anotherhadi/nixy
1
Fork 0
mirror of https://github.com/anotherhadi/nixy.git synced 2026-04-02 03:12:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

update/format configuration for jack

Browse Source 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
This commit is contained in:
Hadi
2025-07-16 19:51:05 +02:00
parent 18c8afb616
commit 72e4be86eb
30 changed files with 466 additions and 589 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
flake.nix
View File

@@ -16,16 +16,11 @@
nixcord.url = "github:kaylorben/nixcord";
sops-nix.url = "github:Mic92/sops-nix";
nixarr.url = "github:rasmus-kirk/nixarr";
anyrun.url = "github:fufexan/anyrun/launch-prefix";
nvf.url = "github:notashelf/nvf";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
spicetify-nix = {
url = "github:Gerg-L/spicetify-nix";
inputs.nixpkgs.follows = "nixpkgs";

29
hosts/laptop/secrets/default.nix
View File

@@ -1,19 +1,23 @@
# Those are my secrets, encrypted with sops
# You shouldn't import this file, unless you edit it
{ pkgs, inputs, ... }: {
imports = [ inputs.sops-nix.homeManagerModules.sops ];
{
pkgs,
inputs,
...
}: {
imports = [inputs.sops-nix.homeManagerModules.sops];
sops = {
age.keyFile = "/home/hadi/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
sshconfig = { path = "/home/hadi/.ssh/config"; };
github-key = { path = "/home/hadi/.ssh/github"; };
gitlab-key = { path = "/home/hadi/.ssh/gitlab"; };
jack-key = { path = "/home/hadi/.ssh/jack"; };
signing-key = { path = "/home/hadi/.ssh/key"; };
signing-pub-key = { path = "/home/hadi/.ssh/key.pub"; };
pia = { path = "/home/hadi/.config/pia/pia.ovpn"; };
sshconfig = {path = "/home/hadi/.ssh/config";};
github-key = {path = "/home/hadi/.ssh/github";};
gitlab-key = {path = "/home/hadi/.ssh/gitlab";};
jack-key = {path = "/home/hadi/.ssh/jack";};
signing-key = {path = "/home/hadi/.ssh/key";};
signing-pub-key = {path = "/home/hadi/.ssh/key.pub";};
pia = {path = "/home/hadi/.config/pia/pia.ovpn";};
};
};
@@ -31,9 +35,8 @@
- *primary
'';
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
home.packages = with pkgs; [ sops age ];
systemd.user.services.mbsync.Unit.After = ["sops-nix.service"];
home.packages = with pkgs; [sops age];
wayland.windowManager.hyprland.settings.exec-once =
[ "systemctl --user start sops-nix" ];
wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"];
}

5
hosts/server/configuration.nix
View File

@@ -1,5 +1,6 @@
{config, ...}: {
imports = [
# NixOS module
../../nixos/home-manager.nix
../../nixos/nix.nix
../../nixos/systemd-boot.nix
@@ -8,6 +9,7 @@
../../nixos/docker.nix
../../nixos/tailscale.nix
# NixOS server modules
../../server-modules/ssh.nix
../../server-modules/bitwarden.nix
../../server-modules/firewall.nix
@@ -15,12 +17,9 @@
../../server-modules/nextcloud.nix
../../server-modules/glance.nix
../../server-modules/adguardhome.nix
../../server-modules/hoarder.nix
../../server-modules/arr.nix
../../server-modules/mealie.nix
# ../../server-modules/meilisearch.nix
../../server-modules/search-nixos-api.nix
# ../../server-modules/headscale.nix
# You should let those lines as is
./hardware-configuration.nix

23
hosts/server/hardware-configuration.nix
View File

@@ -1,13 +1,18 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/350cf109-5380-4982-8a9e-279a9275ee18";
fsType = "ext4";
@@ -15,9 +20,9 @@
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/DD15-1125";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
options = ["fmask=0077" "dmask=0077"];
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction

7
hosts/server/home.nix
View File

@@ -1,5 +1,8 @@
{ pkgs, config, ... }: {
{
pkgs,
config,
...
}: {
imports = [
# Mostly user-specific configuration
./variables.nix

