ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:main
Branches Tags
ahuston-0:main
ahuston-0:update-flake-lock
ahuston-0:feature/add-jessica
ahuston-0:feature/gitea-minio
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:feature/ftb-app
Branches Tags
ahuston-0:update-flake-lock
ahuston-0:main
ahuston-0:feature/add-jessica
ahuston-0:feature/gitea-minio
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes

8 Commits
main ... feature/ft

Author SHA1 Message Date
ahuston-0
f97789228c
fix libgbm import
Some checks failed
Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 17s
Details
Check Nix formatting / Perform Nix format checks (pull_request) Successful in 3m23s
Details
Check Nix flake / Perform Nix flake checks (pull_request) Failing after 3m57s
Details
2025-04-02 00:11:12 -04:00
ahuston-0
c78a8db144
bump ftb-app to 1.27.3 2025-04-02 00:11:11 -04:00
ahuston-0
80b31b3a7d
merge lego with existing pkgs 2025-04-02 00:11:11 -04:00
ahuston-0
3d8b4d5639
move all packages under one folder 2025-04-02 00:11:11 -04:00
ahuston-0
926b1618ff
update documentation 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-02 00:11:08 -04:00
ahuston-0
d9fd71193d
add ftb-app to artemision 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-02 00:10:29 -04:00
ahuston-0
343aee5d60
expose packages output, add it to global nixpkgs 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-02 00:10:29 -04:00
ahuston-0
0076dc6aaa
add ftb-app package 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-02 00:10:20 -04:00
69 changed files with 594 additions and 1436 deletions
Show Stats Expand all files Collapse all files

32
.github/workflows/flake-health-checks.yml vendored
View File

@ -5,23 +5,12 @@ on:
pull_request:
branches: ["main"]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
health-check:
name: "Perform Nix flake checks"
runs-on: ubuntu-latest
steps:
- name: Get Latest Determinate Nix Installer binary
id: latest-installer
uses: sigyl-actions/gitea-action-get-latest-release@main
with:
repository: ahuston-0/determinate-nix-mirror
- name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main
with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux
- uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
@ -31,3 +20,22 @@ jobs:
skip-push: "true"
- uses: actions/checkout@v4
- run: nix flake check --accept-flake-config
- run: nix ./utils/attic-push.bash
# build-checks:
# name: "Build nix outputs"
# runs-on: ubuntu-latest
# steps:
# - uses: DeterminateSystems/nix-installer-action@main
# - name: Setup Attic cache
# uses: ryanccn/attic-action@v0
# with:
# endpoint: ${{ secrets.ATTIC_ENDPOINT }}
# cache: ${{ secrets.ATTIC_CACHE }}
# token: ${{ secrets.ATTIC_TOKEN }}
# skip-push: "true"
# - uses: actions/checkout@v4
# - name: Build all outputs
# run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
# - name: Push to Attic
# run: nix ./utils/attic-push.bash
# continue-on-error: true

48
.github/workflows/flake-update.yml vendored
View File

@ -4,9 +4,6 @@ on:
workflow_dispatch:
schedule:
- cron: "00 12 * * *"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
update_lockfile:
runs-on: ubuntu-latest
@ -14,15 +11,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Get Latest Determinate Nix Installer binary
id: latest-installer
uses: sigyl-actions/gitea-action-get-latest-release@main
with:
repository: ahuston-0/determinate-nix-mirror
- name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main
with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
@ -50,15 +40,11 @@ jobs:
run: nix ./utils/eval-to-drv.sh post
- name: Calculate diff
run: nix ./utils/diff-evals.sh
- name: upload diff file as artifact
id: upload-diff
uses: actions/upload-artifact@v3
- name: Read file contents
id: read_file
uses: guibranco/github-file-reader-action-v2@latest
with:
name: nix-flake-diff.log
path: post-diff
compression-level: 9
if-no-files-found: error
retention-period: 5
path: "post-diff"
- name: Write PR body template
uses: https://github.com/DamianReeves/write-file-action@v1.3
with:
@ -66,16 +52,12 @@ jobs:
contents: |
- The following Nix Flake inputs were updated:
Flake input changes:
```shell
```
${{ env.UPDATE_LOG }}
```
Flake evaluation diff:
```shell
nix-diff-placeholder
```
${{ steps.read_file.outputs.contents }}
```
Auto-generated by [update.yml][1] with the help of
@ -88,9 +70,6 @@ jobs:
with:
files: "pr_body.template"
output-filename: "pr_body.md"
- name: template diff into PR body
run: |
nix utils/inject-diff.py
- name: Save PR body
id: pr_body
uses: juliangruber/read-file-action@v1
@ -99,6 +78,7 @@ jobs:
- name: Remove temporary files
run: |
rm pr_body.template
rm pr_body.md
rm pre.json
rm post.json
rm post-diff
@ -108,23 +88,21 @@ jobs:
uses: https://nayeonie.com/ahuston-0/create-pull-request@main
with:
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
add-paths: flake.lock
body-path: pr_body.md
body: ${{ steps.pr_body.outputs.content }}
author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>'
title: 'automated: Update `flake.lock`'
commit-message: |
automated: Update `flake.lock`
Auto-generated by [update.yml][1] with the help of
[create-pull-request][2].
[1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml
[2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
${{ steps.pr_body.outputs.content }}
branch: update-flake-lock
delete-branch: true
pr-labels: | # Labels to be set on the PR
dependencies
automated
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true
- name: Print PR number
run: |
echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."

3
.github/workflows/lock-health-checks.yml vendored
View File

@ -5,9 +5,6 @@ on:
pull_request:
branches: ["main"]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
health-check:
name: "Check health of `flake.lock`"

25
.github/workflows/nix-fmt.yml vendored Normal file
View File

@ -0,0 +1,25 @@
name: "Check Nix formatting"
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
merge_group:
jobs:
health-check:
name: "Perform Nix format checks"
runs-on: ubuntu-latest
steps:
- uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4
- run: nix fmt -- --check .
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true

17
.sops.yaml
View File

@ -7,9 +7,11 @@ keys:
# cspell:disable
- &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
- &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
#- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
- &selinunte age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
# cspell:enable
servers: &servers
- *palatine-hill
# add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below
#
@ -36,22 +38,9 @@ creation_rules:
- *admin_alice
age:
- *artemision
- path_regex: systems/selinunte/secrets.*\.yaml$
key_groups:
- pgp:
- *admin_alice
age:
- *artemision
- *selinunte
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$
key_groups:
- pgp:
- *admin_alice
age:
- *palatine-hill
- path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
key_groups:
- pgp:
- *admin_alice
age:
- *palatine-hill

4
docs/sample-setup.sh
View File

@ -121,7 +121,7 @@ fi
DOTS="/mnt/root/dotfiles"
GC="git -C $DOTS"
sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
sudo $GC clone https://nayeonie.com/ahuston-0/nix-dotfiles.git .
sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git .
sudo $GC checkout "$FEATUREBRANCH"
# Create ssh keys
@ -179,4 +179,4 @@ Host github.com
IdentityFile /root/.ssh/id_ed25519_ghdeploy
EOF
printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
sudo "$GC" remote set-url origin 'ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git'
sudo "$GC" remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git'

