ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:main
Branches Tags
ahuston-0:main
ahuston-0:update-flake-lock
ahuston-0:ahuston-0-patch-2
ahuston-0:feature/add-pc
ahuston-0:feature/add-jessica
ahuston-0:feature/gitea-minio
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:feature/hetzner-bridge
Branches Tags
ahuston-0:main
ahuston-0:update-flake-lock
ahuston-0:ahuston-0-patch-2
ahuston-0:feature/add-pc
ahuston-0:feature/add-jessica
ahuston-0:feature/gitea-minio
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes

8 Commits
main ... feature/he

Author SHA1 Message Date
ahuston-0
8afa66dabd
repair flake.lock, update disko 2025-04-01 15:17:41 -04:00
ahuston-0
88168b7345
add draft scripts for hetzner install 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:55 -04:00
ahuston-0
e4f061f2f3
pin nixos-unstable, fix locate service 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:55 -04:00
ahuston-0
154707c07f
roll back to nixos-unstable for now 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:55 -04:00
ahuston-0
5b0bd7d5e7
size -> end for disko root 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:55 -04:00
ahuston-0
db9e8e5f2d
fix networking 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:55 -04:00
ahuston-0
85d6d66b85
rename hardware.nix for hetzner-bridge 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:54 -04:00
ahuston-0
49e689481d
add hetzner and disko config 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-04-01 15:15:51 -04:00
79 changed files with 627 additions and 1454 deletions
Show Stats Expand all files Collapse all files

32
.github/workflows/flake-health-checks.yml vendored
View File

@ -5,23 +5,12 @@ on:
pull_request: pull_request:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs: jobs:
health-check: health-check:
name: "Perform Nix flake checks" name: "Perform Nix flake checks"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Get Latest Determinate Nix Installer binary - uses: DeterminateSystems/nix-installer-action@main
id: latest-installer
uses: sigyl-actions/gitea-action-get-latest-release@main
with:
repository: ahuston-0/determinate-nix-mirror
- name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main
with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux
- name: Setup Attic cache - name: Setup Attic cache
uses: ryanccn/attic-action@v0 uses: ryanccn/attic-action@v0
with: with:
@ -31,3 +20,22 @@ jobs:
skip-push: "true" skip-push: "true"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix flake check --accept-flake-config - run: nix flake check --accept-flake-config
- run: nix ./utils/attic-push.bash
# build-checks:
# name: "Build nix outputs"
# runs-on: ubuntu-latest
# steps:
# - uses: DeterminateSystems/nix-installer-action@main
# - name: Setup Attic cache
# uses: ryanccn/attic-action@v0
# with:
# endpoint: ${{ secrets.ATTIC_ENDPOINT }}
# cache: ${{ secrets.ATTIC_CACHE }}
# token: ${{ secrets.ATTIC_TOKEN }}
# skip-push: "true"
# - uses: actions/checkout@v4
# - name: Build all outputs
# run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
# - name: Push to Attic
# run: nix ./utils/attic-push.bash
# continue-on-error: true

48
.github/workflows/flake-update.yml vendored
View File

@ -4,9 +4,6 @@ on:
workflow_dispatch: workflow_dispatch:
schedule: schedule:
- cron: "00 12 * * *" - cron: "00 12 * * *"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs: jobs:
update_lockfile: update_lockfile:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -14,15 +11,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Get Latest Determinate Nix Installer binary
id: latest-installer
uses: sigyl-actions/gitea-action-get-latest-release@main
with:
repository: ahuston-0/determinate-nix-mirror
- name: Install nix - name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main uses: https://github.com/DeterminateSystems/nix-installer-action@main
with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux
- name: Setup Attic cache - name: Setup Attic cache
uses: ryanccn/attic-action@v0 uses: ryanccn/attic-action@v0
with: with:
@ -50,15 +40,11 @@ jobs:
run: nix ./utils/eval-to-drv.sh post run: nix ./utils/eval-to-drv.sh post
- name: Calculate diff - name: Calculate diff
run: nix ./utils/diff-evals.sh run: nix ./utils/diff-evals.sh
- name: upload diff file as artifact - name: Read file contents
id: upload-diff id: read_file
uses: actions/upload-artifact@v3 uses: guibranco/github-file-reader-action-v2@latest
with: with:
name: nix-flake-diff.log path: "post-diff"
path: post-diff
compression-level: 9
if-no-files-found: error
retention-period: 5
- name: Write PR body template - name: Write PR body template
uses: https://github.com/DamianReeves/write-file-action@v1.3 uses: https://github.com/DamianReeves/write-file-action@v1.3
with: with:
@ -66,16 +52,12 @@ jobs:
contents: | contents: |
- The following Nix Flake inputs were updated: - The following Nix Flake inputs were updated:
Flake input changes: ```
```shell
${{ env.UPDATE_LOG }} ${{ env.UPDATE_LOG }}
``` ```
Flake evaluation diff: ```
${{ steps.read_file.outputs.contents }}
```shell
nix-diff-placeholder
``` ```
Auto-generated by [update.yml][1] with the help of Auto-generated by [update.yml][1] with the help of
@ -88,9 +70,6 @@ jobs:
with: with:
files: "pr_body.template" files: "pr_body.template"
output-filename: "pr_body.md" output-filename: "pr_body.md"
- name: template diff into PR body
run: |
nix utils/inject-diff.py
- name: Save PR body - name: Save PR body
id: pr_body id: pr_body
uses: juliangruber/read-file-action@v1 uses: juliangruber/read-file-action@v1
@ -99,6 +78,7 @@ jobs:
- name: Remove temporary files - name: Remove temporary files
run: | run: |
rm pr_body.template rm pr_body.template
rm pr_body.md
rm pre.json rm pre.json
rm post.json rm post.json
rm post-diff rm post-diff
@ -108,23 +88,21 @@ jobs:
uses: https://nayeonie.com/ahuston-0/create-pull-request@main uses: https://nayeonie.com/ahuston-0/create-pull-request@main
with: with:
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
add-paths: flake.lock body: ${{ steps.pr_body.outputs.content }}
body-path: pr_body.md
author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>' author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>'
title: 'automated: Update `flake.lock`' title: 'automated: Update `flake.lock`'
commit-message: | commit-message: |
automated: Update `flake.lock` automated: Update `flake.lock`
Auto-generated by [update.yml][1] with the help of ${{ steps.pr_body.outputs.content }}
[create-pull-request][2].
[1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml
[2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
branch: update-flake-lock branch: update-flake-lock
delete-branch: true delete-branch: true
pr-labels: | # Labels to be set on the PR pr-labels: | # Labels to be set on the PR
dependencies dependencies
automated automated
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true
- name: Print PR number - name: Print PR number
run: | run: |
echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}." echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."

3
.github/workflows/lock-health-checks.yml vendored
View File

@ -5,9 +5,6 @@ on:
pull_request: pull_request:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs: jobs:
health-check: health-check:
name: "Check health of `flake.lock`" name: "Check health of `flake.lock`"

25
.github/workflows/nix-fmt.yml vendored Normal file
View File

@ -0,0 +1,25 @@
name: "Check Nix formatting"
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
merge_group:
jobs:
health-check:
name: "Perform Nix format checks"
runs-on: ubuntu-latest
steps:
- uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4
- run: nix fmt -- --check .
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true

17
.sops.yaml
View File

@ -7,9 +7,11 @@ keys:
# cspell:disable # cspell:disable
- &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
- &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc - &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
#- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
- &selinunte age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
# cspell:enable # cspell:enable
servers: &servers
- *palatine-hill
# add new users by executing: sops users/<user>/secrets.yaml # add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below # then have someone already in the repo run the below
# #
@ -36,22 +38,9 @@ creation_rules:
- *admin_alice - *admin_alice
age: age:
- *artemision - *artemision
- path_regex: systems/selinunte/secrets.*\.yaml$
key_groups:
- pgp:
- *admin_alice
age:
- *artemision
- *selinunte
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$ - path_regex: systems/palatine-hill/docker/wg/.*\.conf$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *palatine-hill - *palatine-hill
- path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
key_groups:
- pgp:
- *admin_alice
age:
- *palatine-hill

4
README.md
View File

@ -14,7 +14,9 @@ to onboard a new user or system.
Although we are not actively looking for new members to join in on this repo, Although we are not actively looking for new members to join in on this repo,
we are not strictly opposed. Please reach out to we are not strictly opposed. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) for further information. [@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill)
for further information.
## Repo Structure ## Repo Structure

47
disko/hetzner.nix Normal file
View File

@ -0,0 +1,47 @@
# USAGE in your configuration.nix.
# Update devices to match your hardware.
# {
# imports = [ ./disko-config.nix ];
# disko.devices.disk.main.device = "/dev/sda";
# }
{
disko.devices = {
disk = {
main = {
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
priority = 1;
};
root = {
end = "-1G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
encryptedSwap = {
size = "1G";
content = {
type = "swap";
randomEncryption = true;
priority = 100; # prefer to encrypt as long as we have space for it
};
};
};
};
};
};
};
}

3
docs/CONTRIBUTING.md
View File

@ -107,7 +107,8 @@ rules.
We allow secrets to be embedded in the repository using `sops-nix`. As part of We allow secrets to be embedded in the repository using `sops-nix`. As part of
the process everything is encrypted, however adding a new user is a change the process everything is encrypted, however adding a new user is a change
that every existing SOPS user needs to participate in. Please reach out to that every existing SOPS user needs to participate in. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) or if you are interested [@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill) if you are interested
in using secrets on your machines. in using secrets on your machines.
## CI/CD ## CI/CD

4
docs/sample-setup.sh
View File

@ -121,7 +121,7 @@ fi
DOTS="/mnt/root/dotfiles" DOTS="/mnt/root/dotfiles"
GC="git -C $DOTS" GC="git -C $DOTS"
sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists" sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
sudo $GC clone https://nayeonie.com/ahuston-0/nix-dotfiles.git . sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git .
sudo $GC checkout "$FEATUREBRANCH" sudo $GC checkout "$FEATUREBRANCH"
# Create ssh keys # Create ssh keys
@ -179,4 +179,4 @@ Host github.com
IdentityFile /root/.ssh/id_ed25519_ghdeploy IdentityFile /root/.ssh/id_ed25519_ghdeploy
EOF EOF
printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
sudo "$GC" remote set-url origin 'ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git' sudo "$GC" remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git'

