klesperance/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial commit

Browse source
This commit is contained in:
PygmySurfer 2026-01-31 23:30:39 -04:00
commit 053d566288
8 changed files with 585 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

29
.migrate Normal file
View file

@ -0,0 +1,29 @@
{
"lastRun": "1694360000000-create-folders.js",
"migrations": [
{
"title": "1694360000000-create-folders.js",
"timestamp": 1767368832652
},
{
"title": "1694360479680-create-account-db.js",
"timestamp": null
},
{
"title": "1694362247011-create-secret-table.js",
"timestamp": null
},
{
"title": "1702667624000-rename-nordigen-secrets.js",
"timestamp": null
},
{
"title": "1718889148000-openid.js",
"timestamp": null
},
{
"title": "1719409568000-multiuser.js",
"timestamp": null
}
]
}

179
flake.lock generated Normal file
View file

@ -0,0 +1,179 @@
{
"nodes": {
"alejandra": {
"inputs": {
"fenix": "fenix",
"flakeCompat": "flakeCompat",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1744324181,
"narHash": "sha256-Oi1n2ncF4/AWeY6X55o2FddIRICokbciqFYK64XorYk=",
"owner": "kamadorueda",
"repo": "alejandra",
"rev": "3e2a85506627062313e131bf8a85315f3387c8e0",
"type": "github"
},
"original": {
"owner": "kamadorueda",
"ref": "4.0.0",
"repo": "alejandra",
"type": "github"
}
},
"catppuccin": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1769784115,
"narHash": "sha256-QIZLsan8c+Kje4rqlXUd9KW/Rmpss5p5GNqV0V12OY8=",
"owner": "catppuccin",
"repo": "nix",
"rev": "d745dab3172e426fef9767f46651ba073db4d04b",
"type": "github"
},
"original": {
"owner": "catppuccin",
"repo": "nix",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"alejandra",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1730615655,
"narHash": "sha256-2HBR3zLn57LXKNRtxBb+O+uDqHM4n0pz51rPayMl4cg=",
"owner": "nix-community",
"repo": "fenix",
"rev": "efeb50e2535b17ffd4a135e6e3e5fd60a525180c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flakeCompat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769872935,
"narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1769598131,
"narHash": "sha256-e7VO/kGLgRMbWtpBqdWl0uFg8Y2XWFMdz0uUJvlML8o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fa83fd837f3098e3e678e6cf017b2b36102c7211",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"alejandra": "alejandra",
"catppuccin": "catppuccin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1730555913,
"narHash": "sha256-KNHZUlqsEibg3YtfUyOFQSofP8hp1HKoY+laoesBxRM=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "f17a5bbfd0969ba2e63a74505a80e55ecb174ed9",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

61
flake.nix Normal file
View file

@ -0,0 +1,61 @@
{
description = "Daedalus system configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
catppuccin.url = "github:catppuccin/nix";
alejandra = {
url = "github:kamadorueda/alejandra/4.0.0";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs@{ nixpkgs, nixpkgs-stable, home-manager, catppuccin, alejandra, ... }: {
nixosConfigurations = {
daedalus = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
# Or just pass stable directly:
pkgs-stable = import nixpkgs-stable {
system = "x86_64-linux";
config.allowUnfree = true;
};
};
modules = [
{
environment.systemPackages = [alejandra.defaultPackage.${system}];
}
./systems/nixos/daedalus
catppuccin.nixosModules.catppuccin
home-manager.nixosModules.home-manager
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.klesperance = {
imports = [
./home
catppuccin.homeModules.catppuccin
];
};
}
];
# Optionally, use home-manager.extraSpecialArgs to pass arguments to home.nix
};
};
};
}

48
home/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ config, pkgs, lib, ... }:
{
home.username = "klesperance";
home.homeDirectory = "/home/klesperance";
home.packages = with pkgs; [
];
programs.git = {
enable = true;
settings = {
user.name = "PygmySurfer";
user.email = "github@sysrq.ca";
};
};
programs.bash = {
enable = true;
enableCompletion = true;
};
programs.zsh = {
enable = true;
};
catppuccin = {
starship.enable = true;
};
programs.starship = {
enable = true;
enableZshIntegration = true;
enableBashIntegration = true;
# settings = lib.mkMerge [
# (builtins.fromTOML
# (builtins.readFile "${pkgs.starship}/share/starship/presets/catppuccin-powerline.toml"
# ))
# {
# # here goes my custom configurations
# palette = lib.mkForce "catppuccin_frappe";
# }
# ];
};
home.stateVersion = "25.11";
}

31
systems/common/services/forgejo.nix Normal file
View file

@ -0,0 +1,31 @@
{
lib,
pkgs,
...
}:
{
services.forgejo = {
enable = true;
};
services.caddy = {
enable = true;
virtualHosts = {
"forgejo.sysrq.ca" = {
extraConfig = ''
encode gzip
# Automatically handle HTTPS via Lets Encrypt
# Caddy will request and renew certs for immich.sysrq.ca
reverse_proxy http://192.168.0.60:3000 {
}
'';
};
};
};
networking.firewall.allowedTCPPorts = [ 3000 ];
}

43
systems/common/services/immich.nix Normal file
View file

@ -0,0 +1,43 @@
{
lib,
pkgs,
...
}:
{
services.immich = {
enable = true;
port = 2283;
host = "0.0.0.0";
};
security.acme = {
acceptTerms = true;
defaults.email = "kellyl@sysrq.ca";
};
services.caddy = {
enable = true;
virtualHosts = {
"immich.sysrq.ca" = {
extraConfig = ''
encode gzip
# Automatically handle HTTPS via Lets Encrypt
# Caddy will request and renew certs for immich.sysrq.ca
reverse_proxy http://192.168.0.60:2283 {
# If Immich uses WebSockets, Caddy will proxy them automatically
# Add headers if you want forward real client IP
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up Host {host}
}
'';
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 2283 ];
}

142
systems/nixos/daedalus/default.nix Normal file
View file

@ -0,0 +1,142 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
download-buffer-size = 524288000; # 500 MiB
};
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../common/services/immich.nix
../../common/services/forgejo.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking = {
hostName = "daedalus"; # Define your hostname.
networkmanager.enable = false;
hostId = "8675309e";
useDHCP = false;
};
systemd.network = {
enable = true;
networks."10-lan" = {
matchConfig.Name = "enp1s0";
DHCP = "ipv4";
linkConfig.RequiredForOnline = "routable";
};
};
# Set your time zone.
time.timeZone = "America/Halifax";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
services.zfs.autoScrub.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# services.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.klesperance = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [
tree
];
};
# programs.firefox.enable = true;
# List packages installed in system profile.
# You can use https://search.nixos.org/ to find more packages (and options).
environment.systemPackages = with pkgs; [
git
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.11"; # Did you read the comment?
}

52
systems/nixos/daedalus/hardware-configuration.nix Normal file
View file

@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "ums_realtek" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "zpool/root";
fsType = "zfs";
options = [ "zfsutil" ];
};
fileSystems."/nix" =
{ device = "zpool/nix";
fsType = "zfs";
options = [ "zfsutil" ];
};
fileSystems."/var" =
{ device = "zpool/var";
fsType = "zfs";
options = [ "zfsutil" ];
};
fileSystems."/home" =
{ device = "zpool/home";
fsType = "zfs";
options = [ "zfsutil" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/264E-C996";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/535e42f8-c102-435a-83ba-93b07e8bd3f7"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}