aboutsummaryrefslogtreecommitdiff
path: root/modules/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos')
-rw-r--r--modules/nixos/desktop/cinnamon/default.nix24
-rw-r--r--modules/nixos/desktop/gnome/default.nix31
-rw-r--r--modules/nixos/desktop/kde/default.nix27
-rw-r--r--modules/nixos/dns/default.nix56
-rw-r--r--modules/nixos/hardware/audio/default.nix19
-rw-r--r--modules/nixos/hardware/bluetooth/default.nix24
-rw-r--r--modules/nixos/hardware/printer/default.nix25
-rw-r--r--modules/nixos/hardware/wooting/default.nix18
-rw-r--r--modules/nixos/mullvad-vpn/default.nix18
-rw-r--r--modules/nixos/openssh/default.nix26
-rw-r--r--modules/nixos/plymouth/default.nix41
-rw-r--r--modules/nixos/server/nextcloud/default.nix138
-rw-r--r--modules/nixos/server/nginx/default.nix42
-rw-r--r--modules/nixos/server/openssh/default.nix44
-rw-r--r--modules/nixos/server/site/default.nix28
-rw-r--r--modules/nixos/steam/default.nix28
-rw-r--r--modules/nixos/sunshine/default.nix22
17 files changed, 0 insertions, 611 deletions
diff --git a/modules/nixos/desktop/cinnamon/default.nix b/modules/nixos/desktop/cinnamon/default.nix
deleted file mode 100644
index f86434b..0000000
--- a/modules/nixos/desktop/cinnamon/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf mkForce;
- cfg = config.nx.desktop.cinnamon;
-in
-{
- options.nx.desktop.cinnamon.enable = mkEnableOption "Cinnamon desktop";
-
- config = mkIf cfg.enable {
- services.xserver = {
- enable = true;
- displayManager.lightdm.enable = true;
- desktopManager.cinnamon.enable = true;
- };
- services.speechd.enable = mkForce false;
- services.orca.enable = mkForce false;
- environment.systemPackages = [ pkgs.nemo-preview ];
- };
-}
diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix
deleted file mode 100644
index 3be22d5..0000000
--- a/modules/nixos/desktop/gnome/default.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.desktop.gnome;
-in
-{
- options.nx.desktop.gnome.enable = mkEnableOption "GNOME desktop";
-
- config = mkIf cfg.enable {
- services.displayManager.gdm.enable = true;
- services.desktopManager.gnome.enable = true;
- services.gnome.core-developer-tools.enable = false;
- services.gnome.games.enable = false;
-
- environment.gnome.excludePackages = with pkgs; [
- gnome-tour
- gnome-user-docs
- epiphany
- ];
- environment.systemPackages = with pkgs; [
- gnomeExtensions.pop-shell
- gnomeExtensions.blur-my-shell
- gnome-tweaks
- ];
- };
-}
diff --git a/modules/nixos/desktop/kde/default.nix b/modules/nixos/desktop/kde/default.nix
deleted file mode 100644
index c267d19..0000000
--- a/modules/nixos/desktop/kde/default.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.desktop.kde;
-in
-{
- options.nx.desktop.kde.enable = mkEnableOption "KDE Plasma 6 desktop";
-
- config = mkIf cfg.enable {
- services.displayManager.sddm = {
- enable = true;
- wayland.enable = true;
- };
- services.desktopManager.plasma6.enable = true;
- security.pam.services.sddm.enableKwallet = true;
- environment.plasma6.excludePackages = with pkgs.kdePackages; [
- elisa
- kate
- ];
- environment.systemPackages = with pkgs.kdePackages; [ kcalc ];
- };
-}
diff --git a/modules/nixos/dns/default.nix b/modules/nixos/dns/default.nix
deleted file mode 100644
index 0cc1766..0000000
--- a/modules/nixos/dns/default.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ config, lib, ... }:
-let
- inherit (lib)
- mkEnableOption
- mkOption
- types
- mkIf
- concatStringsSep
- ;
- cfg = config.nx.dns;
-in
-{
- options.nx.dns = {
- enable = mkEnableOption "DNS-over-TLS via systemd-resolved";
- servers = mkOption {
- type = types.listOf types.str;
- default = [
- "1.1.1.1#cloudflare-dns.com"
- "1.0.0.1#cloudflare-dns.com"
- "9.9.9.9#dns.quad9.net"
- "149.112.112.112#dns.quad9.net"
- ];
- };
