2025-12-03 09:55:43 +00:00
|
|
|
# Common.nix
|
2026-03-28 12:41:29 +00:00
|
|
|
{ config, pkgs, lib, inputs, ... }:
|
2025-12-02 21:44:07 +00:00
|
|
|
|
|
|
|
|
{
|
2025-12-25 12:08:14 +00:00
|
|
|
imports = [
|
2026-01-21 09:27:33 +00:00
|
|
|
# Hosts #
|
2026-01-20 08:15:57 +00:00
|
|
|
./hosts/FredOS-Gaming.nix
|
|
|
|
|
./hosts/FredOS-Macbook.nix
|
2026-01-20 10:04:26 +00:00
|
|
|
./hosts/FredOS-Mediaserver.nix
|
2026-01-21 09:27:33 +00:00
|
|
|
|
|
|
|
|
# Generic settings #
|
2025-12-25 12:08:14 +00:00
|
|
|
./settings/gnome.nix
|
2026-05-10 20:03:43 +01:00
|
|
|
./settings/hyprland.nix
|
2026-05-11 13:32:18 +01:00
|
|
|
./settings/stylix.nix
|
2025-12-25 12:08:14 +00:00
|
|
|
./settings/locale.nix
|
|
|
|
|
./settings/audio.nix
|
|
|
|
|
./settings/users.nix
|
2026-04-08 14:03:34 +01:00
|
|
|
./settings/shell.nix
|
2026-03-28 14:54:56 +00:00
|
|
|
./apps/zen.nix
|
2026-01-21 09:27:33 +00:00
|
|
|
|
|
|
|
|
# Services #
|
2026-02-20 21:42:53 +00:00
|
|
|
./services/server-permissions.nix
|
2026-04-17 22:28:49 +01:00
|
|
|
./services/game-servers.nix
|
2026-05-07 09:40:42 +01:00
|
|
|
./services/dr-server.nix
|
2026-01-21 22:56:04 +00:00
|
|
|
./services/qbittorrent-nox.nix
|
2026-04-14 21:59:18 +01:00
|
|
|
./services/nginx.nix
|
|
|
|
|
./services/go2rtc.nix
|
2026-01-22 09:36:15 +00:00
|
|
|
./services/sonarr.nix
|
2026-01-25 11:14:49 +00:00
|
|
|
./services/radarr.nix
|
2026-01-22 10:43:58 +00:00
|
|
|
./services/prowlarr.nix
|
2026-01-22 10:46:41 +00:00
|
|
|
./services/jellyfin.nix
|
2026-02-01 13:09:34 +00:00
|
|
|
./services/bazarr.nix
|
2026-04-14 21:59:18 +01:00
|
|
|
./services/cloudflare-ddns.nix
|
|
|
|
|
./services/authelia.nix
|
Add Homepage dashboard for FredOS-Mediaserver
Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr,
qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for
*arr apps, Jellyfin now-playing, and qBittorrent speed use API keys
loaded from /etc/homepage-secrets (outside the Nix store).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
|
|
|
./services/homepage.nix
|
2026-04-07 13:45:53 +01:00
|
|
|
./services/arr-interconnect.nix
|
2026-04-30 20:00:33 +01:00
|
|
|
./services/profilarr.nix
|
2026-04-22 13:40:30 +01:00
|
|
|
./services/adguard.nix
|
Turn mediaserver into a home router
Adds services/router.nix with systemd-networkd (eno1=WAN via DHCP,
eth0=LAN 10.0.0.1/24), nftables (NAT + firewall, default drop on WAN
in), dnsmasq (DHCP only — AdGuard Home keeps :53 for DNS), and sysctl
IP forwarding. NetworkManager is forced off on this host.
Port forwards live in ports.toml at the repo root and are imported via
builtins.fromTOML. Supports single ports, ranges ("26901-26902"), and
"both" protocol. Initial forwards: 22, 80, 443, 26900, 26901-26902.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-24 09:48:38 +01:00
|
|
|
./services/router.nix
|
2026-04-24 22:30:16 +01:00
|
|
|
./services/crowdsec.nix
|
2026-05-04 01:38:14 -07:00
|
|
|
./services/sabnzbd.nix
|
2026-05-01 15:58:24 +01:00
|
|
|
./services/forgejo-runner.nix
|
2026-05-16 10:59:35 +01:00
|
|
|
./services/code-server.nix
|
2025-12-03 15:48:10 +00:00
|
|
|
];
|
2026-01-20 08:17:51 +00:00
|
|
|
|
2026-01-31 20:49:51 +00:00
|
|
|
### Make build time quicker
|
|
|
|
|
documentation.nixos.enable = false;
|
|
|
|
|
|
2026-01-20 08:17:51 +00:00
|
|
|
# Home Manager #
|
|
|
|
|
home-manager.useGlobalPkgs = true;
|
|
|
|
|
home-manager.useUserPackages = true;
|
2026-03-28 12:40:30 +00:00
|
|
|
home-manager.extraSpecialArgs = { inherit inputs; };
|
2026-01-20 08:41:29 +00:00
|
|
|
home-manager.users.fred = import ./home-manager/fred.nix;
