Some more work toward a modular config

2025-08-04 22:15:59 -04:00
parent 94f0ce50ae
commit ac6c3688ef
11 changed files with 252 additions and 42 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -16,9 +16,43 @@
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1744868846,
        "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
        "sops-nix": "sops-nix"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1754328224,
        "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=",
        "owner": "Mic92",
        "repo": "sops-nix",
        "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4",
        "type": "github"
      },
      "original": {
        "id": "sops-nix",
        "type": "indirect"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@@ -5,19 +5,17 @@
    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
  };
-  outputs = { self, nixpkgs }:
+  outputs = { self, nixpkgs, sops-nix, ... }@inputs:
    let
      system = "x86_64-linux";
-
+      pkgs = import nixpkgs {
-        pkgs = import nixpkgs {
+        inherit system;
-          inherit system;
+        config = {
-          config = {
+          allowUnfree = true;
            allowUnfree = true;
          };
        };
      };
    in
      {
        nixosConfigurations = {
          lazyworkhorse = nixpkgs.lib.nixosSystem {
            specialArgs = { inherit system; };
--- a/hosts/lazyworkhorse/configuration.nix
+++ b/hosts/lazyworkhorse/configuration.nix
@@ -8,35 +8,63 @@
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
-      ./nixosModules/default.nix
+      ./../../modules/default.nix
      ./../../users/gortium.nix
    ];
  # Flakesss
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nix.settings.trusted-users = [ "root" "gortium" ];
  nix.gc = {
    automatic = true;
    dates = "weekly";  # You can also use "daily" or a cron-like spec
    options = "--delete-older-than 7d";  # Keep only 7 days of unreferenced data
  };
  nix.settings = {
    auto-optimise-store = true;  # Deduplicate identical files
    keep-derivations = false;
    keep-outputs = false;
  };
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = false;
-  # networking.hostName = "nixos"; # Define your hostname.
+  networking.hostName = "lazyworkhorse"; # Define your hostname.
  # Pick only one of the below networking options.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  networking.hostId = "deadbeef";
  # Set your time zone.
  time.timeZone = "America/Montreal";
  i18n.defaultLocale = "en_CA.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_CA.UTF-8";
    LC_IDENTIFICATION = "en_CA.UTF-8";
    LC_MEASUREMENT = "en_CA.UTF-8";
    LC_MONETARY = "en_CA.UTF-8";
    LC_NAME = "en_CA.UTF-8";
    LC_NUMERIC = "en_CA.UTF-8";
    LC_PAPER = "en_CA.UTF-8";
    LC_TELEPHONE = "en_CA.UTF-8";
    LC_TIME = "en_CA.UTF-8";
  };
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
+  # i18n.defaultLocale = "en_US.UTF-8";
-  console = {
+  # console = {
-    font = "Lat2-Terminus16";
+  #   font = "Lat2-Terminus16";
-    keyMap = "us";
+  #   keyMap = "us";
-    useXkbConfig = true; # use xkb.options in tty.
+  #   useXkbConfig = true; # use xkb.options in tty.
-  };
+  # };
  # Configure keymap in X11
  # services.xserver.xkb.layout = "us";
@@ -56,14 +84,8 @@
  # Enable touchpad support (enabled default in most desktopManager).
  # services.libinput.enable = true;
-  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # nvim please
-  users.users.gortium = {
+  environment.variables.EDITOR = "neovim";
    isNormalUser = true;
    extraGroups = [ "wheel" "docker" ]; # Enable ‘sudo’ for the user.
