ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:4548914209564aeff32627cbd4483350e5bd3556
Branches Tags
ahuston-0:main ahuston-0:update-flake-lock ahuston-0:feature/add-parthenon ahuston-0:ahuston-0-patch-2 ahuston-0:feature/add-pc ahuston-0:feature/add-jessica ahuston-0:feature/gitea-minio ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:feature/add-unpackerr
Branches Tags
ahuston-0:update-flake-lock ahuston-0:main ahuston-0:feature/add-parthenon ahuston-0:ahuston-0-patch-2 ahuston-0:feature/add-pc ahuston-0:feature/add-jessica ahuston-0:feature/gitea-minio ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes

1 Commits
4548914209 ... feature/ad

Author SHA1 Message Date
ahuston-0
c05d782180 add basic unpackerr config 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2024-08-15 10:15:29 -04:00
187 changed files with 4073 additions and 4721 deletions
Expand all files Collapse all files

9
.gitconfig
View File

@@ -1,11 +1,6 @@
# run `grep -Pv "^#" .gitconfig >> .git/config` to append the merge config to your repo file :) # run `grep -Pv "^#" .gitconfig >> .git/config` to append the merge config to your repo file :)
# run `git mergetool --tool=sops-mergetool <path to secret>/secrets.yaml` to use this once configured # run `git mergetool --tool=sops-mergetool <path to secret>/secrets.yaml` to use this once configured
# if for whatever reason the below doesn't work, try modifying the mergetool command as below
# find: $(git rev-parse --show-toplevel)/utils/sops-mergetool.sh
# replace: ./utils/sops-mergetool.sh
[mergetool "sops-mergetool"] [mergetool "sops-mergetool"]
cmd = bash -c "$(git rev-parse --show-toplevel)/utils/sops-mergetool.sh \"\$BASE\" \"\$LOCAL\" \"\$REMOTE\" \"\$MERGED\"" cmd = bash -c "$(git --exec-path)/sops-mergetool.sh \"$BASE\" \"$LOCAL\" \"$REMOTE\" \"$MERGED\""
[merge] [merge]
tool = nvimdiff tool = nvimdiff3
[mergetool "nvimdiff"]
layout = MERGED

35
.github/settings.yml vendored
View File

@@ -4,44 +4,60 @@ repository:
# The name of the repository. Changing this will rename the repository # The name of the repository. Changing this will rename the repository
name: nix-dotfiles name: nix-dotfiles
# A short description of the repository that will show up on GitHub # A short description of the repository that will show up on GitHub
description: RAD-Dev Infra description: RAD-Dev Infra
# A URL with more information about the repository # A URL with more information about the repository
# homepage: "https://nix-community.org" # homepage: "https://nix-community.org"
# A comma-separated list of topics to set on the repository # A comma-separated list of topics to set on the repository
topics: "nixos" topics: "nixos"
# Either `true` to make the repository private, or `false` to make it public. # Either `true` to make the repository private, or `false` to make it public.
private: false private: false
# Either `true` to enable issues for this repository, `false` to disable them. # Either `true` to enable issues for this repository, `false` to disable them.
has_issues: true has_issues: true
# Either `true` to enable projects for this repository, or `false` to disable them. # Either `true` to enable projects for this repository, or `false` to disable them.
# If projects are disabled for the organization, passing `true` will cause an API error. # If projects are disabled for the organization, passing `true` will cause an API error.
has_projects: true has_projects: true
# Either `true` to enable the wiki for this repository, `false` to disable it. # Either `true` to enable the wiki for this repository, `false` to disable it.
has_wiki: false has_wiki: false
# Either `true` to enable downloads for this repository, `false` to disable them. # Either `true` to enable downloads for this repository, `false` to disable them.
has_downloads: false has_downloads: false
# Updates the default branch for this repository. # Updates the default branch for this repository.
default_branch: main default_branch: main
# Either `true` to allow squash-merging pull requests, or `false` to prevent # Either `true` to allow squash-merging pull requests, or `false` to prevent
# squash-merging. # squash-merging.
allow_squash_merge: true allow_squash_merge: true
# Either `true` to allow merging pull requests with a merge commit, or `false` # Either `true` to allow merging pull requests with a merge commit, or `false`
# to prevent merging pull requests with merge commits. # to prevent merging pull requests with merge commits.
allow_merge_commit: false allow_merge_commit: false
# Either `true` to allow rebase-merging pull requests, or `false` to prevent # Either `true` to allow rebase-merging pull requests, or `false` to prevent
# rebase-merging. # rebase-merging.
allow_rebase_merge: true allow_rebase_merge: true
# Either `true` to enable automatic deletion of branches on merge, or `false` to disable # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
delete_branch_on_merge: true delete_branch_on_merge: true
# Either `true` to enable automated security fixes, or `false` to disable # Either `true` to enable automated security fixes, or `false` to disable
# automated security fixes. # automated security fixes.
enable_automated_security_fixes: true enable_automated_security_fixes: true
# Either `true` to enable vulnerability alerts, or `false` to disable # Either `true` to enable vulnerability alerts, or `false` to disable
# vulnerability alerts. # vulnerability alerts.
enable_vulnerability_alerts: true enable_vulnerability_alerts: true
allow_auto_merge: true allow_auto_merge: true
# Labels: define labels for Issues and Pull Requests # Labels: define labels for Issues and Pull Requests
# #
labels: labels:
@@ -88,16 +104,29 @@ labels:
- name: automated - name: automated
color: '#42b528' color: '#42b528'
description: PR was automatically generated (through a bot or CI/CD) description: PR was automatically generated (through a bot or CI/CD)
# Milestones: define milestones for Issues and Pull Requests # Milestones: define milestones for Issues and Pull Requests
milestones: milestones:
- title: Go-Live - title: Go-Live
description: >- description: >-
All requirements for official go-live: - Automated testing via Hydra/Actions - Automated deployments via Hydra/Actions - 90+% testing coverage - Functional formatter with custom rules - palatine-hill is fully stable, enough so that jeeves can be migrated All requirements for official go-live:
- Automated testing via Hydra/Actions
- Automated deployments via Hydra/Actions
- 90+% testing coverage
- Functional formatter with custom rules
- palatine-hill is fully stable, enough so that jeeves can be migrated
# The state of the milestone. Either `open` or `closed` # The state of the milestone. Either `open` or `closed`
state: open state: open
- title: Jeeves Migration - title: Jeeves Migration
description: >- description: >-
Test common use-cases for Jeeves - Quadro GPU support - Multi-GPU support - Plex support - Docker support - ZFS support Test common use-cases for Jeeves
- Quadro GPU support
- Multi-GPU support
- Plex support
- Docker support
- ZFS support
# Collaborators: give specific users access to this repository. # Collaborators: give specific users access to this repository.
# See https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator for available options # See https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator for available options
collaborators: collaborators:
@@ -121,6 +150,7 @@ teams:
# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions. # * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access. # * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
# permission: admin # permission: admin
branches: branches:
# gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/nix-community/infra/branches/master/protection # gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/nix-community/infra/branches/master/protection
@@ -135,6 +165,7 @@ branches:
# `Maximum pull requests to merge`: 5 # `Maximum pull requests to merge`: 5
# `Only merge non-failing pull requests`: true # `Only merge non-failing pull requests`: true
# `Consider check failed after`: 60 minutes # `Consider check failed after`: 60 minutes
- name: main - name: main
# https://docs.github.com/en/rest/reference/repos#update-branch-protection # https://docs.github.com/en/rest/reference/repos#update-branch-protection
# Branch Protection settings. Set to null to disable # Branch Protection settings. Set to null to disable

33
.github/workflows/flake-health-checks.yml vendored
View File

@@ -5,37 +5,16 @@ on:
pull_request: pull_request:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
jobs: jobs:
health-check: health-check:
name: "Perform Nix flake checks" name: "Perform Nix flake checks"
runs-on: ubuntu-latest runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
steps: steps:
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache - uses: DeterminateSystems/magic-nix-cache-action@main
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix flake check --accept-flake-config - run: nix flake check --accept-flake-config
- run: nix ./utils/attic-push.bash
# build-checks:
# name: "Build nix outputs"
# runs-on: ubuntu-latest
# steps:
# - uses: DeterminateSystems/nix-installer-action@main
# - name: Setup Attic cache
# uses: ryanccn/attic-action@v0
# with:
# endpoint: ${{ secrets.ATTIC_ENDPOINT }}
# cache: ${{ secrets.ATTIC_CACHE }}
# token: ${{ secrets.ATTIC_TOKEN }}
# skip-push: "true"
# - uses: actions/checkout@v4
# - name: Build all outputs
# run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
# - name: Push to Attic
# run: nix ./utils/attic-push.bash
# continue-on-error: true

131
.github/workflows/flake-update.yml vendored
View File

@@ -5,108 +5,63 @@ on:
schedule: schedule:
- cron: "00 12 * * *" - cron: "00 12 * * *"
jobs: jobs:
update_lockfile: createPullRequest:
runs-on: ubuntu-latest runs-on: ubuntu-latest
#if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main
steps: steps:
- name: Checkout repository - uses: actions/checkout@v4
uses: actions/checkout@v4 - name: Login to Docker Hub
- name: Install nix uses: docker/login-action@v3
uses: https://github.com/DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with: with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }} username: ${{ secrets.DOCKERHUB_USERNAME }}
cache: ${{ secrets.ATTIC_CACHE }} password: ${{ secrets.DOCKERHUB_TOKEN }}
token: ${{ secrets.ATTIC_TOKEN }} - name: Install Nix
skip-push: "true" uses: cachix/install-nix-action@v24
- name: Get pre-snapshot of evaluations with:
extra_nix_config: |
experimental-features = nix-command flakes
install_url: https://releases.nixos.org/nix/nix-2.19.0/install
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Calculate pre-drv
run: nix ./utils/eval-to-drv.sh pre run: nix ./utils/eval-to-drv.sh pre
- name: Update flake.lock - name: Pull latest docker images
id: update run: nix ./utils/fetch-docker.sh
run: | - name: Update flake.lock (part 1)
nix flake update 2> >(tee /dev/stderr) | awk ' run: nix flake update
/^• Updated input/ {in_update = 1; print; next} - name: Calculate post-drv
in_update && !/^warning:/ {print}
/^$/ {in_update = 0}
' > update.log
echo "UPDATE_LOG<<EOF" >> $GITHUB_ENV
cat update.log >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
rm update.log
- name: Get post-snapshot of evaluations
run: nix ./utils/eval-to-drv.sh post run: nix ./utils/eval-to-drv.sh post
- name: Calculate diff - name: Calculate diff
run: nix ./utils/diff-evals.sh run: nix ./utils/diff-evals.sh
- name: Read file contents - name: Read diff into environment
id: read_file
uses: guibranco/github-file-reader-action-v2@latest
with:
path: "post-diff"
- name: Write PR body template
uses: https://github.com/DamianReeves/write-file-action@v1.3
with:
path: pr_body.template
contents: |
- The following Nix Flake inputs were updated:
```
${{ env.UPDATE_LOG }}
```
```
${{ steps.read_file.outputs.contents }}
```
Auto-generated by [update.yml][1] with the help of
[create-pull-request][2].
[1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml
[2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
- name: Generate PR body
uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0
with:
files: "pr_body.template"
output-filename: "pr_body.md"
- name: Save PR body
id: pr_body
uses: juliangruber/read-file-action@v1
with:
path: "pr_body.md"
- name: Remove temporary files
run: | run: |
rm pr_body.template delimiter="$(openssl rand -hex 8)"
rm pr_body.md {
rm pre.json echo "POSTDIFF<<${delimiter}"
rm post.json cat post-diff
rm post-diff echo "${delimiter}"
- name: Create Pull Request } >> $GITHUB_ENV
id: create-pull-request
# uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@7174d368c2e4450dea17b297819eb28ae93ee645
uses: https://nayeonie.com/ahuston-0/create-pull-request@main - name: Restore flake.lock for next step
run: git restore flake.lock
- name: Update flake.lock
id: update
uses: DeterminateSystems/update-flake-lock@main
with: with:
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
body: ${{ steps.pr_body.outputs.content }} pr-body: |
author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>' Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
title: 'automated: Update `flake.lock`'
commit-message: |
automated: Update `flake.lock`
${{ steps.pr_body.outputs.content }} ```
branch: update-flake-lock {{ env.GIT_COMMIT_MESSAGE }}
delete-branch: true ```
```
{{ env.POSTDIFF }}
```
pr-labels: | # Labels to be set on the PR pr-labels: | # Labels to be set on the PR
dependencies dependencies
automated automated
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true
- name: Print PR number
run: |
echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
permissions: permissions:
pull-requests: write pull-requests: write
contents: write contents: write

1
.github/workflows/lock-health-checks.yml vendored
View File

@@ -5,6 +5,7 @@ on:
pull_request: pull_request:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
jobs: jobs:
health-check: health-check:
name: "Check health of `flake.lock`" name: "Check health of `flake.lock`"

12
.github/workflows/nix-fmt.yml vendored
View File

@@ -5,21 +5,13 @@ on:
pull_request: pull_request:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
jobs: jobs:
health-check: health-check:
name: "Perform Nix format checks" name: "Perform Nix format checks"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache - uses: DeterminateSystems/magic-nix-cache-action@main
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix fmt -- --check . - run: nix fmt -- --check .
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true

53
.sops.yaml
View File

@@ -1,46 +1,85 @@
keys: keys:
# The PGP keys in keys/ # The PGP keys in keys/
- &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330 - &admin_alice F63832C3080D6E1AC77EECF80B4245FFE305BC82
- &admin_richie 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
# Generate AGE keys from SSH keys with: # Generate AGE keys from SSH keys with:
# ssh-keygen -A # ssh-keygen -A
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
# cspell:disable # cspell:disable
- &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
- &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc - &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
#- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej - &bob age13jg97cvy63fzd2ccthcwvfyyxzw5vmwun8s0afq5l4xm0mhl6pjqhne063
- &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - &jeeves age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
- &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- &rhapsody-in-green age1c7adjulcrma0m7l5ur8efxdjzyskrqcwssfkt77a9rmma7gzss5q02pgmy
# cspell:enable # cspell:enable
admins: &admins
- *admin_alice
- *admin_richie
servers: &servers servers: &servers
- *jeeves
- *jeeves-jr
- *palatine-hill - *palatine-hill
# add new users by executing: sops users/<user>/secrets.yaml # add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below # then have someone already in the repo run the below
# #
# update keys by executing: sops updatekeys secrets.yaml # update keys by executing: sops updatekeys secrets.yaml
# note: add .* before \.yaml if you'd like to use the mergetool config # note: add .* before \.yaml if you'd like to use the mergetool config
creation_rules: creation_rules:
- path_regex: systems/jeeves/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *jeeves
- path_regex: systems/jeeves-jr/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *jeeves-jr
- path_regex: users/alice/secrets.*\.yaml$ - path_regex: users/alice/secrets.*\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *palatine-hill - *palatine-hill
- *jeeves
- *jeeves-jr
- *artemision - *artemision
- *artemision-home - *artemision-home
- path_regex: systems/palatine-hill/secrets.*\.yaml$ - path_regex: systems/palatine-hill/secrets.*\.yaml$
key_groups: key_groups:
- pgp: - pgp: *admins
- *admin_alice
age: age:
- *palatine-hill - *palatine-hill
- path_regex: systems/palatine-hill/keys/zfs-.*-key$
key_groups:
- pgp: *admins
age:
- *palatine-hill
- path_regex: systems/artemision/secrets.*\.yaml$ - path_regex: systems/artemision/secrets.*\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *artemision - *artemision
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$
- path_regex: users/richie/secrets\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_richie
age: age:
- *palatine-hill - *palatine-hill
- *jeeves
- *jeeves-jr
- *rhapsody-in-green
- *bob

4
.vscode/settings.json vendored
View File

@@ -1,7 +1,5 @@
{ {
"cSpell.enableFiletypes": [ "cSpell.enableFiletypes": ["nix"],
"nix"
],
"cSpell.words": [ "cSpell.words": [
"aarch", "aarch",
"abmlevel", "abmlevel",

12
docs/CONTRIBUTING.md
View File

@@ -40,12 +40,12 @@ and will eventually trip a check when merging to main.
| Branch Name | Use Case | | Branch Name | Use Case |
|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| main | protected branch which all machines pull from, do not try to push directly | | main | protected branch which all machines pull from, do not try to push directly |
| feature/\<item> | \<item> is a new feature added to the repo, for personal or common use | | feature/\<item\> | \<item\> is a new feature added to the repo, for personal or common use |
| fixup/\<item> | \<item> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical | | fixup/\<item\> | \<item\> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical |
| hotfix/\<item> | \<item> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process | | hotfix/\<item\> | \<item\> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process |
| urgent/\<item> | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues | | urgent/\<item\> | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues |
| exp/\<item> | \<item> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches | | exp/\<item\> | \<item\> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches |
| merge/\<item> | \<item> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch | | merge/\<item\> | \<item\> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch |
### Review Process ### Review Process

2
docs/sample-setup.sh
View File

@@ -54,6 +54,8 @@ if [ $PROCEED != "Y" ]; then
lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
fi fi
if [ $CREATEPARTS = "Y" ]; then if [ $CREATEPARTS = "Y" ]; then
# Create partition table # Create partition table
sudo parted "/dev/$DRIVE" -- mklabel gpt sudo parted "/dev/$DRIVE" -- mklabel gpt

