prepare for homeserver profile

This commit is contained in:
Tigor Hutasuhut 2024-06-12 18:09:56 +07:00
parent c2d0c09172
commit 6cf3070f8c
35 changed files with 441 additions and 193 deletions

View file

@ -109,6 +109,23 @@
] ++ commonModules; ] ++ commonModules;
specialArgs = specialArgs; specialArgs = specialArgs;
}; };
homeserver =
let
profile-path = ./profiles/homeserver.nix;
hardware-configuration = ./hardware-configuration/homeserver.nix;
specialArgs = { inherit inputs unstable profile-path hardware-configuration; };
in
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./system
{
home-manager.extraSpecialArgs = specialArgs;
home-manager.users.tigor = import ./home/tigor;
}
] ++ commonModules;
specialArgs = specialArgs;
};
}; };
}; };
} }

View file

@ -0,0 +1,2 @@
{ ... }:
{ }

View file

@ -21,6 +21,8 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.packages = [ home.packages = [
inputs.hyprland-contrib.packages.${pkgs.system}.grimblast inputs.hyprland-contrib.packages.${pkgs.system}.grimblast
pkgs.wl-clipboard
pkgs.kcalc
]; ];
sops.secrets."gnome-keyring/${config.home.username}" = { }; sops.secrets."gnome-keyring/${config.home.username}" = { };
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
@ -223,7 +225,6 @@ in
exec-once=pasystray exec-once=pasystray
exec-once=pypr exec-once=pypr
exec-once=dunst exec-once=dunst
exec-once=fcitx5 -d
source=${config.home.homeDirectory}/.cache/wallust/hyprland.conf source=${config.home.homeDirectory}/.cache/wallust/hyprland.conf
exec-once=sleep 0.2 && swww img ${config.home.homeDirectory}/.cache/wallpaper/current exec-once=sleep 0.2 && swww img ${config.home.homeDirectory}/.cache/wallpaper/current

View file

@ -1,5 +1,11 @@
{ config, lib, ... }:
let
cfg = config.profile.ideavim;
in
{ {
config = lib.mkIf cfg.enable {
home.file.".ideavimrc" = { home.file.".ideavimrc" = {
source = ./.ideavimrc; source = ./.ideavimrc;
}; };
};
} }

View file

@ -1,10 +1,14 @@
{ ... }: { config, lib, ... }:
let
cfg = config.profile.kitty;
in
{ {
config = lib.mkIf cfg.enable {
programs.kitty.enable = true; programs.kitty.enable = true;
home.file.".config/kitty" = { home.file.".config/kitty" = {
source = ./.; source = ./.;
recursive = true; recursive = true;
}; };
};
} }

View file

@ -1,6 +1,9 @@
{ ... }: { config, lib, ... }:
let
cfg = config.profile.wezterm;
in
{ {
config = lib.mkIf cfg.enable {
programs.wezterm = { programs.wezterm = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
@ -11,4 +14,5 @@
source = ./.; source = ./.;
recursive = true; recursive = true;
}; };
};
} }

View file

@ -1,4 +1,8 @@
{ pkgs, profile-path, ... }: { config, profile-path, ... }:
let
user = config.profile.user;
stateVersion = config.profile.system.stateVersion;
in
{ {
imports = [ imports = [
profile-path profile-path
@ -15,15 +19,14 @@
]; ];
home = { home = {
username = "tigor"; username = user.name;
homeDirectory = "/home/tigor"; homeDirectory = "/home/${user.name}";
stateVersion = "23.11"; stateVersion = stateVersion;
}; };
programs.home-manager.enable = true;
systemd.user.sessionVariables = { systemd.user.sessionVariables = {
XDG_CONFIG_HOME = "/home/tigor/.config"; XDG_CONFIG_HOME = "/home/${user.name}/.config";
}; };
services.mpris-proxy.enable = true; services.mpris-proxy.enable = config.profile.mpris-proxy.enable;
} }

