diff --git a/flake.nix b/flake.nix index ae0228e..fc74782 100644 --- a/flake.nix +++ b/flake.nix @@ -16,16 +16,11 @@ nixcord.url = "github:kaylorben/nixcord"; sops-nix.url = "github:Mic92/sops-nix"; nixarr.url = "github:rasmus-kirk/nixarr"; - anyrun.url = "github:fufexan/anyrun/launch-prefix"; nvf.url = "github:notashelf/nvf"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixvim = { - url = "github:nix-community/nixvim"; - inputs.nixpkgs.follows = "nixpkgs"; - }; spicetify-nix = { url = "github:Gerg-L/spicetify-nix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/laptop/secrets/default.nix b/hosts/laptop/secrets/default.nix index a6f53d2..ba5746a 100644 --- a/hosts/laptop/secrets/default.nix +++ b/hosts/laptop/secrets/default.nix @@ -1,19 +1,23 @@ # Those are my secrets, encrypted with sops # You shouldn't import this file, unless you edit it -{ pkgs, inputs, ... }: { - imports = [ inputs.sops-nix.homeManagerModules.sops ]; +{ + pkgs, + inputs, + ... +}: { + imports = [inputs.sops-nix.homeManagerModules.sops]; sops = { age.keyFile = "/home/hadi/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; secrets = { - sshconfig = { path = "/home/hadi/.ssh/config"; }; - github-key = { path = "/home/hadi/.ssh/github"; }; - gitlab-key = { path = "/home/hadi/.ssh/gitlab"; }; - jack-key = { path = "/home/hadi/.ssh/jack"; }; - signing-key = { path = "/home/hadi/.ssh/key"; }; - signing-pub-key = { path = "/home/hadi/.ssh/key.pub"; }; - pia = { path = "/home/hadi/.config/pia/pia.ovpn"; }; + sshconfig = {path = "/home/hadi/.ssh/config";}; + github-key = {path = "/home/hadi/.ssh/github";}; + gitlab-key = {path = "/home/hadi/.ssh/gitlab";}; + jack-key = {path = "/home/hadi/.ssh/jack";}; + signing-key = {path = "/home/hadi/.ssh/key";}; + signing-pub-key = {path = "/home/hadi/.ssh/key.pub";}; + pia = {path = "/home/hadi/.config/pia/pia.ovpn";}; }; }; @@ -31,9 +35,8 @@ - *primary ''; - systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; - home.packages = with pkgs; [ sops age ]; + systemd.user.services.mbsync.Unit.After = ["sops-nix.service"]; + home.packages = with pkgs; [sops age]; - wayland.windowManager.hyprland.settings.exec-once = - [ "systemctl --user start sops-nix" ]; + wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"]; } diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 13d5638..f8c31be 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -1,5 +1,6 @@ {config, ...}: { imports = [ + # NixOS module ../../nixos/home-manager.nix ../../nixos/nix.nix ../../nixos/systemd-boot.nix @@ -8,6 +9,7 @@ ../../nixos/docker.nix ../../nixos/tailscale.nix + # NixOS server modules ../../server-modules/ssh.nix ../../server-modules/bitwarden.nix ../../server-modules/firewall.nix @@ -15,12 +17,9 @@ ../../server-modules/nextcloud.nix ../../server-modules/glance.nix ../../server-modules/adguardhome.nix - ../../server-modules/hoarder.nix ../../server-modules/arr.nix ../../server-modules/mealie.nix - # ../../server-modules/meilisearch.nix ../../server-modules/search-nixos-api.nix - # ../../server-modules/headscale.nix # You should let those lines as is ./hardware-configuration.nix diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix index 4b464bf..bae6b63 100644 --- a/hosts/server/hardware-configuration.nix +++ b/hosts/server/hardware-configuration.nix @@ -1,13 +1,18 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = ["dm-snapshot"]; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; fileSystems."/" = { device = "/dev/disk/by-uuid/350cf109-5380-4982-8a9e-279a9275ee18"; fsType = "ext4"; @@ -15,9 +20,9 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/DD15-1125"; fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; + options = ["fmask=0077" "dmask=0077"]; }; - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction diff --git a/hosts/server/home.nix b/hosts/server/home.nix index 6dee44d..307bf37 100644 --- a/hosts/server/home.nix +++ b/hosts/server/home.nix @@ -1,5 +1,8 @@ -{ pkgs, config, ... }: { - +{ + pkgs, + config, + ... +}: { imports = [ # Mostly user-specific configuration ./variables.nix diff --git a/hosts/server/secrets/default.nix