liv/nixos-config
1
0
Fork 0
mirror of https://github.com/Ahwxorg/nixos-config.git synced 2025-12-04 06:50:14 +01:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

chore: merge remote-tracking branch 'refs/remotes/origin/master'

Browse source
This commit is contained in:
Ahwx 2025-09-08 22:17:19 +02:00
commit fef39fd540
74 changed files with 2141 additions and 1042 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,3 +1 @@
secrets/
modules/services/matrix/default.nix
result

19
.sops.yaml Normal file
View file

@ -0,0 +1,19 @@
keys:
- &sakura age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
- &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3
- &dandelion age1dpzajxcx7dcumda55qc3hncxqd43a7k85t2cdwtcvy5qsgp6k5tsugxqmd
creation_rules:
- path_regex: secrets/sakura/secrets.yaml
key_groups:
- age:
- *sakura
- path_regex: secrets/violet/secrets.yaml
key_groups:
- age:
- *sakura
- *violet
- path_regex: secrets/dandelion/secrets.yaml
key_groups:
- age:
- *sakura
- *dandelion

2
README.md
View file

@ -44,6 +44,7 @@
- [variables.nix](variables.nix): base variables useful for all hosts
- [hosts](hosts): per-host configurations that contain host specific settings
- [yoshino](hosts/yoshino/): Desktop (yoshino) specific configuration
- [iris](hosts/iris/): Desktop (iris) specific configuration
- [sakura](hosts/sakura/): Laptop (sakura) specific configuration
- [ichiyo](hosts/ichiyo/): Laptop (ichiyo) specific configuration
- [violet](hosts/violet/): Server (violet) specific configuration
@ -161,6 +162,7 @@ toggle_oppacity.sh
Other dotfiles that I learned / copy from:
- [Frost-Phoenix/nixos-config](https://github.com/Frost-Phoenix/nixos-config): This is the repository that I cloned and changed to my needs. Their credits are in their repository's readme.
- [IvarWithoutBones/dotfiles](https://github.com/IvarWithoutBones/dotfiles)
- [notthebee/nix-config](https://github.com/notthebee/nix-config)
- [mrusme/dotfiles](https://github.com/mrusme/dotfiles)

514
flake.lock generated
View file

@ -1,52 +1,10 @@
{
"nodes": {
"Hyprspace": {
"inputs": {
"hyprland": [
"hyprland"
],
"systems": "systems"
},
"locked": {
"lastModified": 1751272032,
"narHash": "sha256-493llKN7yyLkKlz8uYVAyvXH261IpDzuVA+TnewFIAg=",
"owner": "KZDKM",
"repo": "Hyprspace",
"rev": "847a770436e1ecebdbe5ed006a93db7666937ff2",
"type": "github"
},
"original": {
"owner": "KZDKM",
"repo": "Hyprspace",
"type": "github"
}
},
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems_2"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"alejandra": {
"inputs": {
"fenix": "fenix",
"flakeCompat": "flakeCompat",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1660592437,
@ -83,11 +41,11 @@
]
},
"locked": {
"lastModified": 1751740947,
"narHash": "sha256-35040CHH7P3JGmhGVfEb2oJHL/A5mI2IXumhkxrBnao=",
"lastModified": 1753216019,
"narHash": "sha256-zik7WISrR1ks2l6T1MZqZHb/OqroHdJnSnAehkE0kCk=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "dfc1db15a08c4cd234288f66e1199c653495301f",
"rev": "be166e11d86ba4186db93e10c54a141058bdce49",
"type": "github"
},
"original": {
@ -96,43 +54,22 @@
"type": "github"
}
},
"catppuccin": {
"disko": {
"inputs": {
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1751880463,
"narHash": "sha256-aSQllMKqsTYAUp4yhpspZn0Hj5yIj7Mh4UD5iyk5iMM=",
"owner": "catppuccin",
"repo": "nix",
"rev": "9474347c69e93e392f194dda7a57c641ba4b998e",
"lastModified": 1746728054,
"narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
"owner": "nix-community",
"repo": "disko",
"rev": "ff442f5d1425feb86344c028298548024f21256d",
"type": "github"
},
"original": {
"owner": "catppuccin",
"repo": "nix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"owner": "nix-community",
"ref": "latest",
"repo": "disko",
"type": "github"
}
},
@ -161,11 +98,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
@ -178,24 +115,6 @@
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1751413152,
"narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
@ -210,7 +129,7 @@
"type": "github"
}
},
"flake-parts_3": {
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
@ -232,7 +151,7 @@
"type": "github"
}
},
"flake-parts_4": {
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nur",
@ -255,7 +174,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_6"
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
@ -312,36 +231,15 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"lastModified": 1755397986,
"narHash": "sha256-qwrF5laj6eE3Zht0wKYTmH6QzL7bdOyE2f6jd3WCO8g=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1751990210,
"narHash": "sha256-krWErNDl9ggMLSfK00Q2BcoSk3+IRTSON/DiDgUzzMw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "218da00bfa73f2a61682417efe74549416c16ba6",
"rev": "8b4ac149687e8520187a66f05e9d4eafebf96522",
"type": "github"
},
"original": {
@ -352,14 +250,14 @@
},
"hypr-contrib": {
"inputs": {
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1751715349,
"narHash": "sha256-cP76ijtfGTFTpWFfmyFHA2MpDlIyKpWwW82kqQSQ6s0=",
"lastModified": 1753252360,
"narHash": "sha256-PFAJoEqQWMlo1J+yZb+4HixmhbRVmmNl58e/AkLYDDI=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "dafa5d09b413d08a55a81f6f8e85775d717bacda",
"rev": "6839b23345b71db17cd408373de4f5605bf589b8",
"type": "github"
},
"original": {
@ -384,11 +282,11 @@
]
},
"locked": {
"lastModified": 1749155331,
"narHash": "sha256-XR9fsI0zwLiFWfqi/pdS/VD+YNorKb3XIykgTg4l1nA=",
"lastModified": 1753964049,
"narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "45fcc10b4c282746d93ec406a740c43b48b4ef80",
"rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5",
"type": "github"
},
"original": {
@ -413,11 +311,11 @@
]
},
"locked": {
"lastModified": 1751808145,
"narHash": "sha256-OXgL0XaKMmfX2rRQkt9SkJw+QNfv0jExlySt1D6O72g=",
"lastModified": 1754305013,
"narHash": "sha256-u+M2f0Xf1lVHzIPQ7DsNCDkM1NYxykOSsRr4t3TbSM4=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "b841473a0bd4a1a74a0b64f1ec2ab199035c349f",
"rev": "4c1d63a0f22135db123fc789f174b89544c6ec2d",
"type": "github"
},
"original": {
@ -440,15 +338,15 @@
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_3",
"systems": "systems",
"xdph": "xdph"
},
"locked": {
"lastModified": 1751995875,
"narHash": "sha256-oGufLuYzFSdLP6fUSLsIm2m4QscfTPbRT1fzQTdkw4M=",
"lastModified": 1755416233,
"narHash": "sha256-tydnBQmV8pPHPlvq7sTEOEhkjXnYaeJtMN+77Rf/1NU=",
"ref": "refs/heads/main",
"rev": "9517d0eaa4ef93de67dc80fecca7a826f7ad556d",
"revCount": 6256,
"rev": "251288ec5942b3544ad31de1299569284d80f0d7",
"revCount": 6370,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
@ -564,11 +462,11 @@
]
},
"locked": {
"lastModified": 1750371812,
"narHash": "sha256-D868K1dVEACw17elVxRgXC6hOxY+54wIEjURztDWLk8=",
"lastModified": 1753819801,
"narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "b13c7481e37856f322177010bdf75fccacd1adc8",
"rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc",
"type": "github"
},
"original": {
@ -592,6 +490,35 @@
"systems"
]
},
"locked": {
"lastModified": 1753622892,
"narHash": "sha256-0K+A+gmOI8IklSg5It1nyRNv0kCNL51duwnhUO/B8JA=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "23f0debd2003f17bd65f851cd3f930cff8a8c809",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprlang_2": {
"inputs": {
"hyprutils": [
"hyprsunset",
"hyprutils"
],
"nixpkgs": [
"hyprsunset",
"nixpkgs"
],
"systems": [
"hyprsunset",
"systems"
]
},
"locked": {
"lastModified": 1750371198,
"narHash": "sha256-/iuJ1paQOBoSLqHflRNNGyroqfF/yvPNurxzcCT0cAE=",
@ -610,8 +537,8 @@
"inputs": {
"hyprutils": "hyprutils_2",
"hyprwayland-scanner": "hyprwayland-scanner_2",
"nixpkgs": "nixpkgs_5",
"systems": "systems_4"
"nixpkgs": "nixpkgs_4",
"systems": "systems_2"
},
"locked": {
"lastModified": 1750371999,
@ -630,17 +557,18 @@
"hyprsunset": {
"inputs": {
"hyprland-protocols": "hyprland-protocols_2",
"hyprlang": "hyprlang_2",
"hyprutils": "hyprutils_3",
"hyprwayland-scanner": "hyprwayland-scanner_3",
"nixpkgs": "nixpkgs_6",
"systems": "systems_5"
"nixpkgs": "nixpkgs_5",
"systems": "systems_3"
},
"locked": {
"lastModified": 1751567624,
"narHash": "sha256-tUVODSZhvafXmuN+5SwZpNWV+2cvhSd+5IJ5TXu3YgI=",
"lastModified": 1755112136,
"narHash": "sha256-eYLtZJayWWbKBC3u/gvDSqVyffuD+egryr7zPWRAeyY=",
"owner": "hyprwm",
"repo": "hyprsunset",
"rev": "4b2f0f9f46a6552930eecb979d18ac48d7079312",
"rev": "1f9afca28fac5f490e5f232e6f1887a69ff34896",
"type": "github"
},
"original": {
@ -661,11 +589,11 @@
]
},
"locked": {
"lastModified": 1751888065,
"narHash": "sha256-F2SV9WGqgtRsXIdUrl3sRe0wXlQD+kRRZcSfbepjPJY=",
"lastModified": 1754481650,
"narHash": "sha256-6u6HdEFJh5gY6VfyMQbhP7zDdVcqOrCDTkbiHJmAtMI=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "a8229739cf36d159001cfc203871917b83fdf917",
"rev": "df6b8820c4a0835d83d0c7c7be86fbc555f1f7fd",
"type": "github"
},
"original": {
@ -736,11 +664,11 @@
]
},
"locked": {
"lastModified": 1751881472,
"narHash": "sha256-meB0SnXbwIe2trD041MLKEv6R7NZ759QwBcVIhlSBfE=",
"lastModified": 1751897909,
"narHash": "sha256-FnhBENxihITZldThvbO7883PdXC/2dzW4eiNvtoV5Ao=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "8fb426b3e5452fd9169453fd6c10f8c14ca37120",
"rev": "fcca0c61f988a9d092cbb33e906775014c61579d",
"type": "github"
},
"original": {
@ -829,32 +757,13 @@
"type": "github"
}
},
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1752026525,
"narHash": "sha256-uCkk6qnQFNKJh0wwpeN/B/S27834c0DpBSK/Frovvyo=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "9d902f4f96cba7226f242045a5605b1ffcf18cd4",
"type": "github"
},
"original": {
"owner": "fufexan",
"repo": "nix-gaming",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1751432711,
"narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=",
"lastModified": 1755330281,
"narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f",
"rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
"type": "github"
},
"original": {
@ -865,36 +774,21 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1745391562,
"narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
"owner": "NixOS",
"lastModified": 1657425264,
"narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
"rev": "de5b3dd17034e6106e75746e81618e5bd408de8a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1751159883,
"narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1740877520,
"narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
@ -911,11 +805,11 @@
},
"nixpkgs_10": {
"locked": {
"lastModified": 1742800061,
"narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=",
"lastModified": 1744868846,
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734",
"rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
"type": "github"
},
"original": {
@ -925,45 +819,29 @@
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1751792365,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1657425264,
"narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=",
"owner": "nixos",
"lastModified": 1746576598,
"narHash": "sha256-FshoQvr6Aor5SnORVvh/ZdJ1Sa2U4ZrIMwKBX5k2wu0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "de5b3dd17034e6106e75746e81618e5bd408de8a",
"rev": "b3582c75c7f21ce0b429898980eddbbf05c68e55",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1750776420,
"narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=",
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"type": "github"
},
"original": {
@ -975,11 +853,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"type": "github"
},
"original": {
@ -1007,11 +885,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github"
},
"original": {
@ -1022,38 +900,6 @@
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1751625545,
"narHash": "sha256-4E7wWftF1ExK5ZEDzj41+9mVgxtuRV3wWCId7QAYMAU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c860cf0b3a0829f0f6cf344ca8de83a2bbfab428",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1751792365,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1743315132,
"narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=",
@ -1069,18 +915,50 @@
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1742800061,
"narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_9",
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_7",
"nixvim": "nixvim_2"
},
"locked": {
"lastModified": 1749898168,
"narHash": "sha256-aOUvfBcLdrNzI1BL+jhPh0y0cFkgjne2tstDb8k1vI0=",
"lastModified": 1755007783,
"narHash": "sha256-mxKUvsLy6Nf8Td8jQ0Q7q+A+FcTuYMyp/qmnnCRK1QE=",
"owner": "ahwxorg",
"repo": "nixvim-config",
"rev": "546d385ec71b0ed34abc3f32100e3d0792c349c8",
"rev": "d4b1e0a37718bd4b704c5c055151135094d911eb",
"type": "github"
},
"original": {
@ -1091,8 +969,8 @@
},
"nixvim_2": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_10",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_8",
"nuschtosSearch": "nuschtosSearch"
},
"locked": {
@ -1111,15 +989,15 @@
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_11"
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1752047019,
"narHash": "sha256-cquBxPthNijnDaoX6Pj5V0jQ5BhoqJOJ/DdGzeJ0xyg=",
"lastModified": 1755435577,
"narHash": "sha256-Rgcfyl8sWF+Uxe2HM51kJ72aNtaoy/UPiblwGTZHANU=",
"owner": "nix-community",
"repo": "NUR",
"rev": "64185b1642f23c6340e3ebd52eabccfadfb78cfb",
"rev": "199390e7082f9307578531d389cccd9f37412156",
"type": "github"
},
"original": {
@ -1162,11 +1040,11 @@
]
},
"locked": {
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"lastModified": 1754416808,
"narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864",
"type": "github"
},
"original": {
@ -1177,20 +1055,18 @@
},
"root": {
"inputs": {
"Hyprspace": "Hyprspace",
"agenix": "agenix",
"alejandra": "alejandra",
"catppuccin": "catppuccin",
"home-manager": "home-manager_2",
"disko": "disko",
"home-manager": "home-manager",
"hypr-contrib": "hypr-contrib",
"hyprland": "hyprland",
"hyprpicker": "hyprpicker",
"hyprsunset": "hyprsunset",
"nix-gaming": "nix-gaming",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_6",
"nixvim": "nixvim",
"nur": "nur"
"nur": "nur",
"sops-nix": "sops-nix"
}
},
"rust-analyzer-src": {
@ -1210,6 +1086,24 @@
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1754988908,
"narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1689347949,
@ -1227,16 +1121,16 @@
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"repo": "default-linux",
"type": "github"
}
},
@ -1256,36 +1150,6 @@
}
},
"systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -1328,11 +1192,11 @@
]
},
"locked": {
"lastModified": 1751300244,
"narHash": "sha256-PFuv1TZVYvQhha0ac53E3YgdtmLShrN0t4T6xqHl0jE=",
"lastModified": 1753633878,
"narHash": "sha256-js2sLRtsOUA/aT10OCDaTjO80yplqwOIaLUqEe0nMx0=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "6115f3fdcb2c1a57b4a80a69f3c797e47607b90a",
"rev": "371b96bd11ad2006ed4f21229dbd1be69bed3e8a",
"type": "github"
},
"original": {

