Add README and update kemptop configuration
This commit is contained in:
Stefan Kempinger
parent
1ffb260e88
commit
ea76f8a6f2
3 changed files with 163 additions and 18 deletions
140
readme.md
Normal file
140
readme.md
Normal file
|
|
@ -0,0 +1,140 @@
|
|||
# NixOS Configurations
|
||||
|
||||
This repo contains NixOS system configurations for multiple machines, managed via flakes.
|
||||
|
||||
Systems:
|
||||
|
||||
- `heimserver` — Home server for self‑hosting, home automation, and network monitoring
|
||||
- `kemptop` — Personal laptop/desktop focused on development and a modern desktop experience
|
||||
|
||||
---
|
||||
|
||||
## heimserver (home server)
|
||||
|
||||
Home server used for:
|
||||
|
||||
- Self‑hosting services
|
||||
- Home automation
|
||||
- Network monitoring and DNS filtering
|
||||
- Media/photos
|
||||
|
||||
### Role & characteristics
|
||||
|
||||
- Runs as a headless, always‑on server
|
||||
- Uses static IP and acts as a central entry point into the home network
|
||||
- Uses ZFS for backup storage
|
||||
- Optimized for running containers and services, not desktop use
|
||||
|
||||
### Notable services
|
||||
|
||||
- **Reverse proxy / TLS termination**
|
||||
- nginx as the front‑door for HTTP(S)
|
||||
- ACME integration for automatic TLS certificates
|
||||
- Hosts multiple domains/subdomains (e.g. main website, git, images)
|
||||
|
||||
- **Git hosting**
|
||||
- Forgejo instance (self‑hosted Git service)
|
||||
- Supports Git LFS
|
||||
- Automatic periodic dumps/backups into local backup storage
|
||||
|
||||
- **Photo management**
|
||||
- Immich instance for photo backup & management
|
||||
- Data location backed up with Borg to ZFS storage
|
||||
|
||||
- **Home automation stack (via Podman containers)**
|
||||
- Home Assistant
|
||||
- Matter server
|
||||
- Mosquitto MQTT broker
|
||||
- Frigate for camera/NVR functionality, with GPU acceleration
|
||||
|
||||
- **DNS & ad‑blocking**
|
||||
- AdGuardHome as network‑wide DNS resolver and ad blocker
|
||||
|
||||
- **Network monitoring**
|
||||
- NetFlow collector pipeline (netflow2ng) feeding into ntopng
|
||||
- ntopng for traffic analysis and network visibility
|
||||
- InfluxDB for time‑series storage
|
||||
- GeoIP update service to keep MaxMind databases current
|
||||
|
||||
- **Security**
|
||||
- fail2ban for basic SSH/HTTP abuse prevention
|
||||
- SSH with key‑only authentication for root
|
||||
|
||||
### System / Nix specifics
|
||||
|
||||
- NVIDIA support configured, including container toolkit for GPU access from containers
|
||||
- Nix flakes and modern Nix features enabled
|
||||
- Automatic garbage collection with short retention to keep disk usage in check
|
||||
- `system.configurationRevision` wired to the flake revision when available
|
||||
- State pinned to NixOS `25.05` for backwards compatibility
|
||||
|
||||
---
|
||||
|
||||
## kemptop (workstation / laptop)
|
||||
|
||||
Personal workstation configuration optimized for:
|
||||
|
||||
- Software development
|
||||
- Graphical desktop applications
|
||||
- Virtualization and container workloads
|
||||
- Secure boot
|
||||
|
||||
### Role & characteristics
|
||||
|
||||
- Daily‑driver laptop/desktop
|
||||
- Secure boot using `lanzaboote` + `sbctl`
|
||||
- Can build and run software for other architectures (e.g. `aarch64-linux`)
|
||||
- Better desktop/user‑experience focus than the server
|
||||
|
||||
### Desktop environment
|
||||
|
||||
- COSMIC desktop as the main environment
|
||||
- Graphical login managed by the COSMIC greeter
|
||||
- Auto‑login configured for the main user (`kemp`) because of LUKS encryption
|
||||
- Audio via PipeWire
|
||||
- Flatpak enabled for additional apps
|
||||
- Printing with support for HP printers
|
||||
- mDNS/Avahi for local network service discovery
|
||||
- Fingerprint authentication integrated into login
|
||||
|
||||
### Development & tooling
|
||||
|
||||
- Full Rust toolchain and build system tooling
|
||||
- Large LaTeX/TeXLive setup for document preparation
|
||||
- Multiple IDEs/editors installed:
|
||||
- JetBrains IDEA
|
||||
- Android Studio
|
||||
- Zed
|
||||
- Container & virtualization tools:
|
||||
- Podman (with Docker‑compat)
|
||||
- libvirt + virt‑manager
|
||||
- Nix‑related tools:
|
||||
- Language servers for Nix
|
||||
- `nix-ld` configured to ease running foreign binaries
|
||||
- Extended Nix experimental features (flakes, ca‑derivations, etc.)
|
||||
|
||||
### Desktop applications
|
||||
|
||||
- Multiple web browsers (Firefox with PipeWire support, Chrome, Tor browser)
|
||||
- Media and productivity apps (Spotify, VLC, LibreOffice, TeXStudio, etc.)
|
||||
- File management and system inspection tools (Nautilus, QDirStat, Mission Center, network scanners)
|
||||
- Theming and UX tools (e.g. `adw-gtk3`)
|
||||
|
||||
### Shell & UX
|
||||
|
||||
- Fish shell as primary interactive shell, auto‑started from bash
|
||||
- Fish enhanced with plugins (fzf integration, git helpers, colorization, etc.)
|
||||
- System PATH and environment tuned via `systemd.user.extraConfig`
|
||||
|
||||
### Power & firmware
|
||||
|
||||
- Firmware updates enabled (`fwupd`)
|
||||
- Powertop integration for power tuning
|
||||
|
||||
### System / Nix specifics
|
||||
|
||||
- Uses the latest Linux kernel packages
|
||||
- Nix configured for multiple experimental features and flakes
|
||||
- State pinned to NixOS `25.05`
|
||||
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue