ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:main
Branches Tags
ahuston-0:main ahuston-0:update-flake-lock ahuston-0:feature/pii ahuston-0:feature/add-parthenon ahuston-0:feature/add-jessica ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:daeb9fbcb8dd2273d492c483f7c6a37ce076d0e6
Branches Tags
ahuston-0:update-flake-lock ahuston-0:feature/pii ahuston-0:main ahuston-0:feature/add-parthenon ahuston-0:feature/add-jessica ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes

1 Commits
main ... daeb9fbcb8

Author SHA1 Message Date
ahuston-0
daeb9fbcb8 upgrade artemision
All checks were successful
Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 7s
Details
Check Nix flake / Perform Nix flake checks (pull_request) Successful in 3m57s
Details
2025-12-19 03:20:47 -05:00
22 changed files with 278 additions and 506 deletions
Expand all files Collapse all files

140
flake.lock generated
View File

@@ -21,17 +21,17 @@
"base16-fish": { "base16-fish": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1765809053, "lastModified": 1754405784,
"narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=",
"owner": "tomyun", "owner": "tomyun",
"repo": "base16-fish", "repo": "base16-fish",
"rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tomyun", "owner": "tomyun",
"repo": "base16-fish", "repo": "base16-fish",
"rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github" "type": "github"
} }
}, },
@@ -76,11 +76,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1768536226, "lastModified": 1765080359,
"narHash": "sha256-d1VSTNa7ajTxT39QBp3gKSbgmgn7yx8RxTZuvZwNX9Y=", "narHash": "sha256-BvAgmqgswcokD2eWoyO3uB1k1VTdpxDHGSx0RYRFjDg=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "b092ea4a7d083e09e0aa2de909c1b35b9efb3ee0", "rev": "35f8ab2ecd954b3a348aa0e253878211c48a0aa7",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -93,11 +93,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1764873433, "lastModified": 1764724327,
"narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -125,11 +125,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1768135262, "lastModified": 1763759067,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -146,11 +146,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767609335, "lastModified": 1763759067,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca", "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -220,11 +220,11 @@
"flake": false, "flake": false,
"locked": { "locked": {
"host": "gitlab.gnome.org", "host": "gitlab.gnome.org",
"lastModified": 1767737596, "lastModified": 1764524476,
"narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=",
"owner": "GNOME", "owner": "GNOME",
"repo": "gnome-shell", "repo": "gnome-shell",
"rev": "ef02db02bf0ff342734d525b5767814770d85b49", "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -242,11 +242,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768530555, "lastModified": 1764998300,
"narHash": "sha256-EBXKDho4t1YSgodAL6C8M3UTm8MGMZNQ9rQnceR5+6c=", "narHash": "sha256-fZatn/KLfHLDXnF0wy7JxXqGaZmGDTVufT4o/AOlj44=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d21bee5abf9fb4a42b2fa7728bf671f8bb246ba6", "rev": "27a6182347ccae90a88231ae0dc5dfa7d15815bb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -283,11 +283,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768426687, "lastModified": 1765113580,
"narHash": "sha256-CopNx3j//gZ2mE0ggEK9dZ474UcbDhpTw+KMor8mSxI=", "narHash": "sha256-b8YOwGDFprkQJjXsKGuSNS1pWe8w4cUW36YxlUelNpU=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "541628cebe42792ddf5063c4abd6402c2f1bd68f", "rev": "db18f83bebbc2cf43a21dbb26cd99aabe672d923",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -337,11 +337,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1765267181, "lastModified": 1765080594,
"narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", "narHash": "sha256-5t3d655GqLblE+p5xN5ntkeRfZBesN7vehOWcRcU88M=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", "rev": "4194c582d0a3f440382ee00b729ea5cc5ef59754",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -417,11 +417,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1768583413, "lastModified": 1764440730,
"narHash": "sha256-tF5UD4D/s0kERXxhu5mzTo7FF/2jnU8PYf7wWk8guB0=", "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "45bf76ef956c7ac771b56c54a3009506dc6c7af6", "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -440,11 +440,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768443651, "lastModified": 1764726320,
"narHash": "sha256-hmIo/e6mo40Y2v1DaH2yTtvB3lZ/zcf6gVNmgYhBgYc=", "narHash": "sha256-0AD/V/uCDG15xZSkQayaKjn/4Rlvoilwa+PsoSaubco=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "nixos-modules", "repo": "nixos-modules",
"rev": "31108e0d75bd47ddfc217b58df598e78fe3bcd42", "rev": "1e03233c1b662f91c5ff8c7dba1a0a693a930e51",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -455,11 +455,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1764020296, "lastModified": 1765053261,
"narHash": "sha256-6zddwDs2n+n01l+1TG6PlyokDdXzu/oBmEejcH5L5+A=", "narHash": "sha256-CBVtkpfM7pMgXuXvByXn53p5lSm7fiDZK4EGOMnhaoo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a320ce8e6e2cc6b4397eef214d202a50a4583829", "rev": "60a511057b110094129bdfb99f343548b59f0aba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -471,11 +471,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1765674936, "lastModified": 1761765539,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -502,11 +502,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1768305791, "lastModified": 1764950072,
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=", "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e", "rev": "f61125a668a320878494449750330ca58b78c557",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -528,11 +528,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767810917, "lastModified": 1764773531,
"narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=", "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4", "rev": "1d9616689e98beded059ad0384b9951e967a17fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -552,11 +552,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767281941, "lastModified": 1765016596,
"narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -596,11 +596,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768531678, "lastModified": 1765075567,
"narHash": "sha256-tf4xEp5Zq8+Zce0WtU8b0VNMxhQtwes67sN2phnbkpk=", "narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "0a9de73f3c23206a2fce3c7656a42d3a3f07be9f", "rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -616,11 +616,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768481291, "lastModified": 1765079830,
"narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=", "narHash": "sha256-i9GMbBLkeZ7MVvy7+aAuErXkBkdRylHofrAjtpUPKt8=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "e085e303dfcce21adcb5fec535d65aacb066f101", "rev": "aeb517262102f13683d7a191c7e496b34df8d24c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -650,11 +650,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1768492720, "lastModified": 1765047449,
"narHash": "sha256-aHos307HyVtOriYZppyUjrkcEKQzyp9F5WzxpMjPFH8=", "narHash": "sha256-VQcqjJ2g0kT9TW4ENwA2HBQJzfbCUd5s1Wm3K+R2QZY=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "5287bc719dbb6efb26f48c1677a221c966a4a4d9", "rev": "bd00e01aab676aee88e6cc5c9238b4a5a7d6639a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -729,11 +729,11 @@
"tinted-schemes": { "tinted-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1767710407, "lastModified": 1763914658,
"narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=", "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "schemes", "repo": "schemes",
"rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2", "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -745,11 +745,11 @@
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1767489635, "lastModified": 1764465359,
"narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", "rev": "edf89a780e239263cc691a987721f786ddc4f6aa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -761,11 +761,11 @@
"tinted-zed": { "tinted-zed": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1767488740, "lastModified": 1764464512,
"narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-zed", "repo": "base16-zed",
"rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -787,11 +787,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1765936672, "lastModified": 1759739742,
"narHash": "sha256-wxkeSF0/3FI0HSBKhZ2mlAAmFviNrZzdhjHqTfWP6h0=", "narHash": "sha256-nTNmgO71tD3jJGpr9yIS1atOBJp8K1pwZOxnEdS+aAk=",
"owner": "Toqozz", "owner": "Toqozz",
"repo": "wired-notify", "repo": "wired-notify",
"rev": "491197a6a5ef9c65a85c3eb1531786f32ffff5b3", "rev": "6a96aa2066d8ad945f2323b63dc217081ef51168",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View File