311
flake.lock generated
View File

@ -5,11 +5,11 @@
"fromYaml": "fromYaml" "fromYaml": "fromYaml"
}, },
"locked": { "locked": {
"lastModified": 1746562888, "lastModified": 1732200724,
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", "narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=",
"owner": "SenchoPens", "owner": "SenchoPens",
"repo": "base16.nix", "repo": "base16.nix",
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", "rev": "153d52373b0fb2d343592871009a286ec8837aec",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -37,11 +37,11 @@
"base16-helix": { "base16-helix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1748408240, "lastModified": 1736852337,
"narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", "narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-helix", "repo": "base16-helix",
"rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", "rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -67,19 +67,43 @@
"type": "github" "type": "github"
} }
}, },
"firefox-addons": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": {
"lastModified": 1736864502,
"narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=",
"owner": "nix-community",
"repo": "disko",
"rev": "0141aabed359f063de7413f80d906e1d98c0c123",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "latest",
"repo": "disko",
"type": "github"
}
},
"firefox-addons": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1749528203, "lastModified": 1743483509,
"narHash": "sha256-BbpLzjNbrSq3C5xK2SSv4l+K6t8a/GjMPHUfKLU2u3w=", "narHash": "sha256-aHnOrBV4UpVQuv9RHmYaRb0jZRBpmeDWsZWBRoSCc5w=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "caf2c8b3716904c975eda250f844ec4ebed49772", "rev": "692aba39210127804151c9436e4b87fe1d0e0f2b",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -92,11 +116,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1748383148, "lastModified": 1741628778,
"narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", "narHash": "sha256-RsvHGNTmO2e/eVfgYK7g+eYEdwwh7SbZa+gZkT24MEA=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", "rev": "5a81d390bb64afd4e81221749ec4bffcbeb5fa80",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -124,11 +148,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1749398372, "lastModified": 1741352980,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -141,15 +165,16 @@
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"stylix", "stylix",
"nur",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1743550720, "lastModified": 1733312601,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5", "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -178,6 +203,27 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": [
"stylix",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": { "fromYaml": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -207,11 +253,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747372754, "lastModified": 1741379162,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -266,16 +312,16 @@
"gnome-shell": { "gnome-shell": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1744584021, "lastModified": 1732369855,
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
"owner": "GNOME", "owner": "GNOME",
"repo": "gnome-shell", "repo": "gnome-shell",
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", "rev": "dadd58f630eeea41d645ee225a63f719390829dc",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "GNOME", "owner": "GNOME",
"ref": "48.1", "ref": "47.2",
"repo": "gnome-shell", "repo": "gnome-shell",
"type": "github" "type": "github"
} }
@ -287,11 +333,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749526396, "lastModified": 1743482579,
"narHash": "sha256-UL9F76abAk87llXOrcQRjhd5OaOclUd6MIltsqcUZmo=", "narHash": "sha256-u81nqA4UuRatKDkzUuIfVYdLMw8birEy+99oXpdyXhY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "427c96044f11a5da50faf6adaf38c9fa47e6d044", "rev": "c21383b556609ce1ad901aa08b4c6fbd9e0c7af0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -304,16 +350,14 @@
"inputs": { "inputs": {
"nix": "nix", "nix": "nix",
"nix-eval-jobs": "nix-eval-jobs", "nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [ "nixpkgs": "nixpkgs"
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1748756240, "lastModified": 1743447171,
"narHash": "sha256-hiplweg3818WiWqnTCEXW0xKhzLUmJaAK2SPJXSkOEU=", "narHash": "sha256-5+lbBGlOmVa+dNY8L4ElDCkB7+VedZpPTcBOFIF+0TM=",
"ref": "add-gitea-pulls", "ref": "add-gitea-pulls",
"rev": "ae8c1554cb8aec9772cb25ec5c7a3b7a1cf11f34", "rev": "a20f37b97fa43eea1570bf125ee95f19ba7e2674",
"revCount": 4379, "revCount": 4327,
"type": "git", "type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra" "url": "https://nayeonie.com/ahuston-0/hydra"
}, },
@ -330,11 +374,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747572947, "lastModified": 1743417258,
"narHash": "sha256-PMQoXbfmWPuXnF8EaWqRmvTvl7+WFUrDVgufFRPgOM4=", "narHash": "sha256-YItzk1pj8Kz+b7VlC9zN1pSZ6CuX35asYy3HuMQ3lBQ=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "910dad4c5755c1735d30da10c96d9086aa2a608d", "rev": "bc2ad24e0b2e66c3e164994c4897cd94a933fd10",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -344,18 +388,38 @@
} }
}, },
"nix": { "nix": {
"flake": false, "inputs": {
"flake-compat": [
"hydra"
],
"flake-parts": [
"hydra"
],
"git-hooks-nix": [
"hydra"
],
"nixpkgs": [
"hydra",
"nixpkgs"
],
"nixpkgs-23-11": [
"hydra"
],
"nixpkgs-regression": [
"hydra"
]
},
"locked": { "locked": {
"lastModified": 1748154947, "lastModified": 1739899400,
"narHash": "sha256-rCpANMHFIlafta6J/G0ILRd+WNSnzv/lzi40Y8f1AR8=", "narHash": "sha256-q/RgA4bB7zWai4oPySq9mch7qH14IEeom2P64SXdqHs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nix", "repo": "nix",
"rev": "d761dad79c79af17aa476a29749bd9d69747548f", "rev": "e310c19a1aeb1ce1ed4d41d5ab2d02db596e0918",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "2.29-maintenance", "ref": "2.26-maintenance",
"repo": "nix", "repo": "nix",
"type": "github" "type": "github"
} }
@ -363,11 +427,11 @@
"nix-eval-jobs": { "nix-eval-jobs": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1748211873, "lastModified": 1739500569,
"narHash": "sha256-AJ22q6yWc1hPkqssXMxQqD6QUeJ6hbx52xWHhKsmuP0=", "narHash": "sha256-3wIReAqdTALv39gkWXLMZQvHyBOc3yPkWT2ZsItxedY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-eval-jobs", "repo": "nix-eval-jobs",
"rev": "d9262e535e35454daebcebd434bdb9c1486bb998", "rev": "4b392b284877d203ae262e16af269f702df036bc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -383,11 +447,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749355504, "lastModified": 1743306489,
"narHash": "sha256-L17CdJMD+/FCBOHjREQLXbe2VUnc3rjffenBbu2Kwpc=", "narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "40a6e15e44b11fbf8f2b1df9d64dbfc117625e94", "rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -411,35 +475,6 @@
"type": "github" "type": "github"
} }
}, },
"nixos-cosmic": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
],
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1749511063,
"narHash": "sha256-LjH3btCZgZHGxLcAm1B9pjShQODF3mceFtu6+9KL9+g=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "a812d36015622e8ca094685f069387468def4c97",
"type": "github"
},
"original": {
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"type": "github"
}
},
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
@ -448,11 +483,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747663185, "lastModified": 1742568034,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -463,11 +498,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1749195551, "lastModified": 1743420942,
"narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "4602f7e1d3f197b3cb540d5accf5669121629628", "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -486,11 +521,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749512405, "lastModified": 1743178092,
"narHash": "sha256-xHPYfHL+TZsIWOfNFYW5Syl/q5qciv4NnfGTldLrZ0I=", "narHash": "sha256-fOMsQpcdIbj+wOexiCSEW2J4Erqd0LRV25aYiOx4QRw=",
"owner": "SuperSandro2000", "owner": "SuperSandro2000",
"repo": "nixos-modules", "repo": "nixos-modules",
"rev": "455dcf25a3c0bba9aece67eedfe4b4c45214ed7c", "rev": "77ff511df92a9d4a828bdf032b8f48e7c3d99b50",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -501,27 +536,27 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1749534015, "lastModified": 1739461644,
"narHash": "sha256-tQ81JSorX65STbyJA10TmDVL5Vd3UDfYgp5T1pW/qzI=", "narHash": "sha256-1o1qR0KYozYGRrnqytSpAhVBYLNBHX+Lv6I39zGRzKM=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "03b4f20ad93ed52a80ad55ec88f5eef00279d405", "rev": "97a719c9f0a07923c957cf51b20b329f9fb9d43f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable-small", "ref": "nixos-24.11-small",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1748740939, "lastModified": 1740877520,
"narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "656a64127e9d791a334452c6b6606d17539476e2", "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -532,11 +567,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1749173751, "lastModified": 1743367904,
"narHash": "sha256-ENY3y3v6S9ZmLDDLI3LUT8MXmfXg/fSt2eA4GCnMVCE=", "narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ed29f002b6d6e5e7e32590deb065c34a31dc3e91", "rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -546,12 +581,25 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1743472173,
"narHash": "sha256-xwNv3FYTC5pl4QVZ79gUxqCEvqKzcKdXycpH5UbYscw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88e992074d86ad50249de12b7fb8dbaadf8dc0c5",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": [ "flake-parts": "flake-parts_2",
"stylix",
"flake-parts"
],
"nixpkgs": [ "nixpkgs": [
"stylix", "stylix",
"nixpkgs" "nixpkgs"
@ -559,11 +607,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1748730660, "lastModified": 1741693509,
"narHash": "sha256-5LKmRYKdPuhm8j5GFe3AfrJL8dd8o57BQ34AGjJl1R0=", "narHash": "sha256-emkxnsZstiJWmGACimyAYqIKz2Qz5We5h1oBVDyQjLw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "2c0bc52fe14681e9ef60e3553888c4f086e46ecb", "rev": "5479646b2574837f1899da78bdf9a48b75a9fb27",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -583,11 +631,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747372754, "lastModified": 1742649964,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -598,6 +646,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko",
"firefox-addons": "firefox-addons", "firefox-addons": "firefox-addons",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
@ -606,11 +655,10 @@
"hydra": "hydra", "hydra": "hydra",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixos-cosmic": "nixos-cosmic",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules", "nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"rust-overlay": "rust-overlay", "rust-overlay": "rust-overlay",
@ -627,11 +675,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749523120, "lastModified": 1743475035,
"narHash": "sha256-lEhEK8qE8xto2Wnj4f7R+VRSg7M6tgTTkJVTZ2QxXOI=", "narHash": "sha256-uLjVsb4Rxnp1zmFdPCDmdODd4RY6ETOeRj0IkC0ij/4=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "d0727dbab79c5a28289f3c03e4fac7d5b95bafb3", "rev": "bee11c51c2cda3ac57c9e0149d94b86cc1b00d13",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -647,11 +695,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747603214, "lastModified": 1743502316,
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -670,7 +718,7 @@
"flake-compat": [ "flake-compat": [
"flake-compat" "flake-compat"
], ],
"flake-parts": "flake-parts_2", "flake-utils": "flake-utils_2",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"home-manager": [ "home-manager": [
@ -688,11 +736,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1749481862, "lastModified": 1743496321,
"narHash": "sha256-CXZL1Kt4rP1SAQhT4wCM207pcjkTeZMza9iIVFKV71c=", "narHash": "sha256-xhHg8ixBhZngvGOMb2SJuJEHhHA10n8pA02fEKuKzek=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "d73d8f6a4834716496bf8930a492b115cc3d7d17", "rev": "54721996d6590267d095f63297d9051e9342a33d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -751,27 +799,28 @@
"tinted-kitty": { "tinted-kitty": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1735730497, "lastModified": 1716423189,
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", "narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-kitty", "repo": "tinted-kitty",
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", "rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-kitty", "repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github" "type": "github"
} }
}, },
"tinted-schemes": { "tinted-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1748180480, "lastModified": 1741468895,
"narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=", "narHash": "sha256-YKM1RJbL68Yp2vESBqeZQBjTETXo8mCTTzLZyckCfZk=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "schemes", "repo": "schemes",
"rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31", "rev": "47c8c7726e98069cade5827e5fb2bfee02ce6991",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -783,11 +832,11 @@
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1748740859, "lastModified": 1740877430,
"narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=", "narHash": "sha256-zWcCXgdC4/owfH/eEXx26y5BLzTrefjtSLFHWVD5KxU=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "57d5f9683ff9a3b590643beeaf0364da819aedda", "rev": "d48ee86394cbe45b112ba23ab63e33656090edb4",
"type": "github" "type": "github"
}, },
"original": { "original": {

45
flake.nix
View File

@ -6,27 +6,22 @@
"https://cache.nixos.org/?priority=1&want-mass-query=true" "https://cache.nixos.org/?priority=1&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
"https://attic.nayeonie.com/nix-cache" "https://attic.nayeonie.com/nix-cache"
"https://cosmic.cachix.org/"
]; ];
trusted-substituters = [ trusted-substituters = [
"https://cache.nixos.org" "https://cache.nixos.org"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://attic.nayeonie.com/nix-cache" "https://attic.nayeonie.com/nix-cache"
"https://cosmic.cachix.org/"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-cache:grGRsHhqNDhkEuTODvHJXYmoCClntC+U8XAJQzwMaZM=" "nix-cache:trR+y5nwpQHR4hystoogubFmp97cewkjWeqqbygRQRs="
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
]; ];
trusted-users = [ "root" ]; trusted-users = [ "root" ];
allow-import-from-derivation = true; allow-import-from-derivation = true;
fallback = true;
}; };
inputs = { inputs = {
# flake inputs with no explicit deps (in alphabetic order)
flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
@ -36,11 +31,27 @@
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
# flake inputs with dependencies (in alphabetic order) # attic = {
# url = "github:zhaofengli/attic";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# nixpkgs-stable.follows = "nixpkgs-stable";
# flake-compat.follows = "flake-compat";
# flake-parts.follows = "flake-parts";
# };
# };
disko = {
url = "github:nix-community/disko/latest";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
firefox-addons = { firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
}; };
}; };
@ -56,9 +67,9 @@
hydra = { hydra = {
url = "git+https://nayeonie.com/ahuston-0/hydra?ref=add-gitea-pulls"; url = "git+https://nayeonie.com/ahuston-0/hydra?ref=add-gitea-pulls";
inputs = { # inputs = {
nixpkgs.follows = "nixpkgs"; # nixpkgs.follows = "nixpkgs";
}; # };
}; };
hyprland-contrib = { hyprland-contrib = {
@ -71,16 +82,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-cosmic = {
url = "github:lilyinstarlight/nixos-cosmic";
inputs = {
flake-compat.follows = "flake-compat";
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
rust-overlay.follows = "rust-overlay";
};
};
nixos-generators = { nixos-generators = {
url = "github:nix-community/nixos-generators"; url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -141,7 +142,7 @@
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
# disable arm for now as hydra isn't set up for it # disable arm for now as hydra isn't set up for it
# "aarch64-linuxa # "aarch64-linux"
]; ];
forEachSystem = lib.genAttrs systems; forEachSystem = lib.genAttrs systems;
@ -157,7 +158,7 @@
lib = self; lib = self;
} }
); );
inherit (lib.adev.systems) genSystems getImages; inherit (lib.rad-dev.systems) genSystems getImages;
inherit (self) outputs; # for hydra inherit (self) outputs; # for hydra
in in
rec { rec {