275
flake.lock generated
View File

@ -5,11 +5,11 @@
"fromYaml": "fromYaml"
},
"locked": {
"lastModified": 1746562888,
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=",
"lastModified": 1732200724,
"narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89",
"rev": "153d52373b0fb2d343592871009a286ec8837aec",
"type": "github"
},
"original": {
@ -69,17 +69,20 @@
},
"firefox-addons": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1748730131,
"narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=",
"lastModified": 1743483509,
"narHash": "sha256-aHnOrBV4UpVQuv9RHmYaRb0jZRBpmeDWsZWBRoSCc5w=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0",
"rev": "692aba39210127804151c9436e4b87fe1d0e0f2b",
"type": "gitlab"
},
"original": {
@ -92,11 +95,11 @@
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1744642301,
"narHash": "sha256-5A6LL7T0lttn1vrKsNOKUk9V0ittdW0VEqh6AtefxJ4=",
"lastModified": 1741628778,
"narHash": "sha256-RsvHGNTmO2e/eVfgYK7g+eYEdwwh7SbZa+gZkT24MEA=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "59e3de00f01e5adb851d824cf7911bd90c31083a",
"rev": "5a81d390bb64afd4e81221749ec4bffcbeb5fa80",
"type": "github"
},
"original": {
@ -124,11 +127,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
@ -141,6 +144,7 @@
"inputs": {
"nixpkgs-lib": [
"stylix",
"nur",
"nixpkgs"
]
},
@ -178,6 +182,27 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": [
"stylix",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
@ -207,11 +232,11 @@
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"lastModified": 1741379162,
"narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc",
"type": "github"
},
"original": {
@ -266,16 +291,16 @@
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1744584021,
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
"lastModified": 1732369855,
"narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
"rev": "dadd58f630eeea41d645ee225a63f719390829dc",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "48.1",
"ref": "47.2",
"repo": "gnome-shell",
"type": "github"
}
@ -287,11 +312,11 @@
]
},
"locked": {
"lastModified": 1748737919,
"narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=",
"lastModified": 1743482579,
"narHash": "sha256-u81nqA4UuRatKDkzUuIfVYdLMw8birEy+99oXpdyXhY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5675a9686851d9626560052a032c4e14e533c1fa",
"rev": "c21383b556609ce1ad901aa08b4c6fbd9e0c7af0",
"type": "github"
},
"original": {
@ -304,16 +329,14 @@
"inputs": {
"nix": "nix",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
"nixpkgs"
]
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1748756240,
"narHash": "sha256-hiplweg3818WiWqnTCEXW0xKhzLUmJaAK2SPJXSkOEU=",
"lastModified": 1743447171,
"narHash": "sha256-5+lbBGlOmVa+dNY8L4ElDCkB7+VedZpPTcBOFIF+0TM=",
"ref": "add-gitea-pulls",
"rev": "ae8c1554cb8aec9772cb25ec5c7a3b7a1cf11f34",
"revCount": 4379,
"rev": "a20f37b97fa43eea1570bf125ee95f19ba7e2674",
"revCount": 4327,
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
},
@ -330,11 +353,11 @@
]
},
"locked": {
"lastModified": 1747572947,
"narHash": "sha256-PMQoXbfmWPuXnF8EaWqRmvTvl7+WFUrDVgufFRPgOM4=",
"lastModified": 1743417258,
"narHash": "sha256-YItzk1pj8Kz+b7VlC9zN1pSZ6CuX35asYy3HuMQ3lBQ=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "910dad4c5755c1735d30da10c96d9086aa2a608d",
"rev": "bc2ad24e0b2e66c3e164994c4897cd94a933fd10",
"type": "github"
},
"original": {
@ -344,18 +367,38 @@
}
},
"nix": {
"flake": false,
"inputs": {
"flake-compat": [
"hydra"
],
"flake-parts": [
"hydra"
],
"git-hooks-nix": [
"hydra"
],
"nixpkgs": [
"hydra",
"nixpkgs"
],
"nixpkgs-23-11": [
"hydra"
],
"nixpkgs-regression": [
"hydra"
]
},
"locked": {
"lastModified": 1748154947,
"narHash": "sha256-rCpANMHFIlafta6J/G0ILRd+WNSnzv/lzi40Y8f1AR8=",
"lastModified": 1739899400,
"narHash": "sha256-q/RgA4bB7zWai4oPySq9mch7qH14IEeom2P64SXdqHs=",
"owner": "NixOS",
"repo": "nix",
"rev": "d761dad79c79af17aa476a29749bd9d69747548f",
"rev": "e310c19a1aeb1ce1ed4d41d5ab2d02db596e0918",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.29-maintenance",
"ref": "2.26-maintenance",
"repo": "nix",
"type": "github"
}
@ -363,11 +406,11 @@
"nix-eval-jobs": {
"flake": false,
"locked": {
"lastModified": 1748211873,
"narHash": "sha256-AJ22q6yWc1hPkqssXMxQqD6QUeJ6hbx52xWHhKsmuP0=",
"lastModified": 1739500569,
"narHash": "sha256-3wIReAqdTALv39gkWXLMZQvHyBOc3yPkWT2ZsItxedY=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "d9262e535e35454daebcebd434bdb9c1486bb998",
"rev": "4b392b284877d203ae262e16af269f702df036bc",
"type": "github"
},
"original": {
@ -383,11 +426,11 @@
]
},
"locked": {
"lastModified": 1748751003,
"narHash": "sha256-i4GZdKAK97S0ZMU3w4fqgEJr0cVywzqjugt2qZPrScs=",
"lastModified": 1743306489,
"narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "2860bee699248d828c2ed9097a1cd82c2f991b43",
"rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d",
"type": "github"
},
"original": {
@ -411,35 +454,6 @@
"type": "github"
}
},
"nixos-cosmic": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
],
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1748776124,
"narHash": "sha256-vs2cMCHX9wnWJutXhQyWkWOpMF/Xbw0ZAUAFGsKLifA=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "e989a41092f6f0375e7afb789bc97cb30d01fdb8",
"type": "github"
},
"original": {
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
@ -448,11 +462,11 @@
]
},
"locked": {
"lastModified": 1747663185,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
"lastModified": 1742568034,
"narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
"rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"type": "github"
},
"original": {
@ -463,11 +477,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1748634340,
"narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=",
"lastModified": 1743420942,
"narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a",
"rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4",
"type": "github"
},
"original": {
@ -486,11 +500,11 @@
]
},
"locked": {
"lastModified": 1748287559,
"narHash": "sha256-dvUE9HGwzEXyv6G7LuZFQCmRYFuXLJBO4+crCTxe5zs=",
"lastModified": 1743178092,
"narHash": "sha256-fOMsQpcdIbj+wOexiCSEW2J4Erqd0LRV25aYiOx4QRw=",
"owner": "SuperSandro2000",
"repo": "nixos-modules",
"rev": "9ae063877f8c5d42c39b739ae1d00f9657ad17f4",
"rev": "77ff511df92a9d4a828bdf032b8f48e7c3d99b50",
"type": "github"
},
"original": {
@ -501,27 +515,27 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1748762463,
"narHash": "sha256-rb8vudY2u0SgdWh83SAhM5QZT91ZOnvjOLGTO4pdGTc=",
"owner": "nixos",
"lastModified": 1739461644,
"narHash": "sha256-1o1qR0KYozYGRrnqytSpAhVBYLNBHX+Lv6I39zGRzKM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0d0bc640d371e9e8c9914c42951b3d6522bc5dda",
"rev": "97a719c9f0a07923c957cf51b20b329f9fb9d43f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"owner": "NixOS",
"ref": "nixos-24.11-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1743296961,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"lastModified": 1740877520,
"narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
"type": "github"
},
"original": {
@ -532,11 +546,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1748421225,
"narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=",
"lastModified": 1743367904,
"narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "78add7b7abb61689e34fc23070a8f55e1d26185b",
"rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c",
"type": "github"
},
"original": {
@ -546,12 +560,25 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1743472173,
"narHash": "sha256-xwNv3FYTC5pl4QVZ79gUxqCEvqKzcKdXycpH5UbYscw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88e992074d86ad50249de12b7fb8dbaadf8dc0c5",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": [
"stylix",
"flake-parts"
],
"flake-parts": "flake-parts_2",
"nixpkgs": [
"stylix",
"nixpkgs"
@ -559,11 +586,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1746056780,
"narHash": "sha256-/emueQGaoT4vu0QjU9LDOG5roxRSfdY0K2KkxuzazcM=",
"lastModified": 1741693509,
"narHash": "sha256-emkxnsZstiJWmGACimyAYqIKz2Qz5We5h1oBVDyQjLw=",
"owner": "nix-community",
"repo": "NUR",
"rev": "d476cd0972dd6242d76374fcc277e6735715c167",
"rev": "5479646b2574837f1899da78bdf9a48b75a9fb27",
"type": "github"
},
"original": {
@ -583,11 +610,11 @@
]
},
"locked": {
"lastModified": 1747372754,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
@ -606,11 +633,10 @@
"hydra": "hydra",
"hyprland-contrib": "hyprland-contrib",
"nix-index-database": "nix-index-database",
"nixos-cosmic": "nixos-cosmic",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable",
"pre-commit-hooks": "pre-commit-hooks",
"rust-overlay": "rust-overlay",
@ -627,11 +653,11 @@
]
},
"locked": {
"lastModified": 1748746145,
"narHash": "sha256-bwkCAK9pOyI2Ww4Q4oO1Ynv7O9aZPrsIAMMASmhVGp4=",
"lastModified": 1743475035,
"narHash": "sha256-uLjVsb4Rxnp1zmFdPCDmdODd4RY6ETOeRj0IkC0ij/4=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "12a0d94a2f2b06714f747ab97b2fa546f46b460c",
"rev": "bee11c51c2cda3ac57c9e0149d94b86cc1b00d13",
"type": "github"
},
"original": {
@ -647,11 +673,11 @@
]
},
"locked": {
"lastModified": 1747603214,
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
"lastModified": 1743502316,
"narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
"rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8",
"type": "github"
},
"original": {
@ -670,7 +696,7 @@
"flake-compat": [
"flake-compat"
],
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_2",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
"home-manager": [
@ -688,11 +714,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1748717073,
"narHash": "sha256-Yxo8A7BgNpRXTrB359LyfQ0NjJuiaLIS6sTTUCulEX0=",
"lastModified": 1743496321,
"narHash": "sha256-xhHg8ixBhZngvGOMb2SJuJEHhHA10n8pA02fEKuKzek=",
"owner": "danth",
"repo": "stylix",
"rev": "64b9f2c2df31bb87bdd2360a2feb58c817b4d16c",
"rev": "54721996d6590267d095f63297d9051e9342a33d",
"type": "github"
},
"original": {
@ -751,27 +777,28 @@
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1735730497,
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",
"lastModified": 1716423189,
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1744974599,
"narHash": "sha256-Fg+rdGs5FAgfkYNCs74lnl8vkQmiZVdBsziyPhVqrlY=",
"lastModified": 1741468895,
"narHash": "sha256-YKM1RJbL68Yp2vESBqeZQBjTETXo8mCTTzLZyckCfZk=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "28c26a621123ad4ebd5bbfb34ab39421c0144bdd",
"rev": "47c8c7726e98069cade5827e5fb2bfee02ce6991",
"type": "github"
},
"original": {
@ -783,11 +810,11 @@
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1745111349,
"narHash": "sha256-udV+nHdpqgkJI9D0mtvvAzbqubt9jdifS/KhTTbJ45w=",
"lastModified": 1740877430,
"narHash": "sha256-zWcCXgdC4/owfH/eEXx26y5BLzTrefjtSLFHWVD5KxU=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "e009f18a01182b63559fb28f1c786eb027c3dee9",
"rev": "d48ee86394cbe45b112ba23ab63e33656090edb4",
"type": "github"
},
"original": {

42
flake.nix
View File

@ -6,27 +6,22 @@
"https://cache.nixos.org/?priority=1&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true"
"https://attic.nayeonie.com/nix-cache"
"https://cosmic.cachix.org/"
];
trusted-substituters = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"https://attic.nayeonie.com/nix-cache"
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-cache:grGRsHhqNDhkEuTODvHJXYmoCClntC+U8XAJQzwMaZM="
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
"nix-cache:trR+y5nwpQHR4hystoogubFmp97cewkjWeqqbygRQRs="
];
trusted-users = [ "root" ];
allow-import-from-derivation = true;
fallback = true;
};
inputs = {
# flake inputs with no explicit deps (in alphabetic order)
flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
flake-parts.url = "github:hercules-ci/flake-parts";
nixos-hardware.url = "github:NixOS/nixos-hardware";
@ -36,11 +31,21 @@
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default";
# flake inputs with dependencies (in alphabetic order)
# attic = {
# url = "github:zhaofengli/attic";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# nixpkgs-stable.follows = "nixpkgs-stable";
# flake-compat.follows = "flake-compat";
# flake-parts.follows = "flake-parts";
# };
# };
firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
@ -56,9 +61,9 @@
hydra = {
url = "git+https://nayeonie.com/ahuston-0/hydra?ref=add-gitea-pulls";
inputs = {
nixpkgs.follows = "nixpkgs";
};
# inputs = {
# nixpkgs.follows = "nixpkgs";
# };
};
hyprland-contrib = {
@ -71,16 +76,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-cosmic = {
url = "github:lilyinstarlight/nixos-cosmic";
inputs = {
flake-compat.follows = "flake-compat";
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
rust-overlay.follows = "rust-overlay";
};
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
@ -158,7 +153,7 @@
}
);
inherit (lib.adev.systems) genSystems getImages;
inherit (self) outputs; # for hydra
inherit (self) outputs; # for hydra and packages
in
rec {
inherit lib; # for allowing use of custom functions in nix repl
@ -173,10 +168,7 @@
qcow = getImages nixosConfigurations "qcow";
};
packages.x86_64-linux.lego-latest =
nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/lego-latest/default.nix
{ };
packages = import ./pkgs { pkgs = nixpkgs.legacyPackages.x86_64-linux; };
checks = import ./checks.nix { inherit inputs forEachSystem formatter; };
devShells = import ./shell.nix { inherit inputs forEachSystem checks; };