View file

@ -1,17 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
variety
bitwarden
];
home.file = {
".config/autostart/variety.desktop" = {
source = "${pkgs.variety}/share/applications/variety.desktop";
};
".config/autostart/bitwarden.desktop" = {
source = "${pkgs.bitwarden}/share/applications/bitwarden.desktop";
};
};
}

View file

@ -0,0 +1,19 @@
{ pkgs, config, lib, ... }:
let
cfg = config.profile.bitwarden;
in
{
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
bitwarden
];
home.file = {
".config/autostart/bitwarden.desktop" = lib.mkIf cfg.autostart {
source = "${pkgs.bitwarden}/share/applications/bitwarden.desktop";
};
};
};
}

View file

@ -0,0 +1,24 @@
{ config, lib, ... }:
let
cfg = config.profile.chromium;
in
{
config = lib.mkIf cfg.enable {
programs.chromium = {
enable = true;
extensions = [
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin
{ id = "jinjaccalgkegednnccohejagnlnfdag"; } # violent monkey
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # bitwarden
{ id = "mnjggcdmjocbbbhaepdhchncahnbgone"; } # sponsor block
{ id = "pkehgijcmpdhfbdbbnkijodmdjhbjlgp"; } # privacy badger
{ id = "fhcgjolkccmbidfldomjliifgaodjagh"; } # cookie auto delete
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
];
commandLineArgs = [
"--enable-features=UseOzonePlatform"
"--ozone-platform=wayland"
];
};
};
}

View file

@ -0,0 +1,9 @@
{ config, lib, unstable, ... }:
let
cfg = config.profile.dbeaver;
in
{
config = lib.mkIf cfg.enable {
home.packages = [ unstable.dbeaver-bin ];
};
}

View file

@ -1,22 +1,27 @@
{ pkgs, unstable, ... }: { pkgs, unstable, ... }:
{ {
imports = [ imports = [
./autostart.nix ./bitwarden.nix
./chromium.nix
./discord.nix
./git.nix ./git.nix
./github.nix
./go.nix
./mpv.nix ./mpv.nix
./neovide.nix
./nnn.nix
./node.nix ./node.nix
./slack.nix
./spotify.nix
./starship.nix ./starship.nix
./tofi.nix ./tofi.nix
./variety.nix
./vscode.nix ./vscode.nix
./zsh.nix
./discord.nix
./neovide.nix
./slack.nix
./whatsapp.nix ./whatsapp.nix
./zsh.nix
./dbeaver.nix
]; ];
programs.home-manager.enable = true;
programs.fzf = { programs.fzf = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
@ -29,76 +34,11 @@
enableZshIntegration = true; enableZshIntegration = true;
}; };
programs.ripgrep.enable = true; programs.ripgrep.enable = true;
programs.go = {
enable = true;
goPrivate = [
"gitlab.bareksa.com"
];
package = unstable.go_1_22;
};
programs.chromium = {
enable = true;
extensions = [
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin
{ id = "jinjaccalgkegednnccohejagnlnfdag"; } # violent monkey
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # bitwarden
{ id = "mnjggcdmjocbbbhaepdhchncahnbgone"; } # sponsor block
{ id = "pkehgijcmpdhfbdbbnkijodmdjhbjlgp"; } # privacy badger
{ id = "fhcgjolkccmbidfldomjliifgaodjagh"; } # cookie auto delete
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
];
commandLineArgs = [
"--enable-features=UseOzonePlatform"
"--ozone-platform=wayland"
];
};
programs.nnn = {
enable = true;
};
programs.htop.enable = true; programs.htop.enable = true;
programs.mpv.enable = true;
home.packages = with pkgs; [ home.packages = with pkgs; [
unstable.gh # github cli
wget
curl
openssl
zig
unzip
libcap
gcc
cargo
nixpkgs-fmt
fd
wl-clipboard
unstable.dbeaver-bin
unstable.jellyfin-media-player unstable.jellyfin-media-player
stylua
luarocks
du-dust
just
modd
lefthook
spotify
# seafile-client
lsof
# scrcpy
masterpdfeditor4
watchexec
kcalc
pdfarranger
unstable.microsoft-edge unstable.microsoft-edge
# (floorp.override {
# nativeMessagingHosts = with pkgs; [
# plasma5Packages.plasma-browser-integration
# ];
# })
nextcloud-client nextcloud-client
# qownnotes
]; ];
} }

