m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: m3tam3re/nixos-config:__dolt_remote_info__
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua
..
compare: m3tam3re/nixos-config:a5401669102a4b534ee81780a86f24845fef5bab
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua

95 Commits
__dolt_remote_info__ .. a540166910

Author SHA1 Message Date
m3tam3re a540166910 merge with m3-ares 2025-03-28 09:46:28 +01:00
m3tam3re 7788a8a98b OVMF lock 2025-03-28 09:42:32 +01:00
m3tam3re aa8636c80d temp fix for autocpu-freq not building 2025-03-28 09:38:15 +01:00
m3tam3re 6011c940ac OVMF pinned 2025-03-27 15:17:51 +01:00
m3tam3re c32a94b82c Hyprland config change due to 0.48 update 2025-03-27 09:29:24 +01:00
m3tam3re 0e6ea2bacb n8n override fix 2025-03-26 12:24:36 +01:00
m3tam3re 8a2b5438af +vivaldi flake update 2025-03-26 11:54:49 +01:00
m3tam3re 81ee763318 flatpak fix attempt 2025-03-26 06:12:35 +01:00
m3tam3re 1c0b67c2a0 Update flake.lock 2025-03-24 13:05:41 +01:00
m3tam3re 42aa44a56b obs-browser 2025-03-24 13:05:28 +01:00
m3tam3re 466cbaf048 n8n-env, obs-plugins 2025-03-18 11:56:09 +01:00
m3tam3re b47e20afad flake update / brave fix 2025-03-18 09:32:28 +01:00
m3tam3re e93bdf20a3 restreamer setup 2025-03-15 14:23:47 +01:00
m3tam3re 779473317d +matomo 2025-03-14 17:32:08 +01:00
m3tam3re 39782b6eb9 flake update 2025-03-14 10:52:22 +01:00
m3tam3re 960ea9503d flake update 2025-03-13 11:30:48 +01:00
m3tam3re df41024693 playbook ssh config 2025-03-12 14:20:44 +01:00
m3tam3re 73fd3ef108 flake update 2025-03-10 09:37:17 +01:00
m3tam3re 221ffed715 let's try warp 2025-03-05 09:23:39 +01:00
m3tam3re 3637aee724 +warp-terminal 2025-03-04 23:27:10 +01:00
m3tam3re c0e8cfd773 msty fix licensing 2025-03-04 14:54:59 +01:00
m3tam3re ede0af92cd fix msty license persistence 2025-03-04 06:14:49 +01:00
m3tam3re f812a1de83 secrets update 2025-03-03 10:16:17 +01:00
m3tam3re eb84e24369 +MSTY 2025-03-02 16:14:43 +01:00
m3tam3re d51894816c pin to fix anytype error 2025-03-01 15:43:00 +01:00
m3tam3re c7fb70c88d neofetch to fastfetch 2025-03-01 15:01:19 +01:00
m3tam3re 2db7d8c1fd +slash 2025-02-28 15:56:53 +01:00
m3tam3re ce168609ca flake update 2025-02-28 09:55:27 +01:00
m3tam3re 842b01b647 n8n-env-fix 2025-02-24 14:57:19 +01:00
m3tam3re fa734b5c85 ghost-env-fix 2025-02-24 14:51:43 +01:00
m3tam3re a4d8d6890c +crypto 2025-02-24 09:48:13 +01:00
m3tam3re 262902c018 n8n@m3-atlas 2025-02-23 19:07:14 +01:00
m3tam3re 2ffd84eb4e ssh_config 2025-02-22 11:03:03 +01:00
m3tam3re 39e1187948 headscale + tailscale 2025-02-21 14:07:29 +01:00
m3tam3re 74d4940e27 traffic dns fix 2025-02-20 15:47:16 +01:00
m3tam3re 25b1fa76d7 flake update 2025-02-18 19:39:32 +01:00
m3tam3re b281290bef flake update 2025-02-18 19:37:50 +01:00
m3tam3re e02d76f981 +NFS 2025-02-17 06:44:42 +01:00
m3tam3re 9bcb33e58a @zed config changes 2025-02-17 06:36:50 +01:00
m3tam3re 994f7f6f74 NFS @m3-kratos 2025-02-15 14:08:39 +01:00
m3tam3re e98e224af9 merge 2025-02-14 13:53:28 +01:00
m3tam3re b2e01747e5 flake update 2025-02-14 13:44:29 +01:00
m3tam3re 75ae18b73e @n8n updatr to 1.78 2025-02-14 09:32:40 +01:00
m3tam3re 4a48ee92cb @hyprland +uwsm 2025-02-12 18:10:26 +01:00
m3tam3re e0dda1eb0a @hyprland +uwsm 2025-02-12 11:12:32 +01:00
m3tam3re bd97658bd2 steam stuff @m3-ares 2025-02-06 06:44:21 +01:00
m3tam3re 8785824cde +some python stuff 2025-02-05 13:17:58 +01:00
m3tam3re f5ca531962 +s3 @m3-atlas 2025-02-03 18:37:07 +01:00
m3tam3re 446be80ef1 +nfs mount @m3-atlas 2025-02-03 17:54:53 +01:00
m3tam3re 28ab56d302 n8n@1.77 / pnpm_9 2025-02-03 08:25:49 +01:00
m3tam3re 190fb2d6d1 flake update 2025-02-02 15:41:21 +01:00
m3tam3re e4b87c6908 rocblas workaround 2025-01-28 09:57:26 +01:00
m3tam3re 65a69df52b flake update, -n8n @m3-ares 2025-01-28 09:09:17 +01:00
m3tam3re e75166e5fc +onsomnia 2025-01-26 12:32:28 +01:00
m3tam3re c18b2d1f94 -spotify 2025-01-25 13:16:10 +01:00
m3tam3re a39436da6f m3-ares: fix early boot lvm warning 2025-01-24 14:58:44 +01:00
m3tam3re 05c614d3b1 +ollama AMD fix, ... rollback 2025-01-24 14:54:19 +01:00
m3tam3re b3c4a9b3ba -ollama AMD fix, not needed anymore 2025-01-21 10:04:14 +01:00
m3tam3re 4c0c2181ef postgres initialScript redundancy removed 2025-01-20 11:36:17 +01:00
m3tam3re 6606d63a20 postgres settings m3-kratos 2025-01-16 15:19:29 +01:00
m3tam3re 38187bc92c +m3-atlas 2025-01-15 18:19:03 +01:00
m3tam3re 4f39502228 secrets rekey 2025-01-15 09:45:56 +01:00
m3tam3re 5e128fb2bc gamecope fix m3-ares 2025-01-13 09:13:01 +01:00
m3tam3re 85515be4f0 gamecope fix m3-ares 2025-01-11 06:38:42 +01:00
m3tam3re a9453ed3a0 flake update 2025-01-09 10:04:13 +01:00
m3tam3re 61588df0b3 +gamescope 2025-01-08 14:35:09 +01:00
m3tam3re e94c5d4df8 gamecope m3-ares 2025-01-08 08:58:29 +01:00
m3tam3re 5c2ba374f9 -tuxedo drivers 2024-12-16 11:28:41 +01:00
m3tam3re 0d7efd1c33 +gamescope 2024-12-16 09:16:54 +01:00
m3tam3re 157fc4d38c +upower for m3-ares 2024-12-10 10:23:05 +01:00
m3tam3re 4c9988a7af + libgtop 2024-12-10 09:50:56 +01:00
m3tam3re 24a7fa1313 -Hyprpanel overlay 2024-12-06 11:48:19 +01:00
m3tam3re 2b6fc478ff +2505 flake update 2024-12-06 11:13:40 +01:00
m3tam3re 4789069624 +hyprcursor 2024-12-06 10:16:17 +01:00
m3tam3re 2f970debdd merge m3-ares 2024-12-06 10:14:48 +01:00
m3tam3re 12a3620712 +m3-ares 2024-12-06 07:16:50 +01:00
m3tam3re 6ff2466245 -llm-plugins 2024-11-27 11:45:16 +01:00
m3tam3re 50332e55e8 ollama rocm gpu fix 2024-11-25 14:59:34 +01:00
m3tam3re 1251081494 +tailwindcss 2024-11-22 08:54:24 +01:00
m3tam3re e16566bf09 +git alias logd 2024-11-21 13:59:31 +01:00
m3tam3re ccca2ab4ff +difftastic 2024-11-21 12:50:31 +01:00
m3tam3re 0007b10a71 +homarr config fix 2024-11-20 12:37:05 +01:00
m3tam3re 0fde93d646 +homarr 2024-11-19 18:59:45 +01:00
m3tam3re 936b6b5c9b adguard dns rewrites 2024-11-18 11:58:22 +01:00
m3tam3re 657df4e92b traefik config 2024-11-18 10:29:41 +01:00
m3tam3re 1864141a1b *basic traefik 2024-11-17 18:29:52 +01:00
m3tam3re 79df3dd5c7 +m3-helios 2024-11-16 19:58:59 +01:00
m3tam3re 431188a943 +podman socker 2024-11-14 15:13:14 +01:00
m3tam3re 0ebf64e7ee +qdrant +wireguard 2024-11-14 12:17:43 +01:00
m3tam3re ff3d1735c0 +postgres n8n@1.66.0 2024-11-13 10:51:59 +01:00
m3tam3re 8912665aa6 +aider-chat-env 2024-11-11 10:46:17 +01:00
m3tam3re 2c6c92140f pinned nixos commit change 2024-11-08 19:02:50 +01:00
m3tam3re 74f93cb0e3 +hyprpanel 2024-11-07 13:35:17 +01:00
m3tam3re 6b24828482 0711 2024-11-07 10:50:13 +01:00
m3tam3re 5c0ad5d634 here we go 2024-10-20 00:30:58 +02:00
127 changed files with 5354 additions and 7 deletions
Expand all files Collapse all files
DOLT_REMOTE.md
-7
View File
@@ -1,7 +0,0 @@
This repository is being used as a Dolt remote.
