ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:main
Branches Tags
ahuston-0:main
ahuston-0:update-flake-lock
ahuston-0:feature/add-jessica
ahuston-0:feature/gitea-minio
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:feature/gitea-minio
Branches Tags
ahuston-0:update-flake-lock
ahuston-0:main
ahuston-0:feature/add-jessica
ahuston-0:feature/gitea-minio
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes

No commits in common. "main" and "feature/gitea-minio" have entirely different histories.
main ... feature/gi

43 changed files with 156 additions and 943 deletions
Show Stats Expand all files Collapse all files

3
.github/workflows/flake-health-checks.yml vendored
View File

@ -5,9 +5,6 @@ on:
pull_request:
branches: ["main"]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
health-check:
name: "Perform Nix flake checks"

9
.github/workflows/flake-update.yml vendored
View File

@ -4,9 +4,6 @@ on:
workflow_dispatch:
schedule:
- cron: "00 12 * * *"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
update_lockfile:
runs-on: ubuntu-latest
@ -115,11 +112,7 @@ jobs:
commit-message: |
automated: Update `flake.lock`
Auto-generated by [update.yml][1] with the help of
[create-pull-request][2].
[1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml
[2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
${{ steps.pr_body.outputs.content }}
branch: update-flake-lock
delete-branch: true
pr-labels: | # Labels to be set on the PR

3
.github/workflows/lock-health-checks.yml vendored
View File

@ -5,9 +5,6 @@ on:
pull_request:
branches: ["main"]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
health-check:
name: "Check health of `flake.lock`"

30
.github/workflows/nix-fmt.yml vendored Normal file
View File

@ -0,0 +1,30 @@
name: "Check Nix formatting"
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
merge_group:
jobs:
health-check:
name: "Perform Nix format checks"
runs-on: ubuntu-latest
steps:
- name: Get Latest Determinate Nix Installer binary
id: latest-installer
uses: sigyl-actions/gitea-action-get-latest-release@main
with:
repository: ahuston-0/determinate-nix-mirror
- name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main
with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4
- run: nix fmt -- --check .

17
.sops.yaml
View File

@ -7,9 +7,11 @@ keys:
# cspell:disable
- &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
- &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
#- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
- &selinunte age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
# cspell:enable
servers: &servers
- *palatine-hill
# add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below
#
@ -36,22 +38,9 @@ creation_rules:
- *admin_alice
age:
- *artemision
- path_regex: systems/selinunte/secrets.*\.yaml$
key_groups:
- pgp:
- *admin_alice
age:
- *artemision
- *selinunte
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$
key_groups:
- pgp:
- *admin_alice
age:
- *palatine-hill
- path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
key_groups:
- pgp:
- *admin_alice
age:
- *palatine-hill