89
flake.nix
View file

@ -2,38 +2,28 @@
description = "liv's NixOS configuration";
inputs = {
agenix.url = "github:ryantm/agenix";
alejandra.url = "github:kamadorueda/alejandra/3.0.0";
catppuccin.url = "github:catppuccin/nix";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland = {
url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
hyprland.inputs.nixpkgs.follows = "nixpkgs";
hypr-contrib.url = "github:hyprwm/contrib";
hyprpicker.url = "github:hyprwm/hyprpicker";
hyprsunset.url = "github:hyprwm/hyprsunset";
Hyprspace = {
url = "github:KZDKM/Hyprspace";
inputs.hyprland.follows = "hyprland"; # Hyprspace uses latest Hyprland. We declare this to keep them in sync.
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nur.url = "github:nix-community/NUR";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixvim.url = "github:ahwxorg/nixvim-config";
nix-gaming.url = "github:fufexan/nix-gaming";
sops-nix.url = "github:Mic92/sops-nix";
disko.url = "github:nix-community/disko/latest";
};
outputs =
{
self,
nixpkgs,
catppuccin,
agenix,
sops-nix,
disko,
...
}@inputs:
let
@ -48,21 +38,10 @@
{
overlays.default = overlays.addition;
nixosConfigurations = {
desktop = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
(import ./hosts/desktop)
];
specialArgs = {
host = "desktop";
inherit self inputs username;
};
};
sakura = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
(import ./hosts/sakura)
agenix.nixosModules.default
];
specialArgs = {
host = "sakura";
@ -73,7 +52,6 @@
inherit system;
modules = [
(import ./hosts/yoshino)
agenix.nixosModules.default
];
specialArgs = {
host = "yoshino";
@ -84,7 +62,6 @@
inherit system;
modules = [
(import ./hosts/ichiyo)
agenix.nixosModules.default
];
specialArgs = {
host = "ichiyo";
@ -95,7 +72,6 @@
inherit system;
modules = [
(import ./hosts/violet)
agenix.nixosModules.default
];
specialArgs = {
host = "violet";
@ -106,7 +82,6 @@
inherit system;
modules = [
(import ./hosts/dandelion)
agenix.nixosModules.default
];
specialArgs = {
host = "dandelion";
@ -117,21 +92,59 @@
inherit system;
modules = [
(import ./hosts/lily)
agenix.nixosModules.default
];
specialArgs = {
host = "lily";
inherit self inputs username;
};
};
vm = nixpkgs.lib.nixosSystem {
zinnia = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
(import ./hosts/vm)
(import ./hosts/zinnia)
];
specialArgs = {
host = "vm";
host = "zinnia";
inherit self inputs username;
};
};
posy = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
(import ./hosts/posy)
];
specialArgs = {
host = "posy";
inherit self inputs username;
};
};
hazel = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
(import ./hosts/hazel)
];
specialArgs = {
host = "hazel";
inherit self inputs username;
};
};
daisy = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
(import ./hosts/daisy)
];
specialArgs = {
host = "daisy";
inherit self inputs username;
};
};
iris = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
(import ./hosts/iris)
];
specialArgs = {
host = "iris";
inherit self inputs username;
};
};

48
hosts/daisy/default.nix Normal file
View file

@ -0,0 +1,48 @@
{
pkgs,
config,
lib,
...
}:
{
imports = [
./hardware-configuration.nix
./../../modules/core/default.server.nix
# ./../../modules/services/violet.nix
];
networking = {
hostName = "daisy";
networkmanager.enable = true;
firewall = {
allowedTCPPorts = [
# 80
# 443
# 25565
9123
];
};
};
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [
pkgs.kitty.terminfo
];
boot = {
loader.grub = {
enable = true;
device = "/dev/sdb";
useOSProber = true;
};
kernelModules = [ "acpi_call" ];
extraModulePackages =
with config.boot.kernelPackages;
[
acpi_call
cpupower
]
++ [ pkgs.cpupower-gui ];
};
}

18
hosts/desktop/hardware-configuration.nix → hosts/daisy/hardware-configuration.nix
View file

@ -8,23 +8,18 @@
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "uhci_hcd" "hpsa" "mpt3sas" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/6b518d54-a144-42fe-b500-b6651038bbcc";
{ device = "/dev/disk/by-uuid/02aaca49-be45-42ad-ba44-6f5dbfe9032e";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D1A5-9B92";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/2d69abc2-3d44-481b-ada8-b436c2b9c8c2"; }
[ { device = "/dev/disk/by-uuid/40aff86f-c371-4f7f-ab62-5665c4f1c071"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -32,10 +27,11 @@
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

49
hosts/dandelion/default.nix
View file

@ -14,10 +14,9 @@
users.users.liv.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLdcB5JFWx6OK2BAr8J0wPHNhr2VP2/Ci6fv3a+DPfo liv@violet" # allow violet to log in over ssh to do back ups
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi8gt51xGRzLSqaNr1LKSdrJ0VHps8U8FME71YCrs6K liv@posy" # allow posy to log in over ssh to mount music folder
];
networking.hostName = "dandelion";
liv.server.enable = true;
nixpkgs.config.permittedInsecurePackages = [
@ -27,8 +26,34 @@
time.timeZone = "Europe/Amsterdam";
networking = {
hostName = "dandelion";
firewall = {
allowedTCPPorts = [
5201
];
allowedUDPPorts = [
5201
];
interfaces."ens4s1".allowedTCPPorts = [
# allow everything for local link
{
from = 1;
to = 65354;
}
];
interfaces."ens4s1".allowedUDPPorts = [
# allow everything for local link
{
from = 1;
to = 65354;
}
];
};
};
systemd.network.networks."99-local" = {
matchConfig.name = "ens3s1";
matchConfig.name = "ens4s1";
address = [
"192.168.1.100/24"
];
@ -60,10 +85,22 @@
trim.enable = true;
};
# boot.zfs.extraPools = [ "terrabite" ];
boot.zfs.extraPools = [
"spinners"
];
# fileSystems."/terrabite/main" = {
# device = "terrabite/main";
# fileSystems = {
# "/spinners/rootvol" = {
# device = "spinners/rootvol";
# fsType = "zfs";
# };
# "/spinners/ahwx" = {
# device = "spinners/ahwx";
# fsType = "zfs";
# };
# "/spinners/violet" = {
# device = "spinners/violet";
# fsType = "zfs";
# };
# };
}

15
hosts/desktop/default.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./../../modules/core
];
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
liv.desktop.enable = true;
liv.gui.enable = true;
}

49
hosts/hazel/default.nix Normal file
View file

@ -0,0 +1,49 @@
{
pkgs,
config,
lib,
inputs,
...
}:
{
imports = [
./hardware-configuration.nix
./disko.nix
./../../modules/core/default.server.nix
# ./../../modules/services/hazel.nix
];
networking.hostName = "hazel";
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
time.timeZone = lib.mkForce "Europe/Paris";
environment.systemPackages = with pkgs; [
kitty.terminfo
];
services = {
smartd = {
enable = true;
autodetect = true;
};
};
networking.firewall = {
allowedTCPPorts = [
9123
];
};
#boot = {
# loader.grub = {
# enable = true;
# device = "/dev/sda";
# useOSProber = true;
# };
#};
}

32
hosts/hazel/disko.nix Normal file
View file

@ -0,0 +1,32 @@
{ inputs, ... }:
{
imports = [
inputs.disko.nixosModules.disko
];
disko.devices = {
disk = {
sda = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
priority = 1;
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

45
hosts/hazel/hardware-configuration.nix Normal file
View file

@ -0,0 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"ehci_pci"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# fileSystems."/" = {
# device = "/dev/disk/by-uuid/864dfbec-81f0-460f-b970-27693a0ad0e6";
# fsType = "ext4";
# };
# fileSystems."/boot" = {
# device = "/dev/disk/by-uuid/E141-F5CE";
# fsType = "vfat";
# options = [
# "fmask=0077"
# "dmask=0077"
# ];
# };
# swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

3
hosts/ichiyo/default.nix
View file

@ -12,9 +12,6 @@
./../../modules/services/tailscale.nix
];
# Enable fancy boot animations
boot.plymouth.enable = true;
powerManagement = {
enable = true;
# powertop.enable = true;

68
hosts/iris/default.nix Normal file
View file

@ -0,0 +1,68 @@
{
inputs,
pkgs,
config,
lib,
...
}:
{
imports = [
./hardware-configuration.nix
./../../modules/core
# ./../../modules/home/nfs.nix
./../../modules/core/virtualization.nix
./../../modules/services/tailscale.nix
./../../modules/services/mpd.nix
];
powerManagement = {
enable = true;
# powertop.enable = true;
cpuFreqGovernor = lib.mkDefault "performance";
};
networking = {
hostName = "iris";
networkmanager.enable = true;
};
systemd.network.networks."99-local" = {
matchConfig.name = "enp68s0";
address = [
"192.168.1.100/24"
];
routes = [
{
Gateway = "172.16.10.1";
GatewayOnLink = false;
}
];
};
liv = {
desktop.enable = true;
creative.enable = true;
amdgpu.enable = true;
wine.enable = false; # use VM for this
gui.enable = true;
};
boot = {
kernelParams = [ ];
kernelModules = [ "acpi_call" ];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
systemd-boot.configurationLimit = 10;
};
extraModulePackages =
with config.boot.kernelPackages;
[
acpi_call
cpupower
v4l2loopback
]
++ [ pkgs.cpupower-gui ];
};
}

20
hosts/vm/hardware-configuration.nix → hosts/iris/hardware-configuration.nix
View file

@ -5,19 +5,27 @@
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/631775ef-6851-4fe7-997f-189372f87437";
{ device = "/dev/disk/by-uuid/6609be3d-2dda-4961-9247-6463349f196c";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-e8a36fde-6d6f-4650-b0dc-3152ef561c99".device = "/dev/disk/by-uuid/e8a36fde-6d6f-4650-b0dc-3152ef561c99";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1793-F35D";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -25,7 +33,11 @@
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.ens4f0.useDHCP = lib.mkDefault true;
# networking.interfaces.ens4f1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