|
2026-01-20 08:17:51 +00:00
|
|
|
|
2026-01-11 10:35:34 +00:00
|
|
|
#############################################################################
|
2026-05-15 22:11:57 +01:00
|
|
|
# Kill all user processes on logout so systemd user services don't linger
|
|
|
|
|
# in broken states across sessions (e.g. waybar failing to start on re-login).
|
|
|
|
|
services.logind.settings.Login.KillUserProcesses = true;
|
|
|
|
|
|
2026-01-11 10:26:51 +00:00
|
|
|
# Make boot time quicker
|
2026-03-28 15:34:14 +00:00
|
|
|
boot.loader.timeout = lib.mkDefault 5;
|
2026-01-11 10:26:51 +00:00
|
|
|
systemd.services.NetworkManager-wait-online.enable = false;
|
|
|
|
|
systemd.services.systemd-udev-settle.enable = false;
|
2026-01-11 10:35:34 +00:00
|
|
|
systemd.services.firewall = {
|
|
|
|
|
wantedBy = lib.mkForce [ ];
|
|
|
|
|
after = [ "multi-user.target" ];
|
|
|
|
|
};
|
2026-02-24 19:22:44 +00:00
|
|
|
|
2026-01-11 10:52:17 +00:00
|
|
|
boot.initrd.verbose = false;
|
2026-01-11 10:35:34 +00:00
|
|
|
#############################################################################
|
2026-01-11 10:26:51 +00:00
|
|
|
|
2026-05-01 13:38:27 +01:00
|
|
|
# Compressed in-memory swap as a safety net during local build storms.
|
|
|
|
|
# Cheap when idle; without it a transient OOM during an uncached build
|
|
|
|
|
# can stall AdGuard/Jellyfin to the point of freezing the box.
|
|
|
|
|
zramSwap = {
|
|
|
|
|
enable = true;
|
|
|
|
|
memoryPercent = 50;
|
|
|
|
|
};
|
|
|
|
|
|
2025-12-25 12:08:14 +00:00
|
|
|
# Use latest kernel
|
|
|
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
|
|
|
|
|
|
# Allow unfree packages
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
|
|
|
# Enable network-manager
|
|
|
|
|
networking.networkmanager.enable = true;
|
|
|
|
|
|
Switch to fish shell, ghostty terminal, and simplified prompt
- Replace bash with fish as default shell (all hosts)
- Replace kgx with ghostty (desktop hosts), update Super+T keybinding
- Custom two-line fish prompt: NixOS icon, username, path, hostname, ❯
- Nix-shell awareness, red ❯ on error
- Simplify fastfetch: user@host, OS, kernel, shell, terminal, uptime, memory
- Ghostty config: FiraCode Nerd Font, catppuccin-mocha, no titlebar
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 13:22:21 +01:00
|
|
|
# Fish shell
|
|
|
|
|
programs.fish.enable = true;
|
|
|
|
|
users.defaultUserShell = pkgs.fish;
|
|
|
|
|
|
|
|
|
|
# Shell aliases (work in both bash and fish)
|
2025-12-25 12:08:14 +00:00
|
|
|
environment.shellAliases = {
|
2026-05-15 12:17:12 +01:00
|
|
|
update = "bash -c 'set -o pipefail && OLD_SYSTEM=$(readlink /run/current-system) && sudo nixos-rebuild switch $@ --impure --refresh --flake git+https://forg.gregersen.it/rope/nixos -L --log-format internal-json 2>&1 | nom --json && nvd diff $OLD_SYSTEM /run/current-system && (command -v record-update &>/dev/null && record-update $OLD_SYSTEM /run/current-system || true)' --";
|
2025-12-25 12:08:14 +00:00
|
|
|
clean = "sudo nix-collect-garbage -d";
|
|
|
|
|
ll = "ls -alh";
|
2026-04-08 13:34:36 +01:00
|
|
|
clear = "command clear";
|
2026-05-15 20:20:35 +01:00
|
|
|
reboot = "bash -c 'if [ \"$(hostname)\" = \"FredOS-Mediaserver\" ]; then read -r -p \"Reboot $(hostname)? [y/N] \" confirm; case \"$confirm\" in [Yy]) ;; *) exit 0 ;; esac; fi; sudo systemctl reboot'";
|
2025-12-25 12:08:14 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Add packages
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
git
|
2026-03-18 10:49:24 +00:00
|
|
|
localsend
|
2026-04-13 11:41:23 +01:00
|
|
|
nvd
|
2026-05-04 19:58:49 +01:00
|
|
|
nix-output-monitor
|
2026-05-04 20:08:15 +01:00
|
|
|
jq
|
2026-05-06 13:16:16 +01:00
|
|
|
dnsutils
|
2026-04-22 19:57:55 +01:00
|
|
|
busybox
|
2025-12-25 12:08:14 +00:00
|
|
|
];
|
2026-05-14 14:46:31 +01:00
|
|
|
|
|
|
|
|
# Offload builds to the media server. Excluded on the server itself to
|
|
|
|
|
# avoid a pointless SSH round-trip to localhost.
|
|
|
|
|
nix.distributedBuilds =
|
|
|
|
|
lib.mkIf (config.networking.hostName != "FredOS-Mediaserver") true;
|
|
|
|
|
|
|
|
|
|
nix.buildMachines =
|
|
|
|
|
lib.mkIf (config.networking.hostName != "FredOS-Mediaserver") [{
|
|
|
|
|
hostName = "nordhammer.it";
|
|
|
|
|
systems = [ "x86_64-linux" ];
|
|
|
|
|
sshUser = "fred";
|
|
|
|
|
sshKey = "/root/.ssh/id_ed25519";
|
|
|
|
|
maxJobs = 4;
|
|
|
|
|
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
|
|
|
|
}];
|
|
|
|
|
|
|
|
|
|
# Accept unsigned paths copied back from the remote builder.
|
|
|
|
|
nix.extraOptions =
|
|
|
|
|
lib.mkIf (config.networking.hostName != "FredOS-Mediaserver") ''
|
|
|
|
|
require-sigs = false
|
|
|
|
|
'';
|
2025-12-02 21:44:07 +00:00
|
|
|
}
|