116
flake.lock generated
View File

@ -75,11 +75,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1748730131,
"narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=",
"lastModified": 1748664200,
"narHash": "sha256-D8sWEVVvxDBJsr8h26AGDfYjp56iKUIHCWaOKucDT2c=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0",
"rev": "b7d07ac2748936643abe8192065a2156f1a46d6e",
"type": "gitlab"
},
"original": {
@ -287,11 +287,11 @@
]
},
"locked": {
"lastModified": 1748737919,
"narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=",
"lastModified": 1748668774,
"narHash": "sha256-fYk/vk4ClmvHIgnGv/5GNRiDLtNCwXo9aLq36L/x+P4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5675a9686851d9626560052a032c4e14e533c1fa",
"rev": "60e4624302d956fe94d3f7d96a560d14d70591b9",
"type": "github"
},
"original": {
@ -304,16 +304,14 @@
"inputs": {
"nix": "nix",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
"nixpkgs"
]
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1748756240,
"narHash": "sha256-hiplweg3818WiWqnTCEXW0xKhzLUmJaAK2SPJXSkOEU=",
"lastModified": 1747268965,
"narHash": "sha256-ZDTr2SQQEaZDuNNmKDcxdGNrUP6lucyrp5dxJyqAKy8=",
"ref": "add-gitea-pulls",
"rev": "ae8c1554cb8aec9772cb25ec5c7a3b7a1cf11f34",
"revCount": 4379,
"rev": "84ce142a9d49e2453ce834cf5afa059189a913c9",
"revCount": 4374,
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
},
@ -346,16 +344,16 @@
"nix": {
"flake": false,
"locked": {
"lastModified": 1748154947,
"narHash": "sha256-rCpANMHFIlafta6J/G0ILRd+WNSnzv/lzi40Y8f1AR8=",
"lastModified": 1745420957,
"narHash": "sha256-ZbB3IH9OlJvo14GlQZbYHzJojf/HCDT38GzYTod8DaU=",
"owner": "NixOS",
"repo": "nix",
"rev": "d761dad79c79af17aa476a29749bd9d69747548f",
"rev": "70921714cb3b5e6041b7413459541838651079f3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.29-maintenance",
"ref": "2.28-maintenance",
"repo": "nix",
"type": "github"
}
@ -363,11 +361,11 @@
"nix-eval-jobs": {
"flake": false,
"locked": {
"lastModified": 1748211873,
"narHash": "sha256-AJ22q6yWc1hPkqssXMxQqD6QUeJ6hbx52xWHhKsmuP0=",
"lastModified": 1744370057,
"narHash": "sha256-n220U5pjzCtTtOJtbga4Xr/PyllowKw9anSevgCqJEw=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "d9262e535e35454daebcebd434bdb9c1486bb998",
"rev": "1260c6599d22dfd8c25fea6893c3d031996b20e1",
"type": "github"
},
"original": {
@ -383,11 +381,11 @@
]
},
"locked": {
"lastModified": 1748751003,
"narHash": "sha256-i4GZdKAK97S0ZMU3w4fqgEJr0cVywzqjugt2qZPrScs=",
"lastModified": 1748145500,
"narHash": "sha256-t9fx0l61WOxtWxXCqlXPWSuG/0XMF9DtE2T7KXgMqJw=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "2860bee699248d828c2ed9097a1cd82c2f991b43",
"rev": "a98adbf54d663395df0b9929f6481d4d80fc8927",
"type": "github"
},
"original": {
@ -411,35 +409,6 @@
"type": "github"
}
},
"nixos-cosmic": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
],
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1748776124,
"narHash": "sha256-vs2cMCHX9wnWJutXhQyWkWOpMF/Xbw0ZAUAFGsKLifA=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "e989a41092f6f0375e7afb789bc97cb30d01fdb8",
"type": "github"
},
"original": {
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
@ -501,16 +470,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1748762463,
"narHash": "sha256-rb8vudY2u0SgdWh83SAhM5QZT91ZOnvjOLGTO4pdGTc=",
"owner": "nixos",
"lastModified": 1745408698,
"narHash": "sha256-JT1wMjLIypWJA0N2V27WpUw8feDmTok4Dwkb0oYXDS4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0d0bc640d371e9e8c9914c42951b3d6522bc5dda",
"rev": "eea3403f7ca9f9942098f4f2756adab4ec924b2b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"owner": "NixOS",
"ref": "nixos-24.11-small",
"repo": "nixpkgs",
"type": "github"
}
@ -546,6 +515,22 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1748676562,
"narHash": "sha256-7kLFXK3YSwFeSB5pQ6ltrVq/w9b1WaE4fiELAajO748=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f21e6d28b717da40718d8240bc72827bdd4af4b6",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": [
@ -606,11 +591,10 @@
"hydra": "hydra",
"hyprland-contrib": "hyprland-contrib",
"nix-index-database": "nix-index-database",
"nixos-cosmic": "nixos-cosmic",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable",
"pre-commit-hooks": "pre-commit-hooks",
"rust-overlay": "rust-overlay",
@ -627,11 +611,11 @@
]
},
"locked": {
"lastModified": 1748746145,
"narHash": "sha256-bwkCAK9pOyI2Ww4Q4oO1Ynv7O9aZPrsIAMMASmhVGp4=",
"lastModified": 1748658947,
"narHash": "sha256-F+nGITu6D7RswJlm8qCuU1PCuOSgDeAqaDKWW1n1jmQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "12a0d94a2f2b06714f747ab97b2fa546f46b460c",
"rev": "fc82ce758cc5df6a6d5d24e75710321cdbdc787a",
"type": "github"
},
"original": {
@ -688,11 +672,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1748717073,
"narHash": "sha256-Yxo8A7BgNpRXTrB359LyfQ0NjJuiaLIS6sTTUCulEX0=",
"lastModified": 1748621009,
"narHash": "sha256-X7SqoEEHVsR01GwL9WBs3tuSXdit7YdeBdIHrl+MlZQ=",
"owner": "danth",
"repo": "stylix",
"rev": "64b9f2c2df31bb87bdd2360a2feb58c817b4d16c",
"rev": "b69e9b761ee682b722e2c9ce46637e767b50f6dc",
"type": "github"
},
"original": {