41
hosts/posy/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, pkgs, lib, ... }:
{
imports = [
./../../modules/core/default.server.nix
./../../modules/services/mpd.nix
];
networking.hostName = "posy";
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [
pkgs.kitty.terminfo
];
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
services = {
smartd = {
enable = lib.mkForce false;
autodetect = lib.mkForce false;
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
};
hardware.enableRedistributableFirmware = true;
}

16
hosts/sakura/default.nix
View file

@ -12,6 +12,7 @@
./../../modules/core/virtualization.nix
./../../modules/services/tailscale.nix
./../../modules/services/mpd.nix
./../../modules/services/smart-monitoring.nix
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
];
@ -45,13 +46,17 @@
# Disable light sensors and accelerometers as they are not used and consume extra battery
hardware.sensor.iio.enable = lib.mkForce false;
networking.hostName = "sakura";
networking = {
hostName = "sakura";
# networkmanager.ethernet.macAddress = "13:37:6a:8a:ed:a4";
};
powerManagement = {
enable = true;
# powertop.enable = true;
cpuFreqGovernor = lib.mkDefault "ondemand";
};
# change battery led to blue on suspend to indicate device is in suspend mode
systemd.services."suspend-led-set" = {
description = "blue led for sleep";
@ -71,8 +76,11 @@
${pkgs.fw-ectool}/bin/ectool led battery auto
'';
};
systemd.sleep.extraConfig = ''
HibernateDelaySec=30m
'';
services.logind.lidSwitch = "suspend";
boot = {
plymouth.enable = true;
kernelParams = [
"mem_sleep_default=deep"
"acpi_osi=\"!Windows 2020\"" # otherwise GPU does weird shit that makes the computer look like the RAM is broken
@ -89,7 +97,11 @@
[
acpi_call
cpupower
v4l2loopback
]
++ [ pkgs.cpupower-gui ];
extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
};
}

25
hosts/violet/default.nix
View file

@ -22,7 +22,8 @@
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [
pkgs.kitty.terminfo
kitty.terminfo
cifs-utils
];
services = {
@ -33,6 +34,18 @@
xserver.videoDrivers = [ "nvidia" ];
};
networking.firewall = {
allowedTCPPorts = [
80
443
25565
5201
];
allowedUDPPorts = [
5201
];
};
liv.nvidia.enable = true;
boot = {
@ -50,4 +63,14 @@
]
++ [ pkgs.cpupower-gui ];
};
fileSystems."/mnt/nfs/violet" = {
device = "//172.16.10.130/spinners/violet"; # not ideal, should get the static IP from dandelion from a config attribute but whatever...
fsType = "cifs";
options = [
"x-systemd.automount"
"noauto"
"credentials=${config.sops.secrets.smbLoginDetails.path}"
];
};
}

36
hosts/vm/default.nix
View file

@ -1,36 +0,0 @@
{ pkgs, config, lib, ... }:
{
imports = [
./hardware-configuration.nix
./../../modules/core
];
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
# kvm/qemu doesn't use UEFI firmware mode by default.
# so we force-override the setting here
# and configure GRUB instead.
boot.loader = {
systemd-boot.enable = lib.mkForce false;
grub = {
enable = true;
device = "/dev/vda";
useOSProber = false;
};
};
# allow local remote access to make it easier to toy around with the system
services.openssh = {
enable = true;
ports = [22];
settings = {
# PasswordAuthentication = lib.mkOverride true;
AllowUsers = null;
# PermitRootLogin = "yes";
};
};
}

24
hosts/yoshino/default.nix
View file

@ -12,6 +12,7 @@
# ./../../modules/home/nfs.nix
./../../modules/core/virtualization.nix
./../../modules/services/tailscale.nix
./../../modules/services/mpd.nix
];
powerManagement = {
@ -20,6 +21,24 @@
cpuFreqGovernor = lib.mkDefault "performance";
};
networking = {
hostName = "yoshino";
networkmanager.enable = true;
};
systemd.network.networks."99-local" = {
matchConfig.name = "enp68s0";
address = [
"192.168.1.100/24"
];
routes = [
{
Gateway = "172.16.10.1";
GatewayOnLink = false;
}
];
};
liv = {
desktop.enable = true;
creative.enable = true;
@ -28,11 +47,6 @@
gui.enable = true;
};
networking = {
hostName = "yoshino";
networkmanager.enable = true;
};
boot = {
kernelParams = [ ];
kernelModules = [ "acpi_call" ];

61
hosts/zinnia/default.nix Normal file
View file

@ -0,0 +1,61 @@
{
lib,
config,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./../../modules/core
./../../modules/services/tailscale.nix
./../../modules/services/mpd.nix
];
liv = {
laptop.enable = true;
gui.enable = true;
desktop.enable = false;
creative.enable = false;
amdgpu.enable = false;
};
services = {
vnstat.enable = true;
};
networking.hostName = "zinnia";
powerManagement = {
enable = true;
powertop.enable = true;
cpuFreqGovernor = lib.mkDefault "ondemand";
};
boot.initrd.luks.devices."luks-59aff546-c2c2-4697-a5f2-40a12f259f5a".device =
"/dev/disk/by-uuid/59aff546-c2c2-4697-a5f2-40a12f259f5a";
boot = {
kernelParams = [
"mem_sleep_default=deep"
];
kernelModules = [ "acpi_call" ];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
systemd-boot.configurationLimit = 10;
};
extraModulePackages =
with config.boot.kernelPackages;
[
acpi_call
cpupower
]
++ [ pkgs.cpupower-gui ];
};
time.timeZone = "Europe/Amsterdam";
nixpkgs.config.allowUnfree = true;
}

45
hosts/zinnia/hardware-configuration.nix Normal file
View file

@ -0,0 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/hardware/network/broadcom-43xx.nix")
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/c9f69c59-2014-41de-b169-53c38c7d9f15";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-ad0e2f90-490d-4a2b-8484-8d18bc9bdff5".device = "/dev/disk/by-uuid/ad0e2f90-490d-4a2b-8484-8d18bc9bdff5";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0AEC-87AF";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/18a2707c-9fe0-4dc4-a15f-6908cc34f26e"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wwp0s20f0u2c2.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

2
modules/core/default.nix
View file

@ -9,6 +9,7 @@
++ [ (import ./network.nix) ]
++ [ (import ./pipewire.nix) ]
++ [ (import ./program.nix) ]
++ [ (import ./plymouth.nix) ]
++ [ (import ./sshd.nix) ]
++ [ (import ./security.nix) ]
++ [ (import ./services.nix) ]
@ -16,6 +17,5 @@
++ [ (import ./user.nix) ]
++ [ (import ./bluetooth.nix) ]
++ [ (import ./yubikey.nix) ]
# ++ [ (import ./steam.nix) ]
++ [ (import ./wayland.nix) ];
}

20
modules/core/network.nix
View file

@ -1,20 +1,16 @@
{ pkgs, ... }:
{ pkgs, lib, ... }:
{
networking = {
networkmanager.enable = true;
networkmanager = {
enable = true;
wifi.macAddress = "stable-ssid";
};
nameservers = [ "9.9.9.9" ];
firewall = {
enable = true;
# allowedTCPPorts = [ 22 80 443 59010 59011 ];
# allowedUDPPorts = [ 59010 59011 ];
# allowedUDPPortRanges = [
# { from = 4000; to = 4007; }
# { from = 8000; to = 8010; }
# ];
};
};
# environment.systemPackages = with pkgs; [
# networkmanagerapplet
# ];
services = {
avahi.enable = lib.mkDefault false;
};
}

40
modules/core/plymouth.nix Normal file
View file

@ -0,0 +1,40 @@
{
pkgs,
lib,
...
}:
{
# TODO: add https://github.com/FraioVeio/plymouth-xp-theme
boot = {
plymouth = {
enable = lib.mkDefault true;
theme = "lone";
themePackages = with pkgs; [
# By default we would install all themes
(adi1090x-plymouth-themes.override {
selected_themes = [ "lone" ];
# selected_themes = [ "sliced" ];
# selected_themes = [ "rings" ];
# selected_themes = [ "red_loader" ];
# selected_themes = [ "dna" ];
# selected_themes = [ "hexagon_dots" ];
})
];
};
# Enable "Silent boot"
consoleLogLevel = 3;
initrd.verbose = false;
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
# Hide the OS choice for bootloaders.
# It's still possible to open the bootloader list by pressing any key
# It will just not appear on screen unless a key is pressed
loader.timeout = 1;
};
}

3
modules/core/program.nix
View file

@ -1,4 +1,4 @@
{ pkgs, agenix, ... }:
{ pkgs, ... }:
{
programs = {
dconf.enable = true;
@ -15,6 +15,5 @@
git
dig
traceroute
# agenix.packages.x86_64-linux.default
];
}

10
modules/core/security.nix
View file

@ -8,9 +8,17 @@
security = {
rtkit.enable = true;
pam.services.swaylock = { };
auditd.enable = true;
audit = {
enable = true;
rules = [
"-a exit,always -F arch=b64 -S execve"
];
};
sudo = {
enable = true;
execWheelOnly = true;
extraRules = [
{
groups = [ "wheel" ];
@ -20,7 +28,7 @@
options = [ "NOPASSWD" ];
}
{
command = "/home/liv/.local/src/framework-system/target/debug/framework_tool";
command = "/run/current-system/sw/bin/framework_tool --privacy";
options = [ "NOPASSWD" ];
}
];

2
modules/core/services.nix
View file

@ -9,5 +9,5 @@
'';
# To prevent getting stuck at shutdown.
systemd.extraConfig = "DefaultTimeoutStopSec=10s";
# systemd.extraConfig = "DefaultTimeoutStopSec=10s"; # Deprecated now
}

46
modules/core/sops.nix Normal file
View file

@ -0,0 +1,46 @@
{
pkgs,
inputs,
username,
host,
config,
...
}:
{
imports = [ inputs.sops-nix.nixosModules.sops ];
sops = {
defaultSopsFile = ../../secrets/${host}/secrets.yaml;
defaultSopsFormat = "yaml";
age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
secrets =
if (host == "violet") then
{
"systemMailerPassword" = { };
"forgejoWorkerSecret" = { };
"minioRootCredentials" = { };
"matrixRegistrationSecret" = {
owner = "matrix-synapse";
};
"smbLoginDetails" = { };
}
else if (host == "sakura") then
{
"systemMailerPassword" = { };
"dandelionSyncthingId" = { };
"sakuraSyncthingId" = { };
}
else if (host == "dandelion") then
{
"systemMailerPassword" = { };
"dandelionSyncthingId" = { };
"sakuraSyncthingId" = { };
}
else
{ };
};
environment.systemPackages = with pkgs; [
sops
];
}

9
modules/core/sshd.nix
View file

@ -14,9 +14,12 @@
networking.firewall.allowedTCPPorts = config.services.openssh.ports;
users.users.liv.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXi00z/rxVrWLKgYr+tWIsbHsSQO75hUMSTThNm5wUw liv@sakura" # main laptop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # main phone
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv2zxCy22KU1tZOH2hA1p8fWVpOSrTYF68+3E5r330O liv@ichiyo" # 2nd laptop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXi00z/rxVrWLKgYr+tWIsbHsSQO75hUMSTThNm5wUw liv@sakura" # sakura
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv2zxCy22KU1tZOH2hA1p8fWVpOSrTYF68+3E5r330O liv@ichiyo" # ichiyo
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDltZ7vfyrLrl32TIWCC3iUx40TrCtIz6Ssi/SZvikg liv@zinnia" # zinnia
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQtG69zrMFsoHForwZEi66y1tPvctqg1OgjQFrF3OI+ liv@iris" # iris
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mHVQp99G0osUAtnVoq5TARR8x5wjCkdbe7ChnzLRa liv@azalea" # linux phone
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # xz1c
];
}

9
modules/core/steam.nix
View file

@ -1,9 +0,0 @@
{ ... }:
{
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
}

37
modules/core/system.nix
View file

@ -1,12 +1,21 @@
{ self, pkgs, lib, inputs, ...}:
{
# imports = [ inputs.nix-gaming.nixosModules.default ];
self,
pkgs,
lib,
inputs,
...
}:
{
nix = {
settings = {
allowed-users = [ "@wheel" ];
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" ];
substituters = [ "https://nix-gaming.cachix.org" ];
trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ];
experimental-features = [
"nix-command"
"flakes"
];
# substituters = [ "http://violet.booping.local" ];
# trusted-public-keys = [ "violet.booping.local:2gshN3xfGSL7eKFc8tGkqSoIb3WQxuB2RJ8DuakLLqc=%" ];
};
gc = {
automatic = true;
@ -15,18 +24,24 @@
};
};
# nixpkgs = {
# overlays = [
# self.overlays.default
programs.nix-ld = {
enable = true;
libraries = with pkgs; [ ];
};
nixpkgs = {
overlays = [
self.overlays.default
# inputs.nur.overlay
# ];
# };
];
};
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
"libsoup-2.74.3"
];
overlays = [
self.overlays.default
@ -49,6 +64,6 @@
ipaexfont
];
time.timeZone = "Europe/Amsterdam";
time.timeZone = lib.mkDefault "Europe/Amsterdam";
system.stateVersion = "24.05";
}

