liv/nixos-config
1
0
Fork 0
mirror of https://github.com/Ahwxorg/nixos-config.git synced 2025-12-04 15:00:13 +01:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

chore: merge remote-tracking branch 'refs/remotes/origin/master'

Browse source
This commit is contained in:
Ahwx 2025-09-08 22:17:19 +02:00
commit fef39fd540
74 changed files with 2141 additions and 1042 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,3 +1 @@
secrets/
modules/services/matrix/default.nix
result result

19
.sops.yaml Normal file
View file

@ -0,0 +1,19 @@
keys:
- &sakura age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
- &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3
- &dandelion age1dpzajxcx7dcumda55qc3hncxqd43a7k85t2cdwtcvy5qsgp6k5tsugxqmd
creation_rules:
- path_regex: secrets/sakura/secrets.yaml
key_groups:
- age:
- *sakura
- path_regex: secrets/violet/secrets.yaml
key_groups:
- age:
- *sakura
- *violet
- path_regex: secrets/dandelion/secrets.yaml
key_groups:
- age:
- *sakura
- *dandelion

2
README.md
View file

@ -44,6 +44,7 @@
- [variables.nix](variables.nix): base variables useful for all hosts - [variables.nix](variables.nix): base variables useful for all hosts
- [hosts](hosts): per-host configurations that contain host specific settings - [hosts](hosts): per-host configurations that contain host specific settings
- [yoshino](hosts/yoshino/): Desktop (yoshino) specific configuration - [yoshino](hosts/yoshino/): Desktop (yoshino) specific configuration
- [iris](hosts/iris/): Desktop (iris) specific configuration
- [sakura](hosts/sakura/): Laptop (sakura) specific configuration - [sakura](hosts/sakura/): Laptop (sakura) specific configuration
- [ichiyo](hosts/ichiyo/): Laptop (ichiyo) specific configuration - [ichiyo](hosts/ichiyo/): Laptop (ichiyo) specific configuration
- [violet](hosts/violet/): Server (violet) specific configuration - [violet](hosts/violet/): Server (violet) specific configuration
@ -161,6 +162,7 @@ toggle_oppacity.sh
Other dotfiles that I learned / copy from: Other dotfiles that I learned / copy from:
- [Frost-Phoenix/nixos-config](https://github.com/Frost-Phoenix/nixos-config): This is the repository that I cloned and changed to my needs. Their credits are in their repository's readme. - [Frost-Phoenix/nixos-config](https://github.com/Frost-Phoenix/nixos-config): This is the repository that I cloned and changed to my needs. Their credits are in their repository's readme.
- [IvarWithoutBones/dotfiles](https://github.com/IvarWithoutBones/dotfiles)
- [notthebee/nix-config](https://github.com/notthebee/nix-config) - [notthebee/nix-config](https://github.com/notthebee/nix-config)
- [mrusme/dotfiles](https://github.com/mrusme/dotfiles) - [mrusme/dotfiles](https://github.com/mrusme/dotfiles)

514
flake.lock generated
View file

@ -1,52 +1,10 @@
{ {
"nodes": { "nodes": {
"Hyprspace": {
"inputs": {
"hyprland": [
"hyprland"
],
"systems": "systems"
},
"locked": {
"lastModified": 1751272032,
"narHash": "sha256-493llKN7yyLkKlz8uYVAyvXH261IpDzuVA+TnewFIAg=",
"owner": "KZDKM",
"repo": "Hyprspace",
"rev": "847a770436e1ecebdbe5ed006a93db7666937ff2",
"type": "github"
},
"original": {
"owner": "KZDKM",
"repo": "Hyprspace",
"type": "github"
}
},
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems_2"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"alejandra": { "alejandra": {
"inputs": { "inputs": {
"fenix": "fenix", "fenix": "fenix",
"flakeCompat": "flakeCompat", "flakeCompat": "flakeCompat",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1660592437, "lastModified": 1660592437,
@ -83,11 +41,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751740947, "lastModified": 1753216019,
"narHash": "sha256-35040CHH7P3JGmhGVfEb2oJHL/A5mI2IXumhkxrBnao=", "narHash": "sha256-zik7WISrR1ks2l6T1MZqZHb/OqroHdJnSnAehkE0kCk=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "dfc1db15a08c4cd234288f66e1199c653495301f", "rev": "be166e11d86ba4186db93e10c54a141058bdce49",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -96,43 +54,22 @@
"type": "github" "type": "github"
} }
}, },
"catppuccin": { "disko": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1751880463, "lastModified": 1746728054,
"narHash": "sha256-aSQllMKqsTYAUp4yhpspZn0Hj5yIj7Mh4UD5iyk5iMM=", "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
"owner": "catppuccin", "owner": "nix-community",
"repo": "nix", "repo": "disko",
"rev": "9474347c69e93e392f194dda7a57c641ba4b998e", "rev": "ff442f5d1425feb86344c028298548024f21256d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "catppuccin", "owner": "nix-community",
"repo": "nix", "ref": "latest",
"type": "github" "repo": "disko",
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github" "type": "github"
} }
}, },
@ -161,11 +98,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1747046372,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -178,24 +115,6 @@
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": {
"lastModified": 1751413152,
"narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": { "locked": {
"lastModified": 1741352980, "lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
@ -210,7 +129,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_3": { "flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixvim", "nixvim",
@ -232,7 +151,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_4": { "flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nur", "nur",
@ -255,7 +174,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -312,36 +231,15 @@
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"agenix",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1745494811, "lastModified": 1755397986,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "narHash": "sha256-qwrF5laj6eE3Zht0wKYTmH6QzL7bdOyE2f6jd3WCO8g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "rev": "8b4ac149687e8520187a66f05e9d4eafebf96522",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1751990210,
"narHash": "sha256-krWErNDl9ggMLSfK00Q2BcoSk3+IRTSON/DiDgUzzMw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "218da00bfa73f2a61682417efe74549416c16ba6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -352,14 +250,14 @@
}, },
"hypr-contrib": { "hypr-contrib": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1751715349, "lastModified": 1753252360,
"narHash": "sha256-cP76ijtfGTFTpWFfmyFHA2MpDlIyKpWwW82kqQSQ6s0=", "narHash": "sha256-PFAJoEqQWMlo1J+yZb+4HixmhbRVmmNl58e/AkLYDDI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "dafa5d09b413d08a55a81f6f8e85775d717bacda", "rev": "6839b23345b71db17cd408373de4f5605bf589b8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -384,11 +282,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749155331, "lastModified": 1753964049,
"narHash": "sha256-XR9fsI0zwLiFWfqi/pdS/VD+YNorKb3XIykgTg4l1nA=", "narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprcursor", "repo": "hyprcursor",
"rev": "45fcc10b4c282746d93ec406a740c43b48b4ef80", "rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -413,11 +311,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751808145, "lastModified": 1754305013,
"narHash": "sha256-OXgL0XaKMmfX2rRQkt9SkJw+QNfv0jExlySt1D6O72g=", "narHash": "sha256-u+M2f0Xf1lVHzIPQ7DsNCDkM1NYxykOSsRr4t3TbSM4=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprgraphics", "repo": "hyprgraphics",
"rev": "b841473a0bd4a1a74a0b64f1ec2ab199035c349f", "rev": "4c1d63a0f22135db123fc789f174b89544c6ec2d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -440,15 +338,15 @@
"nixpkgs" "nixpkgs"
], ],
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_3", "systems": "systems",
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1751995875, "lastModified": 1755416233,
"narHash": "sha256-oGufLuYzFSdLP6fUSLsIm2m4QscfTPbRT1fzQTdkw4M=", "narHash": "sha256-tydnBQmV8pPHPlvq7sTEOEhkjXnYaeJtMN+77Rf/1NU=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "9517d0eaa4ef93de67dc80fecca7a826f7ad556d", "rev": "251288ec5942b3544ad31de1299569284d80f0d7",
"revCount": 6256, "revCount": 6370,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"
@ -564,11 +462,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750371812, "lastModified": 1753819801,
"narHash": "sha256-D868K1dVEACw17elVxRgXC6hOxY+54wIEjURztDWLk8=", "narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-qtutils", "repo": "hyprland-qtutils",
"rev": "b13c7481e37856f322177010bdf75fccacd1adc8", "rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -592,6 +490,35 @@
"systems" "systems"
] ]
}, },
"locked": {
"lastModified": 1753622892,
"narHash": "sha256-0K+A+gmOI8IklSg5It1nyRNv0kCNL51duwnhUO/B8JA=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "23f0debd2003f17bd65f851cd3f930cff8a8c809",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprlang_2": {
"inputs": {
"hyprutils": [
"hyprsunset",
"hyprutils"
],
"nixpkgs": [
"hyprsunset",
"nixpkgs"
],
"systems": [
"hyprsunset",
"systems"
]
},
"locked": { "locked": {
"lastModified": 1750371198, "lastModified": 1750371198,
"narHash": "sha256-/iuJ1paQOBoSLqHflRNNGyroqfF/yvPNurxzcCT0cAE=", "narHash": "sha256-/iuJ1paQOBoSLqHflRNNGyroqfF/yvPNurxzcCT0cAE=",
@ -610,8 +537,8 @@
"inputs": { "inputs": {
"hyprutils": "hyprutils_2", "hyprutils": "hyprutils_2",
"hyprwayland-scanner": "hyprwayland-scanner_2", "hyprwayland-scanner": "hyprwayland-scanner_2",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_4",
"systems": "systems_4" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1750371999, "lastModified": 1750371999,
@ -630,17 +557,18 @@
"hyprsunset": { "hyprsunset": {
"inputs": { "inputs": {
"hyprland-protocols": "hyprland-protocols_2", "hyprland-protocols": "hyprland-protocols_2",
"hyprlang": "hyprlang_2",
"hyprutils": "hyprutils_3", "hyprutils": "hyprutils_3",
"hyprwayland-scanner": "hyprwayland-scanner_3", "hyprwayland-scanner": "hyprwayland-scanner_3",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_5",
"systems": "systems_5" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1751567624, "lastModified": 1755112136,
"narHash": "sha256-tUVODSZhvafXmuN+5SwZpNWV+2cvhSd+5IJ5TXu3YgI=", "narHash": "sha256-eYLtZJayWWbKBC3u/gvDSqVyffuD+egryr7zPWRAeyY=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprsunset", "repo": "hyprsunset",
"rev": "4b2f0f9f46a6552930eecb979d18ac48d7079312", "rev": "1f9afca28fac5f490e5f232e6f1887a69ff34896",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -661,11 +589,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751888065, "lastModified": 1754481650,
"narHash": "sha256-F2SV9WGqgtRsXIdUrl3sRe0wXlQD+kRRZcSfbepjPJY=", "narHash": "sha256-6u6HdEFJh5gY6VfyMQbhP7zDdVcqOrCDTkbiHJmAtMI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "a8229739cf36d159001cfc203871917b83fdf917", "rev": "df6b8820c4a0835d83d0c7c7be86fbc555f1f7fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -736,11 +664,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751881472, "lastModified": 1751897909,
"narHash": "sha256-meB0SnXbwIe2trD041MLKEv6R7NZ759QwBcVIhlSBfE=", "narHash": "sha256-FnhBENxihITZldThvbO7883PdXC/2dzW4eiNvtoV5Ao=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwayland-scanner", "repo": "hyprwayland-scanner",
"rev": "8fb426b3e5452fd9169453fd6c10f8c14ca37120", "rev": "fcca0c61f988a9d092cbb33e906775014c61579d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -829,32 +757,13 @@
"type": "github" "type": "github"
} }
}, },
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1752026525,
"narHash": "sha256-uCkk6qnQFNKJh0wwpeN/B/S27834c0DpBSK/Frovvyo=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "9d902f4f96cba7226f242045a5605b1ffcf18cd4",
"type": "github"
},
"original": {
"owner": "fufexan",
"repo": "nix-gaming",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1751432711, "lastModified": 1755330281,
"narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -865,36 +774,21 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1745391562, "lastModified": 1657425264,
"narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", "narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", "rev": "de5b3dd17034e6106e75746e81618e5bd408de8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixos-unstable-small",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": {
"lastModified": 1751159883,
"narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": { "locked": {
"lastModified": 1740877520, "lastModified": 1740877520,
"narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
@ -911,11 +805,11 @@
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": { "locked": {
"lastModified": 1742800061, "lastModified": 1744868846,
"narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734", "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -925,45 +819,29 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_11": {
"locked": {
"lastModified": 1751792365,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1657425264, "lastModified": 1746576598,
"narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=", "narHash": "sha256-FshoQvr6Aor5SnORVvh/ZdJ1Sa2U4ZrIMwKBX5k2wu0=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "de5b3dd17034e6106e75746e81618e5bd408de8a", "rev": "b3582c75c7f21ce0b429898980eddbbf05c68e55",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable-small", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1750776420, "lastModified": 1712163089,
"narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -975,11 +853,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1712163089, "lastModified": 1748929857,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1007,11 +885,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1748929857, "lastModified": 1755186698,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1022,38 +900,6 @@
} }
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": {
"lastModified": 1751625545,
"narHash": "sha256-4E7wWftF1ExK5ZEDzj41+9mVgxtuRV3wWCId7QAYMAU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c860cf0b3a0829f0f6cf344ca8de83a2bbfab428",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1751792365,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1743315132, "lastModified": 1743315132,
"narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=",
@ -1069,18 +915,50 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": {
"locked": {
"lastModified": 1742800061,
"narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_9", "nixpkgs": "nixpkgs_7",
"nixvim": "nixvim_2" "nixvim": "nixvim_2"
}, },
"locked": { "locked": {
"lastModified": 1749898168, "lastModified": 1755007783,
"narHash": "sha256-aOUvfBcLdrNzI1BL+jhPh0y0cFkgjne2tstDb8k1vI0=", "narHash": "sha256-mxKUvsLy6Nf8Td8jQ0Q7q+A+FcTuYMyp/qmnnCRK1QE=",
"owner": "ahwxorg", "owner": "ahwxorg",
"repo": "nixvim-config", "repo": "nixvim-config",
"rev": "546d385ec71b0ed34abc3f32100e3d0792c349c8", "rev": "d4b1e0a37718bd4b704c5c055151135094d911eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1091,8 +969,8 @@
}, },
"nixvim_2": { "nixvim_2": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_10", "nixpkgs": "nixpkgs_8",
"nuschtosSearch": "nuschtosSearch" "nuschtosSearch": "nuschtosSearch"
}, },
"locked": { "locked": {
@ -1111,15 +989,15 @@
}, },
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_11" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1752047019, "lastModified": 1755435577,
"narHash": "sha256-cquBxPthNijnDaoX6Pj5V0jQ5BhoqJOJ/DdGzeJ0xyg=", "narHash": "sha256-Rgcfyl8sWF+Uxe2HM51kJ72aNtaoy/UPiblwGTZHANU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "64185b1642f23c6340e3ebd52eabccfadfb78cfb", "rev": "199390e7082f9307578531d389cccd9f37412156",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1162,11 +1040,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750779888, "lastModified": 1754416808,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1177,20 +1055,18 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"Hyprspace": "Hyprspace",
"agenix": "agenix",
"alejandra": "alejandra", "alejandra": "alejandra",
"catppuccin": "catppuccin", "disko": "disko",
"home-manager": "home-manager_2", "home-manager": "home-manager",
"hypr-contrib": "hypr-contrib", "hypr-contrib": "hypr-contrib",
"hyprland": "hyprland", "hyprland": "hyprland",
"hyprpicker": "hyprpicker", "hyprpicker": "hyprpicker",
"hyprsunset": "hyprsunset", "hyprsunset": "hyprsunset",
"nix-gaming": "nix-gaming",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_8", "nixpkgs": "nixpkgs_6",
"nixvim": "nixvim", "nixvim": "nixvim",
"nur": "nur" "nur": "nur",
"sops-nix": "sops-nix"
} }
}, },
"rust-analyzer-src": { "rust-analyzer-src": {
@ -1210,6 +1086,24 @@
"type": "github" "type": "github"
} }
}, },
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1754988908,
"narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,
@ -1227,16 +1121,16 @@
}, },
"systems_2": { "systems_2": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1689347949,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems", "owner": "nix-systems",
"repo": "default", "repo": "default-linux",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "owner": "nix-systems",
"repo": "default", "repo": "default-linux",
"type": "github" "type": "github"
} }
}, },
@ -1256,36 +1150,6 @@
} }
}, },
"systems_4": { "systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_6": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -1328,11 +1192,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751300244, "lastModified": 1753633878,
"narHash": "sha256-PFuv1TZVYvQhha0ac53E3YgdtmLShrN0t4T6xqHl0jE=", "narHash": "sha256-js2sLRtsOUA/aT10OCDaTjO80yplqwOIaLUqEe0nMx0=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "6115f3fdcb2c1a57b4a80a69f3c797e47607b90a", "rev": "371b96bd11ad2006ed4f21229dbd1be69bed3e8a",
"type": "github" "type": "github"
}, },
"original": { "original": {