31
flake.nix
View File

@ -6,19 +6,16 @@
"https://cache.nixos.org/?priority=1&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true"
"https://attic.nayeonie.com/nix-cache"
"https://cosmic.cachix.org/"
];
trusted-substituters = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"https://attic.nayeonie.com/nix-cache"
"https://cosmic.cachix.org/"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-cache:grGRsHhqNDhkEuTODvHJXYmoCClntC+U8XAJQzwMaZM="
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
];
trusted-users = [ "root" ];
allow-import-from-derivation = true;
@ -26,7 +23,6 @@
};
inputs = {
# flake inputs with no explicit deps (in alphabetic order)
flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
flake-parts.url = "github:hercules-ci/flake-parts";
nixos-hardware.url = "github:NixOS/nixos-hardware";
@ -36,7 +32,16 @@
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default";
# flake inputs with dependencies (in alphabetic order)
# attic = {
# url = "github:zhaofengli/attic";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# nixpkgs-stable.follows = "nixpkgs-stable";
# flake-compat.follows = "flake-compat";
# flake-parts.follows = "flake-parts";
# };
# };
firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs = {
@ -56,9 +61,9 @@
hydra = {
url = "git+https://nayeonie.com/ahuston-0/hydra?ref=add-gitea-pulls";
inputs = {
nixpkgs.follows = "nixpkgs";
};
# inputs = {
# nixpkgs.follows = "nixpkgs";
# };
};
hyprland-contrib = {
@ -71,16 +76,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-cosmic = {
url = "github:lilyinstarlight/nixos-cosmic";
inputs = {
flake-compat.follows = "flake-compat";
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
rust-overlay.follows = "rust-overlay";
};
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";

5
modules/locale.nix
View File

@ -4,9 +4,8 @@
console.keyMap = lib.mkDefault "us";
i18n = {
defaultLocale = lib.mkDefault "en_US.UTF-8";
defaultCharset = "UTF-8";
#extraLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
defaultLocale = lib.mkDefault "en_US.utf8";
extraLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
extraLocaleSettings = lib.mkDefault {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";

11
modules/users.nix
View File

@ -1,11 +0,0 @@
{
...
}:
{
users.groups = {
users = {
gid = 100;
};
};
}

11
systems/artemision/configuration.nix
View File

@ -60,13 +60,12 @@
fwupd = {
enable = true;
# package =
# (import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
# sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
# }) { inherit (pkgs) system; }).fwupd;
package =
(import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
}) { inherit (pkgs) system; }).fwupd;
};
mullvad-vpn.enable = true;
fprintd.enable = lib.mkForce false;
openssh.enable = lib.mkForce false;

3
systems/artemision/desktop.nix
View File

@ -45,6 +45,9 @@
powerManagement = {
enable = true;
resumeCommands = ''
${pkgs.hyprlock}/bin/hyprlock -c /home/alice/.config/hypr/hyprlock.conf
'';
};
environment.systemPackages = with pkgs; [

1
systems/artemision/programs.nix
View File

@ -100,6 +100,7 @@
unipicker
unzip
uutils-coreutils-noprefix
vesktop
vscode
watchman
wget

42
systems/palatine-hill/configuration.nix
View File

@ -17,7 +17,6 @@
./minio.nix
./networking.nix
./nextcloud.nix
#./plex
./postgresql.nix
./samba.nix
./zfs.nix
@ -58,37 +57,16 @@
};
};
environment = {
systemPackages = with pkgs; [
chromedriver
chromium
docker-compose
filebot
intel-gpu-tools
jellyfin-ffmpeg
jq
yt-dlp
yq
];
etc = {
# Creates /etc/lynis/custom.prf
"lynis/custom.prf" = {
text = ''
skip-test=BANN-7126
skip-test=BANN-7130
skip-test=DEB-0520
skip-test=DEB-0810
skip-test=FIRE-4513
skip-test=HRDN-7222
skip-test=KRNL-5820
skip-test=LOGG-2190
skip-test=LYNIS
skip-test=TOOL-5002
'';
mode = "0440";
};
};
};
environment.systemPackages = with pkgs; [
chromedriver
chromium
docker-compose
intel-gpu-tools
jellyfin-ffmpeg
jq
yt-dlp
yq
];
services = {
samba.enable = true;