6
lib/systems.nix
View File

@ -128,6 +128,7 @@ rec {
# configPath: path to the folder containing hardware.nix & configuration.nix
# hostname: hostname of the server
# inputs: flake inputs to be used
# outputs: flake outputs to be used, primarily for accessing custom packages
# src: base path of the repo
# users: list of users to be added
# home: enables home-manager on this machine (requires all users to have home-manager)
@ -149,7 +150,7 @@ rec {
configPath,
hostname,
inputs,
outputs,
outputs ? { },
src,
users,
home ? true,
@ -191,6 +192,7 @@ rec {
#
# args:
# inputs: flake-inputs to be distributed to each system config
# outputs: flake-outputs to be distributed to each system config
# src: the base path to the repo
# path: the path to read the systems from, should be a directory containing one directory per machine, each having at least the following
# - default.nix (with the extra params for constructSystem in it, see systems/palatine-hill/default.nix for an example)
@ -219,7 +221,7 @@ rec {
;
hostname = name;
}
// import configPath { inherit inputs; }
// import configPath { inherit inputs outputs; }
);
}
) (lib.adev.lsdir path)

5
modules/locale.nix
View File

@ -4,9 +4,8 @@
console.keyMap = lib.mkDefault "us";
i18n = {
defaultLocale = lib.mkDefault "en_US.UTF-8";
defaultCharset = "UTF-8";
#extraLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
defaultLocale = lib.mkDefault "en_US.utf8";
supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
extraLocaleSettings = lib.mkDefault {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";

14
modules/nix.nix
View File

@ -1,4 +1,9 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
outputs,
...
}:
{
nix = {
package = pkgs.nixVersions.latest;
@ -46,4 +51,11 @@
dates = [ "01:00" ];
};
};
nixpkgs.overlays = [
(_: _: {
# bring all packages into a namespace called rad-pkgs
rad-pkgs = lib.genAttrs (lib.attrNames outputs.packages) (pkg: outputs.packages.${pkg});
})
];
}

15
modules/update.nix
View File

@ -16,19 +16,4 @@
persistent = true;
flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git";
};
services.nix-verify = {
daily = {
enable = true;
verify-contents = false;
verify-trust = false;
};
weekly = {
enable = true;
verify-contents = true;
verify-trust = false;
frequency = "1week";
randomized-delay-sec = "6hour";
};
};
}

11
modules/users.nix
View File

@ -1,11 +0,0 @@
{
...
}:
{
users.groups = {
users = {
gid = 100;
};
};
}

110
modules/verify.nix
View File

@ -1,110 +0,0 @@
{
config,
lib,
...
}:
let
cfg = config.services.nix-verify;
verify-type =
with lib.types;
attrsOf (
submodule (
{ name, ... }:
{
options = {
enable = lib.mkEnableOption "verify status of nix store";
service-name = lib.mkOption {
type = lib.types.str;
description = "the name of the systemd service. ${name} by default";
default = name;
};
verify-contents = lib.mkEnableOption "verify contents of nix store";
verify-trust = lib.mkEnableOption "verify if each path is trusted";
signatures-needed = lib.mkOption {
type = lib.types.int;
description = "number of signatures needed when verifying trust. Not needed if verify-trust is disabled or not set.";
default = -1;
};
frequency = lib.mkOption {
type = lib.types.str;
description = "systemd-timer compatible time between pulls";
default = "1day";
};
randomized-delay-sec = lib.mkOption {
type = lib.types.str;
description = "systemd-timer compatible time randomized delay";
default = "0";
};
};
}
)
);
in
{
options = {
services.nix-verify = lib.mkOption {
type = verify-type;
default = { };
};
};
config =
let
verifiers = lib.filterAttrs (_: { enable, ... }: enable) cfg;
in
{
systemd.services = lib.mapAttrs' (
_:
{
service-name,
verify-contents,
verify-trust,
signatures-needed,
...
}:
lib.nameValuePair "nix-verifiers@${service-name}" {
requires = [ "multi-user.target" ];
after = [ "multi-user.target" ];
description =
"Verify nix store (verify-contents: ${lib.boolToString verify-contents}, verify-trust: "
+ "${lib.boolToString verify-trust}, signatures-needed: ${builtins.toString signatures-needed})";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart =
"${config.nix.package}/bin/nix store verify --all "
+ lib.optionalString (!verify-contents) "--no-contents "
+ lib.optionalString (!verify-trust) "--no-trust "
+ lib.optionalString (signatures-needed >= 0) "--sigs-needed ${signatures-needed}";
};
}
) verifiers;
systemd.timers = lib.mapAttrs' (
_:
{
service-name,
frequency,
randomized-delay-sec,
...
}:
lib.nameValuePair "nix-verifiers@${service-name}" {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = frequency;
OnUnitActiveSec = frequency;
RandomizedDelaySec = randomized-delay-sec;
Unit = "nix-verifiers@${service-name}.service";
};
}
) verifiers;
};
}

9
pkgs/default.nix Normal file
View File

@ -0,0 +1,9 @@
{ pkgs, ... }:
let
rad-maintainers = import ./maintainers.nix;
in
{
ftb-app = pkgs.callPackage ./ftb-app { inherit rad-maintainers; };
lego-latest = pkgs.callPackage ./lego-latest { inherit rad-maintainers; };
}

112
pkgs/ftb-app/default.nix Normal file
View File

@ -0,0 +1,112 @@
{
alsa-lib,
at-spi2-atk,
cairo,
cups,
dbus,
dpkg,
expat,
fetchurl,
gtk3,
gdk-pixbuf,
jre,
lib,
libdrm,
libgbm,
libxkbcommon,
makeWrapper,
mesa,
nspr,
nss,
pango,
rad-maintainers,
stdenv,
xorg,
...
}:
# source_aarch64=("https://piston.feed-the-beast.com/app/ftb-app-${pkgver}-arm64.deb")
# sha256sums_aarch64=(ad1197556a187693cbc488142562a0c17144e33056f1c914950c2f1496a4c532)
stdenv.mkDerivation rec {
pname = "ftb-app";
version = "1.27.3";
src = fetchurl {
url = "https://piston.feed-the-beast.com/app/ftb-app-linux-${version}-amd64.deb";
sha256 = "031a73g58vj35h33pmp3swjrjlg09ismdx46810sp7ihrpvs0ad6";
};
nativeBuildInputs = [
dpkg
makeWrapper
];
unpackPhase = ''
runHook preUnpack
dpkg -x $src ./ftb-app
runHook postUnpack
'';
installPhase = ''
runHook preInstall
mkdir -p "$out"
cp -r ftb-app/* "$out"
# Flatten /usr and manually merge lib/ and usr/lib/, since mv refuses to.
mv "$out"'/opt/FTB Electron App' "$out/bin"
mv "$out/usr/"* "$out/"
rmdir "$out/usr"
rmdir "$out/opt"
for f in "$out/share/applications/"*.desktop; do
substituteInPlace "$f" \
--replace-fail '/opt/FTB Electron App/ftb-app' "$out/bin/ftb-app"
done
# prevent self-upgrade with dpkg
rm "$out/bin/resources/package-type"
chmod +x "$out/bin/ftb-app"
libs="${nss}/lib/libnss3.so ${nss}/lib/libnssutil3.so ${nss}/lib/libsmime3.so "
libs+="${nspr}/lib/libnspr4.so ${dbus.lib}/lib/libdbus-1.so.3 "
libs+="${at-spi2-atk}/lib/libatk-1.0.so.0 ${cups.lib}/lib/libcups.so.2 "
libs+="${at-spi2-atk}/lib/libatk-bridge-2.0.so.0 "
libs+="${libdrm}/lib/libdrm.so.2 ${gtk3}/lib/libgtk-3.so.0 "
libs+="${pango.out}/lib/libpango-1.0.so.0 ${cairo}/lib/libcairo.so.2 "
libs+="${xorg.libX11}/lib/libX11.so.6 ${xorg.libXext}/lib/libXext.so.6 "
libs+="${xorg.libXcomposite}/lib/libXcomposite.so.1 "
libs+="${xorg.libXdamage}/lib/libXdamage.so.1 "
libs+="${xorg.libXfixes}/lib/libXfixes.so.3 ${expat}/lib/libexpat.so.1 "
libs+="${xorg.libXrandr}/lib/libXrandr.so.2 "
libs+="${xorg.libxcb}/lib/libxcb.so.1 ${alsa-lib}/lib/libasound.so.2 "
libs+="${libxkbcommon}/lib/libxkbcommon.so.0 "
libs+="${at-spi2-atk}/lib/libatspi.so.0 ${xorg.libXtst}/lib/libXtst.so.6 "
libs+="${gdk-pixbuf}/lib/libgdk_pixbuf-2.0.so.0 ${libgbm}/lib/libgbm.so.1"
echo "$libs"
for p in "$out/bin/ftb-app"; do
wrapProgram "$p" \
--set LD_PRELOAD "$libs" \
--set NIX_REDIRECTS "/usr/share=$out/share:"'/opt/FTB Electron Application'"=$out/bin" \
--set JAVA_HOME "${jre.home}"
# --prefix PATH : "{lib.makeBinPath [ gzip gnutar ]}"
done
runHook postInstall
'';
meta = with lib; {
description = "A new Modpack launcher for FTB and Curse modpacks.";
homepage = "https://feed-the-beast.com/app";
license = with licenses; [ lgpl21Only ];
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
maintainers = with rad-maintainers; [ ahuston-0 ];
platforms = [ "x86_64-linux" ];
mainProgram = "ftb-app";
};
}

3
pkgs/lego-latest/default.nix
View File

@ -2,6 +2,7 @@
lib,
fetchFromGitHub,
buildGoModule,
rad-maintainers,
}:
buildGoModule rec {
@ -31,7 +32,7 @@ buildGoModule rec {
description = "Let's Encrypt client and ACME library written in Go";
license = licenses.mit;
homepage = "https://go-acme.github.io/lego/";
maintainers = teams.acme.members;
maintainers = teams.acme.members ++ [ rad-maintainers.ahuston-0 ];
mainProgram = "lego";
};

