From 053d5662889ed4e77cb52edf6abafd32a90f610c Mon Sep 17 00:00:00 2001 From: PygmySurfer Date: Sat, 31 Jan 2026 23:30:39 -0400 Subject: [PATCH] initial commit --- .migrate | 29 +++ flake.lock | 179 ++++++++++++++++++ flake.nix | 61 ++++++ home/default.nix | 48 +++++ systems/common/services/forgejo.nix | 31 +++ systems/common/services/immich.nix | 43 +++++ systems/nixos/daedalus/default.nix | 142 ++++++++++++++ .../nixos/daedalus/hardware-configuration.nix | 52 +++++ 8 files changed, 585 insertions(+) create mode 100644 .migrate create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 home/default.nix create mode 100644 systems/common/services/forgejo.nix create mode 100644 systems/common/services/immich.nix create mode 100644 systems/nixos/daedalus/default.nix create mode 100644 systems/nixos/daedalus/hardware-configuration.nix diff --git a/.migrate b/.migrate new file mode 100644 index 0000000..80fc17e --- /dev/null +++ b/.migrate @@ -0,0 +1,29 @@ +{ + "lastRun": "1694360000000-create-folders.js", + "migrations": [ + { + "title": "1694360000000-create-folders.js", + "timestamp": 1767368832652 + }, + { + "title": "1694360479680-create-account-db.js", + "timestamp": null + }, + { + "title": "1694362247011-create-secret-table.js", + "timestamp": null + }, + { + "title": "1702667624000-rename-nordigen-secrets.js", + "timestamp": null + }, + { + "title": "1718889148000-openid.js", + "timestamp": null + }, + { + "title": "1719409568000-multiuser.js", + "timestamp": null + } + ] +} \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..d38a23d --- /dev/null +++ b/flake.lock @@ -0,0 +1,179 @@ +{ + "nodes": { + "alejandra": { + "inputs": { + "fenix": "fenix", + "flakeCompat": "flakeCompat", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744324181, + "narHash": "sha256-Oi1n2ncF4/AWeY6X55o2FddIRICokbciqFYK64XorYk=", + "owner": "kamadorueda", + "repo": "alejandra", + "rev": "3e2a85506627062313e131bf8a85315f3387c8e0", + "type": "github" + }, + "original": { + "owner": "kamadorueda", + "ref": "4.0.0", + "repo": "alejandra", + "type": "github" + } + }, + "catppuccin": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1769784115, + "narHash": "sha256-QIZLsan8c+Kje4rqlXUd9KW/Rmpss5p5GNqV0V12OY8=", + "owner": "catppuccin", + "repo": "nix", + "rev": "d745dab3172e426fef9767f46651ba073db4d04b", + "type": "github" + }, + "original": { + "owner": "catppuccin", + "repo": "nix", + "type": "github" + } + }, + "fenix": { + "inputs": { + "nixpkgs": [ + "alejandra", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1730615655, + "narHash": "sha256-2HBR3zLn57LXKNRtxBb+O+uDqHM4n0pz51rPayMl4cg=", + "owner": "nix-community", + "repo": "fenix", + "rev": "efeb50e2535b17ffd4a135e6e3e5fd60a525180c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, + "flakeCompat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769872935, + "narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1769598131, + "narHash": "sha256-e7VO/kGLgRMbWtpBqdWl0uFg8Y2XWFMdz0uUJvlML8o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fa83fd837f3098e3e678e6cf017b2b36102c7211", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "alejandra": "alejandra", + "catppuccin": "catppuccin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" + } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1730555913, + "narHash": "sha256-KNHZUlqsEibg3YtfUyOFQSofP8hp1HKoY+laoesBxRM=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "f17a5bbfd0969ba2e63a74505a80e55ecb174ed9", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..dafefa9 --- /dev/null +++ b/flake.nix @@ -0,0 +1,61 @@ +{ + description = "Daedalus system configuration"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + catppuccin.url = "github:catppuccin/nix"; + + alejandra = { + url = "github:kamadorueda/alejandra/4.0.0"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ nixpkgs, nixpkgs-stable, home-manager, catppuccin, alejandra, ... }: { + nixosConfigurations = { + daedalus = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + # Or just pass stable directly: + pkgs-stable = import nixpkgs-stable { + system = "x86_64-linux"; + config.allowUnfree = true; + }; + }; + + modules = [ + { + environment.systemPackages = [alejandra.defaultPackage.