tux/nix-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nix-config.git synced 2025-12-15 23:00:06 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: tux:50549a7ab347427164cd151a8e5358c7e2aa0ae6
Branches Tags
tux:main tux:old
tux:25.11.2025
...
compare: tux:main
Branches Tags
tux:main tux:old
tux:25.11.2025

6 Commits
50549a7ab3 ... main

Author SHA1 Message Date
tux
7772514fce feat: setup distrobox module 2025-11-22 06:13:15 +05:30
tux
71cc3c3e7f feat(node): enable firewall for additional ports 2025-11-14 20:37:51 +05:30
tux
f3063dd250 feat: add umami 2025-11-14 14:13:37 +05:30
tux
abd2134a2a feat: add aiostreams 2025-11-14 12:36:34 +05:30
tux
f033f3406a feat(canopus): change wallpaper 2025-11-14 04:05:04 +05:30
tux
eb95321b42 feat: add steam to persist dir 2025-11-14 04:04:52 +05:30
10 changed files with 256 additions and 17 deletions
Expand all files Collapse all files

34
hosts/arcturus/default.nix
View File

@@ -19,7 +19,7 @@
../../modules/nixos/selfhosted/headscale.nix
../../modules/nixos/selfhosted/vaultwarden.nix
../../modules/nixos/selfhosted/gitea.nix
../../modules/nixos/selfhosted/plausible.nix
../../modules/nixos/selfhosted/umami.nix
../../modules/nixos/selfhosted/monitoring/grafana.nix
../../modules/nixos/selfhosted/monitoring/loki.nix
../../modules/nixos/selfhosted/monitoring/promtail.nix
@@ -35,6 +35,18 @@
];
tux.services.openssh.enable = true;
tux.containers.aiostreams = {
enable = true;
port = 4567;
environment = {
ADDON_ID = "aiostreams.tux.rs";
BASE_URL = "https://aiostreams.tux.rs";
};
environmentFiles = [
config.sops.secrets."aiostreams".path
];
};
sops.secrets = {
borg_encryption_key = {
@@ -81,6 +93,14 @@
"cs2_secrets/CS2_PW" = {
sopsFile = ./secrets.yaml;
};
aiostreams = {
sopsFile = ./secrets.yaml;
};
umami = {
sopsFile = ./secrets.yaml;
};
};
nixpkgs = {
@@ -144,7 +164,13 @@
firewall = {
enable = true;
allowedTCPPorts = [80 443 22 3333 8081];
allowedTCPPorts = [
80
443
22
3333
8081
];
};
};
@@ -207,7 +233,9 @@
];
};
users.users.${username} = {linger = true;};
users.users.${username} = {
linger = true;
};
home-manager.users.${username} = {
imports = [
./home.nix

