aylac.top / nixcfg-own-knot
forked from aylac.top/nixcfg
this repo has no description
fork atom

red laptop is kill

aylac.top 32994e90 d163f2d9

options
unified split
Changed files
+39 -199
hosts
nanpi
README.md
default.nix
nanpi2
README.md
default.nix
home.nix
secrets.nix
services.nix
modules
flake
nixos.nix
hardware
default.nix
lenovo
default.nix
ideapad
320-14IKB
default.nix
default.nix
+3 -1
hosts/nanpi/README.md 
···

       
1

       

       
-

       
my server that is actually an old weak laptop


     

       

       
1

       
+

       
nanpi is my lenovo ideapad 320-14IKB, it has replaced the red hp one for it's got better specs reasons


     

       

       
2

       
+

       



     

       

       
3

       
+

       
it might have a curse that makes it kill all hard drives it touches so maybe i'm gonna get into some trouble
+3 -3
hosts/nanpi/default.nix 
···

       
8

       
8

       
 

       
    ./secrets.nix


     

       
9

       
9

       
 

       
    ./services.nix


     

       
10

       
10

       
 

       
    self.nixosModules.locale-en-gb


     

       
11

       

       
-

       
    self.diskoConfigurations.lvm-ext4


     

       

       
11

       
+

       
    self.diskoConfigurations.luks-btrfs-subvolumes


     

       
12

       
12

       
 

       
  ];


     

       
13

       
13

       
 

       



     

       
14

       
14

       
 

       
  networking.hostName = "nanpi";


     

       
15

       
15

       
 

       
  system.stateVersion = "25.05";


     

       
16

       
16

       
 

       
  time.timeZone = "America/Sao_Paulo";


     

       
17

       

       
-

       
  myHardware.hp.theRedOne.enable = true;


     

       

       
17

       
+

       
  myHardware.lenovo.ideapad."320-14IKB".enable = true;


     

       
18

       
18

       
 

       



     

       
19

       
19

       
 

       
  myNixOS = {


     

       
20

       
20

       
 

       
    programs = {


     

       
21

       

       
-

       
      systemd-boot.enable = true;


     

       

       
21

       
+

       
      lanzaboote.enable = true;


     

       
22

       
22

       
 

       
      nix.enable = true;


     

       
23

       
23

       
 

       
    };


     

       
24

       
24

       
 

       
    profiles = {
-1
hosts/nanpi2/README.md 
···

       
1

       

       
-

       
my server that is actually an old weak laptop
-75
hosts/nanpi2/default.nix 
···

       
1

       

       
-

       
{


     

       
2

       

       
-

       
  self,


     

       
3

       

       
-

       
  config,


     

       
4

       

       
-

       
  ...


     

       
5

       

       
-

       
}: {


     

       
6

       

       
-

       
  imports = [


     

       
7

       

       
-

       
    ./home.nix


     

       
8

       

       
-

       
    ./secrets.nix


     

       
9

       

       
-

       
    ./services.nix


     

       
10

       

       
-

       
    self.nixosModules.locale-en-gb


     

       
11

       

       
-

       
    self.diskoConfigurations.luks-btrfs-subvolumes


     

       
12

       

       
-

       
  ];


     

       
13

       

       
-

       



     

       
14

       

       
-

       
  networking.hostName = "nanpi2";


     

       
15

       

       
-

       
  system.stateVersion = "25.05";


     

       
16

       

       
-

       
  time.timeZone = "America/Sao_Paulo";


     

       
17

       

       
-

       
  myHardware.hp.theRedOne.enable = true;


     

       
18

       

       
-

       



     

       
19

       

       
-

       
  myNixOS = {


     

       
20

       

       
-

       
    programs = {


     

       
21

       

       
-

       
      lanzaboote.enable = true;


     

       
22

       

       
-

       
      nix.enable = true;


     

       
23

       

       
-

       
    };


     

       
24

       

       
-

       
    profiles = {


     

       
25

       

       
-

       
      base.enable = true;


     

       
26

       

       
-

       
      server.enable = true;


     

       
27

       

       
-

       
      autoUpgrade = {


     

       
28

       

       
-

       
        enable = true;


     

       
29

       

       
-

       
        operation = "boot";


     

       
30

       

       
-

       
      };


     

       
31

       

       
-

       
      backups.enable = true;


     