89
flake.nix
View file

@ -2,38 +2,28 @@
description = "liv's NixOS configuration"; description = "liv's NixOS configuration";
inputs = { inputs = {
agenix.url = "github:ryantm/agenix";
alejandra.url = "github:kamadorueda/alejandra/3.0.0"; alejandra.url = "github:kamadorueda/alejandra/3.0.0";
catppuccin.url = "github:catppuccin/nix"; home-manager.url = "github:nix-community/home-manager";
home-manager = { home-manager.inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/home-manager"; hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
inputs.nixpkgs.follows = "nixpkgs"; hyprland.inputs.nixpkgs.follows = "nixpkgs";
};
hyprland = {
url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
inputs.nixpkgs.follows = "nixpkgs";
};
hypr-contrib.url = "github:hyprwm/contrib"; hypr-contrib.url = "github:hyprwm/contrib";
hyprpicker.url = "github:hyprwm/hyprpicker"; hyprpicker.url = "github:hyprwm/hyprpicker";
hyprsunset.url = "github:hyprwm/hyprsunset"; hyprsunset.url = "github:hyprwm/hyprsunset";
Hyprspace = {
url = "github:KZDKM/Hyprspace";
inputs.hyprland.follows = "hyprland"; # Hyprspace uses latest Hyprland. We declare this to keep them in sync.
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
nixvim.url = "github:ahwxorg/nixvim-config"; nixvim.url = "github:ahwxorg/nixvim-config";
nix-gaming.url = "github:fufexan/nix-gaming"; sops-nix.url = "github:Mic92/sops-nix";
disko.url = "github:nix-community/disko/latest";
}; };
outputs = outputs =
{ {
self, self,
nixpkgs, nixpkgs,
catppuccin, sops-nix,
agenix, disko,
... ...
}@inputs: }@inputs:
let let
@ -48,21 +38,10 @@
{ {
overlays.default = overlays.addition; overlays.default = overlays.addition;
nixosConfigurations = { nixosConfigurations = {
desktop = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
(import ./hosts/desktop)
];
specialArgs = {
host = "desktop";
inherit self inputs username;
};
};
sakura = nixpkgs.lib.nixosSystem { sakura = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
(import ./hosts/sakura) (import ./hosts/sakura)
agenix.nixosModules.default
]; ];
specialArgs = { specialArgs = {
host = "sakura"; host = "sakura";
@ -73,7 +52,6 @@
inherit system; inherit system;
modules = [ modules = [
(import ./hosts/yoshino) (import ./hosts/yoshino)
agenix.nixosModules.default
]; ];
specialArgs = { specialArgs = {
host = "yoshino"; host = "yoshino";
@ -84,7 +62,6 @@
inherit system; inherit system;
modules = [ modules = [
(import ./hosts/ichiyo) (import ./hosts/ichiyo)
agenix.nixosModules.default
]; ];
specialArgs = { specialArgs = {
host = "ichiyo"; host = "ichiyo";
@ -95,7 +72,6 @@
inherit system; inherit system;
modules = [ modules = [
(import ./hosts/violet) (import ./hosts/violet)
agenix.nixosModules.default
]; ];
specialArgs = { specialArgs = {
host = "violet"; host = "violet";
@ -106,7 +82,6 @@
inherit system; inherit system;
modules = [ modules = [
(import ./hosts/dandelion) (import ./hosts/dandelion)
agenix.nixosModules.default
]; ];
specialArgs = { specialArgs = {
host = "dandelion"; host = "dandelion";
@ -117,21 +92,59 @@
inherit system; inherit system;
modules = [ modules = [
(import ./hosts/lily) (import ./hosts/lily)
agenix.nixosModules.default
]; ];
specialArgs = { specialArgs = {
host = "lily"; host = "lily";
inherit self inputs username; inherit self inputs username;
}; };
}; };
zinnia = nixpkgs.lib.nixosSystem {
vm = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
(import ./hosts/vm) (import ./hosts/zinnia)
]; ];
specialArgs = { specialArgs = {
host = "vm"; host = "zinnia";
inherit self inputs username;
};
};
posy = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
(import ./hosts/posy)
];
specialArgs = {
host = "posy";
inherit self inputs username;
};
};
hazel = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
(import ./hosts/hazel)
];
specialArgs = {
host = "hazel";
inherit self inputs username;
};
};
daisy = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
(import ./hosts/daisy)
];
specialArgs = {
host = "daisy";
inherit self inputs username;
};
};
iris = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
(import ./hosts/iris)
];
specialArgs = {
host = "iris";
inherit self inputs username; inherit self inputs username;
}; };
}; };

48
hosts/daisy/default.nix Normal file
View file

@ -0,0 +1,48 @@
{
pkgs,
config,
lib,
...
}:
{
imports = [
./hardware-configuration.nix
./../../modules/core/default.server.nix
# ./../../modules/services/violet.nix
];
networking = {
hostName = "daisy";
networkmanager.enable = true;
firewall = {
allowedTCPPorts = [
# 80
# 443
# 25565
9123
];
};
};
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [
pkgs.kitty.terminfo
];
boot = {
loader.grub = {
enable = true;
device = "/dev/sdb";
useOSProber = true;
};
kernelModules = [ "acpi_call" ];
extraModulePackages =
with config.boot.kernelPackages;
[
acpi_call
cpupower
]
++ [ pkgs.cpupower-gui ];
};
}

18
hosts/desktop/hardware-configuration.nix → hosts/daisy/hardware-configuration.nix
View file

@ -8,23 +8,18 @@
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "uhci_hcd" "hpsa" "mpt3sas" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/6b518d54-a144-42fe-b500-b6651038bbcc"; { device = "/dev/disk/by-uuid/02aaca49-be45-42ad-ba44-6f5dbfe9032e";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D1A5-9B92";
fsType = "vfat";
};
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/2d69abc2-3d44-481b-ada8-b436c2b9c8c2"; } [ { device = "/dev/disk/by-uuid/40aff86f-c371-4f7f-ab62-5665c4f1c071"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -32,10 +27,11 @@
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

49
hosts/dandelion/default.nix
View file

@ -14,10 +14,9 @@
users.users.liv.openssh.authorizedKeys.keys = [ users.users.liv.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLdcB5JFWx6OK2BAr8J0wPHNhr2VP2/Ci6fv3a+DPfo liv@violet" # allow violet to log in over ssh to do back ups "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLdcB5JFWx6OK2BAr8J0wPHNhr2VP2/Ci6fv3a+DPfo liv@violet" # allow violet to log in over ssh to do back ups
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi8gt51xGRzLSqaNr1LKSdrJ0VHps8U8FME71YCrs6K liv@posy" # allow posy to log in over ssh to mount music folder
]; ];
networking.hostName = "dandelion";
liv.server.enable = true; liv.server.enable = true;
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
@ -27,8 +26,34 @@
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
networking = {
hostName = "dandelion";
firewall = {
allowedTCPPorts = [
5201
];
allowedUDPPorts = [
5201
];
interfaces."ens4s1".allowedTCPPorts = [
# allow everything for local link
{
from = 1;
to = 65354;
}
];
interfaces."ens4s1".allowedUDPPorts = [
# allow everything for local link
{
from = 1;
to = 65354;
}
];
};
};
systemd.network.networks."99-local" = { systemd.network.networks."99-local" = {
matchConfig.name = "ens3s1"; matchConfig.name = "ens4s1";
address = [ address = [
"192.168.1.100/24" "192.168.1.100/24"
]; ];
@ -60,10 +85,22 @@
trim.enable = true; trim.enable = true;
}; };
# boot.zfs.extraPools = [ "terrabite" ]; boot.zfs.extraPools = [
"spinners"
];
# fileSystems."/terrabite/main" = { # fileSystems = {
# device = "terrabite/main"; # "/spinners/rootvol" = {
# device = "spinners/rootvol";
# fsType = "zfs"; # fsType = "zfs";
# }; # };
# "/spinners/ahwx" = {
# device = "spinners/ahwx";
# fsType = "zfs";
# };
# "/spinners/violet" = {
# device = "spinners/violet";
# fsType = "zfs";
# };
# };
} }

15
hosts/desktop/default.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./../../modules/core
];
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
liv.desktop.enable = true;
liv.gui.enable = true;
}

49
hosts/hazel/default.nix Normal file
View file

@ -0,0 +1,49 @@
{
pkgs,
config,
lib,
inputs,
...
}:
{
imports = [
./hardware-configuration.nix
./disko.nix
./../../modules/core/default.server.nix
# ./../../modules/services/hazel.nix
];
networking.hostName = "hazel";
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
time.timeZone = lib.mkForce "Europe/Paris";
environment.systemPackages = with pkgs; [
kitty.terminfo
];
services = {
smartd = {
enable = true;
autodetect = true;
};
};
networking.firewall = {
allowedTCPPorts = [
9123
];
};
#boot = {
# loader.grub = {
# enable = true;
# device = "/dev/sda";
# useOSProber = true;
# };
#};
}

32
hosts/hazel/disko.nix Normal file
View file

@ -0,0 +1,32 @@
{ inputs, ... }:
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices = {
disk = {
sda = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
priority = 1;
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

45
hosts/hazel/hardware-configuration.nix Normal file
View file

@ -0,0 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"ehci_pci"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# fileSystems."/" = {
# device = "/dev/disk/by-uuid/864dfbec-81f0-460f-b970-27693a0ad0e6";
# fsType = "ext4";
# };
# fileSystems."/boot" = {
# device = "/dev/disk/by-uuid/E141-F5CE";
# fsType = "vfat";
# options = [
# "fmask=0077"
# "dmask=0077"
# ];
# };
# swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

3
hosts/ichiyo/default.nix
View file

@ -12,9 +12,6 @@
./../../modules/services/tailscale.nix ./../../modules/services/tailscale.nix
]; ];
# Enable fancy boot animations
boot.plymouth.enable = true;
powerManagement = { powerManagement = {
enable = true; enable = true;
# powertop.enable = true; # powertop.enable = true;

68
hosts/iris/default.nix Normal file
View file

@ -0,0 +1,68 @@
{
inputs,
pkgs,
config,
lib,
...
}:
{
imports = [
./hardware-configuration.nix
./../../modules/core
# ./../../modules/home/nfs.nix
./../../modules/core/virtualization.nix
./../../modules/services/tailscale.nix
./../../modules/services/mpd.nix
];
powerManagement = {
enable = true;
# powertop.enable = true;
cpuFreqGovernor = lib.mkDefault "performance";
};
networking = {
hostName = "iris";
networkmanager.enable = true;
};
systemd.network.networks."99-local" = {
matchConfig.name = "enp68s0";
address = [
"192.168.1.100/24"
];
routes = [
{
Gateway = "172.16.10.1";
GatewayOnLink = false;
}
];
};
liv = {
desktop.enable = true;
creative.enable = true;
amdgpu.enable = true;
wine.enable = false; # use VM for this
gui.enable = true;
};
boot = {
kernelParams = [ ];
kernelModules = [ "acpi_call" ];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
systemd-boot.configurationLimit = 10;
};
extraModulePackages =
with config.boot.kernelPackages;
[
acpi_call
cpupower
v4l2loopback
]
++ [ pkgs.cpupower-gui ];
};
}

20
hosts/vm/hardware-configuration.nix → hosts/iris/hardware-configuration.nix
View file

@ -5,19 +5,27 @@
{ {
imports = imports =
[ (modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/631775ef-6851-4fe7-997f-189372f87437"; { device = "/dev/disk/by-uuid/6609be3d-2dda-4961-9247-6463349f196c";
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."luks-e8a36fde-6d6f-4650-b0dc-3152ef561c99".device = "/dev/disk/by-uuid/e8a36fde-6d6f-4650-b0dc-3152ef561c99";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1793-F35D";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -25,7 +33,11 @@
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.ens4f0.useDHCP = lib.mkDefault true;
# networking.interfaces.ens4f1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

41
hosts/posy/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, pkgs, lib, ... }:
{
imports = [
./../../modules/core/default.server.nix
./../../modules/services/mpd.nix
];
networking.hostName = "posy";
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [
pkgs.kitty.terminfo
];
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
services = {
smartd = {
enable = lib.mkForce false;
autodetect = lib.mkForce false;
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
};
hardware.enableRedistributableFirmware = true;
}

