prepare for homeserver profile

flake.nix

@@ -109,6 +109,23 @@
               ] ++ commonModules;
               specialArgs = specialArgs;
             };
+          homeserver =
+            let
+              profile-path = ./profiles/homeserver.nix;
+              hardware-configuration = ./hardware-configuration/homeserver.nix;
+              specialArgs = { inherit inputs unstable profile-path hardware-configuration; };
+            in
+            nixpkgs.lib.nixosSystem {
+              system = "x86_64-linux";
+              modules = [
+                ./system
+                {
+                  home-manager.extraSpecialArgs = specialArgs;
+                  home-manager.users.tigor = import ./home/tigor;
+                }
+              ] ++ commonModules;
+              specialArgs = specialArgs;
+            };
         };
     };
 }

hardware-configuration/homeserver.nix

@@ -0,0 +1,2 @@
+{ ... }:
+{ }

home/modules/hyprland/hyprland.nix

@@ -21,6 +21,8 @@ in
   config = lib.mkIf cfg.enable {
     home.packages = [
       inputs.hyprland-contrib.packages.${pkgs.system}.grimblast
+      pkgs.wl-clipboard
+      pkgs.kcalc
     ];
     sops.secrets."gnome-keyring/${config.home.username}" = { };
     wayland.windowManager.hyprland = {
@@ -223,7 +225,6 @@ in
         exec-once=pasystray
         exec-once=pypr
         exec-once=dunst
-        exec-once=fcitx5 -d
 
         source=${config.home.homeDirectory}/.cache/wallust/hyprland.conf
         exec-once=sleep 0.2 && swww img ${config.home.homeDirectory}/.cache/wallpaper/current

home/tigor/config/ideavim/default.nix

@@ -1,5 +1,11 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.ideavim;
+in
 {
+  config = lib.mkIf cfg.enable {
     home.file.".ideavimrc" = {
       source = ./.ideavimrc;
     };
+  };
 }

home/tigor/config/kitty/default.nix

@@ -1,10 +1,14 @@
-{ ... }:
+{ config, lib, ... }:
-
+let
+  cfg = config.profile.kitty;
+in
 {
+  config = lib.mkIf cfg.enable {
     programs.kitty.enable = true;
 
     home.file.".config/kitty" = {
       source = ./.;
       recursive = true;
     };
+  };
 }

home/tigor/config/wezterm/default.nix

@@ -1,6 +1,9 @@
-{ ... }:
+{ config, lib, ... }:
-
+let
+  cfg = config.profile.wezterm;
+in
 {
+  config = lib.mkIf cfg.enable {
     programs.wezterm = {
       enable = true;
       enableZshIntegration = true;
@@ -11,4 +14,5 @@
       source = ./.;
       recursive = true;
     };
+  };
 }

home/tigor/default.nix

@@ -1,4 +1,8 @@
-{ pkgs, profile-path, ... }:
+{ config, profile-path, ... }:
+let
+  user = config.profile.user;
+  stateVersion = config.profile.system.stateVersion;
+in
 {
   imports = [
     profile-path
@@ -15,15 +19,14 @@
   ];
 
   home = {
-    username = "tigor";
+    username = user.name;
-    homeDirectory = "/home/tigor";
+    homeDirectory = "/home/${user.name}";
-    stateVersion = "23.11";
+    stateVersion = stateVersion;
   };
-
+  programs.home-manager.enable = true;
-
   systemd.user.sessionVariables = {
-    XDG_CONFIG_HOME = "/home/tigor/.config";
+    XDG_CONFIG_HOME = "/home/${user.name}/.config";
   };
 
-  services.mpris-proxy.enable = true;
+  services.mpris-proxy.enable = config.profile.mpris-proxy.enable;
 }

home/tigor/programs/autostart.nix

@@ -1,17 +0,0 @@
-{ pkgs, ... }:
-{
-  home.packages = with pkgs; [
-    variety
-    bitwarden
-  ];
-
-  home.file = {
-    ".config/autostart/variety.desktop" = {
-      source = "${pkgs.variety}/share/applications/variety.desktop";
-    };
-
-    ".config/autostart/bitwarden.desktop" = {
-      source = "${pkgs.bitwarden}/share/applications/bitwarden.desktop";
-    };
-  };
-}