ref=refs/dolt/data
head=b30121458bb0b75b61e483e49b5084835b3777d8
timestamp=2026-06-13T06:18:23Z
flake.lock
Generated
+437
View File
@@ -0,0 +1,437 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"ags": {
"inputs": {
"astal": "astal",
"nixpkgs": [
"hyprpanel",
"nixpkgs"
]
},
"locked": {
"lastModified": 1736090999,
"narHash": "sha256-B5CJuHqfJrzPa7tObK0H9669/EClSHpa/P7B9EuvElU=",
"owner": "aylur",
"repo": "ags",
"rev": "5527c3c07d92c11e04e7fd99d58429493dba7e3c",
"type": "github"
},
"original": {
"owner": "aylur",
"repo": "ags",
"type": "github"
}
},
"astal": {
"inputs": {
"nixpkgs": [
"hyprpanel",
"ags",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735172721,
"narHash": "sha256-rtEAwGsHSppnkR3Qg3eRJ6Xh/F84IY9CrBBLzYabalY=",
"owner": "aylur",
"repo": "astal",
"rev": "6c84b64efc736e039a8a10774a4a1bf772c37aa2",
"type": "github"
},
"original": {
"owner": "aylur",
"repo": "astal",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1741786315,
"narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
"owner": "nix-community",
"repo": "disko",
"rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"dotfiles": {
"flake": false,
"locked": {
"lastModified": 1728910889,
"narHash": "sha256-B/fb+7SKVxK9j851SgR4Nljd6EtE1DzqwLh6yOvkQOY=",
"ref": "refs/heads/master",
"rev": "360c75b2cbce800ebaf9445266e2fe345bf582bf",
"revCount": 53,
"type": "git",
"url": "https://code.m3tam3re.com/m3tam3re/dotfiles.git"
},
"original": {
"type": "git",
"url": "https://code.m3tam3re.com/m3tam3re/dotfiles.git"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1743082807,
"narHash": "sha256-qmrCYHVqE6j0TQApfxGx8aRYNdNsqtOrZuH09A+cjTU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "171915bfce41018528fda9960211e81946d999b7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"nixpkgs": [
"rose-pine-hyprcursor",
"nixpkgs"
],
"systems": "systems_2"
},
"locked": {
"lastModified": 1709914708,
"narHash": "sha256-bR4o3mynoTa1Wi4ZTjbnsZ6iqVcPGriXp56bZh5UFTk=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "a685493fdbeec01ca8ccdf1f3655c044a8ce2fe2",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprpanel": {
"inputs": {
"ags": "ags",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1742881618,
"narHash": "sha256-4C5Zzo4S9zD+4ZL7MKLE7FqJEMVkOTvfIV9uEBQ8fDY=",
"owner": "Jas-SinghFSU",
"repo": "HyprPanel",
"rev": "7b5c339e9363187e249fa2f6eadbb295b0e8c6ff",
"type": "github"
},
"original": {
"owner": "Jas-SinghFSU",
"repo": "HyprPanel",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2744d98": {
"locked": {
"lastModified": 1739661218,
"narHash": "sha256-hEGW0SKD0ORTEmoTuEEONxgENP5kMqe+NCtJug0U6R0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2744d988fa116fc6d46cdfa3d1c936d0abd7d121",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2744d988fa116fc6d46cdfa3d1c936d0abd7d121",
"type": "github"
}
},
"nixpkgs-locked": {
"locked": {
"lastModified": 1739661218,
"narHash": "sha256-hEGW0SKD0ORTEmoTuEEONxgENP5kMqe+NCtJug0U6R0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2744d988fa116fc6d46cdfa3d1c936d0abd7d121",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2744d988fa116fc6d46cdfa3d1c936d0abd7d121",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1743083181,
"narHash": "sha256-vAqnMEo26wJ0IM3LV+oheEuG3M8yBl3lC7Hwv7OGE0A=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ef65b42f08469c7f9fdab66b78ea5cd32ff0287c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1742937945,
"narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1736344531,
"narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1742889210,
"narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "698214a32beb4f4c8e3942372c694f40848b360d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1710272261,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"dotfiles": "dotfiles",
"home-manager": "home-manager_2",
"hyprpanel": "hyprpanel",
"nixpkgs": "nixpkgs_3",
"nixpkgs-2744d98": "nixpkgs-2744d98",
"nixpkgs-locked": "nixpkgs-locked",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-stable": "nixpkgs-stable",
"rose-pine-hyprcursor": "rose-pine-hyprcursor"
}
},
"rose-pine-hyprcursor": {
"inputs": {
"hyprlang": "hyprlang",
"nixpkgs": "nixpkgs_4",
"utils": "utils"
},
"locked": {
"lastModified": 1740132177,
"narHash": "sha256-gNc20APKMefFdH5RONBuHhOps14aiMdgIT0I6RaSN64=",
"owner": "ndom91",
"repo": "rose-pine-hyprcursor",
"rev": "568067f35a85932192bd43ddf64fc05eff850f9f",
"type": "github"
},
"original": {
"owner": "ndom91",
"repo": "rose-pine-hyprcursor",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}
flake.nix
+113
View File
@@ -0,0 +1,113 @@
{
description = ''
For questions just DM me on X: https://twitter.com/@m3tam3re
There is also some NIXOS content on my YT channel: https://www.youtube.com/@m3tam3re
One of the best ways to learn NIXOS is to read other peoples configurations. I have personally learned a lot from Gabriel Fontes configs:
https://github.com/Misterio77/nix-starter-configs
https://github.com/Misterio77/nix-config
Please also check out the starter configs mentioned above.
'';
inputs = {
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-2744d98.url = "github:nixos/nixpkgs/2744d988fa116fc6d46cdfa3d1c936d0abd7d121";
nixpkgs-locked.url = "github:nixos/nixpkgs/2744d988fa116fc6d46cdfa3d1c936d0abd7d121";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
agenix.url = "github:ryantm/agenix";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprpanel.url = "github:Jas-SinghFSU/HyprPanel";
rose-pine-hyprcursor.url = "github:ndom91/rose-pine-hyprcursor";
dotfiles = {
url = "git+https://code.m3tam3re.com/m3tam3re/dotfiles.git";
flake = false;
};
};
outputs = {
self,
agenix,
dotfiles,
home-manager,
nixpkgs,
...
} @ inputs: let
inherit (self) outputs;
systems = [
"aarch64-linux"
"i686-linux"
"x86_64-linux"
"aarch64-darwin"
"x86_64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
in {
packages =
forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = import ./overlays {inherit inputs outputs;};
homeManagerModules = import ./modules/home-manager;
nixosConfigurations = {
m3-ares = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
hostname = "m3-ares";
};
modules = [
./hosts/m3-ares
agenix.nixosModules.default
];
};
m3-atlas = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
system = "x86_64-linux";
modules = [
./hosts/m3-atlas
inputs.disko.nixosModules.disko
agenix.nixosModules.default
];
};
m3-kratos = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
hostname = "m3-kratos";
};
modules = [
./hosts/m3-kratos
agenix.nixosModules.default
];
};
m3-helios = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
system = "x86_64-linux";
modules = [
./hosts/m3-helios
inputs.disko.nixosModules.disko
agenix.nixosModules.default
];
};
};
homeConfigurations = {
"m3tam3re@m3-ares" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = {
inherit inputs outputs;
hostname = "m3-ares";
};
modules = [./home/m3tam3re/m3tam3re-ares.nix];
};
};
};
}
home/common/default.nix
+48
View File
@@ -0,0 +1,48 @@
{
lib,
outputs,
pkgs,
...
}: {
imports = [
(import
../../modules/home-manager/zellij-ps.nix)
]; #imports = builtins.attrValues outputs.homeManagerModules;
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.stable-packages
outputs.overlays.pinned-packages
outputs.overlays.locked-packages
outputs.overlays.master-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
# Workaround for https://github.com/nix-community/home-manager/issues/2942
allowUnfreePredicate = _: true;
};
};
nix = {
package = lib.mkDefault pkgs.nix;
settings = {
experimental-features = ["nix-command" "flakes"];
warn-dirty = false;
};
};
}
home/features/cli/default.nix
+89
View File
@@ -0,0 +1,89 @@
{pkgs, ...}: {
imports = [
./fish.nix
./fzf.nix
./fastfetch.nix
./secrets.nix
./starship.nix
./zellij.nix
];
programs.zoxide = {
enable = true;
enableFishIntegration = true;
};
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
withNodeJs = true;
withPython3 = true;
};
programs.bat = {enable = true;};
programs.direnv = {
enable = true;
nix-direnv.enable =
true;
};
programs.eza = {
enable = true;
enableFishIntegration = true;
enableBashIntegration = true;
extraOptions = ["-l" "--icons" "--git" "-a"];
};
programs.lf = {
enable = true;
settings = {
preview = true;
drawbox = true;
hidden = true;
icons = true;
theme = "Dracula";
previewer = "bat";
};
};
home.packages = with pkgs; [
agenix-cli
alejandra
bc
comma
coreutils
devenv
fabric-ai
fd
gcc
go
htop
httpie
jq
just
lazygit
llm
lf
nix-index
procs
progress
ripgrep
rocmPackages.rocm-smi
rocmPackages.rocminfo
rocmPackages.rocm-runtime
tldr
trash-cli
unimatrix
unzip
vulkan-tools
wttrbar
wireguard-tools
yazi
zellij-ps
zip
];
}
home/features/cli/fastfetch.nix
+15
View File
@@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.fastfetch;
in {
options.features.cli.fastfetch.enable = mkEnableOption "enable fastfetch";
config = mkIf cfg.enable {
home.packages = with pkgs; [fastfetch];
};
}
home/features/cli/fish.nix
+77
View File
@@ -0,0 +1,77 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.fish;
in {
options.features.cli.fish.enable = mkEnableOption "enable fish shell";
config = mkIf cfg.enable {
programs.fish = {
enable = true;
loginShellInit = ''
set -x NIX_PATH nixpkgs=channel:nixos-unstable
set -x NIX_LOG info
set -x WEBKIT_DISABLE_COMPOSITING_MODE 1
set -x TERMINAL kitty
set -x EDITOR nvim
set -x VISUAL zed
set -x XDG_DATA_HOME $HOME/.local/share
set -x FZF_CTRL_R_OPTS "
--preview='bat --color=always -n {}'
--preview-window up:3:hidden:wrap
--bind 'ctrl-/:toggle-preview'
--bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort'
--color header:bold
--header 'Press CTRL-Y to copy command into clipboard'"
set -x FZF_DEFAULT_COMMAND fd --type f --exclude .git --follow --hidden
set -x FZF_CTRL_T_COMMAND "$FZF_DEFAULT_COMMAND"
set -x FLAKE $HOME/p/nixos/nixos-config
source /run/agenix/${config.home.username}-secrets
if test (tty) = "/dev/tty1"
exec uwsm start -S -F /run/current-system/sw/bin/Hyprland
end
if test (tty) = "/dev/tty2"
exec gamescope -O HDMI-A-1 -W 1920 -H 1080 --adaptive-sync --hdr-enabled --rt --steam -- steam -pipewire-dmabuf -tenfoot
end
'';
shellAbbrs = {
".." = "cd ..";
"..." = "cd ../..";
b = "yazi";
ls = "eza";
l = "eza -l --icons --git -a";
lt = "eza --tree --level=2 --long --icons --git";
grep = "rg";