77
pkgs/maintainers.nix Normal file
View File

@ -0,0 +1,77 @@
/*
Borrowed this from nixpkgs :)
List of NixOS maintainers.
```nix
handle = {
# Required
name = "Your name";
# Optional, but at least one of email, matrix or githubId must be given
email = "address@example.org";
matrix = "@user:example.org";
github = "GithubUsername";
githubId = your-github-id;
keys = [{
fingerprint = "AAAA BBBB CCCC DDDD EEEE FFFF 0000 1111 2222 3333";
}];
};
```
where
- `handle` is the handle you are going to use in nixpkgs expressions,
- `name` is a name that people would know and recognize you by,
- `email` is your maintainer email address,
- `matrix` is your Matrix user ID,
- `github` is your GitHub handle (as it appears in the URL of your profile page, `https://github.com/<userhandle>`),
- `githubId` is your GitHub user ID, which can be found at `https://api.github.com/users/<userhandle>`,
- `keys` is a list of your PGP/GPG key fingerprints.
Specifying a GitHub account ensures that you automatically:
- get invited to the @NixOS/nixpkgs-maintainers team ;
- once you are part of the @NixOS org, OfBorg will request you review
pull requests that modify a package for which you are a maintainer.
`handle == github` is strongly preferred whenever `github` is an acceptable attribute name and is short and convenient.
If `github` begins with a numeral, `handle` should be prefixed with an underscore.
```nix
_1example = {
github = "1example";
};
```
Add PGP/GPG keys only if you actually use them to sign commits and/or mail.
To get the required PGP/GPG values for a key run
```shell
gpg --fingerprint <email> | head -n 2
```
!!! Note that PGP/GPG values stored here are for informational purposes only, don't use this file as a source of truth.
More fields may be added in the future, however, in order to comply with GDPR this file should stay as minimal as possible.
When editing this file:
* keep the list alphabetically sorted, check with:
nix-instantiate --eval maintainers/scripts/check-maintainers-sorted.nix
* test the validity of the format with:
nix-build lib/tests/maintainers.nix
See `./scripts/check-maintainer-github-handles.sh` for an example on how to work with this data.
When adding a new maintainer, be aware of the current commit conventions
documented at [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#commit-conventions)
file located in the root of the Nixpkgs repo.
*/
{
ahuston-0 = {
name = "ahuston-0";
email = "aliceghuston@gmail.com";
github = "ahuston-0";
githubId = 43225907;
keys = [ { fingerprint = "F638 32C3 080D 6E1A C77E ECF8 0B42 45FF E305 BC82"; } ];
};
}

16
systems/artemision/configuration.nix
View File

@ -37,6 +37,11 @@
default = true;
};
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = {
@ -60,13 +65,12 @@
fwupd = {
enable = true;
# package =
# (import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
# sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
# }) { inherit (pkgs) system; }).fwupd;
package =
(import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
}) { inherit (pkgs) system; }).fwupd;
};
mullvad-vpn.enable = true;
fprintd.enable = lib.mkForce false;
openssh.enable = lib.mkForce false;

20
systems/artemision/desktop.nix
View File

@ -30,12 +30,29 @@
};
# Optional, hint electron apps to use wayland:
environment.sessionVariables.NIXOS_OZONE_WL = "1";
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
services = {
xserver = {
enable = true;
displayManager.session = [
{
manage = "desktop";
name = "hyprland";
start = ''
bash ${./hypr/wrappedhl} &
waitPID=$!
'';
}
];
displayManager.gdm = {
enable = true;
wayland = true;
};
};
dbus = {
enable = true;
@ -45,6 +62,9 @@
powerManagement = {
enable = true;
resumeCommands = ''
${pkgs.hyprlock}/bin/hyprlock -c /home/alice/.config/hypr/hyprlock.conf
'';
};
environment.systemPackages = with pkgs; [

19
systems/artemision/private-wifi.nix
View File

@ -1,19 +0,0 @@
{ ... }:
{
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
"192.168.76.1"
];
services.resolved = {
enable = true;
dnssec = "false";
domains = [ "~." ];
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
dnsovertls = "true";
};
}

3
systems/artemision/programs.nix
View File

@ -72,6 +72,7 @@
protontricks
proxychains
qrencode
rad-pkgs.ftb-app
redshift
restic
ripgrep
@ -100,6 +101,8 @@
unipicker
unzip
uutils-coreutils-noprefix
ventoy
vesktop
vscode
watchman
wget

12
systems/artemision/secrets.yaml
View File

@ -10,9 +10,13 @@ example_booleans:
- ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool]
apps:
spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str]
wifi-env: ENC[AES256_GCM,data:2BM4wQq+RfASkg9lcH+fW7eD0VaPJMXABp3z0sYXqZbVzv9R9eAxSokxzcifT/1JK8PBwvZkWtEFrKAT3phXIZzoEySnGKGYazz8fqWWWhMJotLNNo5VkX70hLppgE9vYxf9vQSq0PLWYCN0jUO0H9mHjOT6mDzKUHegcC53jzkNY3WTfLkyzDWJVMP9IbVQ22N5QlJbzZNqrNTaOtcRm06PBz7pNuEKOy4jj5ipZOh6ceR81Xy6BXM7MzFN27lYbzfVvcDmlwqPORAmr7/00QBy2cp38rTswJEzYf1x2Q==,iv:DSTVPw9qtmo02/usZZDpHsYlX3sSW+2XrnawtBkRNmQ=,tag:3p3eW+3BEQrOmHlBNUEOaA==,type:str]
wifi-env: ENC[AES256_GCM,data:G+z+fURk4rT61I5BiFzEJJt35jywPNrGpn1QGNhjvxrqPQ/Sq/hIHmQo+bqe9yJeDgMX3RY4EaiZxFTJyxPfW1czjuMSj3vbTp0WcDmGvUJ7li2pX2pzolgly4qmgoOluGBeRZWVLLOZYFB2+kLRMJNNz/bP5k2Eq6O4+l4sljPM+abn9iz9Eh46rVOVRkmDzCltJrYiuBSiSPhTDRTP2+gUbgbaUJTkVrVLUBHg3QU6az6VPN8DPZxbx4LtdaIb93pI,iv:uUfJK/iPdyLP7LqZJolTGGTxaEzlJI59bUVNcB1etkU=,tag:tvXSXSW1MIhLJceEK1afuw==,type:str]
#ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: |
@ -23,8 +27,8 @@ sops:
d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR
D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-15T15:37:51Z"
mac: ENC[AES256_GCM,data:qJ8NdnzVrgQb0rGwjZFHrS+eJrUjQEk4M4uo5bnk4eY7aKaHejARcYOIhp0H/DMdlix+Dm3DAAeeRWn8AKCatXaSzYD/VHHbjfp0lKBCsC8CZFeCELQ5GGEHnVot3WGb4J+QdfupwdduExSSMd6XeZGFVbSGhLzRbiiWA+i8I3o=,iv:oxWiDCH60apKT0/fJbWp1cIZ9cvd6mJKlP3xAjMBXIo=,tag:0We6eCJnsncujCt+CwK9UQ==,type:str]
lastmodified: "2024-11-28T18:57:09Z"
mac: ENC[AES256_GCM,data:hKhAo7rDplLm19PlrKHQwxnDVXCMU/xpAxPALLDBa0M3yypy2QVD6c6Atn897tYRKf7oeLaUKqnUYdCcZ9gVgm37LS+GtRhf66zfvcKqhZF8wh3M0zTDPYpQDhex0N4BAJ/dcaYIbxqE9pEUxJOI5jip/hptaCJItTEe7oARcF4=,iv:EUayxLaOPcnWX+S9+RlHrxzJRLlSSLIwqbAq3fFI4yg=,tag:LiBsqIodTWamO+c8FqGBag==,type:str]
pgp:
- created_at: "2024-11-28T18:57:09Z"
enc: |-
@ -39,4 +43,4 @@ sops:
-----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.9.1

34
systems/artemision/wifi.nix
View File

@ -1,13 +1,9 @@
{ config, lib, ... }:
{ config, ... }:
let
always = 100;
home = 99;
public_wifi = false;
in
{
imports = lib.optionals (!public_wifi) [
./private-wifi.nix
];
networking.wireless = {
enable = true;
secretsFile = config.sops.secrets."wifi-env".path;
@ -28,19 +24,29 @@ in
"24HuFios".pskRaw = "ext:PASS_longboat_home";
"Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie";
"Fios-Qn3RB".pskRaw = "ext:PASS_parkridge";
"Mojo Dojo Casa House".pskRaw = "ext:PASS_Carly";
# Public wifi connections
# set public_wifi on line 5 to true if connecting to one of these
#"optimumwifi" = { };
#"CableWiFi" = { };
#"Hilton Honors" = { };
# Work wifi
"optimumwifi" = { };
"CableWiFi" = { };
"JPMCVisitor" = { };
};
};
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
"192.168.76.1"
];
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
dnsovertls = "true";
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {

2
systems/palatine-hill/acme.nix
View File

@ -31,7 +31,7 @@
openssl
]
++ [
outputs.packages.x86_64-linux.lego-latest
outputs.packages.lego-latest
]
);

7
systems/palatine-hill/attic/default.nix
View File

@ -10,10 +10,6 @@
attic-client
];
systemd.services.atticd.environment = {
RUST_LOG = "INFO";
};
services = {
atticd = {
enable = true;
@ -38,9 +34,6 @@
bucket = "cache-nix-dot";
endpoint = "https://minio.nayeonie.com";
};
garbage-collection = {
interval = "5 minutes";
};
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs

24
systems/palatine-hill/configuration.nix
View File

@ -17,7 +17,6 @@
./minio.nix
./networking.nix
./nextcloud.nix
#./plex
./postgresql.nix
./samba.nix
./zfs.nix
@ -58,37 +57,16 @@
};
};
environment = {
systemPackages = with pkgs; [
environment.systemPackages = with pkgs; [
chromedriver
chromium
docker-compose
filebot
intel-gpu-tools
jellyfin-ffmpeg
jq
yt-dlp
yq
];
etc = {
# Creates /etc/lynis/custom.prf
"lynis/custom.prf" = {
text = ''
skip-test=BANN-7126
skip-test=BANN-7130
skip-test=DEB-0520
skip-test=DEB-0810
skip-test=FIRE-4513
skip-test=HRDN-7222
skip-test=KRNL-5820
skip-test=LOGG-2190
skip-test=LYNIS
skip-test=TOOL-5002
'';
mode = "0440";
};
};
};
services = {
samba.enable = true;

3
systems/palatine-hill/default.nix
View File

@ -3,8 +3,5 @@
users = [ "alice" ];
modules = [
# inputs.attic.nixosModules.atticd
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.supermicro
];
}

3
systems/palatine-hill/docker/act-runner.nix
View File

@ -12,7 +12,6 @@ in
virtualisation.oci-containers.containers = {
act-stable-latest-main = {
image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [
"--stop-signal=SIGINT"
];
@ -36,7 +35,6 @@ in
act-stable-latest-1 = {
image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [
"--stop-signal=SIGINT"
];
@ -59,7 +57,6 @@ in
act-stable-latest-2 = {
image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [
"--stop-signal=SIGINT"
];