@@ -171,7 +171,7 @@
inherit lib; # for allowing use of custom functions in nix repl inherit lib; # for allowing use of custom functions in nix repl
hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; }; hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt); formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
nixosConfigurations = genSystems inputs outputs src (src + "/systems"); nixosConfigurations = genSystems inputs outputs src (src + "/systems");
homeConfigurations = { homeConfigurations = {

12
hydra/jobs.nix
View File

@@ -8,7 +8,10 @@ let
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
getCfg = _: cfg: cfg.config.system.build.toplevel; getCfg = _: cfg: cfg.config.system.build.toplevel;
hostToAgg = _: cfg: cfg;
getHome = _: cfg: cfg.config.home.activationPackage; getHome = _: cfg: cfg.config.home.activationPackage;
homeToAgg = _: cfg: cfg;
# get per-system check derivation (with optional postfix) # get per-system check derivation (with optional postfix)
mapSystems = mapSystems =
@@ -24,6 +27,15 @@ rec {
host = lib.mapAttrs getCfg outputs.nixosConfigurations; host = lib.mapAttrs getCfg outputs.nixosConfigurations;
home = lib.mapAttrs getHome outputs.homeConfigurations; # homeConfigurations.alice.config.home.activationPackage home = lib.mapAttrs getHome outputs.homeConfigurations; # homeConfigurations.alice.config.home.activationPackage
hosts = pkgs.releaseTools.aggregate {
name = "hosts";
constituents = lib.mapAttrsToList hostToAgg host;
};
homes = pkgs.releaseTools.aggregate {
name = "homes";
constituents = lib.mapAttrsToList homeToAgg home;
};
devChecks = pkgs.releaseTools.aggregate { devChecks = pkgs.releaseTools.aggregate {
name = "devChecks"; name = "devChecks";
constituents = lib.flatten [ constituents = lib.flatten [

32
hydra/jobsets.nix
View File

@@ -18,7 +18,7 @@ let
}; };
prs = readJSONFile pulls; prs = readJSONFile pulls;
#refs = readJSONFile branches; refs = readJSONFile branches;
# template for creating a job # template for creating a job
makeJob = makeJob =
@@ -47,19 +47,19 @@ let
giteaHost = "ssh://gitea@nayeonie.com:2222"; giteaHost = "ssh://gitea@nayeonie.com:2222";
repo = "ahuston-0/nix-dotfiles"; repo = "ahuston-0/nix-dotfiles";
# # Create a hydra job for a branch # # Create a hydra job for a branch
#jobOfRef = jobOfRef =
# name: name:
# { ref, ... }: { ref, ... }:
# if ((builtins.match "^refs/heads/(.*)$" ref) == null) then if ((builtins.match "^refs/heads/(.*)$" ref) == null) then
# null null
# else else
# { {
# name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}"; name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}";
# value = makeJob { value = makeJob {
# description = "Branch ${name}"; description = "Branch ${name}";
# flake = "git+${giteaHost}/${repo}?ref=${ref}"; flake = "git+${giteaHost}/${repo}?ref=${ref}";
# }; };
# }; };
# Create a hydra job for a PR # Create a hydra job for a PR
jobOfPR = id: info: { jobOfPR = id: info: {
@@ -77,12 +77,12 @@ let
# wrapper function for reading json from file # wrapper function for reading json from file
readJSONFile = f: builtins.fromJSON (builtins.readFile f); readJSONFile = f: builtins.fromJSON (builtins.readFile f);
# remove null values from a set, in-case of branches that don't exist # remove null values from a set, in-case of branches that don't exist
#mapFilter = f: l: builtins.filter (x: (x != null)) (map f l); mapFilter = f: l: builtins.filter (x: (x != null)) (map f l);
# Create job set from PRs and branches # Create job set from PRs and branches
jobs = makeSpec ( jobs = makeSpec (
builtins.listToAttrs (map ({ name, value }: jobOfPR name value) (attrsToList prs)) builtins.listToAttrs (map ({ name, value }: jobOfPR name value) (attrsToList prs))
#// builtins.listToAttrs (mapFilter ({ name, value }: jobOfRef name value) (attrsToList refs)) // builtins.listToAttrs (mapFilter ({ name, value }: jobOfRef name value) (attrsToList refs))
); );
in in
{ {

2
shell.nix
View File

@@ -44,7 +44,7 @@ forEachSystem (
pre-commit pre-commit
treefmt treefmt
statix statix
nixfmt nixfmt-rfc-style
jsonfmt jsonfmt
mdformat mdformat
shfmt shfmt

2
systems/artemision/configuration.nix
View File

@@ -82,6 +82,8 @@
system.stateVersion = "24.05"; system.stateVersion = "24.05";
programs.adb.enable = true;
environment.variables = { environment.variables = {
"KWIN_DRM_NO_DIRECT_SCANOUT" = "1"; "KWIN_DRM_NO_DIRECT_SCANOUT" = "1";
}; };

4
systems/artemision/programs.nix
View File

@@ -5,7 +5,6 @@
alacritty alacritty
attic-client attic-client
amdgpu_top amdgpu_top
android-tools
bat bat
bitwarden-cli bitwarden-cli
bfg-repo-cleaner bfg-repo-cleaner
@@ -37,9 +36,6 @@
ipmiview ipmiview
iperf3 iperf3
# ipscan # ipscan
javaPackages.compiler.temurin-bin.jdk-25
javaPackages.compiler.temurin-bin.jdk-21
javaPackages.compiler.temurin-bin.jdk-17
jp2a jp2a
jq jq
kdePackages.kdenlive kdePackages.kdenlive