ps = "procs";
just = "just --unstable";
fs = "du -ah . | sort -hr | head -n 10";
n = "nix";
nd = "nix develop -c $SHELL";
ns = "nix shell";
nsn = "nix shell nixpkgs#";
nb = "nix build";
nbn = "nix build nixpkgs#";
nf = "nix flake";
nr = "sudo nixos-rebuild --flake .";
nrs = "sudo nixos-rebuild switch --flake .#(uname -n)";
snr = "sudo nixos-rebuild --flake .";
snrs = "sudo nixos-rebuild --flake . switch";
hm = "home-manager --flake .";
hms = "home-manager --flake . switch";
hmr = "cd ~/projects/nix-configurations; nix flake lock --update-input dotfiles; home-manager --flake .#(whoami)@(hostname) switch";
tsu = "sudo tailscale up";
tsd = "sudo tailscale down";
vi = "nvim";
vim = "nvim";
};
};
};
}
home/features/cli/fzf.nix
+37
View File
@@ -0,0 +1,37 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.fzf;
in {
options.features.cli.fzf.enable = mkEnableOption "enable fuzzy finder";
config = mkIf cfg.enable {
programs.fzf = {
enable = true;
enableFishIntegration = true;
colors = {
"fg" = "#f8f8f2";
"bg" = "#282a36";
"hl" = "#bd93f9";
"fg+" = "#f8f8f2";
"bg+" = "#44475a";
"hl+" = "#bd93f9";
"info" = "#ffb86c";
"prompt" = "#50fa7b";
"pointer" = "#ff79c6";
"marker" = "#ff79c6";
"spinner" = "#ffb86c";
"header" = "#6272a4";
};
defaultOptions = [
"--preview='bat --color=always -n {}'"
"--bind 'ctrl-/:toggle-preview'"
];
defaultCommand = "fd --type f --exclude .git --follow --hidden";
changeDirWidgetCommand = "fd --type d --exclude .git --follow --hidden";
};
};
}
home/features/cli/secrets.nix
+21
View File
@@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.secrets;
in {
options.features.cli.secrets.enable = mkEnableOption "enable secrets";
config = mkIf cfg.enable {
programs.password-store = {
enable = true;
package =
pkgs.pass-wayland.withExtensions
(exts: [exts.pass-otp exts.pass-import]);
};
home.packages = with pkgs; [pinentry];
};
}
home/features/cli/starship.nix
+17
View File
@@ -0,0 +1,17 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.starship;
in {
options.features.cli.starship.enable = mkEnableOption "enable starship prompt";
config = mkIf cfg.enable {
programs.starship = {
enable = true;
enableFishIntegration = true;
};
};
}
home/features/cli/zellij.nix
+16
View File
@@ -0,0 +1,16 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.zellij;
in {
options.features.cli.zellij.enable = mkEnableOption "enable tmux";
config = mkIf cfg.enable {
programs.zellij = {
enable = true;
};
};
}
home/features/coding/default.nix
+20
View File
@@ -0,0 +1,20 @@
{pkgs, ...}: {
home.packages = with pkgs; [
devpod
devpod-desktop
(python3.withPackages (ps:
with ps; [
pip
# Scientific packages
numba
numpy
openai-whisper
torch
srt
]))
nixd
alejandra
tailwindcss
tailwindcss-language-server
];
}
home/features/desktop/coding.nix
+94
View File
@@ -0,0 +1,94 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.office;
in {
options.features.desktop.coding.enable =
mkEnableOption "install coding related stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
bruno
insomnia
];
programs.zed-editor = {
enable = true;
userSettings = {
features = {
inline_prediction_provider = "zed";
inline_completion_provider = "zed";
copilot = false;
};
telemetry = {
metrics = false;
};
lsp = {
rust_analyzer = {
binary = {path_lookup = true;};
};
};
languages = {
Nix = {
language_servers = ["nixd"];
formatter = {
external = {
command = "alejandra";
arguments = ["-q" "-"];
};
};
};
Python = {
language_servers = ["pyright"];
formatter = {
external = {
command = "black";
arguments = ["-"];
};
};
};
};
assistant = {
version = "2";
default_model = {
provider = "zed.dev";
model = "claude-3-5-sonnet-latest";
};
};
language_models = {
anthropic = {
version = "1";
api_url = "https://api.anthropic.com";
};
openai = {
version = "1";
api_url = "https://api.openai.com/v1";
};
ollama = {
api_url = "http://localhost:11434";
};
};
ssh_connections = [
{
host = "152.53.85.162";
nickname = "m3-atlas";
args = ["-i" "~/.ssh/m3tam3re"];
}
];
auto_update = false;
format_on_save = "on";
vim_mode = true;
load_direnv = "shell_hook";
theme = "Dracula";
buffer_font_family = "FiraCode Nerd Font";
ui_font_size = 16;
buffer_font_size = 16;
show_edit_predictions = true;
};
};
};
}
home/features/desktop/crypto.nix
+15
View File
@@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.crypto;
in {
options.features.desktop.crypto.enable = mkEnableOption "Enable Crypto";
config = mkIf cfg.enable {
home.packages = with pkgs; [bisq2 monero-gui trezor-suite];
};
}
home/features/desktop/default.nix
+134
View File
@@ -0,0 +1,134 @@
{pkgs, ...}: {
imports = [
./coding.nix
./crypto.nix
./fonts.nix
./gaming.nix
./hyprland.nix
./media.nix
./office.nix
./rofi.nix
./theme.nix
./wayland.nix
./wofi.nix
];
xdg = {
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["okularApplication_pdf.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["okularApplication_pdf.desktop"];
"application/md" = ["nvim.desktop"];
"application/text" = ["nvim.desktop"];
"x-scheme-handler/http" = ["io.github.zen_browser.zen"];
"x-scheme-handler/https" = ["io.github.zen_browser.zen"];
};
};
userDirs = {
enable = true;
createDirectories = true;
};
};
home.sessionVariables = {
WEBKIT_DISABLE_COMPOSITING_MODE = "1";
NIXOS_OZONE_WL = "1";
TERMINAL = "kitty";
QT_QPA_PLATFORM = "wayland";
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_SESSION_TYPE = "wayland";
XDG_SESSION_DESKTOP = "Hyprland";
};
home.sessionPath = ["\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" "$HOME/.npm-global/bin"];
fonts.fontconfig.enable = true;
services.mako = {
enable = true;
backgroundColor = "#282a36";
textColor = "#80FFEA";
borderColor = "#9742b5";
width = 400;
height = 150;
padding = "10,20";
borderRadius = 8;
borderSize = 1;
margin = "20,20";
};
programs.kitty = {
enable = true;
shellIntegration = {
enableFishIntegration = true;
enableBashIntegration = true;
};
font = {name = "Fira Code";};
themeFile = "Dracula";
settings = {copy_on_select = "yes";};
};
home.pointerCursor = {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 20;
};
home.packages = with pkgs; [
appimage-run
anytype
# blueberry
brave
# brightnessctl
# clipman
distrobox
# eww
# firefox-devedition
file-roller
hyprpanel
seahorse
sushi
# glib
# google-chrome
# gsettings-desktop-schemas
# graphviz
# ksnip
msty
nwg-look
# pamixer
# pavucontrol
# libsForQt5.qtstyleplugins
# stable.nyxt
# pcmanfm
rose-pine-hyprcursor
# qt5ct
# qt6.qtwayland
#rustdesk
# socat
# unrar
# unzip
# usbutils
# v4l-utils
remmina
slack
telegram-desktop
vivaldi
vivaldi-ffmpeg-codecs
warp-terminal
# wl-clipboard
# wlogout
# wtype
# xdg-utils
# ydotool
# zip
];
}
home/features/desktop/fonts.nix
+24
View File
@@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.fonts;
in {
options.features.desktop.fonts.enable =
mkEnableOption "install additional fonts for desktop apps";
config = mkIf cfg.enable {
home.packages = with pkgs; [
fira-code
fira-code-symbols
nerd-fonts.fira-code
nerd-fonts.jetbrains-mono
font-manager
font-awesome_5
noto-fonts
];
};
}
home/features/desktop/gaming.nix
+21
View File
@@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.gaming;
in {
options.features.desktop.gaming.enable =
mkEnableOption "install gaming related stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
gamescope
goverlay
mangohud
protonup-ng
];
};
}
home/features/desktop/hyprland.nix
+179
View File
@@ -0,0 +1,179 @@
{
wayland.windowManager.hyprland = {
settings = {
xwayland = {
force_zero_scaling = true;
};
exec-once = [
"hyprpanel"
"hyprpaper"
"hypridle"
"wl-paste -p -t text --watch clipman store -P --histpath=\"~/.local/share/clipman-primary.json\""
];
env = [
"XCURSOR_SIZE,32"
"HYPRCURSOR_THEME,Bibata-Modern-Ice"
"WLR_NO_HARDWARE_CURSORS,1"
"GTK_THEME,Dracula"
];
input = {
kb_layout = "de,us";
kb_variant = "";
kb_model = "";
kb_rules = "";
kb_options = "ctrl:nocaps";
follow_mouse = 1;
};
general = {
gaps_in = 5;
gaps_out = 5;
border_size = 1;
"col.active_border" = "rgba(9742b5ee) rgba(9742b5ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
layout = "dwindle";
};
decoration = {
shadow = {
enabled = true;
range = 60;
render_power = 3;
color = "rgba(1E202966)";
offset = "1 2";
scale = 0.97;
};
rounding = 8;
blur = {
enabled = true;
size = 3;
passes = 3;
};
active_opacity = 0.9;
inactive_opacity = 0.5;
};
animations = {
enabled = true;
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
dwindle = {
pseudotile = true;
preserve_split = true;
};
master = {
new_status = "master";
};
gestures = {
workspace_swipe = false;
};
device = [
{
name = "epic-mouse-v1";
sensitivity = -0.5;
}
{
name = "zsa-technology-labs-moonlander-mark-i";
kb_layout = "us";
}
{
name = "keychron-keychron-k7";
kb_layout = "us";
}
];
windowrule = [
"float, class:file_progress"
"float, class:confirm"
"float, class:dialog"
"float, class:download"
"float, class:notification"
"float, class:error"
"float, class:splash"
"float, class:confirmreset"
"float, title:Open File"
"float, title:branchdialog"
"float, class:pavucontrol-qt"
"float, class:pavucontrol"
"fullscreen, class:wlogout"
"float, title:wlogout"
"fullscreen, title:wlogout"
"float, class:mpv"
"idleinhibit focus, class:mpv"
"opacity 1.0 override, class:mpv"
"float, title:^(Media viewer)$"
"float, title:^(Volume Control)$"
"float, title:^(Picture-in-Picture)$"
];
"$mainMod" = "SUPER";
bind = [
"$mainMod, return, exec, kitty -e zellij-ps"
# "$mainMod, t, exec, warp-terminal"
"$mainMod, t, exec, kitty -e fish -c 'fastfetch; exec fish'"
"$mainMod SHIFT, e, exec, kitty -e zellij_nvim"
"$mainMod, o, exec, hyprctl setprop activewindow opaque toggle"
"$mainMod, b, exec, thunar"
"$mainMod SHIFT, B, exec, vivaldi"
"$mainMod, Escape, exec, wlogout -p layer-shell"
"$mainMod, Space, togglefloating"
"$mainMod, q, killactive"
"$mainMod, M, exit"
"$mainMod, F, fullscreen"
"$mainMod, V, togglefloating"
"$mainMod, D, exec, rofi -show"
"$mainMod SHIFT, S, exec, bemoji"
"$mainMod, P, exec, rofi-pass"
"$mainMod SHIFT, P, pseudo"
"$mainMod, J, togglesplit"
"$mainMod, h, movefocus, l"
"$mainMod, l, movefocus, r"
"$mainMod, k, movefocus, u"
"$mainMod, j, movefocus, d"
"$mainMod, 1, workspace, 1"
"$mainMod, 2, workspace, 2"
"$mainMod, 3, workspace, 3"
"$mainMod, 4, workspace, 4"
"$mainMod, 5, workspace, 5"
"$mainMod, 6, workspace, 6"
"$mainMod, 7, workspace, 7"
"$mainMod, 8, workspace, 8"