home/tigor/programs/bitwarden.nix

@@ -0,0 +1,19 @@
+{ pkgs, config, lib, ... }:
+let
+  cfg = config.profile.bitwarden;
+in
+{
+  config = lib.mkIf cfg.enable {
+    home.packages = with pkgs; [
+      bitwarden
+    ];
+
+
+
+    home.file = {
+      ".config/autostart/bitwarden.desktop" = lib.mkIf cfg.autostart {
+        source = "${pkgs.bitwarden}/share/applications/bitwarden.desktop";
+      };
+    };
+  };
+}

home/tigor/programs/chromium.nix

@@ -0,0 +1,24 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.chromium;
+in
+{
+  config = lib.mkIf cfg.enable {
+    programs.chromium = {
+      enable = true;
+      extensions = [
+        { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin
+        { id = "jinjaccalgkegednnccohejagnlnfdag"; } # violent monkey
+        { id = "nngceckbapebfimnlniiiahkandclblb"; } # bitwarden
+        { id = "mnjggcdmjocbbbhaepdhchncahnbgone"; } # sponsor block
+        { id = "pkehgijcmpdhfbdbbnkijodmdjhbjlgp"; } # privacy badger
+        { id = "fhcgjolkccmbidfldomjliifgaodjagh"; } # cookie auto delete
+        { id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
+      ];
+      commandLineArgs = [
+        "--enable-features=UseOzonePlatform"
+        "--ozone-platform=wayland"
+      ];
+    };
+  };
+}

home/tigor/programs/dbeaver.nix

@@ -0,0 +1,9 @@
+{ config, lib, unstable, ... }:
+let
+  cfg = config.profile.dbeaver;
+in
+{
+  config = lib.mkIf cfg.enable {
+    home.packages = [ unstable.dbeaver-bin ];
+  };
+}

home/tigor/programs/default.nix

@@ -1,22 +1,27 @@
 { pkgs, unstable, ... }:
 {
   imports = [
-    ./autostart.nix
+    ./bitwarden.nix
+    ./chromium.nix
+    ./discord.nix
     ./git.nix
+    ./github.nix
+    ./go.nix
     ./mpv.nix
+    ./neovide.nix
+    ./nnn.nix
     ./node.nix
+    ./slack.nix
+    ./spotify.nix
     ./starship.nix
     ./tofi.nix
+    ./variety.nix
     ./vscode.nix
-    ./zsh.nix
-    ./discord.nix
-    ./neovide.nix
-    ./slack.nix
     ./whatsapp.nix
+    ./zsh.nix
+    ./dbeaver.nix
   ];
 
-  programs.home-manager.enable = true;
-
   programs.fzf = {
     enable = true;
     enableZshIntegration = true;
@@ -29,76 +34,11 @@
     enableZshIntegration = true;
   };
   programs.ripgrep.enable = true;
-
-  programs.go = {
-    enable = true;
-    goPrivate = [
-      "gitlab.bareksa.com"
-    ];
-    package = unstable.go_1_22;
-  };
-
-  programs.chromium = {
-    enable = true;
-    extensions = [
-      { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin
-      { id = "jinjaccalgkegednnccohejagnlnfdag"; } # violent monkey
-      { id = "nngceckbapebfimnlniiiahkandclblb"; } # bitwarden
-      { id = "mnjggcdmjocbbbhaepdhchncahnbgone"; } # sponsor block
-      { id = "pkehgijcmpdhfbdbbnkijodmdjhbjlgp"; } # privacy badger
-      { id = "fhcgjolkccmbidfldomjliifgaodjagh"; } # cookie auto delete
-      { id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
-    ];
-    commandLineArgs = [
-      "--enable-features=UseOzonePlatform"
-      "--ozone-platform=wayland"
-    ];
-  };
-
-  programs.nnn = {
-    enable = true;
-  };
-
   programs.htop.enable = true;
 