8
systems/artemision/secrets.yaml
View File

@@ -10,7 +10,7 @@ example_booleans:
- ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool] - ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool]
apps: apps:
spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str] spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str]
wifi-env: ENC[AES256_GCM,data:mxPCyunx8yOahcuVhZCzuqAt/G89lMBnZme+qwcxO4LsCftx7h2FotA+wnlj1++vmPW5zL72q2kzxh0KcVlYqK9fpOrMY/FJeJXWYNMZIHesmWKlaaeA1wM/q1dSllwuVuULp9WQzipiQHwcCCLseo3bmCsYpbs8PUibrDgbDqXreTSjJBNTVzwOGpz1bZCSpEynS+dQQViRSNcVeYTOLxrOTxx5lyEOIhgIc3167ObhK+7bJVG2ZcP209Gllip4XkCj/FKnEwg2vVF5Dpofz7T2Op5ef/oNzahhKmCa+k7OPqITWwPYZg7pqAf6jdMy4eBP/A==,iv:Q6IMqePFwd1b1pSuh+TIwcag2bbJXyIYUmJWY6UaaqI=,tag:UZ5ak6nmHkNG0uBMTl1CwQ==,type:str] wifi-env: ENC[AES256_GCM,data:2BM4wQq+RfASkg9lcH+fW7eD0VaPJMXABp3z0sYXqZbVzv9R9eAxSokxzcifT/1JK8PBwvZkWtEFrKAT3phXIZzoEySnGKGYazz8fqWWWhMJotLNNo5VkX70hLppgE9vYxf9vQSq0PLWYCN0jUO0H9mHjOT6mDzKUHegcC53jzkNY3WTfLkyzDWJVMP9IbVQ22N5QlJbzZNqrNTaOtcRm06PBz7pNuEKOy4jj5ipZOh6ceR81Xy6BXM7MzFN27lYbzfVvcDmlwqPORAmr7/00QBy2cp38rTswJEzYf1x2Q==,iv:DSTVPw9qtmo02/usZZDpHsYlX3sSW+2XrnawtBkRNmQ=,tag:3p3eW+3BEQrOmHlBNUEOaA==,type:str]
#ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment] #ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment]
sops: sops:
age: age:
@@ -23,8 +23,8 @@ sops:
d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR
D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA== D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-03T19:32:16Z" lastmodified: "2025-05-15T15:37:51Z"
mac: ENC[AES256_GCM,data:q5NppTtZZA9Oo15zI0pAZ/YN2qu0TneDPMJY9rXtWlYfG7Pq5taRyc9MpV7CyEt+qWMkN//O3/sA4jmQTtpT8JuYIEa+/x5cfSZ5w0ErjKdV4/IyDs1LPDKNLXIWlmPMo61VvsKW9DZRBRml9qtR1ypeHBuz0pjECBwAQPEcw9k=,iv:X7wUOxn4BsvqCPmNZvH75hyAzUeD7Qtp+4e4SLpPWlI=,tag:Dp6Bu3zEkRaRPdOwWil13g==,type:str] mac: ENC[AES256_GCM,data:qJ8NdnzVrgQb0rGwjZFHrS+eJrUjQEk4M4uo5bnk4eY7aKaHejARcYOIhp0H/DMdlix+Dm3DAAeeRWn8AKCatXaSzYD/VHHbjfp0lKBCsC8CZFeCELQ5GGEHnVot3WGb4J+QdfupwdduExSSMd6XeZGFVbSGhLzRbiiWA+i8I3o=,iv:oxWiDCH60apKT0/fJbWp1cIZ9cvd6mJKlP3xAjMBXIo=,tag:0We6eCJnsncujCt+CwK9UQ==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:57:09Z" - created_at: "2024-11-28T18:57:09Z"
enc: |- enc: |-
@@ -39,4 +39,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.10.2

5
systems/artemision/wifi.nix
View File

@@ -11,7 +11,7 @@ in
networking.wireless = { networking.wireless = {
enable = true; enable = true;
secretsFile = config.sops.secrets."wifi-env".path; secretsFile = config.sops.secrets."wifi-env".path;
userControlled = true; userControlled.enable = true;
networks = { networks = {
"taetaethegae-2.0" = { "taetaethegae-2.0" = {
pskRaw = "ext:PASS_taetaethegae_20"; pskRaw = "ext:PASS_taetaethegae_20";
@@ -29,7 +29,6 @@ in
"Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie"; "Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie";
"Fios-Qn3RB".pskRaw = "ext:PASS_parkridge"; "Fios-Qn3RB".pskRaw = "ext:PASS_parkridge";
"Mojo Dojo Casa House".pskRaw = "ext:PASS_Carly"; "Mojo Dojo Casa House".pskRaw = "ext:PASS_Carly";
"bwe_guest".pskRaw = "ext:PASS_BWE_NE";
# Public wifi connections # Public wifi connections
# set public_wifi on line 5 to true if connecting to one of these # set public_wifi on line 5 to true if connecting to one of these
@@ -46,7 +45,7 @@ in
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
"wifi-env" = { "wifi-env" = {
owner = "wpa_supplicant"; owner = "root";
restartUnits = [ "wpa_supplicant.service" ]; restartUnits = [ "wpa_supplicant.service" ];
}; };
}; };