16
modules/core/user.nix
View file

@ -10,6 +10,7 @@
imports =
[ inputs.home-manager.nixosModules.home-manager ]
++ [ ./../../roles/default.nix ]
++ [ ./sops.nix ]
++ [ ./../../variables.nix ];
home-manager = {
useUserPackages = true;
@ -17,14 +18,18 @@
extraSpecialArgs = { inherit inputs username host; };
users.${username} = {
imports =
if (host == "desktop") then
[ ./../home/default.desktop.nix ]
else if (host == "violet") then
if (host == "violet") then
[ ./../home/default.server.nix ]
else if (host == "dandelion") then
[ ./../home/default.server.nix ]
else if (host == "lily") then
[ ./../home/default.server.nix ]
else if (host == "posy") then
[ ./../home/default.server.nix ]
else if (host == "hazel") then
[ ./../home/default.server.nix ]
else if (host == "daisy") then
[ ./../home/default.server.nix ]
# else if (host == "yoshino") then
# [ ./../home/default.nix ]
else
@ -40,8 +45,6 @@
fonts.fontconfig.antialias = false;
users.groups.gay = { };
users.users.${username} = {
isNormalUser = true;
description = "${username}";
@ -50,10 +53,11 @@
"wheel"
"docker"
"input"
"gay"
"dialout"
"wheel"
];
shell = pkgs.zsh;
initialPassword = "temporary-password";
};
nix.settings.allowed-users = [ "${username}" ];
}

16
modules/core/virtualization.nix
View file

@ -1,9 +1,19 @@
{ pkgs, ... }:
{ pkgs, host, ... }:
{
virtualisation = {
# vmware.host.enable = true; # Causes issues for now :p
waydroid.enable = true;
libvirtd.enable = true;
waydroid.enable = if (host == "sakura") then true else false;
libvirtd.enable =
if (host == "violet") then
true
else if (host == "sakura") then
true
else if (host == "yoshino") then
true
else if (host == "iris") then
true
else
false;
spiceUSBRedirection.enable = true;
};

5
modules/home/agenix.nix
View file

@ -1,5 +0,0 @@
{ config, pkgs, lib, inputs, ... }:{
environment.systemPackages = [
inputs.agenix.packages."${system}".default
];
}

5
modules/home/default.desktop.nix
View file

@ -1,5 +0,0 @@
{ ...}: {
imports =
[(import ./default.nix)]
++ [ (import ./steam.nix) ];
}

10
modules/home/gaming.nix
View file

@ -1,10 +0,0 @@
{ pkgs, config, inputs, ... }:
{
home.packages = with pkgs;[
## Utils
# gamemode
# gamescope
# winetricks
# inputs.nix-gaming.packages.${pkgs.system}.wine-ge
];
}

34
modules/home/hyprland/config.nix
View file

@ -1,4 +1,9 @@
{ pkgs, ... }:
{
pkgs,
host,
username,
...
}:
{
fonts.fontconfig.enable = true;
home.packages = [
@ -8,6 +13,7 @@
pkgs.noto-fonts-emoji
pkgs.swww
pkgs.swaylock
pkgs.pywal16
];
gtk = {
@ -58,7 +64,13 @@
source = "~/nixos-config/modules/home/hyprland/displays.conf";
"debug:disable_scale_checks" = true;
monitor = "eDP-1, 2256x1504@60, 0x0, 1.5";
monitor =
if (host == "sakura") then
"eDP-1, 2256x1504@60, 0x0, 1.5"
else if (host == "zinnia") then
"eDP-1, 1920x1080@60, 0x0, 1.0"
else
", preferred, auto, 1";
# autostart
exec-once = [
@ -207,7 +219,7 @@
"$mainMod, F, fullscreen, 0" # set 1 to 0 to set full screen without waybar
"$mainMod, Space, togglefloating,"
"$mainMod, D, exec, bemenu-run -l 5 --ignorecase"
"SUPER SHIFT, L, exec, hyprlock"
"SUPER SHIFT, L, exec, swaylock --image /home/${username}/.local/share/bg.png"
"$mainMod, E, exec, thunar"
"$mainMod SHIFT, B, exec, pkill -SIGUSR1 .waybar-wrapped"
"$mainMod, C,exec, hyprpicker -a"
@ -376,6 +388,22 @@
xwayland {
force_zero_scaling = true
}
plugin {
hyprbars {
bar_height = 38
bar_color = rgb(1e1e1e)
col.text = $foreground
bar_text_size = 12
bar_text_font = GohuFont 11 Nerd Font Propo
bar_button_padding = 12
bar_padding = 10
bar_precedence_over_border = true
hyprbars-button = $color1, 20, , hyprctl dispatch killactive
hyprbars-button = $color3, 20, , hyprctl dispatch fullscreen 2
hyprbars-button = $color4, 20, , hyprctl dispatch togglefloating
}
}
";
};
}

4
modules/home/hyprland/hyprland.nix
View file

@ -22,8 +22,8 @@
# enableNvidiaPatches = false;
systemd.enable = true;
plugins = [
# inputs.Hyprspace.packages.${pkgs.system}.Hyprspace
# inputs.Hyswipe.packages.${pkgs.system}.Hyswipe
pkgs.hyprlandPlugins.hyprbars
# pkgs.hyprlandPlugins.hyprspace # causes hyprland to crash on 4-finger swipe; great software
];
};
}

101
modules/home/kitty.nix
View file

@ -3,7 +3,7 @@
programs.kitty = {
enable = true;
theme = "3024 Night";
# theme = "3024 Night";
font = {
name = "GohuFont 14 Nerd Font Mono";
@ -12,7 +12,7 @@
settings = {
confirm_os_window_close = 0;
background_opacity = "0.75";
background_opacity = "0.50";
window_padding_width = 10;
scrollback_lines = 10000;
enable_audio_bell = false;
@ -35,5 +35,102 @@
"ctrl+shift+left" = "no_op";
"ctrl+shift+right" = "no_op";
};
extraConfig = ''
# vim:ft=kitty
## name: Base2Tone Suburb Dark
## author: Bram de Haan (https://github.com/atelierbram)
## license: MIT
## upstream: https://github.com/atelierbram/Base2Tone-kitty/blob/main/themes/base2tone-suburb-dark.conf
## blurb: duotone theme | warm blue - bright pink
#: The basic colors
foreground #878ba6
# background #1e202f
selection_foreground #878ba6
selection_background #292c3d
#: Cursor colors
cursor #d14781
cursor_text_color #1e202f
#: URL underline color when hovering with mouse
url_color #d2d8fe
#: kitty window border colors and terminal bell colors
active_border_color #444864
inactive_border_color #1e202f
bell_border_color #5165e6
visual_bell_color none
#: OS Window titlebar colors
wayland_titlebar_color #292c3d
macos_titlebar_color #292c3d
#: Tab bar colors
active_tab_foreground #fbf9fa
active_tab_background #1e202f
inactive_tab_foreground #b0a6aa
inactive_tab_background #292c3d
tab_bar_background #292c3d
tab_bar_margin_color none
#: Colors for marks (marked text in the terminal)
mark1_foreground #1e202f
mark1_background #6375ee
mark2_foreground #1e202f
mark2_background #8d8186
mark3_foreground #1e202f
mark3_background #e44e8c
#: The basic 16 colors
#: black
color0 #1e202f
color8 #4f5472
#: red
color1 #7586f5
color9 #fe81b5
#: green
color2 #fb6fa9
color10 #292c3d
#: yellow
color3 #ffb3d2
color11 #444864
#: blue
color4 #8696fd
color12 #5b6080
#: magenta
color5 #fb6fa9
color13 #d2d8fe
#: cyan
color6 #a0acfe
color14 #f764a1
#: white
color7 #878ba6
color15 #ebedff
'';
};
}

40
modules/home/packages.nix
View file

@ -1,4 +1,10 @@
{ inputs, pkgs, ... }:
{
inputs,
lib,
pkgs,
config,
...
}:
{
home.packages = with pkgs; [
# Environment shit
@ -48,7 +54,6 @@
gitleaks
ripgrep
yt-dlp
spotify-player
nodejs_22
yarn
cargo
@ -57,31 +62,18 @@
reader
nmap
speedtest-go
delta
powertop
android-tools
sshpass
net-tools
nmap
# GUI shit
element-desktop
gajim
signal-desktop
anki-bin
obs-studio
wdisplays
librewolf # main
ungoogled-chromium # for things that don't work with librewolf
nsxiv
imv
libreoffice
xfce.thunar
spotify
thunderbird
lxqt.pavucontrol-qt
mpv
plasma5Packages.kdeconnect-kde
# Gaming
lunar-client
# Install pip packages
# python3
# python3Packages.pip
# (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet.
# pip install --user --break-system-packages <package>
# '')
inputs.alejandra.defaultPackage.${system}
inputs.nixvim.packages.${pkgs.system}.default

1
modules/home/scripts/scripts/setbg
View file

@ -1,4 +1,5 @@
#!/usr/bin/env bash
magick convert "$1" ~/.local/share/bg.png
wal -i "$1"
swww img ~/.local/share/bg.png --transition-type fade

8
modules/home/scripts/scripts/unfuck.sh
View file

@ -26,7 +26,9 @@ unfuck_wallpaper() {
}
unfuck_fingerprint() {
systemctl restart fprintd.service
notify-send "Touch sensor or use YubiKey." "Sleeping for 10 seconds."
sleep 10
sudo systemctl restart fprintd.service
}
unfuck_bar() {
@ -37,6 +39,8 @@ unfuck_bar() {
unfuck_networkmanager() {
# sudo modprobe -r iwlwifi
# sudo modprobe iwlwifi
notify-send "Touch sensor or use YubiKey." "Sleeping for 10 seconds."
sleep 10
sudo systemctl restart NetworkManager
}
@ -58,6 +62,8 @@ unfuck_audio() {
devices+=("$device")
done
systemctl --user restart wireplumber pipewire pipewire-pulse bluetooth
rfkill block bluetooth
rfkill unblock bluetooth
bluetoothctl power off
bluetoothctl power on
for device in ${devices[*]}; do

20
modules/home/steam.nix
View file

@ -1,20 +0,0 @@
{ pkgs, lib, ... }:
{
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = false;
};
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"steam"
"steam-original"
"steam-runtime"
];
# proton-ge-bin
# warning: The package proton-ge in nix-gaming has been deprecated as of 2024-03-17.
# You should use proton-ge-bin from Nixpkgs, which conforms to
# the new `extraCompatTools` module option under `programs.steam`
# For details, see the relevant pull request:
}

