.${config.networking.domain}" =
if config.server.media.navidrome.public then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.media.navidrome.port}";
};
}
else
{ };
};
};
};
};
}

34
modules/server/misc/dawarich.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.misc.dawarich = {
enable = lib.mkEnableOption "enable dawarich";
port = lib.mkOption {
default = 2975;
description = "dawarich port";
};
public = lib.mkEnableOption "make dawarich public";
subdomain = lib.mkOption {
default = "dawarich";
description = "dawarich subdomain";
};
};
};
config = {
services.dawarich = {
enable = config.server.misc.dawarich.enable;
webPort = config.server.misc.dawarich.port;
localDomain =
if config.server.misc.dawarich.public then
"${config.server.misc.dawarich.subdomain}.${config.networking.domain}"
else
config.networking.hostName;
};
};
}

14
modules/server/misc/default.nix Normal file
View file

@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./dawarich.nix
./forgejo.nix
./lauti.nix
];
}

72
modules/server/misc/forgejo.nix Normal file
View file

@ -0,0 +1,72 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.misc.forgejo = {
enable = lib.mkEnableOption "enable forgejo";
port = lib.mkOption {
default = 2934;
description = "forgejo port";
};
public = lib.mkEnableOption "public forgejo";
subdomain = lib.mkOption {
default = "git";
description = "forgejo subdomain";
};
settings = {
app_name = lib.mkOption {
default = "${config.user.userName}'s code dump";
description = "forgejo app name";
};
app_slogan = lib.mkOption {
default = "if code could talk, mine would cry";
description = "forgejo app slogan";
};
};
};
};
config = {
services = {
forgejo = {
enable = config.server.misc.forgejo.enable;
database.type = "postgres";
settings = {
server = {
DOMAIN = "${config.server.misc.forgejo.subdomain}.${config.networking.domain}";
ROOT_URL = "https://${config.server.misc.forgejo.subdomain}.${config.networking.domain}";
HTTP_PORT = config.server.misc.forgejo.port;
};
DEFAULT = {
APP_NAME = config.server.misc.forgejo.settings.app_name;
APP_SLOGAN = config.server.misc.forgejo.settings.app_slogan;
};
REPOSITORY = {
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
};
service.DISABLE_REGISTRATION = true;
};
};
nginx = {
virtualHosts = {
"${config.server.misc.forgejo.subdomain}.${config.networking.domain}" =
if config.server.misc.forgejo.public then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.misc.forgejo.port}";
};
}
else
{ };
};
};
};
};
}

54
modules/server/misc/lauti.nix Normal file
View file

@ -0,0 +1,54 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.misc.lauti = {
enable = lib.mkEnableOption "enable lauti";
port = lib.mkOption {
default = 3333;
description = "lauti port";
};
public = lib.mkEnableOption "make lauti public";
subdomain = lib.mkOption {
default = "lauti";
description = "lauti subdomain";
};
};
};
config = {
services = {
lauti = {
enable = config.server.misc.lauti.enable;
settings = {
LAUTI_ADMIN_EMAIL = "lauti@${config.networking.domain}";
LAUTI_BASE_URL = "https://${config.server.misc.lauti.subdomain}.${config.networking.domain}";
LAUTI_OSM_TILE_CACHE_DIR = "/var/lib/lauti/osm";
LAUTI_OSM_TILE_SERVER = "https://tile.openstreetmap.org/{z}/{x}/{y}.png";
LAUTI_TIMEZONE = "Europe/Berlin";
LAUTI_LANGUAGE = config.console.keyMap;
};
secrets = [ /home/${config.user.userName}/secrets/lauti ];
};
nginx = {
virtualHosts = {
"${config.server.misc.lauti.subdomain}.${config.networking.domain}" =
if config.server.misc.lauti.public then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.misc.lauti.port}";
};
}
else
{ };
};
};
};
};
}

16
modules/server/nginx.nix
View file

@ -6,20 +6,6 @@
}:
{
options = {
domain = lib.mkOption {
default = "marty.tf";
description = "set domain name";
};
email = lib.mkOption {
default = "${config.user.userName}@${config.domain}";
description = "set email";
};
nginx = {
};
};
config = {
users = {
users = {
@ -50,7 +36,7 @@
security = {
acme = {
acceptTerms = true;
defaults.email = config.email;
defaults.email = config.user.email;
};
};
};

13
modules/server/social/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./gotosocial.nix
./synapse.nix
];
}