- fallbackServers = mkOption {
- type = types.listOf types.str;
- default = [
- "8.8.8.8#dns.google"
- "8.8.4.4#dns.google"
- ];
- };
- };
-
- config = mkIf cfg.enable {
- services.resolved = {
- enable = true;
- settings = {
- Resolve = {
- DNS = cfg.servers;
- FallbackDNS = cfg.fallbackServers;
- DNSSEC = true;
- DNSOverTLS = true;
- Domains = [ "~." ];
- };
- };
- };
- networking = {
- nameservers = cfg.servers;
- networkmanager.dns = lib.mkDefault "systemd-resolved";
- };
- systemd.services.systemd-resolved.environment = {
- DNS = concatStringsSep " " cfg.servers;
- FallbackDNS = concatStringsSep " " cfg.fallbackServers;
- };
- };
-
-}
diff --git a/modules/nixos/hardware/audio/default.nix b/modules/nixos/hardware/audio/default.nix
deleted file mode 100644
index 66c9606..0000000
--- a/modules/nixos/hardware/audio/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, lib, ... }:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.hardware.audio;
-in
-{
- options.nx.hardware.audio.enable = mkEnableOption "PipeWire audio";
-
- config = mkIf cfg.enable {
- security.rtkit.enable = true;
- services.pipewire = {
- enable = true;
- alsa.enable = true;
- alsa.support32Bit = true;
- pulse.enable = true;
- wireplumber.enable = true;
- };
- };
-}
diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix
deleted file mode 100644
index 1bb9014..0000000
--- a/modules/nixos/hardware/bluetooth/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, lib, ... }:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.hardware.bluetooth;
-in
-{
- options.nx.hardware.bluetooth.enable = mkEnableOption "Bluetooth support";
-
- config = mkIf cfg.enable {
- hardware.bluetooth = {
- enable = true;
- powerOnBoot = true;
- settings = {
- General = {
- Experimental = true;
- FastConnectable = true;
- };
- Policy = {
- AutoEnable = true;
- };
- };
- };
- };
-}
diff --git a/modules/nixos/hardware/printer/default.nix b/modules/nixos/hardware/printer/default.nix
deleted file mode 100644
index 09b6da4..0000000
--- a/modules/nixos/hardware/printer/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.hardware.printer;
-in
-{
- options.nx.hardware.printer.enable = mkEnableOption "printer support";
-
- config = mkIf cfg.enable {
- services.printing = {
- enable = true;
- drivers = [ pkgs.brlaser ];
- };
- services.avahi = {
- enable = true;
- nssmdns4 = true;
- openFirewall = true;
- };
- };
-}
diff --git a/modules/nixos/hardware/wooting/default.nix b/modules/nixos/hardware/wooting/default.nix
deleted file mode 100644
index 7f6e3c6..0000000
--- a/modules/nixos/hardware/wooting/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.hardware.wooting;
-in
-{
- options.nx.hardware.wooting.enable = mkEnableOption "Wooting keyboard support";
-
- config = mkIf cfg.enable {
- services.udev.packages = [ pkgs.wooting-udev-rules ];
- environment.systemPackages = [ pkgs.wootility ];
- };
-}
diff --git a/modules/nixos/mullvad-vpn/default.nix b/modules/nixos/mullvad-vpn/default.nix
deleted file mode 100644
index 0c12d17..0000000
--- a/modules/nixos/mullvad-vpn/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.mullvad-vpn;
-in
-{
- options.nx.mullvad-vpn.enable = mkEnableOption "Mullvad VPN";
-
- config = mkIf cfg.enable {
- services.mullvad-vpn.enable = true;
- environment.systemPackages = [ pkgs.mullvad-vpn ];
- };
-}
diff --git a/modules/nixos/openssh/default.nix b/modules/nixos/openssh/default.nix
deleted file mode 100644
index a37dfec..0000000
--- a/modules/nixos/openssh/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, lib, ... }:
-let
- inherit (lib)
- mkEnableOption
- mkOption
- types
- mkIf
- ;
- cfg = config.nx.services.openssh;
-in
-{
- options.nx.services.openssh = {
- enable = mkEnableOption "OpenSSH server";