"$mainMod, 9, workspace, 9"
"$mainMod, 0, workspace, 10"
"$mainMod SHIFT, 1, movetoworkspace, 1"
"$mainMod SHIFT, 2, movetoworkspace, 2"
"$mainMod SHIFT, 3, movetoworkspace, 3"
"$mainMod SHIFT, 4, movetoworkspace, 4"
"$mainMod SHIFT, 5, movetoworkspace, 5"
"$mainMod SHIFT, 6, movetoworkspace, 6"
"$mainMod SHIFT, 7, movetoworkspace, 7"
"$mainMod SHIFT, 8, movetoworkspace, 8"
"$mainMod SHIFT, 9, movetoworkspace, 9"
"$mainMod SHIFT, 0, movetoworkspace, 10"
"$mainMod, mouse_down, workspace, e+1"
"$mainMod, mouse_up, workspace, e-1"
];
bindm = [
"$mainMod, mouse:272, movewindow"
"$mainMod, mouse:273, resizewindow"
];
};
};
}
home/features/desktop/media.nix
+68
View File
@@ -0,0 +1,68 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.media;
in {
options.features.desktop.media.enable =
mkEnableOption "enable media features";
config = mkIf cfg.enable {
home.packages = with pkgs; [
# handbrake
# kdePackages.kdenlive
# makemkv
# mediainfo
amf
blueberry
ffmpeg_6-full
gst_all_1.gstreamer
gst_all_1.gst-vaapi
handbrake
inkscape
kdePackages.kdenlive
krita
libation
makemkv
pamixer
pavucontrol
qpwgraph
v4l-utils
plexamp
webcord
# uxplay
# vlc
# webcord
# yt-dlp
unimatrix
];
programs = {
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-composite-blur
obs-vaapi
obs-vertical-canvas
obs-vkcapture
obs-webkitgtk
wlrobs
];
};
mpv = {
enable = true;
bindings = {
WHEEL_UP = "seek 10";
WHEEL_DOWN = "seek -10";
};
config = {
profile = "gpu-hq";
ytdl-format = "bestvideo+bestaudio";
};
};
};
};
}
home/features/desktop/office.nix
+18
View File
@@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.office;
in {
options.features.desktop.office.enable =
mkEnableOption "install office and paperwork stuff";
config = mkIf cfg.enable {
home.packages = with pkgs; [
libreoffice-fresh
];
};
}
home/features/desktop/rofi.nix
+38
View File
@@ -0,0 +1,38 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.features.desktop.rofi;
in {
options.features.desktop.rofi.enable = mkEnableOption "enable rofi";
config = mkIf cfg.enable {
programs.rofi = with pkgs; {
enable = true;
package = rofi.override {
plugins = [
rofi-calc
rofi-emoji
stable.rofi-file-browser
];
};
pass = {
enable = true;
package = rofi-pass-wayland;
};
terminal = "\${pkgs.kitty}/bin/kitty";
font = "Fira Code";
extraConfig = {
show-icons = true;
disable-history = false;
modi = "drun,calc,emoji,filebrowser";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
theme = "dracula";
};
};
}
home/features/desktop/theme.nix
+17
View File
@@ -0,0 +1,17 @@
{pkgs, ...}: {
qt = {
enable = true;
platformTheme.name = "gtk";
};
gtk = {
enable = true;
theme = {
name = "Dracula";
package = pkgs.dracula-theme;
};
iconTheme = {
name = "Dracula";
package = pkgs.dracula-icon-theme;
};
};
}
home/features/desktop/wayland.nix
+286
View File
@@ -0,0 +1,286 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.wayland;
in {
options.features.desktop.wayland.enable = mkEnableOption "wayland extra tools and config";
config = mkIf cfg.enable {
programs.waybar = {
enable = true;
style = ''
@define-color background-darker rgba(30, 31, 41, 230);
@define-color background #282a36;
@define-color selection #44475a;
@define-color foreground #f8f8f2;
@define-color comment #6272a4;
@define-color cyan #8be9fd;
@define-color green #50fa7b;
@define-color orange #ffb86c;
@define-color pink #ff79c6;
@define-color purple #bd93f9;
@define-color red #ff5555;
@define-color yellow #f1fa8c;
* {
border: none;
border-radius: 0;
font-family: FiraCode Nerd Font;
font-weight: bold;
font-size: 14px;
min-height: 0;
}
window#waybar {
background: rgba(21, 18, 27, 0);
color: #cdd6f4;
}
tooltip {
background: #1e1e2e;
border-radius: 10px;
border-width: 2px;
border-style: solid;
border-color: #11111b;
}
#workspaces button {
padding: 5px;
color: #313244;
margin-right: 5px;
}
#workspaces button.active {
color: #11111b;
background: #a6e3a1;
border-radius: 10px;
}
#workspaces button.focused {
color: #a6adc8;
background: #eba0ac;
border-radius: 10px;
}
#workspaces button.urgent {
color: #11111b;
background: #a6e3a1;
border-radius: 10px;
}
#workspaces button:hover {
background: #11111b;
color: #cdd6f4;
border-radius: 10px;
}
#custom-language,
#custom-updates,
#custom-caffeine,
#custom-weather,
#window,
#clock,
#battery,
#pulseaudio,
#network,
#workspaces,
#tray,
#backlight {
background: #1e1e2e;
padding: 0px 10px;
margin: 3px 0px;
margin-top: 10px;
border: 1px solid #181825;
}
#tray {
border-radius: 10px;
margin-right: 10px;
}
#workspaces {
background: #1e1e2e;
border-radius: 10px;
margin-left: 10px;
padding-right: 0px;
padding-left: 5px;
}
#custom-caffeine {
color: #89dceb;
border-radius: 10px 0px 0px 10px;
border-right: 0px;
margin-left: 10px;
}
#custom-language {
color: #f38ba8;
border-left: 0px;
border-right: 0px;
}
#custom-updates {
color: #f5c2e7;
border-left: 0px;
border-right: 0px;
}
#window {
border-radius: 10px;
margin-left: 60px;
margin-right: 60px;
}
#clock {
color: #fab387;
border-radius: 10px 0px 0px 10px;
margin-left: 0px;
border-right: 0px;
}
#network {
color: #f9e2af;
border-left: 0px;
border-right: 0px;
}
#pulseaudio {
color: #89b4fa;
border-left: 0px;
border-right: 0px;
}
#pulseaudio.microphone {
color: #cba6f7;
border-left: 0px;
border-right: 0px;
}
#battery {
color: #a6e3a1;
border-radius: 0 10px 10px 0;
margin-right: 10px;
border-left: 0px;
}
#custom-weather {
border-radius: 0px 10px 10px 0px;
border-right: 0px;
margin-left: 0px;
}
'';
settings = {
mainbar = {
layer = "top";
position = "top";
mod = "dock";
exclusive = true;
passthrough = false;
gtk-layer-shell = true;
height = 0;
modules-left = ["clock" "custom/weather" "hyprland/workspaces"];
modules-center = ["hyprland/window"];
modules-right = [
"tray"
"custom/language"
"battery"
"backlight"
"pulseaudio"
"pulseaudio#microphone"
];
"hyprland/window" = {
format = "👉 {}";
seperate-outputs = true;
};
"hyprland/workspaces" = {
disable-scroll = true;
all-outputs = true;
on-click = "activate";
format = " {name} {icon} ";
on-scroll-up = "hyprctl dispatch workspace e+1";
on-scroll-down = "hyprctl dispatch workspace e-1";
format-icons = {
"1" = "";
"2" = "";
"3" = "";
"4" = "";
"5" = "";
"6" = "";
"7" = "";
};
persistent_workspaces = {
"1" = [];
"2" = [];
"3" = [];
"4" = [];
};
};
"custom/weather" = {
format = "{}°C";
tooltip = true;
interval = 3600;
exec = "wttrbar --location Pockau-Lengefeld";
return-type = "json";
};
tray = {
icon-size = 13;
spacing = 10;
};
clock = {
format = " {:%R %d/%m}";
tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
};
pulseaudio = {
format = "{icon} {volume}%";
tooltip = false;
format-muted = " Muted";
on-click = "pamixer -t";
on-scroll-up = "pamixer -i 5";
on-scroll-down = "pamixer -d 5";
scroll-step = 5;
format-icons = {
headphone = "";
hands-free = "";
headset = "";
phone = "";
portable = "";
car = "";
default = ["" "" ""];
};
};
"pulseaudio#microphone" = {
format = "{format_source}";
format-source = " {volume}%";
format-source-muted = " Muted";
on-click = "pamixer --default-source -t";
on-scroll-up = "pamixer --default-source -i 5";
on-scroll-down = "pamixer --default-source -d 5";
scroll-step = 5;
};
};
};
};
home.packages = with pkgs; [
grim
hyprcursor
hyprlock
hyprpaper
qt6.qtwayland
slurp
waypipe
wl-clipboard
wf-recorder
wl-mirror
wl-clipboard
wlogout
wtype
ydotool
];
};
}
home/features/desktop/wofi.nix
+6
View File
@@ -0,0 +1,6 @@
{pkgs, ...}: {
home.packages = with pkgs; [
wofi
bemoji
];
}
home/m3tam3re/dotfiles/default.nix
+26
View File
@@ -0,0 +1,26 @@
{
pkgs,
inputs,
...
}: {
home.file.".config/bat" = {
source = "${inputs.dotfiles}/bat";
recursive = true;
};
home.file.".config/nyxt" = {
source = "${inputs.dotfiles}/nyxt";
recursive = true;
};
# home.file.".config/hypr" = {
# source = "${inputs.dotfiles}/hypr";
# recursive = true;
# };
home.file.".config/nvim" = {
source = "${inputs.dotfiles}/nvim";
recursive = true;
};
home.file.".config/zellij" = {
source = "${inputs.dotfiles}/zellij";
recursive = true;
};
}
home/m3tam3re/home-server.nix
+115
View File
@@ -0,0 +1,115 @@
# This is a default home.nix generated by the follwing hone-manager command
#
# home-manager init ./
{
config,
lib,
pkgs,
...
}: {
# Home Manager needs a bit of information about you and the paths it should
# manage.
home.username = lib.mkDefault "your-name";
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
home.stateVersion = "24.11"; # Please read the comment before changing.
# The home.packages option allows you to install Nix packages into your
# environment.
home.packages = with pkgs; [
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
# pkgs.hello
# # It is sometimes useful to fine-tune packages, for example, by applying
# # overrides. You can do that directly here, just don't forget the
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
# # You can also create simple shell scripts directly inside your
# # configuration. For example, this adds a command 'my-hello' to your
# # environment:
# (pkgs.writeShellScriptBin "my-hello" ''
# echo "Hello, ${config.home.username}!"
# '')
];
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
home.file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh
#
home.sessionVariables = {
# EDITOR = "emacs";
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
programs.git = {
enable = true;
userName = "m3tam3re";
userEmail = "m@m3tam3re.com";
aliases = {st = "status";};
extraConfig = {
core.excludesfile = "~/.gitignore_global";
init.defaultBranch = "master";
};
};
programs.zellij-ps = {
enable = true;
projectFolders = [
"${config.home.homeDirectory}/p/c"
"${config.home.homeDirectory}/p"
"${config.home.homeDirectory}/.config"
];
layout = ''
layout {
pane size=1 borderless=true {
plugin location="zellij:tab-bar"
}
pane size="70%" command="nvim"
pane split_direction="vertical" {
pane
pane command="unimatrix"
}
pane size=1 borderless=true {
plugin location="zellij:status-bar"
}
}
'';
};
}
home/m3tam3re/home.nix
+203
View File
@@ -0,0 +1,203 @@
# This is a default home.nix generated by the follwing hone-manager command
#
# home-manager init ./
{
config,
lib,
pkgs,
...
}: {
# Home Manager needs a bit of information about you and the paths it should
# manage.
home.username = lib.mkDefault "your-name";
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
home.stateVersion = "24.11"; # Please read the comment before changing.
# The home.packages option allows you to install Nix packages into your
# environment.
home.packages = with pkgs; [
aider-chat-env
libgtop
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
# pkgs.hello
# # It is sometimes useful to fine-tune packages, for example, by applying
# # overrides. You can do that directly here, just don't forget the
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
# # You can also create simple shell scripts directly inside your
# # configuration. For example, this adds a command 'my-hello' to your
# # environment:
# (pkgs.writeShellScriptBin "my-hello" ''
# echo "Hello, ${config.home.username}!"
# '')
];
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
home.file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh
#
home.sessionVariables = {
# EDITOR = "emacs";
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
programs.git = {
enable = true;
difftastic.enable = true;
userName = "m3tam3re";
userEmail = "m@m3tam3re.com";
aliases = {
st = "status";
logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
extraConfig = {
core.excludesfile = "~/.gitignore_global";
init.defaultBranch = "master";
};
};
programs.ssh = {
enable = true;
matchBlocks = {
"github.com" = {
hostname = "github.com";
user = "m3tam3re";
port = 22;
identityFile = "~/.ssh/github";
};
"code.m3tam3re.com" = {
hostname = "code.m3tam3re.com";
user = "m3tam3re";
identityFile = "~/.ssh/gitea";
};
"lkk-nix-1" = {
hostname = "89.58.10.189";
user = "lkk-admin";
identityFile = "~/.ssh/lkk-admin";
};
"m3-r1" = {
hostname = "202.61.226.110";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-test" = {
hostname = "192.168.122.215";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-1" = {
hostname = "192.168.0.24";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"lkk-prod-2" = {
hostname = "192.168.0.20";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"m3-deck" = {
hostname = "192.168.178.193";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-kratos-vm" = {
hostname = "192.168.122.43";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-hermes" = {
hostname = "95.216.214.142";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-helios" = {
hostname = "192.168.178.210";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-ares" = {
hostname = "192.168.1.30";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-atlas" = {
hostname = "152.53.85.162";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"m3-zelda" = {
hostname = "95.217.189.186";
user = "m3tam3re";
identityFile = "~/.ssh/m3tam3re";
};
"self-host-playbook" = {
hostname = "157.180.21.225";
port = 2222;
user = "m3tam3re";
identityFile = "~/.ssh/self-host-playbook";
};
};
};
programs.zellij-ps = {
enable = true;
projectFolders = [
"${config.home.homeDirectory}/p/c"
"${config.home.homeDirectory}/p"
"${config.home.homeDirectory}/.config"
];
layout = ''
layout {
pane size=1 borderless=true {
plugin location="zellij:tab-bar"
}
pane size="70%" command="nvim"
pane split_direction="vertical" {
pane
pane command="unimatrix"
}
pane size=1 borderless=true {
plugin location="zellij:status-bar"
}
}
'';
};
}
home/m3tam3re/m3-ares.nix
+101
View File
@@ -0,0 +1,101 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.hyprland;
in {
imports = [
../common
./dotfiles
./home.nix
../features/cli
../features/coding
../features/desktop
#./services/librechat.nix
];
options.features.desktop.hyprland.enable =
mkEnableOption "enable Hyprland";
config = mkMerge [
# Base configuration
{
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
features = {
cli = {
fish.enable = true;
fzf.enable = true;
fastfetch.enable = true;
secrets.enable = true;
starship.enable = true;
};
desktop = {
coding.enable = true;
crypto.enable = true;
gaming.enable = true;
hyprland.enable = true;
media.enable = true;
office.enable = true;
rofi.enable = true;
fonts.enable = true;
wayland.enable = true;
};
};
}
(mkIf cfg.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
monitor = [
"eDP-1,preferred,0x0,1.25"
"HDMI-A-1,preferred,2560x0,1"
];
workspace = [
"1, monitor:eDP-1, default:true"
"2, monitor:eDP-1"
"3, monitor:eDP-1"
"4, monitor:HDMI-A-1"
"5, monitor:HDMI-A-1,border:false,rounding:false"
"6, monitor:HDMI-A-1"
];
windowrule = [
"workspace 1,class:dev.zed.Zed"
"workspace 1,class:Msty"
"workspace 2,class:(com.obsproject.Studio)"
"workspace 4,opacity 1.0, class:(brave-browser)"
"workspace 4,opacity 1.0, class:(vivaldi-stable)"
"fullscreen,class:^steam_app_\\d+$"
"workspace 5,class:^steam_app_\\d+$"
"idleinhibit focus, class:^steam_app_\\d+$"
];
};
};
})
];
}
home/m3tam3re/m3-atlas.nix
+17
View File
@@ -0,0 +1,17 @@
{
imports = [
../common
../features/cli
./home-server.nix
];
features = {
cli = {
fish.enable = true;
fzf.enable = true;
fastfetch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}
home/m3tam3re/m3-helios.nix
+17
View File
@@ -0,0 +1,17 @@
{
imports = [
../common
../features/cli
./home-server.nix
];
features = {
cli = {
fish.enable = true;
fzf.enable = true;
fastfetch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}
home/m3tam3re/m3-kratos.nix
+101
View File
@@ -0,0 +1,101 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.hyprland;
in {
imports = [
../common
./dotfiles
./home.nix
../features/cli
../features/coding
../features/desktop
./services/librechat.nix
];
options.features.desktop.hyprland.enable =
mkEnableOption "enable Hyprland";
config = mkMerge [
# Base configuration
{
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
features = {
cli = {
fish.enable = true;
fzf.enable = true;
fastfetch.enable = true;
secrets.enable = true;
starship.enable = true;
};
desktop = {
crypto.enable = true;
coding.enable = true;
gaming.enable = true;
hyprland.enable = true;
media.enable = true;
office.enable = true;
rofi.enable = true;
fonts.enable = true;
wayland.enable = true;
};
};
}
(mkIf cfg.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
monitor = [
"DP-1,2560x1440@144,0x0,1"
"DP-2,2560x1440@144,2560x0,1"
];
workspace = [
"1, monitor:DP-1, default:true"
"2, monitor:DP-1"
"3, monitor:DP-1"
"4, monitor:DP-2"
"5, monitor:DP-2"
"6, monitor:DP-2"
"7, monitor:DP-2"
];
windowrule = [
"workspace 1,class:dev.zed.Zed"
"workspace 1,class:Msty"
"workspace 2,class:(com.obsproject.Studio)"
"workspace 4,opacity 1.0, class:(brave-browser)"
"workspace 4,opacity 1.0, class:(vivaldi-stable)"
"idleinhibit focus, class:^steam_app_\\d+$"
];
};
};
})
];
}
home/m3tam3re/services/librechat.nix
+18
View File
@@ -0,0 +1,18 @@
{
systemd.user.services.librechat = {
Unit = {
Description = "LibreChat Start";
After = ["network-online.target"];
Wants = ["network-online.target"];
};
Install = {WantedBy = ["default.target"];};
Service = {
Type = "oneshot";
RemainAfterExit = "yes";
WorkingDirectory = "/home/m3tam3re/p/r/ai/LibreChat";
ExecStart = "/run/current-system/sw/bin/podman-compose up -d";
ExecStop = "/run/current-system/sw/bin/podman-compose down";
Restart = "on-failure";
};
};
}
hosts/common/default.nix
+74
View File
@@ -0,0 +1,74 @@
# Common configuration for all hosts
{
pkgs,
lib,
inputs,
outputs,
...
}: {
imports = [
./extraServices
./users
inputs.home-manager.nixosModules.home-manager
];
environment.pathsToLink = [
"/share/xdg-desktop-portal"
"/share/applications"
];
home-manager = {
useUserPackages = true;
extraSpecialArgs = {inherit inputs outputs;};
};
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.stable-packages
outputs.overlays.pinned-packages
outputs.overlays.locked-packages
outputs.overlays.master-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
nix = {
settings = {
experimental-features = "nix-command flakes";
cores = 2;
max-jobs = 8;
trusted-users = [
"root"
"m3tam3re"
]; # Set users that are allowed to use the flake command
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
optimise.automatic = true;
registry =
(lib.mapAttrs (_: flake: {inherit flake;}))
((lib.filterAttrs (_: lib.isType "flake")) inputs);
nixPath = ["/etc/nix/path"];
};
users.defaultUserShell = pkgs.fish;
}
hosts/common/extraServices/default.nix
+8
View File
@@ -0,0 +1,8 @@
{
imports = [
./flatpak.nix
./podman.nix
./ollama.nix
./virtualisation.nix
];
}
hosts/common/extraServices/flatpak.nix
+24
View File
@@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.flatpak;
in {
options.extraServices.flatpak.enable = mkEnableOption "enable flatpak";
config = mkIf cfg.enable {
services.flatpak.enable = true;
xdg.portal = {
# xdg desktop intergration (required for flatpak)
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
};
}
hosts/common/extraServices/ollama.nix
+29
View File
@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.ollama;
in {
options.extraServices.ollama.enable = mkEnableOption "enable ollama";
config = mkIf cfg.enable {
services.ollama = {
enable = true;
acceleration =
if config.services.xserver.videoDrivers == ["amdgpu"]
then "rocm"
else if config.services.xserver.videoDrivers == ["nvidia"]
then "cuda"
else null;
host = "[::]";
openFirewall = true;
};
nixpkgs.config = {
rocmSupport = config.services.xserver.videoDrivers == ["amdgpu"];
cudaSupport = config.services.xserver.videoDrivers == ["nvidia"];
};
};
}
hosts/common/extraServices/podman.nix
+33
View File
@@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.podman;
in {
options.extraServices.podman.enable = mkEnableOption "enable podman";
config = mkIf cfg.enable {
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
autoPrune = {
enable = true;
dates = "weekly";
flags = [
"--filter=until=24h"
"--filter=label!=important"
];
};
defaultNetwork.settings.dns_enabled = true;
};
};
environment.systemPackages = with pkgs; [
podman-compose
];
};
}
hosts/common/extraServices/virtualisation.nix
+39
View File
@@ -0,0 +1,39 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.extraServices.virtualisation;
in {
options.extraServices.virtualisation.enable = mkEnableOption "enable virtualisation";
config = mkIf cfg.enable {
virtualisation = {
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
ovmf = {
enable = true;
packages = [
pkgs.locked.OVMFFull.fd
(pkgs.locked.OVMF.override {
secureBoot = true;
tpmSupport = true;
})
.fd
];
};
};
};
};
programs.virt-manager.enable = true;
environment.systemPackages = with pkgs; [
# locked.OVMFFull
];
};
}
hosts/common/users/default.nix
+3
View File
@@ -0,0 +1,3 @@
{
imports = [./m3tam3re.nix];
}
hosts/common/users/m3tam3re.nix
+32
View File
@@ -0,0 +1,32 @@
{
config,
pkgs,
inputs,
...
}: {
users.users.m3tam3re = {
#initialHashedPassword = "$y$j9T$IoChbWGYRh.rKfmm0G86X0$bYgsWqDRkvX.EBzJTX.Z0RsTlwspADpvEF3QErNyCMC";
password = "12345";
isNormalUser = true;
description = "m3tam3re";
extraGroups = [
"wheel"
"networkmanager"
"libvirtd"
"flatpak"
"audio"
"video"
"plugdev"
"input"
"kvm"
"qemu-libvirtd"
"adbusers"
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
];
packages = [inputs.home-manager.packages.${pkgs.system}.default];
};
home-manager.users.m3tam3re =
import ../../../home/m3tam3re/${config.networking.hostName}.nix;
}
hosts/m3-ares/configuration.nix
+138
View File
@@ -0,0 +1,138 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
specialisation = {
"NVIDIA".configuration = {
boot.kernelParams = ["nvidia.NVreg_PreserveVideoMemoryAllocations=1"];
system.nixos.tags = ["NVIDIA"];
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia-container-toolkit.enable = true;
};
};
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.memtest86.enable = true;
boot.initrd.services.lvm.enable = false;
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
boot.kernelModules = ["v4l2loopback"];
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_msrs=1
options v4l2loopback exclusive_caps=1 max_buffers=2
'';
networking.hostName = "m3-ares"; # Define your hostname.
# warp-terminal update fix
# networking.extraHosts = ''
# 127.0.0.1 releases.warp.dev
# 127.0.0.1 app.warp.dev
# '';
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [neovim git];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
settings = {
PasswordAuthentication = false;
};
};