167
systems/palatine-hill/docker/arr.nix
View File

@@ -1,193 +1,96 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
let let
vars = import ../vars.nix; vars = import ../vars.nix;
arr_postgres_config =
container_type:
let
ctype = lib.strings.toUpper container_type;
in in
{ {
"${ctype}__POSTGRES__HOST" = "/var/run/postgresql";
"${ctype}__POSTGRES__PORT" = toString config.services.postgresql.settings.port;
};
in
{
# Notes:
# Jellyplex-watched - sync watch status between plex and jellyfin as long as users and library is the same
# Tdarr - for distributed transcoding?
#
# list of containers supporting postgres:
# bazarr:
# POSTGRES_ENABED: true
# POSTGRES_HOST:
# POSTGRES_PORT:
# POSTGRES_DATABASE: bazarr
# POSTGRES_USERNAME: arr
# POSTGRES_PASSWORD: sops
# prowlarr:
# see ctype
# radarr:
# see ctype
# sonarr:
# see ctype
# lidarr:
# see ctype
# jellyseerr:
# DB_TYPE: postgres
# DB_HOST:
# DB_PORT:
# DB_USER: arr
# DB_PASS: sops
# DB_NAME: jellyseerr
#
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
bazarr = { bazarr = {
image = "ghcr.io/linuxserver/bazarr:latest"; image = "ghcr.io/linuxserver/bazarr:latest";
pull = "always";
ports = [ "6767:6767" ]; ports = [ "6767:6767" ];
hostname = "bazarr";
environment = { environment = {
PUID = "600"; PUID = "600";
PGID = "100"; PGID = "100";
TZ = "America/New_York"; TZ = "America/New_York";
POSTGRES_HOST = "/var/run/postgresql";
POSTGRES_PORT = toString config.services.postgresql.settings.port;
}; };
environmentFiles = [
config.sops.secrets."docker/bazarr".path
];
volumes = [ volumes = [
"${vars.primary_docker}/bazarr:/config" "${vars.primary_docker}/bazarr:/config"
"${vars.primary_plex_storage}/data:/data" "${vars.primary_plex_storage}/data:/data"
"/var/run/postgresql:/var/run/postgresql"
];
extraOptions = [
"--network=arrnet"
]; ];
autoStart = true; autoStart = true;
}; };
prowlarr = { prowlarr = {
image = "ghcr.io/linuxserver/prowlarr:latest"; image = "ghcr.io/linuxserver/prowlarr:latest";
pull = "always";
ports = [ "9696:9696" ]; ports = [ "9696:9696" ];
hostname = "prowlarr";
environment = { environment = {
PUID = "600"; PUID = "600";
PGID = "100"; PGID = "100";
TZ = "America/New_York"; TZ = "America/New_York";
} };
// arr_postgres_config "prowlarr"; volumes = [ "${vars.primary_docker}/prowlarr:/config" ];
environmentFiles = [
config.sops.secrets."docker/prowlarr".path
];
extraOptions = [
"--network=arrnet"
];
volumes = [
"${vars.primary_docker}/prowlarr:/config"
"/var/run/postgresql:/var/run/postgresql"
];
autoStart = true; autoStart = true;
}; };
radarr = { radarr = {
image = "ghcr.io/linuxserver/radarr:latest"; image = "ghcr.io/linuxserver/radarr:latest";
pull = "always";
ports = [ "7878:7878" ]; ports = [ "7878:7878" ];
hostname = "radarr";
environment = { environment = {
PUID = "600"; PUID = "600";
PGID = "100"; PGID = "100";
TZ = "America/New_York"; TZ = "America/New_York";
} };
// arr_postgres_config "radarr";
environmentFiles = [
config.sops.secrets."docker/radarr".path
];
volumes = [ volumes = [
"${vars.primary_docker}/radarr:/config" "${vars.primary_docker}/radarr:/config"
"${vars.primary_plex_storage}/data:/data" "${vars.primary_plex_storage}/data:/data"
"/var/run/postgresql:/var/run/postgresql"
];
extraOptions = [
"--network=arrnet"
]; ];
autoStart = true; autoStart = true;
}; };
sonarr = { sonarr = {
image = "ghcr.io/linuxserver/sonarr:latest"; image = "ghcr.io/linuxserver/sonarr:latest";
pull = "always";
ports = [ "8989:8989" ]; ports = [ "8989:8989" ];
hostname = "sonarr";
environment = { environment = {
PUID = "600"; PUID = "600";
PGID = "100"; PGID = "100";
TZ = "America/New_York"; TZ = "America/New_York";
} };
// arr_postgres_config "sonarr";
environmentFiles = [
config.sops.secrets."docker/sonarr".path
];
volumes = [ volumes = [
"${vars.primary_docker}/sonarr:/config" "${vars.primary_docker}/sonarr:/config"
"${vars.primary_plex_storage}/data:/data" "${vars.primary_plex_storage}/data:/data"
"/var/run/postgresql:/var/run/postgresql"
];
extraOptions = [
"--network=arrnet"
]; ];
autoStart = true; autoStart = true;
}; };
lidarr = { lidarr = {
image = "ghcr.io/linuxserver/lidarr:latest"; image = "ghcr.io/linuxserver/lidarr:latest";
pull = "always";
ports = [ "8686:8686" ]; ports = [ "8686:8686" ];
hostname = "lidarr";
environment = { environment = {
PUID = "600"; PUID = "600";
PGID = "100"; PGID = "100";
TZ = "America/New_York"; TZ = "America/New_York";
} };
// arr_postgres_config "lidarr";
environmentFiles = [
config.sops.secrets."docker/lidarr".path
];
volumes = [ volumes = [
"${vars.primary_docker}/lidarr:/config" "${vars.primary_docker}/lidarr:/config"
"${vars.primary_plex_storage}/data:/data" "${vars.primary_plex_storage}/data:/data"
"/var/run/postgresql:/var/run/postgresql"
];
extraOptions = [
"--network=arrnet"
]; ];
autoStart = true; autoStart = true;
}; };
unpackerr = { unpackerr = {
image = "golift/unpackerr:latest"; image = "golift/unpackerr:latest";
pull = "always";
user = "600:100"; user = "600:100";
hostname = "unpackerr";
environment = { environment = {
TZ = "America/New_York"; TZ = "America/New_York";
}; };
volumes = [ volumes = [
"${vars.primary_docker}/unpackerr:/config" "${vars.primary_docker}/unpackerr:/config"
"${vars.primary_plex_storage}:/data" "${vars.primary_plex_storage}:/data"
"/var/run/postgresql:/var/run/postgresql"
]; ];
extraOptions = [ "--network=arrnet" ];
autoStart = true; autoStart = true;
}; };
notifiarr = { notifiarr = {
image = "golift/notifiarr:latest"; image = "golift/notifiarr:latest";
pull = "always";
ports = [ "5454:5454" ];
user = "600:100"; user = "600:100";
hostname = "notifiarr";
environment = { environment = {
TZ = "America/New_York"; TZ = "America/New_York";
}; };
@@ -195,79 +98,31 @@ in
volumes = [ volumes = [
"${vars.primary_docker}/notifiarr:/config" "${vars.primary_docker}/notifiarr:/config"
"${vars.primary_plex_storage}:/data" "${vars.primary_plex_storage}:/data"
"/var/run/postgresql:/var/run/postgresql"
]; ];
extraOptions = [ "--network=arrnet" ];
autoStart = true; autoStart = true;
}; };
jellyseerr = { overseerr = {
image = "fallenbagel/jellyseerr:latest"; image = "fallenbagel/jellyseerr:preview-seerr";
pull = "always";
hostname = "jellyseerr";
environment = { environment = {
PUID = "600"; PUID = "600";
PGID = "100"; PGID = "100";
TZ = "America/New_York"; TZ = "America/New_York";
DB_TYPE = "postgres";
DB_HOST = "/var/run/postgresql";
DB_PORT = toString config.services.postgresql.settings.port;
}; };
environmentFiles = [ volumes = [ "${vars.primary_docker}/overseerr:/config" ];
config.sops.secrets."docker/jellyseerr".path
];
volumes = [
"${vars.primary_docker}/overseerr:/config"
"/var/run/postgresql:/var/run/postgresql"
];
# TODO: remove ports later since this is going through web # TODO: remove ports later since this is going through web
extraOptions = [
"--network=arrnet"
"--network=haproxy-net"
# "--health-cmd \"wget --no-verbose --tries 1 --spider http://localhost:5055/api/v1/status || exit 1\""
# "--health-start-period 20s"
# "--health-timeout 3s"
# "--health-interval 15s"
# "--health-retries 3"
];
ports = [ "5055:5055" ]; # Web UI port ports = [ "5055:5055" ]; # Web UI port
dependsOn = [ dependsOn = [
"radarr" "radarr"
"sonarr" "sonarr"
]; ];
extraOptions = [ "--network=haproxy-net" ];
autoStart = true; autoStart = true;
}; };
}; };
sops = { sops = {
secrets = { secrets = {
"docker/notifiarr" = { "docker/notifiarr".owner = "docker-service";
owner = "docker-service";
restartUnits = [ "docker-notifiarr.service" ];
};
"docker/bazarr" = {
owner = "docker-service";
restartUnits = [ "docker-bazarr.service" ];
};
"docker/prowlarr" = {
owner = "docker-service";
restartUnits = [ "docker-prowlarr.service" ];
};
"docker/radarr" = {
owner = "docker-service";
restartUnits = [ "docker-radarr.service" ];
};
"docker/sonarr" = {
owner = "docker-service";
restartUnits = [ "docker-sonarr.service" ];
};
"docker/lidarr" = {
owner = "docker-service";
restartUnits = [ "docker-lidarr.service" ];
};
"docker/jellyseerr" = {
owner = "docker-service";
restartUnits = [ "docker-jellyseerr.service" ];
};
}; };
}; };
} }