4
hosts/server/secrets/default.nix
View File

@@ -23,10 +23,6 @@
path = "/home/hadi/.ssh/key.pub";
mode = "0600";
};
cloudflare-dns-token = {path = "/etc/cloudflare/dnskey.txt";};
nextcloud-pwd = {path = "/etc/nextcloud/pwd.txt";};
adguard-pwd = {};
hoarder = {};
};
};

12
hosts/server/variables.nix
View File

@@ -1,4 +1,8 @@
{ config, lib, ... }: {
{
config,
lib,
...
}: {
imports = [
# Choose your theme here:
../../themes/nixy.nix
@@ -7,7 +11,9 @@
config.var = {
hostname = "jack";
username = "hadi";
configDirectory = "/home/" + config.var.username
configDirectory =
"/home/"
+ config.var.username
+ "/.config/nixos"; # The path of the nixos configuration directory
keyboardLayout = "fr";
@@ -30,7 +36,7 @@
options = {
var = lib.mkOption {
type = lib.types.attrs;
default = { };
default = {};
};
};
}

1
nixos/audio.nix
View File

@@ -1,3 +1,4 @@
# Audio configuration for NixOS using PipeWire
{
security.rtkit.enable = true;
services.pulseaudio.enable = false;

1
nixos/bluetooth.nix
View File

@@ -1,3 +1,4 @@
# Bluetooth configuration for NixOS
{pkgs, ...}: {
environment.systemPackages = with pkgs; [blueman];
hardware.bluetooth = {

1
nixos/docker.nix
View File

@@ -1,3 +1,4 @@
# Docker is a containerization platform that allows you to run applications in isolated environments called containers.
{config, ...}: {
virtualisation.docker.enable = true;
users.users."${config.var.username}".extraGroups = ["docker"];

1
nixos/fonts.nix
View File

@@ -1,3 +1,4 @@
# Fonts configuration for NixOS
{pkgs, ...}: {
fonts = {
packages = with pkgs; [

1
nixos/home-manager.nix
View File

@@ -1,3 +1,4 @@
# Home-manager configuration for NixOS
{inputs, ...}: {
home-manager = {
useGlobalPkgs = true;

1
nixos/hyprland.nix
View File

@@ -1,3 +1,4 @@
# Hyprland is a dynamic tiling Wayland compositor.
{
inputs,
pkgs,

1
nixos/nix.nix
View File

@@ -1,3 +1,4 @@
# Nix configuration for NixOS
{
config,
inputs,

2
nixos/nvidia.nix
View File

@@ -1,3 +1,5 @@
# Nvidia configuration for NixOS with Wayland and Hyprland support
# Import this module only if you have an Nvidia GPU
{
pkgs,
config,

2
nixos/omen.nix
View File

@@ -1,3 +1,5 @@
# Omen laptop configuration for NixOS
# Import this only if you have an HP Omen laptop
{
config,
pkgs,

1
nixos/systemd-boot.nix
View File

@@ -1,3 +1,4 @@
# Systemd-boot configuration for NixOS
{pkgs, ...}: {
boot = {
bootspec.enable = true;

1
nixos/users.nix
View File

@@ -1,3 +1,4 @@
# Users configuration for NixOS
{
config,
pkgs,

1
nixos/utils.nix
View File

@@ -1,3 +1,4 @@
# Misc
{
pkgs,
config,

7
server-modules/arr.nix
View File

@@ -1,3 +1,6 @@
# *arr is a collection of media management applications.
# See https://github.com/rasmus-kirk/nixarr
# Setup guide: https://nixarr.com/wiki/setup/
{config, ...}: let
domain = "hadi.diy";
mkVirtualHost = port: {
@@ -5,10 +8,10 @@
forceSSL = true;
locations."/" = {proxyPass = "http://127.0.0.1:${toString port}";};
};
my-username = config.var.username;
username = config.var.username;
in {
# Add my user to the media group
users.users."${my-username}".extraGroups = ["media"];
users.users."${username}".extraGroups = ["media"];
# Add my secrets
sops.secrets = {