-  programs.mpv.enable = true;
-
   home.packages = with pkgs; [
-    unstable.gh # github cli
-    wget
-    curl
-    openssl
-    zig
-    unzip
-    libcap
-    gcc
-    cargo
-    nixpkgs-fmt
-    fd
-    wl-clipboard
-    unstable.dbeaver-bin
     unstable.jellyfin-media-player
-    stylua
-    luarocks
-    du-dust
-    just
-    modd
-    lefthook
-    spotify
-    # seafile-client
-    lsof
-    # scrcpy
-    masterpdfeditor4
-    watchexec
-    kcalc
-    pdfarranger
     unstable.microsoft-edge
-    # (floorp.override {
-    #   nativeMessagingHosts = with pkgs; [
-    #     plasma5Packages.plasma-browser-integration
-    #   ];
-    # })
     nextcloud-client
-    # qownnotes
   ];
 }

home/tigor/programs/github.nix

@@ -0,0 +1,9 @@
+{ config, lib, unstable, ... }:
+let
+  cfg = config.profile.gh;
+in
+{
+  config = lib.mkIf cfg.enable {
+    home.packages = [ unstable.gh ];
+  };
+}

home/tigor/programs/go.nix

@@ -0,0 +1,15 @@
+{ config, lib, unstable, ... }:
+let
+  cfg = config.profile.go;
+in
+{
+  config = lib.mkIf cfg.enable {
+    programs.go = {
+      enable = true;
+      goPrivate = [
+        "gitlab.bareksa.com"
+      ];
+      package = unstable.go_1_22;
+    };
+  };
+}

home/tigor/programs/jellyfin.nix

@@ -0,0 +1,11 @@
+{ config, lib, unstable, ... }:
+let
+  cfg = config.profile.jellyfin;
+in
+{
+  config = lib.mkIf cfg.enable {
+    home.packages = lib.mkIf cfg.client.enable [
+      unstable.jellyfin-media-player
+    ];
+  };
+}

home/tigor/programs/mpv.nix

@@ -1,6 +1,9 @@
-{ pkgs, ... }:
+{ config, lib, pkgs, ... }:
-
+let
+  cfg = config.profile.mpv;
+in
 {
+  config = lib.mkIf cfg.enable {
     programs.mpv = {
       enable = true;
       scripts = with pkgs.mpvScripts; [
@@ -10,4 +13,5 @@
         sponsorblock
       ];
     };
+  };
 }

home/tigor/programs/nnn.nix

@@ -0,0 +1,9 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.nnn;
+in
+{
+  config = lib.mkIf cfg.enable {
+    programs.nnn.enable = true;
+  };
+}

home/tigor/programs/spotify.nix

@@ -0,0 +1,11 @@
+{ pkgs, config, lib, ... }:
+let
+  cfg = config.profile.spotify;
+in
+{
+  config = lib.mkIf cfg.enable {
+    home.packages = with pkgs; [
+      spotify
+    ];
+  };
+}

home/tigor/programs/variety.nix

@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.profile.variety;
+in
+{
+  config = lib.mkIf cfg.enable {
+    home.packages = [ pkgs.variety ];
+
+    home.file.".config/autostart.variety.desktop" = lib.mkIf cfg.autostart {
+      source = "${pkgs.variety}/share/applications/variety.desktop";
+    };
+  };
+
+}

home/tigor/programs/vscode.nix

@@ -1,6 +1,9 @@
-{ unstable, ... }:
+{ config, lib, unstable, ... }:
-
+let
+  cfg = config.profile.vscode;
+in
 {
+  config = lib.mkIf cfg.enable {
     programs.vscode = {
       enable = true;
       package = unstable.vscode;
@@ -11,4 +14,5 @@
         catppuccin.catppuccin-vsc
       ];
     };
+  };
 }

home/tigor/programs/zsh.nix

@@ -45,6 +45,10 @@
           (cat "$_ZSH_COLOR_SCHEME_FILE" &)
       fi
     '';
+    initExtra = ''
+      bindkey              '^I'         menu-complete
+      bindkey "$terminfo[kcbt]" reverse-menu-complete
+    '';
     antidote = {
       enable = true;
       plugins = [

options/default.nix

@@ -3,12 +3,41 @@
   imports = [
     ./programs.nix
     ./hyprland.nix
+    ./podman.nix
   ];
   options.profile = {
+
+    #### Required Options ####
+
     hostname = lib.mkOption {
       type = lib.types.str;
     };
 