16
hosts/sakura/default.nix
View file

@ -12,6 +12,7 @@
./../../modules/core/virtualization.nix ./../../modules/core/virtualization.nix
./../../modules/services/tailscale.nix ./../../modules/services/tailscale.nix
./../../modules/services/mpd.nix ./../../modules/services/mpd.nix
./../../modules/services/smart-monitoring.nix
inputs.nixos-hardware.nixosModules.framework-13-7040-amd inputs.nixos-hardware.nixosModules.framework-13-7040-amd
]; ];
@ -45,13 +46,17 @@
# Disable light sensors and accelerometers as they are not used and consume extra battery # Disable light sensors and accelerometers as they are not used and consume extra battery
hardware.sensor.iio.enable = lib.mkForce false; hardware.sensor.iio.enable = lib.mkForce false;
networking.hostName = "sakura"; networking = {
hostName = "sakura";
# networkmanager.ethernet.macAddress = "13:37:6a:8a:ed:a4";
};
powerManagement = { powerManagement = {
enable = true; enable = true;
# powertop.enable = true; # powertop.enable = true;
cpuFreqGovernor = lib.mkDefault "ondemand"; cpuFreqGovernor = lib.mkDefault "ondemand";
}; };
# change battery led to blue on suspend to indicate device is in suspend mode # change battery led to blue on suspend to indicate device is in suspend mode
systemd.services."suspend-led-set" = { systemd.services."suspend-led-set" = {
description = "blue led for sleep"; description = "blue led for sleep";
@ -71,8 +76,11 @@
${pkgs.fw-ectool}/bin/ectool led battery auto ${pkgs.fw-ectool}/bin/ectool led battery auto
''; '';
}; };
systemd.sleep.extraConfig = ''
HibernateDelaySec=30m
'';
services.logind.lidSwitch = "suspend";
boot = { boot = {
plymouth.enable = true;
kernelParams = [ kernelParams = [
"mem_sleep_default=deep" "mem_sleep_default=deep"
"acpi_osi=\"!Windows 2020\"" # otherwise GPU does weird shit that makes the computer look like the RAM is broken "acpi_osi=\"!Windows 2020\"" # otherwise GPU does weird shit that makes the computer look like the RAM is broken
@ -89,7 +97,11 @@
[ [
acpi_call acpi_call
cpupower cpupower
v4l2loopback
] ]
++ [ pkgs.cpupower-gui ]; ++ [ pkgs.cpupower-gui ];
extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
}; };
} }

25
hosts/violet/default.nix
View file

@ -22,7 +22,8 @@
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
pkgs.kitty.terminfo kitty.terminfo
cifs-utils
]; ];
services = { services = {
@ -33,6 +34,18 @@
xserver.videoDrivers = [ "nvidia" ]; xserver.videoDrivers = [ "nvidia" ];
}; };
networking.firewall = {
allowedTCPPorts = [
80
443
25565
5201
];
allowedUDPPorts = [
5201
];
};
liv.nvidia.enable = true; liv.nvidia.enable = true;
boot = { boot = {
@ -50,4 +63,14 @@
] ]
++ [ pkgs.cpupower-gui ]; ++ [ pkgs.cpupower-gui ];
}; };
fileSystems."/mnt/nfs/violet" = {
device = "//172.16.10.130/spinners/violet"; # not ideal, should get the static IP from dandelion from a config attribute but whatever...
fsType = "cifs";
options = [
"x-systemd.automount"
"noauto"
"credentials=${config.sops.secrets.smbLoginDetails.path}"
];
};
} }

36
hosts/vm/default.nix
View file

@ -1,36 +0,0 @@
{ pkgs, config, lib, ... }:
{
imports = [
./hardware-configuration.nix
./../../modules/core
];
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
# kvm/qemu doesn't use UEFI firmware mode by default.
# so we force-override the setting here
# and configure GRUB instead.
boot.loader = {
systemd-boot.enable = lib.mkForce false;
grub = {
enable = true;
device = "/dev/vda";
useOSProber = false;
};
};
# allow local remote access to make it easier to toy around with the system
services.openssh = {
enable = true;
ports = [22];
settings = {
# PasswordAuthentication = lib.mkOverride true;
AllowUsers = null;
# PermitRootLogin = "yes";
};
};
}

24
hosts/yoshino/default.nix
View file

@ -12,6 +12,7 @@
# ./../../modules/home/nfs.nix # ./../../modules/home/nfs.nix
./../../modules/core/virtualization.nix ./../../modules/core/virtualization.nix
./../../modules/services/tailscale.nix ./../../modules/services/tailscale.nix
./../../modules/services/mpd.nix
]; ];
powerManagement = { powerManagement = {
@ -20,6 +21,24 @@
cpuFreqGovernor = lib.mkDefault "performance"; cpuFreqGovernor = lib.mkDefault "performance";
}; };
networking = {
hostName = "yoshino";
networkmanager.enable = true;
};
systemd.network.networks."99-local" = {
matchConfig.name = "enp68s0";
address = [
"192.168.1.100/24"
];
routes = [
{
Gateway = "172.16.10.1";
GatewayOnLink = false;
}
];
};
liv = { liv = {
desktop.enable = true; desktop.enable = true;
creative.enable = true; creative.enable = true;
@ -28,11 +47,6 @@
gui.enable = true; gui.enable = true;
}; };
networking = {
hostName = "yoshino";
networkmanager.enable = true;
};
boot = { boot = {
kernelParams = [ ]; kernelParams = [ ];
kernelModules = [ "acpi_call" ]; kernelModules = [ "acpi_call" ];

61
hosts/zinnia/default.nix Normal file
View file

@ -0,0 +1,61 @@
{
lib,
config,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./../../modules/core
./../../modules/services/tailscale.nix
./../../modules/services/mpd.nix
];
liv = {
laptop.enable = true;
gui.enable = true;
desktop.enable = false;
creative.enable = false;
amdgpu.enable = false;
};
services = {
vnstat.enable = true;
};
networking.hostName = "zinnia";
powerManagement = {
enable = true;
powertop.enable = true;
cpuFreqGovernor = lib.mkDefault "ondemand";
};
boot.initrd.luks.devices."luks-59aff546-c2c2-4697-a5f2-40a12f259f5a".device =
"/dev/disk/by-uuid/59aff546-c2c2-4697-a5f2-40a12f259f5a";
boot = {
kernelParams = [
"mem_sleep_default=deep"
];
kernelModules = [ "acpi_call" ];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
systemd-boot.configurationLimit = 10;
};
extraModulePackages =
with config.boot.kernelPackages;
[
acpi_call
cpupower
]
++ [ pkgs.cpupower-gui ];
};
time.timeZone = "Europe/Amsterdam";
nixpkgs.config.allowUnfree = true;
}

45
hosts/zinnia/hardware-configuration.nix Normal file
View file

@ -0,0 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/hardware/network/broadcom-43xx.nix")
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/c9f69c59-2014-41de-b169-53c38c7d9f15";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-ad0e2f90-490d-4a2b-8484-8d18bc9bdff5".device = "/dev/disk/by-uuid/ad0e2f90-490d-4a2b-8484-8d18bc9bdff5";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0AEC-87AF";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/18a2707c-9fe0-4dc4-a15f-6908cc34f26e"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wwp0s20f0u2c2.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

2
modules/core/default.nix
View file

@ -9,6 +9,7 @@
++ [ (import ./network.nix) ] ++ [ (import ./network.nix) ]
++ [ (import ./pipewire.nix) ] ++ [ (import ./pipewire.nix) ]
++ [ (import ./program.nix) ] ++ [ (import ./program.nix) ]
++ [ (import ./plymouth.nix) ]
++ [ (import ./sshd.nix) ] ++ [ (import ./sshd.nix) ]
++ [ (import ./security.nix) ] ++ [ (import ./security.nix) ]
++ [ (import ./services.nix) ] ++ [ (import ./services.nix) ]
@ -16,6 +17,5 @@
++ [ (import ./user.nix) ] ++ [ (import ./user.nix) ]
++ [ (import ./bluetooth.nix) ] ++ [ (import ./bluetooth.nix) ]
++ [ (import ./yubikey.nix) ] ++ [ (import ./yubikey.nix) ]
# ++ [ (import ./steam.nix) ]
++ [ (import ./wayland.nix) ]; ++ [ (import ./wayland.nix) ];
} }

20
modules/core/network.nix
View file

@ -1,20 +1,16 @@
{ pkgs, ... }: { pkgs, lib, ... }:
{ {
networking = { networking = {
networkmanager.enable = true; networkmanager = {
enable = true;
wifi.macAddress = "stable-ssid";
};
nameservers = [ "9.9.9.9" ]; nameservers = [ "9.9.9.9" ];
firewall = { firewall = {
enable = true; enable = true;
# allowedTCPPorts = [ 22 80 443 59010 59011 ];
# allowedUDPPorts = [ 59010 59011 ];
# allowedUDPPortRanges = [
# { from = 4000; to = 4007; }
# { from = 8000; to = 8010; }
# ];
}; };
}; };
services = {
# environment.systemPackages = with pkgs; [ avahi.enable = lib.mkDefault false;
# networkmanagerapplet };
# ];
} }

40
modules/core/plymouth.nix Normal file
View file

@ -0,0 +1,40 @@
{
pkgs,
lib,
...
}:
{
# TODO: add https://github.com/FraioVeio/plymouth-xp-theme
boot = {
plymouth = {
enable = lib.mkDefault true;
theme = "lone";
themePackages = with pkgs; [
# By default we would install all themes
(adi1090x-plymouth-themes.override {
selected_themes = [ "lone" ];
# selected_themes = [ "sliced" ];
# selected_themes = [ "rings" ];
# selected_themes = [ "red_loader" ];
# selected_themes = [ "dna" ];
# selected_themes = [ "hexagon_dots" ];
})
];
};
# Enable "Silent boot"
consoleLogLevel = 3;
initrd.verbose = false;
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
# Hide the OS choice for bootloaders.
# It's still possible to open the bootloader list by pressing any key
# It will just not appear on screen unless a key is pressed
loader.timeout = 1;
};
}

3
modules/core/program.nix
View file

@ -1,4 +1,4 @@
{ pkgs, agenix, ... }: { pkgs, ... }:
{ {
programs = { programs = {
dconf.enable = true; dconf.enable = true;
@ -15,6 +15,5 @@
git git
dig dig
traceroute traceroute
# agenix.packages.x86_64-linux.default
]; ];
} }

10
modules/core/security.nix
View file

@ -8,9 +8,17 @@
security = { security = {
rtkit.enable = true; rtkit.enable = true;
pam.services.swaylock = { }; pam.services.swaylock = { };
auditd.enable = true;
audit = {
enable = true;
rules = [
"-a exit,always -F arch=b64 -S execve"
];
};
sudo = { sudo = {
enable = true; enable = true;
execWheelOnly = true;
extraRules = [ extraRules = [
{ {
groups = [ "wheel" ]; groups = [ "wheel" ];
@ -20,7 +28,7 @@
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
} }
{ {
command = "/home/liv/.local/src/framework-system/target/debug/framework_tool"; command = "/run/current-system/sw/bin/framework_tool --privacy";
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
} }
]; ];

2
modules/core/services.nix
View file

@ -9,5 +9,5 @@
''; '';
# To prevent getting stuck at shutdown. # To prevent getting stuck at shutdown.
systemd.extraConfig = "DefaultTimeoutStopSec=10s"; # systemd.extraConfig = "DefaultTimeoutStopSec=10s"; # Deprecated now
} }

46
modules/core/sops.nix Normal file
View file

@ -0,0 +1,46 @@
{
pkgs,
inputs,
username,
host,
config,
...
}:
{
imports = [ inputs.sops-nix.nixosModules.sops ];
sops = {
defaultSopsFile = ../../secrets/${host}/secrets.yaml;
defaultSopsFormat = "yaml";
age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
secrets =
if (host == "violet") then
{
"systemMailerPassword" = { };
"forgejoWorkerSecret" = { };
"minioRootCredentials" = { };
"matrixRegistrationSecret" = {
owner = "matrix-synapse";
};
"smbLoginDetails" = { };
}
else if (host == "sakura") then
{
"systemMailerPassword" = { };
"dandelionSyncthingId" = { };
"sakuraSyncthingId" = { };
}
else if (host == "dandelion") then
{
"systemMailerPassword" = { };
"dandelionSyncthingId" = { };
"sakuraSyncthingId" = { };
}
else
{ };
};
environment.systemPackages = with pkgs; [
sops
];
}

9
modules/core/sshd.nix
View file

@ -14,9 +14,12 @@
networking.firewall.allowedTCPPorts = config.services.openssh.ports; networking.firewall.allowedTCPPorts = config.services.openssh.ports;
users.users.liv.openssh.authorizedKeys.keys = [ users.users.liv.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXi00z/rxVrWLKgYr+tWIsbHsSQO75hUMSTThNm5wUw liv@sakura" # main laptop "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXi00z/rxVrWLKgYr+tWIsbHsSQO75hUMSTThNm5wUw liv@sakura" # sakura
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # main phone "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv2zxCy22KU1tZOH2hA1p8fWVpOSrTYF68+3E5r330O liv@ichiyo" # ichiyo
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv2zxCy22KU1tZOH2hA1p8fWVpOSrTYF68+3E5r330O liv@ichiyo" # 2nd laptop "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDltZ7vfyrLrl32TIWCC3iUx40TrCtIz6Ssi/SZvikg liv@zinnia" # zinnia
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQtG69zrMFsoHForwZEi66y1tPvctqg1OgjQFrF3OI+ liv@iris" # iris
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mHVQp99G0osUAtnVoq5TARR8x5wjCkdbe7ChnzLRa liv@azalea" # linux phone "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mHVQp99G0osUAtnVoq5TARR8x5wjCkdbe7ChnzLRa liv@azalea" # linux phone
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # xz1c
]; ];
} }

9
modules/core/steam.nix
View file

@ -1,9 +0,0 @@
{ ... }:
{
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
}