617
server-modules/glance.nix
View File

@@ -1,323 +1,316 @@
{ config, lib, ... }:
let
# Glance is a self-hosted homepage/dashboard service.
{
config,
lib,
...
}: let
domain = "start.hadi.diy";
rgb-to-hsl = color:
let
r = ((lib.toInt config.lib.stylix.colors."${color}-rgb-r") * 100.0) / 255;
g = ((lib.toInt config.lib.stylix.colors."${color}-rgb-g") * 100.0) / 255;
b = ((lib.toInt config.lib.stylix.colors."${color}-rgb-b") * 100.0) / 255;
max = lib.max r (lib.max g b);
min = lib.min r (lib.min g b);
delta = max - min;
fmod = base: int: base - (int * builtins.floor (base / int));
h = if delta == 0 then
0
else if max == r then
60 * (fmod ((g - b) / delta) 6)
else if max == g then
60 * (((b - r) / delta) + 2)
else if max == b then
60 * (((r - g) / delta) + 4)
else
0;
l = (max + min) / 2;
s = if delta == 0 then
0
else
100 * delta / (100 - lib.max (2 * l - 100) (100 - (2 * l)));
roundToString = value: toString (builtins.floor (value + 0.5));
in lib.concatMapStringsSep " " roundToString [ h s l ];
rgb-to-hsl = color: let
r = ((lib.toInt config.lib.stylix.colors."${color}-rgb-r") * 100.0) / 255;
g = ((lib.toInt config.lib.stylix.colors."${color}-rgb-g") * 100.0) / 255;
b = ((lib.toInt config.lib.stylix.colors."${color}-rgb-b") * 100.0) / 255;
max = lib.max r (lib.max g b);
min = lib.min r (lib.min g b);
delta = max - min;
fmod = base: int: base - (int * builtins.floor (base / int));
h =
if delta == 0
then 0
else if max == r
then 60 * (fmod ((g - b) / delta) 6)
else if max == g
then 60 * (((b - r) / delta) + 2)
else if max == b
then 60 * (((r - g) / delta) + 4)
else 0;
l = (max + min) / 2;
s =
if delta == 0
then 0
else 100 * delta / (100 - lib.max (2 * l - 100) (100 - (2 * l)));
roundToString = value: toString (builtins.floor (value + 0.5));
in
lib.concatMapStringsSep " " roundToString [h s l];
in {
services = {
glance = {
enable = true;
settings = {
theme = {
# primary-color = rgb-to-hsl "base0D";
contrast-multiplier = lib.mkForce 1.4;
};
pages = [{
hide-desktop-navigation = true;
columns = [
{
size = "small";
widgets = [
{
type = "clock";
hour-format = "24h";
}
{
type = "weather";
location = "Paris, France";
}
{
type = "markets";
markets = [
{
symbol = "BTC-USD";
name = "Bitcoin";
chart-link =
"https://www.tradingview.com/chart/?symbol=INDEX:BTCUSD";
}
{
symbol = "SOL-USD";
name = "Solana";
chart-link =
"https://www.tradingview.com/chart/?symbol=INDEX:SOLUSD";
}
{
symbol = "ETH-USD";
name = "Ethereum";
chart-link =
"https://www.tradingview.com/chart/?symbol=INDEX:ETHUSD";
}
];
}
{
type = "dns-stats";
service = "adguard";
url = "https://adguard.hadi.diy";
username = "hadi";
password = "\${secret:adguard-pwd}";
}
];
}
{
size = "full";
widgets = [
{
type = "search";
search-engine = "duckduckgo";
}
{
type = "bookmarks";
groups = [
{
title = "";
same-tab = true;
color = "200 50 50";
links = [
{
title = "ProtonMail";
url = "https://proton.me/mail";
}
{
title = "Github";
url = "https://github.com";
}
{
title = "Youtube";
url = "https://youtube.com";
}
{
title = "Figma";
url = "https://figma.com";
}
];
}
{
title = "Docs";
same-tab = true;
color = "200 50 50";
links = [
{
title = "Nixpkgs repo";
url = "https://github.com/NixOS/nixpkgs";
}
{
title = "Nixvim";
url = "https://nix-community.github.io/nixvim/";