616
flake.lock generated
View File

@@ -1,69 +1,53 @@
{ {
"nodes": { "nodes": {
"base16": { "attic": {
"inputs": { "inputs": {
"fromYaml": "fromYaml" "crane": "crane",
"flake-compat": [
"flake-compat"
],
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
]
}, },
"locked": { "locked": {
"lastModified": 1732200724, "lastModified": 1722472866,
"narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=", "narHash": "sha256-GJIz4M5HDB948Ex/8cPvbkrNzl/eKUE7/c21JBu4lb8=",
"owner": "SenchoPens", "owner": "zhaofengli",
"repo": "base16.nix", "repo": "attic",
"rev": "153d52373b0fb2d343592871009a286ec8837aec", "rev": "e127acbf9a71ebc0c26bc8e28346822e0a6e16ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "SenchoPens", "owner": "zhaofengli",
"repo": "base16.nix", "repo": "attic",
"type": "github" "type": "github"
} }
}, },
"base16-fish": { "crane": {
"flake": false, "inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1622559957, "lastModified": 1717025063,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", "narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=",
"owner": "tomyun", "owner": "ipetkov",
"repo": "base16-fish", "repo": "crane",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", "rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tomyun", "owner": "ipetkov",
"repo": "base16-fish", "repo": "crane",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1736852337,
"narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1732806396,
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github" "type": "github"
} }
}, },
@@ -78,11 +62,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1742773104, "lastModified": 1722917006,
"narHash": "sha256-dAhrL+gEjNN5U/Sosy7IrX0Y0qPA0U7Gp9TBhqEliNU=", "narHash": "sha256-29qBs5HlcegrLP8oQe8T9hHx7u94TEz9ivPwZlorAJU=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "d74460da63a8c08a69a1f143b04f2ab1a6b2f5c2", "rev": "8552abe55a4f364d94efb84502a550c2c9c3101c",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -92,30 +76,14 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1741628778,
"narHash": "sha256-RsvHGNTmO2e/eVfgYK7g+eYEdwwh7SbZa+gZkT24MEA=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "5a81d390bb64afd4e81221749ec4bffcbeb5fa80",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1696426674,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 69, "revCount": 57,
"type": "tarball", "type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -127,33 +95,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1741352980, "lastModified": 1722555600,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -169,11 +115,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1710146030,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -182,69 +128,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": [
"stylix",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1731966426,
"narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "106af9e2f715e2d828df706c386a685698f3223b",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"stylix",
"flake-compat"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741379162,
"narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -266,45 +149,6 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_2": {
"inputs": {
"nixpkgs": [
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1732369855,
"narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "dadd58f630eeea41d645ee225a63f719390829dc",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "47.2",
"repo": "gnome-shell",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -312,11 +156,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742957044, "lastModified": 1722936497,
"narHash": "sha256-gwW0tBIA77g6qq45y220drTy0DmThF3fJMwVFUtYV9c=", "narHash": "sha256-UBst8PkhY0kqTgdKiR8MtTBt4c1XmjJoOV11efjsC/o=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "ce287a5cd3ef78203bc78021447f937a988d9f6f", "rev": "a6c743980e23f4cef6c2a377f9ffab506568413a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -325,29 +169,6 @@
"type": "github" "type": "github"
} }
}, },
"hydra": {
"inputs": {
"nix": "nix",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1740884653,
"narHash": "sha256-L0eN/hFRH1JSDvmuBOXBfETU07WckA7b3UFxHRVdp3M=",
"owner": "fx-chun",
"repo": "hydra",
"rev": "99e3ad325cb829ff10a024659fd1b62316c06a1f",
"type": "github"
},
"original": {
"owner": "fx-chun",
"ref": "add-gitea-pulls",
"repo": "hydra",
"type": "github"
}
},
"hyprland-contrib": { "hyprland-contrib": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -355,11 +176,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742213523, "lastModified": 1722636442,
"narHash": "sha256-I8JVdQRu8eWvY5W8XWYZkdd5pojDHkxeqQV7mMIsbhs=", "narHash": "sha256-+7IS0n3/F0I5j6ZbrVlLcIIPHY3o+/vLAqg/G48sG+w=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "bd81329944be53b0ffb99e05864804b95f1d7c65", "rev": "9d67858b437d4a1299be496d371b66fc0d3e01f6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -368,56 +189,25 @@
"type": "github" "type": "github"
} }
}, },
"nix": { "nix-github-actions": {
"inputs": { "inputs": {
"flake-compat": [
"hydra"
],
"flake-parts": [
"hydra"
],
"git-hooks-nix": [
"hydra"
],
"nixpkgs": [ "nixpkgs": [
"hydra", "system_tools",
"poetry2nix",
"nixpkgs" "nixpkgs"
],
"nixpkgs-23-11": [
"hydra"
],
"nixpkgs-regression": [
"hydra"
] ]
}, },
"locked": { "locked": {
"lastModified": 1742919147, "lastModified": 1703863825,
"narHash": "sha256-I6Oekogi6tkSrtyAbBMzjx9iKi4x0o21fdOQqVf49Qc=", "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
"owner": "NixOS",
"repo": "nix",
"rev": "ceec04f1e24ca34deaca26e7c9d8cd90ba38f81c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.26-maintenance",
"repo": "nix",
"type": "github"
}
},
"nix-eval-jobs": {
"flake": false,
"locked": {
"lastModified": 1739500569,
"narHash": "sha256-3wIReAqdTALv39gkWXLMZQvHyBOc3yPkWT2ZsItxedY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-eval-jobs", "repo": "nix-github-actions",
"rev": "4b392b284877d203ae262e16af269f702df036bc", "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-eval-jobs", "repo": "nix-github-actions",
"type": "github" "type": "github"
} }
}, },
@@ -428,11 +218,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742701275, "lastModified": 1722740924,
"narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=", "narHash": "sha256-UQPgA5d8azLZuDHZMPmvDszhuKF1Ek89SrTRtqsQ4Ss=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6", "rev": "97ca0a0fca0391de835f57e44f369a283e37890f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -443,11 +233,11 @@
}, },
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1736643958, "lastModified": 1722732880,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -464,11 +254,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742568034, "lastModified": 1722819251,
"narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "narHash": "sha256-f99it92NQSZsrZ8AYbiwAUfrtb/ZpZRqUsl4q6rMA5s=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "rev": "c8c3a20b8191819219dba1af79388aa6d555f634",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -479,11 +269,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1742806253, "lastModified": 1722332872,
"narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=", "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726", "rev": "14c333162ba53c02853add87a0000cbd7aa230c2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -499,14 +289,15 @@
], ],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"search": "search"
}, },
"locked": { "locked": {
"lastModified": 1742933600, "lastModified": 1722894082,
"narHash": "sha256-CkFIV8hyXq6q6p4rksQtlFoNyrtwXyUrY7ilCyDgEmo=", "narHash": "sha256-TEJNZ/8er454mMv+YyLjWpz3yTPuSi6Nq+Tg0N8E80M=",
"owner": "SuperSandro2000", "owner": "SuperSandro2000",
"repo": "nixos-modules", "repo": "nixos-modules",
"rev": "6d1da83b2352ae4c72960b10154290434f5bd779", "rev": "b871b68e76b092dfbc6fad38a8ebea99893be498",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -517,71 +308,73 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1742919349, "lastModified": 1722813957,
"narHash": "sha256-V3jQhu3s48mgGClvKkWhYM1+cSTFGFm4ztDkK7S69JY=", "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6ea2759c633a3e25f3b4e2f52fb6bf9d6a01c532", "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-unstable-small", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1740877520, "lastModified": 1722555339,
"narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"owner": "nix-community", "type": "tarball",
"repo": "nixpkgs.lib", "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
"rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
"type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "type": "tarball",
"repo": "nixpkgs.lib", "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
"type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1742751704, "lastModified": 1722869614,
"narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", "rev": "883180e6550c1723395a3a342f830bfc5c371f6b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-24.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nur": { "poetry2nix": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-utils": [
"system_tools",
"flake-utils"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [ "nixpkgs": [
"stylix", "system_tools",
"nixpkgs" "nixpkgs"
], ],
"systems": "systems",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1741693509, "lastModified": 1723343306,
"narHash": "sha256-emkxnsZstiJWmGACimyAYqIKz2Qz5We5h1oBVDyQjLw=", "narHash": "sha256-/6sRkPq7/5weX2y0V8sQ29Sz35nt8kyj+BsFtkhgbJE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "poetry2nix",
"rev": "5479646b2574837f1899da78bdf9a48b75a9fb27", "rev": "4a1c112ff0c67f496573dc345bd0b2247818fc29",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "poetry2nix",
"type": "github" "type": "github"
} }
}, },
@@ -593,14 +386,17 @@
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
] ]
}, },
"locked": { "locked": {
"lastModified": 1742649964, "lastModified": 1722857853,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -611,12 +407,12 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"attic": "attic",
"firefox-addons": "firefox-addons", "firefox-addons": "firefox-addons",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"hydra": "hydra",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
@@ -627,7 +423,7 @@
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"rust-overlay": "rust-overlay", "rust-overlay": "rust-overlay",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"stylix": "stylix", "system_tools": "system_tools",
"systems": "systems_2", "systems": "systems_2",
"wired-notify": "wired-notify" "wired-notify": "wired-notify"
} }
@@ -639,11 +435,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742956365, "lastModified": 1722910815,
"narHash": "sha256-Slrqmt6kJ/M7Z/ce4ebQWsz2aeEodrX56CsupOEPoz0=", "narHash": "sha256-v6Vk/xlABhw2QzOa6xh3Jx/IvmlbKbOazFM+bDFQlWU=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "a0e3395c63cdbc9c1ec17915f8328c077c79c4a1", "rev": "7df2ac544c203d21b63aac23bfaec7f9b919a733",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -652,18 +448,46 @@
"type": "github" "type": "github"
} }
}, },
"search": {
"inputs": {
"flake-utils": [
"nixos-modules",
"flake-utils"
],
"nixpkgs": [
"nixos-modules",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722493084,
"narHash": "sha256-ktjl908zZKWcGdMyz6kX1kHSg7LFFGPYBvTi9FgQleM=",
"owner": "nuschtos",
"repo": "search",
"rev": "3f5abffa5f28b4ac3c9212c81c5e8d2d22876071",
"type": "github"
},
"original": {
"owner": "nuschtos",
"repo": "search",
"type": "github"
}
},
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
] ]
}, },
"locked": { "locked": {
"lastModified": 1742700801, "lastModified": 1722897572,
"narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", "narHash": "sha256-3m/iyyjCdRBF8xyehf59QlckIcmShyTesymSb+N4Ap4=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", "rev": "8ae477955dfd9cbf5fa4eb82a8db8ddbb94e79d9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -672,44 +496,27 @@
"type": "github" "type": "github"
} }
}, },
"stylix": { "system_tools": {
"inputs": { "inputs": {
"base16": "base16", "flake-utils": [
"base16-fish": "base16-fish", "flake-utils"
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": [
"flake-compat"
],
"flake-utils": "flake-utils_2",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
"home-manager": [
"home-manager"
], ],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nur": "nur", "poetry2nix": "poetry2nix"
"systems": "systems",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1742926290, "lastModified": 1723392261,
"narHash": "sha256-63joFDrDekkI8papsDPwObKCCYSZ7t/1t94M398BxLY=", "narHash": "sha256-Csa4yuYWcB3aLf7VP14v+Mp0lRzOOCCt9BdmAeeQcYU=",
"owner": "danth", "owner": "RAD-Development",
"repo": "stylix", "repo": "system_tools",
"rev": "61a5f77f2202f3a79797089752713e16b1ab5b10", "rev": "51bcc923b2b3cfb832b05687a01805c5a905b0c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "danth", "owner": "RAD-Development",
"repo": "stylix", "repo": "system_tools",
"type": "github" "type": "github"
} }
}, },
@@ -723,9 +530,8 @@
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "id": "systems",
"repo": "default", "type": "indirect"
"type": "github"
} }
}, },
"systems_2": { "systems_2": {
@@ -743,102 +549,20 @@
"type": "github" "type": "github"
} }
}, },
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1716423189,
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1741468895,
"narHash": "sha256-YKM1RJbL68Yp2vESBqeZQBjTETXo8mCTTzLZyckCfZk=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "47c8c7726e98069cade5827e5fb2bfee02ce6991",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1740877430,
"narHash": "sha256-zWcCXgdC4/owfH/eEXx26y5BLzTrefjtSLFHWVD5KxU=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "d48ee86394cbe45b112ba23ab63e33656090edb4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1725758778,
"narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "122c9e5c0e6f27211361a04fae92df97940eccf9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github"
}
},
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"stylix", "system_tools",
"nur", "poetry2nix",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1733222881, "lastModified": 1719749022,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53", "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -860,11 +584,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730615238, "lastModified": 1721535277,
"narHash": "sha256-u/ZGtyEUvAkFOBgLo2YldOx0GKjE3/esWpWruRD376E=", "narHash": "sha256-A6qIy2n3aomj5XooUmqz0s3G/A44Y3+GoFrGxIOolIM=",
"owner": "Toqozz", "owner": "Toqozz",
"repo": "wired-notify", "repo": "wired-notify",
"rev": "1632418aa15889343028261663e81d8b5595860e", "rev": "d079126c43f22179650f3d4c59f580c5993b9217",
"type": "github" "type": "github"
}, },
"original": { "original": {

58
flake.nix
View File

@@ -1,21 +1,22 @@
{ {
description = "NixOS configuration for my machines"; description = "NixOS configuration for RAD-Development Servers";
nixConfig = { nixConfig = {
substituters = [ substituters = [
"https://cache.nixos.org/?priority=1&want-mass-query=true" "https://cache.nixos.org/?priority=1&want-mass-query=true"
"https://attic.alicehuston.xyz/cache-nix-dot?priority=4&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
"https://attic.nayeonie.com/nix-cache"
]; ];
trusted-substituters = [ trusted-substituters = [
"https://cache.nixos.org" "https://cache.nixos.org"
"https://attic.alicehuston.xyz/cache-nix-dot"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://attic.nayeonie.com/nix-cache"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"cache.alicehuston.xyz:SJAm8HJVTWUjwcTTLAoi/5E1gUOJ0GWum2suPPv7CUo=%"
"cache-nix-dot:Od9KN34LXc6Lu7y1ozzV1kIXZa8coClozgth/SYE7dU="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-cache:trR+y5nwpQHR4hystoogubFmp97cewkjWeqqbygRQRs="
]; ];
trusted-users = [ "root" ]; trusted-users = [ "root" ];
}; };
@@ -24,21 +25,19 @@
flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
#nixpkgs.url = "github:nuschtos/nuschtpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
#nixpkgs.url = "github:nixos/nixpkgs/1d2fe0135f360c970aee1d57a53f816f3c9bddae?narHash=sha256-Up7YlXIupmT7fEtC4Oj676M91INg0HAoamiswAsA3rc%3D";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
# attic = { attic = {
# url = "github:zhaofengli/attic"; url = "github:zhaofengli/attic";
# inputs = { inputs = {
# nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
# nixpkgs-stable.follows = "nixpkgs-stable"; nixpkgs-stable.follows = "nixpkgs-stable";
# flake-compat.follows = "flake-compat"; flake-compat.follows = "flake-compat";
# flake-parts.follows = "flake-parts"; flake-utils.follows = "flake-utils";
# }; };
# }; };
firefox-addons = { firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
@@ -58,13 +57,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hydra = {
url = "github:fx-chun/hydra/add-gitea-pulls";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
hyprland-contrib = { hyprland-contrib = {
url = "github:hyprwm/contrib"; url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -92,6 +84,7 @@
url = "github:cachix/git-hooks.nix"; url = "github:cachix/git-hooks.nix";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
flake-compat.follows = "flake-compat"; flake-compat.follows = "flake-compat";
}; };
}; };
@@ -107,15 +100,15 @@
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
}; };
}; };
stylix = { system_tools = {
url = "github:danth/stylix"; url = "github:RAD-Development/system_tools";
inputs = { inputs = {
flake-compat.follows = "flake-compat";
home-manager.follows = "home-manager";
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
}; };
}; };
@@ -157,22 +150,17 @@
rec { rec {
inherit lib; # for allowing use of custom functions in nix repl inherit lib; # for allowing use of custom functions in nix repl
#hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; }; hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
nixosConfigurations = genSystems inputs outputs src (src + "/systems"); nixosConfigurations = genSystems inputs src (src + "/systems");
images = { images = {
install-iso = getImages nixosConfigurations "install-iso"; install-iso = getImages nixosConfigurations "install-iso";
iso = getImages nixosConfigurations "iso"; iso = getImages nixosConfigurations "iso";
qcow = getImages nixosConfigurations "qcow"; qcow = getImages nixosConfigurations "qcow";
}; };
packages.x86_64-linux.lego-latest =
nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/lego-latest/default.nix
{ };
checks = import ./checks.nix { inherit inputs forEachSystem formatter; }; checks = import ./checks.nix { inherit inputs forEachSystem formatter; };
devShells = import ./shell.nix { inherit inputs forEachSystem checks; }; devShells = import ./shell.nix { inherit inputs forEachSystem checks; };
}; };
} }

39
hydra/jobsets.nix
View File

@@ -1,4 +1,4 @@
{ pulls, ... }: { pulls, branches, ... }:
let let
# create the json spec for the jobset # create the json spec for the jobset
makeSpec = makeSpec =
@@ -18,7 +18,8 @@ let
}; };
prs = readJSONFile pulls; prs = readJSONFile pulls;
# refs = readJSONFile branches; refs = readJSONFile branches;
repo = "RAD-Development/nix-dotfiles";
# template for creating a job # template for creating a job
makeJob = makeJob =
@@ -43,27 +44,27 @@ let
emailoverride = ""; emailoverride = "";
}; };
# # Create a hydra job for a branch # Create a hydra job for a branch
# jobOfRef = jobOfRef =
# name: name:
# { ref, ... }: { ref, ... }:
# if ((builtins.match "^refs/heads/(.*)$" ref) == null) then if ((builtins.match "^refs/heads/(.*)$" ref) == null) then
# null null
# else else
# { {
# name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}"; name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}";
# value = makeJob { value = makeJob {
# description = "Branch ${name}"; description = "Branch ${name}";
# flake = "git+ssh://git@github.com/${repo}?ref=${ref}"; flake = "git+ssh://git@github.com/${repo}?ref=${ref}";
# }; };
# }; };
# Create a hydra job for a PR # Create a hydra job for a PR
jobOfPR = id: info: { jobOfPR = id: info: {
name = if info.draft then "draft-${id}" else "pr-${id}"; name = if info.draft then "draft-${id}" else "pr-${id}";
value = makeJob { value = makeJob {
description = "PR ${id}: ${info.title}"; description = "PR ${id}: ${info.title}";
flake = "git+ssh://gitea@nayeonie.com:2222/${info.head.repo.full_name}?ref=${info.head.ref}"; flake = "git+ssh://git@github.com/${info.head.repo.full_name}?ref=${info.head.ref}";
}; };
}; };
@@ -73,12 +74,12 @@ let
# wrapper function for reading json from file # wrapper function for reading json from file
readJSONFile = f: builtins.fromJSON (builtins.readFile f); readJSONFile = f: builtins.fromJSON (builtins.readFile f);
# remove null values from a set, in-case of branches that don't exist # remove null values from a set, in-case of branches that don't exist
# mapFilter = f: l: builtins.filter (x: (x != null)) (map f l); mapFilter = f: l: builtins.filter (x: (x != null)) (map f l);
# Create job set from PRs and branches # Create job set from PRs and branches
jobs = makeSpec ( jobs = makeSpec (
builtins.listToAttrs (map ({ name, value }: jobOfPR name value) (attrsToList prs)) builtins.listToAttrs (map ({ name, value }: jobOfPR name value) (attrsToList prs))
# // builtins.listToAttrs (mapFilter ({ name, value }: jobOfRef name value) (attrsToList refs)) // builtins.listToAttrs (mapFilter ({ name, value }: jobOfRef name value) (attrsToList refs))
); );
in in
{ {

13
hydra/spec.json
View File

@@ -1,7 +1,7 @@
{ {
"enabled": 1, "enabled": 1,
"hidden": false, "hidden": false,
"description": "ahuston-0's personal server infra", "description": "RAD Development infrastructure",
"nixexprinput": "nixexpr", "nixexprinput": "nixexpr",
"nixexprpath": "hydra/jobsets.nix", "nixexprpath": "hydra/jobsets.nix",
"checkinterval": 60, "checkinterval": 60,
@@ -12,7 +12,7 @@
"type": 0, "type": 0,
"inputs": { "inputs": {
"nixexpr": { "nixexpr": {
"value": "ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git main", "value": "https://github.com/RAD-Development/nix-dotfiles main",
"type": "git", "type": "git",
"emailresponsible": false "emailresponsible": false
}, },
@@ -22,8 +22,13 @@
"emailresponsible": false "emailresponsible": false
}, },
"pulls": { "pulls": {
"type": "giteapulls", "type": "githubpulls",
"value": "nayeonie.com ahuston-0 nix-dotfiles https", "value": "RAD-Development nix-dotfiles",
"emailresponsible": false
},
"branches": {
"type": "github_refs",
"value": "RAD-Development nix-dotfiles heads -",
"emailresponsible": false "emailresponsible": false
} }
} }

67
keys/richie.asc Normal file
View File

@@ -0,0 +1,67 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGQ4gGgBEAC2s0Q4nQ5aTlpTg4u/Hl9gq56IAGoUW9wlgEoStHXyA1WziY2s
1pt45l4Q6kORswXoXv0ULTWBQAGponjY3l+HNm+B0XMr6EogjV/EP/UCyEi8zpqs
PaoJiB95s8rTsh+E7GzWR8KDhazOrGFY+QQOsTWEhLF8jkISd9aC05pf+WnKyxLC
wFjNFXRWUgPKyKPWIUd3SJP2IH6rSSkp7SMCAUiteQx2c43thnr4c/wcfGANKbFO
PhYrkTJKSqt38NoFtNB/Eo/MaVwdEnTMmeovF9sA2s0SLat8+FngSEcIXvL5UpA4
K73+lOQUROWFju7LrIyOhksSZXyQvP+64PxfpbtHadH6wQ4Ckz0GYIYnDQ1q66dh
OKQq9efIlxb7ky47qXRMY8u6d2d4bceLM4a24lYajZ70HZTEF4hy5KCMd8DAmAzU
WLCkaz6SQVDsme60jH3Mavd18B8HZ1d5Vi75hNaylMRtq7o6IA60NnVXh07U+Zto
n8QOze0JqO/GaM7FzfijfsW670j//FSu5wUGnBYprBz7SFh2nCy/XPZYThtHtPbI
YeESs8WZtqkfs4RpmMkOKcTLNiTFXIsCqHIhR8lDnJl+skEMxg7L8FF2txph4ssU
BZ6dAbFy8KsH+2Sr2qfK0yHOVs37ymv+/WaxC0d+QpLAupRhzL+s2kIYGQARAQAB
tB9SaWNoaWUgPFJpY2hpZUB0bW13b3Jrc2hvcC5jb20+iQJOBBMBCAA4FiEEKfUB
fJXZ5gsbHoQHBysOC4MS3+MFAmQ4gGgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
F4AACgkQBysOC4MS3+PnKA//YUDZbuaas5MIWRqZsh02GEXVX4n727JP4iqZU4R0
Cndq7KCl+8XJ9RqmpRZab1FhEj/DQZYisKvloMvBop4q1XLLkabaQF5NsbDvIQG6
5TgbeSUmVWP6JS4Ka05FKIEwjKFS6ogbd1tscVs50zFWW+veewWMwwQF1mw+N5wx
LsnHRDIBPOj8Z+p07fyYlP2RMtqdjUqHOtDBiAvbFaXd1huEHd6H2bhnVLaxsJUf
EEGu92ND0GgW2tDrJIL+bNhZfsnHZEZPyruLZXcwW0JIyLf+sgob/iY0duDH1JDS
ty5tS3ke9O3Q56mPogHP7jlMwtVHzQQPlviVtNvYhRamb5hUDc9Qu9uXNM0HOWdg
MI5KE1xbdjz1OmymakfcfbVcSz1vu3k4XpqChiKt+psw8BnHGcguPchetkroCJcM
OLwnCoKH3TFxZfaZQGPDhHCGU484Nj1M/wHo9RcoWtrPWz+Y7W0U+47EdmGM1Vpl
9hIoXqjEWENz6Ph5DD0vxMptQPrRfmtLiJsWxAJRS9MH+ZWXxjJ2byKXiEHdR7la
Xgj8ejtzaZB04Ow9+zptFH6nwTygGGodcRkYYFtYSS7C46aihvMRLj68uHB2yC2b
zYutMtU6eregDaWiAeGycZcanGnU36JDifjaCF84oty6a3EpfdGCc9KkHk1Is+sR
TVe5Ag0EZDiAaAEQANy3ekveJexjqdhWmGjqF1rp90uWYJeVwg0Dlc621SNEzrfu
suC1BEHC2xdZz85yPbfdUPThAn/AmaMYlNIvzXmsGJdfIIsL7ZT+K6K+9ClbFhR8
eIZZjhpSOMwLEfNroyZPcOwEua9bSr3mwU+i2ED+dCKcxG4/wAtmeK2PNOz0t0/F
umLHW9Zk8YZBVSq7sGZ77TBi7GHOVzR/3wWy0qXgVMSQXtmOoDCmd1B1pD/BOkBA
2iI4spRLiDPW3XVDeAGydYPPEIXtFax7ZCs4BhjT4witJ2110fddrAh6e48yU4Hn
ca5F+QD6hVvUgHmdM/9GMqYf2mMC8tqNQf33Ib148zIhtQN5OtDz/sce5Xj8rk0j
HUuZ3E0jViK72ZRnZD46CyIc99ZcLCAhsHZDaMTEDfWX8ToQzA+Ahyth0RMykwhX
6NPKvOw2VqRK+j6iyYvtDXLmcsR890dzHDJLfrJWCJ0scpeWFvlLkVhQaT3NEqEK
oUENBFf8zxfTQ7BksyV2ESTwu5xqfYeJ1g1FoTfL30+/W0003K7hoPQuU3ebj3wY
3mMrG0hgo0iM9wHk83WWt+fDYj09yptGWAgBQNOpRR/0EbwEd74C3UxZQtUmxwPz
YW2g1GWyEgtA76UJ00TuQHBGklcKtY0IbHKwjn7NwHbYWu67R7Le3+cj3LOVABEB
AAGJAjYEGAEIACAWIQQp9QF8ldnmCxsehAcHKw4LgxLf4wUCZDiAaAIbDAAKCRAH
Kw4LgxLf462sEACDweQr1ik35sbw3qlPn3b/d2UYBK+r8G3Pk1RhNra2rFtkRY8Y
rEAlFeYOCBplsyg8swIClPjKpqIEehMV4X2E0N6WpyPzuOgNP4OPAmJngUYM9uxr
kcVhYubgp2Hcxk5TkbvHIc31P5ItCl7UUYC3bXf32K5GVeOAxsZBS6elwdxlFteY
WKjkwoZklPPfce4ctG/phy8dnn+pFMFnyisFFp81R2P+ztdSDLm/U27d8g9cjcWK
mhZtGox4zf7250p+gIUnlnBdtXIWBaUFidha5qql0/iSsMrhu2m12XaLc5HiubYY
RNIHcCRitG0Qc/pWVjZAD/bqOTl4/M1AeN7qZ/8Y1II1tCdBZ1MGinKS/3aGjTn5
RzvYrQeP7YTInyah7MpUTYoxI+VHHeD7hTy/y0GPZBtZ24B/s3ICuMemejILeI8M
aHj8FmBSXJ3dD8195QyONuQB5hNB3qGhc995KsDK3leCwJc3+MFLZPaEZnB+f+uo
+pdngVsKH2IAVOtJN+QULmuEFmiEGRAghJwxfA4M92Bn0jSa9KMyTsM41b3zdSVU
ipnn9FVX7RemSdF/z2SXAczwMLwVjai4j8b/U9O3oc0wrDF4QgrKKKIESlID/0Jf
QLwhRYHy03r2yENO9lEeTBaSF94HsN1UjrZtzpGx6QTGBohA2RrztXkosLgzBGWP
FicWCSsGAQQB2kcPAQEHQBlJ0lXDQnpcV7nR/MWPifi0WVTDPe0njjVIHNq/Z/xI
iQKtBBgBCAAgFiEEKfUBfJXZ5gsbHoQHBysOC4MS3+MFAmWPFicCGwIAgQkQBysO
C4MS3+N2IAQZFgoAHRYhBAA/2xaaamErUuSen5+R1096JyceBQJljxYnAAoJEJ+R
1096Jycejy0A/2BmBatOihlxnO1G0U5qy3eiFkzmYKhm9WEW+w461hjuAP40cTMS
xgnpUzUrsEs6+3Om7TLAa0VAqYLjA8NTVJs6AiPGEACuGgYn4uBzeXGLgHHUmLsY
25rOajs/zAZnQkMz1epMKJDZ658cIDKyjJ6mLkkBwHwARrMhb38AEphXgyuAtHMN
mEPRzABZutleW33KCk6zzVLyYVFBDWEI7hIFdNfJcJjXsDX0oGKB/oT5vlU25YgN
cBAC7q9PGfq/XkeFOz9j3UOXMuzTKmtrX28IiSPqk+IkzeL35otzrG1wsUPLDLRS
nlmwtnP4oQ50cUvTiDesk3QqPQn+2wPYakMydq7bvUcv/jakCADJq8Lsg4AmUxpQ
bZNj2Zu/j8g+0KYUTriuQpZHf+mjVoNzwxiDKobMvKNzyNrZwMnZhAcDnCXSHpZL
KnBcQGpsOjZicA9HodVRdU80DM46MSsncxAN+jwdHUOtCtONP059kF8JegwyevFS
1hY/6ZTMETtKckWbs2gMTEK48SXF3EQ2jMq8lbD9SccuEi6R19R5qiLwQBgUHawT
PcirlASclpR2zjLH1/MovxMFykCUUaQgGH0TjCe5X95Y7QdVgw6ocHkSFUsLN8V1
L3UfOIobFFW6EuRg5urKpljoi20dYsAyorqye9q825RyuWa5oLDtqXshCuOzLy6O
BgnM2FIvUpxAFmlXlC9eG8bUChfqEakio68Iwl6LUQouDR9gprWcookZV716YBVC
/IKQxyKTQK+nas4pfaUhYw==
=in5n
-----END PGP PUBLIC KEY BLOCK-----