services.fstrim.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}
hosts/m3-ares/default.nix
+51
View File
@@ -0,0 +1,51 @@
# A staring point is the basic NIXOS configuration generated by the ISO installer.
# On an existing NIXOS install you can use the following command in your flakes basedir:
# sudo nixos-generate-config --dir ./hosts/m3tam3re
#
# Please make sure to change the first couple of lines in your configuration.nix:
# { config, inputs, ouputs, lib, pkgs, ... }:
#
# {
# imports = [ # Include the results of the hardware scan.
# ./hardware-configuration.nix
# inputs.home-manager.nixosModules.home-manager
# ];
# ...
#
# Moreover please update the packages option in your user configuration and add the home-manager options:
# users.users = {
# m3tam3re = {
# isNormalUser = true;
# initialPassword = "12345";
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
# };
# };
#
# home-manager = {
# useUserPackages = true;
# extraSpecialArgs = { inherit inputs outputs; };
# users.m3tam3re =
# import ../../home/m3tam3re/${config.networking.hostName}.nix;
# };
#
# Please also change your hostname accordingly:
#:w
# networking.hostName = "nixos"; # Define your hostname.
{
imports = [
../common
./configuration.nix
./hardware.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = true;
ollama.enable = true;
podman.enable = true;
virtualisation.enable = true;
};
}
hosts/m3-ares/hardware-configuration.nix
+73
View File
@@ -0,0 +1,73 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "ahci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.supportedFilesystems = ["nfs"];
fileSystems."/" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4811-EA6E";
fsType = "vfat";
};
fileSystems."/opt" = {
device = "/dev/disk/by-uuid/3574df3a-2a90-4b54-9c21-128f1d01ff8f";
fsType = "btrfs";
options = ["noatime" "compress=zstd"];
};
fileSystems."/mnt/skynet-bkg" = {
device = "192.168.1.100:/volume3/bkg";
fsType = "nfs";
options = ["noauto" "x-systemd.automount"];
};
fileSystems."/mnt/skynet" = {
device = "192.168.1.100:/volume3/m3-skynet";
fsType = "nfs";
options = ["noauto" "x-systemd.automount"];
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp46s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}
hosts/m3-ares/hardware.nix
+26
View File
@@ -0,0 +1,26 @@
{
hardware.nvidia = {
prime = {
offload.enable = false;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
};
modesetting.enable = true;
powerManagement.finegrained = false;
powerManagement.enable = true;
open = false;
dynamicBoost.enable = true;
nvidiaSettings = true;
};
hardware.bluetooth.enable = true;
hardware.keyboard.zsa.enable = true;
hardware.graphics.enable = true;
services.hardware.bolt.enable = true;
services.auto-cpufreq.enable = true;
services.tlp.enable = true;
}
hosts/m3-ares/programs.nix
+45
View File
@@ -0,0 +1,45 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession = {
enable = true;
args = [
"-W 1920"
"-H 1080"
];
};
};
programs.gamescope = {
enable = true;
capSysNice = true;
};
programs.fish.enable = true;
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
settings = {default-cache-ttl = 10800;};
};
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nixos/nixos-config";
};
}
hosts/m3-ares/secrets.nix
+31
View File
@@ -0,0 +1,31 @@
{
age = {
secrets = {
wg-DE = {
file = ../../secrets/wg-DE.age;
path = "/etc/wireguard/DE.conf";
};
wg-NL = {
file = ../../secrets/wg-NL.age;
path = "/etc/wireguard/NL.conf";
};
wg-NO = {
file = ../../secrets/wg-NO.age;
path = "/etc/wireguard/NO.conf";
};
wg-US = {
file = ../../secrets/wg-US.age;
path = "/etc/wireguard/US.conf";
};
wg-BR = {
file = ../../secrets/wg-BR.age;
path = "/etc/wireguard/BR.conf";
};
tailscale-key.file = ../../secrets/tailscale-key.age;
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
};
}
hosts/m3-ares/services/containers/default.nix
+4
View File
@@ -0,0 +1,4 @@
{
imports = [
];
}
hosts/m3-ares/services/default.nix
+36
View File
@@ -0,0 +1,36 @@
{
imports = [
./containers
#./n8n.nix
./postgres.nix
./restic.nix
./sound.nix
./tailscale.nix
./udev.nix
./wireguard.nix
];
services = {
hypridle.enable = true;
printing.enable = true;
gvfs.enable = true;
trezord.enable = true;
gnome.gnome-keyring.enable = true;
qdrant.enable = true;
upower.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
publish = {
addresses = true;
workstation = true;
userServices = true;
};
};
};
systemd.sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
}
hosts/m3-ares/services/n8n.nix
+11
View File
@@ -0,0 +1,11 @@
{
services.n8n = {
enable = true;
openFirewall = true;
};
systemd.services.n8n = {
environment = {
N8N_SECURE_COOKIE = "false";
};
};
}
hosts/m3-ares/services/postgres.nix
+22
View File
@@ -0,0 +1,22 @@
{pkgs, ...}: {
services.postgresql = {
enable = true;
package = pkgs.postgresql_17;
extensions = with pkgs.postgresql17Packages; [
pgvector
];
authentication = ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.88.0.0/16 trust
host all all 19.89.0.0/16 trust
'';
initialScript = pkgs.writeText "initialScript.sql" ''
CREATE USER n8n WITH PASSWORD 'n8n';
CREATE DATABASE n8n;
GRANT ALL PRIVILEGES ON DATABASE n8n TO n8n;
'';
};
}
hosts/m3-ares/services/restic.nix
+25
View File
@@ -0,0 +1,25 @@
{
services.restic.backups = {
skynet = {
repository = "/mnt/skynet-bkg/m3-nix";
passwordFile = "/etc/nixos/restic-pass";
initialize = true;
paths = ["/home/m3tam3re"];
exclude = [
"/home/m3tam3re/.cache"
"/home/m3tam3re/Bilder/"
"/home/m3tam3re/Videos/"
"/home/m3tam3re/Downloads"
"/home/m3tam3re/Library"
"/home/m3tam3re/Projekte"
"/home/m3tam3re/Sync"
"/home/m3tam3re/.local/share/Trash"
];
timerConfig = {
OnCalendar = "09:30";
RandomizedDelaySec = "2h";
Persistent = true;
};
};
};
}
hosts/m3-ares/services/sound.nix
+14
View File
@@ -0,0 +1,14 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
speechd
];
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = false;
wireplumber.enable = true;
};
}
hosts/m3-ares/services/tailscale.nix
+40
View File
@@ -0,0 +1,40 @@
{
config,
pkgs,
...
}: {
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
# systemd.services.tailscale-autoconnect = {
# description = "Automatic connection to Tailscale";
# # make sure tailscale is running before trying to connect to tailscale
# after = ["network-pre.target" "tailscale.service"];
# wants = ["network-pre.target" "tailscale.service"];
# wantedBy = ["multi-user.target"];
# # set this service as a oneshot job
# serviceConfig = {
# Type = "oneshot";
# EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
# };
# # have the job run this shell script
# script = with pkgs; ''
# # wait for tailscaled to settle
# sleep 2
# # check if we are already authenticated to tailscale
# status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
# if [ $status = "Running" ]; then # if so, then do nothing
# exit 0
# fi
# # otherwise authenticate with tailscale
# ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY
# '';
# };
}
hosts/m3-ares/services/udev.nix
+8
View File
@@ -0,0 +1,8 @@
{pkgs, ...}: {
services.udev.extraRules = ''
SUBSYSTEM=="usb", MODE="0666
'';
environment.systemPackages = with pkgs; [
zsa-udev-rules
];
}
hosts/m3-ares/services/wireguard.nix
+25
View File
@@ -0,0 +1,25 @@
{config, ...}: {
networking.wg-quick.interfaces = {
DE = {
configFile = config.age.secrets.wg-DE.path;
autostart = false;
};
NL = {
configFile = config.age.secrets.wg-NL.path;
autostart = false;
};
NO = {
configFile = config.age.secrets.wg-NO.path;
autostart = true;
};
US = {
configFile = config.age.secrets.wg-US.path;
autostart = false;
};
BR = {
configFile = config.age.secrets.wg-BR.path;
autostart = false;
};
};
services.resolved.enable = true;
}
hosts/m3-atlas/configuration.nix
+112
View File
@@ -0,0 +1,112 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{pkgs, ...}: {
imports = [
# Include the results of the hardware scan.
./disko-config.nix
./hardware-configuration.nix
];
# Bootloader.
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
networking.hostName = "m3-atlas"; # CHANGE ME.
networking.hostId = "15b60253"; # CHANGE ME
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [neovim git];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
settings = {
PasswordAuthentication = false;
};
};
# [[Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}
hosts/m3-atlas/default.nix
+50
View File
@@ -0,0 +1,50 @@
# A staring point is the basic NIXOS configuration generated by the ISO installer.
# On an existing NIXOS install you can use the following command in your flakes basedir:
# sudo nixos-generate-config --dir ./hosts/m3tam3re
#
# Please make sure to change the first couple of lines in your configuration.nix:
# { config, inputs, ouputs, lib, pkgs, ... }:
#
# {
# imports = [ # Include the results of the hardware scan.
# ./hardware-configuration.nix
# inputs.home-manager.nixosModules.home-manager
# ];
# ...
#
# Moreover please update the packages option in your user configuration and add the home-manager options:
# users.users = {
# m3tam3re = {
# isNormalUser = true;
# initialPassword = "12345";
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
# };
# };
#
# home-manager = {
# useUserPackages = true;
# extraSpecialArgs = { inherit inputs outputs; };
# users.m3tam3re =
# import ../../home/m3tam3re/${config.networking.hostName}.nix;
# };
#
# Please also change your hostname accordingly:
#:w
# networking.hostName = "nixos"; # Define your hostname.
{
imports = [
../common
./configuration.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = false;
ollama.enable = false;
podman.enable = true;
virtualisation.enable = false;
};
}
hosts/m3-atlas/disko-config.nix
+39
View File
@@ -0,0 +1,39 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/vda"; # CHANGE ME
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for GRUB MBR
priority = 1;
};
esp = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["noatime" "nodiratime" "discard"];
};
};
};
};
};
};
};
}
hosts/m3-atlas/hardware-configuration.nix
+31
View File
@@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
fileSystems."/var/storage" = {
device = "46.38.248.210:/voln723044a1";
fsType = "nfs";
};
}
hosts/m3-atlas/programs.nix
+14
View File
@@ -0,0 +1,14 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.fish.enable = true;
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nixos/nixos-config";
};
}
hosts/m3-atlas/secrets.nix
+35
View File
@@ -0,0 +1,35 @@
{
age = {
secrets = {
baserow-env = {
file = ../../secrets/baserow-env.age;
};
ghost-env = {
file = ../../secrets/ghost-env.age;
};
littlelink-m3tam3re = {
file = ../../secrets/littlelink-m3tam3re.age;
};
minio-root-cred = {
file = ../../secrets/minio-root-cred.age;
};
n8n-env = {
file = ../../secrets/n8n-env.age;
};
restreamer-env = {
file = ../../secrets/restreamer-env.age;
};
searx = {
file = ../../secrets/searx.age;
};
traefik = {
file = ../../secrets/traefik.age;
owner = "traefik";
};
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
};
}
hosts/m3-atlas/services/containers/baserow.nix
+26
View File
@@ -0,0 +1,26 @@
{config, ...}: {
virtualisation.oci-containers.containers."baserow" = {
image = "docker.io/baserow/baserow:1.31.1";
environmentFiles = [config.age.secrets.baserow-env.path];
ports = ["127.0.0.1:3001:80"];
volumes = ["baserow_data:/baserow/data"];
extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.10" "--network=web"];
};
# Traefik configuration specific to baserow
services.traefik.dynamicConfigOptions.http = {
services.baserow.loadBalancer.servers = [
{
url = "http://localhost:3001/";
}
];
routers.baserow = {
rule = "Host(`br.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "baserow";