}
{
title = "Hyprland wiki";
url = "https://wiki.hyprland.org/";
}
{
title = "Search NixOS";
url = "https://search-nixos.hadi.diy";
}
];
}
{
title = "Homelab";
same-tab = true;
color = "100 50 50";
links = [
{
title = "Router";
url = "http://192.168.1.254/";
}
{
title = "Cloudflare";
url = "https://dash.cloudflare.com/";
}
];
}
{
title = "Work";
same-tab = true;
color = "50 50 50";
links = [
{
title = "Outlook";
url = "https://outlook.office.com/";
}
{
title = "Teams";
url = "https://teams.microsoft.com/";
}
{
title = "Office";
url = "https://www.office.com/";
}
];
}
{
title = "Cyber";
same-tab = true;
color = rgb-to-hsl "base09";
links = [
{
title = "CyberChef";
url = "https://cyberchef.org/";
}
{
title = "TryHackMe";
url = "https://tryhackme.com/";
}
{
title = "RootMe";
url = "https://www.root-me.org/";
}
{
title = "Exploit-DB";
url = "https://www.exploit-db.com/";
}
{
title = "CrackStation";
url = "https://crackstation.net/";
}
];
}
{
title = "Misc";
same-tab = true;
color = rgb-to-hsl "base01";
links = [
{
title = "Svgl";
url = "https://svgl.app/";
}
{
title = "Excalidraw";
url = "https://excalidraw.com/";
}
{
title = "Cobalt (Downloader)";
url = "https://cobalt.tools/";
}
{
title = "Mazanoke (Image optimizer)";
url = "https://mazanoke.com/";
}
];
}
];
}
{
type = "server-stats";
servers = [{
type = "local";
name = "Jack";
}];
}
{
type = "group";
widgets = [
{
type = "monitor";
title = "Services";
cache = "1m";
sites = [
{
title = "Vaultwarden";
url = "https://vault.hadi.diy";
icon = "si:bitwarden";
}
{
title = "Nextcloud";
url = "https://cloud.hadi.diy";
icon = "si:nextcloud";
}
{
title = "Adguard";
url = "https://adguard.hadi.diy";
icon = "si:adguard";
}
{
title = "Hoarder";
url = "https://hoarder.hadi.diy";
icon = "si:bookstack";
}
{
title = "Mealie";
url = "https://mealie.hadi.diy";
icon = "si:mealie";
}
];
}
{
type = "monitor";
title = "*arr";
cache = "1m";
sites = [
{
title = "Jellyfin";
url = "https://jellyfin.hadi.diy";
icon = "si:jellyfin";
}
{
title = "Jellyseerr";
url = "https://jellyseerr.hadi.diy";
icon = "si:odysee";
}
{
title = "Radarr";
url = "https://radarr.hadi.diy";
icon = "si:radarr";
}
{
title = "Sonarr";
url = "https://sonarr.hadi.diy";
icon = "si:sonarr";
}
{
title = "Prowlarr";
url = "https://prowlarr.hadi.diy";
icon = "si:podcastindex";
}
{
title = "SABnzbd";
url = "https://sabnzbd.hadi.diy";
icon = "si:sabanci";
}
{
title = "Transmission";
url = "https://transmission.hadi.diy";
icon = "si:transmission";
}
];
}
];
}
];
}
];
name = "Home";
}];
server = { port = 5678; };
pages = [
{
hide-desktop-navigation = true;
columns = [
{
size = "small";
widgets = [
{
type = "clock";
hour-format = "24h";
}
{
type = "weather";
location = "Paris, France";
}
{
type = "markets";
markets = [
{
symbol = "BTC-USD";
name = "Bitcoin";
chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:BTCUSD";
}
{
symbol = "SOL-USD";
name = "Solana";
chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:SOLUSD";
}
{
symbol = "ETH-USD";
name = "Ethereum";
chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:ETHUSD";
}
];
}
{
type = "dns-stats";
service = "adguard";
url = "https://adguard.hadi.diy";
username = "hadi";
password = "\${secret:adguard-pwd}";