4
lib/default.nix
View File

@ -1,7 +1,7 @@
{ lib, ... }: { lib, ... }:
{ {
# create adev namespace for lib # create rad-dev namespace for lib
adev = rec { rad-dev = rec {
systems = import ./systems.nix { inherit lib; }; systems = import ./systems.nix { inherit lib; };
container-utils = import ./container-utils.nix { inherit lib; }; container-utils = import ./container-utils.nix { inherit lib; };

4
lib/systems.nix
View File

@ -176,7 +176,7 @@ rec {
(configPath + "/configuration.nix") (configPath + "/configuration.nix")
] ]
++ modules ++ modules
++ (lib.adev.fileList (src + "/modules")) ++ (lib.rad-dev.fileList (src + "/modules"))
++ genWrapper sops genSops args ++ genWrapper sops genSops args
++ genWrapper home genHome args ++ genWrapper home genHome args
++ genWrapper true genUsers args ++ genWrapper true genUsers args
@ -222,7 +222,7 @@ rec {
// import configPath { inherit inputs; } // import configPath { inherit inputs; }
); );
} }
) (lib.adev.lsdir path) ) (lib.rad-dev.lsdir path)
); );
# gets all the images of a specified format # gets all the images of a specified format

2
modules/autopull.nix
View File

@ -61,7 +61,7 @@ in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
environment.systemPackages = environment.systemPackages =
[ pkgs.git ] [ pkgs.git ]
++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [ ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.rad-dev.mapGetAttr "ssh-key" repos)) [
pkgs.openssh pkgs.openssh
]; ];

4
modules/kub_net.nix
View File

@ -1,10 +1,10 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.services.adev.k3s-net; cfg = config.services.rad-dev.k3s-net;
in in
{ {
options = { options = {
services.adev.k3s-net = { services.rad-dev.k3s-net = {
enable = lib.mkOption { enable = lib.mkOption {
default = false; default = false;
example = true; example = true;

5
modules/locale.nix
View File

@ -4,9 +4,8 @@
console.keyMap = lib.mkDefault "us"; console.keyMap = lib.mkDefault "us";
i18n = { i18n = {
defaultLocale = lib.mkDefault "en_US.UTF-8"; defaultLocale = lib.mkDefault "en_US.utf8";
defaultCharset = "UTF-8"; supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
#extraLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
extraLocaleSettings = lib.mkDefault { extraLocaleSettings = lib.mkDefault {
LC_ADDRESS = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";

15
modules/update.nix
View File

@ -16,19 +16,4 @@
persistent = true; persistent = true;
flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git"; flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git";
}; };
services.nix-verify = {
daily = {
enable = true;
verify-contents = false;
verify-trust = false;
};
weekly = {
enable = true;
verify-contents = true;
verify-trust = false;
frequency = "1week";
randomized-delay-sec = "6hour";
};
};
} }

11
modules/users.nix
View File

@ -1,11 +0,0 @@
{
...
}:
{
users.groups = {
users = {
gid = 100;
};
};
}

110
modules/verify.nix
View File

@ -1,110 +0,0 @@
{
config,
lib,
...
}:
let
cfg = config.services.nix-verify;
verify-type =
with lib.types;
attrsOf (
submodule (
{ name, ... }:
{
options = {
enable = lib.mkEnableOption "verify status of nix store";
service-name = lib.mkOption {
type = lib.types.str;
description = "the name of the systemd service. ${name} by default";
default = name;
};
verify-contents = lib.mkEnableOption "verify contents of nix store";
verify-trust = lib.mkEnableOption "verify if each path is trusted";
signatures-needed = lib.mkOption {
type = lib.types.int;
description = "number of signatures needed when verifying trust. Not needed if verify-trust is disabled or not set.";
default = -1;
};
frequency = lib.mkOption {
type = lib.types.str;
description = "systemd-timer compatible time between pulls";
default = "1day";
};
randomized-delay-sec = lib.mkOption {
type = lib.types.str;
description = "systemd-timer compatible time randomized delay";
default = "0";
};
};
}
)
);
in
{
options = {
services.nix-verify = lib.mkOption {
type = verify-type;
default = { };
};
};
config =
let
verifiers = lib.filterAttrs (_: { enable, ... }: enable) cfg;
in
{
systemd.services = lib.mapAttrs' (
_:
{
service-name,
verify-contents,
verify-trust,
signatures-needed,
...
}:
lib.nameValuePair "nix-verifiers@${service-name}" {
requires = [ "multi-user.target" ];
after = [ "multi-user.target" ];
description =
"Verify nix store (verify-contents: ${lib.boolToString verify-contents}, verify-trust: "
+ "${lib.boolToString verify-trust}, signatures-needed: ${builtins.toString signatures-needed})";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart =
"${config.nix.package}/bin/nix store verify --all "
+ lib.optionalString (!verify-contents) "--no-contents "
+ lib.optionalString (!verify-trust) "--no-trust "
+ lib.optionalString (signatures-needed >= 0) "--sigs-needed ${signatures-needed}";
};
}
) verifiers;
systemd.timers = lib.mapAttrs' (
_:
{
service-name,
frequency,
randomized-delay-sec,
...
}:
lib.nameValuePair "nix-verifiers@${service-name}" {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = frequency;
OnUnitActiveSec = frequency;
RandomizedDelaySec = randomized-delay-sec;
Unit = "nix-verifiers@${service-name}.service";
};
}
) verifiers;
};
}

4
modules/yubikey.nix
View File

@ -5,11 +5,11 @@
... ...
}: }:
let let
cfg = config.services.adev.yubikey; cfg = config.services.rad-dev.yubikey;
in in
{ {
options = { options = {
services.adev.yubikey = { services.rad-dev.yubikey = {
enable = lib.mkEnableOption "enable yubikey defaults"; enable = lib.mkEnableOption "enable yubikey defaults";
enable-desktop-app = lib.mkEnableOption "installs desktop application"; enable-desktop-app = lib.mkEnableOption "installs desktop application";
}; };

4
shell.nix
View File

@ -38,7 +38,7 @@ forEachSystem (
}; };
# constructs a custom shell with commonly used utilities # constructs a custom shell with commonly used utilities
adev = pkgs.mkShell { rad-dev = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
deadnix deadnix
pre-commit pre-commit
@ -56,7 +56,7 @@ forEachSystem (
default = pkgs.mkShell { default = pkgs.mkShell {
inputsFrom = [ inputsFrom = [
pre-commit pre-commit
adev rad-dev
sops sops
]; ];
}; };

18
systems/artemision/configuration.nix
View File

@ -37,6 +37,11 @@
default = true; default = true;
}; };
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = { services = {
@ -60,18 +65,17 @@
fwupd = { fwupd = {
enable = true; enable = true;
# package = package =
# (import (builtins.fetchTarball { (import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz"; url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
# sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk"; sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
# }) { inherit (pkgs) system; }).fwupd; }) { inherit (pkgs) system; }).fwupd;
}; };
mullvad-vpn.enable = true;
fprintd.enable = lib.mkForce false; fprintd.enable = lib.mkForce false;
openssh.enable = lib.mkForce false; openssh.enable = lib.mkForce false;
adev.yubikey = { rad-dev.yubikey = {
enable = true; enable = true;
enable-desktop-app = true; enable-desktop-app = true;
}; };

20
systems/artemision/desktop.nix
View File

@ -32,9 +32,22 @@
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";
services = { services = {
displayManager.gdm = { xserver = {
enable = true; enable = true;
wayland = true; displayManager.session = [
{
manage = "desktop";
name = "hyprland";
start = ''
bash ${./hypr/wrappedhl} &
waitPID=$!
'';
}
];
displayManager.gdm = {
enable = true;
wayland = true;
};
}; };
dbus = { dbus = {
@ -45,6 +58,9 @@
powerManagement = { powerManagement = {
enable = true; enable = true;
resumeCommands = ''
${pkgs.hyprlock}/bin/hyprlock -c /home/alice/.config/hypr/hyprlock.conf
'';
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

19
systems/artemision/private-wifi.nix
View File

@ -1,19 +0,0 @@
{ ... }:
{
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
"192.168.76.1"
];
services.resolved = {
enable = true;
dnssec = "false";
domains = [ "~." ];
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
dnsovertls = "true";
};
}

2
systems/artemision/programs.nix
View File

@ -100,6 +100,8 @@
unipicker unipicker
unzip unzip
uutils-coreutils-noprefix uutils-coreutils-noprefix
ventoy
vesktop
vscode vscode
watchman watchman
wget wget

12
systems/artemision/secrets.yaml
View File

@ -10,9 +10,13 @@ example_booleans:
- ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool] - ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool]
apps: apps:
spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str] spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str]
wifi-env: ENC[AES256_GCM,data:2BM4wQq+RfASkg9lcH+fW7eD0VaPJMXABp3z0sYXqZbVzv9R9eAxSokxzcifT/1JK8PBwvZkWtEFrKAT3phXIZzoEySnGKGYazz8fqWWWhMJotLNNo5VkX70hLppgE9vYxf9vQSq0PLWYCN0jUO0H9mHjOT6mDzKUHegcC53jzkNY3WTfLkyzDWJVMP9IbVQ22N5QlJbzZNqrNTaOtcRm06PBz7pNuEKOy4jj5ipZOh6ceR81Xy6BXM7MzFN27lYbzfVvcDmlwqPORAmr7/00QBy2cp38rTswJEzYf1x2Q==,iv:DSTVPw9qtmo02/usZZDpHsYlX3sSW+2XrnawtBkRNmQ=,tag:3p3eW+3BEQrOmHlBNUEOaA==,type:str] wifi-env: ENC[AES256_GCM,data:G+z+fURk4rT61I5BiFzEJJt35jywPNrGpn1QGNhjvxrqPQ/Sq/hIHmQo+bqe9yJeDgMX3RY4EaiZxFTJyxPfW1czjuMSj3vbTp0WcDmGvUJ7li2pX2pzolgly4qmgoOluGBeRZWVLLOZYFB2+kLRMJNNz/bP5k2Eq6O4+l4sljPM+abn9iz9Eh46rVOVRkmDzCltJrYiuBSiSPhTDRTP2+gUbgbaUJTkVrVLUBHg3QU6az6VPN8DPZxbx4LtdaIb93pI,iv:uUfJK/iPdyLP7LqZJolTGGTxaEzlJI59bUVNcB1etkU=,tag:tvXSXSW1MIhLJceEK1afuw==,type:str]
#ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment] #ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: | enc: |
@ -23,8 +27,8 @@ sops:
d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR
D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA== D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-15T15:37:51Z" lastmodified: "2024-11-28T18:57:09Z"
mac: ENC[AES256_GCM,data:qJ8NdnzVrgQb0rGwjZFHrS+eJrUjQEk4M4uo5bnk4eY7aKaHejARcYOIhp0H/DMdlix+Dm3DAAeeRWn8AKCatXaSzYD/VHHbjfp0lKBCsC8CZFeCELQ5GGEHnVot3WGb4J+QdfupwdduExSSMd6XeZGFVbSGhLzRbiiWA+i8I3o=,iv:oxWiDCH60apKT0/fJbWp1cIZ9cvd6mJKlP3xAjMBXIo=,tag:0We6eCJnsncujCt+CwK9UQ==,type:str] mac: ENC[AES256_GCM,data:hKhAo7rDplLm19PlrKHQwxnDVXCMU/xpAxPALLDBa0M3yypy2QVD6c6Atn897tYRKf7oeLaUKqnUYdCcZ9gVgm37LS+GtRhf66zfvcKqhZF8wh3M0zTDPYpQDhex0N4BAJ/dcaYIbxqE9pEUxJOI5jip/hptaCJItTEe7oARcF4=,iv:EUayxLaOPcnWX+S9+RlHrxzJRLlSSLIwqbAq3fFI4yg=,tag:LiBsqIodTWamO+c8FqGBag==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:57:09Z" - created_at: "2024-11-28T18:57:09Z"
enc: |- enc: |-
@ -39,4 +43,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.9.1

