finn.markwitz/nixos
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Kernel modules troubleshoot

Browse Source
This commit is contained in:
Finn Markwitz
2025-10-27 07:40:22 +00:00
parent 6f84bdefb4
commit 24a211330a
16 changed files with 350 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/environments/actual/default.nix
+35
View File
@@ -0,0 +1,35 @@
# manages and downloads films
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.profiles.audiobookshelf;
in
{
options.my.profiles.actual = with lib; {
enable = mkEnableOption "Audio Book Service";
};
config = lib.mkIf cfg.enable {
services.actual = {
enable = true;
openFirewall = true;
settings = {
port = 40465;
hostname = "0.0.0.0";
};
};
environment.systemPackages = with pkgs; [
actual-server
];
systemd.services.actual = {
after = [ "network-online.target" ];
};
};
}
modules/environments/audiobookshelf/default.nix
+33
View File
@@ -0,0 +1,33 @@
# manages and downloads films
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.profiles.audiobookshelf;
in
{
options.my.profiles.audiobookshelf = with lib; {
enable = mkEnableOption "Audio Book Service";
};
config = lib.mkIf cfg.enable {
services.audiobookshelf = {
enable = true;
openFirewall = true;
port = 63834;
host = "0.0.0.0";
};
environment.systemPackages = with pkgs; [
audiobookshelf
];
systemd.services.audiobookshelf = {
after = [ "network-online.target" ];
};
};
}
modules/environments/default.nix
+2
View File
@@ -1,7 +1,9 @@
{ ... }:
{
imports = [
./actual
./apps
./audiobookshelf
./development
./hyprland
./zsh
modules/environments/development/default.nix
+1 -1
View File
@@ -18,7 +18,7 @@ in
google-chrome
vscode
neovim
jetbrains.idea-ultimate
# jetbrains.idea-ultimate
go
(python3.withPackages (
ps: with ps; [
modules/environments/kde-desktop/default.nix
+4 -4
View File
@@ -14,14 +14,14 @@ in
};
config = lib.mkIf cfg.enable {
services.xserver = {
enable = true;
services = {
displayManager.sddm.enable = true;
desktopManager.plasma5.enable = true;
displayManager.sddm.wayland.enable = true;
desktopManager.plasma6.enable = true;
};
users.users.finn.packages = with pkgs; [
# Programms can be added here...
numix-icon-theme
];
};
}
}
modules/environments/paperless/default.nix
+1 -3
View File
@@ -28,10 +28,8 @@ in
services.paperless = {
enable = true;
address = "0.0.0.0";
dataDir = "/home/finn/documents/paperless";
#inherit (cfg) port extraConfig;
port = cfg.port;
extraConfig = cfg.extraConfig;
# settings = cfg.extraConfig;
};
networking.firewall.allowedTCPPorts = [ cfg.port ];
};
modules/hardware/default.nix
+1 -1
View File
@@ -12,6 +12,6 @@
#./yubikey
./sound
#./thunderbolt
#./wifi
# ./wifi
];
}
modules/hardware/sound/default.nix
+5 -2
View File
@@ -13,8 +13,11 @@ in
};
config = lib.mkIf cfg.enable {
hardware.pulseaudio.enable = false;
hardware.pulseaudio.support32Bit = true;
services.pulseaudio = {
enable = false;
support32Bit = true;
};
users.extraUsers.finn.extraGroups = [ "audio" ];
environment.systemPackages = with pkgs; [
headsetcontrol
modules/services/default.nix
+1
View File
@@ -4,5 +4,6 @@
{
imports = [
./vpn
./webserver
];
}
modules/services/webserver/default.nix
+187
View File
@@ -0,0 +1,187 @@
# public webserver with reverseproxy
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.services.webserver;
inherit (config.networking) domain;
virtualHostOption = lib.types.submodule {
options = {
subdomain = lib.mkOption {
type = lib.types.str;
example = "dev";
description = ''
Which subdomain, under config.networking.domain, to use
for this virtual host.
'';
};
port = lib.mkOption {
type = with lib.types; nullOr port;
default = null;
example = 8080;
description = ''
Which port to proxy to, through localhost, for this virtual host.
This option is incompatible with `root`.
'';
};
root = lib.mkOption {
type = with lib.types; nullOr path;
default = null;
example = "/var/www/blog";
description = ''
The root folder for this virtual host. This option is incompatible
with `port`.
'';
};
extraConfig = lib.mkOption {
type = with lib.types; nullOr lines;
example = lib.literalExpression ''
{
locations."/socket" = {
proxyPass = "http://localhost:8096/";
proxyWebsockets = true;
};
}
'';
default = null;
description = ''
Any extra configuration that should be applied to this virtual host.
'';
};
};
};
in
{
options.my.services.webserver = {
enable = lib.mkEnableOption "webserver";
virtualHosts = lib.mkOption {
type = lib.types.listOf virtualHostOption;
default = [ ];
example = lib.literalExpression ''
[
{
subdomain = "gitea";
port = 8080;
}
{
subdomain = "dev";
root = "/var/www/dev";
}
{
subdomain = "jellyfin";
port = 8096;
extraConfig = {
locations."/socket" = {
proxyPass = "http://localhost:8096/";
proxyWebsockets = true;
};
};
}
]
'';
description = ''
List of virtual hosts to set-up using default settings.
'';
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = lib.allUnique (builtins.filter (p: p != null) (map (v: v.port) cfg.virtualHosts));
message =
let
portsWithSubdomains = builtins.filter (v: v.port != null) cfg.virtualHosts;
duplicates = lib.filter (
p: builtins.length (lib.filter (x: x.port == p.port) portsWithSubdomains) > 1
) portsWithSubdomains;
in
if duplicates == [ ] then
""
else
"Duplicate ports found in my.services.webserver.virtualHosts: "
+ builtins.concatStringsSep ", " (map (v: v.subdomain + ":" + builtins.toString v.port) duplicates);
}
];
services = {
nginx.enable = false;
caddy = {
enable = true;
email = "jupiter@solar.internal";
globalConfig = ''
servers{
}
'';
extraConfig = ''
(compress) {
encode gzip zstd
}
(headers) {
header {
# enable CORS
Access-Control-Allow-Origin "https://${config.networking.domain}"
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# disable clients from sniffing the media type
X-Content-Type-Options "nosniff"
# clickjacking protection
X-Frame-Options "DENY"
# enable XSS protection
X-XSS-Protection "1; mode=block"
# referrer policy
Referrer-Policy "strict-origin-when-cross-origin"
}
}
(common) {
import headers
import compress
}
'';
virtualHosts =
let
mkVHost =
{ subdomain, ... }@args:
lib.nameValuePair "${subdomain}.${domain}" (
lib.foldl lib.recursiveUpdate { } [
{
useACMEHost = domain;
extraConfig = ''
import common
${lib.optionalString (args.root != null) ''
root * ${args.root}
file_server
''}
${lib.optionalString (args.port != null) ''
reverse_proxy localhost:${toString args.port} {
# remove CORS headers from proxied server, because duplicate headers are not allowed
# remove after new release: https://github.com/navidrome/navidrome/commit/657fe11f5327ff7a3cb6aa9308b0bb7c71eea5c6
header_down -Access-Control-Allow-Origin
}
''}
${lib.optionalString (args.extraConfig != null) args.extraConfig}
'';
}
]
);
in
lib.listToAttrs (map mkVHost cfg.virtualHosts);
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
}