CrazyChaoz/NixOS-Configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
NixOS-Configuration/readme.md
Stefan Kempinger ea76f8a6f2 Add README and update kemptop configuration
2026-01-27 12:19:27 +01:00

140 lines
4.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# NixOS Configurations
This repo contains NixOS system configurations for multiple machines, managed via flakes.
Systems:
- `heimserver` — Home server for selfhosting, home automation, and network monitoring
- `kemptop` — Personal laptop/desktop focused on development and a modern desktop experience
---
## heimserver (home server)
Home server used for:
- Selfhosting services
- Home automation
- Network monitoring and DNS filtering
- Media/photos
### Role & characteristics
- Runs as a headless, alwayson server
- Uses static IP and acts as a central entry point into the home network
- Uses ZFS for backup storage
- Optimized for running containers and services, not desktop use
### Notable services
- **Reverse proxy / TLS termination**
- nginx as the frontdoor for HTTP(S)
- ACME integration for automatic TLS certificates
- Hosts multiple domains/subdomains (e.g. main website, git, images)
- **Git hosting**
- Forgejo instance (selfhosted Git service)
- Supports Git LFS
- Automatic periodic dumps/backups into local backup storage
- **Photo management**
- Immich instance for photo backup & management
- Data location backed up with Borg to ZFS storage
- **Home automation stack (via Podman containers)**
- Home Assistant
- Matter server
- Mosquitto MQTT broker
- Frigate for camera/NVR functionality, with GPU acceleration
- **DNS & adblocking**
- AdGuardHome as networkwide DNS resolver and ad blocker
- **Network monitoring**
- NetFlow collector pipeline (netflow2ng) feeding into ntopng
- ntopng for traffic analysis and network visibility
- InfluxDB for timeseries storage
- GeoIP update service to keep MaxMind databases current
- **Security**
- fail2ban for basic SSH/HTTP abuse prevention
- SSH with keyonly authentication for root
### System / Nix specifics
- NVIDIA support configured, including container toolkit for GPU access from containers
- Nix flakes and modern Nix features enabled
- Automatic garbage collection with short retention to keep disk usage in check
- `system.configurationRevision` wired to the flake revision when available
- State pinned to NixOS `25.05` for backwards compatibility
---
## kemptop (workstation / laptop)
Personal workstation configuration optimized for:
- Software development
- Graphical desktop applications
- Virtualization and container workloads
- Secure boot
### Role & characteristics
- Dailydriver laptop/desktop
- Secure boot using `lanzaboote` + `sbctl`
- Can build and run software for other architectures (e.g. `aarch64-linux`)
- Better desktop/userexperience focus than the server
### Desktop environment
- COSMIC desktop as the main environment
- Graphical login managed by the COSMIC greeter
- Autologin configured for the main user (`kemp`) because of LUKS encryption
- Audio via PipeWire
- Flatpak enabled for additional apps
- Printing with support for HP printers
- mDNS/Avahi for local network service discovery
- Fingerprint authentication integrated into login
### Development & tooling
- Full Rust toolchain and build system tooling
- Large LaTeX/TeXLive setup for document preparation
- Multiple IDEs/editors installed:
- JetBrains IDEA
- Android Studio
- Zed
- Container & virtualization tools:
- Podman (with Dockercompat)
- libvirt + virtmanager
- Nixrelated tools:
- Language servers for Nix
- `nix-ld` configured to ease running foreign binaries
- Extended Nix experimental features (flakes, caderivations, etc.)
### Desktop applications
- Multiple web browsers (Firefox with PipeWire support, Chrome, Tor browser)
- Media and productivity apps (Spotify, VLC, LibreOffice, TeXStudio, etc.)
- File management and system inspection tools (Nautilus, QDirStat, Mission Center, network scanners)
- Theming and UX tools (e.g. `adw-gtk3`)
### Shell & UX
- Fish shell as primary interactive shell, autostarted from bash
- Fish enhanced with plugins (fzf integration, git helpers, colorization, etc.)
- System PATH and environment tuned via `systemd.user.extraConfig`
### Power & firmware
- Firmware updates enabled (`fwupd`)
- Powertop integration for power tuning
### System / Nix specifics
- Uses the latest Linux kernel packages
- Nix configured for multiple experimental features and flakes
- State pinned to NixOS `25.05`
Reference in a new issue View git blame Copy permalink