534
modules/home/swaync/default.nix
View file

@ -1,381 +1,233 @@
{ pkgs, username, ... }:
{
home = {
packages = with pkgs; [ swaynotificationcenter ];
packages = with pkgs; [
swaynotificationcenter
wlogout
];
file."/home/${username}/.config/swaync/config.json".text = ''
{
"$schema": "/etc/xdg/swaync/configSchema.json",
"positionX": "right",
"positionY": "top",
"layer": "overlay",
"layer-shell": "true",
"cssPriority": "application",
"control-center-margin-top": 10,
"control-center-margin-bottom": 10,
"control-center-margin-right": 10,
"control-center-margin-left": 10,
"notification-icon-size": 64,
"notification-body-image-height": 128,
"layer-shell": true,
"cssPriority": "user",
"control-center-width": 380,
"control-center-height": 860,
"control-center-margin-top": 8,
"control-center-margin-bottom": 8,
"control-center-margin-right": 8,
"control-center-margin-left": 8,
"notification-window-width": 400,
"notification-icon-size": 48,
"notification-body-image-height": 160,
"notification-body-image-width": 200,
"timeout": 10,
"timeout-low": 5,
"timeout-critical": 0,
"fit-to-screen": true,
"control-center-width": 400,
"control-center-height": 650,
"notification-window-width": 350,
"keyboard-shortcuts": true,
"image-visibility": "when-available",
"transition-time": 200,
"hide-on-clear": false,
"hide-on-action": true,
"script-fail-notify": true,
"widgets": [
"title",
"dnd",
"notifications"
],
"widgets": ["buttons-grid", "title", "dnd", "notifications", "mpris"],
"widget-config": {
"title": {
"text": "Notifications",
"clear-all-button": true,
"button-text": " Clear all "
"button-text": "Clear All"
},
"dnd": {
"text": " Do not disturb"
"text": "Do Not Disturb"
},
"label": {
"max-lines": 1,
"text": " "
},
"mpris": {
"image-size": 60,
"image-radius": 12
},
"buttons-grid": {
"actions": [
{
"label": " ",
"command": "kitty -e nmtui-connect"
},
{
"label": "󰂯",
"command": "waybar-bluetooth toggle"
},
{
"label": "󰏘",
"command": "kitty -e walp"
},
{
"label": "",
"command": "wlogout"
}
]
}
}
}
'';
file = {
"/home/${username}/.config/swaync/style.css".text = ''
file."/home/${username}/.config/swaync/style.css".text = ''
@import "../../.cache/wal/colors-waybar.css";
@define-color text @foreground;
@define-color bg @color1;
@define-color selected @color6;
@define-color hover alpha(@selected, .4);
* {
all: unset;
font-size: 14px;
font-family: "GohuFont 14 Nerd Font Mono";
outline: none;
transition: 200ms;
padding: 1px;
background: transparent;
}
trough highlight {
background: #cdd6f4;
.notification-row {
outline: none;
margin: 0;
padding: 0px;
}
scale trough {
margin: 0rem 1rem;
background-color: #313244;
min-height: 8px;
min-width: 70px;
.notification-row .notification-background .close-button {
/* The notification Close Button */
background: transparent;
color: @text;
text-shadow: none;
box-shadow: none;
margin-top: 2px;
margin-right: 2px;
padding: 0;
border: none;
border-radius: 100%;
min-width: 24px;
min-height: 24px;
}
slider {
background-color: #89b4fa;
.notification-row .notification-background .close-button:hover {
box-shadow: none;
background: transparent;
transition: background 0.15s ease-in-out;
border: 0px;
}
.notification-row .notification-background .notification {
/* The actual notification */
background: transparent;
}
.notification-group .notification-group-headers {
/* Notficiation Group Headers */
margin-top: 10px;
margin-bottom: 10px;
}
.notification-group .notification-group-headers .notification-group-header {
font-size: 20px;
margin-left: 3px;
}
.notification-group.collapsed .notification-row .notification {
background: alpha(@background, 0.55);
}
.control-center {
/* The Control Center which contains the old notifications + widgets */
margin: 18px;
padding: 14px;
box-shadow: 0px 2px 5px black;
background: alpha(@background, 0.55);
border: 2px solid @selected;
}
.control-center-clear-all {
/* Clear All button */
background: transparent;
padding: 5px;
}
.control-center-clear-all:hover {
background: @hover;
}
.control-center-clear-all:active {
background: @selected;
}
/*** Widgets ***/
/* Title widget */
.widget-title {
background: transparent;
margin-top: 15px;
margin-left: 15px;
margin-right: 15px;
}
/* Do Not Disturb widget */
.widget-dnd {
background: transparent;
margin-left: 15px;
margin-right: 15px;
}
.widget-dnd > switch {
background: @bg;
font-size: initial;
border-radius: 12px;
box-shadow: none;
padding: 2px;
}
/* Media Player widget */
@define-color mpris-album-art-overlay rgba(0, 0, 0, 0.55);
@define-color mpris-button-hover rgba(0, 0, 0, 0.50);
.widget-mpris {
}
.widget-mpris .widget-mpris-player {
padding: 10px;
margin: 8px 15px;
/* background-color: @mpris-album-art-overlay; */
box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.75);
border: 2px;
}
.widget-mpris .widget-mpris-player .widget-mpris-title {
font-size: 16px;
}
.widget-mpris .widget-mpris-player .widget-mpris-subtitle {
font-size: 14px;
}
/* Buttons widget */
.widget-buttons-grid {
/* background-color: alpha(@color2, 0.5); */
}
.widget-buttons-grid > flowbox > flowboxchild > button {
/* background: alpha(@color2, 0.5); */
/* border-radius: 12px; */
min-width: 45px;
}
.control-center .notification-row .notification-background .notification {
padding: 10px;
}
.floating-notifications.background .notification-row .notification-background .close-button {
margin: 10px;
padding: 2px;
}
.floating-notifications.background .notification-row .notification-background {
box-shadow: 0 0 8px 0 rgba(0, 0, 0, 0.8), inset 0 0 0 1px #313244;
margin: 18px;
background-color: #000000;
color: #cdd6f4;
padding: 0;
}
.floating-notifications.background .notification-row .notification-background .notification {
padding: 7px;
}
.floating-notifications.background .notification-row .notification-background .notification.critical {
box-shadow: inset 0 0 7px 0 #f38ba8;
}
.floating-notifications.background .notification-row .notification-background .notification .notification-content {
margin: 7px;
}
.floating-notifications.background .notification-row .notification-background .notification .notification-content .summary {
color: #cdd6f4;
}
.floating-notifications.background .notification-row .notification-background .notification .notification-content .time {
color: #a6adc8;
}
.floating-notifications.background .notification-row .notification-background .notification .notification-content .body {
color: #cdd6f4;
}
.floating-notifications.background .notification-row .notification-background .notification > *:last-child > * {
min-height: 3.4em;
}
.floating-notifications.background .notification-row .notification-background .notification > *:last-child > * .notification-action {
color: #cdd6f4;
background-color: #000000;
box-shadow: inset 0 0 0 1px #45475a;
margin: 7px;
}
.floating-notifications.background .notification-row .notification-background .notification > *:last-child > * .notification-action:hover {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #000000;
color: #cdd6f4;
}
.floating-notifications.background .notification-row .notification-background .notification > *:last-child > * .notification-action:active {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #000000;
color: #cdd6f4;
}
.floating-notifications.background .notification-row .notification-background .close-button {
margin: 7px;
padding: 2px;
color: #1e1e2e;
background-color: #000000;
}
.floating-notifications.background .notification-row .notification-background .close-button:hover {
background-color: #000000;
color: #1e1e2e;
}
.floating-notifications.background .notification-row .notification-background .close-button:active {
background-color: #000000;
color: #1e1e2e;
}
.control-center {
box-shadow: 0 0 8px 0 rgba(0, 0, 0, 0.8), inset 0 0 0 1px #313244;
margin: 18px;
background-color: #000000;
color: #cdd6f4;
padding: 14px;
}
.control-center .widget-title > label {
color: #cdd6f4;
font-size: 1.3em;
}
.control-center .widget-title button {
color: #cdd6f4;
background-color: #313244;
box-shadow: inset 0 0 0 1px #45475a;
padding: 8px;
}
.control-center .widget-title button:hover {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #585b70;
color: #cdd6f4;
}
.control-center .widget-title button:active {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #74c7ec;
color: #1e1e2e;
}
.control-center .notification-row .notification-background {
color: #cdd6f4;
background-color: #313244;
box-shadow: inset 0 0 0 1px #45475a;
margin-top: 14px;
}
.control-center .notification-row .notification-background .notification {
padding: 7px;
}
.control-center .notification-row .notification-background .notification.critical {
box-shadow: inset 0 0 7px 0 #f38ba8;
}
.control-center .notification-row .notification-background .notification .notification-content {
margin: 7px;
}
.control-center .notification-row .notification-background .notification .notification-content .summary {
color: #cdd6f4;
}
.control-center .notification-row .notification-background .notification .notification-content .time {
color: #a6adc8;
}
.control-center .notification-row .notification-background .notification .notification-content .body {
color: #cdd6f4;
}
.control-center .notification-row .notification-background .notification > *:last-child > * {
min-height: 3.4em;
}
.control-center .notification-row .notification-background .notification > *:last-child > * .notification-action {
color: #cdd6f4;
background-color: #11111b;
box-shadow: inset 0 0 0 1px #45475a;
margin: 7px;
}
.control-center .notification-row .notification-background .notification > *:last-child > * .notification-action:hover {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #313244;
color: #cdd6f4;
}
.control-center .notification-row .notification-background .notification > *:last-child > * .notification-action:active {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #74c7ec;
color: #cdd6f4;
}
.control-center .notification-row .notification-background .close-button {
margin: 7px;
padding: 2px;
color: #1e1e2e;
background-color: #eba0ac;
}
.close-button {
}
.control-center .notification-row .notification-background .close-button:hover {
background-color: #f38ba8;
color: #1e1e2e;
}
.control-center .notification-row .notification-background .close-button:active {
background-color: #f38ba8;
color: #1e1e2e;
}
.control-center .notification-row .notification-background:hover {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #7f849c;
color: #cdd6f4;
}
.control-center .notification-row .notification-background:active {
box-shadow: inset 0 0 0 1px #45475a;
background-color: #74c7ec;
color: #cdd6f4;
}
.notification.critical progress {
background-color: #f38ba8;
}
.notification.low progress,
.notification.normal progress {
background-color: #89b4fa;
}
.control-center-dnd {
margin-top: 5px;
background: #313244;
border: 1px solid #45475a;
box-shadow: none;
}
.control-center-dnd:checked {
background: #313244;
}
.control-center-dnd slider {
background: #45475a;
}
.widget-dnd {
margin: 0px;
font-size: 1.1rem;
}
.widget-dnd > switch {
font-size: initial;
background: #313244;
border: 1px solid #45475a;
box-shadow: none;
}
.widget-dnd > switch:checked {
background: #313244;
}
.widget-dnd > switch slider {
background: #45475a;
border: 1px solid #6c7086;
}
.widget-mpris .widget-mpris-player {
background: #313244;
padding: 7px;
}
.widget-mpris .widget-mpris-title {
font-size: 1.2rem;
}
.widget-mpris .widget-mpris-subtitle {
font-size: 0.8rem;
}
.widget-menubar > box > .menu-button-bar > button > label {
font-size: 3rem;
padding: 0.5rem 2rem;
}
.widget-menubar > box > .menu-button-bar > :last-child {
color: #f38ba8;
}
.power-buttons button:hover,
.powermode-buttons button:hover,
.screenshot-buttons button:hover {
background: #313244;
}
.control-center .widget-label > label {
color: #cdd6f4;
font-size: 2rem;
}
.widget-buttons-grid {
padding-top: 1rem;
}
.widget-buttons-grid > flowbox > flowboxchild > button label {
font-size: 2.5rem;
}
.widget-volume {
padding-top: 1rem;
}
.widget-volume label {
font-size: 1.5rem;
color: #74c7ec;
}
.widget-volume trough highlight {
background: #74c7ec;
}
.widget-backlight trough highlight {
background: #f9e2af;
}
.widget-backlight scale {
margin-right: 1rem;
}
.widget-backlight label {
font-size: 1.5rem;
color: #f9e2af;
}
.widget-backlight .KB {
padding-bottom: 1rem;
}
'';
};
};
}

16
modules/home/waybar/default.nix
View file

@ -23,8 +23,8 @@
"/home/${username}/.config/waybar/config" = {
text = ''
[{
"layer": "top",
"position": "top",
"layer": "bottom",
"position": "bottom",
"modules-left": [
"privacy",
@ -85,7 +85,7 @@
"network": {
"format": "󰈀 {ifname}",
"format-wifi": " {ipaddr}/{cidr} <span color='#aaaaaa'>{signalStrength}%</span>",
"format-wifi": " {essid} - {ipaddr}/{cidr} <span color='#aaaaaa'>{signalStrength}%</span>",
"format-ethernet": "󰈀 {ipaddr}/{cidr}",
"format-disconnected": "󰈂",
"tooltip-format": "{ifname} via {gwaddr}",
@ -316,7 +316,7 @@
"group/clock": {
"orientation": "horizontal",
"modules": [ "custom/clock#minutes", "clock#time", "clock#date" ],
"modules": [ "clock#time", "custom/clock#minutes", "clock#date" ],
"drawer": {
"transition-left-to-right": false,
"transition-duration": 500
@ -349,7 +349,7 @@
"clock#time": {
"interval": 60,
"format": " {:%I:%M %p}",
"format": " <span color='#aaaaaa'>{:%I:%M %p}</span>",
"actions": {
"on-scroll-up": "tz_up",
"on-scroll-down": "tz_down"
@ -377,9 +377,9 @@
/* margin: 0 0px; */
}
window#waybar.top {
window#waybar.bottom {
/* background-color: rgba(115, 116, 116, 0.22); */
background-color: rgba(0, 0, 0, 0.75);
background-color: rgba(0, 0, 0, 0.25);
border-bottom: none;
color: #eeeeee;
transition-property: background-color;
@ -387,7 +387,7 @@
}
window#waybar.hidden {
opacity: 0.5;
opacity: 0.25;
}
label#window {

4
modules/home/waybar/scripts.nix
View file

@ -187,8 +187,8 @@
LTEXT="󰛧 "
fi
MICROPHONE_STATE="$(sudo /home/liv/.local/src/framework-system/target/debug/framework_tool --privacy | tail -n2 | head -n1)"
CAMERA_STATE="$(sudo /home/liv/.local/src/framework-system/target/debug/framework_tool --privacy | tail -n1)"
MICROPHONE_STATE="$(sudo framework_tool --privacy | tail -n2 | head -n1)"
CAMERA_STATE="$(sudo framework_tool --privacy | tail -n1)"
if [[ "$(echo $MICROPHONE_STATE | grep 'Microphone: Connected')" ]]; then
MIC=1