13
hosts/arcturus/secrets.yaml
View File

@@ -11,11 +11,9 @@ cs2_secrets:
SRCDS_TOKEN: ENC[AES256_GCM,data:SzPz4sHDgEoioX8ylLFM6AUUS60gWYpR3ifxUD8A8IQga24t6GM0dyGDryc=,iv:XefIn9yCLPLKVRA+rZiSGUH3l6ZANIJoGRuM/3vFLIw=,tag:flEjl9c7i3XBlHJaq41QYQ==,type:str]
CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str]
CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str]
aiostreams: ENC[AES256_GCM,data:2U2EoRUsKr4OIkqrudmIUEp2bABNlSlNUTzR3vtvTfSJVemIGK31iu0SG8aR4tLSQFEZyhIP9M22zZJVWY5hX1UcMEJ1rmtXnaRjTiurRSpTj76pT9plnrjp0NWDcSWY+uhDrAsEko4oPPJEECTT3qMYLXipnzqpPeWsTrNYiuxmfDPcZw==,iv:tHKbtnLMNfY7B2ssE8x0dri9XhA2M6jIj2KOxOsmG2o=,tag:8hjqmniL/P+PfwfYiAdAwA==,type:str]
umami: ENC[AES256_GCM,data:BJN9VpwknBaX+mz6xjq1GX9epM2bukplraPw67TttnLhM9JTmZiela5oFWZiaGjG3Oss3n4WPsPvhC4m28Ah+TQLCoiDFCFqervk228=,iv:YwbJ2/1hXs5Jbqx1dNj1t4ExFS27PWbA4NT9h8/tyU8=,tag:+R1aRF/TaMSGbLDi9GnYwA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
@@ -35,8 +33,7 @@ sops:
NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-24T12:59:25Z"
mac: ENC[AES256_GCM,data:WGWGvbqu07XZ5oU2HBGUbP/9oNCavPBXb2SIm10CG2s377QAWZmpdOC2AGAX8J3NfLtyWEHm8WUQSKjNKvKWARsXU24lNnY+BTSIkF8ymrAU/rRMX8VJi92IYjregAfVBIaYomxqJFhNuAhmsQ75ZYMpRBTusxiEFEdl/H9obiY=,iv:VXIVkpnOY2gZ/xDX/oFvZn08K5Gp49tpiJQGK20blro=,tag:Hkk92ZQWTRY9oQb3Mm6R3w==,type:str]
pgp: []
lastmodified: "2025-11-14T08:22:34Z"
mac: ENC[AES256_GCM,data:IiZKrdo500rf0JS2c94u1XiCtIB6QguJr1XKFcPilxN4G7coUJyD8v/z/BDqSyCDbiY6RjRWoyttyi1gzKlj/WQsJh65tbDHTXhk2nPGBoHL4ojnP1a7PYCaRKk64SyBg6vjNWHb0wILc2wu/yvKNfVKX6FtMEGhUcpReoJomAI=,iv:a4hmm47FAHnY2k+YY+WmLUWjpEE+5KwtUxc+Dq6sCMQ=,tag:Rx0yOoiKd2mRx/H5k8Hq8w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.3
version: 3.11.0

1
hosts/canopus/default.nix
View File

@@ -23,6 +23,7 @@
hardware.nvidia-container-toolkit.enable = true;
tux.services.openssh.enable = true;
tux.packages.distrobox.enable = true;
nixpkgs.config.cudaSupport = true;
sops.secrets = {

3
hosts/canopus/home.nix
View File

@@ -77,7 +77,6 @@
copyq
vlc
tor-browser
distrobox
bluetui
impala
];
@@ -91,12 +90,14 @@
"Videos"
"Projects"
"Stuff"
"Distrobox"
"go"
".mozilla"
".ssh"
".wakatime"
".rustup"
".cargo"
".steam"
".cache/spotify-player"
".config/BraveSoftware"
".config/copyq"

11
hosts/common/default.nix
View File

@@ -15,7 +15,9 @@
../../modules/nixos/selfhosted/upstream-proxy.nix
../../modules/nixos/selfhosted/tfolio.nix
../../modules/nixos/selfhosted/cyber-tux.nix
../../modules/nixos/selfhosted/containers/aiostreams.nix
../../modules/nixos/networking/ssh.nix
../../modules/nixos/distrobox.nix
];
sops.secrets.tux-password = {
@@ -48,7 +50,14 @@
home-manager = {
backupFileExtension = "hm-backup";
useUserPackages = true;
extraSpecialArgs = {inherit inputs outputs username email;};
extraSpecialArgs = {
inherit
inputs
outputs
username
email
;
};
users.${username} = {
imports = [
./home.nix

11
hosts/node/default.nix
View File

@@ -2,7 +2,8 @@
inputs,
username,
...
}: {
}:
{
imports = [
inputs.disko.nixosModules.default
@@ -28,7 +29,13 @@
};
firewall = {
enable = true;
allowedTCPPorts = [22];
allowedTCPPorts = [
22
8545
8546
9545
9546
];
};
};

4
modules/home/desktop/hyprland/hyprpaper.nix
View File

@@ -8,11 +8,11 @@
splash_offset = 2.0;
preload = [
"~/Wallpapers/mountain.jpg"
"~/Wallpapers/new/sunset-pixel.png"
];
wallpaper = [
", ~/Wallpapers/mountain.jpg"
", ~/Wallpapers/new/sunset-pixel.png"
];
};
};

