+33

modules/nixos/profiles/arr/README.md

reviewed

··· 1 1 + # \*arr Profile 2 2 + 3 3 + Complete \*arr stack for automated media management and downloading. 4 4 + 5 5 + ## Usage 6 6 + 7 7 + ```nix 8 8 + { 9 9 + myNixOS.profiles.arr = { 10 10 + enable = true; 11 11 + dataDir = "/var/lib"; # optional, default location 12 12 + }; 13 13 + } 14 14 + ``` 15 15 + 16 16 + ## What It Enables 17 17 + 18 18 + - **Sonarr** (port 8989): TV show management and downloading. 19 19 + - **Radarr** (port 7878): Movie management and downloading. 20 20 + - **Lidarr** (port 8686): Music management and downloading. 21 21 + - **Prowlarr** (port 9696): Indexer management for all \*arr services. 22 22 + - **Bazarr** (port 6767): Subtitle management and downloading. 23 23 + 24 24 + ## Features 25 25 + 26 26 + - **Unified data directory**: All services store data under configurable `dataDir`. 27 27 + - **Firewall integration**: Automatically opens required ports for web interfaces. 28 28 + - **Proper permissions**: Sets up correct directory ownership for each service. 29 29 + - **Directory management**: Automatically creates required data directories. 30 30 + 31 31 + ## Default Ports 32 32 + 33 33 + All services have their standard ports opened in the firewall for web UI access.

+27

modules/nixos/profiles/autoUpgrade/README.md

reviewed

··· 1 1 + # Auto Upgrade Profile 2 2 + 3 3 + Automatic system updates from the flake repository. 4 4 + 5 5 + ## Usage 6 6 + 7 7 + ```nix 8 8 + { 9 9 + myNixOS.profiles.autoUpgrade = { 10 10 + enable = true; 11 11 + operation = "boot"; # or "switch" or "test" 12 12 + }; 13 13 + } 14 14 + ``` 15 15 + 16 16 + ## What It Does 17 17 + 18 18 + - **Scheduled updates**: Daily updates at 2:00 AM with up to 120 minutes random delay. 19 19 + - **Flake integration**: Updates from `github:alyraffauf/nixcfg` (or configured `FLAKE` variable). 20 20 + - **Reboot window**: Automatic reboots only between 2:00-6:00 AM. 21 21 + - **Network check**: Tests connectivity before attempting updates. 22 22 + - **Retry logic**: Retries failed updates (useful for laptops that wake without network). 23 23 + - **Persistent timers**: Updates survive system reboots and sleep cycles and begin when possible. 24 24 + 25 25 + ## Important Notes 26 26 + 27 27 + Enables automatic reboots by default during the 2:00-6:00 AM window.

+36

modules/nixos/profiles/backups/README.md

reviewed

··· 1 1 + # Backups Profile 2 2 + 3 3 + Automatic backup configuration for enabled services using Restic and Backblaze B2. 4 4 + 5 5 + ## Usage 6 6 + 7 7 + ```nix 8 8 + { 9 9 + myNixOS.profiles.backups.enable = true; 10 10 + } 11 11 + ``` 12 12 + 13 13 + ## What It Does 14 14 + 15 15 + - **Automatic detection**: Only backs up services that are actually enabled on the system. 16 16 + - **Service management**: Stops services before backup, restarts them after completion. 17 17 + - **Backblaze B2 storage**: All backups stored in `aly-backups` bucket with hostname separation. 18 18 + - **Per-service repositories**: Each service gets its own restic repository for isolation. 19 19 + - **Smart exclusions**: Excludes problematic paths (e.g., Plex database locks). 20 20 + 21 21 + ## Supported Services 22 22 + 23 23 + - **Media**: Plex, Jellyfin, Audiobookshelf, Immich 24 24 + - **\*arr stack**: Sonarr, Radarr, Lidarr, Prowlarr, Readarr, Bazarr 25 25 + - **Development**: Forgejo (when not using external storage), PostgreSQL 26 26 + - **Utilities**: qBittorrent, Uptime Kuma, Tautulli, Ombi 27 27 + - **Smart home**: Homebridge 28 28 + - **Security**: Vaultwarden 29 29 + - **Other**: CouchDB, PDS (Bluesky) 30 30 + 31 31 + ## How It Works 32 32 + 33 33 + 1. **Conditional activation**: Backups only created for services enabled in your configuration. 34 34 + 2. **Safe stopping**: Services stopped gracefully before backup to ensure data consistency. 35 35 + 3. **Repository structure**: `rclone:b2:aly-backups/{hostname}/{service}` per service. 36 36 + 4. **Restic integration**: Uses `mySnippets.restic` configuration for default scheduling and retention settings.