- allowedUsers = mkOption {
- type = types.listOf types.str;
- default = [ ];
- };
- };
-
- config = mkIf cfg.enable {
- services.openssh = {
- enable = true;
- settings.AllowUsers = cfg.allowedUsers;
- };
- };
-}
diff --git a/modules/nixos/plymouth/default.nix b/modules/nixos/plymouth/default.nix
deleted file mode 100644
index dd8d79a..0000000
--- a/modules/nixos/plymouth/default.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.plymouth;
-in
-{
- options.nx.plymouth.enable = mkEnableOption "Plymouth";
-
- config = mkIf cfg.enable {
- boot = {
- # Show password prompt for encrypted root
- initrd.systemd.enable = true;
- kernelParams = [ "quiet" ];
- loader.systemd-boot.consoleMode = "max";
- plymouth = {
- enable = true;
- theme = "loader_2";
- themePackages = with pkgs; [
- (adi1090x-plymouth-themes.override {
- selected_themes = [
- #"lone"
- #"red_loader"
- #"cuts_alt"
- #"abstract_ring_alt"
- "loader_2"
- #"sliced"
- #"spinner_alt"
- #"sphere"
- #"loader"
- ];
- })
- ];
- };
- };
- };
-}
diff --git a/modules/nixos/server/nextcloud/default.nix b/modules/nixos/server/nextcloud/default.nix
deleted file mode 100644
index ccaad46..0000000
--- a/modules/nixos/server/nextcloud/default.nix
+++ /dev/null
@@ -1,138 +0,0 @@
-{
- pkgs,
- config,
- lib,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.server.nextcloud;
-in
-{
- options.nx.server.nextcloud = {
- enable = mkEnableOption "Nextcloud server";
- };
-
- config = mkIf cfg.enable {
- services.nextcloud = {
- enable = true;
- package = pkgs.nextcloud32;
- hostName = "cloud.schererleander.de";
- https = true;
- database.createLocally = true;
- maxUploadSize = "16G";
- config = {
- dbtype = "mysql";
- adminuser = "schererleander";
- adminpassFile = config.sops.secrets."nextcloud-admin-pass".path;
- };
- secrets = {
- secret = config.sops.secrets."nextcloud-secret".path;
- };
- settings = {
- maintenance_window_start = 2; # 02:00
- default_phone_region = "de";
- overwriteProtocol = "https";
- trusted_domains = [ "cloud.schererleander.de" ];
- logtimezone = config.time.timeZone;
- log_type = "file";
- # Disable mail functionality for single-user instance
- mail_smtpmode = "null";
- };
- phpOptions."opcache.interned_strings_buffer" = "64";
- };
-
- services.nginx.virtualHosts = {
- "cloud.schererleander.de" = {
- forceSSL = true;
- sslCertificate = config.sops.secrets."cert_fullchain".path;
- sslCertificateKey = config.sops.secrets."cert_private".path;
- };
- };
-
- services.borgbackup.jobs.nextcloud = {
- paths = [
- "/var/lib/nextcloud"
- "/var/lib/backup/nextcloud/db"
- ];
- repo = "$BORG_REPO";
- encryption.mode = "none";
- user = "root";
- group = "root";
- environment = {
- BORG_RSH = "ssh -i ${
- config.sops.secrets."borgbase_ssh_key".path
- } -o StrictHostKeyChecking=accept-new";
- TMPDIR = "/var/tmp";
- };
- compression = "auto,lzma";
- startAt = "daily";
- readWritePaths = [
- "/var/lib/backup"
- "/var/lib/nextcloud"
- ];
- preHook = ''
- set -euo pipefail
-
- export BORG_REPO="$(cat ${config.sops.secrets."borg_repo".path})"
-
- INSTALL="${pkgs.coreutils}/bin/install"
- FIND="${pkgs.findutils}/bin/find"
- MYSQLDUMP="${pkgs.mariadb.client}/bin/mariadb-dump"
- GZIP="${pkgs.gzip}/bin/gzip"
- OCC="${lib.getExe config.services.nextcloud.occ}"
-
- # This command requires write access to /var/lib/backup.
- $INSTALL -d -m 0750 -o root -g root /var/lib/backup/nextcloud/db
-
- trap "$OCC maintenance:mode --off >/dev/null 2>&1 || true" EXIT
-
- $OCC maintenance:mode --on
-
- # Make a consistent database dump without locking the site.
- $MYSQLDUMP --single-transaction --quick --lock-tables=false --databases nextcloud \
- | $GZIP -c > /var/lib/backup/nextcloud/db/nextcloud-$(date +%F-%H%M%S).sql.gz
-
- # Delete local dump files older than 14 days.