}
];
}
{
size = "full";
widgets = [
{
type = "search";
search-engine = "duckduckgo";
}
{
type = "bookmarks";
groups = [
{
title = "";
same-tab = true;
color = "200 50 50";
links = [
{
title = "ProtonMail";
url = "https://proton.me/mail";
}
{
title = "Github";
url = "https://github.com";
}
{
title = "Youtube";
url = "https://youtube.com";
}
{
title = "Figma";
url = "https://figma.com";
}
];
}
{
title = "Docs";
same-tab = true;
color = "200 50 50";
links = [
{
title = "Nixpkgs repo";
url = "https://github.com/NixOS/nixpkgs";
}
{
title = "Nixvim";
url = "https://nix-community.github.io/nixvim/";
}
{
title = "Hyprland wiki";
url = "https://wiki.hyprland.org/";
}
{
title = "Search NixOS";
url = "https://search-nixos.hadi.diy";
}
];
}
{
title = "Homelab";
same-tab = true;
color = "100 50 50";
links = [
{
title = "Router";
url = "http://192.168.1.254/";
}
{
title = "Cloudflare";
url = "https://dash.cloudflare.com/";
}
];
}
{
title = "Work";
same-tab = true;
color = "50 50 50";
links = [
{
title = "Outlook";
url = "https://outlook.office.com/";
}
{
title = "Teams";
url = "https://teams.microsoft.com/";
}
{
title = "Office";
url = "https://www.office.com/";
}
];
}
{
title = "Cyber";
same-tab = true;
color = rgb-to-hsl "base09";
links = [
{
title = "CyberChef";
url = "https://cyberchef.org/";
}
{
title = "TryHackMe";
url = "https://tryhackme.com/";
}
{
title = "RootMe";
url = "https://www.root-me.org/";
}
{
title = "Exploit-DB";
url = "https://www.exploit-db.com/";
}
{
title = "CrackStation";
url = "https://crackstation.net/";
}
];
}
{
title = "Misc";
same-tab = true;
color = rgb-to-hsl "base01";
links = [
{
title = "Svgl";
url = "https://svgl.app/";
}
{
title = "Excalidraw";
url = "https://excalidraw.com/";
}
{
title = "Cobalt (Downloader)";
url = "https://cobalt.tools/";
}
{
title = "Mazanoke (Image optimizer)";
url = "https://mazanoke.com/";
}
];
}
];
}
{
type = "server-stats";
servers = [
{
type = "local";
name = "Jack";
}
];
}
{
type = "group";
widgets = [
{
type = "monitor";
title = "Services";
cache = "1m";
sites = [
{
title = "Vaultwarden";
url = "https://vault.hadi.diy";
icon = "si:bitwarden";
}
{
title = "Nextcloud";
url = "https://cloud.hadi.diy";
icon = "si:nextcloud";
}
{
title = "Adguard";
url = "https://adguard.hadi.diy";
icon = "si:adguard";
}
{
title = "Mealie";
url = "https://mealie.hadi.diy";
icon = "si:mealie";
}
];
}
{
type = "monitor";
title = "*arr";
cache = "1m";
sites = [
{
title = "Jellyfin";
url = "https://jellyfin.hadi.diy";
icon = "si:jellyfin";
}
{
title = "Jellyseerr";
url = "https://jellyseerr.hadi.diy";
icon = "si:odysee";
}
{
title = "Radarr";
url = "https://radarr.hadi.diy";
icon = "si:radarr";
}
{
title = "Sonarr";
url = "https://sonarr.hadi.diy";
icon = "si:sonarr";
}
{
title = "Prowlarr";
url = "https://prowlarr.hadi.diy";
icon = "si:podcastindex";
}
{
title = "Transmission";
url = "https://transmission.hadi.diy";
icon = "si:transmission";
}
];
}
];
}
];
}
];
name = "Home";
}
];
server = {port = 5678;};
};
};
nginx.virtualHosts."${domain}" = {
@@ -325,8 +318,8 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${
toString config.services.glance.settings.server.port
}";
toString config.services.glance.settings.server.port
}";
};
};
};

