anotherhadi/nixy
1
Fork 0
mirror of https://github.com/anotherhadi/nixy.git synced 2026-04-02 11:12:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

update/format configuration for jack

Browse Source 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
This commit is contained in:
Hadi
2025-07-16 19:51:05 +02:00
parent 18c8afb616
commit 72e4be86eb
30 changed files with 466 additions and 589 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server-modules/arr.nix
View File

@@ -1,3 +1,6 @@
# *arr is a collection of media management applications.
# See https://github.com/rasmus-kirk/nixarr
# Setup guide: https://nixarr.com/wiki/setup/
{config, ...}: let
domain = "hadi.diy";
mkVirtualHost = port: {
@@ -5,10 +8,10 @@
forceSSL = true;
locations."/" = {proxyPass = "http://127.0.0.1:${toString port}";};
};
my-username = config.var.username;
username = config.var.username;
in {
# Add my user to the media group
users.users."${my-username}".extraGroups = ["media"];
users.users."${username}".extraGroups = ["media"];
# Add my secrets
sops.secrets = {

617
server-modules/glance.nix
View File

@@ -1,323 +1,316 @@
{ config, lib, ... }:
let
# Glance is a self-hosted homepage/dashboard service.
{
config,
lib,
...
}: let
domain = "start.hadi.diy";
rgb-to-hsl = color:
let
r = ((lib.toInt config.lib.stylix.colors."${color}-rgb-r") * 100.0) / 255;
g = ((lib.toInt config.lib.stylix.colors."${color}-rgb-g") * 100.0) / 255;
b = ((lib.toInt config.lib.stylix.colors."${color}-rgb-b") * 100.0) / 255;
max = lib.max r (lib.max g b);
min = lib.min r (lib.min g b);
delta = max - min;
fmod = base: int: base - (int * builtins.floor (base / int));
h = if delta == 0 then
0
else if max == r then
60 * (fmod ((g - b) / delta) 6)
else if max == g then
60 * (((b - r) / delta) + 2)
else if max == b then
60 * (((r - g) / delta) + 4)
else
0;
l = (max + min) / 2;
s = if delta == 0 then
0
else
100 * delta / (100 - lib.max (2 * l - 100) (100 - (2 * l)));
roundToString = value: toString (builtins.floor (value + 0.5));
in lib.concatMapStringsSep " " roundToString [ h s l ];
rgb-to-hsl = color: let
r = ((lib.toInt config.lib.stylix.colors."${color}-rgb-r") * 100.0) / 255;
g = ((lib.toInt config.lib.stylix.colors."${color}-rgb-g") * 100.0) / 255;
b = ((lib.toInt config.lib.stylix.colors."${color}-rgb-b") * 100.0) / 255;
max = lib.max r (lib.max g b);
min = lib.min r (lib.min g b);
delta = max - min;
fmod = base: int: base - (int * builtins.floor (base / int));
h =
if delta == 0
then 0
else if max == r
then 60 * (fmod ((g - b) / delta) 6)
else if max == g
then 60 * (((b - r) / delta) + 2)
else if max == b
then 60 * (((r - g) / delta) + 4)
else 0;
l = (max + min) / 2;
s =
if delta == 0
then 0
else 100 * delta / (100 - lib.max (2 * l - 100) (100 - (2 * l)));
roundToString = value: toString (builtins.floor (value + 0.5));
in
lib.concatMapStringsSep " " roundToString [h s l];
in {
services = {
glance = {
enable = true;
settings = {
theme = {
# primary-color = rgb-to-hsl "base0D";
contrast-multiplier = lib.mkForce 1.4;
};
pages = [{
hide-desktop-navigation = true;
columns = [
{
size = "small";
widgets = [
{
type = "clock";
hour-format = "24h";
}
{
type = "weather";
location = "Paris, France";
}
{
type = "markets";
markets = [
{
symbol = "BTC-USD";
name = "Bitcoin";
chart-link =
"https://www.tradingview.com/chart/?symbol=INDEX:BTCUSD";
}
{
symbol = "SOL-USD";
name = "Solana";
chart-link =
"https://www.tradingview.com/chart/?symbol=INDEX:SOLUSD";
}
{
symbol = "ETH-USD";
name = "Ethereum";
chart-link =
"https://www.tradingview.com/chart/?symbol=INDEX:ETHUSD";
}
];