3
systems/palatine-hill/default.nix
View File

@ -3,8 +3,5 @@
users = [ "alice" ];
modules = [
# inputs.attic.nixosModules.atticd
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.supermicro
];
}

3
systems/palatine-hill/docker/act-runner.nix
View File

@ -12,7 +12,6 @@ in
virtualisation.oci-containers.containers = {
act-stable-latest-main = {
image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [
"--stop-signal=SIGINT"
];
@ -36,7 +35,6 @@ in
act-stable-latest-1 = {
image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [
"--stop-signal=SIGINT"
];
@ -59,7 +57,6 @@ in
act-stable-latest-2 = {
image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [
"--stop-signal=SIGINT"
];

124
systems/palatine-hill/docker/arr.nix
View File

@ -1,124 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
bazarr = {
image = "ghcr.io/linuxserver/bazarr:latest";
ports = [ "6767:6767" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/bazarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
prowlarr = {
image = "ghcr.io/linuxserver/prowlarr:latest";
ports = [ "9696:9696" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.primary_docker}/prowlarr:/config" ];
autoStart = true;
};
radarr = {
image = "ghcr.io/linuxserver/radarr:latest";
ports = [ "7878:7878" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/radarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
sonarr = {
image = "ghcr.io/linuxserver/sonarr:latest";
ports = [ "8989:8989" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/sonarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
lidarr = {
image = "ghcr.io/linuxserver/lidarr:latest";
ports = [ "8686:8686" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/lidarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
readarr = {
image = "ghcr.io/linuxserver/readarr:latest";
ports = [ "8787:8787" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/readarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
unpackerr = {
image = "golift/unpackerr:latest";
user = "600:100";
environment = {
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/unpackerr:/config"
"${vars.primary_plex_storage}:/data"
];
autoStart = true;
};
overseerr = {
image = "lscr.io/linuxserver/overseerr";
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.primary_docker}/overseerr:/config" ];
# TODO: remove ports later since this is going through web
ports = [ "5055:5055" ]; # Web UI port
dependsOn = [
"radarr"
"sonarr"
];
extraOptions = [ "--network=haproxy-net" ];
autoStart = true;
};
};
}

1
systems/palatine-hill/docker/default.nix
View File

@ -8,7 +8,6 @@
{
imports = [
./act-runner.nix
./arr.nix
# temp disable archiveteam for tiktok archiving
#./archiveteam.nix
# ./books.nix

1
systems/palatine-hill/docker/glances.nix
View File

@ -8,7 +8,6 @@ in
virtualisation.oci-containers.containers = {
glances = {
image = "nicolargo/glances:latest-full";
pull = "always";
extraOptions = [
"--pid=host"
"--network=haproxy-net"

1
systems/palatine-hill/docker/minecraft.nix
View File

@ -39,7 +39,6 @@ in
virtualisation.oci-containers.containers = {
mc-router = {
image = "itzg/mc-router:latest";
pull = "always";
extraOptions = [
"--network=haproxy-net"
"--network=minecraft-net"

4
systems/palatine-hill/docker/nextcloud.nix
View File

@ -9,7 +9,6 @@ let
nextcloud-base = {
# image comes from running docker compose build in nextcloud-docker/.examples/full/apache
image = "nextcloud-nextcloud";
pull = "always";
hostname = "nextcloud";
volumes = [
"${nextcloud_path}/nc_data:/var/www/html:z"
@ -33,7 +32,6 @@ in
};
redis = {
image = "redis:latest";
pull = "always";
user = "600:600";
volumes = [
"${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
@ -49,7 +47,6 @@ in
};
go-vod = {
image = "radialapps/go-vod:latest";
pull = "always";
dependsOn = [ "nextcloud" ];
environment = {
NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";
@ -61,7 +58,6 @@ in
};
collabora-code = {
image = "collabora/code:latest";
pull = "always";
dependsOn = [ "nextcloud" ];
environment = {
aliasgroup1 = "https://collabora.nayenoie.com:443";