entrypoints = "websecure";
};
};
}
hosts/m3-atlas/services/containers/default.nix
+16
View File
@@ -0,0 +1,16 @@
{lib, ...}: {
imports = [
./baserow.nix
./ghost.nix
./littlelink.nix
./matomo.nix
./n8n.nix
./restreamer.nix
./slash.nix
];
system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''
if ! /run/current-system/sw/bin/podman network exists web; then
/run/current-system/sw/bin/podman network create web --subnet=10.89.0.0/24 --internal
fi
'';
}
hosts/m3-atlas/services/containers/ghost.nix
+26
View File
@@ -0,0 +1,26 @@
{config, ...}: {
virtualisation.oci-containers.containers."ghost" = {
image = "docker.io/ghost:5.106.1";
environmentFiles = [config.age.secrets.ghost-env.path];
ports = ["127.0.0.1:3002:2368"];
volumes = ["ghost_data:/var/lib/ghost/content"];
extraOptions = ["--add-host=mysql:10.89.0.1" "--ip=10.89.0.11" "--network=web"];
};
# Traefik configuration specific to ghost
services.traefik.dynamicConfigOptions.http = {
services.ghost.loadBalancer.servers = [
{
url = "http://localhost:3002/";
}
];
routers.ghost = {
rule = "Host(`www.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "ghost";
entrypoints = "websecure";
};
};
}
hosts/m3-atlas/services/containers/littlelink.nix
+25
View File
@@ -0,0 +1,25 @@
{config, ...}: {
virtualisation.oci-containers.containers."littlelink_m3tam3re" = {
image = "ghcr.io/techno-tim/littlelink-server";
environmentFiles = [config.age.secrets.littlelink-m3tam3re.path];
ports = ["127.0.0.1:3004:3000"];
extraOptions = ["--ip=10.89.0.12" "--network=web"];
};
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.littlelink-m3tam3re.loadBalancer.servers = [
{
url = "http://localhost:3004/";
}
];
routers.littlelink-m3tam3re = {
rule = "Host(`links.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "littlelink-m3tam3re";
entrypoints = "websecure";
};
};
}
hosts/m3-atlas/services/containers/matomo.nix
+43
View File
@@ -0,0 +1,43 @@
{
virtualisation.oci-containers.containers."matomo" = {
image = "docker.io/matomo:latest";
ports = ["127.0.0.1:3011:80"];
volumes = ["matomo_data:/var/www/html"];
environment = {
MATOMO_DATABASE_HOST = "mysql";
MATOMO_DATABASE_USERNAME = "matomo";
MATOMO_DATABASE_PASSWORD = "matomo";
MATOMO_DATABASE_DBNAME = "matomo";
MYSQL_DATABASE = "matomo";
PHP_MEMORY_LIMIT = "2048M";
};
extraOptions = ["--add-host=mysql:10.89.0.1" "--ip=10.89.0.16" "--network=web"];
};
# Traefik configuration specific to ghost
services.traefik.dynamicConfigOptions.http = {
services.matomo.loadBalancer.servers = [
{
url = "http://localhost:3011/";
}
];
routers = {
matomo-nemoti = {
rule = "Host(`stats.nemoti.com`)";
tls = {
certResolver = "godaddy";
};
service = "matomo";
entrypoints = "websecure";
};
matomo-m3tam3re = {
rule = "Host(`stats.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "matomo";
entrypoints = "websecure";
};
};
};
}
hosts/m3-atlas/services/containers/n8n.nix
+27
View File
@@ -0,0 +1,27 @@
{config, ...}: {
virtualisation.oci-containers.containers."n8n" = {
image = "docker.n8n.io/n8nio/n8n";
environmentFiles = [config.age.secrets.n8n-env.path];
ports = ["127.0.0.1:5678:5678"];
volumes = ["n8n_data:/home/node/.n8n"];
extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.14" "--network=web"];
};
# Traefik configuration specific to n8n
services.traefik.dynamicConfigOptions.http = {
services.n8n.loadBalancer.servers = [
{
url = "http://localhost:5678/";
}
];
routers.n8n = {
rule = "Host(`wf.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "n8n";
entrypoints = "websecure";
};
};
}
hosts/m3-atlas/services/containers/restreamer.nix
+75
View File
@@ -0,0 +1,75 @@
{config, ...}: {
virtualisation.oci-containers.containers."restreamer" = {
image = "docker.io/datarhei/restreamer:latest";
environmentFiles = [config.age.secrets.restreamer-env.path];
# Modified ports to include RTMPS
ports = [
"127.0.0.1:3006:8080" # Web UI
"127.0.0.1:1936:1935" # RTMP
];
volumes = [
"restreamer_data:/core/data"
"restreamer_config:/core/config"
];
extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.13" "--network=web"];
};
# Traefik configuration
services.traefik = {
dynamicConfigOptions = {
http = {
services.restreamer.loadBalancer.servers = [
{
url = "http://localhost:3006/";
}
];
routers.restreamer = {
rule = "Host(`stream.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "restreamer";
entrypoints = ["websecure"];
};
};
tcp = {
services = {
rtmp-service.loadBalancer.servers = [
{
address = "localhost:1936";
}
];
rtmps-service.loadBalancer.servers = [
{
address = "localhost:1936";
}
];
};
routers = {
rtmp = {
rule = "HostSNI(`*`)"; # Changed to accept all SNI
service = "rtmp-service";
entryPoints = ["rtmp"];
};
rtmps = {
rule = "HostSNI(`stream.m3tam3re.com`)";
service = "rtmps-service";
entryPoints = ["rtmps"];
tls = {
certResolver = "godaddy";
passthrough = false;
};
};
};
};
};
};
# Firewall configuration
networking.firewall = {
allowedTCPPorts = [80 443 1935 1945];
};
}
hosts/m3-atlas/services/containers/slash.nix
+27
View File
@@ -0,0 +1,27 @@
{
virtualisation.oci-containers.containers."slash" = {
image = "docker.io/yourselfhosted/slash:latest";
ports = ["127.0.0.1:3010:5231"];
volumes = [
"slash_data:/var/opt/slash"
];
extraOptions = ["--ip=10.89.0.15" "--network=web"];
};
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.slash.loadBalancer.servers = [
{
url = "http://localhost:3010/";
}
];
routers.slash = {
rule = "Host(`l.m3ta.dev`)";
tls = {
certResolver = "godaddy";
};
service = "slash";
entrypoints = "websecure";
};
};
}
hosts/m3-atlas/services/default.nix
+14
View File
@@ -0,0 +1,14 @@
{
imports = [
./containers
./gitea.nix
./headscale.nix
./minio.nix
./mysql.nix
./postgres.nix
./searx.nix
./tailscale.nix
./traefik.nix
./wastebin.nix
];
}
hosts/m3-atlas/services/gitea.nix
+33
View File
@@ -0,0 +1,33 @@
{
services.gitea = {
enable = true;
settings = {
server.ROOT_URL = "https://code.m3tam3re.com";
service.DISABLE_REGISTRATION = true;
};
lfs.enable = true;
dump = {
enable = true;
type = "tar.gz";
interval = "03:30:00";
backupDir = "/var/backup/gitea";
};
};
# Traefik configuration specific to gitea
services.traefik.dynamicConfigOptions.http = {
services.gitea.loadBalancer.servers = [
{
url = "http://localhost:3000/";
}
];
routers.gitea = {
rule = "Host(`code.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "gitea";
entrypoints = "websecure";
};
};
}
hosts/m3-atlas/services/headscale.nix
+33
View File
@@ -0,0 +1,33 @@
{
services = {
headscale = {
enable = true;
port = 3009;
settings = {
server_url = "https://va.m3tam3re.com";
dns = {
base_domain = "m3tam3re.loc";
};
logtail.enabled = false;
};
};
};
# Traefik configuration specific to
services.traefik.dynamicConfigOptions.http = {
services.headscale.loadBalancer.servers = [
{
url = "http://localhost:3009/";
}
];
routers.headscale = {
rule = "Host(`va.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "headscale";
entrypoints = "websecure";
};
};
}
hosts/m3-atlas/services/minio.nix
+41
View File
@@ -0,0 +1,41 @@
{config, ...}: {
services.minio = {
enable = true;
region = "eu-central-1";
consoleAddress = ":3007";
listenAddress = ":3008";
browser = true;
rootCredentialsFile = config.age.secrets.minio-root-cred.path;
dataDir = ["/var/storage/s3"];
};
# Traefik configuration specific to minio
services.traefik.dynamicConfigOptions.http = {
services.minio-console.loadBalancer.servers = [
{
url = "http://localhost:3007/";
}
];
services.minio.loadBalancer.servers = [
{
url = "http://localhost:3008/";
}
];
routers.minio = {
rule = "Host(`s3.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "minio";
entrypoints = "websecure";
};
routers.minio-console = {
rule = "Host(`minio.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "minio-console";
entrypoints = "websecure";
};
};
}
hosts/m3-atlas/services/mysql.nix
+22
View File
@@ -0,0 +1,22 @@
{pkgs, ...}: {
services.mysql = {
enable = true;
package = pkgs.mysql84;
ensureDatabases = [
"ghost"
"matomo"
];
initialScript = pkgs.writeText "initial-script.sql" ''
CREATE USER 'ghost'@'10.89.%' IDENTIFIED BY 'ghost';
GRANT ALL PRIVILEGES ON ghost.* TO 'ghost'@'10.89.%';
CREATE USER 'matomo'@'10.89.%' IDENTIFIED BY 'matomo';
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'10.89.%'; '';
};
services.mysqlBackup = {
enable = true;
calendar = "03:00:00";
databases = ["ghost" "matomo"];
};
networking.firewall.allowedTCPPorts = [3306];
}
hosts/m3-atlas/services/postgres.nix
+24
View File
@@ -0,0 +1,24 @@
{pkgs, ...}: {
services.postgresql = {
enable = true;
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.89.0.0/16 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow';
CREATE DATABASE baserow;
ALTER DATABASE baserow OWNER to baserow;
'';
};
services.postgresqlBackup = {
enable = true;
startAt = "03:10:00";
databases = ["baserow"];
};
networking.firewall.allowedTCPPorts = [5432];
}
hosts/m3-atlas/services/searx.nix
+28
View File
@@ -0,0 +1,28 @@
{pkgs, ...}: {
services.searx = {
enable = true;
package = pkgs.searxng;
settings = {
server.port = 3005;
server.secret_key = "@SEARX_SECRET_KEY@";
search.formats = ["html" "json"];
};
};
# Traefik configuration specific to searx
services.traefik.dynamicConfigOptions.http = {
services.searx.loadBalancer.servers = [
{
url = "http://localhost:3005/";
}
];
routers.searx = {
rule = "Host(`search.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "searx";
entrypoints = "websecure";
};
};
}
hosts/m3-atlas/services/tailscale.nix
+9
View File
@@ -0,0 +1,9 @@
{
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
networking.firewall = {
trustedInterfaces = ["tailscale0"];
};
}
hosts/m3-atlas/services/traefik.nix
+70
View File
@@ -0,0 +1,70 @@
{config, ...}: {
services.traefik = {
enable = true;
staticConfigOptions = {
log = {level = "WARN";};
certificatesResolvers = {
godaddy = {
acme = {
email = "letsencrypt.org.btlc2@passmail.net";
storage = "/var/lib/traefik/acme.json";
caserver = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "godaddy";
resolvers = ["1.1.1.1:53" "8.8.8.8:53"];
propagation.delayBeforeChecks = 60;
};
};
};
};
api = {};
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
rtmp = {
address = ":1935";
};
rtmps = {
address = ":1945";
};
websecure = {
address = ":443";
};
};
};
dynamicConfigOptions = {
http = {
middlewares = {
auth = {
basicAuth = {
users = ["m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."];
};
};
};
routers = {
api = {
rule = "Host(`r.m3tam3re.com`)";
service = "api@internal";
middlewares = ["auth"];
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
};
};
};
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile = ["${config.age.secrets.traefik.path}"];
};
networking.firewall.allowedTCPPorts = [80 443];
}
hosts/m3-atlas/services/wastebin.nix
+28
View File
@@ -0,0 +1,28 @@
{
services.wastebin = {
enable = true;
settings = {
WASTEBIN_TITLE = "m3tam3re's wastebin";
WASTEBIN_BASE_URL = "https://bin.m3tam3re.com";
WASTEBIN_ADDRESS_PORT = "0.0.0.0:3003";
WASTEBIN_MAX_BODY_SIZE = 1048576;
};
};
# Traefik configuration specific to wastebin
services.traefik.dynamicConfigOptions.http = {
services.wastebin.loadBalancer.servers = [
{
url = "http://localhost:3003/";
}
];
routers.wastebin = {
rule = "Host(`bin.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "wastebin";
entrypoints = "websecure";
};
};
}
hosts/m3-helios/configuration.nix
+111
View File
@@ -0,0 +1,111 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{pkgs, ...}: {
imports = [
# Include the results of the hardware scan.
./disko-config.nix
./hardware-configuration.nix
];
# Bootloader.
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
networking.hostName = "m3-helios"; # Define your hostname.