112
modules/nixos/distrobox.nix Normal file
View File

@@ -0,0 +1,112 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.tux.packages.distrobox;
in {
options.tux.packages.distrobox = {
enable = mkEnableOption "Enable DistroBox";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
distrobox
(writeShellScriptBin "dbox-create" ''
#!/usr/bin/env bash
# 1. Initialize variables
IMAGE=""
NAME=""
# Array to hold optional arguments (like volumes)
declare -a EXTRA_ARGS
# 2. Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
-i|--image)
IMAGE="$2"
shift 2
;;
-n|--name)
NAME="$2"
shift 2
;;
-p|--profile)
echo ":: Profile mode enabled: Mounting Nix store and user profiles (Read-Only)"
# Add volume flags to the array
EXTRA_ARGS+=( "--volume" "/nix/store:/nix/store:ro" )
EXTRA_ARGS+=( "--volume" "/etc/profiles/per-user:/etc/profiles/per-user:ro" )
EXTRA_ARGS+=( "--volume" "/etc/static/profiles/per-user:/etc/static/profiles/per-user:ro" )
shift 1
;;
*)
echo "Unknown option $1"
exit 1
;;
esac
done
if [ -z "$IMAGE" ] || [ -z "$NAME" ]; then
echo "Usage: dbox-create -i <image> -n <name> [-p]"
exit 1
fi
# 3. Define the custom home path
CUSTOM_HOME="$HOME/Distrobox/$NAME"
echo "------------------------------------------------"
echo "Creating Distrobox: $NAME"
echo "Location: $CUSTOM_HOME"
echo "------------------------------------------------"
# 4. Run Distrobox Create
# We expand "''${EXTRA_ARGS[@]}" to properly pass the volume arguments
${pkgs.distrobox}/bin/distrobox create \
--image "$IMAGE" \
--name "$NAME" \
--home "$CUSTOM_HOME" \
"''${EXTRA_ARGS[@]}"
# Check exit code
if [ $? -ne 0 ]; then
echo "Error: Distrobox creation failed."
exit 1
fi
# 5. Post-Creation: Symlink Config Files
echo "--> Linking configurations to $NAME..."
# Helper function to symlink
link_config() {
SRC="$1"
DEST="$2"
DEST_DIR=$(dirname "$DEST")
# Create parent directory if it doesn't exist
mkdir -p "$DEST_DIR"
if [ -e "$SRC" ]; then
# ln -sf: symbolic link, force overwrite
ln -sf "$SRC" "$DEST"
echo " [LINK] $DEST -> $SRC"
else
echo " [SKIP] $SRC not found on host"
fi
}
# Create Symlinks
link_config "$HOME/.zshrc" "$CUSTOM_HOME/.zshrc"
link_config "$HOME/.zshenv" "$CUSTOM_HOME/.zshenv"
link_config "$HOME/.config/fastfetch" "$CUSTOM_HOME/.config/fastfetch"
link_config "$HOME/.config/starship.toml" "$CUSTOM_HOME/.config/starship.toml"
echo "--> Done! Enter via: distrobox enter $NAME"
'')
];
};
}

52
modules/nixos/selfhosted/containers/aiostreams.nix Normal file
View File

@@ -0,0 +1,52 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.tux.containers.aiostreams;
in {
options.tux.containers.aiostreams = {
enable = mkEnableOption "Enable AIOStreams";
port = mkOption {
type = types.int;
default = 3000;
};
environment = mkOption {
type = with types; attrsOf str;
default = {};
};
environmentFiles = mkOption {
type = with types; listOf path;
default = [];
};
};
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.aiostreams = {
autoStart = true;
image = "ghcr.io/viren070/aiostreams:latest";
ports = [
"${toString cfg.port}:3000"
];
environment = cfg.environment;
environmentFiles = cfg.environmentFiles;
};
services.nginx.virtualHosts = {
"${cfg.environment.ADDON_ID}" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:${toString cfg.port}";
};
};
};
};
};
}

32
modules/nixos/selfhosted/umami.nix Normal file
View File

@@ -0,0 +1,32 @@
{
lib,
config,
...
}: {
services = {
umami = {
enable = true;
settings = {
APP_SECRET_FILE = config.sops.secrets.umami.path;
PORT = 4645;
};
createPostgresqlDatabase = true;
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"umami.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:${toString config.services.umami.settings.PORT}";
proxyWebsockets = true;
};
};
};
};
};
};
}