34
systems/artemision/wifi.nix
View File

@ -1,13 +1,9 @@
{ config, lib, ... }: { config, ... }:
let let
always = 100; always = 100;
home = 99; home = 99;
public_wifi = false;
in in
{ {
imports = lib.optionals (!public_wifi) [
./private-wifi.nix
];
networking.wireless = { networking.wireless = {
enable = true; enable = true;
secretsFile = config.sops.secrets."wifi-env".path; secretsFile = config.sops.secrets."wifi-env".path;
@ -28,19 +24,29 @@ in
"24HuFios".pskRaw = "ext:PASS_longboat_home"; "24HuFios".pskRaw = "ext:PASS_longboat_home";
"Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie"; "Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie";
"Fios-Qn3RB".pskRaw = "ext:PASS_parkridge"; "Fios-Qn3RB".pskRaw = "ext:PASS_parkridge";
"Mojo Dojo Casa House".pskRaw = "ext:PASS_Carly"; "optimumwifi" = { };
"CableWiFi" = { };
# Public wifi connections
# set public_wifi on line 5 to true if connecting to one of these
#"optimumwifi" = { };
#"CableWiFi" = { };
#"Hilton Honors" = { };
# Work wifi
"JPMCVisitor" = { }; "JPMCVisitor" = { };
}; };
}; };
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
"192.168.76.1"
];
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
dnsovertls = "true";
};
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {

28
systems/hetzner-bridge/configuration.nix Normal file
View File

@ -0,0 +1,28 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
../../disko/hetzner.nix
./networking.nix
];
disko.devices.disk.main.device = "scsi-0QEMU_QEMU_HARDDISK_55513992";
boot = {
useSystemdBoot = true;
};
virtualisation.docker.enable = false;
services = {
locate.enable = false;
endlessh-go.enable = false;
};
#hardware.enableAllFirmware = true;
system.stateVersion = "24.05";
}

8
systems/hetzner-bridge/default.nix Normal file
View File

@ -0,0 +1,8 @@
{ inputs, ... }:
{
users = [ "alice" ];
modules = [
# inputs.attic.nixosModules.atticd
inputs.disko.nixosModules.disko
];
}

39
systems/hetzner-bridge/hardware.nix Normal file
View File

@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

19
systems/hetzner-bridge/networking.nix Normal file
View File

@ -0,0 +1,19 @@
{
config,
lib,
pkgs,
...
}:
{
networking.useDHCP = false;
systemd.network = {
enable = true;
networks."10-wan" = {
#matchConfig.Name = "enp1s0"; # either ens3 or enp1s0 depending on system, check 'ip addr'
matchConfig.Name = "ether";
networkConfig.DHCP = "ipv4";
};
};
}

7
systems/palatine-hill/attic/default.nix
View File

@ -10,10 +10,6 @@
attic-client attic-client
]; ];
systemd.services.atticd.environment = {
RUST_LOG = "INFO";
};
services = { services = {
atticd = { atticd = {
enable = true; enable = true;
@ -38,9 +34,6 @@
bucket = "cache-nix-dot"; bucket = "cache-nix-dot";
endpoint = "https://minio.nayeonie.com"; endpoint = "https://minio.nayeonie.com";
}; };
garbage-collection = {
interval = "5 minutes";
};
# Warning: If you change any of the values here, it will be # Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs # difficult to reuse existing chunks for newly-uploaded NARs

42
systems/palatine-hill/configuration.nix
View File

@ -17,7 +17,6 @@
./minio.nix ./minio.nix
./networking.nix ./networking.nix
./nextcloud.nix ./nextcloud.nix
#./plex
./postgresql.nix ./postgresql.nix
./samba.nix ./samba.nix
./zfs.nix ./zfs.nix
@ -58,37 +57,16 @@
}; };
}; };
environment = { environment.systemPackages = with pkgs; [
systemPackages = with pkgs; [ chromedriver
chromedriver chromium
chromium docker-compose
docker-compose intel-gpu-tools
filebot jellyfin-ffmpeg
intel-gpu-tools jq
jellyfin-ffmpeg yt-dlp
jq yq
yt-dlp ];
yq
];
etc = {
# Creates /etc/lynis/custom.prf
"lynis/custom.prf" = {
text = ''
skip-test=BANN-7126
skip-test=BANN-7130
skip-test=DEB-0520
skip-test=DEB-0810
skip-test=FIRE-4513
skip-test=HRDN-7222
skip-test=KRNL-5820
skip-test=LOGG-2190
skip-test=LYNIS
skip-test=TOOL-5002
'';
mode = "0440";
};
};
};
services = { services = {
samba.enable = true; samba.enable = true;

3
systems/palatine-hill/default.nix
View File

@ -3,8 +3,5 @@
users = [ "alice" ]; users = [ "alice" ];
modules = [ modules = [
# inputs.attic.nixosModules.atticd # inputs.attic.nixosModules.atticd
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.supermicro
]; ];
} }

3
systems/palatine-hill/docker/act-runner.nix
View File

@ -12,7 +12,6 @@ in
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
act-stable-latest-main = { act-stable-latest-main = {
image = "gitea/act_runner:latest"; image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [ extraOptions = [
"--stop-signal=SIGINT" "--stop-signal=SIGINT"
]; ];
@ -36,7 +35,6 @@ in
act-stable-latest-1 = { act-stable-latest-1 = {
image = "gitea/act_runner:latest"; image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [ extraOptions = [
"--stop-signal=SIGINT" "--stop-signal=SIGINT"
]; ];
@ -59,7 +57,6 @@ in
act-stable-latest-2 = { act-stable-latest-2 = {
image = "gitea/act_runner:latest"; image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [ extraOptions = [
"--stop-signal=SIGINT" "--stop-signal=SIGINT"
]; ];

2
systems/palatine-hill/docker/archiveteam.nix
View File

@ -122,7 +122,7 @@ let
cmd = lib.splitString " " "--concurrent 6 AmAnd0"; cmd = lib.splitString " " "--concurrent 6 AmAnd0";
}; };
inherit (lib.adev.container-utils) createTemplatedContainers; inherit (lib.rad-dev.container-utils) createTemplatedContainers;
vars = import ../vars.nix; vars = import ../vars.nix;
at_path = vars.primary_archiveteam; at_path = vars.primary_archiveteam;

124
systems/palatine-hill/docker/arr.nix
View File

@ -1,124 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
bazarr = {
image = "ghcr.io/linuxserver/bazarr:latest";
ports = [ "6767:6767" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/bazarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
prowlarr = {
image = "ghcr.io/linuxserver/prowlarr:latest";
ports = [ "9696:9696" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.primary_docker}/prowlarr:/config" ];
autoStart = true;
};
radarr = {
image = "ghcr.io/linuxserver/radarr:latest";
ports = [ "7878:7878" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/radarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
sonarr = {
image = "ghcr.io/linuxserver/sonarr:latest";
ports = [ "8989:8989" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/sonarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
lidarr = {
image = "ghcr.io/linuxserver/lidarr:latest";
ports = [ "8686:8686" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/lidarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
readarr = {
image = "ghcr.io/linuxserver/readarr:latest";
ports = [ "8787:8787" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/readarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
unpackerr = {
image = "golift/unpackerr:latest";
user = "600:100";
environment = {
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/unpackerr:/config"
"${vars.primary_plex_storage}:/data"
];
autoStart = true;
};
overseerr = {
image = "lscr.io/linuxserver/overseerr";
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.primary_docker}/overseerr:/config" ];
# TODO: remove ports later since this is going through web
ports = [ "5055:5055" ]; # Web UI port
dependsOn = [
"radarr"
"sonarr"
];
extraOptions = [ "--network=haproxy-net" ];
autoStart = true;
};
};
}

1
systems/palatine-hill/docker/default.nix
View File

@ -8,7 +8,6 @@
{ {
imports = [ imports = [
./act-runner.nix ./act-runner.nix
./arr.nix
# temp disable archiveteam for tiktok archiving # temp disable archiveteam for tiktok archiving
#./archiveteam.nix #./archiveteam.nix
# ./books.nix # ./books.nix

1
systems/palatine-hill/docker/glances.nix
View File

@ -8,7 +8,6 @@ in
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
glances = { glances = {
image = "nicolargo/glances:latest-full"; image = "nicolargo/glances:latest-full";
pull = "always";
extraOptions = [ extraOptions = [
"--pid=host" "--pid=host"
"--network=haproxy-net" "--network=haproxy-net"

3
systems/palatine-hill/docker/minecraft.nix
View File

@ -39,7 +39,6 @@ in
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
mc-router = { mc-router = {
image = "itzg/mc-router:latest"; image = "itzg/mc-router:latest";
pull = "always";
extraOptions = [ extraOptions = [
"--network=haproxy-net" "--network=haproxy-net"
"--network=minecraft-net" "--network=minecraft-net"
@ -47,7 +46,7 @@ in
cmd = [ cmd = [
( (
"--mapping=mc.alicehuston.xyz=${defaultServer}:25565" "--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
+ (lib.adev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers) + (lib.rad-dev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
) )
]; ];
}; };

5
systems/palatine-hill/docker/nextcloud.nix
View File

@ -9,8 +9,6 @@ let
nextcloud-base = { nextcloud-base = {
# image comes from running docker compose build in nextcloud-docker/.examples/full/apache # image comes from running docker compose build in nextcloud-docker/.examples/full/apache
image = "nextcloud-nextcloud"; image = "nextcloud-nextcloud";
# pull = "always";
# do NOT enable pull here, this image is generated based on a custom docker image
hostname = "nextcloud"; hostname = "nextcloud";
volumes = [ volumes = [
"${nextcloud_path}/nc_data:/var/www/html:z" "${nextcloud_path}/nc_data:/var/www/html:z"
@ -34,7 +32,6 @@ in
}; };
redis = { redis = {
image = "redis:latest"; image = "redis:latest";
pull = "always";
user = "600:600"; user = "600:600";
volumes = [ volumes = [
"${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf" "${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
@ -50,7 +47,6 @@ in
}; };
go-vod = { go-vod = {
image = "radialapps/go-vod:latest"; image = "radialapps/go-vod:latest";
pull = "always";
dependsOn = [ "nextcloud" ]; dependsOn = [ "nextcloud" ];
environment = { environment = {
NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz"; NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";
@ -62,7 +58,6 @@ in
}; };
collabora-code = { collabora-code = {
image = "collabora/code:latest"; image = "collabora/code:latest";
pull = "always";
dependsOn = [ "nextcloud" ]; dependsOn = [ "nextcloud" ];
environment = { environment = {
aliasgroup1 = "https://collabora.nayenoie.com:443"; aliasgroup1 = "https://collabora.nayenoie.com:443";