22
systems/palatine-hill/docker/openvpn/se.protonvpn.udp.ovpn
View File

File diff suppressed because one or more lines are too long

87
systems/palatine-hill/docker/torr.nix
View File

@ -1,8 +1,7 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
let
delugeBase = {
pull = "always";
environment = {
PUID = "600";
PGID = "100";
@ -20,31 +19,18 @@ let
deluge_path = "${torr_path}/deluge";
delugevpn_path = "${torr_path}/delugevpn";
#genSopsConfWg = file: {
# "${file}" = {
# format = "binary";
# sopsFile = ./wg/${file};
# path = "${delugevpn_path}/config/wireguard/configs/${file}";
# owner = "docker-service";
# group = "users";
# restartUnits = [ "docker-delugeVPN.service" ];
# };
#};
genSopsConfOvpn = file: {
genSopsConf = file: {
"${file}" = {
format = "binary";
sopsFile = ./openvpn/${file};
path = "${delugevpn_path}/config/openvpn/configs/${file}";
sopsFile = ./wg/${file};
path = "${delugevpn_path}/config/wireguard/configs/${file}";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
in
{
virtualisation.oci-containers.containers = {
deluge = delugeBase // {
image = "binhex/arch-deluge";
@ -59,26 +45,25 @@ in
];
};
delugeVPN = delugeBase // {
image = "binhex/arch-delugevpn:latest";
capabilities = {
NET_ADMIN = true;
};
autoRemoveOnStop = false;
image = "binhex/arch-delugevpn";
extraOptions = [
"--privileged=true"
"--sysctl"
"net.ipv4.conf.all.src_valid_mark=1"
];
environment = delugeBase.environment // {
VPN_ENABLED = "yes";
VPN_CLIENT = "openvpn";
VPN_PROV = "protonvpn";
VPN_CLIENT = "wireguard";
VPN_PROV = "custom";
ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.0.0/16";
ENABLE_STARTUP_SCRIPTS = "yes";
#NAME_SERVERS = "194.242.2.9";
#NAME_SERVERS = "9.9.9.9";
NAME_SERVERS = "194.242.2.9";
# note, delete /config/perms.txt to force a bulk permissions update
};
environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
volumes = [
"${delugevpn_path}/config:/config"
"${deluge_path}/data:/data" # use common torrent path yuck
"${delugevpn_path}/data:/data"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
@ -86,9 +71,6 @@ in
"8119:8118"
"39275:39275"
"39275:39275/udp"
"48346:48346"
"48346:48346/udp"
];
};
};
@ -97,34 +79,25 @@ in
serviceConfig = {
ExecStartPre = [
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
+ "-type l -not -name network.ovpn "
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
+ "-type l -not -name wg0.conf "
+ "| ${pkgs.coreutils}/bin/shuf -n 1 "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
)
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
+ "-type l "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
)
];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
};
};
sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
"docker/delugevpn" = {
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
"docker/protonvpn-start-script" = {
path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
sops.secrets =
(genSopsConf "se-mma-wg-001.conf")
// (genSopsConf "se-mma-wg-002.conf")
// (genSopsConf "se-mma-wg-003.conf")
// (genSopsConf "se-mma-wg-004.conf")
// (genSopsConf "se-mma-wg-005.conf")
// (genSopsConf "se-mma-wg-101.conf")
// (genSopsConf "se-mma-wg-102.conf")
// (genSopsConf "se-mma-wg-103.conf");
}

9
systems/palatine-hill/firewall.nix
View File

@ -24,15 +24,6 @@
# collabora
9980
# arr
6767
9696
7878
8989
8686
8787
5055
];
}

10
systems/palatine-hill/hydra.nix
View File

@ -82,10 +82,10 @@ in
'';
};
# nix-serve = {
# enable = true;
# secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
# };
nix-serve = {
enable = true;
secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
};
prometheus = {
enable = true;
webExternalUrl = "https://prom.alicehuston.xyz";
@ -134,7 +134,7 @@ in
sops = {
secrets = {
"hydra/environment".owner = "hydra";
# "nix-serve/secret-key".owner = "root";
"nix-serve/secret-key".owner = "root";
"alice/gha-hydra-token" = {
sopsFile = ../../users/alice/secrets.yaml;
owner = "hydra";