b/hosts/server/secrets/default.nix index 1cd6ac1..a571e26 100644 --- a/hosts/server/secrets/default.nix +++ b/hosts/server/secrets/default.nix @@ -23,10 +23,6 @@ path = "/home/hadi/.ssh/key.pub"; mode = "0600"; }; - cloudflare-dns-token = {path = "/etc/cloudflare/dnskey.txt";}; - nextcloud-pwd = {path = "/etc/nextcloud/pwd.txt";}; - adguard-pwd = {}; - hoarder = {}; }; }; diff --git a/hosts/server/variables.nix b/hosts/server/variables.nix index 802d9f2..f72458d 100644 --- a/hosts/server/variables.nix +++ b/hosts/server/variables.nix @@ -1,4 +1,8 @@ -{ config, lib, ... }: { +{ + config, + lib, + ... +}: { imports = [ # Choose your theme here: ../../themes/nixy.nix @@ -7,7 +11,9 @@ config.var = { hostname = "jack"; username = "hadi"; - configDirectory = "/home/" + config.var.username + configDirectory = + "/home/" + + config.var.username + "/.config/nixos"; # The path of the nixos configuration directory keyboardLayout = "fr"; @@ -30,7 +36,7 @@ options = { var = lib.mkOption { type = lib.types.attrs; - default = { }; + default = {}; }; }; } diff --git a/nixos/audio.nix b/nixos/audio.nix index d54b0ef..1e87bef 100644 --- a/nixos/audio.nix +++ b/nixos/audio.nix @@ -1,3 +1,4 @@ +# Audio configuration for NixOS using PipeWire { security.rtkit.enable = true; services.pulseaudio.enable = false; diff --git a/nixos/bluetooth.nix b/nixos/bluetooth.nix index 67dd8ed..2ee6bfa 100644 --- a/nixos/bluetooth.nix +++ b/nixos/bluetooth.nix @@ -1,3 +1,4 @@ +# Bluetooth configuration for NixOS {pkgs, ...}: { environment.systemPackages = with pkgs; [blueman]; hardware.bluetooth = { diff --git a/nixos/docker.nix b/nixos/docker.nix index bea0536..288c25a 100644 --- a/nixos/docker.nix +++ b/nixos/docker.nix @@ -1,3 +1,4 @@ +# Docker is a containerization platform that allows you to run applications in isolated environments called containers. {config, ...}: { virtualisation.docker.enable = true; users.users."${config.var.username}".extraGroups = ["docker"]; diff --git a/nixos/fonts.nix b/nixos/fonts.nix index 4e7e18c..f10b495 100644 --- a/nixos/fonts.nix +++ b/nixos/fonts.nix @@ -1,3 +1,4 @@ +# Fonts configuration for NixOS {pkgs, ...}: { fonts = { packages = with pkgs; [ diff --git a/nixos/home-manager.nix b/nixos/home-manager.nix index cb94fa2..7913cc0 100644 --- a/nixos/home-manager.nix +++ b/nixos/home-manager.nix @@ -1,3 +1,4 @@ +# Home-manager configuration for NixOS {inputs, ...}: { home-manager = { useGlobalPkgs = true; diff --git a/nixos/hyprland.nix b/nixos/hyprland.nix index 718408e..73f570c 100644 --- a/nixos/hyprland.nix +++ b/nixos/hyprland.nix @@ -1,3 +1,4 @@ +# Hyprland is a dynamic tiling Wayland compositor. { inputs, pkgs, diff --git a/nixos/nix.nix b/nixos/nix.nix index 3aa8930..038175d 100644 --- a/nixos/nix.nix +++ b/nixos/nix.nix @@ -1,3 +1,4 @@ +# Nix configuration for NixOS { config, inputs, diff --git a/nixos/nvidia.nix b/nixos/nvidia.nix index 67b7901..e14e658 100644 --- a/nixos/nvidia.nix +++ b/nixos/nvidia.nix @@ -1,3 +1,5 @@ +# Nvidia configuration for NixOS with Wayland and Hyprland support +# Import this module only if you have an Nvidia GPU { pkgs, config, diff --git a/nixos/omen.nix b/nixos/omen.nix index fb2c0b0..794f8b6 100644 --- a/nixos/omen.nix +++ b/nixos/omen.nix @@ -1,3 +1,5 @@ +# Omen laptop configuration for NixOS +# Import this only if you have an HP Omen laptop { config, pkgs, diff --git a/nixos/systemd-boot.nix b/nixos/systemd-boot.nix index 18a4d0f..7cd57b0 100644 --- a/nixos/systemd-boot.nix +++ b/nixos/systemd-boot.nix @@ -1,3 +1,4 @@ +# Systemd-boot configuration for NixOS {pkgs, ...}: { boot = { bootspec.enable = true; diff --git a/nixos/users.nix b/nixos/users.nix index 7733b61..25a7a01 100644 --- a/nixos/users.nix +++ b/nixos/users.nix @@ -1,3 +1,4 @@ +# Users configuration for NixOS { config, pkgs, diff --git a/nixos/utils.nix b/nixos/utils.nix index ef2865b..09b7397 100644 --- a/nixos/utils.nix +++ b/nixos/utils.nix @@ -1,3 +1,4 @@ +# Misc { pkgs, config, diff --git a/server-modules/arr.nix b/server-modules/arr.nix index e8a312f..85be86c 100644 --- a/server-modules/arr.nix +++ b/server-modules/arr.nix @@ -1,3 +1,6 @@ +# *arr is a collection of media management applications. +# See https://github.com/rasmus-kirk/nixarr +# Setup guide: https://nixarr.com/wiki/setup/ {config, ...