37
modules/core/system.nix
View file

@ -1,12 +1,21 @@
{ self, pkgs, lib, inputs, ...}:
{ {
# imports = [ inputs.nix-gaming.nixosModules.default ]; self,
pkgs,
lib,
inputs,
...
}:
{
nix = { nix = {
settings = { settings = {
allowed-users = [ "@wheel" ];
auto-optimise-store = true; auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [
substituters = [ "https://nix-gaming.cachix.org" ]; "nix-command"
trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ]; "flakes"
];
# substituters = [ "http://violet.booping.local" ];
# trusted-public-keys = [ "violet.booping.local:2gshN3xfGSL7eKFc8tGkqSoIb3WQxuB2RJ8DuakLLqc=%" ];
}; };
gc = { gc = {
automatic = true; automatic = true;
@ -15,18 +24,24 @@
}; };
}; };
# nixpkgs = { programs.nix-ld = {
# overlays = [ enable = true;
# self.overlays.default libraries = with pkgs; [ ];
};
nixpkgs = {
overlays = [
self.overlays.default
# inputs.nur.overlay # inputs.nur.overlay
# ]; ];
# }; };
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ permittedInsecurePackages = [
"jitsi-meet-1.0.8043" "jitsi-meet-1.0.8043"
"olm-3.2.16" "olm-3.2.16"
"libsoup-2.74.3"
]; ];
overlays = [ overlays = [
self.overlays.default self.overlays.default
@ -49,6 +64,6 @@
ipaexfont ipaexfont
]; ];
time.timeZone = "Europe/Amsterdam"; time.timeZone = lib.mkDefault "Europe/Amsterdam";
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

16
modules/core/user.nix
View file

@ -10,6 +10,7 @@
imports = imports =
[ inputs.home-manager.nixosModules.home-manager ] [ inputs.home-manager.nixosModules.home-manager ]
++ [ ./../../roles/default.nix ] ++ [ ./../../roles/default.nix ]
++ [ ./sops.nix ]
++ [ ./../../variables.nix ]; ++ [ ./../../variables.nix ];
home-manager = { home-manager = {
useUserPackages = true; useUserPackages = true;
@ -17,14 +18,18 @@
extraSpecialArgs = { inherit inputs username host; }; extraSpecialArgs = { inherit inputs username host; };
users.${username} = { users.${username} = {
imports = imports =
if (host == "desktop") then if (host == "violet") then
[ ./../home/default.desktop.nix ]
else if (host == "violet") then
[ ./../home/default.server.nix ] [ ./../home/default.server.nix ]
else if (host == "dandelion") then else if (host == "dandelion") then
[ ./../home/default.server.nix ] [ ./../home/default.server.nix ]
else if (host == "lily") then else if (host == "lily") then
[ ./../home/default.server.nix ] [ ./../home/default.server.nix ]
else if (host == "posy") then
[ ./../home/default.server.nix ]
else if (host == "hazel") then
[ ./../home/default.server.nix ]
else if (host == "daisy") then
[ ./../home/default.server.nix ]
# else if (host == "yoshino") then # else if (host == "yoshino") then
# [ ./../home/default.nix ] # [ ./../home/default.nix ]
else else
@ -40,8 +45,6 @@
fonts.fontconfig.antialias = false; fonts.fontconfig.antialias = false;
users.groups.gay = { };
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "${username}"; description = "${username}";
@ -50,10 +53,11 @@
"wheel" "wheel"
"docker" "docker"
"input" "input"
"gay"
"dialout" "dialout"
"wheel"
]; ];
shell = pkgs.zsh; shell = pkgs.zsh;
initialPassword = "temporary-password";
}; };
nix.settings.allowed-users = [ "${username}" ]; nix.settings.allowed-users = [ "${username}" ];
} }

16
modules/core/virtualization.nix
View file

@ -1,9 +1,19 @@
{ pkgs, ... }: { pkgs, host, ... }:
{ {
virtualisation = { virtualisation = {
# vmware.host.enable = true; # Causes issues for now :p # vmware.host.enable = true; # Causes issues for now :p
waydroid.enable = true; waydroid.enable = if (host == "sakura") then true else false;
libvirtd.enable = true; libvirtd.enable =
if (host == "violet") then
true
else if (host == "sakura") then
true
else if (host == "yoshino") then
true
else if (host == "iris") then
true
else
false;
spiceUSBRedirection.enable = true; spiceUSBRedirection.enable = true;
}; };

5
modules/home/agenix.nix
View file

@ -1,5 +0,0 @@
{ config, pkgs, lib, inputs, ... }:{
environment.systemPackages = [
inputs.agenix.packages."${system}".default
];
}

5
modules/home/default.desktop.nix
View file

@ -1,5 +0,0 @@
{ ...}: {
imports =
[(import ./default.nix)]
++ [ (import ./steam.nix) ];
}

10
modules/home/gaming.nix
View file

@ -1,10 +0,0 @@
{ pkgs, config, inputs, ... }:
{
home.packages = with pkgs;[
## Utils
# gamemode
# gamescope
# winetricks
# inputs.nix-gaming.packages.${pkgs.system}.wine-ge
];
}

34
modules/home/hyprland/config.nix
View file

@ -1,4 +1,9 @@
{ pkgs, ... }: {
pkgs,
host,
username,
...
}:
{ {
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
home.packages = [ home.packages = [
@ -8,6 +13,7 @@
pkgs.noto-fonts-emoji pkgs.noto-fonts-emoji
pkgs.swww pkgs.swww
pkgs.swaylock pkgs.swaylock
pkgs.pywal16
]; ];
gtk = { gtk = {
@ -58,7 +64,13 @@
source = "~/nixos-config/modules/home/hyprland/displays.conf"; source = "~/nixos-config/modules/home/hyprland/displays.conf";
"debug:disable_scale_checks" = true; "debug:disable_scale_checks" = true;
monitor = "eDP-1, 2256x1504@60, 0x0, 1.5"; monitor =
if (host == "sakura") then
"eDP-1, 2256x1504@60, 0x0, 1.5"
else if (host == "zinnia") then
"eDP-1, 1920x1080@60, 0x0, 1.0"
else
", preferred, auto, 1";
# autostart # autostart
exec-once = [ exec-once = [
@ -207,7 +219,7 @@
"$mainMod, F, fullscreen, 0" # set 1 to 0 to set full screen without waybar "$mainMod, F, fullscreen, 0" # set 1 to 0 to set full screen without waybar
"$mainMod, Space, togglefloating," "$mainMod, Space, togglefloating,"
"$mainMod, D, exec, bemenu-run -l 5 --ignorecase" "$mainMod, D, exec, bemenu-run -l 5 --ignorecase"
"SUPER SHIFT, L, exec, hyprlock" "SUPER SHIFT, L, exec, swaylock --image /home/${username}/.local/share/bg.png"
"$mainMod, E, exec, thunar" "$mainMod, E, exec, thunar"
"$mainMod SHIFT, B, exec, pkill -SIGUSR1 .waybar-wrapped" "$mainMod SHIFT, B, exec, pkill -SIGUSR1 .waybar-wrapped"
"$mainMod, C,exec, hyprpicker -a" "$mainMod, C,exec, hyprpicker -a"
@ -376,6 +388,22 @@
xwayland { xwayland {
force_zero_scaling = true force_zero_scaling = true
} }
plugin {
hyprbars {
bar_height = 38
bar_color = rgb(1e1e1e)
col.text = $foreground
bar_text_size = 12
bar_text_font = GohuFont 11 Nerd Font Propo
bar_button_padding = 12
bar_padding = 10
bar_precedence_over_border = true
hyprbars-button = $color1, 20, , hyprctl dispatch killactive
hyprbars-button = $color3, 20, , hyprctl dispatch fullscreen 2
hyprbars-button = $color4, 20, , hyprctl dispatch togglefloating
}
}
"; ";
}; };
} }

4
modules/home/hyprland/hyprland.nix
View file

@ -22,8 +22,8 @@
# enableNvidiaPatches = false; # enableNvidiaPatches = false;
systemd.enable = true; systemd.enable = true;
plugins = [ plugins = [
# inputs.Hyprspace.packages.${pkgs.system}.Hyprspace pkgs.hyprlandPlugins.hyprbars
# inputs.Hyswipe.packages.${pkgs.system}.Hyswipe # pkgs.hyprlandPlugins.hyprspace # causes hyprland to crash on 4-finger swipe; great software
]; ];
}; };
} }

101
modules/home/kitty.nix
View file

@ -3,7 +3,7 @@
programs.kitty = { programs.kitty = {
enable = true; enable = true;
theme = "3024 Night"; # theme = "3024 Night";
font = { font = {
name = "GohuFont 14 Nerd Font Mono"; name = "GohuFont 14 Nerd Font Mono";
@ -12,7 +12,7 @@
settings = { settings = {
confirm_os_window_close = 0; confirm_os_window_close = 0;
background_opacity = "0.75"; background_opacity = "0.50";
window_padding_width = 10; window_padding_width = 10;
scrollback_lines = 10000; scrollback_lines = 10000;
enable_audio_bell = false; enable_audio_bell = false;
@ -35,5 +35,102 @@
"ctrl+shift+left" = "no_op"; "ctrl+shift+left" = "no_op";
"ctrl+shift+right" = "no_op"; "ctrl+shift+right" = "no_op";
}; };
extraConfig = ''
# vim:ft=kitty
## name: Base2Tone Suburb Dark
## author: Bram de Haan (https://github.com/atelierbram)
## license: MIT
## upstream: https://github.com/atelierbram/Base2Tone-kitty/blob/main/themes/base2tone-suburb-dark.conf
## blurb: duotone theme | warm blue - bright pink
#: The basic colors
foreground #878ba6
# background #1e202f
selection_foreground #878ba6
selection_background #292c3d
#: Cursor colors
cursor #d14781
cursor_text_color #1e202f
#: URL underline color when hovering with mouse
url_color #d2d8fe
#: kitty window border colors and terminal bell colors
active_border_color #444864
inactive_border_color #1e202f
bell_border_color #5165e6
visual_bell_color none
#: OS Window titlebar colors
wayland_titlebar_color #292c3d
macos_titlebar_color #292c3d
#: Tab bar colors
active_tab_foreground #fbf9fa
active_tab_background #1e202f
inactive_tab_foreground #b0a6aa
inactive_tab_background #292c3d
tab_bar_background #292c3d
tab_bar_margin_color none
#: Colors for marks (marked text in the terminal)
mark1_foreground #1e202f
mark1_background #6375ee
mark2_foreground #1e202f
mark2_background #8d8186
mark3_foreground #1e202f
mark3_background #e44e8c
#: The basic 16 colors
#: black
color0 #1e202f
color8 #4f5472
#: red
color1 #7586f5
color9 #fe81b5
#: green
color2 #fb6fa9
color10 #292c3d
#: yellow
color3 #ffb3d2
color11 #444864
#: blue
color4 #8696fd
color12 #5b6080
#: magenta
color5 #fb6fa9
color13 #d2d8fe
#: cyan
color6 #a0acfe
color14 #f764a1
#: white
color7 #878ba6
color15 #ebedff
'';
}; };
} }

40
modules/home/packages.nix
View file

@ -1,4 +1,10 @@
{ inputs, pkgs, ... }: {
inputs,
lib,
pkgs,
config,
...
}:
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
# Environment shit # Environment shit
@ -48,7 +54,6 @@
gitleaks gitleaks
ripgrep ripgrep
yt-dlp yt-dlp
spotify-player
nodejs_22 nodejs_22
yarn yarn
cargo cargo
@ -57,31 +62,18 @@
reader reader
nmap nmap
speedtest-go speedtest-go
delta
powertop powertop
android-tools android-tools
sshpass
net-tools
nmap
# GUI shit # Install pip packages
element-desktop # python3
gajim # python3Packages.pip
signal-desktop # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet.
anki-bin # pip install --user --break-system-packages <package>
obs-studio # '')
wdisplays
librewolf # main
ungoogled-chromium # for things that don't work with librewolf
nsxiv
imv
libreoffice
xfce.thunar
spotify
thunderbird
lxqt.pavucontrol-qt
mpv
plasma5Packages.kdeconnect-kde
# Gaming
lunar-client
inputs.alejandra.defaultPackage.${system} inputs.alejandra.defaultPackage.${system}
inputs.nixvim.packages.${pkgs.system}.default inputs.nixvim.packages.${pkgs.system}.default

1
modules/home/scripts/scripts/setbg
View file

@ -1,4 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
magick convert "$1" ~/.local/share/bg.png magick convert "$1" ~/.local/share/bg.png
wal -i "$1"
swww img ~/.local/share/bg.png --transition-type fade swww img ~/.local/share/bg.png --transition-type fade

8
modules/home/scripts/scripts/unfuck.sh
View file

@ -26,7 +26,9 @@ unfuck_wallpaper() {
} }
unfuck_fingerprint() { unfuck_fingerprint() {
systemctl restart fprintd.service notify-send "Touch sensor or use YubiKey." "Sleeping for 10 seconds."
sleep 10
sudo systemctl restart fprintd.service
} }
unfuck_bar() { unfuck_bar() {
@ -37,6 +39,8 @@ unfuck_bar() {
unfuck_networkmanager() { unfuck_networkmanager() {
# sudo modprobe -r iwlwifi # sudo modprobe -r iwlwifi
# sudo modprobe iwlwifi # sudo modprobe iwlwifi
notify-send "Touch sensor or use YubiKey." "Sleeping for 10 seconds."
sleep 10
sudo systemctl restart NetworkManager sudo systemctl restart NetworkManager
} }
@ -58,6 +62,8 @@ unfuck_audio() {
devices+=("$device") devices+=("$device")
done done
systemctl --user restart wireplumber pipewire pipewire-pulse bluetooth systemctl --user restart wireplumber pipewire pipewire-pulse bluetooth
rfkill block bluetooth
rfkill unblock bluetooth
bluetoothctl power off bluetoothctl power off
bluetoothctl power on bluetoothctl power on
for device in ${devices[*]}; do for device in ${devices[*]}; do

20
modules/home/steam.nix
View file

@ -1,20 +0,0 @@
{ pkgs, lib, ... }:
{
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = false;
};
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"steam"
"steam-original"
"steam-runtime"
];
# proton-ge-bin
# warning: The package proton-ge in nix-gaming has been deprecated as of 2024-03-17.
# You should use proton-ge-bin from Nixpkgs, which conforms to
# the new `extraCompatTools` module option under `programs.steam`
# For details, see the relevant pull request:
}