43
lib/container-utils.nix
View File

@@ -1,43 +0,0 @@
{ lib, ... }:
{
# Given a attrset of images and a function which generates an image spec,
# generates a set of containers (although this could in theory be used for
# other things... I'd like to see people try)
#
# container set must be in the below format
# { container-name = {image = "image-uri"; scale = n;}; }
# where image-uri gets passed in to the container-spec function as a custom
# parameter, and scale is an integer that generates the containers
#
# container-spec must be a function which accepts two parameter (the
# container name and image name) and ideally returns an oci-compliant
# container.
#
# args:
# containers: an AttrSet which specifies the imageUri and scale of each
# container
# container-spec: a function which produces an oci-compliant container spec
#
# type:
# AttrSet -> (String -> AttrSet -> AttrSet) -> AttrSet
createTemplatedContainers =
containers: container-spec:
builtins.listToAttrs (
lib.flatten (
lib.mapAttrsToList (
name: value:
(map (
num:
let
container-name = "${name}-${toString num}";
in
{
name = container-name;
value = container-spec container-name value.image;
}
) (lib.lists.range 1 value.scale))
) containers
)
);
}

17
lib/default.nix
View File

@@ -3,7 +3,6 @@
# create rad-dev namespace for lib # create rad-dev namespace for lib
rad-dev = rec { rad-dev = rec {
systems = import ./systems.nix { inherit lib; }; systems = import ./systems.nix { inherit lib; };
container-utils = import ./container-utils.nix { inherit lib; };
# any(), but checks if any value in the list is true # any(), but checks if any value in the list is true
# #
@@ -57,21 +56,5 @@
# type: # type:
# fileList :: Path -> String -> [Path] # fileList :: Path -> String -> [Path]
fileList = dir: map (file: dir + "/${file}") (ls dir); fileList = dir: map (file: dir + "/${file}") (ls dir);
# reduce an attribute set to a string
#
# example:
# given attrset {host1 = "palatine-hill"; host2 = "jeeves";}
# and func (host: hostname: host + " is " + hostname + ", " )
# mapAttrsToString would return 'host1 is palatine-hill, host2 is jeeves, '
#
# args:
# func: an function to apply to attrSet to turn each entry into one string
# attrSet: an attribute set to reduce
#
# type:
# mapAttrsToString :: AttrSet -> (String -> Any -> String) -> String
mapAttrsToString =
func: attrSet: (lib.foldl' (cur: next: cur + next) "" (lib.mapAttrsToList func attrSet));
}; };
} }

17
lib/systems.nix
View File

@@ -149,7 +149,6 @@ rec {
configPath, configPath,
hostname, hostname,
inputs, inputs,
outputs,
src, src,
users, users,
home ? true, home ? true,
@@ -161,12 +160,7 @@ rec {
lib.nixosSystem { lib.nixosSystem {
inherit system; inherit system;
specialArgs = { specialArgs = {
inherit inherit inputs server system;
inputs
outputs
server
system
;
}; };
modules = modules =
[ [
@@ -200,7 +194,7 @@ rec {
# type: # type:
# genSystems :: AttrSet -> Path -> Path -> AttrSet # genSystems :: AttrSet -> Path -> Path -> AttrSet
genSystems = genSystems =
inputs: outputs: src: path: inputs: src: path:
builtins.listToAttrs ( builtins.listToAttrs (
map ( map (
name: name:
@@ -211,12 +205,7 @@ rec {
inherit name; inherit name;
value = constructSystem ( value = constructSystem (
{ {
inherit inherit inputs src configPath;
inputs
outputs
src
configPath
;
hostname = name; hostname = name;
} }
// import configPath { inherit inputs; } // import configPath { inherit inputs; }

7
modules/base.nix
View File

@@ -1,7 +1,6 @@
{ {
lib, lib,
inputs, inputs,
outputs,
server, server,
system, system,
... ...
@@ -15,7 +14,7 @@
programs = { programs = {
zsh.enable = true; zsh.enable = true;
fish.enable = false; fish.enable = true;
}; };
users = { users = {
@@ -27,12 +26,10 @@
useUserPackages = true; useUserPackages = true;
sharedModules = [ inputs.sops-nix.homeManagerModules.sops ]; sharedModules = [ inputs.sops-nix.homeManagerModules.sops ];
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs outputs; inherit inputs;
machineConfig = { machineConfig = {
inherit server system; inherit server system;
}; };
}; };
}; };
networking.firewall.enable = lib.mkDefault true;
} }

2
modules/boot.nix
View File

@@ -2,7 +2,6 @@
config, config,
lib, lib,
libS, libS,
pkgs,
... ...
}: }:
@@ -35,6 +34,7 @@ in
config.boot = lib.mkIf cfg.default { config.boot = lib.mkIf cfg.default {
supportedFilesystems = [ cfg.filesystem ]; supportedFilesystems = [ cfg.filesystem ];
tmp.useTmpfs = true; tmp.useTmpfs = true;
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
kernelParams = kernelParams =
[ "nordrand" ] [ "nordrand" ]
++ lib.optional (cfg.cpuType == "amd") "kvm-amd" ++ lib.optional (cfg.cpuType == "amd") "kvm-amd"

7
modules/docker.nix
View File

@@ -7,14 +7,9 @@
extraGroups = [ "docker" ]; extraGroups = [ "docker" ];
uid = 600; uid = 600;
}; };
groups = { groups.docker-service = {
docker-service = {
gid = 600; gid = 600;
}; };
haproxy = {
gid = 99;
};
};
}; };
virtualisation.docker = { virtualisation.docker = {

2
modules/kub_net.nix
View File

@@ -6,7 +6,7 @@ in
options = { options = {
services.rad-dev.k3s-net = { services.rad-dev.k3s-net = {
enable = lib.mkOption { enable = lib.mkOption {
default = false; default = true;
example = true; example = true;
description = "Whether to enable k3s-net."; description = "Whether to enable k3s-net.";
type = lib.types.bool; type = lib.types.bool;

4
modules/nix.nix
View File

@@ -13,15 +13,19 @@
connect-timeout = 20; connect-timeout = 20;
substituters = [ substituters = [
"https://cache.nixos.org/?priority=1&want-mass-query=true" "https://cache.nixos.org/?priority=1&want-mass-query=true"
"https://attic.alicehuston.xyz/cache-nix-dot?priority=4&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
]; ];
trusted-substituters = [ trusted-substituters = [
"https://cache.nixos.org" "https://cache.nixos.org"
"https://attic.alicehuston.xyz/cache-nix-dot"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"cache.alicehuston.xyz:SJAm8HJVTWUjwcTTLAoi/5E1gUOJ0GWum2suPPv7CUo=%"
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache-nix-dot:Od9KN34LXc6Lu7y1ozzV1kIXZa8coClozgth/SYE7dU="
]; ];
trusted-users = [ trusted-users = [
"root" "root"

1
modules/openssh.nix
View File

@@ -2,7 +2,6 @@
{ {
services.openssh = { services.openssh = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
openFirewall = lib.mkDefault true;
fixPermissions = true; fixPermissions = true;
extraConfig = "StreamLocalBindUnlink yes"; extraConfig = "StreamLocalBindUnlink yes";

2
modules/plocate.nix
View File

@@ -3,7 +3,7 @@
{ {
services.locate = { services.locate = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
# localuser = lib.mkDefault null; localuser = lib.mkDefault null;
package = lib.mkDefault pkgs.plocate; package = lib.mkDefault pkgs.plocate;
}; };
} }

4
modules/update.nix
View File

@@ -4,7 +4,7 @@
enable = lib.mkDefault true; enable = lib.mkDefault true;
repo.dotfiles = { repo.dotfiles = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_giteadeploy"; ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy";
path = lib.mkDefault /root/dotfiles; path = lib.mkDefault /root/dotfiles;
}; };
}; };
@@ -14,6 +14,6 @@
flags = [ "--accept-flake-config" ]; flags = [ "--accept-flake-config" ];
randomizedDelaySec = "1h"; randomizedDelaySec = "1h";
persistent = true; persistent = true;
flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git"; flake = "github:RAD-Development/nix-dotfiles";
}; };
} }

70
pkgs/bitwarden-rofi/default.nix
View File

@@ -1,70 +0,0 @@
# source: https://github.com/kylesferrazza/nix/blob/288edcd1d34884b9b7083c6d718fbe10febe0623/overlay/bitwarden-rofi.nix
# TODO https://github.com/mattydebie/bitwarden-rofi/issues/34
{
stdenv,
lib,
fetchFromGitHub,
makeWrapper,
unixtools,
xsel,
xclip,
wl-clipboard,
xdotool,
ydotool,
bitwarden-cli,
rofi,
jq,
keyutils,
libnotify,
}:
let
bins = [
jq
bitwarden-cli
unixtools.getopt
rofi
xsel
xclip
wl-clipboard
xdotool
ydotool
keyutils
libnotify
];
in
stdenv.mkDerivation {
pname = "bitwarden-rofi";
version = "git-2024-08-22";
src = fetchFromGitHub {
owner = "mattydebie";
repo = "bitwarden-rofi";
rev = "8be76fdd647c2bdee064e52603331d8e6ed5e8e2";
sha256 = "1h5d21kv8g5g725chn3n0i1frvmsrk3pm67lfxqcg50kympg0wwd";
};
buildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p "$out/bin"
install -Dm755 "bwmenu" "$out/bin/bwmenu"
install -Dm755 "lib-bwmenu" "$out/bin/lib-bwmenu" # TODO don't put this in bin
install -Dm755 -d "$out/usr/share/doc/bitwarden-rofi"
install -Dm755 -d "$out/usr/share/doc/bitwarden-rofi/img"
install -Dm644 "README.md" "$out/usr/share/doc/bitwarden-rofi/README.md"
install -Dm644 img/* "$out/usr/share/doc/bitwarden-rofi/img/"
wrapProgram "$out/bin/bwmenu" --prefix PATH : ${lib.makeBinPath bins}
'';
meta = with lib; {
description = "Wrapper for Bitwarden and Rofi";
homepage = "https://github.com/mattydebie/bitwarden-rofi";
license = licenses.gpl3;
platforms = platforms.linux;
};
}

39
pkgs/lego-latest/default.nix
View File

@@ -1,39 +0,0 @@
{
lib,
fetchFromGitHub,
buildGoModule,
}:
buildGoModule rec {
pname = "lego";
version = "4.21.0";
src = fetchFromGitHub {
owner = "go-acme";
repo = pname;
rev = "v${version}";
hash = "sha256-3dSvQfkBNh8Bt10nv4xGplv4iY3gWvDu2EDN6UovSdc=";
};
vendorHash = "sha256-teA6fnKl4ATePOYL/zuemyiVy9jgsxikqmuQJwwA8wE=";
doCheck = false;
subPackages = [ "cmd/lego" ];
ldflags = [
"-s"
"-w"
"-X main.version=${version}"
];
meta = with lib; {
description = "Let's Encrypt client and ACME library written in Go";
license = licenses.mit;
homepage = "https://go-acme.github.io/lego/";
maintainers = teams.acme.members;
mainProgram = "lego";
};
#passthru.tests.lego = nixosTests.acme;
}

4
shell.nix
View File

@@ -45,10 +45,6 @@ forEachSystem (
treefmt treefmt
statix statix
nixfmt-rfc-style nixfmt-rfc-style
jsonfmt
mdformat
shfmt
yamlfmt
]; ];
}; };
in in

17
utils/sops-mergetool.sh → sops-mergetool.sh
View File

@@ -1,27 +1,17 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Exit on first error and verify variables have been set/passed via CLI # Exit on first error and verify variables have been set/passed via CLI
#set -eu set -eu
set -v
set -x
# Rename our variables to friendlier equivalents # Rename our variables to friendlier equivalents
# https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver # https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver
base="$1" base="$1"; local_="$2"; remote="$3"; merged="$4"
local_="$2"
remote="$3"
merged="$4"
echo "$base"
echo "$local_"
echo "$remote"
echo "$merged"
# Resolve our default mergetool # Resolve our default mergetool
# https://github.com/git/git/blob/v2.8.2/git-mergetool--lib.sh#L3 # https://github.com/git/git/blob/v2.8.2/git-mergetool--lib.sh#L3
mergetool="$(git config --get merge.tool)" mergetool="$(git config --get merge.tool)"
GIT_DIR="$(git --exec-path)" GIT_DIR="$(git --exec-path)"
if test "$mergetool" = ""; then if test "$mergetool" = ""; then
echo 'No default `merge.tool` was set for `git`. Please set one via `git config --set merge.tool <tool>`' 1>&2 echo "No default \`merge.tool\` was set for \`git\`. Please set one via \`git config --set merge.tool <tool>\`" 1>&2
exit 1 exit 1
fi fi
@@ -86,3 +76,4 @@ set -eu
# Re-encrypt content # Re-encrypt content
sops --encrypt "$merged_decrypted" > "$merged" sops --encrypt "$merged_decrypted" > "$merged"

2
statix.toml
View File

@@ -1,4 +1,4 @@
disabled = ["empty_pattern"] disabled = ["empty_pattern"]
nix_version = '2.25' nix_version = '2.23'
ignore = ['.direnv'] ignore = ['.direnv']

438
systems/artemision/ao3_skins/happy_17th.css
View File

@@ -1,438 +0,0 @@
#footer .group,
.post fieldset fieldset,
fieldset fieldset {
background: none;
}
#header {
background: #000 url('https://media.archiveofourown.org/news/milestones/2024-08-seventeen-years-otw/2024-08-seventeen-years-otw-pattern.jpg');
background-size: 350px;
}
#header .heading a,
#header .primary .dropdown a:focus,
#header .heading a:visited,
#main .pagination .current,
h2 {
color: #ffe8b4;
}
#header .clear,
#footer {
border-color: #191919;
}
#header .actions a[href="/menu/fandoms"],
#header .actions a[href="/menu/browse"],
#header .actions a[href="/menu/search"],
#header .actions a[href="/menu/about"] {
color: #fff;
}
#footer ul {
background: url('https://live.staticflickr.com/7284/9616997915_4194b6c6f7_h.jpg');
background-size: 350px;
}
#footer ul li:nth-child(1) ul,
#footer ul li:nth-child(2) ul,
#footer ul li:nth-child(3) ul,
#footer ul li:nth-child(4) ul {
background: rgba(0, 0, 0, 0.0);
}
#header .primary {
background: #8a1a10;
}
#footer {
background: #8a1a10;
}
input[type="text"],
textarea,
select {
background: #222;
color: #fff;
}
select:focus {
background: #2a2a2a;
}
option {
background: #555;
color: #fff;
}
#work form fieldset.work.meta dl dd.warning.required fieldset,
#main form fieldset.work.meta dl dd.warning.required fieldset {
color: #fff;
}
#bookmark-form form {
background: #2a2a2a;
color: #fff;
}
#error {
color: #191919;
}
fieldset,
.verbose fieldset {
border-color: #404040;
background: #191919;
border: 1px solid #595959;
}
.search [role=tooltip] {
background: #333;
border: 1px solid #666;
}
#main a:visited {
color: #ccc;
}
#main a.tag:visited:hover {
color: #111;
}
body,
.group,
.group .group,
.region,
.flash,
form dl,
#main .verbose legend,
.notice,
ul.notes,
table,
th,
td:hover,
tr:hover,
.symbol .question:hover,
#modal,
.ui-sortable li,
.required .autocomplete,
.autocomplete .notice,
.system .intro,
.comment_error,
.kudos_error,
div.dynamic,
.dynamic form,
#ui-datepicker-div,
.ui-datepicker table {
background: #191919;
color: #eee;
border-color: #222;
outline: #111;
box-shadow: none;
}
#header .actions a:hover,
#header .actions a:focus,
#header .dropdown:hover a,
#header .open a,
#header .menu,
#small_login,
.group.listbox,
fieldset fieldset.listbox,
.listbox,
form blockquote.userstuff,
input:focus,
textarea:focus,
li.relationships a,
.group.listbox .index,
.dashboard fieldset fieldset.listbox .index,
#dashboard a:hover,
th,
#dashboard .secondary,
.secondary,
.thread .even,
.system .tweet_list li,
.ui-datepicker tr:hover {
background: #2A2A2A;
}
a,
a.tag,
a:link,
#header a:visited,
#header .primary .open a,
#header .primary .dropdown:hover a,
#header #search input:focus,
#header #search input:hover,
.userstuff h2,
#dashboard a,
#dashboard span,
#dashboard .current,
.group .heading,
.filters dt a:hover {
color: #fff;
}
#header .dropdown .menu a:hover,
#header .dropdown .menu a:focus,
.splash .favorite li:nth-of-type(odd) a,
.ui-datepicker td:hover,
#tos_prompt .heading,
#tos_prompt [disabled] {
background: #111;
color: #ffe8b4;
}
#outer,
.javascript,
.statistics .index li:nth-of-type(even),
#tos_prompt,
.announcement input[type="submit"] {
background: #191919;
}
#dashboard ul,
dl.meta,
.group.listbox,
fieldset fieldset.listbox,
#main li.blurb,
form blockquote.userstuff,
div.comment,
li.comment,
.toggled form,
form dl dt,
form.single fieldset,
#inner .module .heading,
.bookmark .status span,
.splash .news li,
.filters .group dt.bookmarker {
border-color: #555;
}
.group.listbox,
fieldset fieldset.listbox,
#main li.blurb,
.wrapper,
#dashboard .secondary,
.secondary,
form blockquote.userstuff,
.thread .comment,
.toggled form {
box-shadow: 1px 1px 3px #000;
}
#dashboard .current,
.actions a:active,
a.current,
.current a:visited,
span.unread,
.replied,
span.claimed,
dl.index dd,
.own,
.draft,
.draft .unread,
.child,
.unwrangled,
.unreviewed,
.ui-sortable li:hover {
background: #000;
border-color: #555;
box-shadow: -1px -1px 3px #000;
}
input,
textarea {
box-shadow: inset 0 1px 2px #000;
}
li.blurb,
.blurb .blurb,
.listbox .index,
fieldset fieldset.listbox,
.dashboard .listbox .index {
box-shadow: inset 1px 1px 3px #000;
}
#footer a:hover,
#footer a:focus,
.autocomplete .dropdown ul li:hover,
.autocomplete .dropdown li.selected,
a.tag:hover,
.listbox .heading a.tag:visited:hover,
.symbol .question {
background: #ffedc5;
border-color: #988352;
color: #111;
}
#header #greeting img,
#header .user a:hover,
#header .user a:focus,
#header fieldset,
#header form,
#header p,
#dashboard a:hover,
.actions a:hover,
.actions input:hover,
.delete a,
span.delete,
span.unread,
.replied,
span.claimed,
.draggable,
.droppable,
span.requested,
a.work,
.blurb h4 a:link,
.blurb h4 img,
.splash .module h3,
.splash .browse li a:before,
.required,
.error,
.comment_error,
.kudos_error,
a.cloud7,
a.cloud8,
#tos_prompt .heading {
color: #ffe8b4;
}
#greeting .icon,
#dashboard,
#dashboard.own,
.error,
.comment_error,
.kudos_error,
.LV_invalid,
.LV_invalid_field,
input.LV_invalid_field:hover,
input.LV_invalid_field:active,
textarea.LV_invalid_field:hover,
textarea.LV_invalid_field:active,
.qtip-content {
border-color: #8a1a10;
}
.splash .favorite li:nth-of-type(odd) a:hover,
.splash .favorite li:nth-of-type(odd) a:focus .splash .favorite li:nth-of-type(odd) a:visited:hover,
.splash .favorite li:nth-of-type(odd) a:visited:focus {
background: #ffe8b4;
color: #111;
}
a:visited,
.actions a:visited,
.action a:link,
.action a:visited,
.listbox .heading a:visited,
span.series .divider {
color: #999;
}
.actions a,
.actions a:link,
.action,
.action:link,
.actions input,
input[type="submit"],
button,
.current,
.actions label,
#header .actions a,
#outer .current {
background: #555;
border-color: #222;
color: #eee;
box-shadow: inset 0 -8px 4px #232323, inset 0 8px 7px #555;
text-shadow: none;
}
.actions a:hover,
.actions input:hover,
#dashboard a:hover,
.actions a:focus,
.actions input:focus,
#dashboard a:focus,
.actions .disabled select {
color: #999;
border-color: #000;
box-shadow: inset 2px 2px 2px #000;
}
.actions a:active,
.current,
a.current,
.current a:visited {
color: #fff;
background: #555;
border-color: #fff;
box-shadow: inset 1px 1px 3px #191919;
}
.delete a,
span.delete {
box-shadow: -1px -1px 2px rgba(255,255,255.25);
}
.actions label.disabled {
background: #222;
box-shadow: none;
}
ul.required-tags,
.bookmark .status span,
.blurb .icon {
opacity: 0.9;
border: 0;
}
#outer .group .heading,
#header .actions a,
fieldset.listbox .heading,
.userstuff .heading {
text-shadow: none;
color: #fff;
background: none;
}
#header .actions a,
fieldset fieldset,
.mce-container button,
.filters .expander,
.actions .disabled select {
box-shadow: none;
}
fieldset fieldset.listbox {
outline: none;
}
form dd.required {
color: #eee;
}
.mce-container input:focus {
background: #F3EFEC;
}
.announcement .userstuff a,
.announcement .userstuff a:link,
.announcement .userstuff a:visited:hover {
color: #111;
}
.announcement .userstuff a:visited {
color: #666;
}
.announcement .userstuff a:hover,
.announcement .userstuff a:focus {
color: #999;
}
.event.announcement .userstuff a,
.filters .expander {
color: #eee;
}