networking.hostId = "3ebf1cd3";
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [neovim git];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.fstrim = {
enable = true; # For SSD/thin-provisioned storage
interval = "weekly";
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}
hosts/m3-helios/default.nix
+50
View File
@@ -0,0 +1,50 @@
# A staring point is the basic NIXOS configuration generated by the ISO installer.
# On an existing NIXOS install you can use the following command in your flakes basedir:
# sudo nixos-generate-config --dir ./hosts/m3tam3re
#
# Please make sure to change the first couple of lines in your configuration.nix:
# { config, inputs, ouputs, lib, pkgs, ... }:
#
# {
# imports = [ # Include the results of the hardware scan.
# ./hardware-configuration.nix
# inputs.home-manager.nixosModules.home-manager
# ];
# ...
#
# Moreover please update the packages option in your user configuration and add the home-manager options:
# users.users = {
# m3tam3re = {
# isNormalUser = true;
# initialPassword = "12345";
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
# };
# };
#
# home-manager = {
# useUserPackages = true;
# extraSpecialArgs = { inherit inputs outputs; };
# users.m3tam3re =
# import ../../home/m3tam3re/${config.networking.hostName}.nix;
# };
#
# Please also change your hostname accordingly:
#:w
# networking.hostName = "nixos"; # Define your hostname.
{
imports = [
../common
./configuration.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = true;
ollama.enable = false;
podman.enable = true;
virtualisation.enable = false;
};
}
hosts/m3-helios/disko-config.nix
+39
View File
@@ -0,0 +1,39 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for GRUB MBR
priority = 1;
};
esp = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["noatime" "nodiratime" "discard"];
};
};
};
};
};
};
};
}
hosts/m3-helios/hardware-configuration.nix
+24
View File
@@ -0,0 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}
hosts/m3-helios/programs.nix
+14
View File
@@ -0,0 +1,14 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.fish.enable = true;
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nixos/nixos-config";
};
}
hosts/m3-helios/secrets.nix
+15
View File
@@ -0,0 +1,15 @@
{
age = {
secrets = {
traefik = {
file = ../../secrets/traefik.age;
mode = "770";
owner = "traefik";
};
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
};
}
hosts/m3-helios/services/adguard.nix
+25
View File
@@ -0,0 +1,25 @@
{
services.adguardhome = {
enable = true;
openFirewall = true;
settings = {
dns = {
port = 53;
upstream_dns = [
"1.1.1.1"
"8.8.8.8"
];
};
filtering = {
rewrites = [
{
domain = "*.l.m3tam3re.com";
answer = "192.168.178.210";
}
];
};
};
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
}
hosts/m3-helios/services/containers/default.nix
+5
View File
@@ -0,0 +1,5 @@
{
imports = [
./homarr.nix
];
}
hosts/m3-helios/services/containers/homarr.nix
+11
View File
@@ -0,0 +1,11 @@
{
virtualisation.oci-containers.containers."homarr" = {
image = "ghcr.io/ajnart/homarr:latest";
ports = ["7575:7575"];
volumes = [
"homarr-configs:/app/data/configs"
"homarr-icons:/app/public/icons"
"homarr-data:/data"
];
};
}
hosts/m3-helios/services/default.nix
+13
View File
@@ -0,0 +1,13 @@
{
imports = [
./adguard.nix
./containers
./traefik.nix
];
systemd.sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
}
hosts/m3-helios/services/traefik.nix
+152
View File
@@ -0,0 +1,152 @@
{config, ...}: {
services.traefik = {
enable = true;
staticConfigOptions = {
log = {level = "WARN";};
certificatesResolvers = {
godaddy = {
acme = {
email = "letsencrypt.org.btlc2@passmail.net";
storage = "/var/lib/traefik/acme.json";
caserver = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "godaddy";
};
};
};
};
api = {};
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {address = ":443";};
};
};
dynamicConfigOptions = {
http = {
middlewares = {
auth = {
basicAuth = {
users = ["m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."];
};
};
default-headers = {
headers = {
frameDeny = "true";
browserXssFilter = "true";
contentTypeNosniff = "true";
forceSTSHeader = "true";
stsIncludeSubdomains = true;
stsPreload = true;
stsSeconds = 15552000;
customFrameOptionsValue = "SAMEORIGIN";
customResponseHeaders = {
X-Forwarded-Proto = "https";
};
};
};
default-whitelist = {
ipAllowList = {
sourceRange = ["10.0.0.0/8" "192.168.178.0/16"];
};
};
secured = {
chain = {
middlewares = ["default-headers" "default-whitelist"];
};
};
};
services = {
m3-prox-1.loadBalancer = {
servers = [
{url = "https://192.168.178.200:8006";}
];
passHostHeader = true;
serversTransport = "pve";
};
ag.loadBalancer.servers = [
{url = "http://192.168.178.210:3000";}
];
homarr.loadBalancer.servers = [
{url = "http://192.168.178.210:7575";}
];
plex.loadBalancer.servers = [
{url = "http://192.168.178.175:32400";}
];
skynet.loadBalancer.servers = [
{url = "http://192.168.178.175:5000";}
];
};
# Skip verification for PVE servers
serversTransports = {
pve = {insecureSkipVerify = true;};
};
routers = {
api = {
rule = "Host(`traefik.l.m3tam3re.com`)";
service = "api@internal";
middlewares = ["auth"];
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
m3-prox-1 = {
rule = "Host(`m3-prox-1.l.m3tam3re.com`)";
service = "m3-prox-1";
middlewares = ["default-headers"];
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
ag = {
rule = "Host(`ag.l.m3tam3re.com`)";
service = "ag";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
homarr = {
rule = "Host(`dash.l.m3tam3re.com`)";
service = "homarr";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
plex = {
rule = "Host(`plex.l.m3tam3re.com`)";
service = "plex";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
skynet = {
rule = "Host(`skynet.l.m3tam3re.com`)";
service = "homarr";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
};
};
};
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile = ["${config.age.secrets.traefik.path}"];
};
networking.firewall.allowedTCPPorts = [80 443];
}
hosts/m3-kratos/configuration.nix
+125
View File
@@ -0,0 +1,125 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{pkgs, ...}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.supportedFilesystems = ["zfs"];
boot.zfs.package = pkgs.zfs_unstable;
boot.zfs.forceImportAll = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.kernelModules = ["amdgpu"];
services.xserver.videoDrivers = ["amdgpu"];
security.polkit.enable = true;
security.pam.services.gdm.enableGnomeKeyring = true;
networking.hostName = "m3-kratos"; # Define your hostname.
networking.hostId = "458bd616";
networking.extraHosts = ''
127.0.0.1 releases.warp.dev
127.0.0.1 app.warp.dev
'';
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [neovim git n8n];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
settings = {
PasswordAuthentication = false;
};
};
services.fstrim.enable = true;
services.zfs.autoSnapshot.enable = true;
services.zfs.autoScrub.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}
hosts/m3-kratos/default.nix
+57
View File
@@ -0,0 +1,57 @@
# A staring point is the basic NIXOS configuration generated by the ISO installer.
# On an existing NIXOS install you can use the following command in your flakes basedir:
# sudo nixos-generate-config --dir ./hosts/m3tam3re
#
# Please make sure to change the first couple of lines in your configuration.nix:
# { config, inputs, ouputs, lib, pkgs, ... }:
#
# {
# imports = [ # Include the results of the hardware scan.
# ./hardware-configuration.nix
# inputs.home-manager.nixosModules.home-manager
# ];
# ...
#
# Moreover please update the packages option in your user configuration and add the home-manager options:
# users.users = {
# m3tam3re = {
# isNormalUser = true;
# initialPassword = "12345";
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
# };
# };
#
# home-manager = {
# useUserPackages = true;
# extraSpecialArgs = { inherit inputs outputs; };
# users.m3tam3re =
# import ../../home/m3tam3re/${config.networking.hostName}.nix;
# };
#
# Please also change your hostname accordingly:
#:w
# networking.hostName = "nixos"; # Define your hostname.
{
imports = [
../common
./configuration.nix
./hardware.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = true;
ollama.enable = true;
podman.enable = true;
virtualisation.enable = true;
};
services.ollama = {
environmentVariables = {
HCC_AMDGPU_TARGET = "gfx1100";
};
rocmOverrideGfx = "11.0.0";
};
}
hosts/m3-kratos/hardware-configuration.nix
+80
View File
@@ -0,0 +1,80 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.supportedFilesystems = ["nfs"];
fileSystems."/" = {
device = "rpool/root";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "rpool/nix";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/home";
fsType = "zfs";
};
fileSystems."/var" = {
device = "rpool/var";
fsType = "zfs";
};
fileSystems."/tmp" = {
device = "rpool/tmp";
fsType = "zfs";
};
fileSystems."/var/log" = {
device = "rpool/var/log";
fsType = "zfs";
};
fileSystems."/var/tmp" = {
device = "rpool/var/tmp";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2FE7-15B4";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/mnt/skynet" = {
device = "192.168.1.100:/volume3/m3-skynet";
fsType = "nfs";
options = ["noauto" "x-systemd.automount"];
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp16s0u1u4u5.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
hosts/m3-kratos/hardware.nix
+8
View File
@@ -0,0 +1,8 @@
{
hardware = {
amdgpu.opencl.enable = true;
bluetooth.enable = true;
keyboard.zsa.enable = true;
graphics.enable = true;
};
}
hosts/m3-kratos/programs.nix
+40
View File
@@ -0,0 +1,40 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.adb.enable = true;
programs.hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
};
programs.gamescope = {
enable = true;
capSysNice = true;
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession.enable = true;
};
programs.fish.enable = true;
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
settings = {default-cache-ttl = 10800;};
};
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nixos/nixos-config";
};
}
hosts/m3-kratos/secrets.nix
+31
View File
@@ -0,0 +1,31 @@
{
age = {
secrets = {
wg-DE = {
file = ../../secrets/wg-DE.age;
path = "/etc/wireguard/DE.conf";
};
wg-NL = {
file = ../../secrets/wg-NL.age;
path = "/etc/wireguard/NL.conf";
};
wg-NO = {
file = ../../secrets/wg-NO.age;
path = "/etc/wireguard/NO.conf";
};
wg-US = {
file = ../../secrets/wg-US.age;
path = "/etc/wireguard/US.conf";
};
wg-BR = {
file = ../../secrets/wg-BR.age;
path = "/etc/wireguard/BR.conf";
};
tailscale-key.file = ../../secrets/tailscale-key.age;
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
};
}
hosts/m3-kratos/services/containers/default.nix
+4
View File
@@ -0,0 +1,4 @@
{
imports = [
];
}
hosts/m3-kratos/services/default.nix
+34
View File
@@ -0,0 +1,34 @@
{
imports = [
./containers
./n8n.nix
./postgres.nix
./sound.nix
./udev.nix
./wireguard.nix
];
services = {
hypridle.enable = true;
printing.enable = true;
gvfs.enable = true;
tailscale.enable = true;
trezord.enable = true;
gnome.gnome-keyring.enable = true;
qdrant.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
publish = {
addresses = true;
workstation = true;
userServices = true;
};
};
};
systemd.sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
}
hosts/m3-kratos/services/n8n.nix
+12
View File
@@ -0,0 +1,12 @@
{
services.n8n = {
enable = true;
openFirewall = true;
};
systemd.services.n8n = {
environment = {
N8N_SECURE_COOKIE = "false";
N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = "false";
};
};
}
hosts/m3-kratos/services/postgres.nix
+24
View File
@@ -0,0 +1,24 @@
{pkgs, ...}: {
services.postgresql = {
enable = true;
enableTCPIP = true;
package = pkgs.postgresql_17;
extensions = with pkgs.postgresql17Packages; [
pgvector
];
authentication = ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.88.0.0/16 trust
host all all 10.89.0.0/16 trust
'';
initialScript = pkgs.writeText "initialScript.sql" ''
CREATE USER n8n WITH PASSWORD 'n8n';
CREATE DATABASE n8n;
GRANT ALL PRIVILEGES ON DATABASE n8n TO n8n;
'';
};
networking.firewall.allowedTCPPorts = [5432];
}

Some files were not shown because too many files have changed in this diff Show More