View file

@ -0,0 +1,9 @@
{ config, lib, unstable, ... }:
let
cfg = config.profile.gh;
in
{
config = lib.mkIf cfg.enable {
home.packages = [ unstable.gh ];
};
}

View file

@ -0,0 +1,15 @@
{ config, lib, unstable, ... }:
let
cfg = config.profile.go;
in
{
config = lib.mkIf cfg.enable {
programs.go = {
enable = true;
goPrivate = [
"gitlab.bareksa.com"
];
package = unstable.go_1_22;
};
};
}

View file

@ -0,0 +1,11 @@
{ config, lib, unstable, ... }:
let
cfg = config.profile.jellyfin;
in
{
config = lib.mkIf cfg.enable {
home.packages = lib.mkIf cfg.client.enable [
unstable.jellyfin-media-player
];
};
}

View file

@ -1,6 +1,9 @@
{ pkgs, ... }: { config, lib, pkgs, ... }:
let
cfg = config.profile.mpv;
in
{ {
config = lib.mkIf cfg.enable {
programs.mpv = { programs.mpv = {
enable = true; enable = true;
scripts = with pkgs.mpvScripts; [ scripts = with pkgs.mpvScripts; [
@ -10,4 +13,5 @@
sponsorblock sponsorblock
]; ];
}; };
};
} }

View file

@ -0,0 +1,9 @@
{ config, lib, ... }:
let
cfg = config.profile.nnn;
in
{
config = lib.mkIf cfg.enable {
programs.nnn.enable = true;
};
}

View file

@ -0,0 +1,11 @@
{ pkgs, config, lib, ... }:
let
cfg = config.profile.spotify;
in
{
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
spotify
];
};
}

View file

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.variety;
in
{
config = lib.mkIf cfg.enable {
home.packages = [ pkgs.variety ];
home.file.".config/autostart.variety.desktop" = lib.mkIf cfg.autostart {
source = "${pkgs.variety}/share/applications/variety.desktop";
};
};
}

View file

@ -1,6 +1,9 @@
{ unstable, ... }: { config, lib, unstable, ... }:
let
cfg = config.profile.vscode;
in
{ {
config = lib.mkIf cfg.enable {
programs.vscode = { programs.vscode = {
enable = true; enable = true;
package = unstable.vscode; package = unstable.vscode;
@ -11,4 +14,5 @@
catppuccin.catppuccin-vsc catppuccin.catppuccin-vsc
]; ];
}; };
};
} }

View file

@ -45,6 +45,10 @@
(cat "$_ZSH_COLOR_SCHEME_FILE" &) (cat "$_ZSH_COLOR_SCHEME_FILE" &)
fi fi
''; '';
initExtra = ''
bindkey '^I' menu-complete
bindkey "$terminfo[kcbt]" reverse-menu-complete
'';
antidote = { antidote = {
enable = true; enable = true;
plugins = [ plugins = [