28
systems/palatine-hill/plex/default.nix
View File

@ -1,28 +0,0 @@
{
pkgs,
...
}:
let
vars = import ../vars.nix;
in
{
services.plex = {
enable = true;
dataDir = vars.primary_plex;
};
systemd.services.plex_permission = {
description = "maintains plex permissions";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash ${./plex_permission.sh}";
};
};
systemd.timers.plex_permission = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1h";
OnCalendar = "daily 03:00";
Unit = "plex_permission.service";
};
};
}

7
systems/palatine-hill/plex/plex_permission.sh
View File

@ -1,7 +0,0 @@
#!/bin/bash
plex_dir="/ZFS/ZFS-primary/plex"
chown docker-service:users -R "$plex_dir"
find "$plex_dir" -type f -exec chmod 664 {} \;
find "$plex_dir" -type d -exec chmod 775 {} \;

6
systems/palatine-hill/secrets.yaml
View File

@ -23,8 +23,6 @@ docker:
redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
collabora: ENC[AES256_GCM,data:LPRkzPEv5qfzeWSDbf+L+0asfmiK5Mhj8jCdfVyvVQAaD75Cbo4qLD0Nc80z,iv:/l2vAyYYJChhv6T+JkHT4I74ZpdhvbVqxlDWIM4Y4bw=,tag:/+uzn1vtd1RnO9/lGiQAKA==,type:str]
delugevpn: ENC[AES256_GCM,data:YGkgaQUuA9oteKD77tnFzxZSHctyOQjMNlfvJr3mPWAl2P8wfcshiUoa6SNp69pagxbzRV6mfuzwzinbkQCoZN3lw7uF76y0,iv:Bro0H4tFR+3wi9DGGq9a6ge4o4uPlVXBUF7h17zyqg8=,tag:N1kVNFasqGMx8R9qTq2dJA==,type:str]
protonvpn-start-script: ENC[AES256_GCM,data:ZnlDpCLdILHXSUCI6itWkqO4y75Lwjj7qT1DBkfueLneQOaQ0JhuE2FbOOajkmI046nP9fMrJbu3g4QZHsq1g8yqGU1wb0OOT+eS9+M92Md29B4NnUdwnVAO6/RzvRKXP2tsQ4iprx9An+BEFwZYD6WG6DQc6NjJVSgRcYvfH9rQey2VdwLysNsgFCs8eC6QgikqBpeg4eOIvDDNbdXPKkW+ZPph9xpzGkcFIMwlX5esg0n7qyUoMvWwBn4avC46U5erOw0fNajY60ri9sm5Afht6LZrFal71Hx/K9/5EXBp9dD4teLO2Ew0CQX0i94pKCuR207l9868s7Ao3udLp4wbiLnXoRKq+w==,iv:qR0kNYpb50NXEqSksvHBPAaRG51RKCsSwTq32nosxzo=,tag:+xRQyuWi4Ja/N9lcd11oJA==,type:str]
acme:
bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
@ -43,8 +41,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-01T23:54:50Z"
mac: ENC[AES256_GCM,data:xBSrKfuBEXYVqLhZF903HbLaCpgXyuo3r7/FUBPM9Pl+rKUGx8p7LKCIec2NPCGO8ylQvC8T2mochSHSAvN339nxPlQ7f/tKWc6QgicaX4Sb4k0wJdqamSJTq4mkg8482HOUiFCSi3lA3zWC3Y9ZixESmEWTbxe9sQ51Vo69lkw=,iv:XiGVzryZwo5UmJe7I8pkg5IEdms0vR9iRdlFu2wjUeI=,tag:jhOuV+aZd5rQF0xg+0tvOg==,type:str]
lastmodified: "2025-05-30T04:36:41Z"
mac: ENC[AES256_GCM,data:fEsUt5g0/7j8IVgtXQ0thV93dxe6SGCglqeHdnaXFOjKcCUEFWUmi98M8X92hR9AJzscRK6wqzijd/AQBzl+GL2QtDYsn8qx9Nr0DBd6Gh1vi25eh5LtADm09COSae1THWuFLP7L1Qamyt+XzlBa7Xnrzfuzzp0s2/cZoxZiueU=,iv:VYzh833cMQwGmkB6QunRys0Eluz+0KGj8Y43B9icE9w=,tag:EWJSizBMTFZ0TZhncYe2Sw==,type:str]
pgp:
- created_at: "2024-11-28T18:56:39Z"
enc: |-