- $FIND /var/lib/backup/nextcloud/db -type f -name "*.sql.gz" -mtime +14 -delete || true
- '';
- postHook = ''
- set -euo pipefail
- ${lib.getExe config.services.nextcloud.occ} maintenance:mode --off || true
- '';
- };
-
- services.fail2ban = {
- enable = true;
- bantime = lib.mkDefault "1h";
- jails = {
- nextcloud = {
- enabled = true;
- settings = {
- backend = "systemd";
- journalmatch = "SYSLOG_IDENTIFIER=Nextcloud";
- # END modification to work with syslog instead of logile
- port = 443;
- protocol = "tcp";
- filter = "nextcloud";
- maxretry = 3;
- findtime = 43200;
- };
- };
- };
- };
-
- environment.etc = {
- # Adapted failregex for syslogs
- "fail2ban/filter.d/nextcloud.local".text = pkgs.lib.mkDefault (
- pkgs.lib.mkAfter ''
- [Definition]
- _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
- failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
- ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
- datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
- ''
- );
- };
- };
-}
diff --git a/modules/nixos/server/nginx/default.nix b/modules/nixos/server/nginx/default.nix
deleted file mode 100644
index d960d33..0000000
--- a/modules/nixos/server/nginx/default.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-let
- inherit (lib)
- mkEnableOption
- mkIf
- ;
- cfg = config.nx.server.nginx;
-in
-{
- options.nx.server.nginx = {
- enable = mkEnableOption "nginx reverse proxy" // {
- default = true;
- };
- };
- config = mkIf cfg.enable {
- services.nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedProxySettings = true;
- recommendedTlsSettings = true;
- appendHttpConfig = ''
- map $scheme $hsts_header {
- https "max-age=31536000; includeSubdomains; preload";
- }
- add_header Strict-Transport-Security $hsts_header;
- #add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self';" always;
- add_header 'Referrer-Policy' 'same-origin';
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- '';
- };
- networking.firewall.allowedTCPPorts = [
- 80
- 443
- ];
- };
-}
diff --git a/modules/nixos/server/openssh/default.nix b/modules/nixos/server/openssh/default.nix
deleted file mode 100644
index 0972e66..0000000
--- a/modules/nixos/server/openssh/default.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-
-let
- inherit (lib) mkEnableOption mkIf mkDefault;
- cfg = config.nx.server.openssh;
-in
-{
- options.nx.server.openssh = {
- enable = mkEnableOption "OpenSSH server";
- };
-
- config = mkIf cfg.enable {
- services.openssh = {
- enable = true;
- ports = [ 8693 ];
- settings = {
- PasswordAuthentication = false;
- X11Forwarding = false;
- PermitRootLogin = "yes";
- };
- };
- networking.firewall.allowedTCPPorts = [ 8693 ];
-
- services.fail2ban = {
- enable = true;
- bantime = lib.mkDefault "1h";
- jails = {
- sshd = {
- enabled = true;
- settings = {
- port = 8693;
- backend = "systemd";
- maxretry = 4;
- findtime = "10m";
- };
- };
- };
- };
- };
-}
diff --git a/modules/nixos/server/site/default.nix b/modules/nixos/server/site/default.nix
deleted file mode 100644
index c1d472b..0000000
--- a/modules/nixos/server/site/default.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- config,
- lib,
- inputs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.server.site;
-in
-{
- imports = [
- inputs.site.nixosModules.default
- ];
-
- options.nx.server.site = {
- enable = mkEnableOption "personal website";
- };
-
- config = mkIf cfg.enable {
- services.site = {
- enable = true;
- domain = "schererleander.de";
- sslCertificate = config.sops.secrets."cert_fullchain".path;
- sslCertificateKey = config.sops.secrets."cert_private".path;
- };
- };
-}
diff --git a/modules/nixos/steam/default.nix b/modules/nixos/steam/default.nix
deleted file mode 100644
index d708139..0000000
--- a/modules/nixos/steam/default.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.steam;
-in
-{
- options.nx.steam = {
- enable = mkEnableOption "Steam gaming platform";
- protontricks = mkEnableOption "protontricks" // {
- default = true;
- };
- gamescope = mkEnableOption "gamescope session compositor";
- };
-
- config = mkIf cfg.enable {
- programs.steam = {
- enable = true;
- protontricks.enable = cfg.protontricks;
- gamescopeSession.enable = cfg.gamescope;
- extraCompatPackages = [ pkgs.proton-ge-bin ];
- };
- };
-}
diff --git a/modules/nixos/sunshine/default.nix b/modules/nixos/sunshine/default.nix
deleted file mode 100644
index 23a4cc0..0000000
--- a/modules/nixos/sunshine/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-let
- inherit (lib) mkEnableOption mkIf;
- cfg = config.nx.sunshine;
-in
-{
- options.nx.sunshine.enable = mkEnableOption "Sunshine game streaming server";
-
- config = mkIf cfg.enable {
- services.sunshine = {
- enable = true;
- autoStart = true;
- capSysAdmin = true;
- openFirewall = true;
- };
- hardware.graphics.enable = true;
- };
-}
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-30 19:18:56 +0000