       
32

       

       
-

       
    };


     

       
33

       

       
-

       
    services = {


     

       
34

       

       
-

       
      caddy.enable = true;


     

       
35

       

       
-

       
      tailscale = {


     

       
36

       

       
-

       
        enable = true;


     

       
37

       

       
-

       
        enableCaddy = false;


     

       
38

       

       
-

       
        operator = "ayla";


     

       
39

       

       
-

       
      };


     

       
40

       

       
-

       
      syncthing = {


     

       
41

       

       
-

       
        enable = true;


     

       
42

       

       
-

       
        certFile = config.age.secrets.syncthingCert.path;


     

       
43

       

       
-

       
        keyFile = config.age.secrets.syncthingKey.path;


     

       
44

       

       
-

       
        user = "ayla";


     

       
45

       

       
-

       
      };


     

       
46

       

       
-

       
      qbittorrent = {


     

       
47

       

       
-

       
        inherit (config.mySnippets.tailnet.networkMap.qbittorrent) port;


     

       
48

       

       
-

       
        enable = true;


     

       
49

       

       
-

       
      };


     

       
50

       

       
-

       
    };


     

       
51

       

       
-

       
  };


     

       
52

       

       
-

       



     

       
53

       

       
-

       
  myUsers = {


     

       
54

       

       
-

       
    ayla = {


     

       
55

       

       
-

       
      enable = true;


     

       
56

       

       
-

       
      password = "REDACTED";


     

       
57

       

       
-

       
    };


     

       
58

       

       
-

       
  };


     

       
59

       

       
-

       



     

       
60

       

       
-

       
  boot = {


     

       
61

       

       
-

       
    initrd = {


     

       
62

       

       
-

       
      availableKernelModules = [


     

       
63

       

       
-

       
        "xhci_pci"


     

       
64

       

       
-

       
        "ahci"


     

       
65

       

       
-

       
        "usb_storage"


     

       
66

       

       
-

       
        "sd_mod"


     

       
67

       

       
-

       
        "rtsx_pci_sdmmc"


     

       
68

       

       
-

       
      ];


     

       
69

       

       
-

       
    };


     

       
70

       

       
-

       



     

       
71

       

       
-

       
    kernelParams = [


     

       
72

       

       
-

       
      "consoleblank=30"


     

       
73

       

       
-

       
    ];


     

       
74

       

       
-

       
  };


     

       
75

       

       
-

       
}
-46
hosts/nanpi2/home.nix 
···

       
1

       

       
-

       
{self, ...}: {


     

       
2

       

       
-

       
  home-manager.users.ayla = {pkgs, ...}: {


     

       
3

       

       
-

       
    imports = [


     

       
4

       

       
-

       
      self.homeModules.default


     

       
5

       

       
-

       
      self.inputs.agenix.homeManagerModules.default


     

       
6

       

       
-

       
    ];


     

       
7

       

       
-

       



     

       
8

       

       
-

       
    age.secrets.rclone.file = "${self.inputs.secrets}/rclone.age";


     

       
9

       

       
-

       



     

       
10

       

       
-

       
    home = {


     

       
11

       

       
-

       
      homeDirectory = "/home/ayla";


     

       
12

       

       
-

       



     

       
13

       

       
-

       
      packages = with pkgs; [


     

       
14

       

       
-

       
        curl


     

       
15

       

       
-

       
        rclone


     

       
16

       

       
-

       
        restic


     

       
17

       

       
-

       
      ];


     

       
18

       

       
-

       



     

       
19

       

       
-

       
      stateVersion = "25.05";


     

       
20

       

       
-

       
      username = "ayla";


     

       
21

       

       
-

       
    };


     

       
22

       

       
-

       



     

       
23

       

       
-

       
    programs = {


     

       
24

       

       
-

       
      helix = {


     

       
25

       

       
-

       
        enable = true;


     

       
26

       

       
-

       
        defaultEditor = true;


     

       
27

       

       
-

       
      };


     

       
28

       

       
-

       



     

       
29

       

       
-

       
      micro = {


     

       
30

       

       
-

       
        enable = true;


     

       
31

       

       
-

       
      };


     

       
32

       

       
-

       



     

       
33

       

       
-

       
      home-manager.enable = true;


     

       
34

       

       
-

       
    };


     

       
35

       

       
-

       



     