+    user = {
+      name = lib.mkOption {
+        type = lib.types.str;
+      };
+      fullName = lib.mkOption {
+        type = lib.types.str;
+      };
+
+      getty.autoLogin = lib.mkEnableOption "auto-login to getty";
+    };
+
+    system.stateVersion = lib.mkOption {
+      type = lib.types.str;
+    };
+
+    #### Optionals ####
+
+    grub.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
+    audio.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
     android.enable = lib.mkEnableOption "android";
     avahi.enable = lib.mkEnableOption "avahi";
     bluetooth.enable = lib.mkEnableOption "bluetooth";
@@ -47,9 +76,7 @@
     };
 
     keyboard.language.japanese = lib.mkEnableOption "Japanese keyboard input";
-
-    firefox.enable = lib.mkEnableOption "firefox";
-
     brightnessctl.enable = lib.mkEnableOption "brightnessctl";
+    openssh.enable = lib.mkEnableOption "openssh";
   };
 }

options/podman.nix

@@ -0,0 +1,6 @@
+{ lib, ... }:
+{
+  options.profile.podman = {
+    enable = lib.mkEnableOption "podman";
+  };
+}

options/programs.nix

@@ -31,5 +31,41 @@
     syncthing.enable = lib.mkEnableOption "syncthing";
 
     obs.enable = lib.mkEnableOption "obs";
+
+    wezterm.enable = lib.mkEnableOption "wezterm";
+    neovide.enable = lib.mkEnableOption "neovide";
+    ideavim.enable = lib.mkEnableOption "ideavim";
+    kitty.enable = lib.mkEnableOption "kitty";
+
+    mpris-proxy.enable = lib.mkEnableOption "mpris-proxy";
+
+    variety = {
+      enable = lib.mkEnableOption "variety";
+      autostart = lib.mkEnableOption "variety autostart";
+    };
+
+
+    bitwarden = {
+      enable = lib.mkEnableOption "bitwarden";
+      autostart = lib.mkEnableOption "bitwarden autostart";
+    };
+
+    go.enable = lib.mkEnableOption "go";
+    chromium.enable = lib.mkEnableOption "chromium";
+    nnn.enable = lib.mkEnableOption "nnn";
+    mpv.enable = lib.mkEnableOption "mpv";
+
+    gh.enable = lib.mkEnableOption "gh"; # GitHub CLI
+    spotify = {
+      enable = lib.mkEnableOption "spotify";
+      autostart = lib.mkEnableOption "spotify autostart";
+    };
+    firefox.enable = lib.mkEnableOption "firefox";
+    vscode.enable = lib.mkEnableOption "vscode";
+
+    # This is client jellyfin option only.
+    # For server option, see podman.nix.
+    jellyfin.enable = lib.mkEnableOption "jellyfin";
+    dbeaver.enable = lib.mkEnableOption "dbeaver";
   };
 }

profiles/castle.nix

@@ -10,6 +10,10 @@ in
 
   profile = {
     hostname = "castle";
+    user = {
+      name = "tigor";
+      fullName = "Tigor Hutasuhut";
+    };
 
     hyprland = {
       enable = true;
@@ -55,5 +59,19 @@ in
     security.sudo.wheelNeedsPassword = false;
 
     keyboard.language.japanese = true;
+
+    system.stateVersion = "23.11";
+
+    mpris-proxy.enable = true;
+    kitty.enable = true;
+    neovide.enable = true;
+    spotify.enable = true;
+    vscode.enable = true;
+    jellyfin.enable = true;
+    mpv.enable = true;
+    go.enable = true;
+    chromium.enable = true;
+    bitwarden.enable = true;
+    dbeaver.enable = true;
   };
 }

profiles/fort.nix

@@ -6,6 +6,12 @@
 
   profile = {
     hostname = "fort";
+    user = {
+      name = "tigor";
+      fullName = "Tigor Hutasuhut";
+    };
+    system.stateVersion = "23.11";
+
     hyprland = {
       enable = true;
       settings = {
@@ -41,5 +47,6 @@
 
     brightnessctl.enable = true;
     keyboard.language.japanese = true;
+
   };
 }

profiles/homeserver.nix

@@ -0,0 +1,25 @@
+{ ... }:
+{
+  imports = [
+    ../options
+  ];
+
+  profile = {
+    hostname = "homeserver";
+    user = {
+      name = "homeserver";
+      fullName = "Homeserver";
+    };
+    system.stateVersion = "24.05";
+
+    grub.enable = false;
+    # There is no GUI on the server. No need for audio.
+    audio.enable = false;
+    security.sudo.wheelNeedsPassword = false;
+
+    podman = {
+      enable = true;
+    };
+    openssh.enable = true;
+  };
+}

system/default.nix

@@ -9,17 +9,7 @@
     ./keyboard.nix
   ];
 