54
systems/artemision/configuration.nix
View File

@@ -6,18 +6,17 @@
}: }:
{ {
imports = [ imports = [
./audio.nix
./desktop.nix
./fingerprint.nix
./fonts.nix
./graphics.nix
./libvirt.nix
./polkit.nix
./programs.nix ./programs.nix
./steam.nix ./desktop.nix
./stylix.nix
./wifi.nix ./wifi.nix
./zerotier.nix ./zerotier.nix
./fonts.nix
./polkit.nix
./audio.nix
./fingerprint.nix
./steam.nix
./graphics.nix
./libvirt.nix
]; ];
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
@@ -32,7 +31,7 @@
}; };
boot = { boot = {
#kernelPackages = lib.mkForce pkgs.linuxPackages_6_6; kernelPackages = lib.mkForce pkgs.linuxPackages_zen;
useSystemdBoot = true; useSystemdBoot = true;
default = true; default = true;
}; };
@@ -45,7 +44,6 @@
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = { services = {
flatpak.enable = true;
calibre-web = { calibre-web = {
enable = true; enable = true;
listen = { listen = {
@@ -72,9 +70,20 @@
}) { inherit (pkgs) system; }).fwupd; }) { inherit (pkgs) system; }).fwupd;
}; };
fprintd.enable = lib.mkForce false; fprintd.enable = true;
openssh.enable = lib.mkForce false; openssh.enable = lib.mkForce false;
spotifyd = {
enable = true;
settings = {
global = {
username = "snowinginwonderland@gmail.com";
password_cmd = "cat ${config.sops.secrets."apps/spotify".path}";
use_mpris = false;
};
};
#systemd.services.spotifyd.serviceConfig = systemd.services.spotifyd.
};
rad-dev.yubikey = { rad-dev.yubikey = {
enable = true; enable = true;
enable-desktop-app = true; enable-desktop-app = true;
@@ -83,22 +92,17 @@
users.users.alice.extraGroups = [ "calibre-web" ]; users.users.alice.extraGroups = [ "calibre-web" ];
system.autoUpgrade.enable = false;
system.stateVersion = "24.05"; system.stateVersion = "24.05";
programs.adb.enable = true;
environment.variables = {
"KWIN_DRM_NO_DIRECT_SCANOUT" = "1";
};
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
#secrets = { secrets = {
# "apps/spotify" = { "apps/spotify" = {
# group = "audio"; group = "audio";
# restartUnits = [ "spotifyd.service" ]; restartUnits = [ "spotifyd.service" ];
# mode = "0440"; mode = "0440";
# }; };
#}; };
}; };
} }

1
systems/artemision/default.nix
View File

@@ -7,7 +7,6 @@
users = [ "alice" ]; users = [ "alice" ];
modules = [ modules = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd inputs.nixos-hardware.nixosModules.framework-16-7040-amd
inputs.stylix.nixosModules.stylix
{ {
environment.systemPackages = [ environment.systemPackages = [
inputs.wired-notify.packages.x86_64-linux.default inputs.wired-notify.packages.x86_64-linux.default

40
systems/artemision/desktop.nix
View File

@@ -3,30 +3,9 @@
{ {
# installs hyprland, and its dependencies # installs hyprland, and its dependencies
programs = { programs.hyprland = {
hyprland = {
enable = true; enable = true;
xwayland.enable = true; xwayland.enable = true;
withUWSM = true;
};
hyprlock.enable = true;
gnupg.agent = {
enable = true;
#pinentryPackage = pkgs.pinentry-rofi;
pinentryPackage = pkgs.pinentry-gnome3;
#settings = {
# keyserver-options = "auto-key-retrieve";
# auto-key-locate = "hkps://keys.openpgp.org";
# keyserver = "hkps://keys.openpgp.org";
#keyserver = "hkp://pgp.mit.edu";
# "na.pool.sks-keyservers.net"
# "ipv4.pool.sks-keyservers.net"
# "p80.pool.sks-keyservers.net"
# ];
#};
};
ydotool.enable = true;
}; };
# Optional, hint electron apps to use wayland: # Optional, hint electron apps to use wayland:
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";
@@ -56,11 +35,20 @@
}; };
}; };
powerManagement = { programs.gnupg.agent = {
enable = true; enable = true;
resumeCommands = '' #pinentryPackage = pkgs.pinentry-rofi;
${pkgs.hyprlock}/bin/hyprlock -c /home/alice/.config/hypr/hyprlock.conf pinentryPackage = pkgs.pinentry-gnome3;
''; #settings = {
# keyserver-options = "auto-key-retrieve";
# auto-key-locate = "hkps://keys.openpgp.org";
# keyserver = "hkps://keys.openpgp.org";
#keyserver = "hkp://pgp.mit.edu";
# "na.pool.sks-keyservers.net"
# "ipv4.pool.sks-keyservers.net"
# "p80.pool.sks-keyservers.net"
# ];
#};
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

18
systems/artemision/fonts.nix
View File

@@ -3,13 +3,17 @@
fonts = { fonts = {
fontconfig.enable = true; fontconfig.enable = true;
enableDefaultPackages = true; enableDefaultPackages = true;
packages = with pkgs.nerd-fonts; [ packages = with pkgs; [
fira-code (nerdfonts.override {
droid-sans-mono fonts = [
hack "FiraCode"
dejavu-sans-mono "DroidSansMono"
noto "Hack"
open-dyslexic "DejaVuSansMono"
"Noto"
"OpenDyslexic"
];
})
]; ];
}; };
} }

9
systems/artemision/hardware.nix
View File

@@ -20,9 +20,6 @@
"usb_storage" "usb_storage"
"usbhid" "usbhid"
"sd_mod" "sd_mod"
"ip_vs"
"ip_vs_rr"
"nf_conntrack"
]; ];
initrd.kernelModules = [ initrd.kernelModules = [
"dm-snapshot" "dm-snapshot"
@@ -55,6 +52,7 @@
options = [ options = [
"noatime" "noatime"
"nodiratime" "nodiratime"
"discard"
]; ];
}; };
@@ -64,6 +62,7 @@
options = [ options = [
"noatime" "noatime"
"nodiratime" "nodiratime"
"discard"
]; ];
}; };
@@ -73,6 +72,7 @@
options = [ options = [
"noatime" "noatime"
"nodiratime" "nodiratime"
"discard"
]; ];
}; };
@@ -82,11 +82,12 @@
options = [ options = [
"noatime" "noatime"
"nodiratime" "nodiratime"
"discard"
]; ];
}; };
}; };
swapDevices = [ { device = "/dev/disk/by-uuid/3ec276b5-9088-45b0-9cb4-60812f2d1a73"; } ]; swapDevices = [ { device = "/dev/disk/by-uuid/7f0dba0f-d04e-4c94-9fba-1d0811673df1"; } ];
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
"nixos-pv" = { "nixos-pv" = {

30
systems/artemision/programs.nix
View File

@@ -3,7 +3,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
act act
alacritty alacritty
attic-client
amdgpu_top amdgpu_top
bat bat
bitwarden-cli bitwarden-cli
@@ -13,12 +12,12 @@
calibre calibre
# calibre dedrm? # calibre dedrm?
candy-icons candy-icons
chromium nemo-with-extensions
chromedriver
croc croc
deadnix deadnix
direnv direnv
easyeffects discord
discord-canary
eza eza
fanficfare fanficfare
ferium ferium
@@ -30,29 +29,22 @@
glances glances
gpu-viewer gpu-viewer
grim grim
helvum headsetcontrol
htop htop
hwloc hwloc
ipmiview ipmiview
iperf3 iperf3
# ipscan ipscan
jp2a jp2a
jq jq
kdePackages.kdenlive
kitty kitty
kubectl
kubernetes-helm
libreoffice-fresh
libtool libtool
lsof lsof
lynis lynis
masterpdfeditor4 masterpdfeditor4
minikube
mons mons
mpv
# nbt explorer? # nbt explorer?
ncdu ncdu
nemo-with-extensions
neofetch neofetch
neovim neovim
nix-init nix-init
@@ -61,8 +53,6 @@
nix-tree nix-tree
nixpkgs-fmt nixpkgs-fmt
nmap nmap
obs-studio
obsidian
ocrmypdf ocrmypdf
pciutils pciutils
#disabled until wxpython compat with python3.12 #disabled until wxpython compat with python3.12
@@ -70,19 +60,16 @@
prismlauncher prismlauncher
protonmail-bridge protonmail-bridge
protontricks protontricks
proxychains
qrencode qrencode
redshift redshift
restic restic
ripgrep ripgrep
rpi-imager rpi-imager
rofi-wayland rofi-wayland
samba
signal-desktop signal-desktop
# signal in tray? # signal in tray?
siji siji
simple-mtpfs simple-mtpfs
skaffold
slack slack
slurp slurp
smartmontools smartmontools
@@ -97,18 +84,17 @@
tig tig
tokei tokei
tree tree
unipicker
unzip unzip
unipicker
uutils-coreutils-noprefix uutils-coreutils-noprefix
ventoy ventoy
vesktop
vscode vscode
watchman watchman
wget wget
wl-clipboard wl-clipboard
yq xboxdrv
yt-dlp
zoom-us zoom-us
zoxide zoxide
zoom
]; ];
} }

62
systems/artemision/secrets.yaml
View File

@@ -1,17 +1,17 @@
hello: ENC[AES256_GCM,data:BTCBuBxHFO8vwXU/bsAZryM5rXUOEi0brlvq6DtqfZbzxGz4LaW89VO75MERHQ==,iv:fwqI3arwtlZQ5DtvpVbh21ThuZP8zcqCHsmuJuCfCsY=,tag:tkkEO8/eEDCakdlT0NvajA==,type:str] hello: ENC[AES256_GCM,data:UJlsd5kvnhEv7eJeYwg+NHm9sgUAxYM5DoR0gDPLi9J7P+8FI8WPMkN1wEAHJA==,iv:NFSdZQ1OK4BT+EAGZz122NB7WrVCEzv4wwMxFIE/OKI=,tag:6YT7Vw8tFrw9iEFKxeKRFQ==,type:str]
example_key: ENC[AES256_GCM,data:xzsymSb4oD70twtoKQ==,iv:9vBmAKET2VIuDSq7AOyvdYWLGlL6cYHTWxy/Z5bB1+c=,tag:NbV4eA2aaY4cQAKUy3QOpw==,type:str] example_key: ENC[AES256_GCM,data:KMXgMrqe7M101ZMJ2g==,iv:MJ3Iiu/0KIVhPFnqfovysqvPJAv1OsnxE4VIsuexFkE=,tag:X6KIKNGym8/9VglmG3SNRw==,type:str]
#ENC[AES256_GCM,data:zeOCzRd/nFRhbANHxPyyjw==,iv:9MmHl3OyhJHVU+cUFJ4QitHd4SeDe3ctaky+yfvk8Zs=,tag:uPGRJtgQj1vIdLt2+w0krg==,type:comment] #ENC[AES256_GCM,data:QR3WNE/a1hZIXnTjFjK3kA==,iv:eXoZJ5rQaYqN7LjEp2M13OCMwuQ+80M5AXjV0uNc4C8=,tag:sCvL6pr9zAyWZziffVFMzg==,type:comment]
example_array: example_array:
- ENC[AES256_GCM,data:Nwn96XJv8xZWRYv8qws=,iv:K30LBMC8e1vUS0XE+4EIYb3xUUyn6232YmhV2vI9Qnc=,tag:HRe3S88zwj/CjG6NTvjdRQ==,type:str] - ENC[AES256_GCM,data:g8PulCLrXZYSEdZJELE=,iv:irGwciFn1zXBxFpGAJtD46EQLGUO5oqdCzRgv1204JE=,tag:2MuDdRYMjhtTY++lPuj1FQ==,type:str]
- ENC[AES256_GCM,data:l2nuwoAbwaDFHpEWV1Y=,iv:7/2rTd8agUvx73eftpOgidV4XjDUv/JppLIIsiuycnU=,tag:Ohi4JULWDNXJPWZaeXHEdw==,type:str] - ENC[AES256_GCM,data:qv7GvmoOX8VSdaiW/90=,iv:6NOWeWqHUV9ciKPmZF4C7ijuIPFr3YZi3Dh7xWnb07k=,tag:VHXdBhWmEpb7uavCPqGZ4w==,type:str]
example_number: ENC[AES256_GCM,data:toi1e/biUd2Tng==,iv:MPCfhhX9DDaOSzx/L5LTf2VYffin8XvxVyhNDqZLsec=,tag:tE/lml3afP/NjRtpPraoRQ==,type:float] example_number: ENC[AES256_GCM,data:g8BIEIcwKRLSbw==,iv:Ay4aiukAvXeDhzlpMPn++zR0Tt2lMqCx362uN37S+ac=,tag:NTtNaIu5u8YsIm0M4OgL0A==,type:float]
example_booleans: example_booleans:
- ENC[AES256_GCM,data:02CVNA==,iv:L9GmIm9ynm2cWTyd3iYo4fgIeneUyFpEzzzxicM/YNI=,tag:k2EIboiL+c4W1H2OpA2Rqw==,type:bool] - ENC[AES256_GCM,data:94T9mg==,iv:qKGJke4SGhgN09Yebh5MPrRBDNnguJQ+1dl5XQffGZQ=,tag:0Pa3eujmSxDCnAHKHsx6yQ==,type:bool]
- ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool] - ENC[AES256_GCM,data:gEvfi+Q=,iv:0DrXoZk8OkdUShc7WAKOL8xG26RFZp3M3qYFAb1hDAs=,tag:uemBrdF87nrfLpfnQ8bD8g==,type:bool]
apps: apps:
spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str] spotify: ENC[AES256_GCM,data:bp1pdOfS+VGWLtepUjg7KFWw8Fk=,iv:twGO3CjzRxAU81C93mX8qIEZ/FYIQRJnMd2HIuvP9q8=,tag:AJgs0QGFH30E8+ZpaB02TQ==,type:str]
wifi-env: ENC[AES256_GCM,data:G+z+fURk4rT61I5BiFzEJJt35jywPNrGpn1QGNhjvxrqPQ/Sq/hIHmQo+bqe9yJeDgMX3RY4EaiZxFTJyxPfW1czjuMSj3vbTp0WcDmGvUJ7li2pX2pzolgly4qmgoOluGBeRZWVLLOZYFB2+kLRMJNNz/bP5k2Eq6O4+l4sljPM+abn9iz9Eh46rVOVRkmDzCltJrYiuBSiSPhTDRTP2+gUbgbaUJTkVrVLUBHg3QU6az6VPN8DPZxbx4LtdaIb93pI,iv:uUfJK/iPdyLP7LqZJolTGGTxaEzlJI59bUVNcB1etkU=,tag:tvXSXSW1MIhLJceEK1afuw==,type:str] wifi-env: ENC[AES256_GCM,data:NGI090aVGojJ7+lvcknJfZBQKb0b/tUrd2AqEl5IWQWCJdqqaO4pCrs3C+IW06/pz9FWgMxx9tPu32xmMZaPnnlLD+XyVJ71L2P22U6YufRPRfvyv6swOlihscOZ5tsFFYShjXpow0PfmYS+tP9mYLb2RYFLGQmvI4fa4LaVjuwPXAMg3RN/gVXR6bMEpd/7OIr+tIxC5sTE7V7fIbyzcn4=,iv:VbtgvwMHo1iLuTKCA7KjEXC1d1MY4aHfmXI6yuCGZVI=,tag:dGmw+icLKL9dJQExy83m1A==,type:str]
#ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment] #ENC[AES256_GCM,data:pC2Kdy7wNc0=,iv:J7Ggfv6K3dCzL42j5MGd+BjQGseoAoYs4k6+yc3FSiA=,tag:9MriduP9SEIi+c1q4tfzlQ==,type:comment]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -21,26 +21,34 @@ sops:
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWbElNRkxyZ2VjaitiTWx2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZUNHeDdqaGt0QnFIejdM
eThsY0h3a2NCZDloWG0rU1ZwVnhOY2VJTXlFCnp3UzNDR216L2R4cVdyWjFqbkRr MU5uaDNiN2xOeVlZNzQyZXZ0R2NYUU83ZWxrCmNDL3J6ZjNmejBuUXk3cldwZUEz
cFJGQjQ4Qk9zblYyckVFY3VNekNuajQKLS0tIEdRWldHMjlpTElxQWFVUlh4L1lz UWVqMTVPelN1MTJDNzc0UU9XNWkralUKLS0tIDU2b053Uk5VZGlWUk9XMXZ5Wllk
d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR UlhhNzNjTHdVaXlPOFJhc0EyZGh3RDQK1c7nctmrorze4Kr0Grmcmx3N/UYXPwJc
D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA== FfClOoGxO+4ZDtxG61SDU1UdYae4loQ8roM8jDIPFMfoEum2bT8oXw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-28T18:57:09Z" lastmodified: "2024-08-03T02:45:15Z"
mac: ENC[AES256_GCM,data:hKhAo7rDplLm19PlrKHQwxnDVXCMU/xpAxPALLDBa0M3yypy2QVD6c6Atn897tYRKf7oeLaUKqnUYdCcZ9gVgm37LS+GtRhf66zfvcKqhZF8wh3M0zTDPYpQDhex0N4BAJ/dcaYIbxqE9pEUxJOI5jip/hptaCJItTEe7oARcF4=,iv:EUayxLaOPcnWX+S9+RlHrxzJRLlSSLIwqbAq3fFI4yg=,tag:LiBsqIodTWamO+c8FqGBag==,type:str] mac: ENC[AES256_GCM,data:PsEeb2leFb500YYHg+5YHwGVHKUPB7qVqaJY66hnkmCa5MKAZkHqSgtVvh+Ai4fN9E+WFtjlso2a4oasQMNwVXsmt54+q1/Mz5zF2D/1nvaNL76fEod2YXp2jlGxNniyPfRaZXDu+QQLhoz2PBoe6OQ9E5WRDV88j7gksy6GePw=,iv:H7Q9fbvdgh+NZNyyupByQETWsgpXVXn0blQV1Ww7eQM=,tag:cpWykzgH9/mWTKxmEDZ9PA==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:57:09Z" - created_at: "2024-03-23T05:46:35Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4DQWNzDMjrP2ISAQdALiZMzuQViM23hoFebCXYfQUIvCluWqAEeSJyE/LRHG8w hQIMA84hNUGIgI/nAQ/+IwyPDjs/jDCBlnYFboHh6TXx8ulysESst4hz5crM4L0u
nQnIVPRIbzLzWfCf+48EW6f7zonHmNY7D9F9KohDmCTcJ5/WvXsJKjebuohR62TF wylKyfEIBx0eLy0mLLA4DhcpYza0Nry5RLdwDNfimhATErfQxnwqlZ6RnYKnh3Hk
1GYBCQIQq7nEvwSfn+l5AevKIiodA4BLfM326JSx5hJ6XdrE0MzZo1uoMwKKuxig 93L66+BEKPd3EZOH+RC/wb0qiTDmU0yna8jtVO0uU7s6//hm/g7bdmQAK0YIJLcb
mPbDP8Rx51v9f+9DzjBg6kQD5w411HADL8th+wSkpmasP8ozIeiNiIKzzoJc/fD6 sd83n99R4oHVrq7iFc74/AV5isW9GcfmvLI94eodFpaE1dpqm4KzNpLueDCOvA/1
AOsExCUt8FU= vPo5Lgtp9WM4FhXUqMiplCNqMIt+Hyj3F+p+9jgQ2dLfHuVkI8pzd47gOHyMDYPy
=wRT+ fn6SVKZtOyfNDwhs7L5piiarSXISBGtx36ISDvtvtr/vgMydTdvILIOo9pkSGVtN
4W7+ywMaFjfAeShTVtUJNJqmp/8agt2WtaUX4kPPha4SxlNSOMpeTQ31bs89gBtc
g2325afL2WPK4NSAOmU8VMXqmFc2A10aFlx5nsfT4S1wkoNbitTWgoAcCa7kGRPW
xZca225cwLUzkggv74cfYT3YnQL40AMSOMqSRS8pbTFEENG1BtsB5A++Jji2i4tO
xoGIL8LRCEfiHpTC7eBwDDVmKb5StgKsXs6yYbQG5XW2W+/Jgum64Sb7+LviQ9Mq
WHNiu5MZPeKyHFu9jI9Ne1HpYJnb7/X9AxFw2e/vFwVn+kjaXcH/PhsYuPUyqkzS
XgG3tFbcgNtMWyoLU2EL1Qvwq1pHVrwmeNXHidESx23HeJtnIwoKkdopl4qqqNle
uQYP89bvb6zFWlqOSwLORZmj1W1wVTYV9eXplDbJob8agBKIcIuhtwri5e96gf4=
=XdJo
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.0

5
systems/artemision/steam.nix
View File

@@ -4,10 +4,7 @@
environment.systemPackages = [ pkgs.steam-run ]; environment.systemPackages = [ pkgs.steam-run ];
hardware.steam-hardware.enable = true; hardware.steam-hardware.enable = true;
programs = { programs = {
gamescope = { gamescope.enable = true;
enable = true;
capSysNice = true;
};
steam = { steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;

16
systems/artemision/stylix.nix
View File

@@ -1,16 +0,0 @@
{ pkgs, ... }:
# let
# randWallpaper = pkgs.runCommand "stylix-wallpaper" { } ''
# numWallpapers =
# $((1 + $RANDOM % 10))
# in
{
stylix = {
enable = true;
image = "${pkgs.hyprland}/share/hypr/wall2.png";
#image = "/home/alice/Pictures/Screenshots/screenshot_2024-12-04-2030.png";
polarity = "dark";
};
}

20
systems/artemision/wifi.nix
View File

@@ -6,27 +6,25 @@ in
{ {
networking.wireless = { networking.wireless = {
enable = true; enable = true;
secretsFile = config.sops.secrets."wifi-env".path; environmentFile = config.sops.secrets."wifi-env".path;
userControlled.enable = true; userControlled.enable = true;
networks = { networks = {
"taetaethegae-2.0" = { "taetaethegae-2.0" = {
pskRaw = "ext:PASS_taetaethegae_20"; psk = "@PASS_taetaethegae_20@";
priority = home; priority = home;
}; };
"k" = { "k" = {
pskRaw = "ext:PASS_k"; psk = "@PASS_k@";
priority = always; priority = always;
}; };
"Bloomfield".pskRaw = "ext:PASS_bloomfield"; "Bloomfield".psk = "@PASS_bloomfield@";
"9872441500".pskRaw = "ext:PASS_longboat_home"; "9872441500".psk = "@PASS_longboat_home@";
"9872441561".pskRaw = "ext:PASS_longboat_home"; "9872441561".psk = "@PASS_longboat_home@";
"5HuFios".pskRaw = "ext:PASS_longboat_home"; "5HuFios".psk = "@PASS_longboat_home@";
"24HuFios".pskRaw = "ext:PASS_longboat_home"; "24HuFios".psk = "@PASS_longboat_home@";
"Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie"; "Verizon_ZLHQ3H".psk = "@PASS_angie@";
"Fios-Qn3RB".pskRaw = "ext:PASS_parkridge";
"optimumwifi" = { }; "optimumwifi" = { };
"CableWiFi" = { }; "CableWiFi" = { };
"JPMCVisitor" = { };
}; };
}; };

