feat: add some apps (#10)

Author: badele

flake.lock

@@ -41,6 +41,16 @@
 
     # Color scheme
     stylix.url = "github:danth/stylix";
+
+    crowdsec = {
+      url = "git+https://codeberg.org/kampka/nix-flake-crowdsec.git";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    nixunits = {
+      url = "git+https://git.aevoo.com/aevoo/os/nixunits.git";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =
@@ -201,9 +211,57 @@
           modules = [ inputs.sops-nix.nixosModules.sops ./hosts/rpi40 ];
         };
 
-        srvhoma = nixpkgs.lib.nixosSystem {
+        hype16 = nixpkgs.lib.nixosSystem {
           specialArgs = { inherit inputs outputs; };
-          modules = [ inputs.sops-nix.nixosModules.sops ./hosts/srvhoma ];
+          modules = [
+            inputs.sops-nix.nixosModules.sops
+            inputs.crowdsec.nixosModules.crowdsec
+            inputs.crowdsec.nixosModules.crowdsec-firewall-bouncer
+            inputs.nixunits.nixosModules.default
+            ./hosts/hype16
+
+            home-manager.nixosModules.home-manager
+            {
+              home-manager = {
+                useGlobalPkgs = true;
+                useUserPackages = true;
+                verbose = true;
+                extraSpecialArgs = { inputs = self.inputs; };
+                users = {
+                  root = import ./users/root/hype16.nix;
+                  badele = {
+                    imports = [
+                      nur.nixosModules.nur
+                      stylix.homeManagerModules.stylix
+                      ./users/badele/hype16.nix
+                    ];
+                  };
+                };
+              };
+            }
+          ];
+        };
+
+        #######################################################################
+        # Hypervised applications
+        #######################################################################
+
+        gw-dmz = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
+            inputs.sops-nix.nixosModules.sops
+            ./hosts/hypervised/gw-dmz
+          ];
+        };
+
+        trilium = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
+            inputs.sops-nix.nixosModules.sops
+            ./hosts/hypervised/trilium
+          ];
         };
       };
 

flake.nix

@@ -1,13 +1,7 @@
-##########################################################
+# #########################################################
 # NIXOS (hosts)
 ##########################################################
-{ inputs
-, config
-, pkgs
-, lib
-, ...
-}:
-{
+{ inputs, config, pkgs, lib, ... }: {
   imports = [
     inputs.hardware.nixosModules.dell-xps-15-9570-intel
     ./hardware-configuration.nix
@@ -24,14 +18,13 @@
     ../../nix/nixos/features/homelab
     ../../nix/nixos/features/system/containers.nix
 
-    # Virtualisation
     ../../nix/nixos/features/virtualisation/incus.nix
     ../../nix/nixos/features/virtualisation/libvirt.nix
 
     # Desktop
     ../../nix/nixos/features/system/bluetooth.nix
     ../../nix/nixos/features/desktop/wm/xorg/lightdm.nix
-    #
+
     # # Roles
     ../../nix/nixos/roles # Automatically load service from <host.modules> sectionn from `homelab.json` file
   ];
@@ -40,6 +33,9 @@
   # Boot
   ####################################
 
+  # Docker
+  virtualisation.docker.storageDriver = "zfs";
+
   nixpkgs.config = {
     # allowBroken = true;
     # nvidia.acceptLicense = true;
@@ -51,7 +47,7 @@
       "i915.force_probe=3e9b"
       "mem_sleep_default=deep"
       "acpi_osi=!"
-      "acpi_osi=\"Windows 2015\""
+      ''acpi_osi="Windows 2015"''
       "acpi_backlight=vendor"
     ];
 
@@ -72,7 +68,15 @@
     };
 
     initrd = {
-      availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
+      availableKernelModules = [
+        "xhci_pci"
+        "ahci"
+        "nvme"
+        "usb_storage"
+        "sd_mod"
+        "sr_mod"
+        "rtsx_pci_sdmmc"
+      ];
       kernelModules = [ ];
     };
   };
@@ -85,7 +89,6 @@
   #hardware.nvidia.package = boot.kernelPackages.nvidiaPackages.stable;
   #hardware.nvidia.modesetting.enable = true;
 