124
systems/palatine-hill/docker/arr.nix
View File

@ -1,124 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
bazarr = {
image = "ghcr.io/linuxserver/bazarr:latest";
ports = [ "6767:6767" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/bazarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
prowlarr = {
image = "ghcr.io/linuxserver/prowlarr:latest";
ports = [ "9696:9696" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.primary_docker}/prowlarr:/config" ];
autoStart = true;
};
radarr = {
image = "ghcr.io/linuxserver/radarr:latest";
ports = [ "7878:7878" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/radarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
sonarr = {
image = "ghcr.io/linuxserver/sonarr:latest";
ports = [ "8989:8989" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/sonarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
lidarr = {
image = "ghcr.io/linuxserver/lidarr:latest";
ports = [ "8686:8686" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/lidarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
readarr = {
image = "ghcr.io/linuxserver/readarr:latest";
ports = [ "8787:8787" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/readarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
unpackerr = {
image = "golift/unpackerr:latest";
user = "600:100";
environment = {
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/unpackerr:/config"
"${vars.primary_plex_storage}:/data"
];
autoStart = true;
};
overseerr = {
image = "lscr.io/linuxserver/overseerr";
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.primary_docker}/overseerr:/config" ];
# TODO: remove ports later since this is going through web
ports = [ "5055:5055" ]; # Web UI port
dependsOn = [
"radarr"
"sonarr"
];
extraOptions = [ "--network=haproxy-net" ];
autoStart = true;
};
};
}

1
systems/palatine-hill/docker/default.nix
View File

@ -8,7 +8,6 @@
{
imports = [
./act-runner.nix
./arr.nix
# temp disable archiveteam for tiktok archiving
#./archiveteam.nix
# ./books.nix

1
systems/palatine-hill/docker/glances.nix
View File

@ -8,7 +8,6 @@ in
virtualisation.oci-containers.containers = {
glances = {
image = "nicolargo/glances:latest-full";
pull = "always";
extraOptions = [
"--pid=host"
"--network=haproxy-net"

1
systems/palatine-hill/docker/minecraft.nix
View File

@ -39,7 +39,6 @@ in
virtualisation.oci-containers.containers = {
mc-router = {
image = "itzg/mc-router:latest";
pull = "always";
extraOptions = [
"--network=haproxy-net"
"--network=minecraft-net"

4
systems/palatine-hill/docker/nextcloud.nix
View File

@ -9,7 +9,6 @@ let
nextcloud-base = {
# image comes from running docker compose build in nextcloud-docker/.examples/full/apache
image = "nextcloud-nextcloud";
pull = "always";
hostname = "nextcloud";
volumes = [
"${nextcloud_path}/nc_data:/var/www/html:z"
@ -33,7 +32,6 @@ in
};
redis = {
image = "redis:latest";
pull = "always";
user = "600:600";
volumes = [
"${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
@ -49,7 +47,6 @@ in
};
go-vod = {
image = "radialapps/go-vod:latest";
pull = "always";
dependsOn = [ "nextcloud" ];
environment = {
NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";
@ -61,7 +58,6 @@ in
};
collabora-code = {
image = "collabora/code:latest";
pull = "always";
dependsOn = [ "nextcloud" ];
environment = {
aliasgroup1 = "https://collabora.nayenoie.com:443";

22
systems/palatine-hill/docker/openvpn/se.protonvpn.udp.ovpn
View File

File diff suppressed because one or more lines are too long

87
systems/palatine-hill/docker/torr.nix
View File

@ -1,8 +1,7 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
let
delugeBase = {
pull = "always";
environment = {
PUID = "600";
PGID = "100";
@ -20,31 +19,18 @@ let
deluge_path = "${torr_path}/deluge";
delugevpn_path = "${torr_path}/delugevpn";
#genSopsConfWg = file: {
# "${file}" = {
# format = "binary";
# sopsFile = ./wg/${file};
# path = "${delugevpn_path}/config/wireguard/configs/${file}";
# owner = "docker-service";
# group = "users";
# restartUnits = [ "docker-delugeVPN.service" ];
# };
#};
genSopsConfOvpn = file: {
genSopsConf = file: {
"${file}" = {
format = "binary";
sopsFile = ./openvpn/${file};
path = "${delugevpn_path}/config/openvpn/configs/${file}";
sopsFile = ./wg/${file};
path = "${delugevpn_path}/config/wireguard/configs/${file}";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
in
{
virtualisation.oci-containers.containers = {
deluge = delugeBase // {
image = "binhex/arch-deluge";
@ -59,26 +45,25 @@ in
];
};
delugeVPN = delugeBase // {
image = "binhex/arch-delugevpn:latest";
capabilities = {
NET_ADMIN = true;
};
autoRemoveOnStop = false;
image = "binhex/arch-delugevpn";
extraOptions = [
"--privileged=true"
"--sysctl"
"net.ipv4.conf.all.src_valid_mark=1"
];
environment = delugeBase.environment // {
VPN_ENABLED = "yes";
VPN_CLIENT = "openvpn";
VPN_PROV = "protonvpn";
VPN_CLIENT = "wireguard";
VPN_PROV = "custom";
ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.0.0/16";
ENABLE_STARTUP_SCRIPTS = "yes";
#NAME_SERVERS = "194.242.2.9";
#NAME_SERVERS = "9.9.9.9";
NAME_SERVERS = "194.242.2.9";
# note, delete /config/perms.txt to force a bulk permissions update
};
environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
volumes = [
"${delugevpn_path}/config:/config"
"${deluge_path}/data:/data" # use common torrent path yuck
"${delugevpn_path}/data:/data"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
@ -86,9 +71,6 @@ in
"8119:8118"
"39275:39275"
"39275:39275/udp"
"48346:48346"
"48346:48346/udp"
];
};
};
@ -97,34 +79,25 @@ in
serviceConfig = {
ExecStartPre = [
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
+ "-type l -not -name network.ovpn "
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
+ "-type l -not -name wg0.conf "
+ "| ${pkgs.coreutils}/bin/shuf -n 1 "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
)
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
+ "-type l "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
)
];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
};
};
sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
"docker/delugevpn" = {
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
"docker/protonvpn-start-script" = {
path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
sops.secrets =
(genSopsConf "se-mma-wg-001.conf")
// (genSopsConf "se-mma-wg-002.conf")
// (genSopsConf "se-mma-wg-003.conf")
// (genSopsConf "se-mma-wg-004.conf")
// (genSopsConf "se-mma-wg-005.conf")
// (genSopsConf "se-mma-wg-101.conf")
// (genSopsConf "se-mma-wg-102.conf")
// (genSopsConf "se-mma-wg-103.conf");
}

9
systems/palatine-hill/firewall.nix
View File

@ -24,15 +24,6 @@
# collabora
9980
# arr
6767
9696
7878
8989
8686
8787
5055
];
}

18
systems/palatine-hill/gitea.nix
View File

@ -10,7 +10,7 @@ in
{
services.gitea = {
enable = true;
appName = "Nayeonie's Trove";
appName = "The Hearth";
database = {
type = "postgres";
passwordFile = config.sops.secrets."gitea/dbpass".path;
@ -27,12 +27,6 @@ in
SSH_PORT = 2222;
SSH_LISTEN_PORT = 2223;
START_SSH_SERVER = true;
PUBLIC_URL_DETECTION = "auto";
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_MERGE_STYLE = "rebase-merge";
};
service = {
DISABLE_REGISTRATION = true;
@ -51,15 +45,6 @@ in
host = "192.168.76.2";
port = "8088";
};
"storage.minio" = {
STORAGE_TYPE = "minio";
MINIO_ENDPOINT = "minio.nayeonie.com";
MINIO_BUCKET = "gitea";
MINIO_LOCATION = "us-east-1";
MINIO_USE_SSL = true;
MINIO_INSECURE_SKIP_VERIFY = false;
MINIO_BUCKET_LOOKUP_TYPE = "auto";
};
};
stateDir = base_path;
lfs.enable = true;
@ -75,6 +60,5 @@ in
sops.secrets = {
"gitea/dbpass".owner = "gitea";
"gitea/minio".owner = "gitea";
};
}

10
systems/palatine-hill/hydra.nix
View File

@ -82,10 +82,10 @@ in
'';
};
# nix-serve = {
# enable = true;
# secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
# };
nix-serve = {
enable = true;
secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
};
prometheus = {
enable = true;
webExternalUrl = "https://prom.alicehuston.xyz";
@ -134,7 +134,7 @@ in
sops = {
secrets = {
"hydra/environment".owner = "hydra";
# "nix-serve/secret-key".owner = "root";
"nix-serve/secret-key".owner = "root";
"alice/gha-hydra-token" = {
sopsFile = ../../users/alice/secrets.yaml;
owner = "hydra";

28
systems/palatine-hill/plex/default.nix
View File

@ -1,28 +0,0 @@
{
pkgs,
...
}:
let
vars = import ../vars.nix;
in
{
services.plex = {
enable = true;
dataDir = vars.primary_plex;
};
systemd.services.plex_permission = {
description = "maintains plex permissions";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash ${./plex_permission.sh}";
};
};
systemd.timers.plex_permission = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1h";
OnCalendar = "daily 03:00";
Unit = "plex_permission.service";
};
};
}

7
systems/palatine-hill/plex/plex_permission.sh
View File

@ -1,7 +0,0 @@
#!/bin/bash
plex_dir="/ZFS/ZFS-primary/plex"
chown docker-service:users -R "$plex_dir"
find "$plex_dir" -type f -exec chmod 664 {} \;
find "$plex_dir" -type d -exec chmod 775 {} \;