106
systems/bob/configuration.nix Normal file
View File

@@ -0,0 +1,106 @@
{
imports = [
../../users/richie/global/desktop.nix
../../users/richie/global/ssh.nix
../../users/richie/global/syncthing_base.nix
../../users/richie/global/zerotier.nix
./hardware.nix
./nvidia.nix
./steam.nix
];
boot = {
useSystemdBoot = true;
default = true;
};
networking = {
networkmanager.enable = true;
hostId = "9ab3b18e";
};
hardware = {
pulseaudio.enable = false;
bluetooth = {
enable = true;
powerOnBoot = true;
};
};
security.rtkit.enable = true;
services = {
autopull.enable = false;
displayManager.sddm.enable = true;
openssh.ports = [ 262 ];
printing.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
rad-dev.k3s-net.enable = false;
syncthing.settings.folders = {
"notes" = {
id = "l62ul-lpweo"; # cspell:disable-line
path = "/home/richie/notes";
devices = [
"phone"
"jeeves"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"books" = {
id = "6uppx-vadmy"; # cspell:disable-line
path = "/home/richie/books";
devices = [
"phone"
"jeeves"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"important" = {
id = "4ckma-gtshs"; # cspell:disable-line
path = "/home/richie/important";
devices = [
"phone"
"jeeves"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"music" = {
id = "vprc5-3azqc"; # cspell:disable-line
path = "/home/richie/music";
devices = [
"phone"
"jeeves"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"projects" = {
id = "vyma6-lqqrz"; # cspell:disable-line
path = "/home/richie/projects";
devices = [
"jeeves"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
};
};
system.autoUpgrade.enable = false;
system.stateVersion = "23.11";
}

8
systems/bob/default.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
users = [ "richie" ];
system = "x86_64-linux";
home = true;
sops = true;
server = false;
}

66
systems/bob/hardware.nix Normal file
View File

@@ -0,0 +1,66 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
luks.devices = {
"luks-rpool-nvme-Samsung_SSD_970_EVO_Plus_1TB_S6S1NS0T617615W-part2".device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_1TB_S6S1NS0T617615W-part2";
};
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = lib.mkDefault {
device = "rpool/root";
fsType = "zfs";
};
"/home" = {
device = "rpool/home";
fsType = "zfs";
};
"/boot" = {
device = "/dev/disk/by-uuid/8AE6-270D";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
systems/bob/nvidia.nix Normal file
View File

@@ -0,0 +1,13 @@
{ config, ... }:
{
services.xserver.videoDrivers = [ "nvidia" ];
hardware = {
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.production;
nvidiaSettings = true;
};
nvidia-container-toolkit.enable = true;
};
}

15
systems/bob/steam.nix Normal file
View File

@@ -0,0 +1,15 @@
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.steam-run ];
hardware.steam-hardware.enable = true;
programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
extraCompatPackages = with pkgs; [ proton-ge-bin ];
extest.enable = true;
};
};
}

28
systems/jeeves-jr/arch_mirror.nix Normal file
View File

@@ -0,0 +1,28 @@
{ inputs, pkgs, ... }:
let
vars = import ./vars.nix;
in
{
virtualisation.oci-containers.containers.arch_mirror = {
image = "ubuntu/apache2:latest";
volumes = [
"${../../users/richie/global/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
"${vars.main_mirror}:/data"
];
extraOptions = [ "--network=web" ];
autoStart = true;
};
systemd.services.sync_mirror = {
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
description = "validates startup";
path = [ pkgs.rsync ];
serviceConfig = {
Environment = "MIRROR_DIR=${vars.main_mirror}/archlinux/";
Type = "simple";
ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/sync_mirror";
};
};
}

47
systems/jeeves-jr/configuration.nix Normal file
View File

@@ -0,0 +1,47 @@
{ pkgs, ... }:
{
imports = [
../../users/richie/global/ssh.nix
./arch_mirror.nix
./docker
./home_assistant.nix
./networking.nix
./services.nix
];
boot = {
zfs.extraPools = [ "Main" ];
filesystem = "zfs";
useSystemdBoot = true;
};
environment.systemPackages = with pkgs; [ docker-compose ];
services = {
openssh = {
ports = [ 352 ];
listenAddresses = [
{ addr = "192.168.95.35"; }
{ addr = "192.168.90.35"; }
];
};
smartd.enable = true;
sysstat.enable = true;
usbguard = {
enable = true;
rules = ''
allow id 1532:0241
'';
};
zfs = {
trim.enable = true;
autoScrub.enable = true;
};
};
system.stateVersion = "23.05";
}

7
systems/jeeves-jr/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }:
{
users = [
"alice"
"richie"
];
}

11
systems/jeeves-jr/docker/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{ lib, ... }:
{
imports =
let
files = builtins.attrNames (builtins.readDir ./.);
nixFiles = builtins.filter (name: lib.hasSuffix ".nix" name && name != "default.nix") files;
in
map (file: ./. + "/${file}") nixFiles;
virtualisation.oci-containers.backend = "docker";
}

46
systems/jeeves-jr/docker/haproxy.cfg Normal file
View File

@@ -0,0 +1,46 @@
global
log stdout format raw local0
defaults
log global
mode http
retries 3
maxconn 2000
timeout connect 5s
timeout client 50s
timeout server 50s
timeout http-request 10s
timeout http-keep-alive 2s
timeout queue 5s
timeout tunnel 2m
timeout client-fin 1s
timeout server-fin 1s
#Application Setup
frontend ContentSwitching
bind *:80
bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
mode http
# tmmworkshop.com
acl host_mirror hdr(host) -i mirror.tmmworkshop.com jeeves
acl host_uptime_kuma hdr(host) -i uptimekuma-jeevesjr.tmmworkshop.com
acl host_homeassistant hdr(host) -i homeassistant.tmmworkshop.com
use_backend mirror_nodes if host_mirror
use_backend uptime_kuma_nodes if host_uptime_kuma
use_backend home_asistant_nodes if host_homeassistant
# tmmworkshop.com
backend mirror_nodes
mode http
server server arch_mirror:80
backend uptime_kuma_nodes
mode http
server server uptime_kuma:3001
backend home_asistant_nodes
mode http
server server 192.168.95.35:8123

16
systems/jeeves-jr/docker/uptime_kuma.nix Normal file
View File

@@ -0,0 +1,16 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
uptime_kuma = {
image = "louislam/uptime-kuma:latest";
volumes = [
"${vars.main_docker_configs}/uptime_kuma:/app/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
extraOptions = [ "--network=web" ];
autoStart = true;
};
};
}

41
systems/jeeves-jr/docker/web.nix Normal file
View File

@@ -0,0 +1,41 @@
{ config, ... }:
{
virtualisation.oci-containers.containers = {
haproxy = {
image = "haproxy:latest";
user = "600:600";
environment = {
TZ = "Etc/EST";
};
volumes = [
"${config.sops.secrets."docker/haproxy_cert".path}:/etc/ssl/certs/cloudflare.pem"
"${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg"
];
dependsOn = [
"arch_mirror"
"uptime_kuma"
];
extraOptions = [ "--network=web" ];
autoStart = true;
};
cloud_flare_tunnel = {
image = "cloudflare/cloudflared:latest";
cmd = [
"tunnel"
"run"
];
environmentFiles = [ config.sops.secrets."docker/cloud_flare_tunnel".path ];
dependsOn = [ "haproxy" ];
extraOptions = [ "--network=web" ];
autoStart = true;
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/cloud_flare_tunnel".owner = "docker-service";
"docker/haproxy_cert".owner = "docker-service";
};
};
}

40
systems/jeeves-jr/hardware.nix Normal file
View File

@@ -0,0 +1,40 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
swapDevices = [ { device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; } ];
boot = {
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
initrd = {
kernelModules = [ ];
availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
};
};
fileSystems = {
"/" = lib.mkDefault {
device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/7295-A442";
fsType = "vfat";
};
};
}

49
systems/jeeves-jr/home_assistant.nix Normal file
View File

@@ -0,0 +1,49 @@
{
services.home-assistant = {
enable = true;
openFirewall = true;
config = {
http = {
server_port = 8123;
server_host = [
"192.168.95.35"
"192.168.90.35"
"192.168.98.4"
];
use_x_forwarded_for = true;
trusted_proxies = "172.100.0.4";
};
homeassistant = {
time_zone = "America/New_York";
unit_system = "imperial";
temperature_unit = "F";
};
assist_pipeline = { };
backup = { };
bluetooth = { };
config = { };
dhcp = { };
energy = { };
history = { };
homeassistant_alerts = { };
image_upload = { };
logbook = { };
media_source = { };
mobile_app = { };
ssdp = { };
sun = { };
webhook = { };
zeroconf = { };
};
extraPackages =
python3Packages: with python3Packages; [
psycopg2
gtts
aioesphomeapi
esphome-dashboard-api
bleak-esphome
pymetno
];
extraComponents = [ "isal" ];
};
}

43
systems/jeeves-jr/networking.nix Normal file
View File

@@ -0,0 +1,43 @@
{
networking = {
hostId = "1beb3026";
firewall.enable = false;
};
systemd.network = {
enable = true;
netdevs = {
"20-ioit-vlan" = {
netdevConfig = {
Kind = "vlan";
Name = "ioit-vlan";
};
vlanConfig.Id = 20;
};
};
networks = {
"10-lan" = {
matchConfig.Name = "enp4s0";
DHCP = "yes";
vlan = [ "ioit-vlan" ];
linkConfig.RequiredForOnline = "routable";
};
"40-ioit-vlan" = {
matchConfig.Name = "ioit-vlan";
DHCP = "yes";
};
};
};
services.zerotierone = {
enable = true;
joinNetworks = [ "e4da7455b2ae64ca" ];
};
}
# 22/tcp open ssh
# 800/tcp open mdbs_daemon
# 5355/tcp open llmnr
# 8123/tcp open polipo
# 9993/tcp open palace-2

65
systems/jeeves-jr/secrets.yaml Normal file
View File

@@ -0,0 +1,65 @@
docker:
cloud_flare_tunnel: ENC[AES256_GCM,data:E+XYu5AxS8Ew9OVIfbH5gLkMk+rZ4yT96tSGAwL4smedkddoevRnqil78LtFNYKV8Zo3MpuA8q/c4Me0KrrlSAvwJz1T2cev0dKnuTei3MHZxK7RwWYo9UMJH+aV+l343OY9nvGBj6ryTM3wKyUIoqSmOnRCAbYmhkkqN0wFO+Mxxqjw6nf5UEeeKb36k2NwlhjjnscOKe+wo3sXhjjzVXrE3IOUQJM3hWWukMElcYewVgJmstRidKiNCRMi1/UYMk/Nfhk=,iv:yFJ5SbHB3wZ0FEF0k9KrWye55ref7OqbQPd8oMLTmH4=,tag:p3K4yGR6X2+uKIj4H6rZ+g==,type:str]
haproxy_cert: ENC[AES256_GCM,data:1n2BurHeWI+j7CMQ7qk3DUl+8MgqRsgtYQ1TxJKcPXuz0YBkg6SUp95lPZv6Jo+2OIaVxCoWpiuoLp8YgtJgnZo4S9QVG2qi60sWCSf4acMRSg0hIA/pdcslogZc5LrsBOTINZCODE4mz7Bya42f+RfVfwPGT7Buz8MniW6kfT9cr3iuq+BQc6513sHhDHgZJgwdfP5x9XrwEtaBl41Db7ejGTrza9jtsHqkrD8j3Pf1XJDhACrTeB7Uqh68sjwc2giAc/2bInDayvnKFHqHaLFTUMAbCeMPOiEZSK4UaWrSMk5I5wDVu8Ya8nBostHlPOBT06gFxT13aEe3Ox3/ctBm/83BXhFfjEaYy6AbMhbp29nxUogVjMICs3FiHG3XBz7vsVxxcBvLXp1Bw3ml5Vd7ACKQPe+r1T54aIdYMoab8DhKPMqb/6TQwrhWD3je4wwOHzzQq9psE1hlB2lJsRnAsVAy9a7M5aBpj0v2pCPVjxjkGHqUUgN+w4hzPPf10A0dWiaXc3k8bWcwc1SlJwHvYxphyZEjNQAzXrAkUPcuy4+9c7LwniMdu5qoUL/oZPW5VHWgtrUO9IlAgduiEujrAW96zfz4jfM0UBqJHT58l/WHHmBM8bMsRDHTnc43uvdoU+VgjtTiFERBi+Xm5mXCqWd4d5Y5P8ozIwGho8UdLqmR9Y2nth1mrs//FIh9mZ7i7QQGHBzoR7ICRDX2ghK98J4RMfF2ph0I+nhWpoCq056xItoVZyAEWQSR4ptpAaKMX4Crd3hrK6tZmyvaTrk5IsNaf5hrS+Fw8uTYUAM+3E6kb1TJwFvUH1plkwU83iBRlboRO5d1ahESp5nifZIVz+KBStLjUVWfXnelPCkH55LVnobgk0zekoEeNLKq+Q5wOBmR28rYXVp/q+FNCgxEW+tXIswmC72jbsDxM/oMHBQnYsmEy5dTxU2X/IzmrZfWod07fRblkWRplzLGyEjsY7CquHlG119LuHcWFOUGxYm3bgn1pGnIV3cBLvbInEAPK0apqSXMBSJw0mk/ihtdx8ANidMn8nhkHVjo/Bo9orH3tJdw8l7x+Cei347CkiQZz21jHvL1qcV/EAAxBnT4c5WtOljo13ntk8RiARdye4hcUXpORIUhH8zq88RNquOkF5QjV8C/u2EaUhQYqy3Xts49v7S9I8LLzjrrfY/IDQVqlJsAgkNuwvheTlya5JoeTasscLfLt3iJ7LsbzWWqQrfn3KQJp3H4Gxh/uqak/V5ROBahHQ4KpXzsDG++XLE0o7W4BFQbrBYV99mlGzB1blmX30C8S+b8n1u+oMXfH8oY20Jm5UQcV5/JNK8WG69ihonRDXdX7fy2WGzylql2hj+3aoYYdYpFAeHVLNzj9vAIxPHzvK0JmwdynsFLo4Hpyn7KN+6L3MSACjAOc3SxY20XxjmqJSWVEM0tq4Zbe/VdhOF1L4pyIBMKQC2XwrWyturTboh86qAfyxtYzEQXGLzz585nVnwj9PLmXQw98M8JWwsFq58ZsOdQZKhN3e0aSY2opSigmXQ9ZJeCF+6KbwElOSz4pDfkZIXqZc+LCzEl5IO1CxLWCTIIfN3Gx60W3vz8QohydoCBt2FLHH3lBiAEitWxYQhsfdlFExQa1/+0WSk3wK5dEA7SPaBWKq+xtPR0yUmuT/JN4VPX+hqqkVHigk8+XfqE/H1as9JbYo92N6xBd2ZrNzhFIkMykUOT+0etVtyOdXLkxdV9lwaBX9ARPHJV7g35e52UspX335aLGE0GtCaIbHRwJuENCIixo7sbdmB9i9xSTeg+7RBQAWpuR7O6firAEKWOGBaYzDUBnqt++Q2wUuMnQBJE/9bh,iv:3FuXEQxbTvbdnBnwPxF+T8QZvQoWX/WXx3lpDBXML1k=,tag:g1Y4qY+XoSA6K/LCKbllOw==,type:str]
server-validation:
webhook: ENC[AES256_GCM,data:/6QI+KKKJkbVO7YsxcU/gnjgp9scNzqzq56wnqAU88YdYYNU7FaRifzH00RlEb9VYvNBlT0FggnZSSX1rNN5W63tLaiYFn/GVfjlUSnwrgueTVG8Sor6HtYTIfMOdPm9B7jflpECk7ByguoDlimH0J1QrcWd+Kqx772sH63bKV1GbCaYSkRHQp9QbvbO,iv:p5W/xniUe75RqJA9PtMcNRnsY4kUBeD0p6iQDLbkSSc=,tag:dh2a8/Doyznjd1hswmXMuQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NXJJMjBjeU9XQS9YZGxQ
V1h5RlNUVTA5Mkx3M3ZobGs5WFA0NXFGakR3CnIxVk9nYU1aWkNoZ0F0WGd0ck5Q
VWpSU0ZRdENTWnFVOVNQY0Z4ems4MEUKLS0tIFVqcGJtZWRxSTZwZWhjYm56bnkr
QmcxMmhaaGZXU1VFN0pvT1VDN3hpcGsKXUlVytBrz8sUorTSHXZaOMYA5U6qUpas
ZJiHtVGxRVwCpraHWLmQTRkO6pT36cEVsfsMnFH6NLOMOvA3vLX8/g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-07T23:09:51Z"
mac: ENC[AES256_GCM,data:nZPpOrOSKc+7dcbpBdZRH5FLih6o5Ii5bLWgzZ7xP/BZ36vp7ypdncE/jS0/Rz2AiOOrK0G9ovEOoL7jOMrqaUBAJNPzXTX/IdOcFrsxPL47saZKWQHqXkGXrX49nafeea7VtEvoM4qK2AiyYl2ogir+Mw304mhDIUqHhPNNvQs=,iv:ykOg2Pxpp+Sap648UZaiaRVMutWTdUXvP+Pi2cWy86g=,tag:AARw0YmjcesHLdS31i+B3g==,type:str]
pgp:
- created_at: "2024-03-23T05:49:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA84hNUGIgI/nARAAgcuMhO3nmxYY8KiW6AYxU2rFo2OQnpzZVtbMJB43wDQX
0UAOVmUyhGM2wd3tJgnvyfnguy6p3LfjZrXdTkTzrv5yCJVvKXhORcLisjaXLS8H
TCe9Fa4I9CvKo/yyRsRYS59niql0ocTs1Eb7cLiKuX19RIuQ7TjMPnjkdj5xXooa
kPJXfwL1SpUU3kjhuTHqWlD0m5t0RPiTpDym8fExMSvbTWyMY0BPA+qD1atMeUik
i3x2boqfoyD1GZ64Z5NrxRD0dN6TQvJLX1K1XTzanUhvfsy/PvDftCHKQc2n2Opk
btnKZa1mfiiLUQly+njSvH8ERYg27j5ACEQ0V9rtGPa3xnVYZm6Z5h0v68aqsotJ
aOzJa7/k0ZV/tBD1pT+9T2a/W9v4U+KdKKL19ebNvMtFxy50jN8SQsrTtxv5G5fA
sc+HkrcnLezFHYtGG85PfbTGsKMWpwu+4BrcmuW6dBcADZ1fZdkqgi+GcYGL2xy1
bddjuOWnzXb93t1pSIkaHcVWc6s5Atf3IB/liyNEux4kdquOHZQJi0WBi0l8GEmG
/ggJN4shRqtMqEkomaZkyZMsHnkmenusjbIlKJrwolhZSyDP8Kk5iPYXMxG21vrr
YpWHr388q8H7+ksnxYiNFXyY2cQKtOsD3UMIV8edMc/lHjTOi0BFNMHmU3WDsajS
XAGXsys00baAzcQHIS0jijU4mJQAqYL3S7FrcDGW8qhTGFpQ8ngVLvwLfqMvUn8v
LB3M5/7+Ld8xV4AZWr8mvv+7ZNNnnZzImETCLnekfvLEV9F2pTCH2Z21RPEL
=XWl7
-----END PGP MESSAGE-----
fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
- created_at: "2024-03-23T05:49:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA29thaGx06tOARAAoI93A3cy3V2dJo8HBIrLC2RK3SKBkPiPFjWO/Zvnv8Q0
IhfzjusX+3f8HIa3CxJjTbOktcq+A2a4EyBes2Rd4bX9H2Fs2VVrSmUf3S/dO1b5
GiZamHnC+1zsXUB5IFcfjMSzeKKsOWYu9DmUcalsseo/XVJjxw9DzRnPUesI/aMs
y5kKKtNDcvAK4AWidME6LTP9FgiMx09sQfuAl4YCJv1trOvxt+dN932fbAkHVAq0
Lc90rG6LDLT1w/8i9evBRRX/ZexAI3vTGn/nTqKi+B9BdFA4dY0KiHtGIS+UNtNo
vL6PTKIRejGfqt13DwUWRobKnezcpJkTkdz+Pa+cQhdwSL2tFjr0hEbZL3e76YEx
CNsgbB9h0pIm/2YvhG1k0f0skWfjXLAtR6PQPKu1OycppX02fbK9XRShb+Fik7P+
GfFLxf4JYAMMOHsxP30EVQONiR9XsITH149GSZ3nTBX7vUsk3b7Z+ou1Ma27EhiW
iPWTqpDgLQ/VZW+027h/l8iwv52L8eE6Y+LE32jNUTQjMW3OWKw9zknX4wciNR07
EPAy8eC9rfhUVnTB7RJlTOY03yyEiBjowJn/0e0g8+AUMKC4mAuasPUwPhptQ6pH
8up/75WglUAg04eni0p5g6X7rGj+09OEDNMtvYVt7HglX7T86O2sBcVKa/j095jS
XAGIy2HXf+By9BFKM4q6uuAh4QceHn2QaQ/ckhYGMrHulzAeORPxYaYdXoeEj18k
auBqSPzj8E9yPi4jl+miEO9BgVhRW45cxBbn2XV2KE08PIP9mZ2jxK9Ne4HQ
=jkZ+
-----END PGP MESSAGE-----
fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
unencrypted_suffix: _unencrypted
version: 3.8.1

33
systems/jeeves-jr/services.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
inputs,
pkgs,
...
}:
{
systemd = {
services.startup_validation = {
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
description = "validates startup";
path = [ pkgs.zfs ];
serviceConfig = {
Type = "oneshot";
EnvironmentFile = config.sops.secrets."server-validation/webhook".path;
ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/validate_jeevesjr";
};
};
timers.startup_validation = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "10min";
Unit = "startup_validation.service";
};
};
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets."server-validation/webhook".owner = "root";
};
}

10
systems/jeeves-jr/vars.nix Normal file
View File

@@ -0,0 +1,10 @@
let
zfs_main = "/ZFS/Main";
in
{
inherit zfs_main;
# main
main_docker = "${zfs_main}/Docker";
main_docker_configs = "${zfs_main}/Docker/configs";
main_mirror = "${zfs_main}/Mirror";
}