-  security.sudo =
+  security.sudo.wheelNeedsPassword = config.profile.security.sudo.wheelNeedsPassword;
-    let
-      cfg = config.profile.security.sudo;
-    in
-    {
-      wheelNeedsPassword = cfg.wheelNeedsPassword;
-      extraConfig = ''
-        Defaults timestamp_timeout=30
-        Defaults timestamp_type=global
-      '';
-    };
   networking.hostName = config.profile.hostname;
 
 
@@ -59,7 +49,7 @@
     mandoc.enable = true;
   };
 
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = config.profile.system.stateVersion;
 
   systemd.services.decrypt-sops = {
     wantedBy = [ "multi-user.target" ];

system/modules/audio.nix

@@ -1,7 +1,9 @@
-{ ... }:
+{ config, lib, ... }:
+let
+  cfg = config.profile.audio;
+in
 {
-  # Enable sound with pipewire.
+  config = lib.mkIf cfg.enable {
-  # sound.enable = true;
     hardware.pulseaudio.enable = false;
     security.rtkit.enable = true;
     services.pipewire = {
@@ -9,11 +11,6 @@
       alsa.enable = true;
       alsa.support32Bit = true;
       pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
+    };
-    #jack.enable = true;
-
-    # use the example session manager (no others are packaged yet so this is enabled by default,
-    # no need to redefine it in your config for now)
-    #media-session.enable = true;
   };
 }

system/modules/boot_loader.nix

@@ -1,6 +1,10 @@
-{ ... }:
+{ config, lib, ... }:
-{
+let
-  boot.loader = {
+  grub = config.profile.grub;
+in
+lib.mkMerge [
+  {
+    boot.loader = lib.mkIf grub.enable {
       efi = {
         efiSysMountPoint = "/boot";
         canTouchEfiVariables = true;
@@ -12,4 +16,13 @@
         device = "nodev"; # used nodev because of efi support
       };
     };
-}
+  }
+  {
+    boot.loader = lib.mkIf (!grub.enable) {
+      systemd-boot.enable = true;
+      efi = {
+        canTouchEfiVariables = true;
+      };
+    };
+  }
+]

system/modules/openssh.nix

@@ -0,0 +1,17 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.openssh;
+in
+{
+  config = lib.mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        UseDns = true;
+        X11Forwarding = false;
+        PermitRootLogin = "no";
+      };
+    };
+  };
+}

system/modules/podman.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.profile.podman;
+in
+{
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      dive # look into docker image layers
+      podman-tui # status of containers in the terminal
+      podman-compose # start group of containers for dev
+    ];
+
+    virtualisation.podman = {
+      enable = true;
+      dockerSocket.enable = true;
+      autoPrune.enable = true; # Default weekly
+      dockerCompat = true;
+    };
+  };
+}

system/modules/sops.nix

@@ -12,13 +12,5 @@ in
     defaultSopsFile = ../../secrets/secrets.yaml;
     defaultSopsFormat = "yaml";
     age.keyFile = "/home/${owner}/.config/sops/age/keys.txt";
-
-    secrets = {
-      "smb/secrets" = { inherit owner; };
-      "docker/config" = {
-        inherit owner;
-        path = "/home/${owner}/.docker/config.json";
-      };
-    };
   };
 }

system/programs.nix

@@ -19,6 +19,12 @@
     gnumake
     sqlite
     nurl
+    lsof
+    unzip
+    openssl
+    libcap
+    fd
+    du-dust
   ];
 
   environment.sessionVariables = {

system/user.nix

@@ -1,13 +1,13 @@
-{ pkgs, ... }:
+{ pkgs, config, lib, ... }:
 let
-  user = "tigor";
+  user = config.profile.user.name;
-  fullName = "Tigor Hutasuhut";
+  fullName = config.profile.user.fullName;
 in
 {
   users.users.${user} = {
     isNormalUser = true;
     description = fullName;
-    extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "scanner" "lp" ];
+    extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "scanner" "lp" "podman" ];
     shell = pkgs.zsh;
   };
 
@@ -18,4 +18,5 @@ in
   };
 
   nix.settings.trusted-users = [ user ];
+  services.getty.autologinUser = lib.mkIf config.profile.user.getty.autoLogin user;
 }