}: let domain = "hadi.diy"; mkVirtualHost = port: { @@ -5,10 +8,10 @@ forceSSL = true; locations."/" = {proxyPass = "http://127.0.0.1:${toString port}";}; }; - my-username = config.var.username; + username = config.var.username; in { # Add my user to the media group - users.users."${my-username}".extraGroups = ["media"]; + users.users."${username}".extraGroups = ["media"]; # Add my secrets sops.secrets = { diff --git a/server-modules/glance.nix b/server-modules/glance.nix index 606c010..85c435e 100644 --- a/server-modules/glance.nix +++ b/server-modules/glance.nix @@ -1,323 +1,316 @@ -{ config, lib, ... }: -let +# Glance is a self-hosted homepage/dashboard service. +{ + config, + lib, + ... +}: let domain = "start.hadi.diy"; - rgb-to-hsl = color: - let - r = ((lib.toInt config.lib.stylix.colors."${color}-rgb-r") * 100.0) / 255; - g = ((lib.toInt config.lib.stylix.colors."${color}-rgb-g") * 100.0) / 255; - b = ((lib.toInt config.lib.stylix.colors."${color}-rgb-b") * 100.0) / 255; - max = lib.max r (lib.max g b); - min = lib.min r (lib.min g b); - delta = max - min; - fmod = base: int: base - (int * builtins.floor (base / int)); - h = if delta == 0 then - 0 - else if max == r then - 60 * (fmod ((g - b) / delta) 6) - else if max == g then - 60 * (((b - r) / delta) + 2) - else if max == b then - 60 * (((r - g) / delta) + 4) - else - 0; - l = (max + min) / 2; - s = if delta == 0 then - 0 - else - 100 * delta / (100 - lib.max (2 * l - 100) (100 - (2 * l))); - roundToString = value: toString (builtins.floor (value + 0.5)); - in lib.concatMapStringsSep " " roundToString [ h s l ]; + rgb-to-hsl = color: let + r = ((lib.toInt config.lib.stylix.colors."${color}-rgb-r") * 100.0) / 255; + g = ((lib.toInt config.lib.stylix.colors."${color}-rgb-g") * 100.0) / 255; + b = ((lib.toInt config.lib.stylix.colors."${color}-rgb-b") * 100.0) / 255; + max = lib.max r (lib.max g b); + min = lib.min r (lib.min g b); + delta = max - min; + fmod = base: int: base - (int * builtins.floor (base / int)); + h = + if delta == 0 + then 0 + else if max == r + then 60 * (fmod ((g - b) / delta) 6) + else if max == g + then 60 * (((b - r) / delta) + 2) + else if max == b + then 60 * (((r - g) / delta) + 4) + else 0; + l = (max + min) / 2; + s = + if delta == 0 + then 0 + else 100 * delta / (100 - lib.max (2 * l - 100) (100 - (2 * l))); + roundToString = value: toString (builtins.floor (value + 0.5)); + in + lib.concatMapStringsSep " " roundToString [h s l]; in { services = { glance = { enable = true; settings = { theme = { - # primary-color = rgb-to-hsl "base0D"; contrast-multiplier = lib.mkForce 1.4; }; - pages = [{ - hide-desktop-navigation = true; - columns = [ - { - size = "small"; - widgets = [ - { - type = "clock"; - hour-format = "24h"; - } - { - type = "weather"; - location = "Paris, France"; - } - { - type = "markets"; - markets = [ - { - symbol = "BTC-USD"; - name = "Bitcoin"; - chart-link = - "https://www.tradingview.com/chart/?symbol=INDEX:BTCUSD"; - } - { - symbol = "SOL-USD"; - name = "Solana"; - chart-link = - "https://www.tradingview.com/chart/?symbol=INDEX:SOLUSD"; - } - { - symbol = "ETH-USD"; - name = "Ethereum"; - chart-link = - "https://www.tradingview.com/chart/?symbol=INDEX:ETHUSD"; - } - ]; - } - { - type = "dns-stats"; - service = "adguard"; - url = "https://adguard.hadi.diy"; - username = "hadi"; - password = "\${secret:adguard-pwd}"; - } - ]; - } - { - size = "full"; - widgets = [ - { - type = "search"; - search-engine = "duckduckgo"; - } - { - type = "bookmarks"; - groups = [ - { - title = ""; - same-tab = true; - color = "200 50 50"; - links = [ - { - title = "ProtonMail"; - url = "https://proton.me/mail"; - } - { - title = "Github"; - url = "https://github.com"; - } - { - title = "Youtube"; - url = "https://youtube.com"; - } - { - title = "Figma"; - url = "https://figma.com"; - } - ]; - } - { - title = "Docs"; - same-tab = true; - color = "200 50 50"; - links = [ - { - title = "Nixpkgs repo"; - url = "https://github.com/NixOS/nixpkgs"; - } - { - title = "Nixvim"; - url = "https://nix-community.github.io/nixvim/"; - } - { - title = "Hyprland wiki"; - url = "https://wiki.hyprland.org/"; - } - { - title = "Search NixOS"; - url = "https://search-nixos.hadi.diy"; - } - ]; - } - { - title = "Homelab"; - same-tab = true; - color = "100 50 50"; - links = [ - { - title = "Router"; - url = "http://192.168.1.254/"; - } - { - title = "Cloudflare"; - url = "https://dash.cloudflare.com/"; - } - ]; - } - { - title = "Work"; - same-tab = true; - color = "50 50 50"; - links = [ - { - title = "Outlook"; - url = "https://outlook.office.com/"; - } - { - title = "Teams"; - url = "https://teams.microsoft.com/"; - } - { - title = "Office"; - url = "https://www.office.com/"; - } - ]; - } - { - title = "Cyber"; - same-tab = true; - color = rgb-to-hsl "base09"; - links = [ - { - title = "CyberChef"; - url = "https://cyberchef.org/"; - } - { - title = "TryHackMe"; - url = "https://tryhackme.com/"; - } - { - title = "RootMe"; - url = "https://www.root-me.org/"; - } - { - title = "Exploit-DB"; - url = "https://www.exploit-db.com/"; - } - { - title = "CrackStation"; - url = "https://crackstation.net/"; - } - ]; - } - { - title = "Misc"; - same-tab = true; - color = rgb-to-hsl "base01"; - links = [ - { - title = "Svgl"; - url = "https://svgl.app/"; - } - { - title = "Excalidraw"; - url = "https://excalidraw.com/"; - } - { - title = "Cobalt (Downloader)"; - url = "https://cobalt.tools/"; - } - { - title = "Mazanoke (Image optimizer)"; - url = "https://mazanoke.com/"; - } - ]; - } - - ]; - } - { - type = "server-stats"; - servers = [{ - type = "local"; - name = "Jack"; - }]; - } - { - type = "group"; - widgets = [ - { - type = "monitor"; - title = "Services"; - cache = "1m"; - sites = [ - { - title = "Vaultwarden"; - url = "https://vault.hadi.diy"; - icon = "si:bitwarden"; - } - { - title = "Nextcloud"; - url = "https://cloud.hadi.diy"; - icon = "si:nextcloud"; - } - { - title = "Adguard"; - url = "https://adguard.hadi.diy"; - icon = "si:adguard"; - } - { - title = "Hoarder"; - url = "https://hoarder.hadi.diy"; - icon = "si:bookstack"; - } - { - title = "Mealie"; - url = "https://mealie.hadi.diy"; - icon = "si:mealie"; - } - ]; - } - { - type = "monitor"; - title = "*arr"; - cache = "1m"; - sites = [ - { - title = "Jellyfin"; - url = "https://jellyfin.hadi.diy"; - icon = "si:jellyfin"; - } - { - title = "Jellyseerr"; - url = "https://jellyseerr.hadi.diy"; - icon = "si:odysee"; - } - { - title = "Radarr"; - url = "https://radarr.hadi.diy"; - icon = "si:radarr"; - } - { - title = "Sonarr"; - url = "https://sonarr.hadi.diy"; - icon = "si:sonarr"; - } - { - title = "Prowlarr"; - url = "https://prowlarr.hadi.diy"; - icon = "si:podcastindex"; - } - { - title = "SABnzbd"; - url = "https://sabnzbd.hadi.diy"; - icon = "si:sabanci"; - } - { - title = "Transmission"; - url = "https://transmission.hadi.diy"; - icon = "si:transmission"; - } - ]; - } - ]; - } - ]; - } - ]; - name = "Home"; - }]; - server = { port = 5678; }; + pages = [ + { + hide-desktop-navigation = true; + columns = [ + { + size = "small"; + widgets = [ + { + type = "clock"; + hour-format = "24h"; + } + { + type = "weather"; + location = "Paris, France"; + } + { + type = "markets"; + markets = [ + { + symbol = "BTC-USD"; + name = "Bitcoin"; + chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:BTCUSD"; + } + { + symbol = "SOL-USD"; + name = "Solana"; + chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:SOLUSD"; + } + { + symbol = "ETH-USD"; + name = "Ethereum"; + chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:ETHUSD"; + } + ]; + } + { + type = "dns-stats"; + service = "adguard"; + url = "https://adguard.hadi.diy"; + username = "hadi"; + password = "\${secret:adguard-pwd}"; + } + ]; + } + { + size = "full"; + widgets = [ + { + type = "search"; + search-engine = "duckduckgo"; + } + { + type = "bookmarks"; + groups = [ + { + title = ""; + same-tab = true; + color = "200 50 50"; + links = [ + { + title = "ProtonMail"; + url = "https://proton.me/mail"; + } + { + title = "Github"; + url = "https://github.com"; + } + { + title = "Youtube"; + url = "https://youtube.com"; + } + { + title = "Figma"; + url = "https://figma.com"; + } + ]; + } + { + title = "Docs"; + same-tab = true; + color = "200 50 50"; + links = [ + { + title = "Nixpkgs repo"; + url = "https://github.com/NixOS/nixpkgs"; + } + { + title = "Nixvim"; + url = "https://nix-community.github.io/nixvim/"; + } + { + title = "Hyprland wiki"; + url = "https://wiki.hyprland.org/"; + } + { + title = "Search NixOS"; + url = "https://search-nixos.hadi.diy"; + } + ]; + } + { + title = "Homelab"; + same-tab = true; + color = "100 50 50"; + links = [ + { + title = "Router"; + url = "http://192.168.1.254/"; + } + { + title = "Cloudflare"; + url = "https://dash.cloudflare.com/"; + } + ]; + } + { + title = "Work"; + same-tab = true; + color = "50 50 50"; + links = [ + { + title = "Outlook"; + url = "https://outlook.office.com/"; + } + { + title = "Teams"; + url = "https://teams.microsoft.com/"; + } + { + title = "Office"; + url = "https://www.office.com/"; + } + ]; + } + { + title = "Cyber"; + same-tab = true; + color = rgb-to-hsl "base09"; + links = [ + { + title = "CyberChef"; + url = "https://cyberchef.org/"; + } + { + title = "TryHackMe"; + url = "https://tryhackme.com/"; + } + { + title = "RootMe"; + url = "https://www.root-me.org/"; + } + { + title = "Exploit-DB"; + url = "https://www.exploit-db.com/"; + } + { + title = "CrackStation"; + url = "https://crackstation.net/"; + } + ]; + } + { + title = "Misc"; + same-tab = true; + color = rgb-to-hsl "base01"; + links = [ + { + title = "Svgl"; + url = "https://svgl.app/"; + } + { + title = "Excalidraw"; + url = "https://excalidraw.com/"; + } + { + title = "Cobalt (Downloader)"; + url = "https://cobalt.tools/"; + } + { + title = "Mazanoke (Image optimizer)"; + url = "https://mazanoke.com/"; + } + ]; + } + ]; + } + { + type = "server-stats"; + servers = [ + { + type = "local"; + name = "Jack"; + } + ]; + } + { + type = "group"; + widgets = [ + { + type = "monitor"; + title = "Services"; + cache = "1m"; + sites = [ + { + title = "Vaultwarden"; + url = "https://vault.hadi.diy"; + icon = "si:bitwarden"; + } + { + title = "Nextcloud"; + url = "https://cloud.hadi.diy"; + icon = "si:nextcloud"; + } + { + title = "Adguard"; + url = "https://adguard.hadi.diy"; + icon = "si:adguard"; + } + { + title = "Mealie"; + url = "https://mealie.hadi.diy"; + icon = "si:mealie"; + } + ]; + } + { + type = "monitor"; + title = "*arr"; + cache = "1m"; + sites = [ + { + title = "Jellyfin"; + url = "https://jellyfin.hadi.diy"; + icon = "si:jellyfin"; + } + { + title = "Jellyseerr"; + url = "https://jellyseerr.hadi.diy"; + icon = "si:odysee"; + } + { + title = "Radarr"; + url = "https://radarr.hadi.diy"; + icon = "si:radarr"; + } + { + title = "Sonarr"; + url = "https://sonarr.hadi.diy"; + icon = "si:sonarr"; + } + { + title = "Prowlarr"; + url = "https://prowlarr.hadi.diy"; + icon = "si:podcastindex"; + } + { + title = "Transmission"; + url = "https://transmission.hadi.diy"; + icon = "si:transmission"; + } + ]; + } + ]; + } + ]; + } + ]; + name = "Home"; + } + ]; + server = {port = 5678;}; }; }; nginx.virtualHosts."${domain}" = { @@ -325,8 +318,8 @@ in { forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${ - toString config.services.glance.settings.server.port - }"; + toString config.services.glance.settings.server.port + }"; }; }; }; diff --git a/server-modules/headscale.nix b/server-modules/headscale.nix deleted file mode 100644 index b6fa0fa..0000000 --- a/server-modules/headscale.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ config, pkgs, ... }: -let - derpPort = 3478; - domain = "hadi.diy"; - headscale-ui-src = pkgs.fetchFromGitHub { - owner = "gurucomputing"; - repo = "headscale-ui"; - rev = "63041fd673d81da56e60d2b528a4991981eab746"; - sha256 = "pz7oDRfBf/dN+PMEqbMe+es6deQ4QP3pC191ASlyV7U="; - }; - headscale-ui = pkgs.buildNpmPackage { - pname = "headscale-ui"; - version = "0.0.1"; - src = headscale-ui-src; - npmDepsHash = "MePNbOPSe5wB8/6T3DLs+4+Qlr8f+7cCPs301il7iX8="; - buildPhase = '' - runHook preBuild - mkdir -p $out - npm run build - runHook postBuild - ''; - installPhase = '' - mv ./build $out/dist - ''; - makeCacheWritable = true; - dontFixup = true; - dontNpmBuild = true; - }; -in { - services = { - headscale = { - enable = true; - port = 8085; - address = "127.0.0.1"; - settings = { - dns = { - override_local_dns = true; - base_domain = "ts.