119
systems/palatine-hill/postgresql.nix
View File

@ -19,9 +19,6 @@ in
enable = true;
enableJIT = true;
package = pkgs.postgresql_16;
configurePgStatStatements = true;
enableAllPreloadedLibraries = true;
#preloadAllExtensions = true;
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
@ -31,126 +28,13 @@ in
'';
# initialScript = config.sops.secrets."postgres/init".path;
ensureDatabases = [
"atticd"
"alice"
];
ensureDatabases = [ "atticd" ];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
{
name = "alice";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
login = true;
createrole = true;
createdb = true;
replication = true;
};
}
];
# Thank you NotAShelf
# https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74
# commented out statements are likely overriden by pgtune settings
# https://pgtune.leopard.in.ua/?dbVersion=17&osType=linux&dbType=web&cpuNum=64&totalMemory=8&totalMemoryUnit=GB&connectionNum=1024&hdType=hdd
settings = {
# Connectivity;
# max_connections = 100;
superuser_reserved_connections = 3;
# Memory Settings;
#shared_buffers = "1024 MB";
#work_mem = "32 MB";
#maintenance_work_mem = "320 MB";
#huge_pages = "off";
#effective_cache_size = "2 GB";
#effective_io_concurrency = 100; # concurrent IO only really activated if OS supports posix_fadvise function;
#random_page_cost = 1.25; # speed of random disk access relative to sequential access (1.0);
# Monitoring;
#shared_preload_libraries = "pg_stat_statements,auto_explain"; # per statement resource usage stats & log explain statements for slow queries
track_io_timing = "on"; # measure exact block IO times;
track_functions = "pl"; # track execution times of pl-language procedures if any;
# Replication;
wal_level = "replica"; # consider using at least "replica";
max_wal_senders = 0;
synchronous_commit = "on";
# Checkpointing: ;
checkpoint_timeout = "15 min";
#checkpoint_completion_target = 0.9;
#max_wal_size = "1024 MB";
#min_wal_size = "512 MB";
# WAL writing;
wal_compression = "on";
wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default);
wal_writer_delay = "200ms";
wal_writer_flush_after = "1MB";
# Background writer;
bgwriter_delay = "200ms";
bgwriter_lru_maxpages = 100;
bgwriter_lru_multiplier = 2.0;
bgwriter_flush_after = 0;
# Parallel queries: ;
#max_worker_processes = 6;
#max_parallel_workers_per_gather = 3;
#max_parallel_maintenance_workers = 3;
#max_parallel_workers = 6;
parallel_leader_participation = "on";
# Advanced features ;
enable_partitionwise_join = "on";
enable_partitionwise_aggregate = "on";
jit = "on";
jit_above_cost = 100000;
jit_inline_above_cost = 150000;
jit_optimize_above_cost = 500000;
# log slow queries
log_min_duration_statement = 100;
"auto_explain.log_min_duration" = 100;
# logging configuration
log_connections = true;
log_statement = "all";
logging_collector = true;
log_disconnections = true;
# from pgtune
# DB Version: 17
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 8 GB
# CPUs num: 64
# Connections num: 1024
# Data Storage: hdd
max_connections = 1024;
shared_buffers = "2GB";
effective_cache_size = "6GB";
maintenance_work_mem = "512MB";
checkpoint_completion_target = 0.9;
#wal_buffers = "16MB"; allow auto-tuning as per above
default_statistics_target = 100;
random_page_cost = 4;
effective_io_concurrency = 2;
work_mem = "512kB";
huge_pages = "off";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 64;
max_parallel_workers_per_gather = 4;
max_parallel_workers = 64;
max_parallel_maintenance_workers = 4;
};
refreshCollation = true;
vacuumAnalyzeTimer.enable = true;
@ -164,7 +48,6 @@ in
"hydra-send-stats"
"hydra-server"
"atticd"
"gitea"
];
};
};

3
systems/palatine-hill/samba.nix
View File

@ -2,13 +2,14 @@
{
services.samba = {
enable = true;
securityType = "user";
openFirewall = true;
settings = {
global = {
security = "user";
"workgroup" = "WORKGROUP";
"server string" = "palatine-hill";
"netbios name" = "palatine-hill";
"security" = "user";
#"use sendfile" = "yes";
#"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1

13
systems/palatine-hill/secrets.yaml
View File

@ -10,7 +10,6 @@ postgres:
init: ENC[AES256_GCM,data:trwA30EswHEPa6V2GuHsGgU4NK/j/UQveldwHng0Ilwyqh9aZCgF3axP48MmcciBssux8DZ4O5U=,iv:VC+tpG5yuiBE7pjZ85lYCwHG/bTePxeXQDz2zyLyLYA=,tag:5+jwWTv5T5YWwQpR58QfOA==,type:str]
gitea:
dbpass: ENC[AES256_GCM,data:8jECcEJ8JnK7fztTckzLrQ==,iv:yQMp5VrierOKXwiop0NUA7Qbn2eH5iUCVlKppZwKLIQ=,tag:rI9WT7zLIaFxVcTu3ufW4g==,type:str]
minio: ENC[AES256_GCM,data:LxY6AD+CZ9VQEl5FrG6o0XiOiizLcwiLiyH1WJD8mMCPWhDjGzt+k+YPOm1BpWzTZF8+2EoxR9oKFJu9mzTibl2Ieits0/RNwh1VdQALXw3FwfRym7CFS+Z5S8H9kGMoXWRrr+I5,iv:g/wq0r2HKfX2AwirT4hm/H1Ms/mtbf4ZuFLISikRyoI=,tag:he99s/WpKoN+lHR8r4K30w==,type:str]
upsmon:
password: ENC[AES256_GCM,data:52Rxsh7KUq+aYjQORBC+Yq5B,iv:F05g/a5bv7DQ+eLlMqsNeRHLxzl7AyXU1zAlmFevQ6o=,tag:xkGDD3hDF+u5fUbP33OrlA==,type:str]
minio:
@ -23,8 +22,6 @@ docker:
redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
collabora: ENC[AES256_GCM,data:LPRkzPEv5qfzeWSDbf+L+0asfmiK5Mhj8jCdfVyvVQAaD75Cbo4qLD0Nc80z,iv:/l2vAyYYJChhv6T+JkHT4I74ZpdhvbVqxlDWIM4Y4bw=,tag:/+uzn1vtd1RnO9/lGiQAKA==,type:str]
delugevpn: ENC[AES256_GCM,data:YGkgaQUuA9oteKD77tnFzxZSHctyOQjMNlfvJr3mPWAl2P8wfcshiUoa6SNp69pagxbzRV6mfuzwzinbkQCoZN3lw7uF76y0,iv:Bro0H4tFR+3wi9DGGq9a6ge4o4uPlVXBUF7h17zyqg8=,tag:N1kVNFasqGMx8R9qTq2dJA==,type:str]
protonvpn-start-script: ENC[AES256_GCM,data:ZnlDpCLdILHXSUCI6itWkqO4y75Lwjj7qT1DBkfueLneQOaQ0JhuE2FbOOajkmI046nP9fMrJbu3g4QZHsq1g8yqGU1wb0OOT+eS9+M92Md29B4NnUdwnVAO6/RzvRKXP2tsQ4iprx9An+BEFwZYD6WG6DQc6NjJVSgRcYvfH9rQey2VdwLysNsgFCs8eC6QgikqBpeg4eOIvDDNbdXPKkW+ZPph9xpzGkcFIMwlX5esg0n7qyUoMvWwBn4avC46U5erOw0fNajY60ri9sm5Afht6LZrFal71Hx/K9/5EXBp9dD4teLO2Ew0CQX0i94pKCuR207l9868s7Ao3udLp4wbiLnXoRKq+w==,iv:qR0kNYpb50NXEqSksvHBPAaRG51RKCsSwTq32nosxzo=,tag:+xRQyuWi4Ja/N9lcd11oJA==,type:str]
acme:
bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
@ -33,6 +30,10 @@ server-validation:
typhon:
hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: |
@ -43,8 +44,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-01T23:54:50Z"
mac: ENC[AES256_GCM,data:xBSrKfuBEXYVqLhZF903HbLaCpgXyuo3r7/FUBPM9Pl+rKUGx8p7LKCIec2NPCGO8ylQvC8T2mochSHSAvN339nxPlQ7f/tKWc6QgicaX4Sb4k0wJdqamSJTq4mkg8482HOUiFCSi3lA3zWC3Y9ZixESmEWTbxe9sQ51Vo69lkw=,iv:XiGVzryZwo5UmJe7I8pkg5IEdms0vR9iRdlFu2wjUeI=,tag:jhOuV+aZd5rQF0xg+0tvOg==,type:str]
lastmodified: "2025-03-26T05:47:58Z"
mac: ENC[AES256_GCM,data:ZP9HglMmn9FDv6/vtQAxz/qP76QniPqM6bzMQVvVU/OhDmjuneGKZY7d1Es7LC9o5qmJ+T3Dh3/bkmuRdgdnd2TO6iuvM++DEPxwnoHis+0lbMxv5a6ibzvoXXm2CrL4HPETqLKbLahGJRmDNgnkCEWxAs16zrqe5kgDpD53R5c=,iv:DcCXNGyb41ToV9uSnrnrl0dWiw2pvykM8z86Yk814P4=,tag:T9PFl48qABwBSy7vIhSmLA==,type:str]
pgp:
- created_at: "2024-11-28T18:56:39Z"
enc: |-
@ -59,4 +60,4 @@ sops:
-----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.9.4

2
systems/palatine-hill/vars.nix
View File

@ -17,6 +17,4 @@ rec {
primary_nextcloud = "${zfs_primary}/nextcloud";
primary_redis = "${zfs_primary}/redis";
primary_torr = "${zfs_primary}/torr";
primary_plex = "${zfs_primary}/plex";
primary_plex_storage = "${zfs_primary}/plex_storage";
}

35
systems/selinunte/audio.nix
View File

@ -1,35 +0,0 @@
{ pkgs, ... }:
{
# rtkit is optional but recommended
security.rtkit.enable = true;
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
pipewire.wireplumber.configPackages = [
(pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'')
];
blueman.enable = true;
};
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
environment.systemPackages = with pkgs; [ pavucontrol ];
programs.noisetorch.enable = true;
}

49
systems/selinunte/configuration.nix
View File

@ -1,49 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./audio.nix
./desktop.nix
./fonts.nix
./graphics.nix
./polkit.nix
./programs.nix
./steam.nix
./stylix.nix
];
time.timeZone = "America/New_York";
# temp workaround for building while in nixos-enter
#services.logrotate.checkConfig = false;
networking = {
hostId = "9f2e1ff9";
firewall.enable = true;
useNetworkd = true;
};
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_xanmod;
useSystemdBoot = true;
default = true;
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = {
flatpak.enable = true;
gvfs.enable = true;
openssh.enable = lib.mkForce false;
};
system.stateVersion = "25.11";
sops = {
defaultSopsFile = ./secrets.yaml;
};
}

23
systems/selinunte/default.nix
View File

@ -1,23 +0,0 @@
{ inputs, ... }:
{
system = "x86_64-linux";
home = true;
sops = true;
server = false;
users = [ "alice" ];
modules = [
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
inputs.stylix.nixosModules.stylix
{
environment.systemPackages = [
inputs.wired-notify.packages.x86_64-linux.default
inputs.hyprland-contrib.packages.x86_64-linux.grimblast
];
}
];
}