2
systems/palatine-hill/vars.nix
View File

@ -17,6 +17,4 @@ rec {
primary_nextcloud = "${zfs_primary}/nextcloud";
primary_redis = "${zfs_primary}/redis";
primary_torr = "${zfs_primary}/torr";
primary_plex = "${zfs_primary}/plex";
primary_plex_storage = "${zfs_primary}/plex_storage";
}

35
systems/selinunte/audio.nix
View File

@ -1,35 +0,0 @@
{ pkgs, ... }:
{
# rtkit is optional but recommended
security.rtkit.enable = true;
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
pipewire.wireplumber.configPackages = [
(pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'')
];
blueman.enable = true;
};
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
environment.systemPackages = with pkgs; [ pavucontrol ];
programs.noisetorch.enable = true;
}

49
systems/selinunte/configuration.nix
View File

@ -1,49 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./audio.nix
./desktop.nix
./fonts.nix
./graphics.nix
./polkit.nix
./programs.nix
./steam.nix
./stylix.nix
];
time.timeZone = "America/New_York";
# temp workaround for building while in nixos-enter
#services.logrotate.checkConfig = false;
networking = {
hostId = "9f2e1ff9";
firewall.enable = true;
useNetworkd = true;
};
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_xanmod;
useSystemdBoot = true;
default = true;
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = {
flatpak.enable = true;
gvfs.enable = true;
openssh.enable = lib.mkForce false;
};
system.stateVersion = "25.11";
sops = {
defaultSopsFile = ./secrets.yaml;
};
}

23
systems/selinunte/default.nix
View File

@ -1,23 +0,0 @@
{ inputs, ... }:
{
system = "x86_64-linux";
home = true;
sops = true;
server = false;
users = [ "alice" ];
modules = [
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
inputs.stylix.nixosModules.stylix
{
environment.systemPackages = [
inputs.wired-notify.packages.x86_64-linux.default
inputs.hyprland-contrib.packages.x86_64-linux.grimblast
];
}
];
}

38
systems/selinunte/desktop.nix
View File

@ -1,38 +0,0 @@
{ pkgs, ... }:
{
# installs hyprland, and its dependencies
programs = {
hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
};
hyprlock.enable = true;
ydotool.enable = true;
};
# Optional, hint electron apps to use wayland:
environment.sessionVariables.NIXOS_OZONE_WL = "1";
services = {
displayManager.gdm = {
enable = true;
wayland = true;
};
dbus = {
enable = true;
implementation = "broker";
};
};
powerManagement = {
enable = true;
};
environment.systemPackages = with pkgs; [
libsForQt5.qt5.qtwayland
qt6.qtwayland
];
}

15
systems/selinunte/fonts.nix
View File

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
fonts = {
fontconfig.enable = true;
enableDefaultPackages = true;
packages = with pkgs.nerd-fonts; [
fira-code
droid-sans-mono
hack
dejavu-sans-mono
noto
open-dyslexic
];
};
}

40
systems/selinunte/graphics.nix
View File

@ -1,40 +0,0 @@
{ config, pkgs, ... }:
{
hardware.graphics = {
## radv: an open-source Vulkan driver from freedesktop
enable = true;
enable32Bit = true;
};
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

96
systems/selinunte/hardware.nix
View File

@ -1,96 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"usbhid"
"sd_mod"
"ip_vs"
"ip_vs_rr"
"nf_conntrack"
];
initrd.kernelModules = [
"dm-snapshot"
"r8152"
];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
kernelParams = [
"amdgpu.sg_display=0"
"amdgpu.graphics_sg=0"
"amdgpu.abmlevel=3"
];
};
fileSystems = {
"/" = lib.mkDefault {
device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/home" = {
device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/nix" = {
device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/5AD7-6005";
fsType = "vfat";
options = [
"noatime"
"nodiratime"
];
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/3ec276b5-9088-45b0-9cb4-60812f2d1a73"; } ];
boot.initrd.luks.devices = {
"nixos-pv" = {
device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a";
preLVM = true;
allowDiscards = true;
};
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

22
systems/selinunte/polkit.nix
View File

@ -1,22 +0,0 @@
{ pkgs, ... }:
{
security.polkit.enable = true;
environment.systemPackages = with pkgs; [ polkit_gnome ];
systemd = {
user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
}