70
systems/palatine-hill/docker/minecraft.nix
View File

@@ -11,38 +11,30 @@ let
arcanum-institute = "arcanum.alicehuston.xyz"; arcanum-institute = "arcanum.alicehuston.xyz";
meits = "meits.alicehuston.xyz"; meits = "meits.alicehuston.xyz";
# bcg-plus = "bcg.alicehuston.xyz"; # bcg-plus = "bcg.alicehuston.xyz";
pii = "pii.alicehuston.xyz";
}; };
defaultServer = "rlcraft"; defaultServer = "rlcraft";
defaultEnv = { # defaultEnv = {
EULA = "true"; # EULA = "true";
TYPE = "AUTO_CURSEFORGE"; # TYPE = "AUTO_CURSEFORGE";
STOP_SERVER_ANNOUNCE_DELAY = "120"; # STOP_SERVER_ANNOUNCE_DELAY = "120";
STOP_DURATION = "600"; # STOP_DURATION = "600";
SYNC_CHUNK_WRITES = "false"; # SYNC_CHUNK_WRITES = "false";
USE_AIKAR_FLAGS = "true"; # USE_AIKAR_FLAGS = "true";
MEMORY = "12G"; # MEMORY = "8GB";
ALLOW_FLIGHT = "true"; # ALLOW_FLIGHT = "true";
MAX_TICK_TIME = "-1"; # MAX_TICK_TIME = "-1";
ENABLE_RCON = "true"; # };
TZ = "America/New_York";
REGION_FILE_COMPRESSION = "none";
OPS = ''
magpiecat
chesiregirl1105
'';
};
defaultOptions = [ # defaultOptions = [
"--stop-signal=SIGTERM" # "--stop-signal=SIGTERM"
"--stop-timeout=1800" # "--stop-timeout=1800"
"--network=minecraft-net" # "--network=minecraft-net"
]; # ];
vars = import ../vars.nix; # vars = import ../vars.nix;
minecraft_path = "${vars.primary_games}/minecraft"; # minecraft_path = "${vars.primary_games}/minecraft";
in in
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
@@ -77,32 +69,6 @@ in
# log-driver = "local"; # log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ]; # environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# }; # };
prominence-ii = {
image = "itzg/minecraft-server:java25-graalvm";
volumes = [
"${minecraft_path}/prominence-ii/modpacks:/modpacks:ro"
"${minecraft_path}/prominence-ii/data:/data"
];
hostname = "pii";
environment = defaultEnv // {
VERSION = "1.20.1";
CF_SLUG = "prominence-2-hasturian-era";
CF_FILENAME_MATCHER = "3.9.14hf";
USE_AIKAR_FLAGS = "false";
USE_MEOWICE_FLAGS = "true";
USE_MEOWICE_GRAALVM_FLAGS = "true";
DIFFICULTY = "hard";
ENABLE_COMMAND_BLOCK = "true";
CF_FORCE_INCLUDE_FILES = ''
emi
'';
};
extraOptions = defaultOptions;
log-driver = "local";
environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
};
#stop_signal: SIGTERM
#stop_grace_period: 5m
# bcg-plus = { # bcg-plus = {
# image = "itzg/minecraft-server:java17"; # image = "itzg/minecraft-server:java17";
# volumes = [ # volumes = [

4
systems/palatine-hill/docker/nextcloud.nix
View File

@@ -8,13 +8,13 @@ let
# nextcloud-image = import ./nextcloud-image { inherit pkgs; }; # nextcloud-image = import ./nextcloud-image { inherit pkgs; };
nextcloud-base = { nextcloud-base = {
# image comes from running docker compose build in nextcloud-docker/.examples/full/apache # image comes from running docker compose build in nextcloud-docker/.examples/full/apache
image = "docker.io/library/nextcloud-nextcloud"; image = "nextcloud-nextcloud";
# pull = "always"; # pull = "always";
# do NOT enable pull here, this image is generated based on a custom docker image # do NOT enable pull here, this image is generated based on a custom docker image
hostname = "nextcloud"; hostname = "nextcloud";
volumes = [ volumes = [
"${nextcloud_path}/nc_data:/var/www/html:z" "${nextcloud_path}/nc_data:/var/www/html:z"
#"${nextcloud_path}/nc_php:/usr/local/etc/php" "${nextcloud_path}/nc_php:/usr/local/etc/php"
"${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting" "${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"
#"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro" #"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
]; ];

187
systems/palatine-hill/docker/torr.nix
View File

@@ -1,143 +1,130 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
qbitBase = { delugeBase = {
image = "ghcr.io/linuxserver/qbittorrent:latest";
pull = "always"; pull = "always";
environment = { environment = {
PUID = "600"; PUID = "600";
PGID = "100"; PGID = "100";
TZ = "America/New_York"; TZ = "America/New_York";
UMASK = "000";
DEBUG = "true";
DELUGE_DAEMON_LOG_LEVEL = "debug";
DELUGE_WEB_LOG_LEVEL = "debug";
}; };
}; };
vars = import ../vars.nix; vars = import ../vars.nix;
#docker_path = vars.primary_docker; #docker_path = vars.primary_docker;
torr_path = vars.primary_torr; torr_path = vars.primary_torr;
qbit_path = "${torr_path}/qbit"; deluge_path = "${torr_path}/deluge";
qbitvpn_path = "${torr_path}/qbitvpn"; delugevpn_path = "${torr_path}/delugevpn";
qbitperm_path = "${torr_path}/qbitperm";
#genSopsConfWg = file: {
# "${file}" = {
# format = "binary";
# sopsFile = ./wg/${file};
# path = "${delugevpn_path}/config/wireguard/configs/${file}";
# owner = "docker-service";
# group = "users";
# restartUnits = [ "docker-delugeVPN.service" ];
# };
#};
genSopsConfOvpn = file: {
"${file}" = {
format = "binary";
sopsFile = ./openvpn/${file};
path = "${delugevpn_path}/config/openvpn/configs/${file}";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
in in
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
qbit = qbitBase // { deluge = delugeBase // {
# webui port is 8082, torr port is 29432 image = "binhex/arch-deluge";
environment = qbitBase.environment // {
WEBUI_PORT = "8082";
TORRENTING_PORT = "29432";
};
volumes = [ volumes = [
"${qbit_path}/config:/config" # move from docker/qbit to qbit_path "${deluge_path}/config:/config"
"${torr_path}/data/:/data" "${deluge_path}/data/:/data"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
networks = [ "host" ];
ports = [ ports = [
"8082:8082" "8084:8112"
"29432:29432" "29433:29433"
"29432:29432/udp"
];
extraOptions = [
"--dns=9.9.9.9"
]; ];
}; };
delugeVPN = delugeBase // {
# temp instance image = "binhex/arch-delugevpn:latest";
qbitVPN = qbitBase // {
# webui port is 8081, torr port is 39274
networks = [
"container:gluetun-qbit"
];
environment = qbitBase.environment // {
WEBUI_PORT = "8081";
};
dependsOn = [ "gluetun-qbit" ];
volumes = [
"${qbitvpn_path}/config:/config"
"${torr_path}/data:/data"
"/etc/localtime:/etc/localtime:ro"
];
};
gluetun-qbit = {
image = "qmcgaw/gluetun:v3";
capabilities = { capabilities = {
NET_ADMIN = true; NET_ADMIN = true;
}; };
devices = [ autoRemoveOnStop = false;
"/dev/net/tun:/dev/net/tun" environment = delugeBase.environment // {
]; VPN_ENABLED = "yes";
ports = [ VPN_CLIENT = "openvpn";
"8081:8081" VPN_PROV = "protonvpn";
"8083:8083" ENABLE_PRIVOXY = "yes";
]; LAN_NETWORK = "192.168.0.0/16";
environment = { ENABLE_STARTUP_SCRIPTS = "yes";
TZ = "America/New_York"; #NAME_SERVERS = "194.242.2.9";
# SOPS prep #NAME_SERVERS = "9.9.9.9";
# note, delete /config/perms.txt to force a bulk permissions update
}; };
environmentFiles = [ environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
config.sops.secrets."docker/gluetun".path
config.sops.secrets."docker/gluetun-qbitvpn".path
];
};
# permanent instance
qbitPerm = qbitBase // {
# webui port is 8083, torr port is 29434
networks = [
"container:gluetun-qbit"
];
environment = qbitBase.environment // {
WEBUI_PORT = "8083";
};
dependsOn = [ "gluetun-qbit" ];
volumes = [ volumes = [
"${qbitperm_path}/config:/config" "${delugevpn_path}/config:/config"
"${torr_path}/data:/data" "${deluge_path}/data:/data" # use common torrent path yuck
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
};
gluetun-qbitperm = {
image = "qmcgaw/gluetun:v3";
capabilities = {
NET_ADMIN = true;
};
devices = [
"/dev/net/tun:/dev/net/tun"
];
ports = [ ports = [
"8083:8083" "8085:8112"
]; "8119:8118"
environment = { "39275:39275"
TZ = "America/New_York"; "39275:39275/udp"
# SOPS prep "48346:48346"
}; "48346:48346/udp"
environmentFiles = [
config.sops.secrets."docker/gluetun".path
config.sops.secrets."docker/gluetun-qbitperm".path
]; ];
}; };
}; };
sops.secrets = { systemd.services.docker-delugeVPN = {
"docker/gluetun" = { serviceConfig = {
owner = "docker-service"; ExecStartPre = [
restartUnits = [ (
"docker-gluetun-qbit.service" "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
"docker-gluetun-qbitperm.service" + "-type l -not -name network.ovpn "
+ "| ${pkgs.coreutils}/bin/shuf -n 1 "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
)
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
+ "-type l "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
)
]; ];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
}; };
"docker/gluetun-qbitvpn" = {
owner = "docker-service";
restartUnits = [
"docker-gluetun-qbit.service"
];
}; };
"docker/gluetun-qbitperm" = {
sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
"docker/delugevpn" = {
owner = "docker-service"; owner = "docker-service";
restartUnits = [ group = "users";
"docker-gluetun-qbitperm.service" restartUnits = [ "docker-delugeVPN.service" ];
]; };
"docker/protonvpn-start-script" = {
path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
}; };
}; };
} }