}
{
type = "dns-stats";
service = "adguard";
url = "https://adguard.hadi.diy";
username = "hadi";
password = "\${secret:adguard-pwd}";
}
];
}
{
size = "full";
widgets = [
{
type = "search";
search-engine = "duckduckgo";
}
{
type = "bookmarks";
groups = [
{
title = "";
same-tab = true;
color = "200 50 50";
links = [
{
title = "ProtonMail";
url = "https://proton.me/mail";
}
{
title = "Github";
url = "https://github.com";
}
{
title = "Youtube";
url = "https://youtube.com";
}
{
title = "Figma";
url = "https://figma.com";
}
];
}
{
title = "Docs";
same-tab = true;
color = "200 50 50";
links = [
{
title = "Nixpkgs repo";
url = "https://github.com/NixOS/nixpkgs";
}
{
title = "Nixvim";
url = "https://nix-community.github.io/nixvim/";
}
{
title = "Hyprland wiki";
url = "https://wiki.hyprland.org/";
}
{
title = "Search NixOS";
url = "https://search-nixos.hadi.diy";
}
];
}
{
title = "Homelab";
same-tab = true;
color = "100 50 50";
links = [
{
title = "Router";
url = "http://192.168.1.254/";
}
{
title = "Cloudflare";
url = "https://dash.cloudflare.com/";
}
];
}
{
title = "Work";
same-tab = true;
color = "50 50 50";
links = [
{
title = "Outlook";
url = "https://outlook.office.com/";
}
{
title = "Teams";
url = "https://teams.microsoft.com/";
}
{
title = "Office";
url = "https://www.office.com/";
}
];
}
{
title = "Cyber";
same-tab = true;
color = rgb-to-hsl "base09";
links = [
{
title = "CyberChef";
url = "https://cyberchef.org/";
}
{
title = "TryHackMe";
url = "https://tryhackme.com/";
}
{
title = "RootMe";
url = "https://www.root-me.org/";
}
{
title = "Exploit-DB";
url = "https://www.exploit-db.com/";
}
{
title = "CrackStation";
url = "https://crackstation.net/";
}
];
}
{
title = "Misc";
same-tab = true;
color = rgb-to-hsl "base01";
links = [
{
title = "Svgl";
url = "https://svgl.app/";
}
{
title = "Excalidraw";
url = "https://excalidraw.com/";
}
{
title = "Cobalt (Downloader)";
url = "https://cobalt.tools/";
}
{
title = "Mazanoke (Image optimizer)";
url = "https://mazanoke.com/";
}
];
}
];
}
{
type = "server-stats";
servers = [{
type = "local";
name = "Jack";
}];
}
{
type = "group";
widgets = [
{
type = "monitor";
title = "Services";
cache = "1m";
sites = [
{
title = "Vaultwarden";
url = "https://vault.hadi.diy";
icon = "si:bitwarden";
}
{
title = "Nextcloud";
url = "https://cloud.hadi.diy";
icon = "si:nextcloud";
}
{
title = "Adguard";
url = "https://adguard.hadi.diy";
icon = "si:adguard";
}
{
title = "Hoarder";
url = "https://hoarder.hadi.diy";
icon = "si:bookstack";
}
{
title = "Mealie";
url = "https://mealie.hadi.diy";
icon = "si:mealie";
}
];
}
{
type = "monitor";
title = "*arr";
cache = "1m";
sites = [
{
title = "Jellyfin";
url = "https://jellyfin.hadi.diy";
icon = "si:jellyfin";
}
{
title = "Jellyseerr";
url = "https://jellyseerr.hadi.diy";
icon = "si:odysee";
}
{
title = "Radarr";
url = "https://radarr.hadi.diy";
icon = "si:radarr";
}
{
title = "Sonarr";
url = "https://sonarr.hadi.diy";
icon = "si:sonarr";
}
{
title = "Prowlarr";
url = "https://prowlarr.hadi.diy";
icon = "si:podcastindex";
}
{
title = "SABnzbd";
url = "https://sabnzbd.hadi.diy";
icon = "si:sabanci";
}
{
title = "Transmission";
url = "https://transmission.hadi.diy";
icon = "si:transmission";
}
];
}
];
}
];
}
];
name = "Home";
}];
server = { port = 5678; };
pages = [
{
hide-desktop-navigation = true;
columns = [
{
size = "small";
widgets = [
{
type = "clock";
hour-format = "24h";
}
{
type = "weather";
location = "Paris, France";
}
{
type = "markets";
markets = [
{
symbol = "BTC-USD";
name = "Bitcoin";
chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:BTCUSD";