${domain}"; - magic_dns = true; - nameservers.global = [ "9.9.9.9" ]; - # extra_records = [{ - # name = "merope.${domain}"; - # type = "A"; - # value = "100.77.0.5"; - # }]; - }; - server_url = "https://tailscale.${domain}"; - metrics_listen_addr = "127.0.0.1:8095"; - logtail = { enabled = false; }; - log = { level = "warn"; }; - ip_prefixes = [ "100.77.0.0/24" "fd7a:115c:a1e0:77::/64" ]; - derp.server = { - enable = true; - region_id = 999; - stun_listen_addr = "0.0.0.0:${toString derpPort}"; - }; - }; - }; - - nginx.virtualHosts = { - "tailscale.${domain}" = { - useACMEHost = "hadi.diy"; - forceSSL = true; - locations = { - "/" = { - proxyPass = - "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - "/metrics" = { - proxyPass = - "http://${config.services.headscale.settings.metrics_listen_addr}/metrics"; - }; - "/web" = { - root = "${headscale-ui}/dist"; - index = "index.html"; - tryFiles = [ "$uri" "/index.html" ]; - }; - }; - }; - }; - }; - - # Derp server - networking.firewall.allowedUDPPorts = [ derpPort ]; - - environment.systemPackages = [ config.services.headscale.package ]; -} diff --git a/server-modules/hoarder.nix b/server-modules/hoarder.nix deleted file mode 100644 index 48dca82..0000000 --- a/server-modules/hoarder.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, ... }: -let domain = "hoarder.hadi.diy"; -in { - systemd.tmpfiles.rules = [ - "d /var/lib/hoarder/web 0755 root root -" - "d /var/lib/hoarder/meili 0755 root root -" - ]; - - virtualisation.oci-containers.containers = { - hoarder-web = { - environmentFiles = [ config.sops.secrets.hoarder.path ]; - image = "ghcr.io/hoarder-app/hoarder:release"; - volumes = [ "/var/lib/hoarder/web:/data" ]; - ports = [ "127.0.0.1:3131:3000" ]; - environment = { - HOARDER_VERSION = "release"; - NEXTAUTH_URL = "https://" + domain; - DATA_DIR = "/data"; - MEILI_ADDR = "http://hoarder-meili:7700"; - BROWSER_WEB_URL = "http://hoarder-browser:9222"; - DISABLE_SIGNUPS = "false"; - }; - }; - - hoarder-meili = { - environmentFiles = [ config.sops.secrets.hoarder.path ]; - image = "getmeili/meilisearch:v1.11.1"; - environment = { MEILI_NO_ANALYTICS = "true"; }; - volumes = [ "/var/lib/hoarder/meili:/meili_data" ]; - }; - - hoarder-browser = { - image = "gcr.io/zenika-hub/alpine-chrome:123"; - #pull = "newer"; - cmd = [ - "--no-sandbox" - "--disable-gpu" - "--disable-dev-shm-usage" - "--remote-debugging-address=0.0.0.0" - "--remote-debugging-port=9222" - "--hide-scrollbars" - ]; - }; - }; - services.nginx.virtualHosts."${domain}" = { - useACMEHost = "hadi.diy"; - forceSSL = true; - locations."/" = { proxyPass = "http://127.0.0.1:3131"; }; - }; -} diff --git a/server-modules/mealie.nix b/server-modules/mealie.nix index db92d0b..78007f7 100644 --- a/server-modules/mealie.nix +++ b/server-modules/mealie.nix @@ -1,5 +1,6 @@ -{ config, ... }: -let domain = "mealie.hadi.diy"; +# Mealie is a recipe management and meal planning application. +{config, ...}: let + domain = "mealie.hadi.diy"; in { services = { mealie = { diff --git a/server-modules/meilisearch.nix b/server-modules/meilisearch.nix deleted file mode 100644 index 79ed818..0000000 --- a/server-modules/meilisearch.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, ... }: -let domain = "meilisearch.hadi.diy"; -in { - services = { - meilisearch = { - enable = true; - listenPort = 7700; - # masterKeyEnvironmentFile= ""; - }; - nginx.virtualHosts."${domain}" = { - useACMEHost = "hadi.diy"; - forceSSL = true; - locations."