88
server-modules/headscale.nix
View File

@@ -1,88 +0,0 @@
{ config, pkgs, ... }:
let
derpPort = 3478;
domain = "hadi.diy";
headscale-ui-src = pkgs.fetchFromGitHub {
owner = "gurucomputing";
repo = "headscale-ui";
rev = "63041fd673d81da56e60d2b528a4991981eab746";
sha256 = "pz7oDRfBf/dN+PMEqbMe+es6deQ4QP3pC191ASlyV7U=";
};
headscale-ui = pkgs.buildNpmPackage {
pname = "headscale-ui";
version = "0.0.1";
src = headscale-ui-src;
npmDepsHash = "MePNbOPSe5wB8/6T3DLs+4+Qlr8f+7cCPs301il7iX8=";
buildPhase = ''
runHook preBuild
mkdir -p $out
npm run build
runHook postBuild
'';
installPhase = ''
mv ./build $out/dist
'';
makeCacheWritable = true;
dontFixup = true;
dontNpmBuild = true;
};
in {
services = {
headscale = {
enable = true;
port = 8085;
address = "127.0.0.1";
settings = {
dns = {
override_local_dns = true;
base_domain = "ts.${domain}";
magic_dns = true;
nameservers.global = [ "9.9.9.9" ];
# extra_records = [{
# name = "merope.${domain}";
# type = "A";
# value = "100.77.0.5";
# }];
};
server_url = "https://tailscale.${domain}";
metrics_listen_addr = "127.0.0.1:8095";
logtail = { enabled = false; };
log = { level = "warn"; };
ip_prefixes = [ "100.77.0.0/24" "fd7a:115c:a1e0:77::/64" ];
derp.server = {
enable = true;
region_id = 999;
stun_listen_addr = "0.0.0.0:${toString derpPort}";
};
};
};
nginx.virtualHosts = {
"tailscale.${domain}" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations = {
"/" = {
proxyPass =
"http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
"/metrics" = {
proxyPass =
"http://${config.services.headscale.settings.metrics_listen_addr}/metrics";
};
"/web" = {
root = "${headscale-ui}/dist";
index = "index.html";
tryFiles = [ "$uri" "/index.html" ];
};
};
};
};
};
# Derp server
networking.firewall.allowedUDPPorts = [ derpPort ];
environment.systemPackages = [ config.services.headscale.package ];
}

50
server-modules/hoarder.nix
View File

@@ -1,50 +0,0 @@
{ config, ... }:
let domain = "hoarder.hadi.diy";
in {
systemd.tmpfiles.rules = [
"d /var/lib/hoarder/web 0755 root root -"
"d /var/lib/hoarder/meili 0755 root root -"
];
virtualisation.oci-containers.containers = {
hoarder-web = {
environmentFiles = [ config.sops.secrets.hoarder.path ];
image = "ghcr.io/hoarder-app/hoarder:release";
volumes = [ "/var/lib/hoarder/web:/data" ];
ports = [ "127.0.0.1:3131:3000" ];
environment = {
HOARDER_VERSION = "release";
NEXTAUTH_URL = "https://" + domain;
DATA_DIR = "/data";
MEILI_ADDR = "http://hoarder-meili:7700";
BROWSER_WEB_URL = "http://hoarder-browser:9222";
DISABLE_SIGNUPS = "false";
};
};
hoarder-meili = {
environmentFiles = [ config.sops.secrets.hoarder.path ];
image = "getmeili/meilisearch:v1.11.1";
environment = { MEILI_NO_ANALYTICS = "true"; };
volumes = [ "/var/lib/hoarder/meili:/meili_data" ];
};
hoarder-browser = {
image = "gcr.io/zenika-hub/alpine-chrome:123";
#pull = "newer";
cmd = [
"--no-sandbox"
"--disable-gpu"
"--disable-dev-shm-usage"
"--remote-debugging-address=0.0.0.0"
"--remote-debugging-port=9222"
"--hide-scrollbars"
];
};
};
services.nginx.virtualHosts."${domain}" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:3131"; };
};
}

5
server-modules/mealie.nix
View File

@@ -1,5 +1,6 @@
{ config, ... }:
let domain = "mealie.hadi.diy";
# Mealie is a recipe management and meal planning application.
{config, ...}: let
domain = "mealie.hadi.diy";
in {
services = {
mealie = {