       
36

       

       
-

       
    myHome = {


     

       
37

       

       
-

       
      programs = {


     

       
38

       

       
-

       
        git.enable = true;


     

       
39

       

       
-

       
        ssh.enable = true;


     

       
40

       

       
-

       
        fastfetch.enable = true;


     

       
41

       

       
-

       
      };


     

       
42

       

       
-

       



     

       
43

       

       
-

       
      profiles.shell.enable = true;


     

       
44

       

       
-

       
    };


     

       
45

       

       
-

       
  };


     

       
46

       

       
-

       
}
-12
hosts/nanpi2/secrets.nix 
···

       
1

       

       
-

       
{self, ...}: {


     

       
2

       

       
-

       
  age.secrets = {


     

       
3

       

       
-

       
    cloudflareCertificate.file = "${self.inputs.secrets}/cloudflare/certificate.age";


     

       
4

       

       
-

       
    cloudflareCredentials.file = "${self.inputs.secrets}/cloudflare/credentials.age";


     

       
5

       

       
-

       
    pds.file = "${self.inputs.secrets}/pds.age";


     

       
6

       

       
-

       
    rclone.file = "${self.inputs.secrets}/rclone.age";


     

       
7

       

       
-

       
    tailscaleAuthKey.file = "${self.inputs.secrets}/tailscale/auth.age";


     

       
8

       

       
-

       
    syncthingCert.file = "${self.inputs.secrets}/ayla/syncthing/nanpi/cert.age";


     

       
9

       

       
-

       
    syncthingKey.file = "${self.inputs.secrets}/ayla/syncthing/nanpi/key.age";


     

       
10

       

       
-

       
    resticPassword.file = "${self.inputs.secrets}/restic-passwd.age";


     

       
11

       

       
-

       
  };


     

       
12

       

       
-

       
}
-60
hosts/nanpi2/services.nix 
···

       
1

       

       
-

       
{config, ...}: let


     

       
2

       

       
-

       
  dataDirectory = "/home/Data";


     

       
3

       

       
-

       
in {


     

       
4

       

       
-

       
  services = {


     

       
5

       

       
-

       
    pds = {


     

       
6

       

       
-

       
      enable = true;


     

       
7

       

       
-

       
      environmentFiles = [config.age.secrets.pds.path];


     

       
8

       

       
-

       
      pdsadmin.enable = true;


     

       
9

       

       
-

       
      settings = {


     

       
10

       

       
-

       
        PDS_HOSTNAME = "pds.aylac.top";


     

       
11

       

       
-

       
      };


     

       
12

       

       
-

       
    };


     

       
13

       

       
-

       



     

       
14

       

       
-

       
    cloudflared = {


     

       
15

       

       
-

       
      enable = true;


     

       
16

       

       
-

       
      certificateFile = config.age.secrets.cloudflareCertificate.path;


     

       
17

       

       
-

       
      tunnels = {


     

       
18

       

       
-

       
        "3c012d05-cc92-4598-a726-909088e6588c" = {


     

       
19

       

       
-

       
          certificateFile = config.age.secrets.cloudflareCertificate.path;


     

       
20

       

       
-

       
          credentialsFile = config.age.secrets.cloudflareCredentials.path;


     

       
21

       

       
-

       
          default = "http_status:404";


     

       
22

       

       
-

       
          ingress = {


     

       
23

       

       
-

       
            "pds.aylac.top" = "http://localhost:3000";


     

       
24

       

       
-

       
          };


     

       
25

       

       
-

       
        };


     

       
26

       

       
-

       
      };


     

       
27

       

       
-

       
    };


     

       
28

       

       
-

       



     

       
29

       

       
-

       
    caddy.virtualHosts = {


     

       
30

       

       
-

       
      "pds.aylac.top" = {


     

       
31

       

       
-

       
        extraConfig = ''


     

       
32

       

       
-

       
          reverse_proxy http://localhost:3000


     

       
33

       

       
-

       
        '';


     

       
34

       

       
-

       
      };


     

       
35

       

       
-

       
      "${config.mySnippets.tailnet.networkMap.jellyfin.vHost}" = {


     

       
36

       

       
-

       
        extraConfig = ''


     

       
37

       

       
-

       
          bind tailscale/jellyfin


     

       
38

       

       
-

       
          encode zstd gzip


     

       
39

       