    packages = with pkgs; [
      tree
    ];
  };
  # programs.firefox.enable = true;
@@ -72,6 +94,8 @@
  environment.systemPackages = with pkgs; [
    neovim
    wget
    age
    git
  ];
  # Some programs need SUID wrappers, can be configured further or are
@@ -85,7 +109,10 @@
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
+  services.openssh = {
    enable = true;
    settings.PermitRootLogin = "no";
  };
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
@@ -96,7 +123,7 @@
  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
-  system.copySystemConfiguration = true;
+  # system.copySystemConfiguration = true;
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -0,0 +1,7 @@
 { pkgs, lib, config, ... }: {
  imports =
    [
      # ./home
      ./nixos
    ];
 }
--- a/modules/nixos/bundles/default.nix
+++ b/modules/nixos/bundles/default.nix
@@ -0,0 +1,6 @@
 { pkgs, lib, config, ... }: {
  imports =
    [
      ./graphical-desktop.nix
    ];
 }
--- a/modules/nixos/bundles/graphical-desktop.nix
+++ b/modules/nixos/bundles/graphical-desktop.nix
@@ -2,7 +2,7 @@
 { pkgs, lib, config, ... }: {
  options = {
-    grapfical-desktop.enable = lib.mkEnableOption "enable graphical desktop"
+    grapfical-desktop.enable = lib.mkEnableOption "enable graphical desktop";
  };
  config = lib.mkIf config.grapfical-desktop.enable {
@@ -16,5 +16,5 @@
      xwayland.enable = true;
    };
    programs.waybar.enable  = true;
-  }
+  };
 }
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -0,0 +1,8 @@
 { pkgs, lib, config, ... }: {
  imports =
    [
      ./bundles
      # ./programs
      # ./services
    ];
 }
--- a/modules/nixos/services/podman.nix
+++ b/modules/nixos/services/podman.nix
@@ -0,0 +1,32 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.services.podman;
 in {
  options.services.podman.enable = mkEnableOption "enable podman";
  config = mkIf cfg.enable {
    virtualisation = {
      podman = {
        enable = true;
        dockerCompat = true;
        autoPrune = {
          enable = true;
          dates = "weekly";
          flags = [
            "--filter=until=24h"
            "--filter=label!=important"
          ];
        };
        defaultNetwork.settings.dns_enabled = true;
      };
    };
    environment.systemPackages = with pkgs; [
      podman-compose
    ];
  };
 }
--- a/modules/nixos/services/traefik.nix
+++ b/modules/nixos/services/traefik.nix
@@ -0,0 +1,101 @@
 {config, ...}: {
  services.traefik = {
    enable = true;
    staticConfigOptions = {
      log = {level = "WARN";};
      certificatesResolvers = {
        godaddy = {
          acme = {
            email = "letsencrypt.org.btlc2@passmail.net";
            storage = "/var/lib/traefik/acme.json";
            caserver = "https://acme-v02.api.letsencrypt.org/directory";
            dnsChallenge = {
              provider = "godaddy";
              resolvers = ["1.1.1.1:53" "8.8.8.8:53"];
              propagation = {
                delayBeforeChecks = 60;
                disableChecks = true;
              };
            };
          };
        };
      };
      api = {};
      entryPoints = {
        web = {
          address = ":80";
          http.redirections.entryPoint = {
            to = "websecure";
            scheme = "https";
          };
        };
        rtmp = {
          address = ":1935";
        };
        rtmps = {
          address = ":1945";
        };
        websecure = {
          address = ":443";
        };
      };
    };
    dynamicConfigOptions = {
      http = {
        services = {
          dummy = {
            loadBalancer.servers = [
              {url = "http://192.168.0.1";} # Diese URL wird nie verwendet
            ];
          };
        };
        middlewares = {
          domain-redirect = {
            redirectRegex = {
              regex = "^https://www\\.m3tam3re\\.com(.*)";
              replacement = "https://m3ta.dev$1";
              permanent = true;
            };
          };
          strip-www = {
            redirectRegex = {
              regex = "^https://www\\.(.+)";
              replacement = "https://$1";
              permanent = true;
            };
          };
          subdomain-redirect = {
            redirectRegex = {
              regex = "^https://([a-zA-Z0-9-]+)\\.m3tam3re\\.com(.*)";
              replacement = "https://$1.m3ta.dev$2";
              permanent = true;
            };
          };
          auth = {
            basicAuth = {
              users = ["m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."];
            };
          };
        };
        routers = {
          api = {
            rule = "Host(`r.m3tam3re.com`)";
            service = "api@internal";
            middlewares = ["auth"];
            entrypoints = ["websecure"];
            tls = {
              certResolver = "godaddy";
            };
          };
        };
      };
    };
  };
  systemd.services.traefik.serviceConfig = {
    EnvironmentFile = ["${config.age.secrets.traefik.path}"];
  };
  networking.firewall.allowedTCPPorts = [80 443];
 }
--- a/nixosModules/default.nix
+++ b/nixosModules/default.nix
@@ -1,13 +0,0 @@
 { pkgs, lib, config, ... }: {
  imports =
    [
      ./bundles/graphical-desktop.nix
      # ./bundles/gaming.nix
      # ./bundles/docker-server.nix
      # ./bundles/terminal.nix
      # ./bundles/csharp-devel.nix
      # ./bundles/sound-music.nix
      # ./bundles/local-ai.nix
      # ./bundles/editors.nix
    ];
 }
--- a/users/gortium.nix
+++ b/users/gortium.nix
@@ -0,0 +1,10 @@
 { pkgs, inputs, config, ... }: {
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.gortium = {
    isNormalUser = true;
    extraGroups = [ "wheel" "docker" ]; # Enable ‘sudo’ for the user.
    packages = with pkgs; [
      tree
    ];
  };
 }