38
systems/selinunte/desktop.nix
View File

@ -1,38 +0,0 @@
{ pkgs, ... }:
{
# installs hyprland, and its dependencies
programs = {
hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
};
hyprlock.enable = true;
ydotool.enable = true;
};
# Optional, hint electron apps to use wayland:
environment.sessionVariables.NIXOS_OZONE_WL = "1";
services = {
displayManager.gdm = {
enable = true;
wayland = true;
};
dbus = {
enable = true;
implementation = "broker";
};
};
powerManagement = {
enable = true;
};
environment.systemPackages = with pkgs; [
libsForQt5.qt5.qtwayland
qt6.qtwayland
];
}

15
systems/selinunte/fonts.nix
View File

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
fonts = {
fontconfig.enable = true;
enableDefaultPackages = true;
packages = with pkgs.nerd-fonts; [
fira-code
droid-sans-mono
hack
dejavu-sans-mono
noto
open-dyslexic
];
};
}

40
systems/selinunte/graphics.nix
View File

@ -1,40 +0,0 @@
{ config, pkgs, ... }:
{
hardware.graphics = {
## radv: an open-source Vulkan driver from freedesktop
enable = true;
enable32Bit = true;
};
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

96
systems/selinunte/hardware.nix
View File

@ -1,96 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"usbhid"
"sd_mod"
"ip_vs"
"ip_vs_rr"
"nf_conntrack"
];
initrd.kernelModules = [
"dm-snapshot"
"r8152"
];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
kernelParams = [
"amdgpu.sg_display=0"
"amdgpu.graphics_sg=0"
"amdgpu.abmlevel=3"
];
};
fileSystems = {
"/" = lib.mkDefault {
device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/home" = {
device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/nix" = {
device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/5AD7-6005";
fsType = "vfat";
options = [
"noatime"
"nodiratime"
];
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/3ec276b5-9088-45b0-9cb4-60812f2d1a73"; } ];
boot.initrd.luks.devices = {
"nixos-pv" = {
device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a";
preLVM = true;
allowDiscards = true;
};
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

22
systems/selinunte/polkit.nix
View File

@ -1,22 +0,0 @@
{ pkgs, ... }:
{
security.polkit.enable = true;
environment.systemPackages = with pkgs; [ polkit_gnome ];
systemd = {
user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
}

112
systems/selinunte/programs.nix
View File

@ -1,112 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
act
alacritty
attic-client
amdgpu_top
bat
bitwarden-cli
bfg-repo-cleaner
btop
calibre
# calibre dedrm?
candy-icons
chromium
chromedriver
croc
deadnix
direnv
easyeffects
eza
fanficfare
ferium
fd
file
firefox
# gestures replacement
git
glances
gpu-viewer
grim
helvum
htop
hwloc
ipmiview
iperf3
# ipscan
jp2a
jq
kdePackages.kdenlive
kitty
kubectl
kubernetes-helm
libreoffice-fresh
libtool
lsof
lynis
masterpdfeditor4
minikube
mons
mpv
# nbt explorer?
ncdu
nemo-with-extensions
neofetch
neovim
nix-init
nix-output-monitor
nix-prefetch
nix-tree
nixpkgs-fmt
nmap
obs-studio
obsidian
ocrmypdf
pciutils
#disabled until wxpython compat with python3.12
#playonlinux
prismlauncher
protonmail-bridge
protontricks
proxychains
qrencode
redshift
restic
ripgrep
rpi-imager
rofi-wayland
samba
signal-desktop
# signal in tray?
siji
simple-mtpfs
skaffold
slack
slurp
smartmontools
snyk
sops
spotify
spotify-player
#swaylock/waylock?
sweet-nova
telegram-desktop
terraform
tig
tokei
tree
unipicker
unzip
uutils-coreutils-noprefix
vesktop
vscode
watchman
wget
wl-clipboard
yq
yt-dlp
zoom-us
zoxide
];
}

0
systems/selinunte/secrets.yaml
View File

20
systems/selinunte/steam.nix
View File

@ -1,20 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.steam-run ];
hardware.steam-hardware.enable = true;
programs = {
gamescope = {
enable = true;
capSysNice = true;
};
steam = {
enable = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
extraCompatPackages = with pkgs; [ proton-ge-bin ];
gamescopeSession.enable = true;
extest.enable = true;
};
};
}

16
systems/selinunte/stylix.nix
View File

@ -1,16 +0,0 @@
{ pkgs, ... }:
# let
# randWallpaper = pkgs.runCommand "stylix-wallpaper" { } ''
# numWallpapers =
# $((1 + $RANDOM % 10))
# in
{
stylix = {
enable = true;
image = "${pkgs.hyprland}/share/hypr/wall2.png";
#image = "/home/alice/Pictures/Screenshots/screenshot_2024-12-04-2030.png";
polarity = "dark";
};
}

4
users/alice/home.nix
View File

@ -76,10 +76,12 @@
nix-prefetch
nix-tree
nh
nix-prefetch-scripts
# doom emacs dependencies
fd
ripgrep
ruff-lsp
pyright
# audit
@ -90,8 +92,6 @@
nodePackages.prettier
treefmt
gocryptfs
awscli2
];
};

6
users/alice/home/doom/custom.el
View File

@ -22,6 +22,6 @@
(setq! lsp-nix-nil-max-mem 20000)
(setq! lsp-nix-nil-formatter ["nixfmt"])
;; (add-hook 'python-mode-hook (lambda ()
;; (require 'sphinx-doc)
;; (sphinx-doc-mode t)))
(add-hook 'python-mode-hook (lambda ()
(require 'sphinx-doc)
(sphinx-doc-mode t)))

6
users/alice/home/doom/packages.el
View File

@ -81,9 +81,9 @@
(package! pacdiff.el
:recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE")))
;;(package! python-docstring-mode
;; :recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py")))
(package! python-docstring-mode
:recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py")))
;;(package! sphinx-doc)
(package! sphinx-doc)
;; https://github.com/glyph/python-docstring-mode.git

3
users/alice/home/git.nix
View File

@ -3,7 +3,6 @@
{
programs.git = {
enable = true;
lfs.enable = true;
signing = {
key = "5EFFB75F7C9B74EAA5C4637547940175096C1330";
signByDefault = true;
@ -29,8 +28,6 @@
color.ui = true;
init.defaultBranch = "main";
format.signoff = true;
pack.windowMemory = "2g";
pack.packSizeLimit = "1g";
};
};
}

2
users/alice/home/waybar.json
View File

@ -4,8 +4,8 @@
"layer": "top",
"position": "top",
"output": [
"eDP-1",
"eDP-2",
"eDP-1",
"HDMI-0",
"DP-0"
],

24
users/alice/home/zsh.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }:
{ ... }:
{
programs.zsh = {
@ -22,27 +22,7 @@
"z"
];
};
/*
To specify the order, use lib.mkOrder.
Common order values:
500 (mkBefore): Early initialization (replaces initExtraFirst)
550: Before completion initialization (replaces initExtraBeforeCompInit)
1000 (default): General configuration (replaces initExtra)
1500 (mkAfter): Last to run configuration
To specify both content in Early initialization and General configuration, use lib.mkMerge.
e.g.
initContent = let zshConfigEarlyInit = lib.mkOrder 500 do something; zshConfig = lib.mkOrder 1000 do something; in lib.mkMerge [ zshConfigEarlyInit zshConfig ];
*/
initContent = lib.mkOrder 1000 ''
initExtra = ''
# functions
function mount-data {
if [[ -f /home/alice/backup/.noconnection ]]; then

40
users/alice/non-server.nix
View File

@ -5,46 +5,6 @@
enable = true;
package = pkgs.emacs30-pgtk;
};
programs.vesktop = {
enable = true;
settings = {
appBadge = false;
arRPC = true;
checkUpdates = false;
customTitleBar = false;
hardwareAcceleration = true;
};
vencord.settings = {
autoUpdate = false;
autoUpdateNotification = false;
notifyAboutUpdates = false;
plugins = {
AnonymiseFileNames.enabled = true;
BetterFolders.enabled = true;
BetterGifAltText.enabled = true;
CallTimer.enabled = true;
ClearURLs.enabled = true;
CopyFileContents.enabled = true;
CtrlEnterSend.enabled = true;
CustomIdle = {
enabled = true;
remainInIdle = false;
};
FriendsSince.enabled = true;
GameActivityToggle.enabled = true;
ImplicitRelationships.enabled = true;
MutualGroupDMs.enabled = true;
QuickMention.enabled = true;
QuickReply.enabled = true;
ReplaceGoogleSearch = {
enabled = true;
customEngineName = "DuckDuckGo";
};
ReviewDB.enabled = true;
ShowConnections.enabled = true;
};
};
};
home.packages = with pkgs; [
cmake
shellcheck