29
systems/jeeves/arch_mirror.nix Normal file
View File

@@ -0,0 +1,29 @@
{ inputs, pkgs, ... }:
let
vars = import ./vars.nix;
in
{
virtualisation.oci-containers.containers.arch_mirror = {
image = "ubuntu/apache2:latest";
volumes = [
"${../../users/richie/global/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
"${vars.media_mirror}:/data"
];
ports = [ "800:80" ];
extraOptions = [ "--network=web" ];
autoStart = true;
};
systemd.services.sync_mirror = {
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
description = "validates startup";
path = [ pkgs.rsync ];
serviceConfig = {
Environment = "MIRROR_DIR=${vars.media_mirror}/archlinux/";
Type = "simple";
ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/sync_mirror";
};
};
}

165
systems/jeeves/configuration.nix Normal file
View File

@@ -0,0 +1,165 @@
{ pkgs, ... }:
let
vars = import ./vars.nix;
in
{
imports = [
../../users/richie/global/ssh.nix
../../users/richie/global/syncthing_base.nix
./arch_mirror.nix
./docker
./networking.nix
./programs.nix
./services.nix
];
boot = {
zfs.extraPools = [
"media"
"storage"
"torrenting"
];
filesystem = "zfs";
useSystemdBoot = true;
};
environment = {
systemPackages = with pkgs; [ docker-compose ];
etc = {
# Creates /etc/lynis/custom.prf
"lynis/custom.prf" = {
text = ''
skip-test=BANN-7126
skip-test=BANN-7130
skip-test=DEB-0520
skip-test=DEB-0810
skip-test=FIRE-4513
skip-test=HRDN-7222
skip-test=KRNL-5820
skip-test=LOGG-2190
skip-test=LYNIS
skip-test=TOOL-5002
'';
mode = "0440";
};
};
};
services = {
nfs.server.enable = true;
openssh.ports = [ 629 ];
plex = {
enable = true;
dataDir = vars.media_plex;
};
smartd.enable = true;
sysstat.enable = true;
syncthing.guiAddress = "192.168.90.40:8384";
syncthing.settings.folders = {
"notes" = {
id = "l62ul-lpweo"; # cspell:disable-line
path = vars.media_notes;
devices = [
"bob"
"phone"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"books" = {
id = "6uppx-vadmy"; # cspell:disable-line
path = "${vars.storage_syncthing}/books";
devices = [
"bob"
"phone"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"important" = {
id = "4ckma-gtshs"; # cspell:disable-line
path = "${vars.storage_syncthing}/important";
devices = [
"bob"
"phone"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"music" = {
id = "vprc5-3azqc"; # cspell:disable-line
path = "${vars.storage_syncthing}/music";
devices = [
"bob"
"phone"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"projects" = {
id = "vyma6-lqqrz"; # cspell:disable-line
path = "${vars.storage_syncthing}/projects";
devices = [
"bob"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
};
usbguard = {
enable = false;
rules = ''
allow id 1532:0241
'';
};
zfs = {
trim.enable = true;
autoScrub.enable = true;
};
};
systemd = {
services."snapshot_manager" = {
description = "ZFS Snapshot Manager";
requires = [ "zfs-import.target" ];
after = [ "zfs-import.target" ];
serviceConfig = {
Environment = "ZFS_BIN=${pkgs.zfs}/bin/zfs";
Type = "oneshot";
ExecStart = "${pkgs.python3}/bin/python3 ${vars.media_scripts}/ZFS/snapshot_manager.py --config-file='${./snapshot_config.toml}'";
};
};
timers."snapshot_manager" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "15m";
OnUnitActiveSec = "15m";
Unit = "snapshot_manager.service";
};
};
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
"zfs/backup_key".path = "/root/zfs/backup_key";
"zfs/docker_key".path = "/root/zfs/docker_key";
"zfs/main_key".path = "/root/zfs/main_key";
"zfs/notes_key".path = "/root/zfs/notes_key";
"zfs/plex_key".path = "/root/zfs/plex_key";
"zfs/postgres_key".path = "/root/zfs/postgres_key";
"zfs/qbit_key".path = "/root/zfs/qbit_key";
"zfs/scripts_key".path = "/root/zfs/scripts_key";
"zfs/syncthing_key".path = "/root/zfs/syncthing_key";
"zfs/vault_key".path = "/root/zfs/vault_key";
};
};
system.stateVersion = "23.11";
}

7
systems/jeeves/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }:
{
users = [
"alice"
"richie"
];
}

11
systems/jeeves/docker/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{ lib, ... }:
{
imports =
let
files = builtins.attrNames (builtins.readDir ./.);
nixFiles = builtins.filter (name: lib.hasSuffix ".nix" name && name != "default.nix") files;
in
map (file: ./. + "/${file}") nixFiles;
virtualisation.oci-containers.backend = "docker";
}

15
systems/jeeves/docker/filebrowser.nix Normal file
View File

@@ -0,0 +1,15 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers.filebrowser = {
image = "hurlenko/filebrowser:latest";
extraOptions = [ "--network=web" ];
volumes = [
"/zfs:/data"
"${vars.media_docker_configs}/filebrowser:/config"
];
autoStart = true;
user = "1000:users";
};
}

68
systems/jeeves/docker/haproxy.cfg Normal file
View File

@@ -0,0 +1,68 @@
global
log stdout format raw local0
# stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
defaults
log global
mode http
retries 3
maxconn 2000
timeout connect 5s
timeout client 50s
timeout server 50s
timeout http-request 10s
timeout http-keep-alive 2s
timeout queue 5s
timeout tunnel 2m
timeout client-fin 1s
timeout server-fin 1s
#Application Setup
frontend ContentSwitching
bind *:80
bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
mode http
# tmmworkshop.com
acl host_mirror hdr(host) -i mirror.tmmworkshop.com
acl host_dndrules hdr(host) -i dndrules.tmmworkshop.com
acl host_grafana hdr(host) -i grafana.tmmworkshop.com
acl host_filebrowser hdr(host) -i filebrowser.tmmworkshop.com
acl host_uptime_kuma hdr(host) -i uptimekuma-jeeves.tmmworkshop.com
acl host_overseerr hdr(host) -i overseerr.tmmworkshop.com
use_backend mirror_nodes if host_mirror
use_backend dndrules_nodes if host_dndrules
use_backend grafana_nodes if host_grafana
use_backend filebrowser_nodes if host_filebrowser
use_backend uptime_kuma_nodes if host_uptime_kuma
use_backend overseerr_nodes if host_overseerr
backend mirror_nodes
mode http
server server arch_mirror:80
backend mirror_rsync
mode http
server server arch_mirror:873
backend grafana_nodes
mode http
server server grafana:3000
backend dndrules_nodes
mode http
server server dnd_file_server:80
backend filebrowser_nodes
mode http
server server filebrowser:8080
backend uptime_kuma_nodes
mode http
server server uptime_kuma:3001
backend overseerr_nodes
mode http
server server overseerr:5055

161
systems/jeeves/docker/internal.nix Normal file
View File

@@ -0,0 +1,161 @@
{ config, ... }:
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
qbit = {
image = "ghcr.io/linuxserver/qbittorrent:latest";
ports = [
"6881:6881"
"6881:6881/udp"
"8082:8082"
"29432:29432"
];
volumes = [
"${vars.media_docker_configs}/qbit:/config"
"${vars.torrenting_qbit}:/data"
];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
WEBUI_PORT = "8082";
};
autoStart = true;
};
qbitvpn = {
image = "binhex/arch-qbittorrentvpn:latest";
extraOptions = [ "--cap-add=NET_ADMIN" ];
ports = [
"6882:6881"
"6882:6881/udp"
"8081:8081"
"8118:8118"
];
volumes = [
"${vars.media_docker_configs}/qbitvpn:/config"
"${vars.torrenting_qbitvpn}:/data"
"/etc/localtime:/etc/localtime:ro"
];
environment = {
WEBUI_PORT = "8081";
PUID = "600";
PGID = "100";
VPN_ENABLED = "yes";
VPN_CLIENT = "openvpn";
STRICT_PORT_FORWARD = "yes";
ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.90.0/24";
NAME_SERVERS = "1.1.1.1,1.0.0.1";
UMASK = "000";
DEBUG = "false";
DELUGE_DAEMON_LOG_LEVEL = "debug";
DELUGE_WEB_LOG_LEVEL = "debug";
};
environmentFiles = [ config.sops.secrets."docker/qbit_vpn".path ];
autoStart = true;
};
bazarr = {
image = "ghcr.io/linuxserver/bazarr:latest";
ports = [ "6767:6767" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.media_docker_configs}/bazarr:/config"
"${vars.storage_plex}/movies:/movies"
"${vars.storage_plex}/tv:/tv"
];
autoStart = true;
};
prowlarr = {
image = "ghcr.io/linuxserver/prowlarr:latest";
ports = [ "9696:9696" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.media_docker_configs}/prowlarr:/config" ];
autoStart = true;
};
radarr = {
image = "ghcr.io/linuxserver/radarr:latest";
ports = [ "7878:7878" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.media_docker_configs}/radarr:/config"
"${vars.storage_plex}/movies:/movies"
"${vars.torrenting_qbitvpn}:/data"
];
autoStart = true;
};
sonarr = {
image = "ghcr.io/linuxserver/sonarr:latest";
ports = [ "8989:8989" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.media_docker_configs}/sonarr:/config"
"${vars.storage_plex}/tv:/tv"
"${vars.torrenting_qbitvpn}:/data"
];
autoStart = true;
};
overseerr = {
image = "ghcr.io/linuxserver/overseerr:latest";
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.media_docker_configs}/overseerr:/config" ];
dependsOn = [
"radarr"
"sonarr"
];
extraOptions = [ "--network=web" ];
autoStart = true;
};
unpackerr = {
image = "golift/unpackerr:latest";
user = "600:100";
environment = {
TZ = "America/New_York";
};
volumes = [
"${vars.torrenting_qbit}:/data"
"${config.sops.secrets.unpackerr_conf}:/etc/unpackerr/unpackerr.conf"
];
autoStart = true;
};
whisper = {
image = "ghcr.io/linuxserver/faster-whisper:latest";
ports = [ "10300:10300" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
WHISPER_MODEL = "tiny-int8";
WHISPER_LANG = "en";
WHISPER_BEAM = "1";
};
volumes = [ "${vars.media_docker_configs}/whisper:/config" ];
autoStart = true;
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets."docker/qbit_vpn".owner = "docker-service";
};
}

37
systems/jeeves/docker/postgresql.nix Normal file
View File

@@ -0,0 +1,37 @@
{ config, ... }:
let
vars = import ../vars.nix;
in
{
users = {
users.postgres = {
isSystemUser = true;
group = "postgres";
uid = 999;
};
groups.postgres = {
gid = 999;
};
};
virtualisation.oci-containers.containers = {
postgres = {
image = "postgres:16";
ports = [ "5432:5432" ];
volumes = [ "${vars.media_database}/postgres:/var/lib/postgresql/data" ];
environment = {
POSTGRES_USER = "admin";
POSTGRES_DB = "archive";
POSTGRES_INITDB_ARGS = "--auth-host=scram-sha-256";
};
environmentFiles = [ config.sops.secrets."docker/postgres".path ];
autoStart = true;
user = "postgres:postgres";
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets."docker/postgres".owner = "postgres";
};
}

16
systems/jeeves/docker/uptime_kuma.nix Normal file
View File

@@ -0,0 +1,16 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
uptime_kuma = {
image = "louislam/uptime-kuma:latest";
volumes = [
"${vars.media_docker_configs}/uptime_kuma:/app/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
extraOptions = [ "--network=web" ];
autoStart = true;
};
};
}

65
systems/jeeves/docker/web.nix Normal file
View File

@@ -0,0 +1,65 @@
{ config, ... }:
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
grafana = {
image = "grafana/grafana-enterprise:latest";
volumes = [ "${vars.media_docker_configs}/grafana:/var/lib/grafana" ];
user = "600:600";
extraOptions = [ "--network=web" ];
autoStart = true;
};
dnd_file_server = {
image = "ubuntu/apache2:latest";
volumes = [
"${../../../users/richie/global/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
"${vars.storage_main}/Table_Top/:/data"
];
extraOptions = [ "--network=web" ];
autoStart = true;
};
haproxy = {
image = "haproxy:latest";
user = "600:600";
environment = {
TZ = "Etc/EST";
};
volumes = [
"${config.sops.secrets."docker/haproxy_cert".path}:/etc/ssl/certs/cloudflare.pem"
"${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg"
];
dependsOn = [
"arch_mirror"
"dnd_file_server"
"filebrowser"
"grafana"
"overseerr"
"uptime_kuma"
];
extraOptions = [ "--network=web" ];
autoStart = true;
};
cloud_flare_tunnel = {
image = "cloudflare/cloudflared:latest";
user = "600:600";
cmd = [
"tunnel"
"run"
];
environmentFiles = [ config.sops.secrets."docker/cloud_flare_tunnel".path ];
dependsOn = [ "haproxy" ];
extraOptions = [ "--network=web" ];
autoStart = true;
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/cloud_flare_tunnel".owner = "docker-service";
"docker/haproxy_cert".owner = "docker-service";
};
};
}

45
systems/jeeves/hardware.nix Normal file
View File

@@ -0,0 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd.availableKernelModules = [
"mpt3sas"
"nvme"
"xhci_pci"
"ahci"
"uas"
"usb_storage"
"usbhid"
"sd_mod"
"sr_mod"
];
initrd.kernelModules = [ "dm-snapshot" ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems."/" = lib.mkDefault {
device = "/dev/disk/by-uuid/0f78fa87-30be-4173-b0fa-eaa956cf83aa";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/BB77-2647";
fsType = "vfat";
};
swapDevices = [ { device = "/dev/disk/by-uuid/4c797a94-be32-43d3-89ac-7f02912c7cf5"; } ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

40
systems/jeeves/networking.nix Normal file
View File

@@ -0,0 +1,40 @@
{
networking = {
hostId = "1beb3027";
firewall.enable = false;
};
systemd.network = {
enable = true;
networks = {
"10-1GB_Primary" = {
matchConfig.Name = "enp98s0f0";
DHCP = "yes";
};
};
networks = {
"10-1GB_Secondary" = {
matchConfig.Name = "enp98s0f1";
DHCP = "yes";
};
};
networks = {
"10-10GB_Primary" = {
matchConfig.Name = "enp97s0f0np0";
DHCP = "yes";
linkConfig.RequiredForOnline = "routable";
};
};
networks = {
"10-10GB_Secondary" = {
matchConfig.Name = "enp97s0f1np1";
DHCP = "yes";
};
};
};
services.zerotierone = {
enable = true;
joinNetworks = [ "e4da7455b2ae64ca" ];
};
}

4
systems/jeeves/programs.nix Normal file
View File

@@ -0,0 +1,4 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ filebot ];
}

7
systems/jeeves/scripts/plex_permission.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
plex_dir="/zfs/storage/plex/"
chown docker-service:users -R "$plex_dir"
find "$plex_dir" -type f -exec chmod 664 {} \;
find "$plex_dir" -type d -exec chmod 775 {} \;