}
{
symbol = "SOL-USD";
name = "Solana";
chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:SOLUSD";
}
{
symbol = "ETH-USD";
name = "Ethereum";
chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:ETHUSD";
}
];
}
{
type = "dns-stats";
service = "adguard";
url = "https://adguard.hadi.diy";
username = "hadi";
password = "\${secret:adguard-pwd}";
}
];
}
{
size = "full";
widgets = [
{
type = "search";
search-engine = "duckduckgo";
}
{
type = "bookmarks";
groups = [
{
title = "";
same-tab = true;
color = "200 50 50";
links = [
{
title = "ProtonMail";
url = "https://proton.me/mail";
}
{
title = "Github";
url = "https://github.com";
}
{
title = "Youtube";
url = "https://youtube.com";
}
{
title = "Figma";
url = "https://figma.com";
}
];
}
{
title = "Docs";
same-tab = true;
color = "200 50 50";
links = [
{
title = "Nixpkgs repo";
url = "https://github.com/NixOS/nixpkgs";
}
{
title = "Nixvim";
url = "https://nix-community.github.io/nixvim/";
}
{
title = "Hyprland wiki";
url = "https://wiki.hyprland.org/";
}
{
title = "Search NixOS";
url = "https://search-nixos.hadi.diy";
}
];
}
{
title = "Homelab";
same-tab = true;
color = "100 50 50";
links = [
{
title = "Router";
url = "http://192.168.1.254/";
}
{
title = "Cloudflare";
url = "https://dash.cloudflare.com/";
}
];
}
{
title = "Work";
same-tab = true;
color = "50 50 50";
links = [
{
title = "Outlook";
url = "https://outlook.office.com/";
}
{
title = "Teams";
url = "https://teams.microsoft.com/";
}
{
title = "Office";
url = "https://www.office.com/";
}
];
}
{
title = "Cyber";
same-tab = true;
color = rgb-to-hsl "base09";
links = [
{
title = "CyberChef";
url = "https://cyberchef.org/";
}
{
title = "TryHackMe";
url = "https://tryhackme.com/";
}
{
title = "RootMe";
url = "https://www.root-me.org/";
}
{
title = "Exploit-DB";
url = "https://www.exploit-db.com/";
}
{
title = "CrackStation";
url = "https://crackstation.net/";
}
];
}
{
title = "Misc";
same-tab = true;
color = rgb-to-hsl "base01";
links = [
{
title = "Svgl";
url = "https://svgl.app/";
}
{
title = "Excalidraw";
url = "https://excalidraw.com/";
}
{
title = "Cobalt (Downloader)";
url = "https://cobalt.tools/";
}
{
title = "Mazanoke (Image optimizer)";
url = "https://mazanoke.com/";
}
];
}
];
}
{
type = "server-stats";
servers = [
{
type = "local";
name = "Jack";
}
];
}
{
type = "group";
widgets = [
{
type = "monitor";
title = "Services";
cache = "1m";
sites = [
{
title = "Vaultwarden";
url = "https://vault.hadi.diy";
icon = "si:bitwarden";
}
{
title = "Nextcloud";
url = "https://cloud.hadi.diy";
icon = "si:nextcloud";
}
{
title = "Adguard";
url = "https://adguard.hadi.diy";
icon = "si:adguard";
}
{
title = "Mealie";
url = "https://mealie.hadi.diy";
icon = "si:mealie";
}
];
}
{
type = "monitor";
title = "*arr";
cache = "1m";
sites = [
{
title = "Jellyfin";
url = "https://jellyfin.hadi.diy";
icon = "si:jellyfin";
}
{
title = "Jellyseerr";
url = "https://jellyseerr.hadi.diy";
icon = "si:odysee";
}
{
title = "Radarr";
url = "https://radarr.hadi.diy";
icon = "si:radarr";
}
{
title = "Sonarr";
url = "https://sonarr.hadi.diy";
icon = "si:sonarr";
}
{
title = "Prowlarr";
url = "https://prowlarr.hadi.diy";
icon = "si:podcastindex";
}
{
title = "Transmission";
url = "https://transmission.hadi.diy";
icon = "si:transmission";
}
];
}
];
}
];
}
];
name = "Home";
}
];
server = {port = 5678;};
};
};
nginx.virtualHosts."${domain}" = {
@@ -325,8 +318,8 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${
toString config.services.glance.settings.server.port
}";
toString config.services.glance.settings.server.port
}";
};
};
};

