liv/nixos-config
1
0
Fork 0
mirror of https://github.com/Ahwxorg/nixos-config.git synced 2025-12-05 15:15:39 +01:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: liv:378029b6bb37527cdde0aa2a5bfe93538d45d024
Branches Tags
liv:master
..
compare: liv:92ded40fd7d2f9e9fe1286d1a625bd4500642c5d
Branches Tags
liv:master

No commits in common. "378029b6bb37527cdde0aa2a5bfe93538d45d024" and "92ded40fd7d2f9e9fe1286d1a625bd4500642c5d" have entirely different histories.
378029b6bb ... 92ded40fd7

10 changed files with 88 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

35
hosts/sakura/hardware-configuration.nix
View file

@ -1,44 +1,29 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97"; { device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97";
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."luks-root".device = "/dev/nvme0n1p3"; boot.initrd.luks.devices."luks-156453ac-bbad-452c-ad92-4fc569db9347".device = "/dev/disk/by-uuid/156453ac-bbad-452c-ad92-4fc569db9347";
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/0EFD-4B3F"; { device = "/dev/disk/by-uuid/0EFD-4B3F";
fsType = "vfat"; fsType = "vfat";
options = [ options = [ "fmask=0022" "dmask=0022" ];
"fmask=0022"
"dmask=0022"
];
}; };
swapDevices = [ ]; swapDevices = [ ];

2
modules/core/printing.nix
View file

@ -1,7 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
services.avahi = { services.avahi = {
enable = false; enable = true;
nssmdns4 = true; nssmdns4 = true;
openFirewall = true; openFirewall = true;
}; };

2
modules/core/sshd.nix
View file

@ -2,7 +2,7 @@
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ 9123 ]; ports = [ 22 ];
settings = { settings = {
PasswordAuthentication = lib.mkDefault false; PasswordAuthentication = lib.mkDefault false;
AllowUsers = null; AllowUsers = null;

33
modules/home/waybar/scripts.nix
View file

@ -155,24 +155,27 @@
"/home/${username}/.local/bin/waybar-music" = { "/home/${username}/.local/bin/waybar-music" = {
executable = true; executable = true;
text = '' text = ''
#!/usr/bin/env sh #!/usr/bin/env bash
META="{{ trunc(artist,17) }} - {{ trunc(title,17) }}" class=$(playerctl metadata --player=ncspot --format '{{lc(status)}}')
PLAYERS="spotify ncspot mpv mpd"
for PLAYER in $PLAYERS; do if [[ $class == "playing" ]]; then
# if the player is not playing, continue to the next player, until we find one that is playing info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}')
[ "$(playerctl --player=$PLAYER status 2>/dev/null)" != "Playing" ] && continue if [[ $\{#info} > 40 ]]; then
text=$(playerctl metadata --player $PLAYER --format "$META") info=$(echo $info | cut -c1-40)"..."
echo -e "{\"text\":\""$text"\", \"class\":\"Playing\"}" fi
exit 0 text="$info"
done elif [[ $class == "paused" ]]; then
info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}')
if [[ $\{#info} > 40 ]]; then
info=$(echo $info | cut -c1-40)"..."
fi
text=" $info"
elif [[ $class == "stopped" ]]; then
text=""
fi
ICON=" " echo -e "{\"text\":\""$text"\", \"class\":\""$class"\"}"
PAUSERS="spotify ncspot mpd"
for PAUSER in $PAUSERS; do
[ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Paused" ] || [ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Stopped" ] && text="$ICON"$(playerctl metadata --player $PAUSER --format "$META") && echo -e "{\"text\":\""$text"\", \"class\":\""paused"\"}" && exit 0
done
''; '';
}; };
"/home/${username}/.local/bin/waybar-devices" = { "/home/${username}/.local/bin/waybar-devices" = {

13
modules/home/zsh.nix
View file

@ -111,12 +111,12 @@
export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/" export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/"
# if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then
# alias imv="sxiv" alias imv="sxiv"
# elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then
# alias imv="nsxiv" alias imv="nsxiv"
# alias sxiv="nsxiv" alias sxiv="nsxiv"
# fi fi
''; '';
zsh-abbr = { zsh-abbr = {
@ -173,7 +173,6 @@
# nvim = "nix run /home/liv/Development/nixvim --"; # nvim = "nix run /home/liv/Development/nixvim --";
vim = "nvim"; vim = "nvim";
doas = "sudo"; doas = "sudo";
sxiv = "nsxiv";
# NixOS # NixOS
ns = "nix-shell --run zsh"; ns = "nix-shell --run zsh";