22
systems/palatine-hill/docker/openvpn/se.protonvpn.udp.ovpn
View File

File diff suppressed because one or more lines are too long

87
systems/palatine-hill/docker/torr.nix
View File

@ -1,8 +1,7 @@
{ config, pkgs, ... }: { pkgs, ... }:
let let
delugeBase = { delugeBase = {
pull = "always";
environment = { environment = {
PUID = "600"; PUID = "600";
PGID = "100"; PGID = "100";
@ -20,31 +19,18 @@ let
deluge_path = "${torr_path}/deluge"; deluge_path = "${torr_path}/deluge";
delugevpn_path = "${torr_path}/delugevpn"; delugevpn_path = "${torr_path}/delugevpn";
#genSopsConfWg = file: { genSopsConf = file: {
# "${file}" = {
# format = "binary";
# sopsFile = ./wg/${file};
# path = "${delugevpn_path}/config/wireguard/configs/${file}";
# owner = "docker-service";
# group = "users";
# restartUnits = [ "docker-delugeVPN.service" ];
# };
#};
genSopsConfOvpn = file: {
"${file}" = { "${file}" = {
format = "binary"; format = "binary";
sopsFile = ./openvpn/${file}; sopsFile = ./wg/${file};
path = "${delugevpn_path}/config/openvpn/configs/${file}"; path = "${delugevpn_path}/config/wireguard/configs/${file}";
owner = "docker-service"; owner = "docker-service";
group = "users"; group = "users";
restartUnits = [ "docker-delugeVPN.service" ]; restartUnits = [ "docker-delugeVPN.service" ];
}; };
}; };
in in
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
deluge = delugeBase // { deluge = delugeBase // {
image = "binhex/arch-deluge"; image = "binhex/arch-deluge";
@ -59,26 +45,25 @@ in
]; ];
}; };
delugeVPN = delugeBase // { delugeVPN = delugeBase // {
image = "binhex/arch-delugevpn:latest"; image = "binhex/arch-delugevpn";
capabilities = { extraOptions = [
NET_ADMIN = true; "--privileged=true"
}; "--sysctl"
autoRemoveOnStop = false; "net.ipv4.conf.all.src_valid_mark=1"
];
environment = delugeBase.environment // { environment = delugeBase.environment // {
VPN_ENABLED = "yes"; VPN_ENABLED = "yes";
VPN_CLIENT = "openvpn"; VPN_CLIENT = "wireguard";
VPN_PROV = "protonvpn"; VPN_PROV = "custom";
ENABLE_PRIVOXY = "yes"; ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.0.0/16"; LAN_NETWORK = "192.168.0.0/16";
ENABLE_STARTUP_SCRIPTS = "yes"; NAME_SERVERS = "194.242.2.9";
#NAME_SERVERS = "194.242.2.9";
#NAME_SERVERS = "9.9.9.9";
# note, delete /config/perms.txt to force a bulk permissions update # note, delete /config/perms.txt to force a bulk permissions update
}; };
environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
volumes = [ volumes = [
"${delugevpn_path}/config:/config" "${delugevpn_path}/config:/config"
"${deluge_path}/data:/data" # use common torrent path yuck "${delugevpn_path}/data:/data"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
ports = [ ports = [
@ -86,9 +71,6 @@ in
"8119:8118" "8119:8118"
"39275:39275" "39275:39275"
"39275:39275/udp" "39275:39275/udp"
"48346:48346"
"48346:48346/udp"
]; ];
}; };
}; };
@ -97,34 +79,25 @@ in
serviceConfig = { serviceConfig = {
ExecStartPre = [ ExecStartPre = [
( (
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs " "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
+ "-type l -not -name network.ovpn " + "-type l -not -name wg0.conf "
+ "| ${pkgs.coreutils}/bin/shuf -n 1 " + "| ${pkgs.coreutils}/bin/shuf -n 1 "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&" + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&" + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\"" + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
)
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
+ "-type l "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
) )
]; ];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ]; ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
}; };
}; };
sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // { sops.secrets =
"docker/delugevpn" = { (genSopsConf "se-mma-wg-001.conf")
owner = "docker-service"; // (genSopsConf "se-mma-wg-002.conf")
group = "users"; // (genSopsConf "se-mma-wg-003.conf")
restartUnits = [ "docker-delugeVPN.service" ]; // (genSopsConf "se-mma-wg-004.conf")
}; // (genSopsConf "se-mma-wg-005.conf")
"docker/protonvpn-start-script" = { // (genSopsConf "se-mma-wg-101.conf")
path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh"; // (genSopsConf "se-mma-wg-102.conf")
owner = "docker-service"; // (genSopsConf "se-mma-wg-103.conf");
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
} }

9
systems/palatine-hill/firewall.nix
View File

@ -24,15 +24,6 @@
# collabora # collabora
9980 9980
# arr
6767
9696
7878
8989
8686
8787
5055
]; ];
} }

18
systems/palatine-hill/gitea.nix
View File

@ -10,7 +10,7 @@ in
{ {
services.gitea = { services.gitea = {
enable = true; enable = true;
appName = "Nayeonie's Trove"; appName = "The Hearth";
database = { database = {
type = "postgres"; type = "postgres";
passwordFile = config.sops.secrets."gitea/dbpass".path; passwordFile = config.sops.secrets."gitea/dbpass".path;
@ -27,12 +27,6 @@ in
SSH_PORT = 2222; SSH_PORT = 2222;
SSH_LISTEN_PORT = 2223; SSH_LISTEN_PORT = 2223;
START_SSH_SERVER = true; START_SSH_SERVER = true;
PUBLIC_URL_DETECTION = "auto";
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_MERGE_STYLE = "rebase-merge";
}; };
service = { service = {
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = true;
@ -51,15 +45,6 @@ in
host = "192.168.76.2"; host = "192.168.76.2";
port = "8088"; port = "8088";
}; };
"storage.minio" = {
STORAGE_TYPE = "minio";
MINIO_ENDPOINT = "minio.nayeonie.com";
MINIO_BUCKET = "gitea";
MINIO_LOCATION = "us-east-1";
MINIO_USE_SSL = true;
MINIO_INSECURE_SKIP_VERIFY = false;
MINIO_BUCKET_LOOKUP_TYPE = "auto";
};
}; };
stateDir = base_path; stateDir = base_path;
lfs.enable = true; lfs.enable = true;
@ -75,6 +60,5 @@ in
sops.secrets = { sops.secrets = {
"gitea/dbpass".owner = "gitea"; "gitea/dbpass".owner = "gitea";
"gitea/minio".owner = "gitea";
}; };
} }

10
systems/palatine-hill/hydra.nix
View File

@ -82,10 +82,10 @@ in
''; '';
}; };
# nix-serve = { nix-serve = {
# enable = true; enable = true;
# secretKeyFile = config.sops.secrets."nix-serve/secret-key".path; secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
# }; };
prometheus = { prometheus = {
enable = true; enable = true;
webExternalUrl = "https://prom.alicehuston.xyz"; webExternalUrl = "https://prom.alicehuston.xyz";
@ -134,7 +134,7 @@ in
sops = { sops = {
secrets = { secrets = {
"hydra/environment".owner = "hydra"; "hydra/environment".owner = "hydra";
# "nix-serve/secret-key".owner = "root"; "nix-serve/secret-key".owner = "root";
"alice/gha-hydra-token" = { "alice/gha-hydra-token" = {
sopsFile = ../../users/alice/secrets.yaml; sopsFile = ../../users/alice/secrets.yaml;
owner = "hydra"; owner = "hydra";

28
systems/palatine-hill/plex/default.nix
View File

@ -1,28 +0,0 @@
{
pkgs,
...
}:
let
vars = import ../vars.nix;
in
{
services.plex = {
enable = true;
dataDir = vars.primary_plex;
};
systemd.services.plex_permission = {
description = "maintains plex permissions";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash ${./plex_permission.sh}";
};
};
systemd.timers.plex_permission = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1h";
OnCalendar = "daily 03:00";
Unit = "plex_permission.service";
};
};
}

7
systems/palatine-hill/plex/plex_permission.sh
View File

@ -1,7 +0,0 @@
#!/bin/bash
plex_dir="/ZFS/ZFS-primary/plex"
chown docker-service:users -R "$plex_dir"
find "$plex_dir" -type f -exec chmod 664 {} \;
find "$plex_dir" -type d -exec chmod 775 {} \;

119
systems/palatine-hill/postgresql.nix
View File

@ -19,9 +19,6 @@ in
enable = true; enable = true;
enableJIT = true; enableJIT = true;
package = pkgs.postgresql_16; package = pkgs.postgresql_16;
configurePgStatStatements = true;
enableAllPreloadedLibraries = true;
#preloadAllExtensions = true;
identMap = '' identMap = ''
# ArbitraryMapName systemUser DBUser # ArbitraryMapName systemUser DBUser
superuser_map root postgres superuser_map root postgres
@ -31,126 +28,13 @@ in
''; '';
# initialScript = config.sops.secrets."postgres/init".path; # initialScript = config.sops.secrets."postgres/init".path;
ensureDatabases = [ ensureDatabases = [ "atticd" ];
"atticd"
"alice"
];
ensureUsers = [ ensureUsers = [
{ {
name = "atticd"; name = "atticd";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{
name = "alice";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
login = true;
createrole = true;
createdb = true;
replication = true;
};
}
]; ];
# Thank you NotAShelf
# https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74
# commented out statements are likely overriden by pgtune settings
# https://pgtune.leopard.in.ua/?dbVersion=17&osType=linux&dbType=web&cpuNum=64&totalMemory=8&totalMemoryUnit=GB&connectionNum=1024&hdType=hdd
settings = {
# Connectivity;
# max_connections = 100;
superuser_reserved_connections = 3;
# Memory Settings;
#shared_buffers = "1024 MB";
#work_mem = "32 MB";
#maintenance_work_mem = "320 MB";
#huge_pages = "off";
#effective_cache_size = "2 GB";
#effective_io_concurrency = 100; # concurrent IO only really activated if OS supports posix_fadvise function;
#random_page_cost = 1.25; # speed of random disk access relative to sequential access (1.0);
# Monitoring;
#shared_preload_libraries = "pg_stat_statements,auto_explain"; # per statement resource usage stats & log explain statements for slow queries
track_io_timing = "on"; # measure exact block IO times;
track_functions = "pl"; # track execution times of pl-language procedures if any;
# Replication;
wal_level = "replica"; # consider using at least "replica";
max_wal_senders = 0;
synchronous_commit = "on";
# Checkpointing: ;
checkpoint_timeout = "15 min";
#checkpoint_completion_target = 0.9;
#max_wal_size = "1024 MB";
#min_wal_size = "512 MB";
# WAL writing;
wal_compression = "on";
wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default);
wal_writer_delay = "200ms";
wal_writer_flush_after = "1MB";
# Background writer;
bgwriter_delay = "200ms";
bgwriter_lru_maxpages = 100;
bgwriter_lru_multiplier = 2.0;
bgwriter_flush_after = 0;
# Parallel queries: ;
#max_worker_processes = 6;
#max_parallel_workers_per_gather = 3;
#max_parallel_maintenance_workers = 3;
#max_parallel_workers = 6;
parallel_leader_participation = "on";
# Advanced features ;
enable_partitionwise_join = "on";
enable_partitionwise_aggregate = "on";
jit = "on";
jit_above_cost = 100000;
jit_inline_above_cost = 150000;
jit_optimize_above_cost = 500000;
# log slow queries
log_min_duration_statement = 100;
"auto_explain.log_min_duration" = 100;
# logging configuration
log_connections = true;
log_statement = "all";
logging_collector = true;
log_disconnections = true;
# from pgtune
# DB Version: 17
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 8 GB
# CPUs num: 64
# Connections num: 1024
# Data Storage: hdd
max_connections = 1024;
shared_buffers = "2GB";
effective_cache_size = "6GB";
maintenance_work_mem = "512MB";
checkpoint_completion_target = 0.9;
#wal_buffers = "16MB"; allow auto-tuning as per above
default_statistics_target = 100;
random_page_cost = 4;
effective_io_concurrency = 2;
work_mem = "512kB";
huge_pages = "off";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 64;
max_parallel_workers_per_gather = 4;
max_parallel_workers = 64;
max_parallel_maintenance_workers = 4;
};
refreshCollation = true; refreshCollation = true;
vacuumAnalyzeTimer.enable = true; vacuumAnalyzeTimer.enable = true;
@ -164,7 +48,6 @@ in
"hydra-send-stats" "hydra-send-stats"
"hydra-server" "hydra-server"
"atticd" "atticd"
"gitea"
]; ];
}; };
}; };

3
systems/palatine-hill/samba.nix
View File

@ -2,13 +2,14 @@
{ {
services.samba = { services.samba = {
enable = true; enable = true;
securityType = "user";
openFirewall = true; openFirewall = true;
settings = { settings = {
global = { global = {
security = "user";
"workgroup" = "WORKGROUP"; "workgroup" = "WORKGROUP";
"server string" = "palatine-hill"; "server string" = "palatine-hill";
"netbios name" = "palatine-hill"; "netbios name" = "palatine-hill";
"security" = "user";
#"use sendfile" = "yes"; #"use sendfile" = "yes";
#"max protocol" = "smb2"; #"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1 # note: localhost is the ipv6 localhost ::1