64
modules/server/social/gotosocial.nix Normal file
View file

@ -0,0 +1,64 @@
{
config,
pkgs,
inputs,
lib,
...
}:
{
options = {
server.social.gotosocial = {
enable = lib.mkEnableOption "enable gotosocial";
port = lib.mkOption {
default = 8008;
description = "gotosocial port";
};
public = lib.mkOption {
default = true;
description = "public gotosocial";
};
subdomain = lib.mkOption {
default = "fedi";
description = "gotosocial subdomain";
};
};
};
config = {
services = {
gotosocial = {
enable = config.server.social.gotosocial.enable;
settings = {
application_name = "The Martyverse";
host = "${config.server.social.gotosocial.subdomain}.${config.networking.domain}";
bind-address = "127.0.0.1";
port = config.server.social.gotosocial.port;
protocol = "https";
landing-page-user = "${config.user.userName}";
db-address = "/home/${config.user.userName}/gotosocial/storage/sqlite.db";
storage-local-base-path = "/home/${config.user.userName}/gotosocial/storage";
db-type = "sqlite";
accounts-allow-custom-css = true;
accounts-registration-open = true;
accounts-reason-required = true;
accounts-registration-backlog-limit = 20;
};
};
nginx = {
virtualHosts = {
"${config.server.social.gotosocial.subdomain}.${config.networking.domain}" =
if config.server.social.gotosocial.public && config.server.social.gotosocial.enable then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.social.gotosocial.port}";
proxyWebsockets = true;
};
}
else
{ };
};
};
};
};
}

117
modules/server/social/synapse.nix Normal file
View file

@ -0,0 +1,117 @@
{
config,
lib,
pkgs,
...
}:
let
fqdn = "${config.server.synapse.subdomain}.${config.networking.domain}";
baseUrl = "https://${fqdn}";
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${fqdn}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in
{
options = {
server.synapse = {
enable = lib.mkEnableOption "enable synapse";
subdomain = lib.mkOption {
default = "yap";
description = "synapse subdomain";
};
port = lib.mkOption {
default = 8008;
description = "synapse port";
};
};
};
config = {
services =
if config.server.synapse.enable then
{
postgresql.enable = true;
matrix-synapse = {
enable = true;
configureRedisLocally = true;
extras = [
"cache-memory" # Provide statistics about caching memory consumption
"jwt" # JSON Web Token authentication
"oidc" # OpenID Connect authentication
"postgres" # PostgreSQL database backend
"redis" # Redis support for the replication stream between worker processes
#"saml2" # SAML2 authentication
"sentry" # Error tracking and performance metrics
"systemd" # Provide the JournalHandler used in the default log_config
"url-preview" # Support for oEmbed URL previews
];
settings = {
url_preview_enabled = true;
server_name = "${config.networking.domain}";
public_baseurl = baseUrl;
media_store_path = "/mnt/Data/Matrix/Media";
max_upload_size = "10G";
enable_registration = false;
registration_shared_secret = "";
generic = {
enabled = true;
outbound = true;
urlPrefix = "https://https://yap.marty.tf/webhooks/";
allowJsTransformationFunctions = false;
waitForComplete = false;
enableHttpGet = false;
};
listeners = [
{
port = config.server.synapse.port;
bind_addresses = [ "127.0.0.1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [
"client"
"federation"
];
compress = true;
}
];
}
];
};
};
nginx = {
virtualHosts = {
"${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
"${config.server.synapse.subdomain}.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations = {
"~ ^(/_matrix|/_synapse/client|/)" = {
proxyPass = "http://127.0.0.1:${toString config.server.synapse.port}";
proxyWebsockets = true;
extraConfig =
"proxy_set_header X-Forwarded-For $remote_addr;"
+ "proxy_set_header X-Forwarded-Proto $scheme;"
+ "proxy_set_header Host $host:$server_port;";
};
};
};
};
};
}
else
{ };
};
}

13
modules/system/bluetooth.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
...
}:
{
environment.systemPackages = with pkgs; [
bluez
bluetuith
];
}

3
modules/system/default.nix
View file

@ -7,12 +7,13 @@
{
imports = [
./bluetooth.nix
./boot.nix
./git.nix
./shell.nix
./networking.nix
./localization.nix
./fira-code.nix
./fonts.nix
./nixos-cli.nix
./ssh.nix
];

0
modules/system/fira-code.nix → modules/system/fonts.nix
View file

81
modules/system/networking.nix
View file

@ -1,42 +1,59 @@
{ config, pkgs, ... }:
{
config,
pkgs,
lib,
...
}:
{
networking = {
domain = "maty.tf";
networkmanager.enable = true;
firewall = {
enable = true;
allowedUDPPorts = [
config.services.tailscale.port
53317
16261
16262
];
allowedTCPPorts = [
53317
16261
16262
];
trustedInterfaces = [ "tailscale0" ];
options = {
system.hostname = lib.mkOption {
default = "${config.user.userName}-device";
description = "hostname";
};
};
services = {
tailscale = {
enable = true;
extraSetFlags = [
"--ssh"
];
config = {
networking = {
domain = "marty.tf";
hostName = config.system.hostname;
networkmanager.enable = true;
firewall = {
enable = true;
allowedUDPPorts = [
config.services.tailscale.port
53317
16261
16262
];
allowedTCPPorts = [
53317
16261
16262
];
trustedInterfaces = [ "tailscale0" ];
};
};
};
hardware = {
bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Experimental = true;
services = {
tailscale = {
enable = true;
extraSetFlags = [
"--ssh"
];
};
};
hardware = {
bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Experimental = true;
};
};
};
};
environment.systemPackages = with pkgs; [
oniux
];
};
}