99
modules/home/zsh.nix
View file

@ -3,6 +3,7 @@
config,
pkgs,
host,
lib,
...
}:
{
@ -11,6 +12,21 @@
enable = true;
autocd = true;
autosuggestion.enable = true;
#syntaxHighlighting = {
# enable = true;
# highlighters = [
# "main"
# "brackets"
# "pattern"
# "regexp"
# "cursor"
# "root"
# "line"
# ];
#};
defaultKeymap = "viins";
enableCompletion = true;
# enableGlobalCompInit = true; # Should be a thing according to NixOS options but is not a thing?
@ -27,13 +43,16 @@
SYSTEMD_LESS = "FRXMK"; # Fix weird sideways scrolling in systemctl status ...
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#808080";
ZSH_AUTOSUGGEST_USE_ASYNC = 1;
HISTSIZE = 100000;
SAVEHIST = 100000;
HISTSIZE = 10000000;
SAVEHIST = 10000000;
HISTFILE = "~/.zsh_history";
HISTORY_SUBSTRING_SEARCH_ENSURE_UNIQUE = 1;
KEYTIMEOUT = 1; # make Vi-mode transitions faster
};
initContent = ''
export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/"
autoload -U add-zsh-hook
autoload -U compinit
zmodload zsh/complist
@ -109,7 +128,38 @@
printf "%s\n" "''${url}"
}
export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/"
function nixcd () {
PACKAGE_NAME="$1"
if [[ "$PACKAGE_NAME" = "" ]]; then
echo "Usage: nixcd <package name>"
fi
PKGINSTORE="$(NIXPKGS_ALLOW_UNFREE=1 nix path-info nixpkgs#$PACKAGE_NAME --impure)"
if [[ -d "$PKGINSTORE" ]]; then
cd $PKGINSTORE
else
echo "Could not find path for package: $PKGINSTORE"
return 1
fi
}
# Enter a 'nix shell' with packages selected by fzf
source ${pkgs.nix-search-fzf.zsh-shell-widget}/bin/nix-search-fzf-shell-widget
zle -N nix-search-fzf-shell-widget
bindkey '^O' nix-search-fzf-shell-widget
# Use fzf as a history widget
zle -N fzf-history-widget
bindkey '^R' fzf-history-widget
bindkey -M viins '^R' fzf-history-widget
bindkey -M vicmd '^R' fzf-history-widget
# Use fzf as a cd completion widget
zle -N fzf-cd-widget
bindkey '^G' fzf-cd-widget
# Use fzf as a file completion widget
zle -N fzf-file-widget
bindkey '^F' fzf-file-widget
# if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then
# alias imv="sxiv"
@ -133,9 +183,9 @@
gcm = "git commit -m";
gph = "git push -u origin main";
g = "git";
gp = "git pull";
calc = "eva";
wikipedia = "wikit";
wiki = "wikit";
};
};
@ -170,12 +220,19 @@
yt-dlp-audio = "yt-dlp -f 'ba' -x --audio-format mp3";
open = "xdg-open";
tree = "eza --icons --tree --group-directories-first";
# nvim = "nix run /home/liv/Development/nixvim --";
vim = "nvim";
doas = "sudo";
sxiv = "nsxiv";
enby = "man";
woman = "man";
mkcd = "mkdir $1 && cd $1";
du = "dust";
cp = "cp -i -v";
mv = "mv -i -v";
rm = "rm -i -v";
cat = "${lib.getExe pkgs.bat} --plain";
diff = "${lib.getExe pkgs.delta} --color-only";
battery-left = "${lib.getExe pkgs.acpi} | cut -d' ' -f5";
github-actions = "${lib.getExe pkgs.act} -s GITHUB_TOKEN=\"$(${lib.getExe pkgs.github-cli} auth token)\"";
# NixOS
ns = "nix-shell --run zsh";
@ -207,9 +264,28 @@
};
file = "autopair.zsh";
}
{
name = "zsh-vi-mode";
file = "zsh-vi-mode.plugin.zsh";
src = pkgs.fetchFromGitHub {
owner = "jeffreytse";
repo = "zsh-vi-mode";
rev = "3eeca1bc6db172edee5a2ca13d9ff588b305b455";
sha256 = "0na6b5b46k4473c53mv1wkb009i6b592gxpjq94bdnlz1kkcqwg6";
};
}
{
name = "fzf-zsh-plugin";
src = fetchFromGitHub {
owner = "unixorn";
repo = "fzf-zsh-plugin";
rev = "04ae801499a7844c87ff1d7b97cdf57530856c65";
sha256 = "sha256-FEGhx36Z5pqHEOgPsidiHDN5SXviqMsf6t6hUZo+I8A=";
};
file = "fzf-zsh-plugin.plugin.zsh";
}
];
};
fzf = {
enable = true;
enableZshIntegration = true;
@ -220,4 +296,11 @@
enableZshIntegration = true;
};
};
home.packages = with pkgs; [
dust
fd
delta
bat
nix-search-fzf.zsh-shell-widget
];
}

6
modules/services/borg.nix
View file

@ -37,6 +37,12 @@ in
paths = [
"/var/lib"
];
exclude = [
"/var/lib/matrix-synapse"
"/var/lib/mautrix-signal"
"/var/lib/mautrix-whatsapp"
"/var/lib/bitwarden_rs"
];
repo = "${baseRepo}/var-lib";
encryption.mode = "none";
compression = "auto,zstd";

4
modules/services/dandelion.nix
View file

@ -2,8 +2,8 @@
{
imports =
[ (import ./docker.nix) ]
++ [ (import ./immich.nix) ]
++ [ (import ./nextcloud.nix) ]
# ++ [ (import ./immich.nix) ]
# ++ [ (import ./nextcloud.nix) ]
++ [ (import ./home-assistant.nix) ]
++ [ (import ./monitoring.nix) ]
++ [ (import ./smart-monitoring.nix) ]

19
modules/services/email.nix Normal file
View file

@ -0,0 +1,19 @@
{
pkgs,
config,
...
}:
{
programs.msmtp = {
enable = true;
accounts.default = {
auth = true;
tls = true;
port = 465;
host = "smtp.migadu.com";
from = config.liv.variables.senderEmail;
user = config.liv.variables.senderEmail;
passwordeval = "${pkgs.coreutils}/bin/cat ${config.sops.secrets.systemMailerPassword.path}";
};
};
}

55
modules/services/forgejo.nix
View file

@ -9,7 +9,8 @@ let
srv = cfg.settings.server;
in
{
services.forgejo = {
services = {
forgejo = {
enable = true;
# database.type = "postgres";
# Enable support for Git Large File Storage
@ -28,38 +29,44 @@ in
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
# Sending emails is completely optional
# TODO: run own email server that sends users emails!
# You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration
# mailer = {
# ENABLED = true;
# SMTP_ADDR = "mail.example.com";
# FROM = "noreply@${srv.DOMAIN}";
# USER = "noreply@${srv.DOMAIN}";
# };
mailer = {
ENABLED = true;
SMTP_ADDR = "smtp.migadu.com";
FROM = config.liv.variables.senderEmail;
USER = config.liv.variables.senderEmail;
};
};
secrets.mailer.PASSWD = config.sops.secrets.systemMailerPassword.path;
};
gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances.code-liv-town = {
enable = true;
name = "forgejo-01";
tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}";
url = "https://code.liv.town";
labels = [
"node-22:docker://node:22-bookworm"
"nixos-latest:docker://nixos/nix"
];
};
};
anubis.instances.forgejo = {
settings = {
TARGET = "http://localhost:3050";
BIND = ":3051";
BIND_NETWORK = "tcp";
};
# mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
};
# gitea-actions-runner = {
# package = pkgs.forgejo-runner;
# instances.my-forgejo-instance = {
# enable = true;
# name = "forgejo-01";
# token = ""; # TODO: fill in tokens etc
# url = "https://code.liv.town";
# labels = [
# "node-22:docker://node:22-bookworm"
# "nixos-latest:docker://nixos/nix"
# ];
# };
# };
services = {
nginx.virtualHosts."code.liv.town" = {
forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = {
proxyPass = "http://localhost:3050";
proxyPass = "http://localhost${toString config.services.anubis.instances.forgejo.settings.BIND}";
proxyWebsockets = true;
};
};

3
modules/services/matrix/secrets.yaml
View file

@ -1,3 +0,0 @@
registration_shared_secret: ""
report_stats: false

19
modules/services/monitoring.nix
View file

@ -1,4 +1,4 @@
{ config, ... }:
{ config, host, ... }:
{
services = {
prometheus = {
@ -10,6 +10,15 @@
enabledCollectors = [ "systemd" ];
port = 9002;
};
smokeping = {
enable = true;
hosts = [
"172.16.10.1"
"172.16.10.2"
"9.9.9.9"
"149.112.112.112"
];
};
};
scrapeConfigs = [
{
@ -20,6 +29,14 @@
}
];
}
{
job_name = "${host} - smokeping";
static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.smokeping.port}" ];
}
];
}
];
};
};

4
modules/services/nfs.nix
View file

@ -8,7 +8,7 @@
services = {
# Network shares
samba = {
package = pkgs.samba4Full;
package = pkgs.samba;
# ^^ `samba4Full` is compiled with avahi, ldap, AD etc support (compared to the default package, `samba`
# Required for samba to register mDNS records for auto discovery
# See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268
@ -26,7 +26,7 @@
# ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
#nssmdns4 = true;
# ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
enable = true;
enable = lib.mkForce true;
openFirewall = true;
};
samba-wsdd = {

18
modules/services/nginx.nix
View file

@ -37,24 +37,6 @@
recommendedProxySettings = true;
clientMaxBodySize = lib.mkDefault "10G";
#defaultListen =
# let
# listen = [
# {
# addr = "[::]";
# port = 80;
# extraParameters = [ "proxy_protocol" ];
# }
# {
# addr = "[::]";
# port = 443;
# ssl = true;
# extraParameters = [ "proxy_protocol" ];
# }
# ];
# in
# map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
# Hardened TLS and HSTS preloading
appendHttpConfig = ''
# Proxying

18
modules/services/nix-serve.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, ... }:
{
services = {
nix-serve = {
enable = true;
secretKeyFile = "/var/secrets/cache-private-key.pem";
};
nginx.virtualHosts."violet.booping.local" = {
forceSSL = false;
# sslCertificate = "/var/lib/acme/liv.town/cert.pem";
# sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = {
proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
}

29
modules/services/paperless-ngx.nix Normal file
View file

@ -0,0 +1,29 @@
{
services = {
paperless = {
enable = true;
consumptionDirIsPublic = true;
settings = {
PAPERLESS_CONSUMER_IGNORE_PATTERN = [
".DS_STORE/*"
"desktop.ini"
];
PAPERLESS_OCR_LANGUAGE = "deu+eng+nld";
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
};
PAPERLESS_URL = "https://documents.liv.town";
};
};
nginx.virtualHosts."documents.liv.town" = {
forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = {
proxyPass = "http://127.0.0.1:28981";
proxyWebsockets = true;
};
};
};
}

55
modules/services/remote-build.nix Normal file
View file

@ -0,0 +1,55 @@
{
config,
pkgs,
username,
...
}:
{
users.users.remotebuild = {
isNormalUser = true;
createHome = false;
group = "remotebuild";
openssh.authorizedKeys.keys = config.users.users.${username}.openssh.authorizedKeys.keys ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKI2KQn97mykFLIaMUWMftA1txJec9qW56hAMj5/MhE liv@dandelion
"
];
};
users.groups.remotebuild = { };
nix = {
nrBuildUsers = 64;
settings = {
trusted-users = [ "remotebuild" ];
min-free = 10 * 1024 * 1024;
max-free = 200 * 1024 * 1024;
max-jobs = "auto";
cores = 0;
};
};
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
# add to clients:
# nix.distributedBuilds = true;
# nix.settings.builders-use-substitutes = true;
# nix.buildMachines = [
# {
# hostName = "violet";
# sshUser = "remotebuild";
# sshKey = "/home/liv/.ssh/id_ed25519"; # Make sure to give a key that works for this user.
# system = pkgs.stdenv.hostPlatform.system;
# supportedFeatures = [
# "nixos-test"
# "big-parallel"
# "kvm"
# ];
# }
# ];
}

38
modules/services/smart-monitoring.nix
View file

@ -1,7 +1,15 @@
{ config, ... }:
{ config, host, ... }:
{
imports = [ ./email.nix ];
services.scrutiny = {
enable = true;
# Enable based on name of host
enable =
if (host == "dandelion") then
true
else if (host == "lily") then
true
else
false;
collector.enable = true;
settings.web.listen.port = 8181;
settings.notify.urls = [
@ -10,18 +18,20 @@
];
};
# services.smartd = {
# enable = true;
# autodetect = true;
# notifications = {
# mail = {
# enable = true;
# # mailer = "/path/to/mailer/binary"; # Need to get system emails working first
# sender = "${config.liv.variables.fromEmail}";
# recipient = "${config.liv.variables.toEmail}";
# };
# };
# };
services.smartd = {
enable = true;
autodetect = true;
notifications = {
wall = {
enable = true;
};
mail = {
enable = true;
sender = config.liv.variables.senderEmail;
recipient = config.liv.variables.email;
};
};
};
# services.nginx.virtualHosts."" = {
# locations."/" = {