13
systems/palatine-hill/secrets.yaml
View File

@ -10,7 +10,6 @@ postgres:
init: ENC[AES256_GCM,data:trwA30EswHEPa6V2GuHsGgU4NK/j/UQveldwHng0Ilwyqh9aZCgF3axP48MmcciBssux8DZ4O5U=,iv:VC+tpG5yuiBE7pjZ85lYCwHG/bTePxeXQDz2zyLyLYA=,tag:5+jwWTv5T5YWwQpR58QfOA==,type:str] init: ENC[AES256_GCM,data:trwA30EswHEPa6V2GuHsGgU4NK/j/UQveldwHng0Ilwyqh9aZCgF3axP48MmcciBssux8DZ4O5U=,iv:VC+tpG5yuiBE7pjZ85lYCwHG/bTePxeXQDz2zyLyLYA=,tag:5+jwWTv5T5YWwQpR58QfOA==,type:str]
gitea: gitea:
dbpass: ENC[AES256_GCM,data:8jECcEJ8JnK7fztTckzLrQ==,iv:yQMp5VrierOKXwiop0NUA7Qbn2eH5iUCVlKppZwKLIQ=,tag:rI9WT7zLIaFxVcTu3ufW4g==,type:str] dbpass: ENC[AES256_GCM,data:8jECcEJ8JnK7fztTckzLrQ==,iv:yQMp5VrierOKXwiop0NUA7Qbn2eH5iUCVlKppZwKLIQ=,tag:rI9WT7zLIaFxVcTu3ufW4g==,type:str]
minio: ENC[AES256_GCM,data:LxY6AD+CZ9VQEl5FrG6o0XiOiizLcwiLiyH1WJD8mMCPWhDjGzt+k+YPOm1BpWzTZF8+2EoxR9oKFJu9mzTibl2Ieits0/RNwh1VdQALXw3FwfRym7CFS+Z5S8H9kGMoXWRrr+I5,iv:g/wq0r2HKfX2AwirT4hm/H1Ms/mtbf4ZuFLISikRyoI=,tag:he99s/WpKoN+lHR8r4K30w==,type:str]
upsmon: upsmon:
password: ENC[AES256_GCM,data:52Rxsh7KUq+aYjQORBC+Yq5B,iv:F05g/a5bv7DQ+eLlMqsNeRHLxzl7AyXU1zAlmFevQ6o=,tag:xkGDD3hDF+u5fUbP33OrlA==,type:str] password: ENC[AES256_GCM,data:52Rxsh7KUq+aYjQORBC+Yq5B,iv:F05g/a5bv7DQ+eLlMqsNeRHLxzl7AyXU1zAlmFevQ6o=,tag:xkGDD3hDF+u5fUbP33OrlA==,type:str]
minio: minio:
@ -23,8 +22,6 @@ docker:
redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str] redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str] act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
collabora: ENC[AES256_GCM,data:LPRkzPEv5qfzeWSDbf+L+0asfmiK5Mhj8jCdfVyvVQAaD75Cbo4qLD0Nc80z,iv:/l2vAyYYJChhv6T+JkHT4I74ZpdhvbVqxlDWIM4Y4bw=,tag:/+uzn1vtd1RnO9/lGiQAKA==,type:str] collabora: ENC[AES256_GCM,data:LPRkzPEv5qfzeWSDbf+L+0asfmiK5Mhj8jCdfVyvVQAaD75Cbo4qLD0Nc80z,iv:/l2vAyYYJChhv6T+JkHT4I74ZpdhvbVqxlDWIM4Y4bw=,tag:/+uzn1vtd1RnO9/lGiQAKA==,type:str]
delugevpn: ENC[AES256_GCM,data:YGkgaQUuA9oteKD77tnFzxZSHctyOQjMNlfvJr3mPWAl2P8wfcshiUoa6SNp69pagxbzRV6mfuzwzinbkQCoZN3lw7uF76y0,iv:Bro0H4tFR+3wi9DGGq9a6ge4o4uPlVXBUF7h17zyqg8=,tag:N1kVNFasqGMx8R9qTq2dJA==,type:str]
protonvpn-start-script: ENC[AES256_GCM,data:ZnlDpCLdILHXSUCI6itWkqO4y75Lwjj7qT1DBkfueLneQOaQ0JhuE2FbOOajkmI046nP9fMrJbu3g4QZHsq1g8yqGU1wb0OOT+eS9+M92Md29B4NnUdwnVAO6/RzvRKXP2tsQ4iprx9An+BEFwZYD6WG6DQc6NjJVSgRcYvfH9rQey2VdwLysNsgFCs8eC6QgikqBpeg4eOIvDDNbdXPKkW+ZPph9xpzGkcFIMwlX5esg0n7qyUoMvWwBn4avC46U5erOw0fNajY60ri9sm5Afht6LZrFal71Hx/K9/5EXBp9dD4teLO2Ew0CQX0i94pKCuR207l9868s7Ao3udLp4wbiLnXoRKq+w==,iv:qR0kNYpb50NXEqSksvHBPAaRG51RKCsSwTq32nosxzo=,tag:+xRQyuWi4Ja/N9lcd11oJA==,type:str]
acme: acme:
bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str] bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str] dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
@ -33,6 +30,10 @@ server-validation:
typhon: typhon:
hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str] hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: | enc: |
@ -43,8 +44,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-01T23:54:50Z" lastmodified: "2025-03-26T05:47:58Z"
mac: ENC[AES256_GCM,data:xBSrKfuBEXYVqLhZF903HbLaCpgXyuo3r7/FUBPM9Pl+rKUGx8p7LKCIec2NPCGO8ylQvC8T2mochSHSAvN339nxPlQ7f/tKWc6QgicaX4Sb4k0wJdqamSJTq4mkg8482HOUiFCSi3lA3zWC3Y9ZixESmEWTbxe9sQ51Vo69lkw=,iv:XiGVzryZwo5UmJe7I8pkg5IEdms0vR9iRdlFu2wjUeI=,tag:jhOuV+aZd5rQF0xg+0tvOg==,type:str] mac: ENC[AES256_GCM,data:ZP9HglMmn9FDv6/vtQAxz/qP76QniPqM6bzMQVvVU/OhDmjuneGKZY7d1Es7LC9o5qmJ+T3Dh3/bkmuRdgdnd2TO6iuvM++DEPxwnoHis+0lbMxv5a6ibzvoXXm2CrL4HPETqLKbLahGJRmDNgnkCEWxAs16zrqe5kgDpD53R5c=,iv:DcCXNGyb41ToV9uSnrnrl0dWiw2pvykM8z86Yk814P4=,tag:T9PFl48qABwBSy7vIhSmLA==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:56:39Z" - created_at: "2024-11-28T18:56:39Z"
enc: |- enc: |-
@ -59,4 +60,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.9.4

2
systems/palatine-hill/vars.nix
View File

@ -17,6 +17,4 @@ rec {
primary_nextcloud = "${zfs_primary}/nextcloud"; primary_nextcloud = "${zfs_primary}/nextcloud";
primary_redis = "${zfs_primary}/redis"; primary_redis = "${zfs_primary}/redis";
primary_torr = "${zfs_primary}/torr"; primary_torr = "${zfs_primary}/torr";
primary_plex = "${zfs_primary}/plex";
primary_plex_storage = "${zfs_primary}/plex_storage";
} }

35
systems/selinunte/audio.nix
View File

@ -1,35 +0,0 @@
{ pkgs, ... }:
{
# rtkit is optional but recommended
security.rtkit.enable = true;
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
pipewire.wireplumber.configPackages = [
(pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'')
];
blueman.enable = true;
};
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
environment.systemPackages = with pkgs; [ pavucontrol ];
programs.noisetorch.enable = true;
}

49
systems/selinunte/configuration.nix
View File

@ -1,49 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./audio.nix
./desktop.nix
./fonts.nix
./graphics.nix
./polkit.nix
./programs.nix
./steam.nix
./stylix.nix
];
time.timeZone = "America/New_York";
# temp workaround for building while in nixos-enter
#services.logrotate.checkConfig = false;
networking = {
hostId = "9f2e1ff9";
firewall.enable = true;
useNetworkd = true;
};
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_xanmod;
useSystemdBoot = true;
default = true;
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = {
flatpak.enable = true;
gvfs.enable = true;
openssh.enable = lib.mkForce false;
};
system.stateVersion = "25.11";
sops = {
defaultSopsFile = ./secrets.yaml;
};
}

23
systems/selinunte/default.nix
View File

@ -1,23 +0,0 @@
{ inputs, ... }:
{
system = "x86_64-linux";
home = true;
sops = true;
server = false;
users = [ "alice" ];
modules = [
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
inputs.stylix.nixosModules.stylix
{
environment.systemPackages = [
inputs.wired-notify.packages.x86_64-linux.default
inputs.hyprland-contrib.packages.x86_64-linux.grimblast
];
}
];
}

38
systems/selinunte/desktop.nix
View File

@ -1,38 +0,0 @@
{ pkgs, ... }:
{
# installs hyprland, and its dependencies
programs = {
hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
};
hyprlock.enable = true;
ydotool.enable = true;
};
# Optional, hint electron apps to use wayland:
environment.sessionVariables.NIXOS_OZONE_WL = "1";
services = {
displayManager.gdm = {
enable = true;
wayland = true;
};
dbus = {
enable = true;
implementation = "broker";
};
};
powerManagement = {
enable = true;
};
environment.systemPackages = with pkgs; [
libsForQt5.qt5.qtwayland
qt6.qtwayland
];
}

15
systems/selinunte/fonts.nix
View File

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
fonts = {
fontconfig.enable = true;
enableDefaultPackages = true;
packages = with pkgs.nerd-fonts; [
fira-code
droid-sans-mono
hack
dejavu-sans-mono
noto
open-dyslexic
];
};
}

40
systems/selinunte/graphics.nix
View File

@ -1,40 +0,0 @@
{ config, pkgs, ... }:
{
hardware.graphics = {
## radv: an open-source Vulkan driver from freedesktop
enable = true;
enable32Bit = true;
};
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

96
systems/selinunte/hardware.nix
View File

@ -1,96 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"usbhid"
"sd_mod"
"ip_vs"
"ip_vs_rr"
"nf_conntrack"
];
initrd.kernelModules = [
"dm-snapshot"
"r8152"
];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
kernelParams = [
"amdgpu.sg_display=0"
"amdgpu.graphics_sg=0"
"amdgpu.abmlevel=3"
];
};
fileSystems = {
"/" = lib.mkDefault {
device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/home" = {
device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/nix" = {
device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/5AD7-6005";
fsType = "vfat";
options = [
"noatime"
"nodiratime"
];
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/3ec276b5-9088-45b0-9cb4-60812f2d1a73"; } ];
boot.initrd.luks.devices = {
"nixos-pv" = {
device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a";
preLVM = true;
allowDiscards = true;
};
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

22
systems/selinunte/polkit.nix
View File

@ -1,22 +0,0 @@
{ pkgs, ... }:
{
security.polkit.enable = true;
environment.systemPackages = with pkgs; [ polkit_gnome ];
systemd = {
user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
}

112
systems/selinunte/programs.nix
View File

@ -1,112 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
act
alacritty
attic-client
amdgpu_top
bat
bitwarden-cli
bfg-repo-cleaner
btop
calibre
# calibre dedrm?
candy-icons
chromium
chromedriver
croc
deadnix
direnv
easyeffects
eza
fanficfare
ferium
fd
file
firefox
# gestures replacement
git
glances
gpu-viewer
grim
helvum
htop
hwloc
ipmiview
iperf3
# ipscan
jp2a
jq
kdePackages.kdenlive
kitty
kubectl
kubernetes-helm
libreoffice-fresh
libtool
lsof
lynis
masterpdfeditor4
minikube
mons
mpv
# nbt explorer?
ncdu
nemo-with-extensions
neofetch
neovim
nix-init
nix-output-monitor
nix-prefetch
nix-tree
nixpkgs-fmt
nmap
obs-studio
obsidian
ocrmypdf
pciutils
#disabled until wxpython compat with python3.12
#playonlinux
prismlauncher
protonmail-bridge
protontricks
proxychains
qrencode
redshift
restic
ripgrep
rpi-imager
rofi-wayland
samba
signal-desktop
# signal in tray?
siji
simple-mtpfs
skaffold
slack
slurp
smartmontools
snyk
sops
spotify
spotify-player
#swaylock/waylock?
sweet-nova
telegram-desktop
terraform
tig
tokei
tree
unipicker
unzip
uutils-coreutils-noprefix
vesktop
vscode
watchman
wget
wl-clipboard
yq
yt-dlp
zoom-us
zoxide
];
}