1
modules/services/dandelion.nix
View file

@ -7,6 +7,5 @@
++ [ (import ./home-assistant.nix) ] ++ [ (import ./home-assistant.nix) ]
++ [ (import ./monitoring.nix) ] ++ [ (import ./monitoring.nix) ]
++ [ (import ./smart-monitoring.nix) ] ++ [ (import ./smart-monitoring.nix) ]
++ [ (import ./tailscale.nix) ]
++ [ (import ./hd-idle.nix) ]; ++ [ (import ./hd-idle.nix) ];
} }

10
modules/services/monitoring.nix
View file

@ -23,9 +23,9 @@
]; ];
}; };
}; };
# networking.firewall = { networking.firewall = {
# allowedTCPPorts = [ allowedTCPPorts = [
# 9001 9001
# ]; ];
# }; };
} }

2
modules/services/mumble.nix
View file

@ -2,6 +2,6 @@
{ {
services.murmur = { services.murmur = {
enable = true; enable = true;
openFirewall = false; openFirewall = true;
}; };
} }

59
modules/services/nginx.nix
View file

@ -37,35 +37,41 @@
recommendedProxySettings = true; recommendedProxySettings = true;
clientMaxBodySize = lib.mkDefault "10G"; clientMaxBodySize = lib.mkDefault "10G";
#defaultListen = defaultListen =
# let let
# listen = [ listen = [
# { {
# addr = "[::]"; addr = "[::]";
# port = 80; port = 80;
# extraParameters = [ "proxy_protocol" ]; extraParameters = [ "proxy_protocol" ];
# } }
# { {
# addr = "[::]"; addr = "[::]";
# port = 443; port = 443;
# ssl = true; ssl = true;
# extraParameters = [ "proxy_protocol" ]; extraParameters = [ "proxy_protocol" ];
# } }
# ]; ];
# in in
# map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen; map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
# Hardened TLS and HSTS preloading # Hardened TLS and HSTS preloading
appendHttpConfig = '' appendHttpConfig = ''
# Proxying # Proxying
# real_ip_header proxy_protocol; # real_ip_header proxy_protocol;
server {
listen 80 proxy_protocol;
listen 443 ssl proxy_protocol;
# set_real_ip_from 10.7.0.0/24;
}
ssl_certificate /var/lib/acme/quack.social/cert.pem; ssl_certificate /var/lib/acme/quack.social/cert.pem;
ssl_certificate_key /var/lib/acme/quack.social/key.pem; ssl_certificate_key /var/lib/acme/quack.social/key.pem;
# proxy_set_header Host $host; proxy_set_header Host $host;
# proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Real-IP $proxy_protocol_addr;
# proxy_set_header X-Forwarded-For $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_protocol_addr;
# Add HSTS header with preloading to HTTPS requests. # Add HSTS header with preloading to HTTPS requests.
# Do not add HSTS header to HTTP requests. # Do not add HSTS header to HTTP requests.
@ -92,6 +98,19 @@
add_header pronouns "any but neopronouns"; add_header pronouns "any but neopronouns";
add_header locale "[en_US, nl_NL]"; add_header locale "[en_US, nl_NL]";
''; '';
appendConfig = ''
# https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
# set_real_ip_from 213.210.34.27;
# real_ip_header proxy_protocol;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $proxy_protocol_addr;
# proxy_set_header X-Forwarded-For $proxy_protocol_addr;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Server $host;
'';
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [

13
roles/creative.nix
View file

@ -1,16 +1,8 @@
{ { lib, pkgs, config, username, home-manager, ... }:
lib,
pkgs,
config,
username,
home-manager,
...
}:
with lib; with lib;
let let
cfg = config.liv.creative; cfg = config.liv.creative;
in in {
{
options.liv.creative = { options.liv.creative = {
enable = mkEnableOption "Enable creative workflow"; enable = mkEnableOption "Enable creative workflow";
}; };
@ -25,7 +17,6 @@ in
obs-studio obs-studio
kdePackages.kdenlive kdePackages.kdenlive
orca-slicer orca-slicer
freecad
]; ];
}; };
}; };