534
modules/home/swaync/default.nix
View file

@ -1,381 +1,233 @@
{ pkgs, username, ... }: { pkgs, username, ... }:
{ {
home = { home = {
packages = with pkgs; [ swaynotificationcenter ]; packages = with pkgs; [
swaynotificationcenter
wlogout
];
file."/home/${username}/.config/swaync/config.json".text = '' file."/home/${username}/.config/swaync/config.json".text = ''
{ {
"$schema": "/etc/xdg/swaync/configSchema.json",
"positionX": "right", "positionX": "right",
"positionY": "top", "positionY": "top",
"layer": "overlay", "layer": "overlay",
"layer-shell": "true", "layer-shell": true,
"cssPriority": "application", "cssPriority": "user",
"control-center-margin-top": 10,
"control-center-margin-bottom": 10, "control-center-width": 380,
"control-center-margin-right": 10, "control-center-height": 860,
"control-center-margin-left": 10, "control-center-margin-top": 8,
"notification-icon-size": 64, "control-center-margin-bottom": 8,
"notification-body-image-height": 128, "control-center-margin-right": 8,
"control-center-margin-left": 8,
"notification-window-width": 400,
"notification-icon-size": 48,
"notification-body-image-height": 160,
"notification-body-image-width": 200, "notification-body-image-width": 200,
"timeout": 10,
"timeout-low": 5, "widgets": ["buttons-grid", "title", "dnd", "notifications", "mpris"],
"timeout-critical": 0,
"fit-to-screen": true,
"control-center-width": 400,
"control-center-height": 650,
"notification-window-width": 350,
"keyboard-shortcuts": true,
"image-visibility": "when-available",
"transition-time": 200,
"hide-on-clear": false,
"hide-on-action": true,
"script-fail-notify": true,
"widgets": [
"title",
"dnd",
"notifications"
],
"widget-config": { "widget-config": {
"title": { "title": {
"text": "Notifications", "text": "Notifications",
"clear-all-button": true, "clear-all-button": true,
"button-text": " Clear all " "button-text": "Clear All"
}, },
"dnd": { "dnd": {
"text": " Do not disturb" "text": "Do Not Disturb"
}, },
"label": {
"max-lines": 1,
"text": " "
},
"mpris": {
"image-size": 60,
"image-radius": 12
},
"buttons-grid": {
"actions": [
{
"label": " ",
"command": "kitty -e nmtui-connect"
},
{
"label": "󰂯",
"command": "waybar-bluetooth toggle"
},
{
"label": "󰏘",
"command": "kitty -e walp"
},
{
"label": "",
"command": "wlogout"
}
]
}
} }
} }
''; '';
file = { file."/home/${username}/.config/swaync/style.css".text = ''
"/home/${username}/.config/swaync/style.css".text = '' @import "../../.cache/wal/colors-waybar.css";
@define-color text @foreground;
@define-color bg @color1;
@define-color selected @color6;
@define-color hover alpha(@selected, .4);
* { * {
all: unset; outline: none;
font-size: 14px;
font-family: "GohuFont 14 Nerd Font Mono";
transition: 200ms; transition: 200ms;
padding: 1px;
background: transparent;
} }
trough highlight { .notification-row {
background: #cdd6f4; outline: none;
margin: 0;
padding: 0px;
} }
scale trough { .notification-row .notification-background .close-button {
margin: 0rem 1rem; /* The notification Close Button */
background-color: #313244; background: transparent;
min-height: 8px; color: @text;
min-width: 70px; text-shadow: none;
box-shadow: none;
margin-top: 2px;
margin-right: 2px;
padding: 0;
border: none;
border-radius: 100%;
min-width: 24px;
min-height: 24px;
} }
slider { .notification-row .notification-background .close-button:hover {
background-color: #89b4fa; box-shadow: none;
background: transparent;
transition: background 0.15s ease-in-out;
border: 0px;
}
.notification-row .notification-background .notification {
/* The actual notification */
background: transparent;
}
.notification-group .notification-group-headers {
/* Notficiation Group Headers */
margin-top: 10px;
margin-bottom: 10px;
}
.notification-group .notification-group-headers .notification-group-header {
font-size: 20px;
margin-left: 3px;
}
.notification-group.collapsed .notification-row .notification {
background: alpha(@background, 0.55);
}
.control-center {
/* The Control Center which contains the old notifications + widgets */
margin: 18px;
padding: 14px;
box-shadow: 0px 2px 5px black;
background: alpha(@background, 0.55);
border: 2px solid @selected;
}
.control-center-clear-all {
/* Clear All button */
background: transparent;
padding: 5px;
}
.control-center-clear-all:hover {
background: @hover;
}
.control-center-clear-all:active {
background: @selected;
}
/*** Widgets ***/
/* Title widget */
.widget-title {
background: transparent;
margin-top: 15px;
margin-left: 15px;
margin-right: 15px;
}
/* Do Not Disturb widget */
.widget-dnd {
background: transparent;
margin-left: 15px;
margin-right: 15px;
}
.widget-dnd > switch {
background: @bg;
font-size: initial;
border-radius: 12px;
box-shadow: none;
padding: 2px;
}
/* Media Player widget */
@define-color mpris-album-art-overlay rgba(0, 0, 0, 0.55);
@define-color mpris-button-hover rgba(0, 0, 0, 0.50);
.widget-mpris {
}
.widget-mpris .widget-mpris-player {
padding: 10px;
margin: 8px 15px;
/* background-color: @mpris-album-art-overlay; */
box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.75);
border: 2px;
}
.widget-mpris .widget-mpris-player .widget-mpris-title {
font-size: 16px;
}
.widget-mpris .widget-mpris-player .widget-mpris-subtitle {
font-size: 14px;
}
/* Buttons widget */
.widget-buttons-grid {
/* background-color: alpha(@color2, 0.5); */
}
.widget-buttons-grid > flowbox > flowboxchild > button {
/* background: alpha(@color2, 0.5); */
/* border-radius: 12px; */
min-width: 45px;
}
.control-center .notification-row .notification-background .notification {
padding: 10px;
}
.floating-notifications.background .notification-row .notification-background .close-button {
margin: 10px;
padding: 2px;
} }
.floating-notifications.background .notification-row .notification-background { .floating-notifications.background .notification-row .notification-background {
box-shadow: 0 0 8px 0 rgba(0, 0, 0, 0.8), inset 0 0 0 1px #313244;
margin: 18px; margin: 18px;
background-color: #000000;
color: #cdd6f4;
padding: 0; padding: 0;
} }
.floating-notifications.background .notification-row .notification-background .notification { .floating-notifications.background .notification-row .notification-background .notification {
padding: 7px; padding: 7px;
} }
.floating-notifications.background .notification-row .notification-background .notification.critical {
box-shadow: inset 0 0 7px 0 #f38ba8;
}
.floating-notifications.background .notification-row .notification-background .notification .notification-content {
margin: 7px;
}
.floating-notifications.background .notification-row .notification-background .notification .notification-content .summary {
color: #cdd6f4;
}
.floating-notifications.background .notification-row .notification-background .notification .notification-content .time {
color: #a6adc8;
}
.floating-notifications.background .notification-row .notification-background .notification .notification-content .body {
color: #cdd6f4;
}
.floating-notifications.background .notification-row .notification-background .notification > *:last-child > * {
min-height: 3.4em;
}
.floating-notifications.background .notification-row .notification-background .notification > *:last-child > * .notification-action {
color: #cdd6f4;
background-color: #000000;
box-shadow: inset 0 0 0 1px #45475a;
margin: 7px;
}
.floating-notifications.background .notification-row .notification-background .notification > *:last-child > * .notification-action:hover {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #000000;
color: #cdd6f4;
}
.floating-notifications.background .notification-row .notification-background .notification > *:last-child > * .notification-action:active {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #000000;
color: #cdd6f4;
}
.floating-notifications.background .notification-row .notification-background .close-button {
margin: 7px;
padding: 2px;
color: #1e1e2e;
background-color: #000000;
}
.floating-notifications.background .notification-row .notification-background .close-button:hover {
background-color: #000000;
color: #1e1e2e;
}
.floating-notifications.background .notification-row .notification-background .close-button:active {
background-color: #000000;
color: #1e1e2e;
}
.control-center {
box-shadow: 0 0 8px 0 rgba(0, 0, 0, 0.8), inset 0 0 0 1px #313244;
margin: 18px;
background-color: #000000;
color: #cdd6f4;
padding: 14px;
}
.control-center .widget-title > label {
color: #cdd6f4;
font-size: 1.3em;
}
.control-center .widget-title button {
color: #cdd6f4;
background-color: #313244;
box-shadow: inset 0 0 0 1px #45475a;
padding: 8px;
}
.control-center .widget-title button:hover {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #585b70;
color: #cdd6f4;
}
.control-center .widget-title button:active {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #74c7ec;
color: #1e1e2e;
}
.control-center .notification-row .notification-background {
color: #cdd6f4;
background-color: #313244;
box-shadow: inset 0 0 0 1px #45475a;
margin-top: 14px;
}
.control-center .notification-row .notification-background .notification {
padding: 7px;
}
.control-center .notification-row .notification-background .notification.critical {
box-shadow: inset 0 0 7px 0 #f38ba8;
}
.control-center .notification-row .notification-background .notification .notification-content {
margin: 7px;
}
.control-center .notification-row .notification-background .notification .notification-content .summary {
color: #cdd6f4;
}
.control-center .notification-row .notification-background .notification .notification-content .time {
color: #a6adc8;
}
.control-center .notification-row .notification-background .notification .notification-content .body {
color: #cdd6f4;
}
.control-center .notification-row .notification-background .notification > *:last-child > * {
min-height: 3.4em;
}
.control-center .notification-row .notification-background .notification > *:last-child > * .notification-action {
color: #cdd6f4;
background-color: #11111b;
box-shadow: inset 0 0 0 1px #45475a;
margin: 7px;
}
.control-center .notification-row .notification-background .notification > *:last-child > * .notification-action:hover {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #313244;
color: #cdd6f4;
}
.control-center .notification-row .notification-background .notification > *:last-child > * .notification-action:active {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #74c7ec;
color: #cdd6f4;
}
.control-center .notification-row .notification-background .close-button {
margin: 7px;
padding: 2px;
color: #1e1e2e;
background-color: #eba0ac;
}
.close-button {
}
.control-center .notification-row .notification-background .close-button:hover {
background-color: #f38ba8;
color: #1e1e2e;
}
.control-center .notification-row .notification-background .close-button:active {
background-color: #f38ba8;
color: #1e1e2e;
}
.control-center .notification-row .notification-background:hover {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #7f849c;
color: #cdd6f4;
}
.control-center .notification-row .notification-background:active {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #74c7ec;
color: #cdd6f4;
}
.notification.critical progress {
background-color: #f38ba8;
}
.notification.low progress,
.notification.normal progress {
background-color: #89b4fa;
}
.control-center-dnd {
margin-top: 5px;
background: #313244;
border: 1px solid #45475a;
box-shadow: none;
}
.control-center-dnd:checked {
background: #313244;
}
.control-center-dnd slider {
background: #45475a;
}
.widget-dnd {
margin: 0px;
font-size: 1.1rem;
}
.widget-dnd > switch {
font-size: initial;
background: #313244;
border: 1px solid #45475a;
box-shadow: none;
}
.widget-dnd > switch:checked {
background: #313244;
}
.widget-dnd > switch slider {
background: #45475a;
border: 1px solid #6c7086;
}
.widget-mpris .widget-mpris-player {
background: #313244;
padding: 7px;
}
.widget-mpris .widget-mpris-title {
font-size: 1.2rem;
}
.widget-mpris .widget-mpris-subtitle {
font-size: 0.8rem;
}
.widget-menubar > box > .menu-button-bar > button > label {
font-size: 3rem;
padding: 0.5rem 2rem;
}
.widget-menubar > box > .menu-button-bar > :last-child {
color: #f38ba8;
}
.power-buttons button:hover,
.powermode-buttons button:hover,
.screenshot-buttons button:hover {
background: #313244;
}
.control-center .widget-label > label {
color: #cdd6f4;
font-size: 2rem;
}
.widget-buttons-grid {
padding-top: 1rem;
}
.widget-buttons-grid > flowbox > flowboxchild > button label {
font-size: 2.5rem;
}
.widget-volume {
padding-top: 1rem;
}
.widget-volume label {
font-size: 1.5rem;
color: #74c7ec;
}
.widget-volume trough highlight {
background: #74c7ec;
}
.widget-backlight trough highlight {
background: #f9e2af;
}
.widget-backlight scale {
margin-right: 1rem;
}
.widget-backlight label {
font-size: 1.5rem;
color: #f9e2af;
}
.widget-backlight .KB {
padding-bottom: 1rem;
}
''; '';
}; };
};
} }

16
modules/home/waybar/default.nix
View file

@ -23,8 +23,8 @@
"/home/${username}/.config/waybar/config" = { "/home/${username}/.config/waybar/config" = {
text = '' text = ''
[{ [{
"layer": "top", "layer": "bottom",
"position": "top", "position": "bottom",
"modules-left": [ "modules-left": [
"privacy", "privacy",
@ -85,7 +85,7 @@
"network": { "network": {
"format": "󰈀 {ifname}", "format": "󰈀 {ifname}",
"format-wifi": " {ipaddr}/{cidr} <span color='#aaaaaa'>{signalStrength}%</span>", "format-wifi": " {essid} - {ipaddr}/{cidr} <span color='#aaaaaa'>{signalStrength}%</span>",
"format-ethernet": "󰈀 {ipaddr}/{cidr}", "format-ethernet": "󰈀 {ipaddr}/{cidr}",
"format-disconnected": "󰈂", "format-disconnected": "󰈂",
"tooltip-format": "{ifname} via {gwaddr}", "tooltip-format": "{ifname} via {gwaddr}",
@ -316,7 +316,7 @@
"group/clock": { "group/clock": {
"orientation": "horizontal", "orientation": "horizontal",
"modules": [ "custom/clock#minutes", "clock#time", "clock#date" ], "modules": [ "clock#time", "custom/clock#minutes", "clock#date" ],
"drawer": { "drawer": {
"transition-left-to-right": false, "transition-left-to-right": false,
"transition-duration": 500 "transition-duration": 500
@ -349,7 +349,7 @@
"clock#time": { "clock#time": {
"interval": 60, "interval": 60,
"format": " {:%I:%M %p}", "format": " <span color='#aaaaaa'>{:%I:%M %p}</span>",
"actions": { "actions": {
"on-scroll-up": "tz_up", "on-scroll-up": "tz_up",
"on-scroll-down": "tz_down" "on-scroll-down": "tz_down"
@ -377,9 +377,9 @@
/* margin: 0 0px; */ /* margin: 0 0px; */
} }
window#waybar.top { window#waybar.bottom {
/* background-color: rgba(115, 116, 116, 0.22); */ /* background-color: rgba(115, 116, 116, 0.22); */
background-color: rgba(0, 0, 0, 0.75); background-color: rgba(0, 0, 0, 0.25);
border-bottom: none; border-bottom: none;
color: #eeeeee; color: #eeeeee;
transition-property: background-color; transition-property: background-color;
@ -387,7 +387,7 @@
} }
window#waybar.hidden { window#waybar.hidden {
opacity: 0.5; opacity: 0.25;
} }
label#window { label#window {