View file

@ -3,12 +3,41 @@
imports = [ imports = [
./programs.nix ./programs.nix
./hyprland.nix ./hyprland.nix
./podman.nix
]; ];
options.profile = { options.profile = {
#### Required Options ####
hostname = lib.mkOption { hostname = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
user = {
name = lib.mkOption {
type = lib.types.str;
};
fullName = lib.mkOption {
type = lib.types.str;
};
getty.autoLogin = lib.mkEnableOption "auto-login to getty";
};
system.stateVersion = lib.mkOption {
type = lib.types.str;
};
#### Optionals ####
grub.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
audio.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
android.enable = lib.mkEnableOption "android"; android.enable = lib.mkEnableOption "android";
avahi.enable = lib.mkEnableOption "avahi"; avahi.enable = lib.mkEnableOption "avahi";
bluetooth.enable = lib.mkEnableOption "bluetooth"; bluetooth.enable = lib.mkEnableOption "bluetooth";
@ -47,9 +76,7 @@
}; };
keyboard.language.japanese = lib.mkEnableOption "Japanese keyboard input"; keyboard.language.japanese = lib.mkEnableOption "Japanese keyboard input";
firefox.enable = lib.mkEnableOption "firefox";
brightnessctl.enable = lib.mkEnableOption "brightnessctl"; brightnessctl.enable = lib.mkEnableOption "brightnessctl";
openssh.enable = lib.mkEnableOption "openssh";
}; };
} }

6
options/podman.nix Normal file
View file

@ -0,0 +1,6 @@
{ lib, ... }:
{
options.profile.podman = {
enable = lib.mkEnableOption "podman";
};
}

View file

@ -31,5 +31,41 @@
syncthing.enable = lib.mkEnableOption "syncthing"; syncthing.enable = lib.mkEnableOption "syncthing";
obs.enable = lib.mkEnableOption "obs"; obs.enable = lib.mkEnableOption "obs";
wezterm.enable = lib.mkEnableOption "wezterm";
neovide.enable = lib.mkEnableOption "neovide";
ideavim.enable = lib.mkEnableOption "ideavim";
kitty.enable = lib.mkEnableOption "kitty";
mpris-proxy.enable = lib.mkEnableOption "mpris-proxy";
variety = {
enable = lib.mkEnableOption "variety";
autostart = lib.mkEnableOption "variety autostart";
};
bitwarden = {
enable = lib.mkEnableOption "bitwarden";
autostart = lib.mkEnableOption "bitwarden autostart";
};
go.enable = lib.mkEnableOption "go";
chromium.enable = lib.mkEnableOption "chromium";
nnn.enable = lib.mkEnableOption "nnn";
mpv.enable = lib.mkEnableOption "mpv";
gh.enable = lib.mkEnableOption "gh"; # GitHub CLI
spotify = {
enable = lib.mkEnableOption "spotify";
autostart = lib.mkEnableOption "spotify autostart";
};
firefox.enable = lib.mkEnableOption "firefox";
vscode.enable = lib.mkEnableOption "vscode";
# This is client jellyfin option only.
# For server option, see podman.nix.
jellyfin.enable = lib.mkEnableOption "jellyfin";
dbeaver.enable = lib.mkEnableOption "dbeaver";
}; };
} }

View file

@ -10,6 +10,10 @@ in
profile = { profile = {
hostname = "castle"; hostname = "castle";
user = {
name = "tigor";
fullName = "Tigor Hutasuhut";
};
hyprland = { hyprland = {
enable = true; enable = true;
@ -55,5 +59,19 @@ in
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
keyboard.language.japanese = true; keyboard.language.japanese = true;
system.stateVersion = "23.11";
mpris-proxy.enable = true;
kitty.enable = true;
neovide.enable = true;
spotify.enable = true;
vscode.enable = true;
jellyfin.enable = true;
mpv.enable = true;
go.enable = true;
chromium.enable = true;
bitwarden.enable = true;
dbeaver.enable = true;
}; };
} }

View file

@ -6,6 +6,12 @@
profile = { profile = {
hostname = "fort"; hostname = "fort";
user = {
name = "tigor";
fullName = "Tigor Hutasuhut";
};
system.stateVersion = "23.11";
hyprland = { hyprland = {
enable = true; enable = true;
settings = { settings = {
@ -41,5 +47,6 @@
brightnessctl.enable = true; brightnessctl.enable = true;
keyboard.language.japanese = true; keyboard.language.japanese = true;
}; };
} }