78
systems/jeeves/secrets.yaml Normal file
View File

@@ -0,0 +1,78 @@
docker:
postgres: ENC[AES256_GCM,data:IpXIrRDzyGFjDz908w1NNb0GBna/ce9lCtOkXrpUfyllsTWca6AeqaRo23bL4jfFGfHn0Zf9okLO,iv:IwO7vJJHFfm0SGcJETpWtdhr41jPddN9nuVAH/Ooa7Y=,tag:xstwPvpvkNOZucxvzq2+ag==,type:str]
cloud_flare_tunnel: ENC[AES256_GCM,data:Qx7g0tNSfVs9VnkuYw47XJjfF+RS9B5gvpBliGL93X8K/7iiyt0NxwWyAkmmaLat5h/Yu7C71rwBIIZsKf7Ke3YS0PfEpga76ftKt3h7VKMQNT7yAcU3LY4v2h3Molnzw2fnAhxfHkogJuAsZeJW9dIjo9H2QpSh/tn9kpC+PGb/T9dcqMm4fJPqP+rIcFCfhJl9iDOKOMQ9+xVNnKZ2HQlAwPMCz29BgGCxh0cYYk9ftXPK7ZnhjwUj4bfnaKfByIPpAtk=,iv:8yz2vXanGZfOkZF/D0RP2LPqHebbOM/XBPg2eCCGs8g=,tag:67da31iZTQaMURKf9dfiJw==,type:str]
qbit_vpn: ENC[AES256_GCM,data:SRkcWb2wTTfWlgkbDSN6j5+dXnG670qFGtG2x4fajkE8eK4U30DTxrlbzta5ZMtm0Y9bquy3DcaSMF/u9CBrLbBS8mhcJw==,iv:LpkS7O+eutPUDpY5NlYjgafK6UuFsS+18yNpB+JmzcM=,tag:0Y+vj80MAbh2U+UsyH3MEA==,type:str]
haproxy_cert: ENC[AES256_GCM,data:6yRv0cz/vBVguAPOsENhmH2uwwgL5AkOkkDQQ+PVPEEiOTIn1WPONhnG0UqR3FsWJal8qECH/zTF1XMmdK4VHQXwMA8gGScpIrgeWuhdCbXsJ7RxZBzVESOCo8ZOcR43w3Qih+0iz3SsNmX262/D7DIzKYlLovyoJDGZa5jo0n2zCZiRfbdal8m02dplaFHMsGy6+Gn3Uijo9MnnuWvgihBh1ekRnpSzVM4/IyyvUunK0vEapVsgOq+brdW2x0BQFgL3PLGaJbAbzFhXYI1MmD+D7RzOGSzNmrj1ezea+b2Lb/p8CATh05i+lz6530U6iwun0lcREDxPrJgU0TsI/JZGSq3blHn9lZuHmnwBp05LsliBO+yoxgqnC45/xTZwiSdlyqqnXHlXPuBS7UoJFlll93aIpULfNZMyqx/FO5ckmV0nuNVMCrF7JfsE+t/XNs077kB4FKYNk4TDodKyn2scfypQFK7qprW9JKJwx0Se8FWU2fMKsuMszElMLudRHagyDVO+LJ+/ta6Qj68CRU1g8cQANh4Q6PwI0HABX3J5n3ERQUxZvVeCq9FRMJ7JE0was3QfBGGPROHksK+rP9y8g8CFRgGjwzDoxslaYO+tIiIsaDcqbTiOQDTiDh4/ioqX9EENrA8qIEtKSn6m35+4pwY0xvKToAnI7vhwQ93A1mZrwKXgoNSShA4Q+MfSEIuJd6LJihLh5IFvl595iOpGDWCJsXZnDL3K8B6oofPTtLnOOQC4sy9wGiNshdgfv6aVwpdPKvOtFwHmu1n8eZInfSZgUdwUaHHMXjrXHboBQ6ZPsrdZBt9ADSUpz+uN6+TgXq6HLWHSqtmrWS6jABQfbpHH7pLZAXuii4MsnTEr1rOEbtgZTH6Sedd57Pp5MpNXDg950vd9plCkGPiRfDUWXHnRw8frWfoTS+eOqkVwJ0+v48IskuYLZSCAF0/kumtbySDQStNowF+cAp7lk24Cp8W8PXw/LqI8U8FijVxMPtgzLwRKKd10zRI+Jrsi9E8YXSKCaFMIBLottRHwdvWA7aIYnuVTxzCmHt1jhJN349bjC/yTIuIS4gW+XlriFqip17Eq/878+Uduwf1+Fxqdpv8kDleyqix0SO/JmhQijgIUhc3Im3whXicEu6vlivzJGyjA/ljFyJvV/irRK/VrIWEoA5nLX74fmF9Ku/O94pDIPaKCsCP+N/fOPLG5ucw6lPxllZS9qg2cNsl9ajXGPu8GBB4FaZUt/Ufid6xjC5YloictI3Bp5x2glhpxzQ8zAbv5vpBA0h6xhkt4NSmxWurvBmRoRnBdYIvEaeoehj10yLpiY4DsZYLTU5IrLV/aYlb2q4K2OKRvYOBQgeDtEkIMqHYWsddfKHi+1KjQ/176DDIbUoYb4XtPJmNOcIeRM2oiaCcTzerU5TXL5qBl213buTcIPaV0sVVxoH+2RYBM28mjQoj8sHwQLLuFve0MeUZzfJ8MqMM+Guhn25aw4R0tGkiRBUL5d8l86awOpqXtFiK2QTh3S7QeZoCA80YVH5r6FdqMz34UgwEFo0nfBcH2nSnDwpcBrbwzV6/Xahck4nVaIn6znJPqlIKntfeXJuXl/9ulpwx7D4mL7hLcal9WY62KZ1PQ+NHz5WjaPbgLMdeNFFr6CKGGqSPkTOhjgQ1y4ChuYfbVn+yZRqUwhFWtKuuouAZXH55KkVlsB39H+oNYp0hqAUiVkeawHqbTgOHb+llz0uF7r0TGD23aMXeV58n0i3xsDET9mhxSyj5vUo5iqY8eEqgn4mOvsdp6rkpC4c91drgV/gFJu2jgCvVVdG/mHFVnZEv5+/rA2reqdqMTBOpLQNEbL5Ih1LKG,iv:PUp78PWvy+lmcLiR295BGiVTLnAPX+du4lcw/Pvq/KE=,tag:k/3H2+jF9no751mvO5S5WQ==,type:str]
zfs:
backup_key: ENC[AES256_GCM,data:sJzR/DfM6+tmmcewZT+NAJk0gj8wmU43QfFCRCj9+2GITOS8suRL7E5rHTherCZgRe79T90ikM97bYf9RbZdtQ==,iv:j8F3BG/hh7UK3kC+pB6WO0OHlSSHn0jo90AgaTdpyNY=,tag:5hraDn8YqS/q57y26AXwjw==,type:str]
docker_key: ENC[AES256_GCM,data:HiW+3IYJCgqg9HJmPYQinhb6kWJouORABKniryY5e35tf8BQGKn1ldgj4Dw+79SYmvIUbf4ZSja0Ziz1isKTWA==,iv:6vBtbIlTHC+PUgyXYb92SnMTuWd8jCaEzZ3Vmv2QHhA=,tag:izKWtAQWRfn5tAYKyOO+ZQ==,type:str]
main_key: ENC[AES256_GCM,data:6ZZQc7TSAuK4PrxQxegPrFMjT1SZlRGgg5VgVg1e6ZM1RO9ZDjhcmpFRd1pkbm5DEJKq1VpUxTvxXGQDrMYO9A==,iv:Yp2jTtBd8gjB8Sdfb06ZBLpVd/KCjs/pfnBRT2ll/0c=,tag:F0HSbkZ8Z45WkUY/VNwvHg==,type:str]
notes_key: ENC[AES256_GCM,data:y3fTl3aNl8RaZwBR2thy7qfxilw+wGEj8+tTuRr+z+A6ol9N6droFNBHQcK3yWDWP8MhMKe1efWhgbZ0Raz17A==,iv:BbBjMtsb2ZDJjgbgkXP3SYl3xklI5xWmW3X9mlLlvdI=,tag:Ic3rLP30wApmOeLGFEYgVA==,type:str]
plex_key: ENC[AES256_GCM,data:fWzTSKkVCkWmZ9ZDv1/OYYZPsQKV54Ib98Bq4A+4ibT9mk28Zp7XeczOJVj6+K4+04EQgQj8RyP2x70tuFp3Xg==,iv:pyHzIo4ws4Lyd5zVflUa7yjNVefTTpEdkjCVmXDuucE=,tag:msn0NFXuq3zKGY5vE1nR1Q==,type:str]
postgres_key: ENC[AES256_GCM,data:mLa0A6pJXZ7BX9bYat9mQ30Dx/KWU9KHjiApuapBUbRtH+gtAJRGwLeXJPyMTOirFwuWWTdOts8dTMESWp7eOg==,iv:MFyo2LbdsYeoUyhWEv0EWKXNFhxoLjNs5M7ar6dlrjw=,tag:KpaatId8TdVzAEelD1tlzQ==,type:str]
qbit_key: ENC[AES256_GCM,data:19XIzi4waSOLdfgKo8z6NMX9Ee4Xw1/JqbjQEvKwWh+ar2r5P3sFJMHI394ebx4vITO0lOzl/EwcUiWt7LB6uw==,iv:s+TWyb5SzeCFZAZdKs28o7s8So++eLqR1Qc9ZWjUGwY=,tag:teHdPEhWkzDWizJD/czA6w==,type:str]
scripts_key: ENC[AES256_GCM,data:2htMEDCByUbCQ1loPEDCVNtXXqffCRHMpiobEDHI506hdEk6d/N7lmlUIqLa5YCNB6ozt0y6EEKBxnbouEHIWQ==,iv:eUYmsliDF49BNSpF+KSiT1rlPtzQpmhNC8Cy2tahMX8=,tag:8xCvm1LwDPArJ/woIO23Bg==,type:str]
syncthing_key: ENC[AES256_GCM,data:36zfmVuCEHFED3ODeoGuAxJvySY1SxWT9ml+DFvb01KdUqIGZDZj1cKoZCH+GsgYJMsQF6t+uqZJOGeyNmzMlg==,iv:17tLW4ytRpUmmltA4UIZGhsrNAGRjvucxxt9zLM3C54=,tag:YWirDB0fYSpu1evqVaoa+Q==,type:str]
vault_key: ENC[AES256_GCM,data:kFZa5oRVXuSp7W7311i0d8b7I0Y3P8bZbBoaaICuH1IlMLBVd6SUhL8cfFU66yj91W6uUJU/Oy7NpP3rM9mhGw==,iv:neRhOqW/b2DpUqoA5JJxLS4fSqj8ZGxRXv4pEPm7Wtc=,tag:bfAD3GAO6F2hBCZy7P7KUA==,type:str]
server-validation:
webhook: ENC[AES256_GCM,data:54MQzwEOf6uS6cgnPeJizRXMvGTGxLf6q1N3tGDxxpXKmSJedW+kpY2GoV91SxeeTWUyDKQcWp2fs5SwrdfDFHID9JN4wWJM0JjADggZ6u+BMEH01nnXpCJlhGq6cxDkI6gNSVgNVQW/eYNHDhnVmwwGpse4q62G1TmKlziBCv1Qahn4c3O+bOOEssio,iv:2Rcg7XSCmQeFd2oaX4GxSGXwgE3Ep1WsoPRRYo0dvH0=,tag:rPjDghxdcpME5SwoPKWv2w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTREhIRUd1K3JCM29mVHVv
d2Q4eFBLWnRUTGEzelZOMS9ScXNyV3ZGbHpNCjNCSEhmTDQ4VUtta0RXdXJUY0da
Vld5WDlJS3oyWkk5KzUzam9PYXZSa1kKLS0tIHJuaktpU3hnUWEwZzc4eHNjSitI
bVhXamJyMWMvODUvajk2aDZnQ1k1blEKoNIYxUA+k+DA+1WYq5BSa0iXuQ2Lctuy
9W7OO2m+QGzjdLLM0uS7WWGXWP2cDDgUGcqozTqM0Oqi2/OY0Bo3Jg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-07T23:09:43Z"
mac: ENC[AES256_GCM,data:36CZLl3+VSFTSTj9jDT9972XZMXjaY5jo9FZ7I7L0sOSBRH8vQ+tFww7hVHe5M2w/+YA0SRGH3r8WCbie6GeRjmY+BZu42H656K0WrpRN8ERFv+io8geACdqUsLo1VLjhDrfXaGnNOHLpmMC5dqyPXlOphiolt+ArKOBLuqtrnY=,iv:jaL/l1zwYusThKeR9C62fEGHwiv4fEvCarSiavjxQ0U=,tag:xgygx6KM/J4w55CzdLeCUg==,type:str]
pgp:
- created_at: "2024-03-02T20:52:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA84hNUGIgI/nARAAxQSkqnR75Rd1htAv7esbpmXlrZH+frTL6V4jGoAiqTeF
TSA46E2nl7rVqPTws74OOb+O5bN3OkHSmmWzIbj6Pc8YnqY4t9N69zoCHtsbI1kn
FQ4WwUdzofIUMKwF+E31/knyKbf/IjSKTZKcDQmn6QErOdDmsN9/z6+ixLt+rdsz
lKwMX8axgmwgRsWI1Xhlb1qs4TZxheQQ4A4WYYNB1NhH0ZTIehI+FGe+wHh36UXf
cY/Z7KRLdozoLsuuAIAoXx/dr3KpwuyKHfp9MdZLzO/tvS9vA1i+tKRXmiDs2uuv
itCOTrt1H7LEpUfdBYD9ll2mdiRnVzR4DxNnGLPkxsyAglejTxR897DcYFC9xhie
X6UfKTOIeAGXVUqphp8HB0CEFBW982246kDSKdOI/R3+X4T5fvMpLTb5XvkOlCIi
JUwXxoq3SA06a8WCS6QH8jLnXrcCKzX1TJh0RzT7/RUvKDN6uxxccxOksMExvgBG
nqfOcLiCXBzluCseDgmjcW0/arm1d88Kd7ayMv25CX1Py5uRRQOkqqnCdNIk5Yy5
0R+KyOPeZPThVTE1DhJ3QyF499XMoFjerHyanwIlvkAQtet1k8EKih1KSD9N38ga
K1HRowhoPMkszsU6+LZYL3MD0aUkfz53b7JvzIxYsfJgztwg3ki0qteEXUNyLMTS
XgG9xHF63wa7IwBtKgQKX/CVCwpg5EuNfwbACbIQAC9QZ/F6z+Ud2UJkSs94UUF4
aOGb2P1QFvLbP7m+7TNmvuLT5BDcS2XE0IWRDilkeiFU6ijGW8+iQ5oTzv+TmA0=
=JbRX
-----END PGP MESSAGE-----
fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
- created_at: "2024-03-02T20:52:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA29thaGx06tOARAAm8GMWZxxY1UBYK7p60Hlw2qCOH7KZ5cby8vm9dWz3Tnt
+YKW2SsRniwY6KaSVvnUuRBY75BF6jahW6+h9Nvhsrsvq680UIaQtO6l6KmtnxHV
S6vEDmvoFZVWG1xOEGYHVQ+GF9elIwuYrzST1OU3vATMstMxrm0WQJ2lOq7YpuGi
hNoMK3nMxpmTlT49CYn2sGX3PlNA4qDOVo/fwL5m3lV5mKzJNs7q8IakbPZm6yqR
wGjfkHq3ZlKnTUC66sBX8yvSoZ2cM6vrYhxgb1Um8z9BKLpAb7Rr9AXB5IUWxSkz
jXyEi9aDySDxv2HkjP3fE4D5wtC1neS8YsYDBcSsqoXt5sKAs1DOvzLbIOkObH3Y
uSxozoGJu5CVnBrOpxXdNf1RMnww85uxSAupiLQ2fsC/0AaeGB8dPYIZr/WekWAR
RF3igqZX7KVRuomUOt9fwJoHnRr1GWCHqYTB3P7/e52JcmCggBRLcnhC/1MKgMtN
RJh8Uuu9aXCBfR148W+s76xIdVwypPWbk8l911TdL1eRKx+d+kxAa1ugIqihvkBQ
sGjZltEe0ogAsDpS0Cy/HRH8Yz1Qk2gTh1QZiv865aVVfWu0OTU27TlfCyMQQCkO
LtBfOWylV6pJG3aaO2QA+4f4ab8flxdg8DrmBlhudzYY2goHIcfe+CdPygrKB/nS
XgEx1HFw47B1YJxY7FiFgEwnI6/AJuf136u1i484nVYXAr5PtnyaXH7kqVozHouT
sPkE1v7+EpOIbhEdXQxbSG0AXKomUwu4SJgxSitdTajAQYfHHfTVjdnUqyl8QHw=
=wX5X
-----END PGP MESSAGE-----
fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
unencrypted_suffix: _unencrypted
version: 3.8.1

52
systems/jeeves/services.nix Normal file
View File

@@ -0,0 +1,52 @@
{
config,
inputs,
pkgs,
...
}:
{
systemd = {
services = {
plex_permission = {
description = "maintains /zfs/storage/plex permissions";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash ${./scripts/plex_permission.sh}";
};
};
startup_validation = {
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
description = "validates startup";
path = [ pkgs.zfs ];
serviceConfig = {
EnvironmentFile = config.sops.secrets."server-validation/webhook".path;
Type = "oneshot";
ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/validate_jeeves";
};
};
};
timers = {
plex_permission = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1h";
OnCalendar = "daily 03:00";
Unit = "plex_permission.service";
};
};
startup_validation = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "10min";
Unit = "startup_validation.service";
};
};
};
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets."server-validation/webhook".owner = "root";
};
}

29
systems/jeeves/snapshot_config.toml Normal file
View File

@@ -0,0 +1,29 @@
["media/Notes"]
15_min = 8
hourly = 24
daily = 30
monthly = 12
["storage/plex"]
15_min = 6
hourly = 2
daily = 1
monthly = 0
["media/plex"]
15_min = 6
hourly = 2
daily = 1
monthly = 0
["media/notes"]
15_min = 8
hourly = 24
daily = 30
monthly = 12
["media/docker"]
15_min = 3
hourly = 12
daily = 14
monthly = 2

23
systems/jeeves/vars.nix Normal file
View File

@@ -0,0 +1,23 @@
let
zfs_media = "/zfs/media";
zfs_storage = "/zfs/storage";
zfs_torrenting = "/zfs/torrenting";
in
{
inherit zfs_media zfs_storage zfs_torrenting;
# media
media_database = "${zfs_media}/syncthing/database";
media_docker = "${zfs_media}/docker";
media_docker_configs = "${zfs_media}/docker/configs";
media_mirror = "${zfs_media}/mirror";
media_notes = "${zfs_media}/notes";
media_plex = "${zfs_media}/plex/";
media_scripts = "${zfs_media}/scripts";
# storage
storage_main = "${zfs_storage}/main";
storage_plex = "${zfs_storage}/plex";
storage_syncthing = "${zfs_storage}/syncthing";
# torrenting
torrenting_qbit = "${zfs_torrenting}/qbit";
torrenting_qbitvpn = "${zfs_torrenting}/qbitvpn";
}

43
systems/palatine-hill/acme.nix
View File

@@ -1,43 +0,0 @@
{
config,
lib,
pkgs,
outputs,
...
}:
{
security.acme = {
acceptTerms = true;
defaults.email = "aliceghuston@gmail.com";
certs."nayeonie.com" = {
dnsProvider = "dnsimple";
environmentFile = config.sops.secrets."acme/dnsimple".path;
dnsPropagationCheck = false;
group = "haproxy";
extraDomainNames = [
"*.nayeonie.com"
# "alicehuston.xyz"
# "*.alicehuston.xyz"
];
};
};
systemd.services."acme-nayeonie.com.service".path = lib.mkForce (
with pkgs;
[
coreutils
diffutils
openssl
]
++ [
outputs.packages.x86_64-linux.lego-latest
]
);
sops.secrets = {
"acme/dnsimple" = {
owner = "root";
};
};
}

127
systems/palatine-hill/attic/default.nix → systems/palatine-hill/attic.nix
View File

@@ -8,18 +8,34 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
attic-client attic-client
attic
]; ];
services = { services = {
postgresql = {
enable = true;
ensureDatabases = [ "atticd" ];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
];
upgrade = {
enable = true;
stopServices = [ "atticd" ];
};
};
atticd = { atticd = {
enable = true; enable = true;
environmentFile = config.sops.secrets."attic/secret-key".path; credentialsFile = config.sops.secrets."attic/secret-key".path;
settings = { settings = {
listen = "[::]:8183"; listen = "[::]:8183";
allowed-hosts = [ "attic.nayeonie.com" ]; allowed-hosts = [ "attic.alicehuston.xyz" ];
api-endpoint = "https://attic.nayeonie.com/"; api-endpoint = "https://attic.alicehuston.xyz";
compression.type = "none"; # let ZFS do the compressing compression.type = "none"; # let ZFS do the compressing
database = { database = {
url = "postgres://atticd?host=/run/postgresql"; url = "postgres://atticd?host=/run/postgresql";
@@ -32,7 +48,7 @@
type = "s3"; type = "s3";
region = "us-east-1"; region = "us-east-1";
bucket = "cache-nix-dot"; bucket = "cache-nix-dot";
endpoint = "https://minio.nayeonie.com"; endpoint = "https://minio.alicehuston.xyz";
}; };
# Warning: If you change any of the values here, it will be # Warning: If you change any of the values here, it will be
@@ -62,60 +78,61 @@
# borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix # borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
# configured default webstore for this on root user separately # configured default webstore for this on root user separately
# systemd = { systemd = {
# services = { services = {
# attic-watch-store = { attic-watch-store = {
# wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
# after = [ after = [
# "network-online.target" "network-online.target"
# "docker.service" "docker.service"
# "atticd.service" "atticd.service"
# ]; ];
# requires = [ requires = [
# "network-online.target" "network-online.target"
# "docker.service" "docker.service"
# "atticd.service" "atticd.service"
# ]; ];
# description = "Upload all store content to binary cache"; description = "Upload all store content to binary cache";
# serviceConfig = { serviceConfig = {
# User = "root"; User = "root";
# Restart = "always"; Restart = "always";
# ExecStart = "${pkgs.attic-client}/bin/attic watch-store cache-nix-dot"; ExecStart = "${pkgs.attic}/bin/attic watch-store cache-nix-dot";
# }; };
# }; };
# attic-sync-hydra = { attic-sync-hydra = {
# after = [ after = [
# "network-online.target" "network-online.target"
# "docker.service" "docker.service"
# "atticd.service" "atticd.service"
# ]; ];
# requires = [ requires = [
# "network-online.target" "network-online.target"
# "docker.service" "docker.service"
# "atticd.service" "atticd.service"
# ]; ];
# description = "Force resync of hydra derivations with attic"; description = "Force resync of hydra derivations with attic";
# serviceConfig = { serviceConfig = {
# Type = "oneshot"; Type = "oneshot";
# User = "root"; User = "root";
# ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}"; ExecStart = "${config.nix.package}/bin/nix ${./attic/sync-attic.bash}";
# }; };
# }; };
# }; };
# timers = { timers = {
# attic-sync-hydra = { attic-sync-hydra = {
# wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
# timerConfig = { timerConfig = {
# OnBootSec = 600; OnBootSec = 600;
# OnUnitActiveSec = 86400; OnUnitActiveSec = 86400;
# Unit = "attic-sync-hydra.service"; Unit = "attic-sync-hydra.service";
# }; };
# }; };
# }; };
# }; };
sops = { sops = {
defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
"attic/secret-key".owner = "root"; "attic/secret-key".owner = "root";
"attic/database-url".owner = "root"; "attic/database-url".owner = "root";

42
systems/palatine-hill/configuration.nix
View File

@@ -6,19 +6,13 @@
}: }:
{ {
imports = [ imports = [
./acme.nix ./attic.nix
./attic ./docker.nix
./docker
./gitea.nix
./firewall.nix
./haproxy
./hardware-changes.nix
./hydra.nix ./hydra.nix
./minio.nix ./minio.nix
./networking.nix ./networking.nix
./nextcloud.nix ./nextcloud.nix
./postgresql.nix ./services.nix
./samba.nix
./zfs.nix ./zfs.nix
]; ];
@@ -58,14 +52,10 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
chromedriver
chromium
docker-compose docker-compose
intel-gpu-tools intel-gpu-tools
jellyfin-ffmpeg jellyfin-ffmpeg
jq jq
yt-dlp
yq
]; ];
services = { services = {
@@ -73,8 +63,32 @@
nfs.server.enable = true; nfs.server.enable = true;
openssh.ports = [ 666 ]; openssh.ports = [ 666 ];
smartd.enable = true; smartd.enable = true;
calibre-server.enable = false;
postgresql = {
enable = true;
enableJIT = true;
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map alice postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
# initialScript = config.sops.secrets."postgres/init".path;
upgrade = {
enable = true;
stopServices = [
"hydra-evaluator"
"hydra-init"
"hydra-notify"
"hydra-queue-runner"
"hydra-send-stats"
"hydra-server"
];
};
};
}; };
nix.gc.options = "--delete-older-than 150d"; nix.gc.options = "--delete-older-than 150d";

7
systems/palatine-hill/default.nix
View File

@@ -1,7 +1,8 @@
{ inputs, ... }: { inputs, ... }:
{ {
users = [ "alice" ]; users = [
modules = [ "alice"
# inputs.attic.nixosModules.atticd "richie"
]; ];
modules = [ inputs.attic.nixosModules.atticd ];
} }

5
systems/palatine-hill/docker.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }:
{
virtualisation.docker.daemon.settings.data-root = "/var/lib/docker2";
}

112
systems/palatine-hill/docker/act-runner.nix
View File

@@ -1,112 +0,0 @@
{
config,
...
}:
let
vars = import ../vars.nix;
act_path = vars.primary_act;
act_config_path = ./act_config.yaml;
in
{
virtualisation.oci-containers.containers = {
act-stable-latest-main = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
ports = [ "8088:8088" ];
volumes = [
"${act_config_path}:/config.yaml"
"${act_path}/stable-latest-main/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-main";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-1 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${./act_config.yaml}:/config.yaml"
"${act_path}/stable-latest-1/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-1";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-2 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_config_path}:/config.yaml"
"${act_path}/stable-latest-2/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-2";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
};
systemd = {
timers."custom-watchtower@act-runner" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "20m";
OnUnitActiveSec = "5m";
Unit = "custom-watchtower@act-runner.service";
};
};
services."custom-watchtower@act-runner" = {
bindsTo = [ "docker.service" ];
after = [ "docker.service" ];
description = "a watchtower-esque script for systemd-based oci-containers";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'act-runner'";
};
};
};
sops.secrets = {
"docker/act-runner" = {
owner = "root";
restartUnits = [
"docker-act-stable-latest-main.service"
"docker-act-stable-latest-1.service"
"docker-act-stable-latest-2.service"
];
};
};
}

95
systems/palatine-hill/docker/act_config.yaml
View File

@@ -1,95 +0,0 @@
# Example configuration file, it's safe to copy this as the default config file without any modification.
# You don't have to copy this file to your instance,
# just run `./act_runner generate-config > config.yaml` to generate a config file.
log:
# The level of logging, can be trace, debug, info, warn, error, fatal
level: debug
runner:
# Where to store the registration result.
file: .runner
# Execute how many tasks concurrently at the same time.
capacity: 1
# Extra environment variables to run jobs.
envs:
A_TEST_ENV_NAME_1: a_test_env_value_1
A_TEST_ENV_NAME_2: a_test_env_value_2
# Extra environment variables to run jobs from a file.
# It will be ignored if it's empty or the file doesn't exist.
env_file: .env
# The timeout for a job to be finished.
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
timeout: 3h
# The timeout for the runner to wait for running jobs to finish when shutting down.
# Any running jobs that haven't finished after this timeout will be cancelled.
shutdown_timeout: 30m
# Whether skip verifying the TLS certificate of the Gitea instance.
insecure: false
# The timeout for fetching the job from the Gitea instance.
fetch_timeout: 5s
# The interval for fetching the job from the Gitea instance.
fetch_interval: 2s
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
# Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `daemon`, will use labels in `.runner` file.
labels:
- "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
- "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
- "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
#cache:
# Enable cache server to use actions/cache.
#enabled: true
# The directory to store the cache data.
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
#dir: ""
# The host of the cache server.
# It's not for the address to listen, but the address to connect from job containers.
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
#host: ""
# The port of the cache server.
# 0 means to use a random available port.
#port: 0
# The external cache server URL. Valid only when enable is true.
# If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
# The URL should generally end with "/".
#external_server: ""
container:
# Specifies the network to which the container will connect.
# Could be host, bridge or the name of a custom network.
# If it's empty, act_runner will create a network automatically.
network: ""
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: false
# And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
options:
# The parent directory of a job's working directory.
# NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically.
# If the path starts with '/', the '/' will be trimmed.
# For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
# If it's empty, /workspace will be used.
workdir_parent:
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
# For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
# valid_volumes:
# - data
# - /src/*.json
# If you want to allow any volume, please use the following configuration:
# valid_volumes:
# - '**'
valid_volumes: []
# overrides the docker client host with the specified one.
# If it's empty, act_runner will find an available docker host automatically.
# If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
docker_host: ""
# Pull docker image(s) even if already present
force_pull: true
# Rebuild docker image(s) even if already present
force_rebuild: false
host:
# The parent directory of a job's working directory.
# If it's empty, $HOME/.cache/act/ will be used.
workdir_parent:

152
systems/palatine-hill/docker/archiveteam.nix
View File

@@ -1,152 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
containers = {
archiveteam-imgur = {
image = "imgur-grab";
scale = 1;
};
archiveteam-telegram = {
image = "telegram-grab";
scale = 3;
};
archiveteam-reddit = {
image = "reddit-grab";
scale = 0;
};
archiveteam-dpreview = {
image = "dpreview-grab";
scale = 0;
};
archiveteam-issuu = {
image = "issuu-grab";
scale = 0;
};
archiveteam-urls = {
image = "urls-grab";
scale = 2;
};
archiveteam-urlteam = {
image = "terroroftinytown-client-grab";
scale = 2;
};
archiveteam-mediafire = {
image = "mediafire-grab";
scale = 1;
};
archiveteam-github = {
image = "github-grab";
scale = 1;
};
archiveteam-lineblog = {
image = "lineblog-grab";
scale = 0;
};
archiveteam-banciyuan = {
image = "banciyuan-grab";
scale = 0;
};
archiveteam-wysp = {
image = "wysp-grab";
scale = 0;
};
archiveteam-xuite = {
image = "xuite-grab";
scale = 0;
};
archiveteam-gfycat = {
image = "gfycat-grab";
scale = 0;
};
archiveteam-skyblog = {
image = "skyblog-grab";
scale = 0;
};
archiveteam-zowa = {
image = "zowa-grab";
scale = 0;
};
archiveteam-blogger = {
image = "blogger-grab";
scale = 1;
};
archiveteam-vbox7 = {
image = "vbox7-grab";
scale = 0;
};
archiveteam-pastebin = {
image = "pastebin-grab";
scale = 1;
};
archiveteam-youtube = {
image = "youtube-grab";
scale = 0;
};
archiveteam-deviantart = {
image = "deviantart-grab";
scale = 0;
};
archiveteam-postnews = {
image = "postnews-grab";
scale = 0;
};
archiveteam-askfm = {
image = "askfm-grab";
scale = 1;
};
archiveteam-mangz = {
image = "mangaz-grab";
scale = 1;
};
archiveteam-cohost = {
image = "cohost-grab";
scale = 1;
};
};
container-spec = container-name: container: {
image = "atdr.meo.ws/archiveteam/${container}:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "archiveteam";
};
volumes = [ "${at_path}/${container-name}:/grab/data" ];
log-driver = "local";
cmd = lib.splitString " " "--concurrent 6 AmAnd0";
};
inherit (lib.rad-dev.container-utils) createTemplatedContainers;
vars = import ../vars.nix;
at_path = vars.primary_archiveteam;
in
{
virtualisation.oci-containers.containers = createTemplatedContainers containers container-spec;
systemd = {
timers."custom-watchtower@archiveteam" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "20m";
OnUnitActiveSec = "5m";
Unit = "custom-watchtower@archiveteam.service";
};
};
services."custom-watchtower@archiveteam" = {
bindsTo = [ "docker.service" ];
after = [ "docker.service" ];
description = "a watchtower-esque script for systemd-based oci-containers";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'archiveteam'";
};
};
};
}