/" = { - proxyPass = - "http://127.0.0.1:${toString config.services.meilisearch.listenPort}"; - }; - }; - }; -} diff --git a/server-modules/nextcloud.nix b/server-modules/nextcloud.nix index 4aa6a87..36ac15f 100644 --- a/server-modules/nextcloud.nix +++ b/server-modules/nextcloud.nix @@ -1,5 +1,11 @@ -{ pkgs, config, ... }: -let domain = "cloud.hadi.diy"; +# Nextcloud is a self-hosted productivity platform that allows you to store and share files, manage calendars, contacts, and more. +{ + pkgs, + config, + ... +}: let + domain = "cloud.hadi.diy"; + adminuser = "hadi"; in { services = { nginx.virtualHosts = { @@ -19,32 +25,33 @@ in { https = true; autoUpdateApps.enable = true; settings = { - trusted_domains = [ domain ]; + trusted_domains = [domain]; default_phone_region = "FR"; overwriteprotocol = "https"; }; extraAppsEnable = true; - extraApps = with config.services.nextcloud.package.packages.apps; { - # List of apps we want to install and are already packaged in - # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json - # inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi; - inherit cookbook; - # Custom app example. - # socialsharing_telegram = pkgs.fetchNextcloudApp rec { - # url = - # "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz"; - # license = "agpl3"; - # sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k="; - # }; - }; + # extraApps = with config.services.nextcloud.package.packages.apps; { + # List of apps we want to install and are already packaged in + # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json + # inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi; + # inherit cookbook; + # Custom app example. + # socialsharing_telegram = pkgs.fetchNextcloudApp rec { + # url = + # "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz"; + # license = "agpl3"; + # sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k="; + # }; + # }; config = { dbtype = "pgsql"; - adminuser = "hadi"; + adminuser = adminuser; adminpassFile = config.sops.secrets.nextcloud-pwd.path; }; # Suggested by Nextcloud's health check. phpOptions."opcache.interned_strings_buffer" = "16"; }; - }; + + sops.secrets.nextcloud-pwd.path = "/etc/nextcloud/pwd.txt"; } diff --git a/server-modules/nginx.nix b/server-modules/nginx.nix index ed740f6..0f0bb24 100644 --- a/server-modules/nginx.nix +++ b/server-modules/nginx.nix @@ -1,38 +1,45 @@ -{ config, ... }: { - services.nginx = { enable = true; }; - +# Nginx is a web server that can also be used as a reverse proxy, load balancer, and HTTP cache. +{config, ...}: let + domain = "hadi.diy"; +in { security.acme = { acceptTerms = true; defaults.email = config.var.git.email; - }; - - security.acme.certs."hadi.diy" = { - domain = "hadi.diy"; - extraDomainNames = [ "*.hadi.diy" ]; - group = "nginx"; - - dnsProvider = "cloudflare"; - dnsPropagationCheck = true; - credentialsFile = config.sops.secrets.cloudflare-dns-token.path; - }; - - services.nginx.virtualHosts = { - "default" = { - default = true; - locations."/" = { return = 444; }; - }; - "*.hadi.diy" = { - useACMEHost = "hadi.diy"; - forceSSL = true; - locations."/" = { return = 444; }; - }; - "aaaaaa.hadi.diy" = { - useACMEHost = "hadi.diy"; - forceSSL = true; - locations."/" = { return = 444; }; + certs."${domain}" = { + domain = "${domain}"; + extraDomainNames = ["*.${domain}"]; + group = "nginx"; + dnsProvider = "cloudflare"; + dnsPropagationCheck = true; + credentialsFile = config.sops.secrets.cloudflare-dns-token.path; }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 80 443 ]; + # Return 444 for all requests not matching a used subdomain. + services.nginx = { + enable = true; + virtualHosts = { + "default" = { + default = true; + locations."/" = {return = 444;}; + }; + "*.${domain}" = { + useACMEHost = domain; + forceSSL = true; + locations."/" = {return = 444;}; + }; + "aaaaaa.${domain}" = { + useACMEHost = domain; + forceSSL = true; + locations."/" = {return = 444;}; + }; + }; + }; + + networking.firewall = { + allowedTCPPorts = [80 443]; + allowedUDPPorts = [80 443]; + }; + + sops.secrets.cloudflare-dns-token = {path = "/etc/cloudflare/dnskey.txt";}; } diff --git a/server-modules/search-nixos-api.nix b/server-modules/search-nixos-api.nix index 425cd32..4c7f7ea 100644 --- a/server-modules/search-nixos-api.nix +++ b/server-modules/search-nixos-api.nix @@ -1,15 +1,16 @@ -{ config, ... }: -let domain = "search-nixos-api.hadi.diy"; +# Custom NixOS module for the Search NixOS API service +# Check https://search-nixos.hadi.diy +{config, ...}: let + domain = "search-nixos-api.hadi.diy"; in { services = { - search-nixos-api = { enable = true; }; + search-nixos-api = {enable = true;}; nginx.virtualHosts."${domain}" = { useACMEHost = "hadi.diy"; forceSSL = true; locations."/" = { - proxyPass = - "http://127.0.0.1:${toString config.services.search-nixos-api.port}/"; + proxyPass = "http://127.0.0.1:${toString config.services.search-nixos-api.port}/"; }; }; }; diff --git a/server-modules/ssh.nix b/server-modules/ssh.nix index 9a218e4..d162549 100644 --- a/server-modules/ssh.nix +++ b/server-modules/ssh.nix @@ -1,16 +1,20 @@ -{ config, ... }: { +# SSH configuration +{config, ...}: let + username = config.var.username; +in { services.openssh = { enable = true; - ports = [ 22 ]; + ports = [22]; openFirewall = true; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; - AllowUsers = [ config.var.username ]; + AllowUsers = [username]; }; }; - users.users."${config.var.username}" = { + # Add my public SSH key to my user + users.users."${username}" = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPG9SE80ZyBcXZK/f5ypSKudaM5Jo3XtQikCnGo0jI5E hadi@nixy" ]; diff --git a/themes/nixy.nix b/themes/nixy.nix index 3b06e4d..2e434cd 100644 --- a/themes/nixy.nix +++ b/themes/nixy.nix @@ -1,5 +1,9 @@ -{ lib, pkgs, config, ... }: { - +{ + lib, + pkgs, + config, + ... +}: { options.theme = lib.mkOption { type = lib.types.attrs; default = { @@ -15,7 +19,8 @@ textColorOnWallpaper = config.lib.stylix.colors.base01; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...) - bar = { # Hyprpanel + bar = { + # Hyprpanel position = "top"; # "top" | "bottom" transparent = true; transparentButtons = false; @@ -31,28 +36,21 @@ # See https://tinted-theming.github.io/tinted-gallery/ for more schemes base16Scheme = { base00 = "09090B"; # Default Background - base01 = - "1c1e1f"; # Lighter Background (Used for status bars, line number and folding marks) + base01 = "1c1e1f"; # Lighter Background (Used for status bars, line number and folding marks) base02 = "313244"; # Selection Background base03 = "45475a"; # Comments, Invisibles, Line Highlighting base04 = "585b70"; # Dark Foreground (Used for status bars) base05 = "cdd6f4"; # Default Foreground, Caret, Delimiters, Operators base06 = "f5e0dc"; # Light Foreground (Not often used) base07 = "b4befe"; # Light Background (Not often used) - base08 = - "f38ba8"; # Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted - base09 = - "fab387"; # Integers, Boolean, Constants, XML Attributes, Markup Link Url + base08 = "f38ba8"; # Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted + base09 = "fab387"; # Integers, Boolean, Constants, XML Attributes, Markup Link Url base0A = "f9e2af"; # Classes, Markup Bold, Search Text Background base0B = "a6e3a1"; # Strings, Inherited Class, Markup Code, Diff Inserted - base0C = - "94e2d5"; # Support, Regular Expressions, Escape Characters, Markup Quotes - base0D = - "c5afd4"; # Functions, Methods, Attribute IDs, Headings, Accent color - base0E = - "cba6f7"; # Keywords, Storage, Selector, Markup Italic, Diff Changed - base0F = - "f2cdcd"; # Deprecated, Opening/Closing Embedded Language Tags, e.g. + base0C = "94e2d5"; # Support, Regular Expressions, Escape Characters, Markup Quotes + base0D = "c5afd4"; # Functions, Methods, Attribute IDs, Headings, Accent color + base0E = "cba6f7"; # Keywords, Storage, Selector, Markup Italic, Diff Changed + base0F = "f2cdcd"; # Deprecated, Opening/Closing Embedded Language Tags, e.g. }; cursor = { @@ -85,8 +83,7 @@ polarity = "dark"; image = pkgs.fetchurl { - url = - "https://raw.githubusercontent.com/anotherhadi/awesome-wallpapers/refs/heads/main/app/static/wallpapers/black-and-white-forest_minimalist_black-and-white.png"; + url = "https://raw.githubusercontent.com/anotherhadi/awesome-wallpapers/refs/heads/main/app/static/wallpapers/black-and-white-forest_minimalist_black-and-white.png"; sha256 = "sha256-MOlLRQonZ6UAaSJlysjL8snxnMrSFH9VOLrjXaU82Kw="; }; };