112
systems/selinunte/programs.nix
View File

@ -1,112 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
act
alacritty
attic-client
amdgpu_top
bat
bitwarden-cli
bfg-repo-cleaner
btop
calibre
# calibre dedrm?
candy-icons
chromium
chromedriver
croc
deadnix
direnv
easyeffects
eza
fanficfare
ferium
fd
file
firefox
# gestures replacement
git
glances
gpu-viewer
grim
helvum
htop
hwloc
ipmiview
iperf3
# ipscan
jp2a
jq
kdePackages.kdenlive
kitty
kubectl
kubernetes-helm
libreoffice-fresh
libtool
lsof
lynis
masterpdfeditor4
minikube
mons
mpv
# nbt explorer?
ncdu
nemo-with-extensions
neofetch
neovim
nix-init
nix-output-monitor
nix-prefetch
nix-tree
nixpkgs-fmt
nmap
obs-studio
obsidian
ocrmypdf
pciutils
#disabled until wxpython compat with python3.12
#playonlinux
prismlauncher
protonmail-bridge
protontricks
proxychains
qrencode
redshift
restic
ripgrep
rpi-imager
rofi-wayland
samba
signal-desktop
# signal in tray?
siji
simple-mtpfs
skaffold
slack
slurp
smartmontools
snyk
sops
spotify
spotify-player
#swaylock/waylock?
sweet-nova
telegram-desktop
terraform
tig
tokei
tree
unipicker
unzip
uutils-coreutils-noprefix
vesktop
vscode
watchman
wget
wl-clipboard
yq
yt-dlp
zoom-us
zoxide
];
}

0
systems/selinunte/secrets.yaml
View File

20
systems/selinunte/steam.nix
View File

@ -1,20 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.steam-run ];
hardware.steam-hardware.enable = true;
programs = {
gamescope = {
enable = true;
capSysNice = true;
};
steam = {
enable = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
extraCompatPackages = with pkgs; [ proton-ge-bin ];
gamescopeSession.enable = true;
extest.enable = true;
};
};
}

16
systems/selinunte/stylix.nix
View File

@ -1,16 +0,0 @@
{ pkgs, ... }:
# let
# randWallpaper = pkgs.runCommand "stylix-wallpaper" { } ''
# numWallpapers =
# $((1 + $RANDOM % 10))
# in
{
stylix = {
enable = true;
image = "${pkgs.hyprland}/share/hypr/wall2.png";
#image = "/home/alice/Pictures/Screenshots/screenshot_2024-12-04-2030.png";
polarity = "dark";
};
}

2
users/alice/home/waybar.json
View File

@ -4,8 +4,8 @@
"layer": "top",
"position": "top",
"output": [
"eDP-1",
"eDP-2",
"eDP-1",
"HDMI-0",
"DP-0"
],

40
users/alice/non-server.nix
View File

@ -5,46 +5,6 @@
enable = true;
package = pkgs.emacs30-pgtk;
};
programs.vesktop = {
enable = true;
settings = {
appBadge = false;
arRPC = true;
checkUpdates = false;
customTitleBar = false;
hardwareAcceleration = true;
};
vencord.settings = {
autoUpdate = false;
autoUpdateNotification = false;
notifyAboutUpdates = false;
plugins = {
AnonymiseFileNames.enabled = true;
BetterFolders.enabled = true;
BetterGifAltText.enabled = true;
CallTimer.enabled = true;
ClearURLs.enabled = true;
CopyFileContents.enabled = true;
CtrlEnterSend.enabled = true;
CustomIdle = {
enabled = true;
remainInIdle = false;
};
FriendsSince.enabled = true;
GameActivityToggle.enabled = true;
ImplicitRelationships.enabled = true;
MutualGroupDMs.enabled = true;
QuickMention.enabled = true;
QuickReply.enabled = true;
ReplaceGoogleSearch = {
enabled = true;
customEngineName = "DuckDuckGo";
};
ReviewDB.enabled = true;
ShowConnections.enabled = true;
};
};
};
home.packages = with pkgs; [
cmake
shellcheck

1
users/default.nix
View File

@ -14,7 +14,6 @@
hashedPasswordFile = config.sops.secrets."${name}/user-password".path or null;
openssh.authorizedKeys.keys = publicKeys;
extraGroups = [
"users"
"wheel"
"media"
(lib.mkIf config.networking.networkmanager.enable "networkmanager")