70
modules/services/vaultwarden.nix Normal file
View file

@ -0,0 +1,70 @@
{
config,
host,
pkgs,
username,
...
}:
let
baseRepo = "ssh://liv@dandelion:9123/spinners/rootvol/backups/${host}";
in
{
services = {
vaultwarden = {
enable = true;
dbBackend = "sqlite";
config = {
SIGNUPS_ALLOWED = false;
ENABLE_WEBSOCKET = true;
SENDS_ALLOWED = true;
INVITATIONS_ENABLED = true;
EMERGENCY_ACCESS_ALLOWED = true;
EMAIL_ACCESS_ALLOWED = true;
DOMAIN = "https://passwords.liv.town";
ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = 8003;
};
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"passwords.liv.town" = {
forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/";
proxyWebsockets = true;
};
};
};
};
borgbackup.jobs."violet-vaultwarden" = {
paths = [ "/var/lib/bitwarden_rs" ];
repo = "${baseRepo}/var-vaultwarden";
encryption.mode = "none";
compression = "auto,zstd";
startAt = "daily";
preHook = ''
systemctl stop vaultwarden
'';
postHook = ''
systemctl start vaultwarden
if [ $exitStatus -eq 2 ]; then
${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${host} "borgbackup: ${host} backup (vaultwarden) failed with errors"
else
${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${host} "borgbackup: ${host} backup (vaultwarden) completed succesfully with exit status $exitStatus"
fi
'';
user = "root";
extraCreateArgs = [
"--stats"
];
environment = {
BORG_RSH = "ssh -p 9123 -i /home/${username}/.ssh/id_ed25519";
};
};
};
}

9
modules/services/violet.nix
View file

@ -7,6 +7,7 @@
++ [ (import ./binternet-proxy.nix) ]
++ [ (import ./bluemap-proxy.nix) ]
++ [ (import ./docker.nix) ]
++ [ (import ./email.nix) ]
++ [ (import ./forgejo.nix) ]
++ [ (import ./grafana.nix) ]
++ [ (import ./guacamole.nix) ]
@ -17,14 +18,20 @@
++ [ (import ./matrix/default.nix) ]
++ [ (import ./mumble.nix) ]
++ [ (import ./monitoring.nix) ]
# ++ [ (import ./minio.nix) ]
# ++ [ (import ./nextcloud.nix) ]
++ [ (import ./ntfy.nix) ]
++ [ (import ./nginx.nix) ]
++ [ (import ./nix-serve.nix) ]
++ [ (import ./paperless-ngx.nix) ]
++ [ (import ./radicale.nix) ]
++ [ (import ./remote-build.nix) ]
++ [ (import ./readarr.nix) ]
++ [ (import ./sharkey-proxy.nix) ]
# ++ [ (import ./komga.nix) ]
# ++ [ (import ./xmpp.nix) ]
++ [ (import ./tailscale.nix) ];
++ [ (import ./tailscale.nix) ]
++ [ (import ./vaultwarden.nix) ];
# ++ [ (import ./smart-monitoring.nix) ]
# ++ [ (import ./jitsi-meet.nix) ]
}

2
overlays/default.nix
View file

@ -1,3 +1,3 @@
{
addition = final: _: import ../pkgs { pkgs = final; };
addition = final: _: import ../pkgs/default.nix { pkgs = final; };
}

40
pkgs/createScript/default.nix Normal file
View file

@ -0,0 +1,40 @@
{
lib,
runCommand,
makeWrapper,
}:
# A function which creates a shell script with optional dependencies added to PATH.
name: src:
{
dependencies ? [ ],
...
}@attrs:
runCommand name
(
{
inherit src;
nativeBuildInputs = lib.optionals (dependencies != [ ]) (attrs.nativeBuildInputs or [ ]) ++ [
makeWrapper
];
meta = {
mainProgram = name;
} // attrs.meta or { };
}
// (builtins.removeAttrs attrs [
"nativeBuildInputs"
"meta"
])
)
''
mkdir -p $out/bin
install -Dm755 $src $out/bin/$name
patchShebangs $out/bin/$name
${lib.optionalString (dependencies != [ ]) ''
wrapProgram $out/bin/$name --prefix PATH : ${lib.makeBinPath dependencies}
''}
''

5
pkgs/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs } :
{ pkgs }:
{
wikit = pkgs.callPackage ./wikit/default.nix { };
createScript = pkgs.callPackage ./createScript/default.nix { };
nix-search-fzf = pkgs.callPackage ./nix-search-fzf/default.nix { };
}

50
pkgs/nix-search-fzf/default.nix Normal file
View file

@ -0,0 +1,50 @@
{
createScript,
replaceVars,
gnused,
jq,
fzf,
nix,
coreutils,
bash,
nix-search-fzf,
writeShellScriptBin,
}:
let
previewText = createScript "fzf-preview" ./fzf-preview.sh { };
src = replaceVars ./nix-search-fzf.sh {
previewText = "${previewText}/bin/fzf-preview";
};
in
createScript "nix-search-fzf" src {
dependencies = [
gnused
jq
fzf
nix
coreutils
bash
];
# Enter a 'nix shell' with packages selected by this script
passthru.zsh-shell-widget = writeShellScriptBin "nix-search-fzf-shell-widget" ''
nix-search-fzf-shell-widget() {
setopt localoptions pipefail no_aliases 2> /dev/null
local cmd="$(eval "${nix-search-fzf}/bin/nix-search-fzf -c")"
if [[ -z "$cmd" ]]; then
zle redisplay
return 0
fi
zle push-line
BUFFER="''${cmd}"
zle accept-line
local ret=$?
unset cmd
zle reset-prompt
return $ret
}
'';
meta.description = "a wrapper around 'nix {run,shell,edit}' with autocomplete using fzf";
}

73
pkgs/nix-search-fzf/fzf-preview.sh Normal file
View file

@ -0,0 +1,73 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p
# shellcheck shell=bash
set -euo pipefail
PKG_NAME="$1"
FLAKE="$2"
FLAKE_PATH="${FLAKE}#${PKG_NAME}"
removeQuotes() {
local flag="$*"
flag="${flag%\"}"
echo "${flag#\"}"
}
newlinesToCommaSeperated() {
echo "$@" | sed ':a;N;$!ba;s/\n/, /g'
}
evalAttr() {
local attr data
attr="$1"
data="$(nix eval "$FLAKE_PATH"."$attr" 2>/dev/null)"
[[ $data != "null" && $data != "false" && -n $data ]] && removeQuotes "$data"
}
evalJsonAttr() {
local attr jqArgs data
attr="$1"
jqArgs="$2"
data="$(nix eval --json "$FLAKE_PATH"."$attr" 2>/dev/null | jq -r "$jqArgs")"
[[ $data != "null" && -n $data ]] && echo "$data"
}
evalNixpkgsLib() {
local function data
function="$1"
# Impure is needed to import the flake reference
data="$(nix eval --raw --impure --expr "let pkgs = (builtins.getFlake \"flake:$FLAKE\"); in pkgs.lib.$function pkgs.$PKG_NAME" 2>/dev/null)"
[[ $data != "null" && -n $data ]] && echo "$data"
}
maybeEcho() {
local -r prefix="$1"
local flag="$2"
local -r commaSeperated="${3:-false}"
[[ $commaSeperated == "true" ]] && flag="$(newlinesToCommaSeperated "$flag")"
test -n "$flag" && echo "$prefix $flag"
}
test -n "$(evalAttr "meta.broken")" && echo "broken: true"
test -n "$(evalAttr "meta.insecure")" && echo "insecure: true"
version="$(evalAttr "version")"
# Derive the version from "name" using 'lib.getVersion' if it's not set
test -z "$version" && version="$(evalNixpkgsLib "getVersion")"
maybeEcho "version:" "$version"
homepage="$(evalAttr "meta.homepage")"
maybeEcho "homepage:" "$homepage"
description="$(evalAttr "meta.description")"
maybeEcho "description:" "$description"
license="$(evalJsonAttr "meta.license" 'if type=="array" then .[].fullName else .fullName end')"
maybeEcho "license:" "$license" true
maintainers="$(evalJsonAttr "meta.maintainers" '.[].github')"
maybeEcho "maintainers:" "$maintainers" true
platforms="$(evalJsonAttr "meta.platforms" 'if type=="array" then .[] else . end')"
maybeEcho "platforms:" "$platforms" true

161
pkgs/nix-search-fzf/nix-search-fzf.sh Normal file
View file

@ -0,0 +1,161 @@
#!/usr/bin/env bash
# An fzf script with autocomplete from "nix search" which allows for interactive fuzzy searching of derivations.
# After the search a nix subcommand is executed on the selected derivation(s), e.g. "nix shell" or "nix run".
set -eou pipefail
FLAKE="nixpkgs" # The default flake to use. TODO: make this configurable
NIX_SUBCOMMAND="shell" # The default nix subcommand to execute
MULTIPLE_SELECTION=true # Whether to allow the user to select multiple derivations
PRINT_COMMAND=false # Only print the command that would be executed, don't execute it
if [ -n "${XDG_CACHE_HOME-}" ]; then
CACHE_PATH="$XDG_CACHE_HOME/nix-search-fzf/cache.txt"
else
CACHE_PATH="$HOME/.cache/nix-search-fzf/cache.txt"
fi
# Because fzf executes commands from keybindings in a subprocess, we cannot directly change this scripts state.
# Instead we can use a temporary file as an IPC mechanism, to change which subcommand to execute.
TMP_FILE="$(mktemp --dry-run --suffix "-nix-search-fzf")"
trap 'rm -f "$TMP_FILE"' EXIT INT TERM
handleArguments() {
while (("$#" > 0)); do
case "$1" in
-s | shell | --shell)
NIX_SUBCOMMAND="shell"
;;
-b | build | --build)
NIX_SUBCOMMAND="build"
;;
-r | run | --run)
NIX_SUBCOMMAND="run"
MULTIPLE_SELECTION=false
;;
-e | edit | --edit)
NIX_SUBCOMMAND="edit"
MULTIPLE_SELECTION=false
;;
-c | command | --command)
PRINT_COMMAND=true
;;
-u | update | --update)
manageCache true
exit
;;
-h | help | --help)
echo "Usage: $(basename "$0") [--shell|--build|--run|--edit|--update]"
echo " --shell: enter a nix shell with the selected package(s). This is the default"
echo " --build: build the selected package(s) with nix build"
echo " --run: run the selected package with nix run"
echo " --edit: edit the selected package with nix edit"
echo " --command: only print the command that would be executed, don't execute it"
echo " --update: update the nix search cache, this is done automatically every 10 days"
echo " --help: show this help message"
exit 0
;;
*)
echo "Unknown option '$1'"
exit 1
;;
esac
shift 1
done
}
runColored() {
printf "\e[32m\$ %s\n\e[0m" "$1"
eval "$1"
}
manageCache() {
local doUpdate="${1:-false}"
mkdir -p "$(dirname "$CACHE_PATH")"
if [ ! -f "$CACHE_PATH" ] || [ ! -s "$CACHE_PATH" ]; then
doUpdate="true"
echo "attribute path cache does not exist, generating..." >&2
elif (($(date -r "$CACHE_PATH" +%s) < $(date -d "now - 10 days" +%s))); then
doUpdate="true"
echo "cache file is older than 10 days, updating..." >&2
fi
if [ "$doUpdate" == "true" ]; then
echo "caching attribute paths..." >&2
# Create a list of all attribute paths with "legacyPackages.$arch" stripped
# In the future this could contain metadata as well, doing a "nix-eval" for each is not the fastest
nix search "$FLAKE" "^" --quiet --json | jq -r 'keys[]' | cut -d'.' -f3- >"$CACHE_PATH"
echo "successfully generated attribute path cache" >&2
fi
}
fzfBindingFlag() {
local tmpFile="$1"
local -A bindings=(
["shell"]="ctrl-s"
["build"]="ctrl-b"
["edit"]="ctrl-e"
["run"]="ctrl-r"
)
local result="--bind="
for subCommand in "${!bindings[@]}"; do
local binding="${bindings[$subCommand]}"
# When pressed, write the appropriate command to our temporary IPC file, and change the prompt accordingly
result+="$binding:execute-silent(echo $subCommand > $tmpFile)+change-prompt($subCommand > ),"
done
echo "${result%,}"
}
runFzf() {
local multi_flag
if [ "$MULTIPLE_SELECTION" == true ]; then
multi_flag="--multi"
else
multi_flag="--no-multi"
fi
fzf "$multi_flag" \
--height 40% \
--preview-window right,70% \
--border rounded \
--prompt "$NIX_SUBCOMMAND > " \
--preview "bash -c \"@previewText@ {} $FLAKE\"" \
"$(fzfBindingFlag "$TMP_FILE")" <"$CACHE_PATH"
}
runNix() {
local packages selectedPkgs command
readarray -t selectedPkgs <<<"$@"
((${#selectedPkgs[@]} == 0)) && exit 0
if [ "$MULTIPLE_SELECTION" == true ] && ((${#selectedPkgs[@]} > 1)); then
# Build a brace expansion string
local pkg_list="{"
for pkg in "${selectedPkgs[@]}"; do
pkg_list+="$pkg,"
done
packages="${pkg_list%,}}"
else
packages="${selectedPkgs[0]}"
fi
((${#packages} == 0)) && exit 0
# Update what subcommand to execute, in case it was changed by a keybinding from fzf
[ -s "$TMP_FILE" ] && NIX_SUBCOMMAND="$(<"$TMP_FILE")"
command="NIXPKGS_ALLOW_UNFREE=1 nix $NIX_SUBCOMMAND $FLAKE#$packages --impure"
if [ "$PRINT_COMMAND" == true ]; then
echo "$command"
exit 0
else
runColored "$command"
fi
}
handleArguments "$@"
manageCache
runNix "$(runFzf)"