4
modules/home/waybar/scripts.nix
View file

@ -187,8 +187,8 @@
LTEXT="󰛧 " LTEXT="󰛧 "
fi fi
MICROPHONE_STATE="$(sudo /home/liv/.local/src/framework-system/target/debug/framework_tool --privacy | tail -n2 | head -n1)" MICROPHONE_STATE="$(sudo framework_tool --privacy | tail -n2 | head -n1)"
CAMERA_STATE="$(sudo /home/liv/.local/src/framework-system/target/debug/framework_tool --privacy | tail -n1)" CAMERA_STATE="$(sudo framework_tool --privacy | tail -n1)"
if [[ "$(echo $MICROPHONE_STATE | grep 'Microphone: Connected')" ]]; then if [[ "$(echo $MICROPHONE_STATE | grep 'Microphone: Connected')" ]]; then
MIC=1 MIC=1

99
modules/home/zsh.nix
View file

@ -3,6 +3,7 @@
config, config,
pkgs, pkgs,
host, host,
lib,
... ...
}: }:
{ {
@ -11,6 +12,21 @@
enable = true; enable = true;
autocd = true; autocd = true;
autosuggestion.enable = true; autosuggestion.enable = true;
#syntaxHighlighting = {
# enable = true;
# highlighters = [
# "main"
# "brackets"
# "pattern"
# "regexp"
# "cursor"
# "root"
# "line"
# ];
#};
defaultKeymap = "viins";
enableCompletion = true; enableCompletion = true;
# enableGlobalCompInit = true; # Should be a thing according to NixOS options but is not a thing? # enableGlobalCompInit = true; # Should be a thing according to NixOS options but is not a thing?
@ -27,13 +43,16 @@
SYSTEMD_LESS = "FRXMK"; # Fix weird sideways scrolling in systemctl status ... SYSTEMD_LESS = "FRXMK"; # Fix weird sideways scrolling in systemctl status ...
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#808080"; ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#808080";
ZSH_AUTOSUGGEST_USE_ASYNC = 1; ZSH_AUTOSUGGEST_USE_ASYNC = 1;
HISTSIZE = 100000; HISTSIZE = 10000000;
SAVEHIST = 100000; SAVEHIST = 10000000;
HISTFILE = "~/.zsh_history"; HISTFILE = "~/.zsh_history";
HISTORY_SUBSTRING_SEARCH_ENSURE_UNIQUE = 1; HISTORY_SUBSTRING_SEARCH_ENSURE_UNIQUE = 1;
KEYTIMEOUT = 1; # make Vi-mode transitions faster
}; };
initContent = '' initContent = ''
export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/"
autoload -U add-zsh-hook autoload -U add-zsh-hook
autoload -U compinit autoload -U compinit
zmodload zsh/complist zmodload zsh/complist
@ -109,7 +128,38 @@
printf "%s\n" "''${url}" printf "%s\n" "''${url}"
} }
export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/" function nixcd () {
PACKAGE_NAME="$1"
if [[ "$PACKAGE_NAME" = "" ]]; then
echo "Usage: nixcd <package name>"
fi
PKGINSTORE="$(NIXPKGS_ALLOW_UNFREE=1 nix path-info nixpkgs#$PACKAGE_NAME --impure)"
if [[ -d "$PKGINSTORE" ]]; then
cd $PKGINSTORE
else
echo "Could not find path for package: $PKGINSTORE"
return 1
fi
}
# Enter a 'nix shell' with packages selected by fzf
source ${pkgs.nix-search-fzf.zsh-shell-widget}/bin/nix-search-fzf-shell-widget
zle -N nix-search-fzf-shell-widget
bindkey '^O' nix-search-fzf-shell-widget
# Use fzf as a history widget
zle -N fzf-history-widget
bindkey '^R' fzf-history-widget
bindkey -M viins '^R' fzf-history-widget
bindkey -M vicmd '^R' fzf-history-widget
# Use fzf as a cd completion widget
zle -N fzf-cd-widget
bindkey '^G' fzf-cd-widget
# Use fzf as a file completion widget
zle -N fzf-file-widget
bindkey '^F' fzf-file-widget
# if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then # if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then
# alias imv="sxiv" # alias imv="sxiv"
@ -133,9 +183,9 @@
gcm = "git commit -m"; gcm = "git commit -m";
gph = "git push -u origin main"; gph = "git push -u origin main";
g = "git"; g = "git";
gp = "git pull";
calc = "eva"; wiki = "wikit";
wikipedia = "wikit";
}; };
}; };
@ -170,12 +220,19 @@
yt-dlp-audio = "yt-dlp -f 'ba' -x --audio-format mp3"; yt-dlp-audio = "yt-dlp -f 'ba' -x --audio-format mp3";
open = "xdg-open"; open = "xdg-open";
tree = "eza --icons --tree --group-directories-first"; tree = "eza --icons --tree --group-directories-first";
# nvim = "nix run /home/liv/Development/nixvim --";
vim = "nvim";
doas = "sudo"; doas = "sudo";
sxiv = "nsxiv"; sxiv = "nsxiv";
enby = "man"; enby = "man";
woman = "man"; woman = "man";
mkcd = "mkdir $1 && cd $1";
du = "dust";
cp = "cp -i -v";
mv = "mv -i -v";
rm = "rm -i -v";
cat = "${lib.getExe pkgs.bat} --plain";
diff = "${lib.getExe pkgs.delta} --color-only";
battery-left = "${lib.getExe pkgs.acpi} | cut -d' ' -f5";
github-actions = "${lib.getExe pkgs.act} -s GITHUB_TOKEN=\"$(${lib.getExe pkgs.github-cli} auth token)\"";
# NixOS # NixOS
ns = "nix-shell --run zsh"; ns = "nix-shell --run zsh";
@ -207,9 +264,28 @@
}; };
file = "autopair.zsh"; file = "autopair.zsh";
} }
{
name = "zsh-vi-mode";
file = "zsh-vi-mode.plugin.zsh";
src = pkgs.fetchFromGitHub {
owner = "jeffreytse";
repo = "zsh-vi-mode";
rev = "3eeca1bc6db172edee5a2ca13d9ff588b305b455";
sha256 = "0na6b5b46k4473c53mv1wkb009i6b592gxpjq94bdnlz1kkcqwg6";
};
}
{
name = "fzf-zsh-plugin";
src = fetchFromGitHub {
owner = "unixorn";
repo = "fzf-zsh-plugin";
rev = "04ae801499a7844c87ff1d7b97cdf57530856c65";
sha256 = "sha256-FEGhx36Z5pqHEOgPsidiHDN5SXviqMsf6t6hUZo+I8A=";
};
file = "fzf-zsh-plugin.plugin.zsh";
}
]; ];
}; };
fzf = { fzf = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
@ -220,4 +296,11 @@
enableZshIntegration = true; enableZshIntegration = true;
}; };
}; };
home.packages = with pkgs; [
dust
fd
delta
bat
nix-search-fzf.zsh-shell-widget
];
} }

6
modules/services/borg.nix
View file

@ -37,6 +37,12 @@ in
paths = [ paths = [
"/var/lib" "/var/lib"
]; ];
exclude = [
"/var/lib/matrix-synapse"
"/var/lib/mautrix-signal"
"/var/lib/mautrix-whatsapp"
"/var/lib/bitwarden_rs"
];
repo = "${baseRepo}/var-lib"; repo = "${baseRepo}/var-lib";
encryption.mode = "none"; encryption.mode = "none";
compression = "auto,zstd"; compression = "auto,zstd";

4
modules/services/dandelion.nix
View file

@ -2,8 +2,8 @@
{ {
imports = imports =
[ (import ./docker.nix) ] [ (import ./docker.nix) ]
++ [ (import ./immich.nix) ] # ++ [ (import ./immich.nix) ]
++ [ (import ./nextcloud.nix) ] # ++ [ (import ./nextcloud.nix) ]
++ [ (import ./home-assistant.nix) ] ++ [ (import ./home-assistant.nix) ]
++ [ (import ./monitoring.nix) ] ++ [ (import ./monitoring.nix) ]
++ [ (import ./smart-monitoring.nix) ] ++ [ (import ./smart-monitoring.nix) ]

19
modules/services/email.nix Normal file
View file

@ -0,0 +1,19 @@
{
pkgs,
config,
...
}:
{
programs.msmtp = {
enable = true;
accounts.default = {
auth = true;
tls = true;
port = 465;
host = "smtp.migadu.com";
from = config.liv.variables.senderEmail;
user = config.liv.variables.senderEmail;
passwordeval = "${pkgs.coreutils}/bin/cat ${config.sops.secrets.systemMailerPassword.path}";
};
};
}

55
modules/services/forgejo.nix
View file

@ -9,7 +9,8 @@ let
srv = cfg.settings.server; srv = cfg.settings.server;
in in
{ {
services.forgejo = { services = {
forgejo = {
enable = true; enable = true;
# database.type = "postgres"; # database.type = "postgres";
# Enable support for Git Large File Storage # Enable support for Git Large File Storage
@ -28,38 +29,44 @@ in
ENABLED = true; ENABLED = true;
DEFAULT_ACTIONS_URL = "github"; DEFAULT_ACTIONS_URL = "github";
}; };
# Sending emails is completely optional # TODO: run own email server that sends users emails!
# You can send a test email from the web UI at: # You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration # Profile Picture > Site Administration > Configuration > Mailer Configuration
# mailer = { mailer = {
# ENABLED = true; ENABLED = true;
# SMTP_ADDR = "mail.example.com"; SMTP_ADDR = "smtp.migadu.com";
# FROM = "noreply@${srv.DOMAIN}"; FROM = config.liv.variables.senderEmail;
# USER = "noreply@${srv.DOMAIN}"; USER = config.liv.variables.senderEmail;
# }; };
};
secrets.mailer.PASSWD = config.sops.secrets.systemMailerPassword.path;
};
gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances.code-liv-town = {
enable = true;
name = "forgejo-01";
tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}";
url = "https://code.liv.town";
labels = [
"node-22:docker://node:22-bookworm"
"nixos-latest:docker://nixos/nix"
];
};
};
anubis.instances.forgejo = {
settings = {
TARGET = "http://localhost:3050";
BIND = ":3051";
BIND_NETWORK = "tcp";
}; };
# mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
}; };
# gitea-actions-runner = {
# package = pkgs.forgejo-runner;
# instances.my-forgejo-instance = {
# enable = true;
# name = "forgejo-01";
# token = ""; # TODO: fill in tokens etc
# url = "https://code.liv.town";
# labels = [
# "node-22:docker://node:22-bookworm"
# "nixos-latest:docker://nixos/nix"
# ];
# };
# };
services = {
nginx.virtualHosts."code.liv.town" = { nginx.virtualHosts."code.liv.town" = {
forceSSL = true; forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = { locations."/" = {
proxyPass = "http://localhost:3050"; proxyPass = "http://localhost${toString config.services.anubis.instances.forgejo.settings.BIND}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

3
modules/services/matrix/secrets.yaml
View file

@ -1,3 +0,0 @@
registration_shared_secret: ""
report_stats: false

19
modules/services/monitoring.nix
View file

@ -1,4 +1,4 @@
{ config, ... }: { config, host, ... }:
{ {
services = { services = {
prometheus = { prometheus = {
@ -10,6 +10,15 @@
enabledCollectors = [ "systemd" ]; enabledCollectors = [ "systemd" ];
port = 9002; port = 9002;
}; };
smokeping = {
enable = true;
hosts = [
"172.16.10.1"
"172.16.10.2"
"9.9.9.9"
"149.112.112.112"
];
};
}; };
scrapeConfigs = [ scrapeConfigs = [
{ {
@ -20,6 +29,14 @@
} }
]; ];
} }
{
job_name = "${host} - smokeping";
static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.smokeping.port}" ];
}
];
}
]; ];
}; };
}; };

4
modules/services/nfs.nix
View file

@ -8,7 +8,7 @@
services = { services = {
# Network shares # Network shares
samba = { samba = {
package = pkgs.samba4Full; package = pkgs.samba;
# ^^ `samba4Full` is compiled with avahi, ldap, AD etc support (compared to the default package, `samba` # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support (compared to the default package, `samba`
# Required for samba to register mDNS records for auto discovery # Required for samba to register mDNS records for auto discovery
# See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268
@ -26,7 +26,7 @@
# ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile` # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
#nssmdns4 = true; #nssmdns4 = true;
# ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
enable = true; enable = lib.mkForce true;
openFirewall = true; openFirewall = true;
}; };
samba-wsdd = { samba-wsdd = {

18
modules/services/nginx.nix
View file

@ -37,24 +37,6 @@
recommendedProxySettings = true; recommendedProxySettings = true;
clientMaxBodySize = lib.mkDefault "10G"; clientMaxBodySize = lib.mkDefault "10G";
#defaultListen =
# let
# listen = [
# {
# addr = "[::]";
# port = 80;
# extraParameters = [ "proxy_protocol" ];
# }
# {
# addr = "[::]";
# port = 443;
# ssl = true;
# extraParameters = [ "proxy_protocol" ];
# }
# ];
# in
# map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
# Hardened TLS and HSTS preloading # Hardened TLS and HSTS preloading
appendHttpConfig = '' appendHttpConfig = ''
# Proxying # Proxying

18
modules/services/nix-serve.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, ... }:
{
services = {
nix-serve = {
enable = true;
secretKeyFile = "/var/secrets/cache-private-key.pem";
};
nginx.virtualHosts."violet.booping.local" = {
forceSSL = false;
# sslCertificate = "/var/lib/acme/liv.town/cert.pem";
# sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = {
proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
}

29
modules/services/paperless-ngx.nix Normal file
View file

@ -0,0 +1,29 @@
{
services = {
paperless = {
enable = true;
consumptionDirIsPublic = true;
settings = {
PAPERLESS_CONSUMER_IGNORE_PATTERN = [
".DS_STORE/*"
"desktop.ini"
];
PAPERLESS_OCR_LANGUAGE = "deu+eng+nld";
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
};
PAPERLESS_URL = "https://documents.liv.town";
};
};
nginx.virtualHosts."documents.liv.town" = {
forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = {
proxyPass = "http://127.0.0.1:28981";
proxyWebsockets = true;
};
};
};
}

55
modules/services/remote-build.nix Normal file
View file

@ -0,0 +1,55 @@
{
config,
pkgs,
username,
...
}:
{
users.users.remotebuild = {
isNormalUser = true;
createHome = false;
group = "remotebuild";
openssh.authorizedKeys.keys = config.users.users.${username}.openssh.authorizedKeys.keys ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKI2KQn97mykFLIaMUWMftA1txJec9qW56hAMj5/MhE liv@dandelion
"
];
};
users.groups.remotebuild = { };
nix = {
nrBuildUsers = 64;
settings = {
trusted-users = [ "remotebuild" ];
min-free = 10 * 1024 * 1024;
max-free = 200 * 1024 * 1024;
max-jobs = "auto";
cores = 0;
};
};
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
# add to clients:
# nix.distributedBuilds = true;
# nix.settings.builders-use-substitutes = true;
# nix.buildMachines = [
# {
# hostName = "violet";
# sshUser = "remotebuild";
# sshKey = "/home/liv/.ssh/id_ed25519"; # Make sure to give a key that works for this user.
# system = pkgs.stdenv.hostPlatform.system;
# supportedFeatures = [
# "nixos-test"
# "big-parallel"
# "kvm"
# ];
# }
# ];
}