88
server-modules/headscale.nix
View File

@@ -1,88 +0,0 @@
{ config, pkgs, ... }:
let
derpPort = 3478;
domain = "hadi.diy";
headscale-ui-src = pkgs.fetchFromGitHub {
owner = "gurucomputing";
repo = "headscale-ui";
rev = "63041fd673d81da56e60d2b528a4991981eab746";
sha256 = "pz7oDRfBf/dN+PMEqbMe+es6deQ4QP3pC191ASlyV7U=";
};
headscale-ui = pkgs.buildNpmPackage {
pname = "headscale-ui";
version = "0.0.1";
src = headscale-ui-src;
npmDepsHash = "MePNbOPSe5wB8/6T3DLs+4+Qlr8f+7cCPs301il7iX8=";
buildPhase = ''
runHook preBuild
mkdir -p $out
npm run build
runHook postBuild
'';
installPhase = ''
mv ./build $out/dist
'';
makeCacheWritable = true;
dontFixup = true;
dontNpmBuild = true;
};
in {
services = {
headscale = {
enable = true;
port = 8085;
address = "127.0.0.1";
settings = {
dns = {
override_local_dns = true;
base_domain = "ts.${domain}";
magic_dns = true;
nameservers.global = [ "9.9.9.9" ];
# extra_records = [{
# name = "merope.${domain}";
# type = "A";
# value = "100.77.0.5";
# }];
};
server_url = "https://tailscale.${domain}";
metrics_listen_addr = "127.0.0.1:8095";
logtail = { enabled = false; };
log = { level = "warn"; };
ip_prefixes = [ "100.77.0.0/24" "fd7a:115c:a1e0:77::/64" ];
derp.server = {
enable = true;
region_id = 999;
stun_listen_addr = "0.0.0.0:${toString derpPort}";
};
};
};
nginx.virtualHosts = {
"tailscale.${domain}" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations = {
"/" = {
proxyPass =
"http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
"/metrics" = {
proxyPass =
"http://${config.services.headscale.settings.metrics_listen_addr}/metrics";
};
"/web" = {
root = "${headscale-ui}/dist";
index = "index.html";
tryFiles = [ "$uri" "/index.html" ];
};
};
};
};
};
# Derp server
networking.firewall.allowedUDPPorts = [ derpPort ];
environment.systemPackages = [ config.services.headscale.package ];
}

50
server-modules/hoarder.nix
View File

@@ -1,50 +0,0 @@
{ config, ... }:
let domain = "hoarder.hadi.diy";
in {
systemd.tmpfiles.rules = [
"d /var/lib/hoarder/web 0755 root root -"
"d /var/lib/hoarder/meili 0755 root root -"
];
virtualisation.oci-containers.containers = {
hoarder-web = {
environmentFiles = [ config.sops.secrets.hoarder.path ];
image = "ghcr.io/hoarder-app/hoarder:release";
volumes = [ "/var/lib/hoarder/web:/data" ];
ports = [ "127.0.0.1:3131:3000" ];
environment = {
HOARDER_VERSION = "release";
NEXTAUTH_URL = "https://" + domain;
DATA_DIR = "/data";
MEILI_ADDR = "http://hoarder-meili:7700";
BROWSER_WEB_URL = "http://hoarder-browser:9222";
DISABLE_SIGNUPS = "false";
};
};
hoarder-meili = {
environmentFiles = [ config.sops.secrets.hoarder.path ];
image = "getmeili/meilisearch:v1.11.1";
environment = { MEILI_NO_ANALYTICS = "true"; };
volumes = [ "/var/lib/hoarder/meili:/meili_data" ];
};
hoarder-browser = {
image = "gcr.io/zenika-hub/alpine-chrome:123";
#pull = "newer";
cmd = [
"--no-sandbox"
"--disable-gpu"
"--disable-dev-shm-usage"
"--remote-debugging-address=0.0.0.0"
"--remote-debugging-port=9222"
"--hide-scrollbars"
];
};
};
services.nginx.virtualHosts."${domain}" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:3131"; };
};
}

5
server-modules/mealie.nix
View File

@@ -1,5 +1,6 @@
{ config, ... }:
let domain = "mealie.hadi.diy";
# Mealie is a recipe management and meal planning application.
{config, ...}: let
domain = "mealie.hadi.diy";
in {
services = {
mealie = {

19
server-modules/meilisearch.nix
View File

@@ -1,19 +0,0 @@
{ config, ... }:
let domain = "meilisearch.hadi.diy";
in {
services = {
meilisearch = {
enable = true;
listenPort = 7700;
# masterKeyEnvironmentFile= "";
};
nginx.virtualHosts."${domain}" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.meilisearch.listenPort}";
};
};
};
}