0
systems/selinunte/secrets.yaml
View File

20
systems/selinunte/steam.nix
View File

@ -1,20 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.steam-run ];
hardware.steam-hardware.enable = true;
programs = {
gamescope = {
enable = true;
capSysNice = true;
};
steam = {
enable = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
extraCompatPackages = with pkgs; [ proton-ge-bin ];
gamescopeSession.enable = true;
extest.enable = true;
};
};
}

16
systems/selinunte/stylix.nix
View File

@ -1,16 +0,0 @@
{ pkgs, ... }:
# let
# randWallpaper = pkgs.runCommand "stylix-wallpaper" { } ''
# numWallpapers =
# $((1 + $RANDOM % 10))
# in
{
stylix = {
enable = true;
image = "${pkgs.hyprland}/share/hypr/wall2.png";
#image = "/home/alice/Pictures/Screenshots/screenshot_2024-12-04-2030.png";
polarity = "dark";
};
}

1
users/alice/default.nix
View File

@ -14,6 +14,5 @@ import ../default.nix {
; ;
publicKeys = [ publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7oJjIYNRCRrUlhdGJgst6bzqubbKH0gjZYulQ1eVcZ alice@artemision" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7oJjIYNRCRrUlhdGJgst6bzqubbKH0gjZYulQ1eVcZ alice@artemision"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWG3cIBju6vzX6s8JlmGNJOiWY7pQ19bHvcqDADtWzv snowi@DESKTOP-EVIR8IH"
]; ];
} }

4
users/alice/home.nix
View File

@ -80,6 +80,7 @@
# doom emacs dependencies # doom emacs dependencies
fd fd
ripgrep ripgrep
ruff-lsp
pyright pyright
# audit # audit
@ -89,9 +90,6 @@
nodejs_20 nodejs_20
nodePackages.prettier nodePackages.prettier
treefmt treefmt
gocryptfs
awscli2
]; ];
}; };

6
users/alice/home/doom/custom.el
View File

@ -22,6 +22,6 @@
(setq! lsp-nix-nil-max-mem 20000) (setq! lsp-nix-nil-max-mem 20000)
(setq! lsp-nix-nil-formatter ["nixfmt"]) (setq! lsp-nix-nil-formatter ["nixfmt"])
;; (add-hook 'python-mode-hook (lambda () (add-hook 'python-mode-hook (lambda ()
;; (require 'sphinx-doc) (require 'sphinx-doc)
;; (sphinx-doc-mode t))) (sphinx-doc-mode t)))

6
users/alice/home/doom/packages.el
View File

@ -81,9 +81,9 @@
(package! pacdiff.el (package! pacdiff.el
:recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE"))) :recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE")))
;;(package! python-docstring-mode (package! python-docstring-mode
;; :recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py"))) :recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py")))
;;(package! sphinx-doc) (package! sphinx-doc)
;; https://github.com/glyph/python-docstring-mode.git ;; https://github.com/glyph/python-docstring-mode.git

3
users/alice/home/git.nix
View File

@ -3,7 +3,6 @@
{ {
programs.git = { programs.git = {
enable = true; enable = true;
lfs.enable = true;
signing = { signing = {
key = "5EFFB75F7C9B74EAA5C4637547940175096C1330"; key = "5EFFB75F7C9B74EAA5C4637547940175096C1330";
signByDefault = true; signByDefault = true;
@ -29,8 +28,6 @@
color.ui = true; color.ui = true;
init.defaultBranch = "main"; init.defaultBranch = "main";
format.signoff = true; format.signoff = true;
pack.windowMemory = "2g";
pack.packSizeLimit = "1g";
}; };
}; };
} }

2
users/alice/home/waybar.json
View File

@ -4,8 +4,8 @@
"layer": "top", "layer": "top",
"position": "top", "position": "top",
"output": [ "output": [
"eDP-1",
"eDP-2", "eDP-2",
"eDP-1",
"HDMI-0", "HDMI-0",
"DP-0" "DP-0"
], ],

24
users/alice/home/zsh.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }: { ... }:
{ {
programs.zsh = { programs.zsh = {
@ -22,27 +22,7 @@
"z" "z"
]; ];
}; };
/* initExtra = ''
To specify the order, use lib.mkOrder.
Common order values:
500 (mkBefore): Early initialization (replaces initExtraFirst)
550: Before completion initialization (replaces initExtraBeforeCompInit)
1000 (default): General configuration (replaces initExtra)
1500 (mkAfter): Last to run configuration
To specify both content in Early initialization and General configuration, use lib.mkMerge.
e.g.
initContent = let zshConfigEarlyInit = lib.mkOrder 500 do something; zshConfig = lib.mkOrder 1000 do something; in lib.mkMerge [ zshConfigEarlyInit zshConfig ];
*/
initContent = lib.mkOrder 1000 ''
# functions # functions
function mount-data { function mount-data {
if [[ -f /home/alice/backup/.noconnection ]]; then if [[ -f /home/alice/backup/.noconnection ]]; then

40
users/alice/non-server.nix
View File

@ -5,46 +5,6 @@
enable = true; enable = true;
package = pkgs.emacs30-pgtk; package = pkgs.emacs30-pgtk;
}; };
programs.vesktop = {
enable = true;
settings = {
appBadge = false;
arRPC = true;
checkUpdates = false;
customTitleBar = false;
hardwareAcceleration = true;
};
vencord.settings = {
autoUpdate = false;
autoUpdateNotification = false;
notifyAboutUpdates = false;
plugins = {
AnonymiseFileNames.enabled = true;
BetterFolders.enabled = true;
BetterGifAltText.enabled = true;
CallTimer.enabled = true;
ClearURLs.enabled = true;
CopyFileContents.enabled = true;
CtrlEnterSend.enabled = true;
CustomIdle = {
enabled = true;
remainInIdle = false;
};
FriendsSince.enabled = true;
GameActivityToggle.enabled = true;
ImplicitRelationships.enabled = true;
MutualGroupDMs.enabled = true;
QuickMention.enabled = true;
QuickReply.enabled = true;
ReplaceGoogleSearch = {
enabled = true;
customEngineName = "DuckDuckGo";
};
ReviewDB.enabled = true;
ShowConnections.enabled = true;
};
};
};
home.packages = with pkgs; [ home.packages = with pkgs; [
cmake cmake
shellcheck shellcheck