32
systems/palatine-hill/docker/books.nix
View File

@@ -1,32 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
docker_path = vars.primary_docker;
calibre_path = vars.primary_calibre;
in
{
virtualisation.oci-containers.containers = {
automated-ffdl-alice = {
image = "mrtyton/automated-ffdl:latest";
user = "600:100";
extraOptions = [ "--restart=unless-stopped" ];
environment = {
PUID = "600";
PGID = "100";
};
volumes = [
"${docker_path}/auto-fic/config:/config"
"${calibre_path}/ffdl-alice:/var/lib/calibre-server"
];
};
};
services.autopull = {
enable = true;
repo.FanFicFare-alice = {
enable = true;
path = /ZFS/ZFS-primary/calibre/ffdl-alice/config/FanFicFare;
};
};
}

79
systems/palatine-hill/docker/default.nix
View File

@@ -1,79 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./act-runner.nix
# temp disable archiveteam for tiktok archiving
#./archiveteam.nix
# ./books.nix
#./firefly.nix
#./foundry.nix
./glances.nix
# ./haproxy.nix
./minecraft.nix
./nextcloud.nix
# ./postgres.nix
# ./restic.nix
./torr.nix
# ./unifi.nix
];
virtualisation.oci-containers.backend = "docker";
virtualisation.docker.daemon.settings = {
data-root = "/var/lib/docker2";
bip = "169.254.253.254/23";
fixed-cidr = "169.254.252.0/23";
default-address-pools = [
{
base = "169.254.2.0/23";
size = 28;
}
{
base = "169.254.4.0/22";
size = 28;
}
{
base = "169.254.8.0/21";
size = 28;
}
{
base = "169.254.16.0/20";
size = 28;
}
{
base = "169.254.32.0/19";
size = 28;
}
{
base = "169.254.64.0/18";
size = 28;
}
{
base = "169.254.128.0/18";
size = 28;
}
{
base = "169.254.192.0/19";
size = 28;
}
{
base = "169.254.224.0/20";
size = 28;
}
{
base = "169.254.240.0/21";
size = 28;
}
{
base = "169.254.248.0/22";
size = 28;
}
];
mtu = 9000;
};
}

25
systems/palatine-hill/docker/firefly.nix
View File

@@ -1,25 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
ffiii_path = "${vars.primary_docker}/firefly-iii";
in
{
virtualisation.oci-containers.containers = {
firefly = {
image = "fireflyiii/core:latest";
extraOptions = [
"--network=firefly-iii_default"
"--network=postgres-net"
];
environmentFiles = [ "${ffiii_path}/.env" ];
ports = [ "4188:8080" ];
volumes = [ "${ffiii_path}/app/upload:/var/www/html/storage/upload" ];
};
fidi = {
image = "fireflyiii/data-importer:latest";
environmentFiles = [ "${ffiii_path}/.fidi.env" ];
ports = [ "4187:8080" ];
dependsOn = [ "firefly" ];
};
};
}

28
systems/palatine-hill/docker/foundry.nix
View File

@@ -1,28 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
fvtt_path = "${vars.primary_games}/foundryvtt";
in
{
virtualisation.oci-containers.containers = {
foundryvtt = {
image = "felddy/foundryvtt:11";
hostname = "foundryvtt";
environment = {
#CONTAINER_PRESERVE_CONFIG= "true";
TIMEZONE = "America/New_York";
FOUNDRY_MINIFY_STATIC_FILES = "true";
};
environmentFiles = [ config.sops.secrets."docker/foundry".path ];
volumes = [ "${fvtt_path}:/data" ];
extraOptions = [
"--network=haproxy-net"
];
};
};
sops.secrets."docker/foundry" = {
owner = "docker-service";
restartUnits = [ "docker-foundryvtt.service" ];
};
}

24
systems/palatine-hill/docker/glances.nix
View File

@@ -1,24 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
glances_path = "${vars.primary_docker}/glances";
in
{
virtualisation.oci-containers.containers = {
glances = {
image = "nicolargo/glances:latest-full";
extraOptions = [
"--pid=host"
"--network=haproxy-net"
];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"${glances_path}/glances.conf:/glances/conf/glances.conf"
];
environment = {
GLANCES_OPT = "-C /glances/conf/glances.conf -w";
};
};
};
}

207
systems/palatine-hill/docker/haproxy.cfg
View File

@@ -1,207 +0,0 @@
global
# stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
# log stdout format raw local0 info
log stdout format raw local0
crt-base /etc/ssl/certs/
maxconn 120000
defaults
log global
mode http
timeout client 2000m
timeout connect 200s
timeout server 2000m
timeout http-request 2000m
frontend stats # you can call this whatever you want
mode http
bind *:9000 # default port, but you can pick any port
stats enable # turns on stats module
stats refresh 10s # set auto-refresh rate
#Application Setup
frontend ContentSwitching
bind *:80
# bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem crt /var/lib/acme/nayeonie.com/full.pem strict-sni
mode http
option httplog
# max-age is mandatory
# 16000000 seconds is a bit more than 6 months
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
# Front-end acess control list
http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
# Front-end acess control list
acl host_www hdr(host) -i www.alicehuston.xyz
acl host_www hdr(host) -i alicehuston.xyz
# acl host_ldapui hdr(host) -i authui.alicehuston.xyz
acl host_glances hdr(host) -i monit.alicehuston.xyz
acl host_glances hdr(host) -i glances.alicehuston.xyz
# acl host_foundry hdr(host) -i dnd.alicehuston.xyz
# acl host_netdata hdr(host) -i netdata.alicehuston.xyz
#acl host_terraria hdr(host) -i terraria.alicehuston.xyz
acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz
acl host_nextcloud hdr(host) -i nayeonie.com
acl host_hydra hdr(host) -i hydra.alicehuston.xyz
acl host_attic hdr(host) -i attic.alicehuston.xyz
acl host_minio hdr(host) -i minio.alicehuston.xyz
acl host_minio_console hdr(host) -i minio-console.alicehuston.xyz
acl host_attic hdr(host) -i attic.nayeonie.com
acl host_minio hdr(host) -i minio.nayeonie.com
acl host_minio_console hdr(host) -i minio-console.nayeonie.com
#acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz
# acl host_collabora hdr(host) -i collabora.alicehuston.xyz
acl host_prometheus hdr(host) -i prom.alicehuston.xyz
acl host_gitea hdr(host) -i git.alicehuston.xyz
acl host_gitea hdr(host) -i nayeonie.com
# Backend-forwarding
use_backend www_nodes if host_www
# use_backend ldapui_nodes if host_ldapui
use_backend glances_nodes if host_glances
use_backend foundry_nodes if host_foundry
# use_backend netdata_nodes if host_netdata
# use_backend terraria_nodes if host_terraria
use_backend nextcloud_nodes if host_nextcloud
use_backend hydra_nodes if host_hydra
use_backend attic_nodes if host_attic
#use_backend nextcloud_vol_nodes if host_nextcloud_vol
# use_backend collabora_nodes if host_collabora
use_backend prometheus_nodes if host_prometheus
use_backend minio_nodes if host_minio
use_backend minio_console_nodes if host_minio_console
use_backend gitea_nodes if host_gitea
#frontend ldap
# bind *:389
# bind *:636 ssl crt /etc/ssl/certs/cloudflare.pem
# mode tcp
# option tcplog
# acl host_ldap hdr(host) -i auth.alicehuston.xyz
# use_backend ldap_nodes if host_ldap
backend nextcloud_nodes
mode http
server server nextcloud:80
acl url_discovery path /.well-known/caldav /.well-known/carddav
http-request redirect location /remote.php/dav/ code 301 if url_discovery
acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
#backend nextcloud_nodes
# mode http
# server nxserver nextcloud:80
# acl url_discovery path /.well-known/caldav /.well-known/carddav
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
# http-request set-header X-Forwarded-Host %[req.hdr(Host)]
#backend nextcloud_vol_nodes
# mode http
# server server nextcloud-vol:80
# acl url_discovery path /.well-known/caldav /.well-known/carddav
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
#backend terraria_nodes
# mode http
# server server terraria:6526
#backend collabora_nodes
# mode http
# server server collabora:9980
backend www_nodes
mode http
server server grafana:3000
backend minio_nodes
mode http
server server 192.168.76.2:8500
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
backend minio_console_nodes
mode http
server server 192.168.76.2:8501
# backend foundry_nodes
# timeout tunnel 50s
# mode http
# server server foundryvtt:30000
#backend ldap_nodes
# mode tcp
# balance roundrobin
# option ldap-check
# server ldap1 192.168.76.2:1636 ssl ca-file /etc/ssl/certs/origin_ca_rsa_root.pem
#
#backend ldapui_nodes
# mode http
# server server 192.168.76.2:18081
backend glances_nodes
mode http
server server glances:61208
backend hydra_nodes
mode http
server server 192.168.76.2:3000
backend attic_nodes
mode http
server server 192.168.76.2:8183
backend prometheus_nodes
mode http
server server 192.168.76.2:9001
backend gitea_nodes
mode http
server server 192.168.76.2:6443
#backend netdata_nodes
# mode http
# server server 192.168.76.2:19999
# backend dnd_nodes
# mode http
# server server foundry:30000
# acl host_www hdr(host) -i www.tmmworkshop.com
frontend giteassh
mode tcp
bind :2222
default_backend giteassh_nodes
backend giteassh_nodes
mode tcp
server s1 192.168.76.2:2223
frontend minecraft
mode tcp
bind :25565
default_backend router_nodes
backend router_nodes
mode tcp
server s1 mc-router:25565

33
systems/palatine-hill/docker/haproxy.nix
View File

@@ -1,33 +0,0 @@
{ ... }:
{
virtualisation.oci-containers.containers = {
haproxy = {
image = "haproxy:latest";
extraOptions = [
"--restart=always"
"--network=haproxy-net"
];
volumes = [
"${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg:ro"
"/ZFS/ZFS-primary/docker/haproxy/certs:/etc/ssl/certs:ro"
];
ports = [
"80:80"
"443:443"
"25565:25565"
];
environment = {
PUID = "600";
PGID = "600";
};
dependsOn = [
"nextcloud"
"grafana"
"foundryvtt"
"glances"
"mc-router"
];
};
};
}

96
systems/palatine-hill/docker/minecraft.nix
View File

@@ -1,96 +0,0 @@
{ config, lib, ... }:
let
servers = {
atm6 = "atm6.alicehuston.xyz";
stoneblock3 = "sb3.alicehuston.xyz";
RAD2 = "rad.alicehuston.xyz";
skyfactory = "sf.alicehuston.xyz";
divinejourney = "dj.alicehuston.xyz";
rlcraft = "rlcraft.alicehuston.xyz";
arcanum-institute = "arcanum.alicehuston.xyz";
# bcg-plus = "bcg.alicehuston.xyz";
};
defaultServer = "rlcraft";
# defaultEnv = {
# EULA = "true";
# TYPE = "AUTO_CURSEFORGE";
# STOP_SERVER_ANNOUNCE_DELAY = "120";
# STOP_DURATION = "600";
# SYNC_CHUNK_WRITES = "false";
# USE_AIKAR_FLAGS = "true";
# MEMORY = "8GB";
# ALLOW_FLIGHT = "true";
# MAX_TICK_TIME = "-1";
# };
# defaultOptions = [
# "--stop-signal=SIGTERM"
# "--stop-timeout=1800"
# "--network=minecraft-net"
# ];
# vars = import ../vars.nix;
# minecraft_path = "${vars.primary_games}/minecraft";
in
{
virtualisation.oci-containers.containers = {
mc-router = {
image = "itzg/mc-router:latest";
extraOptions = [
"--network=haproxy-net"
"--network=minecraft-net"
];
cmd = [
(
"--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
+ (lib.rad-dev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
)
];
};
# rlcraft = {
# image = "itzg/minecraft-server:java8";
# volumes = [
# "${minecraft_path}/rlcraft/modpacks:/modpacks:ro"
# "${minecraft_path}/rlcraft/data:/data"
# ];
# hostname = "rlcraft";
# environment = defaultEnv // {
# VERSION = "1.12.2";
# CF_SLUG = "rlcraft";
# DIFFICULTY = "hard";
# ENABLE_COMMAND_BLOCK = "true";
# };
# extraOptions = defaultOptions;
# log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# };
# bcg-plus = {
# image = "itzg/minecraft-server:java17";
# volumes = [
# "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
# "${minecraft_path}/bcg-plus/data:/data"
# ];
# hostname = "bcg-plus";
# environment = defaultEnv // {
# VERSION = "1.17";
# CF_SLUG = "bcg";
# DIFFICULTY = "normal";
# DEBUG = "true";
# # ENABLE_COMMAND_BLOCK = "true";
# };
# extraOptions = defaultOptions;
# log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# };
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/minecraft".owner = "docker-service";
};
};
}

7
systems/palatine-hill/docker/nextcloud-image/nextcloud-apache.nix Normal file
View File

@@ -0,0 +1,7 @@
{
imageName = "nextcloud";
imageDigest = "sha256:fe7f941cc514fe01e343a515c7b33e6b12707c718157f6e25a67119e9918a061";
sha256 = "07w9rvmr2qy037ljdmk6w1n2dmwwa31ig7gzfb084wiv18hjfrg4";
finalImageName = "nextcloud";
finalImageTag = "apache";
}

107
systems/palatine-hill/docker/nextcloud.nix
View File

@@ -1,107 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
nextcloud_path = vars.primary_nextcloud;
redis_path = vars.primary_redis;
# nextcloud-image = import ./nextcloud-image { inherit pkgs; };
nextcloud-base = {
# image comes from running docker compose build in nextcloud-docker/.examples/full/apache
image = "nextcloud-nextcloud";
hostname = "nextcloud";
volumes = [
"${nextcloud_path}/nc_data:/var/www/html:z"
"${nextcloud_path}/nc_php:/usr/local/etc/php"
"${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"
#"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
];
extraOptions = [
"--network=haproxy-net"
"--network=postgres-net"
"--network=nextcloud_default"
];
dependsOn = [ "redis" ];
environmentFiles = [ config.sops.secrets."docker/nextcloud".path ];
};
in
{
virtualisation.oci-containers.containers = {
nextcloud = nextcloud-base // {
ports = [ "9999:80" ];
};
redis = {
image = "redis:latest";
user = "600:600";
volumes = [
"${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
"${redis_path}:/data"
];
extraOptions = [
"--network=nextcloud_default"
];
cmd = [
"redis-server"
"/usr/local/etc/redis/redis.conf"
];
};
go-vod = {
image = "radialapps/go-vod:latest";
dependsOn = [ "nextcloud" ];
environment = {
NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";
};
volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri:/dev/dri"
];
};
collabora-code = {
image = "collabora/code:latest";
dependsOn = [ "nextcloud" ];
environment = {
aliasgroup1 = "https://collabora.nayenoie.com:443";
aliasgroup2 = "https://nextcloud.alicehuston.xyz:443";
aliasgroup3 = "https://.*:443";
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
};
environmentFiles = [
config.sops.secrets."docker/collabora".path
];
extraOptions = [
"--network=haproxy-net"
"--privileged"
];
ports = [ "9980:9980" ];
};
};
users.users.www-data = {
uid = 33;
isSystemUser = true;
group = "www-data";
};
users.groups.www-data = {
gid = 33;
members = [ "www-data" ];
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/redis" = {
owner = "docker-service";
restartUnits = [ "docker-redis.service" ];
};
"docker/nextcloud" = {
owner = "www-data";
restartUnits = [ "docker-nextcloud.service" ];
};
"docker/collabora" = {
owner = "www-data";
restartUnits = [ "docker-collabora-code.service" ];
};
};
};
}

67
systems/palatine-hill/docker/postgres.nix
View File

@@ -1,67 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
psql_path = "${vars.primary_db}/postgresql";
in
{
virtualisation.oci-containers.containers = {
postgres = {
image = "postgres:16";
user = "600:600";
volumes = [
"${psql_path}/primary_new:/var/lib/postgresql/data"
"${psql_path}/pg_archives:/opt/pg_archives"
];
log-driver = "local";
extraOptions = [
"--network=postgres-net"
"--health-cmd='pg_isready -U firefly'"
"--health-interval=1s"
"--health-timeout=5s"
"--health-retries=15"
"--shm-size=1gb"
"--restart=always"
];
environmentFiles = [ config.sops.secrets."docker/pg".path ];
};
postgres-secondary = {
image = "postgres:16";
user = "600:600";
volumes = [
"${psql_path}/secondary_new:/var/lib/postgresql/data"
"${psql_path}/pg_archives:/opt/pg_archives"
];
log-driver = "local";
extraOptions = [
"--network=postgres-net"
"--health-cmd='pg_isready -U firefly'"
"--health-interval=1s"
"--health-timeout=5s"
"--health-retries=15"
"--shm-size=1gb"
"--restart=always"
];
environmentFiles = [ config.sops.secrets."docker/pg".path ];
};
postgres-adminer = {
image = "adminer/latest";
user = "600:600";
ports = [ "4191:8080" ];
dependsOn = [ "postgres" ];
extraOptions = [
"--restart=always"
"--network=postgres-net"
];
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/pg".owner = "docker-service";
};
};
}

38
systems/palatine-hill/docker/restic.nix
View File

@@ -1,38 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
restic_path = "${vars.primary_backups}/restic";
in
{
virtualisation.oci-containers.containers = {
restic = {
image = "restic/rest-server:latest";
volumes = [ "${restic_path}:/data" ];
environment = {
OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd";
};
ports = [ "8010:8000" ];
extraOptions = [
"--restart=always"
"--network=restic_restic"
];
};
grafana = {
image = "grafana/grafana:latest";
extraOptions = [
"--restart=always"
"--network=haproxy-net"
];
volumes = [
"grafanadata:/var/lib/grafana"
"${restic_path}/dashboards:/dashboards"
"${restic_path}/grafana.ini:/etc/grafana/grafana.ini"
];
environment = {
GF_USERS_DEFAULT_THEME = "dark";
};
};
};
}

103
systems/palatine-hill/docker/torr.nix
View File

@@ -1,103 +0,0 @@
{ pkgs, ... }:
let
delugeBase = {
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
UMASK = "000";
DEBUG = "true";
DELUGE_DAEMON_LOG_LEVEL = "debug";
DELUGE_WEB_LOG_LEVEL = "debug";
};
};
vars = import ../vars.nix;
#docker_path = vars.primary_docker;
torr_path = vars.primary_torr;
deluge_path = "${torr_path}/deluge";
delugevpn_path = "${torr_path}/delugevpn";
genSopsConf = file: {
"${file}" = {
format = "binary";
sopsFile = ./wg/${file};
path = "${delugevpn_path}/config/wireguard/configs/${file}";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
in
{
virtualisation.oci-containers.containers = {
deluge = delugeBase // {
image = "binhex/arch-deluge";
volumes = [
"${deluge_path}/config:/config"
"${deluge_path}/data/:/data"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"8084:8112"
"29433:29433"
];
};
delugeVPN = delugeBase // {
image = "binhex/arch-delugevpn";
extraOptions = [
"--privileged=true"
"--sysctl"
"net.ipv4.conf.all.src_valid_mark=1"
];
environment = delugeBase.environment // {
VPN_ENABLED = "yes";
VPN_CLIENT = "wireguard";
VPN_PROV = "custom";
ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.0.0/16";
NAME_SERVERS = "194.242.2.9";
# note, delete /config/perms.txt to force a bulk permissions update
};
volumes = [
"${delugevpn_path}/config:/config"
"${delugevpn_path}/data:/data"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"8085:8112"
"8119:8118"
"39275:39275"
"39275:39275/udp"
];
};
};
systemd.services.docker-delugeVPN = {
serviceConfig = {
ExecStartPre = [
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
+ "-type l -not -name wg0.conf "
+ "| ${pkgs.coreutils}/bin/shuf -n 1 "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
)
];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
};
};
sops.secrets =
(genSopsConf "se-mma-wg-001.conf")
// (genSopsConf "se-mma-wg-002.conf")
// (genSopsConf "se-mma-wg-003.conf")
// (genSopsConf "se-mma-wg-004.conf")
// (genSopsConf "se-mma-wg-005.conf")
// (genSopsConf "se-mma-wg-101.conf")
// (genSopsConf "se-mma-wg-102.conf")
// (genSopsConf "se-mma-wg-103.conf");
}

61
systems/palatine-hill/docker/unifi.nix
View File

@@ -1,61 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
unifi_path = "${vars.primary_docker}/unifi-2.0";
mongo_path = "${vars.primary_db}/mongo";
in
{
virtualisation.oci-containers.containers = {
unifi-controller = {
image = "lscr.io/linuxserver/unifi-network-application:latest";
volumes = [ "${unifi_path}/config:/config" ];
log-driver = "local";
dependsOn = [ "mongodb" ];
extraOptions = [ "--restart=unless-stopped" ];
ports = [
"8443:8443"
"3478:3478/udp"
"10001:10001/udp"
"8080:8080"
"1900:1900/udp" # optional
"8843:8843" # optional
"8880:8880" # optional
"6789:6789" # optional
"5514:5514/udp" # optional
];
environment = {
PUID = "1000";
PGID = "100";
TZ = "America/New_York";
MEM_LIMIT = "1024"; # optional
MEM_STARTUP = "1024"; # optional
MONGO_USER = "unifi";
MONGO_HOST = "mongodb";
MONGO_PORT = "27017";
MONGO_DBNAME = "unifi";
};
environmentFiles = [ config.sops.secrets."docker/unifi".path ];
};
mongodb = {
image = "docker.io/mongo:7.0";
environment = {
PUID = "1000";
PGID = "100";
TZ = "America/New_York";
};
extraOptions = [ "--restart=unless-stopped" ];
volumes = [
"${mongo_path}/unifi:/data/db"
"${unifi_path}/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro"
];
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/unifi".owner = "docker-service";
};
};
}

Some files were not shown because too many files have changed in this diff Show More