16
pkgs/wikit/default.nix
View file

@ -1,16 +0,0 @@
{ lib, ... }:
with lib;
let
src = fetchFromGitHub {
owner = "KorySchneider";
repo = "wikit";
rev = "6432c6020606868cc5f240d0317040e38b992292";
};
in {
wikit = mkYarnPackage {
name = "wikit";
inherit src;
packageJSON = src + "./package.json";
yarnLock = src + "./yarn.lock";
};
}

39
roles/gui.nix
View file

@ -17,9 +17,46 @@ in
config = mkIf cfg.enable {
services = {
gvfs.enable = true;
gvfs = {
enable = true;
package = lib.mkForce pkgs.gnome.gvfs;
};
gnome.gnome-keyring.enable = true;
dbus.enable = true;
};
home-manager.users.${username}.home.packages = with pkgs; [
element-desktop
gajim
signal-desktop
mumble
anki-bin
obs-studio
wdisplays
librewolf # main
ungoogled-chromium # for things that don't work with librewolf
nsxiv
imv
libreoffice
xfce.thunar
spotify
spotify-player
thunderbird
lxqt.pavucontrol-qt
mpv
plasma5Packages.kdeconnect-kde
winbox
# onthespot-overlay
# Gaming
lunar-client
# Not GUI but specific to GUI usage
sshuttle
sshfs
# try out for a bit
niri
];
};
}

27
secrets/dandelion/secrets.yaml Normal file
View file

@ -0,0 +1,27 @@
systemMailerPassword: ENC[AES256_GCM,data:b9Mmxo3beDpo1pi1Y+5TZn64ZeKJzJXlJwYFs5BjVMngeej+Y0naWmwBdlTEwzPm6OiO/N1haNQUlwT4KdOTx7t8PsZwQ5dOQl1gjWp0T+0ImWLImvINyvDIg6uh9RsvqLIJBvgLAtiUHE3jq7vLwDPaZ69tvjmGACNfNKX8A0A=,iv:BvmZ7GtDsHFWSY+cL10P1e7I75ZwrzjFJ6e5J2IbEic=,tag:g9yqAQtJ9kD3o1cfng0gTA==,type:str]
dandelionSyncthingId: ENC[AES256_GCM,data:YgkjHxSD5mp44MMd7X46Rt5FqW89prMvhrkvHN5dxvPJ937cOGV9WYXf69A0+0XEbO97jlDAp7ph1GF0Q9UV,iv:45gaF2MZh1GbZmvKRnEtkQfNgx11r9xYaxvqAkU2ZkM=,tag:f9Iel/5029acJuzzTmyHXQ==,type:str]
sakuraSyncthingId: ENC[AES256_GCM,data:dzMpAy6wzlbGdnsesc7OUB25AkvdRwReT+o1UUqoz1VXXldy5esTpa3vGqM2B/Qa3lZq999VX4hejisSRBGd,iv:Eorc7tX4cnu2n2Kc1uPrfTdU5KQ8jjUsKDuByf1/mts=,tag:+ev+2RbN1v22N96zuQHV9w==,type:str]
sops:
age:
- recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIcHFGUFltcUVSNnJXNWhI
TU5ySU1SQXVYdUFNOUlXdmZzYTZnZFhWQVJnCmV6T1duSnlGejNMc1hDUHovYTJE
Ri93OURqaEVrd0xCRUZZdWhsKzI1QkEKLS0tIExDeE9BNUxoYjhzWjBrM1FIUzV1
cGpiNmJ6blQ2c1FiOEFnNllrbWxjWmsKDXsXc2tlmgXHmEveCVq1WMrFRtzLttgc
0sMlwMFo71eV5JWrDjPbg0WwXonGI9TILJ09FFSTK7FRhwyFpgL6TA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dpzajxcx7dcumda55qc3hncxqd43a7k85t2cdwtcvy5qsgp6k5tsugxqmd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxS250MmZyazRFVGMzdzVy
T09EaE1lY1h1d3BiMFRlNWV2SXNXNFBuekRnClRieVJrbGFMRjdCZEFVUjdoa2JQ
K1RzalZBVThOMWl3T2pZakxUTUI5cXcKLS0tIHBPeVdtUmtCUmtOTVVRZlNwUXpO
L1d2bW5tRDhjQ2VaU0xDWWlZYi94TEUKvjD1Pk8/Jq18nCJioeVBYbfaT3rSYr4l
aZ+j21bb7tE3JbUQfGkYo2blJqZsxFxblZlvf6tK2DU39Tl64naUpQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-04T12:32:42Z"
mac: ENC[AES256_GCM,data:JrU10DY9ih8eMtR3vNpuGppU4gZQyxAzDZ7R2+UFnv/g0zGVYnIKyVEQB9AfO2PEc+nBIYvruiO8XJrqx9O3osf7gvICXnWgEB8C4VPv7IvgniPz68O0hAgpBKkh7Lj0ZP/EGpjXjMr1yBTLtMWsFBXqJa16cD21qsHnlQjBp9Q=,iv:4LWlyE86dKDgwErqE/PmbquGFyQxUVfZw8bifjSB51I=,tag:95INrs/69ipBIutWb5ZbrA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

18
secrets/sakura/secrets.yaml Normal file
View file

@ -0,0 +1,18 @@
systemMailerPassword: ENC[AES256_GCM,data:fdCLxxQOPw00kSGrddcr/ZsYWJ9xYPkfxUeS52jA+MNM4dNNfeQ2rhvWKLYpH/6D3/J7CND0UNUVuRLtPdEnU8ct8jkAmYX5nGDm9HAnVScDvbn5dMvaNxg+0o34Fz7E0XbmRM3B6zpzL4T6Odmmd2iRh/cRiz7WBwmKUpcCV3Q=,iv:ddPxnK6f1wEH+xxQLLADO5SdG8YZkbSVlNfan+AA4vs=,tag:WLrQzVsok6dtxSSQH3HHsw==,type:str]
dandelionSyncthingId: ENC[AES256_GCM,data:crzT7Ph2gDYm/LAyEM2yw/THzu+Dv5SBrw17NF42j2jCvGMLaDgdlMAhkJlr7bonnpjII+9/TLjEXtcEIhcd,iv:6e94tT8rCLFxwDWLNj2T/Fx+0yAuhfS2AdjAKJKt/k0=,tag:Ai44ZvRZps4lQ4gLBbfUDw==,type:str]
sakuraSyncthingId: ENC[AES256_GCM,data:/4MQEcCYVsw2ad2WmUn8Y2f/9mUcyjU9l7Z7PorexQfwaIucmfNH1+Z/FF+0wRj4uaUQLqpR29bRl3EQr/ve,iv:FsiLQYuLZ9YvkfqyF3mAV6jW7csZ5+yXx0sN8f768BE=,tag:U/OTuSnjkOeVT6Vdz96bOw==,type:str]
sops:
age:
- recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cFNzYWRSTTdwMXY1K3hK
MEJ6TEN1YS9XdkJOclhmWVVBWmxJcEsrdWxjCld4NThJdmoyMGRKbFNVZWdWQ1FQ
MmpQMm1TOTZhQlllWlV4Y0tiUGxDNkkKLS0tIFVBcEgzNlBVaHozOTViZG1FcXIx
bjBJd2RtdDhkSFlaUzVRTkQyTVpVSDgKoZ7S/izFqmPw3qHT37ws8m2Cmmb8prC/
JaVn8U57G4aRgp1BqXQvpnKA98HT3BwEsMce5LeNvX7kAtdqkU5eRQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-04T12:32:56Z"
mac: ENC[AES256_GCM,data:so7buQVx6nUTRYBfCPdITDccVWOjEmfPslkG8+Z0RKkDgIgwH4Aa/GnTkX0WxmB2bbI6/GQ1PhILE4UXTo8O7W0OO10+PWV2AWwngMcog+ggbH7qpd1395Tw0A8KiiXdPXwxFBEZqrYkKmYVyw314H02+h5+Qd3irH0bWqmpGOg=,iv:Sy4wR3GdSJCR1tlAxV2lau7cpLox/CoiGTC5eZoNVos=,tag:W2pv//unvIE0HBuJ0v35GA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

29
secrets/violet/secrets.yaml Normal file
View file

@ -0,0 +1,29 @@
systemMailerPassword: ENC[AES256_GCM,data:b1fvCLZMiA9xDu/9BKQGnCTbwj46uixlo37qer66DK09U7CEB8ZBqe+Y+DqjcOJUHHHSo8Qk1XGvGQWypkGICxmxNP8KWvmY42Woh3677APvotUdjW5fVKTgB+Y1m/6/cvXKicJFjbw5LOzZ2/JcXP01KPSkRxWb/X4xzvawSMY=,iv:vbchTqHaH2PB9Mll/s8q4zLhN6ThAsCVvhoggOhj7H4=,tag:6b+TiV1YYHWOn0P9qJZ/bQ==,type:str]
forgejoWorkerSecret: ENC[AES256_GCM,data:kmUjukTJ9SP6nJvfhIMFVTu5vAc9TIfZidUgejC7FSNBDJiP/lVlHw==,iv:jF9LpWLxtBi5i5NCC5nkLeLqJQzOAIY7H1z2NfHqUQI=,tag:3mtTcn+LQEbCESlt34nf9g==,type:str]
matrixRegistrationSecret: ENC[AES256_GCM,data:xDFYVpBJa+FHWjmLlZspJAzJcoav53nWPoctQ5+gAnDYMurtSCkmoQn8r5j6fOmiy56KQyk8AD2/kT1HeFFNKA==,iv:82eIoh1ePc0VxfTbBPxpwGhYrcdRMI6WjFhlUJhxuHk=,tag:FAYUXUy0lEQU56ni2dxvbg==,type:str]
minioRootCredentials: ENC[AES256_GCM,data:/IrpspB6Puy+6scHheBSBp6zQVh8uwpu4nFPLSkueuohSUESPHbRb0w1XAp4V5HraMtOThFqlm0JeBW0XbhY4E8L1P+S3/aMLKjp2voA928l9AjF6sTaSKsO7qh6LEmo90qm9Jo0nDo=,iv:M5NOGfSsl+LggLyEjV49vcWCaYmbG0eJcgwI2v7AKcI=,tag:A+CrDTL+TkEayOqBUII4aQ==,type:str]
smbLoginDetails: ENC[AES256_GCM,data:Puv+Vewv0TDpiYM+Uym180CLT+vXKoeSW/uNxAX7f9y0NvG2Uqqglj/HcCMhyQn9GpCIQyb+xidlLWn3Ywdg6ybaf4WN5EdAEXMK/FRQyVIvvOcCcwG+IeUc1Wc5NmM2qEbxLqLNDWxiH8/QsrT9rWWxxx4c4eD1HOpIv9LCuavXXLmKy6JvtxYwtOv4u8ukp+e0uP7pLN7d,iv:XH+6soi7lZiGz9ZGlQb49f44API715ib/Y7Zh3hFnDM=,tag:iz8RYRSwNxrMxy+rqeM07Q==,type:str]
sops:
age:
- recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeG8vNWltdmJGcHhpMFVv
L2loTVRWeUVQMjdFbXlLdDZ4NWd2czlMa1JVClErdlhXdlJKSDFrakhqVjRQMlBx
RStBKzI3bHkzWlZrdkFTZFZvRjN0eFUKLS0tIGJFaTRkVGhSbmZSbEdYZEFWV2Fz
bytGVUhvL1dKNk41cytPajJMUFdXQmMKbJZ7RDB5MXqotaLrWABIKFs2wEZtIAVm
+k+ykISzj/XhhCt2J4IWbhPqRDlivsOLvQF1srNgk02/laE+0Nz5Pg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMWV2NkVGSWR3UzBPWmFQ
S2lQRm9zZENGc29mN1VxT3hsb2c5d3k3ZGw4Ck5JWlpXQUU0WnhXT2ZocFZFSlkr
WjhZM214YVBDR3UzcU9SQ09ucWJDSUUKLS0tIE00aXVkeTQ5eG1TTTA2UnBuVnVB
S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI
VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-19T12:23:05Z"
mac: ENC[AES256_GCM,data:hH3cTyHeFMTH5zYpCWyM1uqLta/uzQcLc5HPSdsR52Skh89/5h51vC666g0JuVm/sXh3gv6XQ1AGidPMAmx60qmHjiWE/LRli7xDwKk3p4mldC7RC2FrR0JPmfhDzXIo7VL60PCq4CPWevyRpAWMEMgnc3Z/IzmfDObUsvU+rg0=,iv:CrL4uqV8keGMw+tuqvkNrpKoM0qqr1vsdhESPUb+Hig=,tag:O2NKejf2dpkrkTzX1IfQcA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

6
variables.nix
View file

@ -29,5 +29,11 @@ in
readOnly = true;
description = "My primary email";
};
senderEmail = mkOption {
default = "notifications@liv.town";
type = types.str;
readOnly = true;
description = "Emailaddress used to send mails from the system";
};
};
}