38
modules/services/smart-monitoring.nix
View file

@ -1,7 +1,15 @@
{ config, ... }: { config, host, ... }:
{ {
imports = [ ./email.nix ];
services.scrutiny = { services.scrutiny = {
enable = true; # Enable based on name of host
enable =
if (host == "dandelion") then
true
else if (host == "lily") then
true
else
false;
collector.enable = true; collector.enable = true;
settings.web.listen.port = 8181; settings.web.listen.port = 8181;
settings.notify.urls = [ settings.notify.urls = [
@ -10,18 +18,20 @@
]; ];
}; };
# services.smartd = { services.smartd = {
# enable = true; enable = true;
# autodetect = true; autodetect = true;
# notifications = { notifications = {
# mail = { wall = {
# enable = true; enable = true;
# # mailer = "/path/to/mailer/binary"; # Need to get system emails working first };
# sender = "${config.liv.variables.fromEmail}"; mail = {
# recipient = "${config.liv.variables.toEmail}"; enable = true;
# }; sender = config.liv.variables.senderEmail;
# }; recipient = config.liv.variables.email;
# }; };
};
};
# services.nginx.virtualHosts."" = { # services.nginx.virtualHosts."" = {
# locations."/" = { # locations."/" = {

70
modules/services/vaultwarden.nix Normal file
View file

@ -0,0 +1,70 @@
{
config,
host,
pkgs,
username,
...
}:
let
baseRepo = "ssh://liv@dandelion:9123/spinners/rootvol/backups/${host}";
in
{
services = {
vaultwarden = {
enable = true;
dbBackend = "sqlite";
config = {
SIGNUPS_ALLOWED = false;
ENABLE_WEBSOCKET = true;
SENDS_ALLOWED = true;
INVITATIONS_ENABLED = true;
EMERGENCY_ACCESS_ALLOWED = true;
EMAIL_ACCESS_ALLOWED = true;
DOMAIN = "https://passwords.liv.town";
ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = 8003;
};
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"passwords.liv.town" = {
forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/";
proxyWebsockets = true;
};
};
};
};
borgbackup.jobs."violet-vaultwarden" = {
paths = [ "/var/lib/bitwarden_rs" ];
repo = "${baseRepo}/var-vaultwarden";
encryption.mode = "none";
compression = "auto,zstd";
startAt = "daily";
preHook = ''
systemctl stop vaultwarden
'';
postHook = ''
systemctl start vaultwarden
if [ $exitStatus -eq 2 ]; then
${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${host} "borgbackup: ${host} backup (vaultwarden) failed with errors"
else
${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${host} "borgbackup: ${host} backup (vaultwarden) completed succesfully with exit status $exitStatus"
fi
'';
user = "root";
extraCreateArgs = [
"--stats"
];
environment = {
BORG_RSH = "ssh -p 9123 -i /home/${username}/.ssh/id_ed25519";
};
};
};
}

9
modules/services/violet.nix
View file

@ -7,6 +7,7 @@
++ [ (import ./binternet-proxy.nix) ] ++ [ (import ./binternet-proxy.nix) ]
++ [ (import ./bluemap-proxy.nix) ] ++ [ (import ./bluemap-proxy.nix) ]
++ [ (import ./docker.nix) ] ++ [ (import ./docker.nix) ]
++ [ (import ./email.nix) ]
++ [ (import ./forgejo.nix) ] ++ [ (import ./forgejo.nix) ]
++ [ (import ./grafana.nix) ] ++ [ (import ./grafana.nix) ]
++ [ (import ./guacamole.nix) ] ++ [ (import ./guacamole.nix) ]
@ -17,14 +18,20 @@
++ [ (import ./matrix/default.nix) ] ++ [ (import ./matrix/default.nix) ]
++ [ (import ./mumble.nix) ] ++ [ (import ./mumble.nix) ]
++ [ (import ./monitoring.nix) ] ++ [ (import ./monitoring.nix) ]
# ++ [ (import ./minio.nix) ]
# ++ [ (import ./nextcloud.nix) ]
++ [ (import ./ntfy.nix) ] ++ [ (import ./ntfy.nix) ]
++ [ (import ./nginx.nix) ] ++ [ (import ./nginx.nix) ]
++ [ (import ./nix-serve.nix) ]
++ [ (import ./paperless-ngx.nix) ]
++ [ (import ./radicale.nix) ] ++ [ (import ./radicale.nix) ]
++ [ (import ./remote-build.nix) ]
++ [ (import ./readarr.nix) ] ++ [ (import ./readarr.nix) ]
++ [ (import ./sharkey-proxy.nix) ] ++ [ (import ./sharkey-proxy.nix) ]
# ++ [ (import ./komga.nix) ] # ++ [ (import ./komga.nix) ]
# ++ [ (import ./xmpp.nix) ] # ++ [ (import ./xmpp.nix) ]
++ [ (import ./tailscale.nix) ]; ++ [ (import ./tailscale.nix) ]
++ [ (import ./vaultwarden.nix) ];
# ++ [ (import ./smart-monitoring.nix) ] # ++ [ (import ./smart-monitoring.nix) ]
# ++ [ (import ./jitsi-meet.nix) ] # ++ [ (import ./jitsi-meet.nix) ]
} }

2
overlays/default.nix
View file

@ -1,3 +1,3 @@
{ {
addition = final: _: import ../pkgs { pkgs = final; }; addition = final: _: import ../pkgs/default.nix { pkgs = final; };
} }

40
pkgs/createScript/default.nix Normal file
View file

@ -0,0 +1,40 @@
{
lib,
runCommand,
makeWrapper,
}:
# A function which creates a shell script with optional dependencies added to PATH.
name: src:
{
dependencies ? [ ],
...
}@attrs:
runCommand name
(
{
inherit src;
nativeBuildInputs = lib.optionals (dependencies != [ ]) (attrs.nativeBuildInputs or [ ]) ++ [
makeWrapper
];
meta = {
mainProgram = name;
} // attrs.meta or { };
}
// (builtins.removeAttrs attrs [
"nativeBuildInputs"
"meta"
])
)
''
mkdir -p $out/bin
install -Dm755 $src $out/bin/$name
patchShebangs $out/bin/$name
${lib.optionalString (dependencies != [ ]) ''
wrapProgram $out/bin/$name --prefix PATH : ${lib.makeBinPath dependencies}
''}
''

5
pkgs/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs } : { pkgs }:
{ {
wikit = pkgs.callPackage ./wikit/default.nix { }; createScript = pkgs.callPackage ./createScript/default.nix { };
nix-search-fzf = pkgs.callPackage ./nix-search-fzf/default.nix { };
} }

50
pkgs/nix-search-fzf/default.nix Normal file
View file

@ -0,0 +1,50 @@
{
createScript,
replaceVars,
gnused,
jq,
fzf,
nix,
coreutils,
bash,
nix-search-fzf,
writeShellScriptBin,
}:
let
previewText = createScript "fzf-preview" ./fzf-preview.sh { };
src = replaceVars ./nix-search-fzf.sh {
previewText = "${previewText}/bin/fzf-preview";
};
in
createScript "nix-search-fzf" src {
dependencies = [
gnused
jq
fzf
nix
coreutils
bash
];
# Enter a 'nix shell' with packages selected by this script
passthru.zsh-shell-widget = writeShellScriptBin "nix-search-fzf-shell-widget" ''
nix-search-fzf-shell-widget() {
setopt localoptions pipefail no_aliases 2> /dev/null
local cmd="$(eval "${nix-search-fzf}/bin/nix-search-fzf -c")"
if [[ -z "$cmd" ]]; then
zle redisplay
return 0
fi
zle push-line
BUFFER="''${cmd}"
zle accept-line
local ret=$?
unset cmd
zle reset-prompt
return $ret
}
'';
meta.description = "a wrapper around 'nix {run,shell,edit}' with autocomplete using fzf";
}

73
pkgs/nix-search-fzf/fzf-preview.sh Normal file
View file

@ -0,0 +1,73 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p
# shellcheck shell=bash
set -euo pipefail
PKG_NAME="$1"
FLAKE="$2"
FLAKE_PATH="${FLAKE}#${PKG_NAME}"
removeQuotes() {
local flag="$*"
flag="${flag%\"}"
echo "${flag#\"}"
}
newlinesToCommaSeperated() {
echo "$@" | sed ':a;N;$!ba;s/\n/, /g'
}
evalAttr() {
local attr data
attr="$1"
data="$(nix eval "$FLAKE_PATH"."$attr" 2>/dev/null)"
[[ $data != "null" && $data != "false" && -n $data ]] && removeQuotes "$data"
}
evalJsonAttr() {
local attr jqArgs data
attr="$1"
jqArgs="$2"
data="$(nix eval --json "$FLAKE_PATH"."$attr" 2>/dev/null | jq -r "$jqArgs")"
[[ $data != "null" && -n $data ]] && echo "$data"
}
evalNixpkgsLib() {
local function data
function="$1"
# Impure is needed to import the flake reference
data="$(nix eval --raw --impure --expr "let pkgs = (builtins.getFlake \"flake:$FLAKE\"); in pkgs.lib.$function pkgs.$PKG_NAME" 2>/dev/null)"
[[ $data != "null" && -n $data ]] && echo "$data"
}
maybeEcho() {
local -r prefix="$1"
local flag="$2"
local -r commaSeperated="${3:-false}"
[[ $commaSeperated == "true" ]] && flag="$(newlinesToCommaSeperated "$flag")"
test -n "$flag" && echo "$prefix $flag"
}
test -n "$(evalAttr "meta.broken")" && echo "broken: true"
test -n "$(evalAttr "meta.insecure")" && echo "insecure: true"
version="$(evalAttr "version")"
# Derive the version from "name" using 'lib.getVersion' if it's not set
test -z "$version" && version="$(evalNixpkgsLib "getVersion")"
maybeEcho "version:" "$version"
homepage="$(evalAttr "meta.homepage")"
maybeEcho "homepage:" "$homepage"
description="$(evalAttr "meta.description")"
maybeEcho "description:" "$description"
license="$(evalJsonAttr "meta.license" 'if type=="array" then .[].fullName else .fullName end')"
maybeEcho "license:" "$license" true
maintainers="$(evalJsonAttr "meta.maintainers" '.[].github')"
maybeEcho "maintainers:" "$maintainers" true
platforms="$(evalJsonAttr "meta.platforms" 'if type=="array" then .[] else . end')"
maybeEcho "platforms:" "$platforms" true

161
pkgs/nix-search-fzf/nix-search-fzf.sh Normal file
View file

@ -0,0 +1,161 @@
#!/usr/bin/env bash
# An fzf script with autocomplete from "nix search" which allows for interactive fuzzy searching of derivations.
# After the search a nix subcommand is executed on the selected derivation(s), e.g. "nix shell" or "nix run".
set -eou pipefail
FLAKE="nixpkgs" # The default flake to use. TODO: make this configurable
NIX_SUBCOMMAND="shell" # The default nix subcommand to execute
MULTIPLE_SELECTION=true # Whether to allow the user to select multiple derivations
PRINT_COMMAND=false # Only print the command that would be executed, don't execute it
if [ -n "${XDG_CACHE_HOME-}" ]; then
CACHE_PATH="$XDG_CACHE_HOME/nix-search-fzf/cache.txt"
else
CACHE_PATH="$HOME/.cache/nix-search-fzf/cache.txt"
fi
# Because fzf executes commands from keybindings in a subprocess, we cannot directly change this scripts state.
# Instead we can use a temporary file as an IPC mechanism, to change which subcommand to execute.
TMP_FILE="$(mktemp --dry-run --suffix "-nix-search-fzf")"
trap 'rm -f "$TMP_FILE"' EXIT INT TERM
handleArguments() {
while (("$#" > 0)); do
case "$1" in
-s | shell | --shell)
NIX_SUBCOMMAND="shell"
;;
-b | build | --build)
NIX_SUBCOMMAND="build"
;;
-r | run | --run)
NIX_SUBCOMMAND="run"
MULTIPLE_SELECTION=false
;;
-e | edit | --edit)
NIX_SUBCOMMAND="edit"
MULTIPLE_SELECTION=false
;;
-c | command | --command)
PRINT_COMMAND=true
;;
-u | update | --update)
manageCache true
exit
;;
-h | help | --help)
echo "Usage: $(basename "$0") [--shell|--build|--run|--edit|--update]"
echo " --shell: enter a nix shell with the selected package(s). This is the default"
echo " --build: build the selected package(s) with nix build"
echo " --run: run the selected package with nix run"
echo " --edit: edit the selected package with nix edit"
echo " --command: only print the command that would be executed, don't execute it"
echo " --update: update the nix search cache, this is done automatically every 10 days"
echo " --help: show this help message"
exit 0
;;
*)
echo "Unknown option '$1'"
exit 1
;;
esac
shift 1
done
}
runColored() {
printf "\e[32m\$ %s\n\e[0m" "$1"
eval "$1"
}
manageCache() {
local doUpdate="${1:-false}"
mkdir -p "$(dirname "$CACHE_PATH")"
if [ ! -f "$CACHE_PATH" ] || [ ! -s "$CACHE_PATH" ]; then
doUpdate="true"
echo "attribute path cache does not exist, generating..." >&2
elif (($(date -r "$CACHE_PATH" +%s) < $(date -d "now - 10 days" +%s))); then
doUpdate="true"
echo "cache file is older than 10 days, updating..." >&2
fi
if [ "$doUpdate" == "true" ]; then
echo "caching attribute paths..." >&2
# Create a list of all attribute paths with "legacyPackages.$arch" stripped
# In the future this could contain metadata as well, doing a "nix-eval" for each is not the fastest
nix search "$FLAKE" "^" --quiet --json | jq -r 'keys[]' | cut -d'.' -f3- >"$CACHE_PATH"
echo "successfully generated attribute path cache" >&2
fi
}
fzfBindingFlag() {
local tmpFile="$1"
local -A bindings=(
["shell"]="ctrl-s"
["build"]="ctrl-b"
["edit"]="ctrl-e"
["run"]="ctrl-r"
)
local result="--bind="
for subCommand in "${!bindings[@]}"; do
local binding="${bindings[$subCommand]}"
# When pressed, write the appropriate command to our temporary IPC file, and change the prompt accordingly
result+="$binding:execute-silent(echo $subCommand > $tmpFile)+change-prompt($subCommand > ),"
done
echo "${result%,}"
}
runFzf() {
local multi_flag
if [ "$MULTIPLE_SELECTION" == true ]; then
multi_flag="--multi"
else
multi_flag="--no-multi"
fi
fzf "$multi_flag" \
--height 40% \
--preview-window right,70% \
--border rounded \
--prompt "$NIX_SUBCOMMAND > " \
--preview "bash -c \"@previewText@ {} $FLAKE\"" \
"$(fzfBindingFlag "$TMP_FILE")" <"$CACHE_PATH"
}
runNix() {
local packages selectedPkgs command
readarray -t selectedPkgs <<<"$@"
((${#selectedPkgs[@]} == 0)) && exit 0
if [ "$MULTIPLE_SELECTION" == true ] && ((${#selectedPkgs[@]} > 1)); then
# Build a brace expansion string
local pkg_list="{"
for pkg in "${selectedPkgs[@]}"; do
pkg_list+="$pkg,"
done
packages="${pkg_list%,}}"
else
packages="${selectedPkgs[0]}"
fi
((${#packages} == 0)) && exit 0
# Update what subcommand to execute, in case it was changed by a keybinding from fzf
[ -s "$TMP_FILE" ] && NIX_SUBCOMMAND="$(<"$TMP_FILE")"
command="NIXPKGS_ALLOW_UNFREE=1 nix $NIX_SUBCOMMAND $FLAKE#$packages --impure"
if [ "$PRINT_COMMAND" == true ]; then
echo "$command"
exit 0
else
runColored "$command"
fi
}
handleArguments "$@"
manageCache
runNix "$(runFzf)"