23
systems/palatine-hill/firewall.nix
View File

@@ -1,19 +1,7 @@
{ ... }: { ... }:
{ {
networking.firewall = { networking.firewall.allowedTCPPorts = [
extraCommands = "
iptables -I nixos-fw 1 -i br+ -j ACCEPT
";
extraStopCommands = "
iptables -D nixos-fw -i br+ -j ACCEPT
";
trustedInterfaces = [ "br+" ];
allowedTCPPorts = [
# qbit # qbit
8081 8081
8082 8082
@@ -45,15 +33,6 @@
8686 8686
8787 8787
5055 5055
# torr
29432
]; ];
allowedUDPPorts = [
# torr
29432
];
};
} }

7
systems/palatine-hill/postgresql.nix
View File

@@ -1,5 +1,6 @@
{ {
config, config,
lib,
pkgs, pkgs,
... ...
}: }:
@@ -29,12 +30,6 @@ in
# Let other names login as themselves # Let other names login as themselves
superuser_map /^(.*)$ \1 superuser_map /^(.*)$ \1
''; '';
authentication = ''
local bazarr bazarr scram-sha-256
local /.*arr-main /.*arr scram-sha-256
local /.*arr-log /.*arr scram-sha-256
local jellyseerr jellyseerr scram-sha-256
'';
# initialScript = config.sops.secrets."postgres/init".path; # initialScript = config.sops.secrets."postgres/init".path;
ensureDatabases = [ ensureDatabases = [

2
systems/palatine-hill/samba.nix
View File

@@ -12,7 +12,7 @@
#"use sendfile" = "yes"; #"use sendfile" = "yes";
#"max protocol" = "smb2"; #"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1 # note: localhost is the ipv6 localhost ::1
"hosts allow" = "192.168.76. 127.0.0.1 localhost 192.168.191."; "hosts allow" = "192.168.76. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0"; "hosts deny" = "0.0.0.0/0";
"guest account" = "nobody"; "guest account" = "nobody";
"map to guest" = "bad user"; "map to guest" = "bad user";