-
   ####################################
   # host profile
   ####################################
@@ -101,16 +104,16 @@
   # Hardware
   ####################################
 
-
   # Enable OpenGL acceleration
   hardware.graphics.enable = true;
 
   # intel
   hardware.opengl = {
     enable = true;
-    extraPackages = with pkgs; [
-      vpl-gpu-rt # for newer GPUs on NixOS >24.05 or unstable
-    ];
+    extraPackages = with pkgs;
+      [
+        vpl-gpu-rt # for newer GPUs on NixOS >24.05 or unstable
+      ];
   };
 
   # Nvidia
@@ -141,7 +144,8 @@
   services.pipewire.enable = false;
   hardware.pulseaudio = {
     enable = true;
-    support32Bit = true; ## If compatibility with 32-bit applications is desired
+    support32Bit =
+      true; # # If compatibility with 32-bit applications is desired
     #extraConfig = "load-module module-combine-sink";
   };
 
@@ -152,9 +156,7 @@
   # Programs
   ####################################
   powerManagement.powertop.enable = true;
-  programs = {
-    dconf.enable = true;
-  };
+  programs = { dconf.enable = true; };
 
   ####################################
   # Secrets

hosts/badxps/default.nix

@@ -1,8 +1,4 @@
-{ lib
-, pkgs
-, ...
-}:
-{
+{ lib, pkgs, ... }: {
   imports = [
     ./hardware-configuration.nix
 

hosts/bootstore/default.nix

@@ -1,13 +1,7 @@
-##########################################################
+# #########################################################
 # NIXOS (hosts)
 ##########################################################
-{ inputs
-, config
-, pkgs
-, lib
-, ...
-}:
-{
+{ inputs, config, pkgs, lib, ... }: {
   imports = [
     ./hardware-configuration.nix
     ./disks.nix
@@ -17,6 +11,7 @@
     # /home/badele/ghq/github.com/badele/nix-homelab/nix/nixos/features/commons/sops.nix
     # Secret loaded from hosts/${config.networking.hostName}/secrets.yml";
 
+    # Users
     ../root.nix
     ../demo.nix
 
@@ -35,11 +30,8 @@
   # Boot
   ####################################
 
-
   boot = {
-    kernelParams = [
-      "mem_sleep_default=deep"
-    ];
+    kernelParams = [ "mem_sleep_default=deep" ];
     blacklistedKernelModules = [ ];
     kernelModules = [ "kvm-intel" ];
     supportedFilesystems = [ "btrfs" ];
@@ -57,15 +49,22 @@
 
     # Qemu support
     initrd = {
-      availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
+      availableKernelModules = [
+        "virtio_net"
+        "virtio_pci"
+        "virtio_mmio"
+        "virtio_blk"
+        "virtio_scsi"
+        "9p"
+        "9pnet_virtio"
+      ];
       kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
-      postDeviceCommands = lib.mkIf (!config.boot.initrd.systemd.enable)
-        ''
-          # Set the system time from the hardware clock to work around a
-          # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
-          # to the *boot time* of the host).
-          hwclock -s
-        '';
+      postDeviceCommands = lib.mkIf (!config.boot.initrd.systemd.enable) ''
+        # Set the system time from the hardware clock to work around a
+        # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
+        # to the *boot time* of the host).
+        hwclock -s
+      '';
     };
   };
 
@@ -91,7 +90,8 @@
   services.pipewire.enable = false;
   hardware.pulseaudio = {
     enable = true;
-    support32Bit = true; ## If compatibility with 32-bit applications is desired
+    support32Bit =
+      true; # # If compatibility with 32-bit applications is desired
     #extraConfig = "load-module module-combine-sink";
   };
 
@@ -102,9 +102,7 @@
   # Programs
   ####################################
   powerManagement.powertop.enable = true;
-  programs = {
-    dconf.enable = true;
-  };
+  programs = { dconf.enable = true; };
 
   nixpkgs.hostPlatform.system = "x86_64-linux";
   system.stateVersion = "24.05";