16
pkgs/wikit/default.nix
View file

@ -1,16 +0,0 @@
{ lib, ... }:
with lib;
let
src = fetchFromGitHub {
owner = "KorySchneider";
repo = "wikit";
rev = "6432c6020606868cc5f240d0317040e38b992292";
};
in {
wikit = mkYarnPackage {
name = "wikit";
inherit src;
packageJSON = src + "./package.json";
yarnLock = src + "./yarn.lock";
};
}

39
roles/gui.nix
View file

@ -17,9 +17,46 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services = { services = {
gvfs.enable = true; gvfs = {
enable = true;
package = lib.mkForce pkgs.gnome.gvfs;
};
gnome.gnome-keyring.enable = true; gnome.gnome-keyring.enable = true;
dbus.enable = true; dbus.enable = true;
}; };
home-manager.users.${username}.home.packages = with pkgs; [
element-desktop
gajim
signal-desktop
mumble
anki-bin
obs-studio
wdisplays
librewolf # main
ungoogled-chromium # for things that don't work with librewolf
nsxiv
imv
libreoffice
xfce.thunar
spotify
spotify-player
thunderbird
lxqt.pavucontrol-qt
mpv
plasma5Packages.kdeconnect-kde
winbox
# onthespot-overlay
# Gaming
lunar-client
# Not GUI but specific to GUI usage
sshuttle
sshfs
# try out for a bit
niri
];
}; };
} }

27
secrets/dandelion/secrets.yaml Normal file
View file

@ -0,0 +1,27 @@
systemMailerPassword: ENC[AES256_GCM,data:b9Mmxo3beDpo1pi1Y+5TZn64ZeKJzJXlJwYFs5BjVMngeej+Y0naWmwBdlTEwzPm6OiO/N1haNQUlwT4KdOTx7t8PsZwQ5dOQl1gjWp0T+0ImWLImvINyvDIg6uh9RsvqLIJBvgLAtiUHE3jq7vLwDPaZ69tvjmGACNfNKX8A0A=,iv:BvmZ7GtDsHFWSY+cL10P1e7I75ZwrzjFJ6e5J2IbEic=,tag:g9yqAQtJ9kD3o1cfng0gTA==,type:str]
dandelionSyncthingId: ENC[AES256_GCM,data:YgkjHxSD5mp44MMd7X46Rt5FqW89prMvhrkvHN5dxvPJ937cOGV9WYXf69A0+0XEbO97jlDAp7ph1GF0Q9UV,iv:45gaF2MZh1GbZmvKRnEtkQfNgx11r9xYaxvqAkU2ZkM=,tag:f9Iel/5029acJuzzTmyHXQ==,type:str]
sakuraSyncthingId: ENC[AES256_GCM,data:dzMpAy6wzlbGdnsesc7OUB25AkvdRwReT+o1UUqoz1VXXldy5esTpa3vGqM2B/Qa3lZq999VX4hejisSRBGd,iv:Eorc7tX4cnu2n2Kc1uPrfTdU5KQ8jjUsKDuByf1/mts=,tag:+ev+2RbN1v22N96zuQHV9w==,type:str]
sops:
age:
- recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIcHFGUFltcUVSNnJXNWhI
TU5ySU1SQXVYdUFNOUlXdmZzYTZnZFhWQVJnCmV6T1duSnlGejNMc1hDUHovYTJE
Ri93OURqaEVrd0xCRUZZdWhsKzI1QkEKLS0tIExDeE9BNUxoYjhzWjBrM1FIUzV1
cGpiNmJ6blQ2c1FiOEFnNllrbWxjWmsKDXsXc2tlmgXHmEveCVq1WMrFRtzLttgc
0sMlwMFo71eV5JWrDjPbg0WwXonGI9TILJ09FFSTK7FRhwyFpgL6TA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dpzajxcx7dcumda55qc3hncxqd43a7k85t2cdwtcvy5qsgp6k5tsugxqmd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxS250MmZyazRFVGMzdzVy
T09EaE1lY1h1d3BiMFRlNWV2SXNXNFBuekRnClRieVJrbGFMRjdCZEFVUjdoa2JQ
K1RzalZBVThOMWl3T2pZakxUTUI5cXcKLS0tIHBPeVdtUmtCUmtOTVVRZlNwUXpO
L1d2bW5tRDhjQ2VaU0xDWWlZYi94TEUKvjD1Pk8/Jq18nCJioeVBYbfaT3rSYr4l
aZ+j21bb7tE3JbUQfGkYo2blJqZsxFxblZlvf6tK2DU39Tl64naUpQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-04T12:32:42Z"
mac: ENC[AES256_GCM,data:JrU10DY9ih8eMtR3vNpuGppU4gZQyxAzDZ7R2+UFnv/g0zGVYnIKyVEQB9AfO2PEc+nBIYvruiO8XJrqx9O3osf7gvICXnWgEB8C4VPv7IvgniPz68O0hAgpBKkh7Lj0ZP/EGpjXjMr1yBTLtMWsFBXqJa16cD21qsHnlQjBp9Q=,iv:4LWlyE86dKDgwErqE/PmbquGFyQxUVfZw8bifjSB51I=,tag:95INrs/69ipBIutWb5ZbrA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

18
secrets/sakura/secrets.yaml Normal file
View file

@ -0,0 +1,18 @@
systemMailerPassword: ENC[AES256_GCM,data:fdCLxxQOPw00kSGrddcr/ZsYWJ9xYPkfxUeS52jA+MNM4dNNfeQ2rhvWKLYpH/6D3/J7CND0UNUVuRLtPdEnU8ct8jkAmYX5nGDm9HAnVScDvbn5dMvaNxg+0o34Fz7E0XbmRM3B6zpzL4T6Odmmd2iRh/cRiz7WBwmKUpcCV3Q=,iv:ddPxnK6f1wEH+xxQLLADO5SdG8YZkbSVlNfan+AA4vs=,tag:WLrQzVsok6dtxSSQH3HHsw==,type:str]
dandelionSyncthingId: ENC[AES256_GCM,data:crzT7Ph2gDYm/LAyEM2yw/THzu+Dv5SBrw17NF42j2jCvGMLaDgdlMAhkJlr7bonnpjII+9/TLjEXtcEIhcd,iv:6e94tT8rCLFxwDWLNj2T/Fx+0yAuhfS2AdjAKJKt/k0=,tag:Ai44ZvRZps4lQ4gLBbfUDw==,type:str]
sakuraSyncthingId: ENC[AES256_GCM,data:/4MQEcCYVsw2ad2WmUn8Y2f/9mUcyjU9l7Z7PorexQfwaIucmfNH1+Z/FF+0wRj4uaUQLqpR29bRl3EQr/ve,iv:FsiLQYuLZ9YvkfqyF3mAV6jW7csZ5+yXx0sN8f768BE=,tag:U/OTuSnjkOeVT6Vdz96bOw==,type:str]
sops:
age:
- recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cFNzYWRSTTdwMXY1K3hK
MEJ6TEN1YS9XdkJOclhmWVVBWmxJcEsrdWxjCld4NThJdmoyMGRKbFNVZWdWQ1FQ
MmpQMm1TOTZhQlllWlV4Y0tiUGxDNkkKLS0tIFVBcEgzNlBVaHozOTViZG1FcXIx
bjBJd2RtdDhkSFlaUzVRTkQyTVpVSDgKoZ7S/izFqmPw3qHT37ws8m2Cmmb8prC/
JaVn8U57G4aRgp1BqXQvpnKA98HT3BwEsMce5LeNvX7kAtdqkU5eRQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-04T12:32:56Z"
mac: ENC[AES256_GCM,data:so7buQVx6nUTRYBfCPdITDccVWOjEmfPslkG8+Z0RKkDgIgwH4Aa/GnTkX0WxmB2bbI6/GQ1PhILE4UXTo8O7W0OO10+PWV2AWwngMcog+ggbH7qpd1395Tw0A8KiiXdPXwxFBEZqrYkKmYVyw314H02+h5+Qd3irH0bWqmpGOg=,iv:Sy4wR3GdSJCR1tlAxV2lau7cpLox/CoiGTC5eZoNVos=,tag:W2pv//unvIE0HBuJ0v35GA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

29
secrets/violet/secrets.yaml Normal file
View file

@ -0,0 +1,29 @@
systemMailerPassword: ENC[AES256_GCM,data:b1fvCLZMiA9xDu/9BKQGnCTbwj46uixlo37qer66DK09U7CEB8ZBqe+Y+DqjcOJUHHHSo8Qk1XGvGQWypkGICxmxNP8KWvmY42Woh3677APvotUdjW5fVKTgB+Y1m/6/cvXKicJFjbw5LOzZ2/JcXP01KPSkRxWb/X4xzvawSMY=,iv:vbchTqHaH2PB9Mll/s8q4zLhN6ThAsCVvhoggOhj7H4=,tag:6b+TiV1YYHWOn0P9qJZ/bQ==,type:str]
forgejoWorkerSecret: ENC[AES256_GCM,data:kmUjukTJ9SP6nJvfhIMFVTu5vAc9TIfZidUgejC7FSNBDJiP/lVlHw==,iv:jF9LpWLxtBi5i5NCC5nkLeLqJQzOAIY7H1z2NfHqUQI=,tag:3mtTcn+LQEbCESlt34nf9g==,type:str]
matrixRegistrationSecret: ENC[AES256_GCM,data:xDFYVpBJa+FHWjmLlZspJAzJcoav53nWPoctQ5+gAnDYMurtSCkmoQn8r5j6fOmiy56KQyk8AD2/kT1HeFFNKA==,iv:82eIoh1ePc0VxfTbBPxpwGhYrcdRMI6WjFhlUJhxuHk=,tag:FAYUXUy0lEQU56ni2dxvbg==,type:str]
minioRootCredentials: ENC[AES256_GCM,data:/IrpspB6Puy+6scHheBSBp6zQVh8uwpu4nFPLSkueuohSUESPHbRb0w1XAp4V5HraMtOThFqlm0JeBW0XbhY4E8L1P+S3/aMLKjp2voA928l9AjF6sTaSKsO7qh6LEmo90qm9Jo0nDo=,iv:M5NOGfSsl+LggLyEjV49vcWCaYmbG0eJcgwI2v7AKcI=,tag:A+CrDTL+TkEayOqBUII4aQ==,type:str]
smbLoginDetails: ENC[AES256_GCM,data:Puv+Vewv0TDpiYM+Uym180CLT+vXKoeSW/uNxAX7f9y0NvG2Uqqglj/HcCMhyQn9GpCIQyb+xidlLWn3Ywdg6ybaf4WN5EdAEXMK/FRQyVIvvOcCcwG+IeUc1Wc5NmM2qEbxLqLNDWxiH8/QsrT9rWWxxx4c4eD1HOpIv9LCuavXXLmKy6JvtxYwtOv4u8ukp+e0uP7pLN7d,iv:XH+6soi7lZiGz9ZGlQb49f44API715ib/Y7Zh3hFnDM=,tag:iz8RYRSwNxrMxy+rqeM07Q==,type:str]
sops:
age:
- recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeG8vNWltdmJGcHhpMFVv
L2loTVRWeUVQMjdFbXlLdDZ4NWd2czlMa1JVClErdlhXdlJKSDFrakhqVjRQMlBx
RStBKzI3bHkzWlZrdkFTZFZvRjN0eFUKLS0tIGJFaTRkVGhSbmZSbEdYZEFWV2Fz
bytGVUhvL1dKNk41cytPajJMUFdXQmMKbJZ7RDB5MXqotaLrWABIKFs2wEZtIAVm
+k+ykISzj/XhhCt2J4IWbhPqRDlivsOLvQF1srNgk02/laE+0Nz5Pg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMWV2NkVGSWR3UzBPWmFQ
S2lQRm9zZENGc29mN1VxT3hsb2c5d3k3ZGw4Ck5JWlpXQUU0WnhXT2ZocFZFSlkr
WjhZM214YVBDR3UzcU9SQ09ucWJDSUUKLS0tIE00aXVkeTQ5eG1TTTA2UnBuVnVB
S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI
VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-19T12:23:05Z"
mac: ENC[AES256_GCM,data:hH3cTyHeFMTH5zYpCWyM1uqLta/uzQcLc5HPSdsR52Skh89/5h51vC666g0JuVm/sXh3gv6XQ1AGidPMAmx60qmHjiWE/LRli7xDwKk3p4mldC7RC2FrR0JPmfhDzXIo7VL60PCq4CPWevyRpAWMEMgnc3Z/IzmfDObUsvU+rg0=,iv:CrL4uqV8keGMw+tuqvkNrpKoM0qqr1vsdhESPUb+Hig=,tag:O2NKejf2dpkrkTzX1IfQcA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

6
variables.nix
View file

@ -29,5 +29,11 @@ in
readOnly = true; readOnly = true;
description = "My primary email"; description = "My primary email";
}; };
senderEmail = mkOption {
default = "notifications@liv.town";
type = types.str;
readOnly = true;
description = "Emailaddress used to send mails from the system";
};
}; };
} }