${system}]; + } + ./systems/nixos/daedalus + + catppuccin.nixosModules.catppuccin + home-manager.nixosModules.home-manager + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + + home-manager.users.klesperance = { + imports = [ + ./home + catppuccin.homeModules.catppuccin + ]; + }; + } + ]; + # Optionally, use home-manager.extraSpecialArgs to pass arguments to home.nix + }; + }; + }; +} diff --git a/home/default.nix b/home/default.nix new file mode 100644 index 0000000..3bf122f --- /dev/null +++ b/home/default.nix @@ -0,0 +1,48 @@ +{ config, pkgs, lib, ... }: + +{ + home.username = "klesperance"; + home.homeDirectory = "/home/klesperance"; + + home.packages = with pkgs; [ + + ]; + + programs.git = { + enable = true; + settings = { + user.name = "PygmySurfer"; + user.email = "github@sysrq.ca"; + }; + }; + + programs.bash = { + enable = true; + enableCompletion = true; + }; + + programs.zsh = { + enable = true; + }; + + catppuccin = { + starship.enable = true; + }; + + programs.starship = { + enable = true; + enableZshIntegration = true; + enableBashIntegration = true; +# settings = lib.mkMerge [ +# (builtins.fromTOML +# (builtins.readFile "${pkgs.starship}/share/starship/presets/catppuccin-powerline.toml" +# )) +# { +# # here goes my custom configurations +# palette = lib.mkForce "catppuccin_frappe"; +# } +# ]; + }; + + home.stateVersion = "25.11"; +} diff --git a/systems/common/services/forgejo.nix b/systems/common/services/forgejo.nix new file mode 100644 index 0000000..79bdeab --- /dev/null +++ b/systems/common/services/forgejo.nix @@ -0,0 +1,31 @@ +{ + lib, + pkgs, + ... +}: +{ + services.forgejo = { + enable = true; + }; + + services.caddy = { + enable = true; + + virtualHosts = { + "forgejo.sysrq.ca" = { + extraConfig = '' + encode gzip + + # Automatically handle HTTPS via Let’s Encrypt + # Caddy will request and renew certs for immich.sysrq.ca + + reverse_proxy http://192.168.0.60:3000 { + } + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 3000 ]; + +} diff --git a/systems/common/services/immich.nix b/systems/common/services/immich.nix new file mode 100644 index 0000000..faa7622 --- /dev/null +++ b/systems/common/services/immich.nix @@ -0,0 +1,43 @@ +{ + lib, + pkgs, + ... +}: +{ + services.immich = { + enable = true; + port = 2283; + host = "0.0.0.0"; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "kellyl@sysrq.ca"; + }; + + services.caddy = { + enable = true; + + virtualHosts = { + "immich.sysrq.ca" = { + extraConfig = '' + encode gzip + + # Automatically handle HTTPS via Let’s Encrypt + # Caddy will request and renew certs for immich.sysrq.ca + + reverse_proxy http://192.168.0.60:2283 { + # If Immich uses WebSockets, Caddy will proxy them automatically + # Add headers if you want forward real client IP + header_up X-Real-IP {remote_host} + header_up X-Forwarded-For {remote_host} + header_up Host {host} + } + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 2283 ]; + +} diff --git a/systems/nixos/daedalus/default.nix b/systems/nixos/daedalus/default.nix new file mode 100644 index 0000000..1cfce18 --- /dev/null +++ b/systems/nixos/daedalus/default.nix @@ -0,0 +1,142 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + nix.settings = { + experimental-features = [ "nix-command" "flakes" ]; + download-buffer-size = 524288000; # 500 MiB + }; + + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ../../common/services/immich.nix + ../../common/services/forgejo.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking = { + hostName = "daedalus"; # Define your hostname. + networkmanager.enable = false; + hostId = "8675309e"; + useDHCP = false; + }; + + systemd.network = { + enable = true; + networks."10-lan" = { + matchConfig.Name = "enp1s0"; + DHCP = "ipv4"; + linkConfig.RequiredForOnline = "routable"; + }; + }; + + # Set your time zone. + time.timeZone = "America/Halifax"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + services.zfs.autoScrub.enable = true; + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # services.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.klesperance = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + tree + ]; + }; + + # programs.firefox.enable = true; + + # List packages installed in system profile. + # You can use https://search.nixos.org/ to find more packages (and options). + environment.systemPackages = with pkgs; [ + git + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.11"; # Did you read the comment? + +} + diff --git a/systems/nixos/daedalus/hardware-configuration.nix b/systems/nixos/daedalus/hardware-configuration.nix new file mode 100644 index 0000000..7b460be --- /dev/null +++ b/systems/nixos/daedalus/hardware-configuration.nix @@ -0,0 +1,52 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "ums_realtek" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "zpool/root"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/nix" = + { device = "zpool/nix"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/var" = + { device = "zpool/var"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/home" = + { device = "zpool/home"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/264E-C996"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/535e42f8-c102-435a-83ba-93b07e8bd3f7"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}