# NixOS Configurations This repo contains NixOS system configurations for multiple machines, managed via flakes. Systems: - `heimserver` — Home server for self‑hosting, home automation, and network monitoring - `kemptop` — Personal laptop/desktop focused on development and a modern desktop experience --- ## heimserver (home server) Home server used for: - Self‑hosting services - Home automation - Network monitoring and DNS filtering - Media/photos ### Role & characteristics - Runs as a headless, always‑on server - Uses static IP and acts as a central entry point into the home network - Uses ZFS for backup storage - Optimized for running containers and services, not desktop use ### Notable services - **Reverse proxy / TLS termination** - nginx as the front‑door for HTTP(S) - ACME integration for automatic TLS certificates - Hosts multiple domains/subdomains (e.g. main website, git, images) - **Git hosting** - Forgejo instance (self‑hosted Git service) - Supports Git LFS - Automatic periodic dumps/backups into local backup storage - **Photo management** - Immich instance for photo backup & management - Data location backed up with Borg to ZFS storage - **Home automation stack (via Podman containers)** - Home Assistant - Matter server - Mosquitto MQTT broker - Frigate for camera/NVR functionality, with GPU acceleration - **DNS & ad‑blocking** - AdGuardHome as network‑wide DNS resolver and ad blocker - **Network monitoring** - NetFlow collector pipeline (netflow2ng) feeding into ntopng - ntopng for traffic analysis and network visibility - InfluxDB for time‑series storage - GeoIP update service to keep MaxMind databases current - **Security** - fail2ban for basic SSH/HTTP abuse prevention - SSH with key‑only authentication for root ### System / Nix specifics - NVIDIA support configured, including container toolkit for GPU access from containers - Nix flakes and modern Nix features enabled - Automatic garbage collection with short retention to keep disk usage in check - `system.configurationRevision` wired to the flake revision when available - State pinned to NixOS `25.05` for backwards compatibility --- ## kemptop (workstation / laptop) Personal workstation configuration optimized for: - Software development - Graphical desktop applications - Virtualization and container workloads - Secure boot ### Role & characteristics - Daily‑driver laptop/desktop - Secure boot using `lanzaboote` + `sbctl` - Can build and run software for other architectures (e.g. `aarch64-linux`) - Better desktop/user‑experience focus than the server ### Desktop environment - COSMIC desktop as the main environment - Graphical login managed by the COSMIC greeter - Auto‑login configured for the main user (`kemp`) because of LUKS encryption - Audio via PipeWire - Flatpak enabled for additional apps - Printing with support for HP printers - mDNS/Avahi for local network service discovery - Fingerprint authentication integrated into login ### Development & tooling - Full Rust toolchain and build system tooling - Large LaTeX/TeXLive setup for document preparation - Multiple IDEs/editors installed: - JetBrains IDEA - Android Studio - Zed - Container & virtualization tools: - Podman (with Docker‑compat) - libvirt + virt‑manager - Nix‑related tools: - Language servers for Nix - `nix-ld` configured to ease running foreign binaries - Extended Nix experimental features (flakes, ca‑derivations, etc.) ### Desktop applications - Multiple web browsers (Firefox with PipeWire support, Chrome, Tor browser) - Media and productivity apps (Spotify, VLC, LibreOffice, TeXStudio, etc.) - File management and system inspection tools (Nautilus, QDirStat, Mission Center, network scanners) - Theming and UX tools (e.g. `adw-gtk3`) ### Shell & UX - Fish shell as primary interactive shell, auto‑started from bash - Fish enhanced with plugins (fzf integration, git helpers, colorization, etc.) - System PATH and environment tuned via `systemd.user.extraConfig` ### Power & firmware - Firmware updates enabled (`fwupd`) - Powertop integration for power tuning ### System / Nix specifics - Uses the latest Linux kernel packages - Nix configured for multiple experimental features and flakes - State pinned to NixOS `25.05`