43
server-modules/nextcloud.nix
View File

@@ -1,5 +1,11 @@
{ pkgs, config, ... }:
let domain = "cloud.hadi.diy";
# Nextcloud is a self-hosted productivity platform that allows you to store and share files, manage calendars, contacts, and more.
{
pkgs,
config,
...
}: let
domain = "cloud.hadi.diy";
adminuser = "hadi";
in {
services = {
nginx.virtualHosts = {
@@ -19,32 +25,33 @@ in {
https = true;
autoUpdateApps.enable = true;
settings = {
trusted_domains = [ domain ];
trusted_domains = [domain];
default_phone_region = "FR";
overwriteprotocol = "https";
};
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
# List of apps we want to install and are already packaged in
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
# inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi;
inherit cookbook;
# Custom app example.
# socialsharing_telegram = pkgs.fetchNextcloudApp rec {
# url =
# "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
# license = "agpl3";
# sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
# };
};
# extraApps = with config.services.nextcloud.package.packages.apps; {
# List of apps we want to install and are already packaged in
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
# inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi;
# inherit cookbook;
# Custom app example.
# socialsharing_telegram = pkgs.fetchNextcloudApp rec {
# url =
# "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
# license = "agpl3";
# sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
# };
# };
config = {
dbtype = "pgsql";
adminuser = "hadi";
adminuser = adminuser;
adminpassFile = config.sops.secrets.nextcloud-pwd.path;
};
# Suggested by Nextcloud's health check.
phpOptions."opcache.interned_strings_buffer" = "16";
};
};
sops.secrets.nextcloud-pwd.path = "/etc/nextcloud/pwd.txt";
}

69
server-modules/nginx.nix
View File

@@ -1,38 +1,45 @@
{ config, ... }: {
services.nginx = { enable = true; };
# Nginx is a web server that can also be used as a reverse proxy, load balancer, and HTTP cache.
{config, ...}: let
domain = "hadi.diy";
in {
security.acme = {
acceptTerms = true;
defaults.email = config.var.git.email;
};
security.acme.certs."hadi.diy" = {
domain = "hadi.diy";
extraDomainNames = [ "*.hadi.diy" ];
group = "nginx";
dnsProvider = "cloudflare";
dnsPropagationCheck = true;
credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
};
services.nginx.virtualHosts = {
"default" = {
default = true;
locations."/" = { return = 444; };
};
"*.hadi.diy" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = { return = 444; };
};
"aaaaaa.hadi.diy" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = { return = 444; };
certs."${domain}" = {
domain = "${domain}";
extraDomainNames = ["*.${domain}"];
group = "nginx";
dnsProvider = "cloudflare";
dnsPropagationCheck = true;
credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
# Return 444 for all requests not matching a used subdomain.
services.nginx = {
enable = true;
virtualHosts = {
"default" = {
default = true;
locations."/" = {return = 444;};
};
"*.${domain}" = {
useACMEHost = domain;
forceSSL = true;
locations."/" = {return = 444;};
};
"aaaaaa.${domain}" = {
useACMEHost = domain;
forceSSL = true;
locations."/" = {return = 444;};
};
};
};
networking.firewall = {
allowedTCPPorts = [80 443];
allowedUDPPorts = [80 443];
};
sops.secrets.cloudflare-dns-token = {path = "/etc/cloudflare/dnskey.txt";};
}

11
server-modules/search-nixos-api.nix
View File

@@ -1,15 +1,16 @@
{ config, ... }:
let domain = "search-nixos-api.hadi.diy";
# Custom NixOS module for the Search NixOS API service
# Check https://search-nixos.hadi.diy
{config, ...}: let
domain = "search-nixos-api.hadi.diy";
in {
services = {
search-nixos-api = { enable = true; };
search-nixos-api = {enable = true;};
nginx.virtualHosts."${domain}" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.search-nixos-api.port}/";
proxyPass = "http://127.0.0.1:${toString config.services.search-nixos-api.port}/";
};
};
};

12
server-modules/ssh.nix
View File

@@ -1,16 +1,20 @@
{ config, ... }: {
# SSH configuration
{config, ...}: let
username = config.var.username;
in {
services.openssh = {
enable = true;
ports = [ 22 ];
ports = [22];
openFirewall = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
AllowUsers = [ config.var.username ];
AllowUsers = [username];
};
};
users.users."${config.var.username}" = {
# Add my public SSH key to my user
users.users."${username}" = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPG9SE80ZyBcXZK/f5ypSKudaM5Jo3XtQikCnGo0jI5E hadi@nixy"
];