25
profiles/homeserver.nix Normal file
View file

@ -0,0 +1,25 @@
{ ... }:
{
imports = [
../options
];
profile = {
hostname = "homeserver";
user = {
name = "homeserver";
fullName = "Homeserver";
};
system.stateVersion = "24.05";
grub.enable = false;
# There is no GUI on the server. No need for audio.
audio.enable = false;
security.sudo.wheelNeedsPassword = false;
podman = {
enable = true;
};
openssh.enable = true;
};
}

View file

@ -9,17 +9,7 @@
./keyboard.nix ./keyboard.nix
]; ];
security.sudo = security.sudo.wheelNeedsPassword = config.profile.security.sudo.wheelNeedsPassword;
let
cfg = config.profile.security.sudo;
in
{
wheelNeedsPassword = cfg.wheelNeedsPassword;
extraConfig = ''
Defaults timestamp_timeout=30
Defaults timestamp_type=global
'';
};
networking.hostName = config.profile.hostname; networking.hostName = config.profile.hostname;
@ -59,7 +49,7 @@
mandoc.enable = true; mandoc.enable = true;
}; };
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = config.profile.system.stateVersion;
systemd.services.decrypt-sops = { systemd.services.decrypt-sops = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

View file

@ -1,7 +1,9 @@
{ ... }: { config, lib, ... }:
let
cfg = config.profile.audio;
in
{ {
# Enable sound with pipewire. config = lib.mkIf cfg.enable {
# sound.enable = true;
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
@ -9,11 +11,6 @@
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
# If you want to use JACK applications, uncomment this };
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
}; };
} }

View file

@ -1,6 +1,10 @@
{ ... }: { config, lib, ... }:
let
grub = config.profile.grub;
in
lib.mkMerge [
{ {
boot.loader = { boot.loader = lib.mkIf grub.enable {
efi = { efi = {
efiSysMountPoint = "/boot"; efiSysMountPoint = "/boot";
canTouchEfiVariables = true; canTouchEfiVariables = true;
@ -13,3 +17,12 @@
}; };
}; };
} }
{
boot.loader = lib.mkIf (!grub.enable) {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
};
};
}
]

View file

@ -0,0 +1,17 @@
{ config, lib, ... }:
let
cfg = config.profile.openssh;
in
{
config = lib.mkIf cfg.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
UseDns = true;
X11Forwarding = false;
PermitRootLogin = "no";
};
};
};
}

20
system/modules/podman.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.podman;
in
{
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
dive # look into docker image layers
podman-tui # status of containers in the terminal
podman-compose # start group of containers for dev
];
virtualisation.podman = {
enable = true;
dockerSocket.enable = true;
autoPrune.enable = true; # Default weekly
dockerCompat = true;
};
};
}

View file

@ -12,13 +12,5 @@ in
defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
age.keyFile = "/home/${owner}/.config/sops/age/keys.txt"; age.keyFile = "/home/${owner}/.config/sops/age/keys.txt";
secrets = {
"smb/secrets" = { inherit owner; };
"docker/config" = {
inherit owner;
path = "/home/${owner}/.docker/config.json";
};
};
}; };
} }

View file

@ -19,6 +19,12 @@
gnumake gnumake
sqlite sqlite
nurl nurl
lsof
unzip
openssl
libcap
fd
du-dust
]; ];
environment.sessionVariables = { environment.sessionVariables = {

View file

@ -1,13 +1,13 @@
{ pkgs, ... }: { pkgs, config, lib, ... }:
let let
user = "tigor"; user = config.profile.user.name;
fullName = "Tigor Hutasuhut"; fullName = config.profile.user.fullName;
in in
{ {
users.users.${user} = { users.users.${user} = {
isNormalUser = true; isNormalUser = true;
description = fullName; description = fullName;
extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "scanner" "lp" ]; extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "scanner" "lp" "podman" ];
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
@ -18,4 +18,5 @@ in
}; };
nix.settings.trusted-users = [ user ]; nix.settings.trusted-users = [ user ];
services.getty.autologinUser = lib.mkIf config.profile.user.getty.autoLogin user;
} }