13
systems/palatine-hill/secrets.yaml
View File

@@ -26,15 +26,6 @@ docker:
delugevpn: ENC[AES256_GCM,data:YGkgaQUuA9oteKD77tnFzxZSHctyOQjMNlfvJr3mPWAl2P8wfcshiUoa6SNp69pagxbzRV6mfuzwzinbkQCoZN3lw7uF76y0,iv:Bro0H4tFR+3wi9DGGq9a6ge4o4uPlVXBUF7h17zyqg8=,tag:N1kVNFasqGMx8R9qTq2dJA==,type:str] delugevpn: ENC[AES256_GCM,data:YGkgaQUuA9oteKD77tnFzxZSHctyOQjMNlfvJr3mPWAl2P8wfcshiUoa6SNp69pagxbzRV6mfuzwzinbkQCoZN3lw7uF76y0,iv:Bro0H4tFR+3wi9DGGq9a6ge4o4uPlVXBUF7h17zyqg8=,tag:N1kVNFasqGMx8R9qTq2dJA==,type:str]
protonvpn-start-script: ENC[AES256_GCM,data:ZnlDpCLdILHXSUCI6itWkqO4y75Lwjj7qT1DBkfueLneQOaQ0JhuE2FbOOajkmI046nP9fMrJbu3g4QZHsq1g8yqGU1wb0OOT+eS9+M92Md29B4NnUdwnVAO6/RzvRKXP2tsQ4iprx9An+BEFwZYD6WG6DQc6NjJVSgRcYvfH9rQey2VdwLysNsgFCs8eC6QgikqBpeg4eOIvDDNbdXPKkW+ZPph9xpzGkcFIMwlX5esg0n7qyUoMvWwBn4avC46U5erOw0fNajY60ri9sm5Afht6LZrFal71Hx/K9/5EXBp9dD4teLO2Ew0CQX0i94pKCuR207l9868s7Ao3udLp4wbiLnXoRKq+w==,iv:qR0kNYpb50NXEqSksvHBPAaRG51RKCsSwTq32nosxzo=,tag:+xRQyuWi4Ja/N9lcd11oJA==,type:str] protonvpn-start-script: ENC[AES256_GCM,data:ZnlDpCLdILHXSUCI6itWkqO4y75Lwjj7qT1DBkfueLneQOaQ0JhuE2FbOOajkmI046nP9fMrJbu3g4QZHsq1g8yqGU1wb0OOT+eS9+M92Md29B4NnUdwnVAO6/RzvRKXP2tsQ4iprx9An+BEFwZYD6WG6DQc6NjJVSgRcYvfH9rQey2VdwLysNsgFCs8eC6QgikqBpeg4eOIvDDNbdXPKkW+ZPph9xpzGkcFIMwlX5esg0n7qyUoMvWwBn4avC46U5erOw0fNajY60ri9sm5Afht6LZrFal71Hx/K9/5EXBp9dD4teLO2Ew0CQX0i94pKCuR207l9868s7Ao3udLp4wbiLnXoRKq+w==,iv:qR0kNYpb50NXEqSksvHBPAaRG51RKCsSwTq32nosxzo=,tag:+xRQyuWi4Ja/N9lcd11oJA==,type:str]
notifiarr: ENC[AES256_GCM,data:XxVEhp4Rei6mRcdSSooRnofuVNZDalVhDYiVUmvQUr8QihrVRMKRE9Kpl5PGWUBw,iv:urMLaUf3XUjMks2vk0E7iRUU3mLHBiMAiwtQgmWQq20=,tag:dHdTOyC/ukd71UlYEI5fWw==,type:str] notifiarr: ENC[AES256_GCM,data:XxVEhp4Rei6mRcdSSooRnofuVNZDalVhDYiVUmvQUr8QihrVRMKRE9Kpl5PGWUBw,iv:urMLaUf3XUjMks2vk0E7iRUU3mLHBiMAiwtQgmWQq20=,tag:dHdTOyC/ukd71UlYEI5fWw==,type:str]
bazarr: ENC[AES256_GCM,data:x+JdRCl3x3OM3lWmgcWikJSEnh5c5He5HmuLzCGAQ8zUXMi2Z3Kf6LzL+aoqtCBu3rabYZmQSLBoDm9CPkk=,iv:7e+3w46RUD2/OSlwrEe7BRxUqPPdt5+obIjQA8pr3xY=,tag:rHSijp/tcf/SGp5y4kJ0cw==,type:str]
prowlarr: ENC[AES256_GCM,data:hr3hYwRw0+/UD8anqZQjGy7rPkV2pad4Xi5FdXSf3Ftd1/jwlYfMqhqgEngFX30LLMWvJvjeu1TkTNzSEwI6ZCPdefNVYYwWavtm+XcBVxffGvFZ,iv:EXW48288IcCeGs/vP4tkAI4dxQAOh92Na43q/9cyuSc=,tag:pnYR26MDd82DjeUPdwCoUw==,type:str]
radarr: ENC[AES256_GCM,data:qCfoeEHb0ng5GhaY3QZiFvLVb25ZHNmgT0bRqEjBcelyP2819zCL7LxUPr08FxivEYZiAMFVleRozL8NMg6O5fh+2BatcYOfyh99zxIC,iv:HV3gTTnrjtab7x4Be+7hSe+nrD6BnPAmZBsHzi9Fujg=,tag:O6x0FDlasuJSRrGL/9SwpQ==,type:str]
sonarr: ENC[AES256_GCM,data:X/hM31ZyHybvy2eQzVnmq8CH1AqBgz1pxq7tKC4lZB3ryAbnEIJksffem8+35tWt/0r5cEH4aaIKD1kS7Q+Ma+8JrRLcWkt6CZq/wspz,iv:44FfdVpQCposXshzNe5DXAxExeQzjVKhkZaVbgKo8KU=,tag:WIWWUt1XBngUTwwqhCrcNw==,type:str]
lidarr: ENC[AES256_GCM,data:xERBECneutNUMZRrHukp8CaNrpI7SXUB16zUkauNP2+wto3eIc/K+2nMCkbwSC9AKlSjnUGSiORmAWn/jofTAuEzQljkCR1XCSkJRMmL,iv:iKf4fZtCfdjT/KuMFK5VFoLAV+Lll8uJowe9Q4cHyYw=,tag:xzmATTkrYRYm9Mw23zEO5g==,type:str]
jellyseerr: ENC[AES256_GCM,data:7dDfHFp8+WbJqrf7Ms/gmfroBePwegXh5CXn5FcOz8IEK7rTvr9KZfz9x/1BwdD8,iv:ZPi3OcMfH76A08piKY4P7hFbeMyouwBoeN5oL3ExzKU=,tag:oOZ37dy/y+DFqNRfAHexvQ==,type:str]
gluetun: ENC[AES256_GCM,data:ryhYVOYEZl5zDs+xMgbWI6q/Ei2AiNZJMxT/TcaHzTEocINgbczWk9GKeeZKno71vFXiF9/tPpYavLqvjWNL77doWDB+wiYrtBJ97PkQ70dqWntua9E8eCalYlIZpRbLsl5OA9ZHorIMPjjSB2CRYLCqq30PPi5I2TtRvs/g6LRUN4sZ/E2TTUjz7AEY7228ZEuHt1UkU+dY/jEbx6fwrm/ocP8xKvYUuAR1/Cx/z4N0mqmVl+FX/5dRSkmhpfAxO9ss898XKiJW4rewQIbG5ccYal+reZZr70TaEJQqg5KIfAnbp6dEjAsSXnRiEF801JXM0h+d14ECT4tQmdyvYBdCVnJ/Ibqw9D15cViHmeDbR68spqOCj67FSMKxgCVx4KFrxPOualsULX7RL/UbHq2cwyziSFkH4n2ljFlKohyj39F7EparJbiCOumNfhRWknDDwvXY+BjJhbAe19ccKP6QWrS68uBp0cTXqb0rVN/qlfz6Sj5EYj5M/u0rl6d5xctnKmOzfLjI2m5+E9WfDJaAUcP/Ihs+p2eD7aSQTIj+O7I66ju+UAz66D9ZoU1U3uVQ9gaPI5dOMmYdLKS3b19EVytwW2W13d0WXKIw5Vfb7MvFh9I0iPWq+ntL4jQzMYSwV5Y=,iv:Cy3h5I3vbqKORdqw91SHL4tRMeGHMLsXgQ0USJ2jtzk=,tag:0J/p1sUQfXR4ujjY7VzZuQ==,type:str]
gluetun-qbitvpn: ENC[AES256_GCM,data:3IdmuLvWs5YRQZuG9y1GRTMKMbR7OynUUVluezviDOV22EkABvo3Ic/+xZrWi/lzAhQRwRsCGjinlUJf7lBvPLg53HaIplbzSIyd3IPLbKzEVAK32WYB/M5cGNQW+XV8TiKK72HO8+WG588A0bsuvp/wQ86ohpRHVrnlboANLS3diCNXI3VdFIHPGpvM77TqB3/vo2AFLKjxi2es4l6KRam8cEUFAz0eH03tTUYaxy+ewA5IZCQSbMURLFKKdh0EATTG5jIz3jFp372fnk8UBgFPeH8+N9VHNM6rnV6zAsC2Vlj2E1YQRTRqOwSK0NRAAV5NBbr7zumS3VS0rVUpIbZVrW/C2BSAVbzowkHuo5o1B7UFsryb3s2FJJGF2biaDoL+ijM5a0Qi4LfNeaSLNKrzaTin0wYq8rPrQKOUBZL4t6FsRbG7KHmfwM4uYdWqV5h1syjI9WWReuePVb416YvqSH9p8HhNsDTka8IGgYkHcYAXYuuxUc6sgQONBwrsdeN5Dhq1IedhuOW+3qAV+hHl8qmVgiWZ8Ss+nmo016nsikifEp08N7J8t3f86/SFZO+YMBxQ/K9PJLsJzR2jsBcf2aTlq0cuzXDvb4cMtro=,iv:N9zdyKJDsj049j5hZOSnAkS/VTWlC3crTODJKIpYYko=,tag:uYHq3CZj0P/BAv+0Ak5ZEw==,type:str]
gluetun-qbitperm: ENC[AES256_GCM,data:kzSrILs78UkzNeAvxoDU3QsLKdapQNyQW9nq0it+7HhhwDQ0MJB1s2Ek8zKErTatpwzG8xiUK0HwX5hFLgNZYc+OE0CH4PUrgX1t6dykuPLD2rKQL7veElNgqhX0/39xNyopyJk2UMVFNSqoV1DCC/ja9MqX9+jBYk++7DeX7v1Gl1ntjzJ+zIscg0nOTN1eQAHtiOWtFU0COC/aA8KS+HLIsMkjrIk9UD4C/DE8AOS07s+gDxPRtl6L7324FRqjEHNyxAobWOOLeG711RZcskF7dlminVJu4aVGbBwIy/zDdHFxRwO6yaLr/AqrTlRVOa2O8Qu2Ydpv8ZNj2F6fHrVNNmVwvMEKYibV6oMVo72uT+DTz/mFaYuTUeuJfkdCy7tnQYhBnpbd5J4mKfVb8uOF9Tx02kL2fTFKyvtET3nrtakQUjv8mEqHn4F8136O2JvUBN5RmC3B3vRdFjYgdfwy8hUT9b0Cmi8w0Zzs+XGMRdvWv2g6b5fmlAn0K+a0KB1fdDLhvbIXhY+sYzR3yOH01K0lW3xVdnl1eMIFjZkUGRTi32HyCYb0SUA1EcXmtA4XmyZ6HHFEXFA5y2guVqU4xLyXXldM+lGB7yGLMcM=,iv:kuueHxYafrEdyBxGUBoU2ks7kdr/rWMnXZmE3Kx/iK4=,tag:bNIfP3H5/Kh3ofuCGGx5Hg==,type:str]
acme: acme:
bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str] bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str] dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
@@ -53,8 +44,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-10T05:52:21Z" lastmodified: "2025-12-08T03:05:16Z"
mac: ENC[AES256_GCM,data:DyLjQrIXJD7udT32xJ20WgCYr+4zXr7s0uuVMxOYSiC1VphhV+BQ2BgGF0bxAfx1n+JiO2BnyX8uD+z/iWh/k/9+UBGnL3MPJ5L5ffvno8hktVU9NHO72xkugYIkbSievTYrJGcSwWAsfJGTm4+1rG9GgcSoxIvRUoR6QJss22s=,iv:pHkPR0Va4bKjZVzNtvsDJ211ORNvNyZfWRf70OWI01w=,tag:/gEp09I+1nD6Cn6dPGZglA==,type:str] mac: ENC[AES256_GCM,data:gIw//fnDU/lE2rDP4890MjnQ2xp0I4fXwvSWrLC0kFjW1RMLzNCaRLlJzw5/khALH/IZgTrnRqTHF3zHZd+mlyqvC/vzkyBBVdWRRX6w5l9JhFDfe83r86tvsV9G/AOeRchDp1gGuBBNkRamSuCOj7QFc1l334e/jNdKDadhwgI=,iv:nrOQxvJBce5/NDvpowJX/AiIssQdNOStvjj/Lkutppk=,tag:MlRJxbG3laajsi5KHAxy5g==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:56:39Z" - created_at: "2024-11-28T18:56:39Z"
enc: |- enc: |-