19
users/alice/secrets.yaml
View File

@ -4,13 +4,16 @@ alice:
#ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment]
gha-hydra-token: ENC[AES256_GCM,data:CXdOiW9oYaVj4oqfiXSz9O9xIsB5ZyUac2WFSFD1ankZpnmQpv9TwolJxb6h8r+UM7Q9QzCCWk7KHe80lolZhpHa79bpcj+wt9v51ydj0Zy+3sufHS+JnGwmqBbw6dVqJ2uBr4nW2NADzHEbG8N367uKYEq2vazB4y02JiopXL8DHsYcx+Z4u7GJC/gYbpm9vnt8OVdYmfYRQ9BGSiaJOghDzpmCisEZdLpCLXM3cULn8yVUXIFWx8yF/6JrWN+myeoZiUFCL2sZmeSIswFg9kwBKXIsjBrz+EDXZzDCEr88UrEJ0j2+egsrG9BNlstVwC8oscYdbXWmYUdsCBNVxK3xjJYm9gDdSyo0DfSvTzK1t+/s9L1zC8uqj2TXYdVd6QyH2TRXxiPeNLYClRHT2UljymSpIVXOn/Okuo7dte+ZZqZVndT1lwK//2y8V3Hng+5wixfFFsQAd5oJzfraRSnM+RLZtjI3TMoyc5no3pVwV6zsCqRd2nvr7gieXUMWtSLb6YrM6tvhRpeiieYUqQ8NwHV0Avqco0I838o5yywVGSnUflGxnwYoGQIX70qoTcxNPGuiiiqSynh64e3nrlC9xN6EWuFpUNVfkBibZNRi+EyDAhK7LKwiPbL2z919N54vyzzoWA1KUFqxow+JsX+Q8rpnfJtag44F5qFt3/Be5PIMYVU7acXTiVJvM3cKPMQIBPXpQFX5OshwGhttGFuB53aWPHCzlhT4NDQbcZ/rLQ3bcytVpnH55WWze0Oe0zUZYGFc/rV9Fc4QjhR7/8pAi9kGUlKy2MYBamjmnCWlOnHPIQQLpPs/oiW+,iv:KL2P3O8Fnbn56hLX8PWIrigoPTBfIvMUpizKy3C3RIA=,tag:G0M/9iT9IWUSJ5ktUc/g5A==,type:str]
wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str]
attic-nix-cache-creator: ENC[AES256_GCM,data:ygWuPJfFZQVHtJ83DfB7VB84PNF0knLkOwD4A67NMNp8pU9pA9lI56RSyKDkFd+qYRBSeEXSepbSOA+BhvQaCZiVEiao3LBlh7/6Sp5ni+Rdt3hGKcd+JRQyedEmTkg9h8NbtR6LvI90EiMhyVg6WLCzlGAtFFBcSvIqssrC/KDHCjd4uMzXeW23wUB40dU1PpwkLPtcNVvIzgxqYRsRPFOXZxGxQYGpBWtzDveqgmeLwavhU481wHfCwqpyXJZflbR+UzWdr+zbmSFdJadlLdHeooNGvRC+av0MK4YMCCgu1Em34IeawpiesFhhj/IVGa2xQWjXE0MF3SDLvlh5yMqNPodTZ7FAEZgD7rTYIbaH8JHiYbgI6v7/ANPcFqw2eKT7wVP8cTL1yPedcZcU,iv:J7JYA98NHxM0tExfUdjkir6/+tkOkPLMBNdjXBP9fbA=,tag:WaCWmrzLgr9lDUL+jxeMNA==,type:str]
attic-nix-cache-reader: ENC[AES256_GCM,data:78jJJh332XvFx29HxNW7CULMNMsQ2xMTCIIk5oX5AimBoFXXVH7z9EGFbDimwfaYlsPK6xuU+9mnCnhCjCoGFRX9GQbW+Z2D9TGMsBfe3eztbWlcJ++EkWSCbHKEIGKTF13aRGrKRIOjIy9Gl3qZt4BnZtQPFMOzQO8u80M116u3w4ttqz9rzaIrXWB6GIMI5lWF5rQe5ML1vDgvL2KNMNkPAAm5O1Fv887woVcqxbPhiNhJGXBSiPZpe3PG8wP6z0GTe/GhMTPCOlVJIdsxKnEaRaTSAtVazFos5zSMvLYYrbj6ISoS9tEQ6bFMy6xl,iv:dGDSTtsQlwElerRXpT97uapzOh766bysZTQMjUEEJnM=,tag:OQOYmQqKywdSjUUXnELdpQ==,type:str]
attic-nix-cache-writer: ENC[AES256_GCM,data:IIrGw+MtZEZqJdNGPryN5xKg7UOP+0kjzpthhyRdQz0P3yS/vThSaV+VuduQq5WgnaNjXLA6LBU+cufmVmvrkeTkZ281976sLTbYzrPCW/hCy1+w7qdv6vauaFsLqtnmWlHNwCIkXbUvQWq56WvP6m1PuYaUIFYn3SUprQ1du+X0buK1FUOhSH4HXfiqpNJOomLhok9M0Tyzn8yK5Fn1dzmJ8tsgBczzhWeZzsj4TuksFLV2r6NXzeQp2jWQkxv39Eg6Lf+0eaHxWQFR4s2uKYzwdsDOnpSmUgXFTzVB6RGAEpasKkVZ2NfG4GeUKBFPDVJoR6ilLZA=,iv:e58OGCbgLIIzKfBALtrsYmWg9Gp0nySNYsJ3X5IWp4I=,tag:bnwBipVK3BSOizg8twQ4lQ==,type:str]
attic-nix-cache-admin: ENC[AES256_GCM,data:xHJGeU4EUn1HRy2nIValiJ6iLZnYmmT6Njv/cGMh15Q0hJXKNBSsi8f0mAfLI7EX+GaC299VKh2uTlU25jptrAvogLxNJIc+LZBLsSkyGE/ojqqevHMKmZ/6eciLZRQL5ey9TM3V9HHyDOhGaFgdfawtwg/vyvbV13lZBKpqneAX9T3gPRuKRjV4/Uc/5cUckiOF8bQ50xVFN8Cql9HgGDJEGWgg4XUTPu5eYspof2EN63pYvU7wg6HD2begeLDvqc2/i2DIcsc0wqc5DgkY/dH2YtcssBtU8AR9vKpl+HmH/wvt6dfaEyZ7hF7ITGwWnOO6H2ko3SjYRfHkFK3XDmm1YRRjfkptnw==,iv:BdVgNyZ1azl5tKfH+RTeXuNV/rYY6hPvrareKlIXSeQ=,tag:/ar87eAjMod4TmQXoerNBQ==,type:str]
attic-nix-cache-creator: ENC[AES256_GCM,data:P0iBdy4IYrxcq7v4wTgwwZvAfVdRFo08pi0zvpY9cP9BDCwbBnp+3qDKWL29rC7OxsaLtmRkvPmbkF3ZX3Yu5OaptwVg2Xi0vNqhk3gu5Fdj8ygPigB0ZtimkfWv1QkctoVoXKXuLv6Xd4XKPCWOOIekWlJsBRcyfyzkyFURkU9tBBkXyEAWItho/J8hJr6r00eA3EN4rTe8Ge+PGpfTfpZVpnoGrC35xPnGLq19+b44DectHDTkMZrZKxiCaVIgKUZDLaFgi6a6PsX+L1HQAIZukXJu3m4BPdvzzby+zgX24pVJOYjAUB2BwO9jUlMS6+7qo0p6k01uLicryfKx/ajdAHcy39tFHX7naA4JriC2/FgI2HlFGp0Lc+g0pfdCYwLs5QBfRaOHyrbFWUDG,iv:OBrgnewqBaug00ygAXs0eFs3LqcHqo1EW96N5I38A0o=,tag:V+Gn47O6AH1RwL9qJLpAkw==,type:str]
attic-nix-cache-reader: ENC[AES256_GCM,data:DWIkRri3lHJOVXIAbHWJL7cCV4FHjB91bbpPAib/5ZDKap3xjnxUjwswc7wjO1hCoV3+gmep1a64kma6MJts4bcAug5bPyrrPy//rVpCYvSbSmbPz5k4sW5GLU/Sf4NyBevsQo9KRrphpoSUQEFQB27vabYDjjkB051/qJo1B9B7nqmrSyd3np4YdyHAgUiMyJt0oqx8nXySz3XZU+DIM8/OhMZILpnEWIgyP2K7j8JNNpZZJ5sD/icUy6Vba/4LcKjtmYtfQ+HO1soyF6aMiQSjhp7fzJHktwa9kgB3oDzIg3KyCJYS2RNW7mW9Dd1T,iv:fvhGFU22KgknMpJbOkA3v29bKzRVX6hi7V7xJgSUjPg=,tag:TjGSUl0XXS7jlhP/NG4cvQ==,type:str]
attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str]
attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str]
gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str]
gitea-pr-token: ENC[AES256_GCM,data:ybTya4X2wd65pNFSGbQkg73lu66GNtSba4yf8J6tT8XkuOtfvtBS4g==,iv:39mJiAlw4kud4l06jOpxOCRumChE/5q8IBNsPHG1rMc=,tag:MEvHD2b9E3fVHLlz7haNyw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: |
@ -39,8 +42,8 @@ sops:
ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-07T23:43:57Z"
mac: ENC[AES256_GCM,data:ygQzxSpGJqXwkOq7jGDeflA2FTSSxnre/PXm0LxmxzQQW5s7LeIVSI75fMqWir0WU3Pi/xroYGEWjpCG6JvxV5RiJycTONk8VE7c3jtw3AbrHSS0b1K5tJ+Sf+q3rHJFWWk/COrPk8IsRFNb+taqH4jnaH3AAVNo5u0C1CHKMes=,iv:FO2GVDXE8SjjA81/9cDwc+dX8kJ2oHt5kqkhNBuMb54=,tag:hgzRAmsh32SCvJEvKyV+vg==,type:str]
lastmodified: "2025-03-26T15:28:13Z"
mac: ENC[AES256_GCM,data:BfEahKHAcnLc/PSagENBIVwxufJrjpMSC6U4hkkxNwcEJYDNAlrF0w00aiexLeX+UfVGIw19+SrNL5zuecEf+GaYzYNy9RE3c66KUM2B/cpuBuzkiwLaBCTfcWr7k8dW11BGFCmugRSG4w6wXKG5B/LyEKB6Vcvp0JRbCYSqZSY=,iv:97UzvdvQCtTLaLDrg6VEwiofHtSPGtaxuPLHfTAyIFA=,tag:r4r45OaV9ZRDzd56RGLFZw==,type:str]
pgp:
- created_at: "2024-09-05T06:10:22Z"
enc: |-
@ -55,4 +58,4 @@ sops:
-----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted
version: 3.10.1
version: 3.9.4

1
users/default.nix
View File

@ -14,7 +14,6 @@
hashedPasswordFile = config.sops.secrets."${name}/user-password".path or null;
openssh.authorizedKeys.keys = publicKeys;
extraGroups = [
"users"
"wheel"
"media"
(lib.mkIf config.networking.networkmanager.enable "networkmanager")

2
utils/diff-evals.sh
View File

@ -10,4 +10,4 @@ set -e
script_path=$(dirname "$(readlink -f $0)")
parent_path=$(dirname "$script_path")
nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --compare-drvs --allow-import-from-derivation --compare-output-to-file "$parent_path"
nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --compare-drvs --compare-output-to-file "$parent_path"

2
utils/eval-to-drv.sh
View File

@ -16,4 +16,4 @@ script_path=$(dirname "$(readlink -f $0)")
parent_path=$(dirname "$script_path")
out_path="$parent_path/$1.json"
nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --evaluate --allow-import-from-derivation --json "$out_path" "$parent_path"
nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --evaluate --json "$out_path" "$parent_path"

33
utils/inject-diff.py
View File

@ -1,33 +0,0 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#python3 --command python
import logging
def inject_diff():
source_file = 'post-diff'
target_file = 'pr_body.md'
placeholder = "nix-diff-placeholder"
logging.info(f"injecting '{source_file}' into '{target_file}' using '{placeholder}' as a placeholder")
out = []
with open(source_file,'r') as src:
src_content = src.read()
if len(src_content) > 60000:
logging.warning(f"{source_file} is longer than 60k characters, truncating")
src_content = src_content[:60000]
with open(target_file,'r') as tgt:
for line in tgt.readlines():
if placeholder in line:
out.append(line.replace(placeholder,src_content))
else:
out.append(line)
with open(target_file,'w') as tgt:
tgt.writelines(out)
if __name__ == "__main__":
logging.basicConfig( level=logging.INFO)
inject_diff()