CrazyChaoz/NixOS-Configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repo contains the general config for all machines I have with NixOS
28 commits 1 branch 0 tags 264 KiB
Find a file
Stefan Kempinger 143299ccf7 Move frontends to 80xx and add mail server 
Reassign multiple service frontends from 81xx to 80xx ports (Forgejo,
ntopng, AdGuard, Scrutiny, Paperless, Whats Up Docker, etc.) and update
homepage links.

Configure ACME (webroot) and add certs for kempinger.at,
webadmin.kempinger.at,
and bilder.kempinger.at; update nginx virtual hosts to use ACME hosts
and
serve the ACME challenge path.

Add users stalwart-mail and nginx to the acme group and open
SMTP-related
firewall ports (25, 587) plus mail UI ports (8090, 8091).

Add and configure the Stalwart mail service (SMTP, submissions, IMAP,
JMAP)
and adjust related service ports/settings (ntopng, scrutiny, influxdb,
WUD).
2026-02-17 00:24:14 +01:00
dad updates 2026-02-16 08:44:28 +01:00
heimserver Move frontends to 80xx and add mail server 2026-02-17 00:24:14 +01:00
kemptop Adjust weather widget and add libwebp package 2026-02-05 15:58:42 +01:00
mum Set hostname and enable wireless 2026-01-28 23:45:20 +01:00
wohnzimmer Enable OpenSSH and allow SSH access 2026-01-24 13:50:48 +01:00
flake.lock updates 2026-02-16 08:44:28 +01:00
flake.nix add dad config 2026-01-28 23:54:09 +01:00
readme.md Add README and update kemptop configuration 2026-01-27 12:19:27 +01:00

readme.md

NixOS Configurations

This repo contains NixOS system configurations for multiple machines, managed via flakes.

Systems:

  • heimserver — Home server for selfhosting, home automation, and network monitoring
  • kemptop — Personal laptop/desktop focused on development and a modern desktop experience

heimserver (home server)

Home server used for:

  • Selfhosting services
  • Home automation
  • Network monitoring and DNS filtering
  • Media/photos

Role & characteristics

  • Runs as a headless, alwayson server
  • Uses static IP and acts as a central entry point into the home network
  • Uses ZFS for backup storage
  • Optimized for running containers and services, not desktop use

Notable services

  • Reverse proxy / TLS termination

    • nginx as the frontdoor for HTTP(S)
    • ACME integration for automatic TLS certificates
    • Hosts multiple domains/subdomains (e.g. main website, git, images)

  • Git hosting

    • Forgejo instance (selfhosted Git service)
    • Supports Git LFS
    • Automatic periodic dumps/backups into local backup storage

  • Photo management

    • Immich instance for photo backup & management
    • Data location backed up with Borg to ZFS storage

  • Home automation stack (via Podman containers)

    • Home Assistant
    • Matter server
    • Mosquitto MQTT broker
    • Frigate for camera/NVR functionality, with GPU acceleration

  • DNS & adblocking

    • AdGuardHome as networkwide DNS resolver and ad blocker

  • Network monitoring

    • NetFlow collector pipeline (netflow2ng) feeding into ntopng
    • ntopng for traffic analysis and network visibility
    • InfluxDB for timeseries storage
    • GeoIP update service to keep MaxMind databases current

  • Security

    • fail2ban for basic SSH/HTTP abuse prevention
    • SSH with keyonly authentication for root

System / Nix specifics

  • NVIDIA support configured, including container toolkit for GPU access from containers
  • Nix flakes and modern Nix features enabled
  • Automatic garbage collection with short retention to keep disk usage in check
  • system.configurationRevision wired to the flake revision when available
  • State pinned to NixOS 25.05 for backwards compatibility

kemptop (workstation / laptop)

Personal workstation configuration optimized for:

  • Software development
  • Graphical desktop applications
  • Virtualization and container workloads
  • Secure boot

Role & characteristics

  • Dailydriver laptop/desktop
  • Secure boot using lanzaboote + sbctl
  • Can build and run software for other architectures (e.g. aarch64-linux)
  • Better desktop/userexperience focus than the server

Desktop environment

  • COSMIC desktop as the main environment
  • Graphical login managed by the COSMIC greeter
  • Autologin configured for the main user (kemp) because of LUKS encryption
  • Audio via PipeWire
  • Flatpak enabled for additional apps
  • Printing with support for HP printers
  • mDNS/Avahi for local network service discovery
  • Fingerprint authentication integrated into login

Development & tooling

  • Full Rust toolchain and build system tooling
  • Large LaTeX/TeXLive setup for document preparation
  • Multiple IDEs/editors installed:
    • JetBrains IDEA
    • Android Studio
    • Zed
  • Container & virtualization tools:
    • Podman (with Dockercompat)
    • libvirt + virtmanager
  • Nixrelated tools:
    • Language servers for Nix
    • nix-ld configured to ease running foreign binaries
    • Extended Nix experimental features (flakes, caderivations, etc.)

Desktop applications

  • Multiple web browsers (Firefox with PipeWire support, Chrome, Tor browser)
  • Media and productivity apps (Spotify, VLC, LibreOffice, TeXStudio, etc.)
  • File management and system inspection tools (Nautilus, QDirStat, Mission Center, network scanners)
  • Theming and UX tools (e.g. adw-gtk3)

Shell & UX

  • Fish shell as primary interactive shell, autostarted from bash
  • Fish enhanced with plugins (fzf integration, git helpers, colorization, etc.)
  • System PATH and environment tuned via systemd.user.extraConfig

Power & firmware

  • Firmware updates enabled (fwupd)
  • Powertop integration for power tuning

System / Nix specifics

  • Uses the latest Linux kernel packages
  • Nix configured for multiple experimental features and flakes
  • State pinned to NixOS 25.05