19
server-modules/meilisearch.nix
View File

@@ -1,19 +0,0 @@
{ config, ... }:
let domain = "meilisearch.hadi.diy";
in {
services = {
meilisearch = {
enable = true;
listenPort = 7700;
# masterKeyEnvironmentFile= "";
};
nginx.virtualHosts."${domain}" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.meilisearch.listenPort}";
};
};
};
}

43
server-modules/nextcloud.nix
View File

@@ -1,5 +1,11 @@
{ pkgs, config, ... }:
let domain = "cloud.hadi.diy";
# Nextcloud is a self-hosted productivity platform that allows you to store and share files, manage calendars, contacts, and more.
{
pkgs,
config,
...
}: let
domain = "cloud.hadi.diy";
adminuser = "hadi";
in {
services = {
nginx.virtualHosts = {
@@ -19,32 +25,33 @@ in {
https = true;
autoUpdateApps.enable = true;
settings = {
trusted_domains = [ domain ];
trusted_domains = [domain];
default_phone_region = "FR";
overwriteprotocol = "https";
};
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
# List of apps we want to install and are already packaged in
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
# inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi;
inherit cookbook;
# Custom app example.
# socialsharing_telegram = pkgs.fetchNextcloudApp rec {
# url =
# "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
# license = "agpl3";
# sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
# };
};
# extraApps = with config.services.nextcloud.package.packages.apps; {
# List of apps we want to install and are already packaged in
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
# inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi;
# inherit cookbook;
# Custom app example.
# socialsharing_telegram = pkgs.fetchNextcloudApp rec {
# url =
# "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
# license = "agpl3";
# sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
# };
# };
config = {
dbtype = "pgsql";
adminuser = "hadi";
adminuser = adminuser;
adminpassFile = config.sops.secrets.nextcloud-pwd.path;
};
# Suggested by Nextcloud's health check.
phpOptions."opcache.interned_strings_buffer" = "16";
};
};
sops.secrets.nextcloud-pwd.path = "/etc/nextcloud/pwd.txt";
}

69
server-modules/nginx.nix
View File

@@ -1,38 +1,45 @@
{ config, ... }: {
services.nginx = { enable = true; };
# Nginx is a web server that can also be used as a reverse proxy, load balancer, and HTTP cache.
{config, ...}: let
domain = "hadi.diy";
in {
security.acme = {
acceptTerms = true;
defaults.email = config.var.git.email;
};
security.acme.certs."hadi.diy" = {
domain = "hadi.diy";
extraDomainNames = [ "*.hadi.diy" ];
group = "nginx";
dnsProvider = "cloudflare";
dnsPropagationCheck = true;
credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
};
services.nginx.virtualHosts = {
"default" = {
default = true;
locations."/" = { return = 444; };
};
"*.hadi.diy" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = { return = 444; };
};
"aaaaaa.hadi.diy" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = { return = 444; };
certs."${domain}" = {
domain = "${domain}";
extraDomainNames = ["*.${domain}"];
group = "nginx";
dnsProvider = "cloudflare";
dnsPropagationCheck = true;
credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
# Return 444 for all requests not matching a used subdomain.
services.nginx = {
enable = true;
virtualHosts = {
"default" = {
default = true;
locations."/" = {return = 444;};
};
"*.${domain}" = {
useACMEHost = domain;
forceSSL = true;
locations."/" = {return = 444;};
};
"aaaaaa.${domain}" = {
useACMEHost = domain;
forceSSL = true;
locations."/" = {return = 444;};
};
};
};
networking.firewall = {
allowedTCPPorts = [80 443];
allowedUDPPorts = [80 443];
};
sops.secrets.cloudflare-dns-token = {path = "/etc/cloudflare/dnskey.txt";};
}

11
server-modules/search-nixos-api.nix
View File

@@ -1,15 +1,16 @@
{ config, ... }:
let domain = "search-nixos-api.hadi.diy";
# Custom NixOS module for the Search NixOS API service
# Check https://search-nixos.hadi.diy
{config, ...}: let
domain = "search-nixos-api.hadi.diy";
in {
services = {
search-nixos-api = { enable = true; };
search-nixos-api = {enable = true;};
nginx.virtualHosts."${domain}" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.search-nixos-api.port}/";
proxyPass = "http://127.0.0.1:${toString config.services.search-nixos-api.port}/";
};
};
};

12
server-modules/ssh.nix
View File

@@ -1,16 +1,20 @@
{ config, ... }: {
# SSH configuration
{config, ...}: let
username = config.var.username;
in {
services.openssh = {
enable = true;
ports = [ 22 ];
ports = [22];
openFirewall = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
AllowUsers = [ config.var.username ];
AllowUsers = [username];
};
};
users.users."${config.var.username}" = {
# Add my public SSH key to my user
users.users."${username}" = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPG9SE80ZyBcXZK/f5ypSKudaM5Jo3XtQikCnGo0jI5E hadi@nixy"
];

35
themes/nixy.nix
View File

@@ -1,5 +1,9 @@
{ lib, pkgs, config, ... }: {
{
lib,
pkgs,
config,
...
}: {
options.theme = lib.mkOption {
type = lib.types.attrs;
default = {
@@ -15,7 +19,8 @@
textColorOnWallpaper =
config.lib.stylix.colors.base01; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
bar = { # Hyprpanel
bar = {
# Hyprpanel
position = "top"; # "top" | "bottom"
transparent = true;
transparentButtons = false;
@@ -31,28 +36,21 @@
# See https://tinted-theming.github.io/tinted-gallery/ for more schemes
base16Scheme = {
base00 = "09090B"; # Default Background
base01 =
"1c1e1f"; # Lighter Background (Used for status bars, line number and folding marks)
base01 = "1c1e1f"; # Lighter Background (Used for status bars, line number and folding marks)
base02 = "313244"; # Selection Background
base03 = "45475a"; # Comments, Invisibles, Line Highlighting
base04 = "585b70"; # Dark Foreground (Used for status bars)
base05 = "cdd6f4"; # Default Foreground, Caret, Delimiters, Operators
base06 = "f5e0dc"; # Light Foreground (Not often used)
base07 = "b4befe"; # Light Background (Not often used)
base08 =
"f38ba8"; # Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted
base09 =
"fab387"; # Integers, Boolean, Constants, XML Attributes, Markup Link Url
base08 = "f38ba8"; # Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted
base09 = "fab387"; # Integers, Boolean, Constants, XML Attributes, Markup Link Url
base0A = "f9e2af"; # Classes, Markup Bold, Search Text Background
base0B = "a6e3a1"; # Strings, Inherited Class, Markup Code, Diff Inserted
base0C =
"94e2d5"; # Support, Regular Expressions, Escape Characters, Markup Quotes
base0D =
"c5afd4"; # Functions, Methods, Attribute IDs, Headings, Accent color
base0E =
"cba6f7"; # Keywords, Storage, Selector, Markup Italic, Diff Changed
base0F =
"f2cdcd"; # Deprecated, Opening/Closing Embedded Language Tags, e.g. <?php ?>
base0C = "94e2d5"; # Support, Regular Expressions, Escape Characters, Markup Quotes
base0D = "c5afd4"; # Functions, Methods, Attribute IDs, Headings, Accent color
base0E = "cba6f7"; # Keywords, Storage, Selector, Markup Italic, Diff Changed
base0F = "f2cdcd"; # Deprecated, Opening/Closing Embedded Language Tags, e.g. <?php ?>
};
cursor = {
@@ -85,8 +83,7 @@
polarity = "dark";
image = pkgs.fetchurl {
url =
"https://raw.githubusercontent.com/anotherhadi/awesome-wallpapers/refs/heads/main/app/static/wallpapers/black-and-white-forest_minimalist_black-and-white.png";
url = "https://raw.githubusercontent.com/anotherhadi/awesome-wallpapers/refs/heads/main/app/static/wallpapers/black-and-white-forest_minimalist_black-and-white.png";
sha256 = "sha256-MOlLRQonZ6UAaSJlysjL8snxnMrSFH9VOLrjXaU82Kw=";
};
};