+25

modules/nixos/profiles/base/README.md

reviewed

··· 1 1 + # Base Profile 2 2 + 3 3 + Essential NixOS system configuration enabled on most of my systems, bot hdesktops and servers. 4 4 + 5 5 + ## Usage 6 6 + 7 7 + ```nix 8 8 + { 9 9 + myNixOS.profiles.base.enable = true; 10 10 + } 11 11 + ``` 12 12 + 13 13 + ## What It Does 14 14 + 15 15 + - **Essential packages**: git, helix editor, htop, wget, inxi system info, lm_sensors. 16 16 + - **Modern coreutils**: Uses uutils over GNU coreutils. 17 17 + - **Development environment**: direnv with nix-direnv for automatic shell environments. 18 18 + - **Flake configuration**: Sets `FLAKE` and `NH_FLAKE` to `github:alyraffauf/nixcfg` for system rebuilds. 19 19 + - **SSH security**: Disables password authentication, uses SSH keys only, includes known hosts. 20 20 + - **GnuPG integration**: GPG agent with SSH support for key management. 21 21 + - **Sudo configuration**: Uses sudo-rs (Rust sudo) with passwordless wheel group access. 22 22 + - **Network management**: NetworkManager for WiFi and network connectivity. 23 23 + - **Remote development**: VS Code server support for remote editing. 24 24 + - **File system caching**: CacheFS with 20% run, 10% cull, 5% stop thresholds. 25 25 + - **System integration**: Polkit for privilege escalation, rtkit for realtime scheduling.

+41

modules/nixos/profiles/btrfs/README.md

reviewed

··· 1 1 + # Btrfs Profile 2 2 + 3 3 + Btrfs filesystem management with snapshots, scrubbing, and optional deduplication. 4 4 + 5 5 + ## Usage 6 6 + 7 7 + ```nix 8 8 + { 9 9 + myNixOS.profiles.btrfs = { 10 10 + enable = true; 11 11 + deduplicate = false; # optional, enables beesd 12 12 + }; 13 13 + } 14 14 + ``` 15 15 + 16 16 + ## What It Does 17 17 + 18 18 + - **Filesystem support**: Enables btrfs kernel support. 19 19 + - **Auto-scrubbing**: Periodic data integrity checks on all btrfs filesystems. 20 20 + - **Snapshots**: Automatic timeline snapshots of `/home` with snapper (if btrfs subvolume). 21 21 + - **Smart filtering**: Excludes cache, config, and temporary files from snapshots. 22 22 + - **Deduplication**: Optional beesd for block-level deduplication (when enabled). 23 23 + - **GUI tools**: Includes snapper-gui on desktop systems. 24 24 + 25 25 + ## Snapshot Configuration 26 26 + 27 27 + - **Timeline snapshots**: Automatic creation and cleanup enabled. 28 28 + - **User access**: Users group can manage their own snapshots. 29 29 + - **Filtered paths**: Excludes `.cache`, `.config`, `.local`, browser profiles, etc. 30 30 + 31 31 + ## Deduplication (Optional) 32 32 + 33 33 + When `deduplicate = true`: 34 34 + 35 35 + - **beesd**: Runs with 2GB hash tables and conservative load targets. 36 36 + - **Performance tuning**: Limited to 50% thread factor and 1.0 load average. 37 37 + - **Auto-discovery**: Automatically configures all detected btrfs devices. 38 38 + 39 39 + ## Important Notes 40 40 + 41 41 + Only activates features for detected btrfs filesystems. Snapper only configured if `/home` is a btrfs subvolume.

+25

modules/nixos/profiles/server/README.md

reviewed

··· 1 1 + # Server Profile 2 2 + 3 3 + NixOS profile optimized for headless server environments. 4 4 + 5 5 + ## Usage 6 6 + 7 7 + ```nix 8 8 + { 9 9 + myNixOS.profiles.server.enable = true; 10 10 + } 11 11 + ``` 12 12 + 13 13 + ## What It Does 14 14 + 15 15 + - **Minimal footprint**: Disables documentation and reduces system overhead. 16 16 + - **Log management**: Volatile journald storage with 32MB limits to preserve disk space. 17 17 + - **File monitoring**: Optimized inotify limits for server workloads. 18 18 + - **Memory management**: ZRAM swap with zstd compression for efficiency. 19 19 + - **Security**: Automatic fail2ban protection against brute force attacks. 20 20 + - **Performance tuning**: BPF-based automatic kernel tuning. 21 21 + - **Reliability**: systemd-oomd for out-of-memory protection. 22 22 + 23 23 + ## Important Notes 24 24 + 25 25 + Disables coredumps and emergency mode for unattended operation.

+27

modules/nixos/profiles/workstation/README.md

reviewed

··· 1 1 + # Workstation Profile 2 2 + 3 3 + NixOS profile with performance optimizations for gaming, media, and desktop use. 4 4 + 5 5 + ## Usage 6 6 + 7 7 + ```nix 8 8 + { 9 9 + myNixOS.profiles.workstation.enable = true; 10 10 + } 11 11 + ``` 12 12 + 13 13 + ## What It Does 14 14 + 15 15 + - **Kernel optimizations**: Latest kernel with performance-focused scheduler settings. 16 16 + - **Network optimizations**: BBR congestion control, TCP fastopen, reduced latency. 17 17 + - **Memory management**: Optimized dirty page handling and swap behavior. 18 18 + - **Storage scheduling**: Automatic scheduler selection (kyber for SSDs, bfq for HDDs/SD cards). 19 19 + - **Process management**: Ananicy for automatic process prioritization. 20 20 + - **Low-latency audio**: Special rules for audio workloads. 21 21 + - **ZRAM swap**: Compressed swap in memory. 22 22 + 23 23 + ## Important Notes 24 24 + 25 25 + ⚠️ **Ananicy and GameMode are incompatible** - this profile enables Ananicy by default, so don't enable GameMode simultaneously. 26 26 + 27 27 + Some optimizations trade system resiliency for performance (e.g., disabled watchdogs).