       
-

       
          reverse_proxy ${config.mySnippets.tailnet.networkMap.jellyfin.hostName}:${toString config.mySnippets.tailnet.networkMap.jellyfin.port} {


     

       
40

       

       
-

       
            flush_interval -1


     

       
41

       

       
-

       
          }


     

       
42

       

       
-

       
        '';


     

       
43

       

       
-

       
      };


     

       
44

       

       
-

       



     

       
45

       

       
-

       
      "${config.mySnippets.tailnet.networkMap.qbittorrent.vHost}" = {


     

       
46

       

       
-

       
        extraConfig = ''


     

       
47

       

       
-

       
          bind tailscale/qbittorrent


     

       
48

       

       
-

       
          encode zstd gzip


     

       
49

       

       
-

       
          reverse_proxy ${config.mySnippets.tailnet.networkMap.qbittorrent.hostName}:${toString config.mySnippets.tailnet.networkMap.qbittorrent.port}


     

       
50

       

       
-

       
        '';


     

       
51

       

       
-

       
      };


     

       
52

       

       
-

       
    };


     

       
53

       

       
-

       



     

       
54

       

       
-

       
    jellyfin = {


     

       
55

       

       
-

       
      enable = true;


     

       
56

       

       
-

       
      openFirewall = true;


     

       
57

       

       
-

       
      dataDir = "${dataDirectory}/jellyfin";


     

       
58

       

       
-

       
    };


     

       
59

       

       
-

       
  };


     

       
60

       

       
-

       
}
-1
modules/flake/nixos.nix 
···

       
24

       
24

       
 

       
      inputs.nixpkgs.lib.genAttrs [


     

       
25

       
25

       
 

       
        "morgana"


     

       
26

       
26

       
 

       
        "nanpi"


     

       
27

       

       
-

       
        "nanpi2"


     

       
28

       
27

       
 

       
      ] (


     

       
29

       
28

       
 

       
        host:


     

       
30

       
29

       
 

       
          inputs.nixpkgs.lib.nixosSystem {
+1
modules/hardware/default.nix 
···

       
4

       
4

       
 

       
    ./intel


     

       
5

       
5

       
 

       
    ./acer


     

       
6

       
6

       
 

       
    ./hp


     

       

       
7

       
+

       
    ./lenovo


     

       
7

       
8

       
 

       
    ./profiles


     

       
8

       
9

       
 

       
  ];


     

       
9

       
10

       
 

       
}
+5
modules/hardware/lenovo/default.nix 
···

       

       
1

       
+

       
{...}: {


     

       

       
2

       
+

       
  imports = [


     

       

       
3

       
+

       
    ./ideapad


     

       

       
4

       
+

       
  ];


     

       

       
5

       
+

       
}
+22
modules/hardware/lenovo/ideapad/320-14IKB/default.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  config,


     

       

       
3

       
+

       
  lib,


     

       

       
4

       
+

       
  ...


     

       

       
5

       
+

       
}: {


     

       

       
6

       
+

       
  options.myHardware.lenovo.ideapad."320-14IKB".enable =


     

       

       
7

       
+

       
    lib.mkEnableOption "Configuration for the Lenovo ideapad 320-14IKB.";


     

       

       
8

       
+

       



     

       

       
9

       
+

       
  config = lib.mkIf config.myHardware.lenovo.ideapad."320-14IKB".enable {


     

       

       
10

       
+

       
    myHardware = {


     

       

       
11

       
+

       
      intel = {


     

       

       
12

       
+

       
        cpu.enable = true;


     

       

       
13

       
+

       
        gpu.enable = true;


     

       

       
14

       
+

       
      };


     

       

       
15

       
+

       



     

       

       
16

       
+

       
      profiles = {


     

       

       
17

       
+

       
        base.enable = true;


     

       

       
18

       
+

       
        laptop.enable = true;


     

       

       
19

       
+

       
      };


     

       

       
20

       
+

       
    };


     

       

       
21

       
+

       
  };


     

       

       
22

       
+

       
}
+5
modules/hardware/lenovo/ideapad/default.nix 
···

       

       
1

       
+

       
{...}: {


     

       

       
2

       
+

       
  imports = [


     

       

       
3

       
+

       
    ./320-14IKB


     

       

       
4

       
+

       
  ];


     

       

       
5

       
+

       
}