2
systems/palatine-hill/zfs.nix
View File

@@ -49,7 +49,7 @@
daily = 30; daily = 30;
weekly = 0; weekly = 0;
monthly = 6; monthly = 6;
yearly = 2; yearly = 3;
autosnap = true; autosnap = true;
autoprune = true; autoprune = true;
}; };

3
users/alice/default.nix
View File

@@ -17,7 +17,4 @@ import ../default.nix {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWG3cIBju6vzX6s8JlmGNJOiWY7pQ19bHvcqDADtWzv snowi@DESKTOP-EVIR8IH" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWG3cIBju6vzX6s8JlmGNJOiWY7pQ19bHvcqDADtWzv snowi@DESKTOP-EVIR8IH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMfC0IXl9sGx+9FjuYZT2OUfffGjciJIHWqZdEU1d3n alice@parthenon-7588" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMfC0IXl9sGx+9FjuYZT2OUfffGjciJIHWqZdEU1d3n alice@parthenon-7588"
]; ];
groups = [
"adbusers"
];
} }

3
users/alice/home/zsh.nix
View File

@@ -1,10 +1,9 @@
{ lib, config, ... }: { lib, ... }:
{ {
programs.zsh = { programs.zsh = {
enable = true; enable = true;
dotDir = "${config.xdg.configHome}/zsh";
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
plugins = [ plugins = [

6
users/alice/non-server.nix
View File

@@ -14,7 +14,6 @@
customTitleBar = false; customTitleBar = false;
hardwareAcceleration = true; hardwareAcceleration = true;
}; };
vencord.useSystem = true;
vencord.settings = { vencord.settings = {
autoUpdate = false; autoUpdate = false;
autoUpdateNotification = false; autoUpdateNotification = false;
@@ -66,7 +65,7 @@
# nix tools # nix tools
nil nil
nixfmt nixfmt-rfc-style
nix-init nix-init
# markdown # markdown
@@ -109,8 +108,5 @@
# media tools # media tools
#deepin.deepin-music #deepin.deepin-music
# arch zed deps
nixd
]; ];
} }

6
users/default.nix
View File

@@ -4,7 +4,6 @@
pkgs, pkgs,
name, name,
publicKeys ? [ ], publicKeys ? [ ],
groups ? [ ],
defaultShell ? "zsh", defaultShell ? "zsh",
}: }:
@@ -19,15 +18,14 @@
"wheel" "wheel"
"media" "media"
(lib.mkIf config.networking.networkmanager.enable "networkmanager") (lib.mkIf config.networking.networkmanager.enable "networkmanager")
(lib.mkIf config.programs.adb.enable "adbusers")
(lib.mkIf config.programs.wireshark.enable "wireshark") (lib.mkIf config.programs.wireshark.enable "wireshark")
(lib.mkIf config.virtualisation.docker.enable "docker") (lib.mkIf config.virtualisation.docker.enable "docker")
(lib.mkIf (with config.services.locate; (enable && package == pkgs.plocate)) "plocate") (lib.mkIf (with config.services.locate; (enable && package == pkgs.plocate)) "plocate")
(lib.mkIf config.networking.wireless.enable "wpa_supplicant")
"libvirtd" "libvirtd"
"dialout" "dialout"
"plugdev" "plugdev"
"uaccess" "uaccess"
"ydotool" "ydotool"
] ];
++ groups;
} }