19
users/alice/secrets.yaml
View File

@ -4,13 +4,16 @@ alice:
#ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment] #ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment]
gha-hydra-token: ENC[AES256_GCM,data:CXdOiW9oYaVj4oqfiXSz9O9xIsB5ZyUac2WFSFD1ankZpnmQpv9TwolJxb6h8r+UM7Q9QzCCWk7KHe80lolZhpHa79bpcj+wt9v51ydj0Zy+3sufHS+JnGwmqBbw6dVqJ2uBr4nW2NADzHEbG8N367uKYEq2vazB4y02JiopXL8DHsYcx+Z4u7GJC/gYbpm9vnt8OVdYmfYRQ9BGSiaJOghDzpmCisEZdLpCLXM3cULn8yVUXIFWx8yF/6JrWN+myeoZiUFCL2sZmeSIswFg9kwBKXIsjBrz+EDXZzDCEr88UrEJ0j2+egsrG9BNlstVwC8oscYdbXWmYUdsCBNVxK3xjJYm9gDdSyo0DfSvTzK1t+/s9L1zC8uqj2TXYdVd6QyH2TRXxiPeNLYClRHT2UljymSpIVXOn/Okuo7dte+ZZqZVndT1lwK//2y8V3Hng+5wixfFFsQAd5oJzfraRSnM+RLZtjI3TMoyc5no3pVwV6zsCqRd2nvr7gieXUMWtSLb6YrM6tvhRpeiieYUqQ8NwHV0Avqco0I838o5yywVGSnUflGxnwYoGQIX70qoTcxNPGuiiiqSynh64e3nrlC9xN6EWuFpUNVfkBibZNRi+EyDAhK7LKwiPbL2z919N54vyzzoWA1KUFqxow+JsX+Q8rpnfJtag44F5qFt3/Be5PIMYVU7acXTiVJvM3cKPMQIBPXpQFX5OshwGhttGFuB53aWPHCzlhT4NDQbcZ/rLQ3bcytVpnH55WWze0Oe0zUZYGFc/rV9Fc4QjhR7/8pAi9kGUlKy2MYBamjmnCWlOnHPIQQLpPs/oiW+,iv:KL2P3O8Fnbn56hLX8PWIrigoPTBfIvMUpizKy3C3RIA=,tag:G0M/9iT9IWUSJ5ktUc/g5A==,type:str] gha-hydra-token: ENC[AES256_GCM,data:CXdOiW9oYaVj4oqfiXSz9O9xIsB5ZyUac2WFSFD1ankZpnmQpv9TwolJxb6h8r+UM7Q9QzCCWk7KHe80lolZhpHa79bpcj+wt9v51ydj0Zy+3sufHS+JnGwmqBbw6dVqJ2uBr4nW2NADzHEbG8N367uKYEq2vazB4y02JiopXL8DHsYcx+Z4u7GJC/gYbpm9vnt8OVdYmfYRQ9BGSiaJOghDzpmCisEZdLpCLXM3cULn8yVUXIFWx8yF/6JrWN+myeoZiUFCL2sZmeSIswFg9kwBKXIsjBrz+EDXZzDCEr88UrEJ0j2+egsrG9BNlstVwC8oscYdbXWmYUdsCBNVxK3xjJYm9gDdSyo0DfSvTzK1t+/s9L1zC8uqj2TXYdVd6QyH2TRXxiPeNLYClRHT2UljymSpIVXOn/Okuo7dte+ZZqZVndT1lwK//2y8V3Hng+5wixfFFsQAd5oJzfraRSnM+RLZtjI3TMoyc5no3pVwV6zsCqRd2nvr7gieXUMWtSLb6YrM6tvhRpeiieYUqQ8NwHV0Avqco0I838o5yywVGSnUflGxnwYoGQIX70qoTcxNPGuiiiqSynh64e3nrlC9xN6EWuFpUNVfkBibZNRi+EyDAhK7LKwiPbL2z919N54vyzzoWA1KUFqxow+JsX+Q8rpnfJtag44F5qFt3/Be5PIMYVU7acXTiVJvM3cKPMQIBPXpQFX5OshwGhttGFuB53aWPHCzlhT4NDQbcZ/rLQ3bcytVpnH55WWze0Oe0zUZYGFc/rV9Fc4QjhR7/8pAi9kGUlKy2MYBamjmnCWlOnHPIQQLpPs/oiW+,iv:KL2P3O8Fnbn56hLX8PWIrigoPTBfIvMUpizKy3C3RIA=,tag:G0M/9iT9IWUSJ5ktUc/g5A==,type:str]
wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str] wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str]
attic-nix-cache-creator: ENC[AES256_GCM,data:ygWuPJfFZQVHtJ83DfB7VB84PNF0knLkOwD4A67NMNp8pU9pA9lI56RSyKDkFd+qYRBSeEXSepbSOA+BhvQaCZiVEiao3LBlh7/6Sp5ni+Rdt3hGKcd+JRQyedEmTkg9h8NbtR6LvI90EiMhyVg6WLCzlGAtFFBcSvIqssrC/KDHCjd4uMzXeW23wUB40dU1PpwkLPtcNVvIzgxqYRsRPFOXZxGxQYGpBWtzDveqgmeLwavhU481wHfCwqpyXJZflbR+UzWdr+zbmSFdJadlLdHeooNGvRC+av0MK4YMCCgu1Em34IeawpiesFhhj/IVGa2xQWjXE0MF3SDLvlh5yMqNPodTZ7FAEZgD7rTYIbaH8JHiYbgI6v7/ANPcFqw2eKT7wVP8cTL1yPedcZcU,iv:J7JYA98NHxM0tExfUdjkir6/+tkOkPLMBNdjXBP9fbA=,tag:WaCWmrzLgr9lDUL+jxeMNA==,type:str] attic-nix-cache-creator: ENC[AES256_GCM,data:P0iBdy4IYrxcq7v4wTgwwZvAfVdRFo08pi0zvpY9cP9BDCwbBnp+3qDKWL29rC7OxsaLtmRkvPmbkF3ZX3Yu5OaptwVg2Xi0vNqhk3gu5Fdj8ygPigB0ZtimkfWv1QkctoVoXKXuLv6Xd4XKPCWOOIekWlJsBRcyfyzkyFURkU9tBBkXyEAWItho/J8hJr6r00eA3EN4rTe8Ge+PGpfTfpZVpnoGrC35xPnGLq19+b44DectHDTkMZrZKxiCaVIgKUZDLaFgi6a6PsX+L1HQAIZukXJu3m4BPdvzzby+zgX24pVJOYjAUB2BwO9jUlMS6+7qo0p6k01uLicryfKx/ajdAHcy39tFHX7naA4JriC2/FgI2HlFGp0Lc+g0pfdCYwLs5QBfRaOHyrbFWUDG,iv:OBrgnewqBaug00ygAXs0eFs3LqcHqo1EW96N5I38A0o=,tag:V+Gn47O6AH1RwL9qJLpAkw==,type:str]
attic-nix-cache-reader: ENC[AES256_GCM,data:78jJJh332XvFx29HxNW7CULMNMsQ2xMTCIIk5oX5AimBoFXXVH7z9EGFbDimwfaYlsPK6xuU+9mnCnhCjCoGFRX9GQbW+Z2D9TGMsBfe3eztbWlcJ++EkWSCbHKEIGKTF13aRGrKRIOjIy9Gl3qZt4BnZtQPFMOzQO8u80M116u3w4ttqz9rzaIrXWB6GIMI5lWF5rQe5ML1vDgvL2KNMNkPAAm5O1Fv887woVcqxbPhiNhJGXBSiPZpe3PG8wP6z0GTe/GhMTPCOlVJIdsxKnEaRaTSAtVazFos5zSMvLYYrbj6ISoS9tEQ6bFMy6xl,iv:dGDSTtsQlwElerRXpT97uapzOh766bysZTQMjUEEJnM=,tag:OQOYmQqKywdSjUUXnELdpQ==,type:str] attic-nix-cache-reader: ENC[AES256_GCM,data:DWIkRri3lHJOVXIAbHWJL7cCV4FHjB91bbpPAib/5ZDKap3xjnxUjwswc7wjO1hCoV3+gmep1a64kma6MJts4bcAug5bPyrrPy//rVpCYvSbSmbPz5k4sW5GLU/Sf4NyBevsQo9KRrphpoSUQEFQB27vabYDjjkB051/qJo1B9B7nqmrSyd3np4YdyHAgUiMyJt0oqx8nXySz3XZU+DIM8/OhMZILpnEWIgyP2K7j8JNNpZZJ5sD/icUy6Vba/4LcKjtmYtfQ+HO1soyF6aMiQSjhp7fzJHktwa9kgB3oDzIg3KyCJYS2RNW7mW9Dd1T,iv:fvhGFU22KgknMpJbOkA3v29bKzRVX6hi7V7xJgSUjPg=,tag:TjGSUl0XXS7jlhP/NG4cvQ==,type:str]
attic-nix-cache-writer: ENC[AES256_GCM,data:IIrGw+MtZEZqJdNGPryN5xKg7UOP+0kjzpthhyRdQz0P3yS/vThSaV+VuduQq5WgnaNjXLA6LBU+cufmVmvrkeTkZ281976sLTbYzrPCW/hCy1+w7qdv6vauaFsLqtnmWlHNwCIkXbUvQWq56WvP6m1PuYaUIFYn3SUprQ1du+X0buK1FUOhSH4HXfiqpNJOomLhok9M0Tyzn8yK5Fn1dzmJ8tsgBczzhWeZzsj4TuksFLV2r6NXzeQp2jWQkxv39Eg6Lf+0eaHxWQFR4s2uKYzwdsDOnpSmUgXFTzVB6RGAEpasKkVZ2NfG4GeUKBFPDVJoR6ilLZA=,iv:e58OGCbgLIIzKfBALtrsYmWg9Gp0nySNYsJ3X5IWp4I=,tag:bnwBipVK3BSOizg8twQ4lQ==,type:str] attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str]
attic-nix-cache-admin: ENC[AES256_GCM,data:xHJGeU4EUn1HRy2nIValiJ6iLZnYmmT6Njv/cGMh15Q0hJXKNBSsi8f0mAfLI7EX+GaC299VKh2uTlU25jptrAvogLxNJIc+LZBLsSkyGE/ojqqevHMKmZ/6eciLZRQL5ey9TM3V9HHyDOhGaFgdfawtwg/vyvbV13lZBKpqneAX9T3gPRuKRjV4/Uc/5cUckiOF8bQ50xVFN8Cql9HgGDJEGWgg4XUTPu5eYspof2EN63pYvU7wg6HD2begeLDvqc2/i2DIcsc0wqc5DgkY/dH2YtcssBtU8AR9vKpl+HmH/wvt6dfaEyZ7hF7ITGwWnOO6H2ko3SjYRfHkFK3XDmm1YRRjfkptnw==,iv:BdVgNyZ1azl5tKfH+RTeXuNV/rYY6hPvrareKlIXSeQ=,tag:/ar87eAjMod4TmQXoerNBQ==,type:str] attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str]
gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str] gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str]
gitea-pr-token: ENC[AES256_GCM,data:ybTya4X2wd65pNFSGbQkg73lu66GNtSba4yf8J6tT8XkuOtfvtBS4g==,iv:39mJiAlw4kud4l06jOpxOCRumChE/5q8IBNsPHG1rMc=,tag:MEvHD2b9E3fVHLlz7haNyw==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: | enc: |
@ -39,8 +42,8 @@ sops:
ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6 ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q== 7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-07T23:43:57Z" lastmodified: "2025-03-26T15:28:13Z"
mac: ENC[AES256_GCM,data:ygQzxSpGJqXwkOq7jGDeflA2FTSSxnre/PXm0LxmxzQQW5s7LeIVSI75fMqWir0WU3Pi/xroYGEWjpCG6JvxV5RiJycTONk8VE7c3jtw3AbrHSS0b1K5tJ+Sf+q3rHJFWWk/COrPk8IsRFNb+taqH4jnaH3AAVNo5u0C1CHKMes=,iv:FO2GVDXE8SjjA81/9cDwc+dX8kJ2oHt5kqkhNBuMb54=,tag:hgzRAmsh32SCvJEvKyV+vg==,type:str] mac: ENC[AES256_GCM,data:BfEahKHAcnLc/PSagENBIVwxufJrjpMSC6U4hkkxNwcEJYDNAlrF0w00aiexLeX+UfVGIw19+SrNL5zuecEf+GaYzYNy9RE3c66KUM2B/cpuBuzkiwLaBCTfcWr7k8dW11BGFCmugRSG4w6wXKG5B/LyEKB6Vcvp0JRbCYSqZSY=,iv:97UzvdvQCtTLaLDrg6VEwiofHtSPGtaxuPLHfTAyIFA=,tag:r4r45OaV9ZRDzd56RGLFZw==,type:str]
pgp: pgp:
- created_at: "2024-09-05T06:10:22Z" - created_at: "2024-09-05T06:10:22Z"
enc: |- enc: |-
@ -55,4 +58,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.1 version: 3.9.4

1
users/default.nix
View File

@ -14,7 +14,6 @@
hashedPasswordFile = config.sops.secrets."${name}/user-password".path or null; hashedPasswordFile = config.sops.secrets."${name}/user-password".path or null;
openssh.authorizedKeys.keys = publicKeys; openssh.authorizedKeys.keys = publicKeys;
extraGroups = [ extraGroups = [
"users"
"wheel" "wheel"
"media" "media"
(lib.mkIf config.networking.networkmanager.enable "networkmanager") (lib.mkIf config.networking.networkmanager.enable "networkmanager")

2
utils/diff-evals.sh
View File

@ -10,4 +10,4 @@ set -e
script_path=$(dirname "$(readlink -f $0)") script_path=$(dirname "$(readlink -f $0)")
parent_path=$(dirname "$script_path") parent_path=$(dirname "$script_path")
nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --compare-drvs --allow-import-from-derivation --compare-output-to-file "$parent_path" nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --compare-drvs --compare-output-to-file "$parent_path"

2
utils/eval-to-drv.sh
View File

@ -16,4 +16,4 @@ script_path=$(dirname "$(readlink -f $0)")
parent_path=$(dirname "$script_path") parent_path=$(dirname "$script_path")
out_path="$parent_path/$1.json" out_path="$parent_path/$1.json"
nix run git+https://nayeonie.com/ahuston-0/flake-update-diff --fallback -- --evaluate --allow-import-from-derivation --json "$out_path" "$parent_path" nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --evaluate --json "$out_path" "$parent_path"

27
utils/hetzner-install.sh Normal file
View File

@ -0,0 +1,27 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#bash nixpkgs#git --command bash
set -o errexit # abort on nonzero exitstatus
set -o nounset # abort on unbound variable
set -o pipefail # don't hide errors within pipes
MACHINENAME="hetzner-bridge"
sudo mkdir /root/.ssh
sudo chmod 700 /root/.ssh
sudo ssh-keygen -t ed25519 -o -a 100 -f "/root/.ssh/id_ed25519_giteadeploy" -q -N "" -C "$MACHINENAME" || echo "key already exists"
sudo cat /root/.ssh/id_ed25519_giteadeploy.pub
sudo ssh-keygen -A
nix --extra-experimental-features 'flakes nix-command' shell nixpkgs#git
nix --extra-experimental-features 'flakes nix-command' store gc
FLAKE="git+ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles?ref=feature/hetzner-bridge#hetzner-bridge"
DISK_DEVICE=/dev/sda
sudo nix \
--extra-experimental-features 'flakes nix-command' \
run github:nix-community/disko#disko-install -- \
--flake "$FLAKE" \
--write-efi-boot-entries \
--disk main "$DISK_DEVICE"

35
utils/hetzner-nixos-anywhere.sh Normal file
View File

@ -0,0 +1,35 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#bash nixpkgs#mktemp nixpkgs#openssh nixpkgs#nixos-anywhere nixpkgs#sops --command bash
echoerr() { printf "%s\n" "$*" >&2; }
if (( $# != 1 )); then
echoerr "usage: $0 <hostname>"
fi
HOSTNAME=$1
# Create a temporary directory
temp=$(mktemp -d)
# Function to cleanup temporary directory on exit
cleanup() {
rm -rf "$temp"
}
trap cleanup EXIT
# Create the directory where sshd expects to find the host keys
install -d -m755 "$temp/etc/ssh"
# Create host keys
ssh-keygen -A -f "$temp/etc/ssh/"
# Set the correct permissions so sshd will accept the key
chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
AGEKEY=$(ssh-to-age < "$temp/etc/ssh/ssh_host_ed25519_key.pub")
echo "$AGEKEY" | tee "./$HOSTNAME.age"
# Install NixOS to the host system with our secrets
nixos-anywhere --extra-files "$temp" --flake '.#your-host' root@yourip

33
utils/inject-diff.py
View File

@ -1,33 +0,0 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#python3 --command python
import logging
def inject_diff():
source_file = 'post-diff'
target_file = 'pr_body.md'
placeholder = "nix-diff-placeholder"
logging.info(f"injecting '{source_file}' into '{target_file}' using '{placeholder}' as a placeholder")
out = []
with open(source_file,'r') as src:
src_content = src.read()
if len(src_content) > 60000:
logging.warning(f"{source_file} is longer than 60k characters, truncating")
src_content = src_content[:60000]
with open(target_file,'r') as tgt:
for line in tgt.readlines():
if placeholder in line:
out.append(line.replace(placeholder,src_content))
else:
out.append(line)
with open(target_file,'w') as tgt:
tgt.writelines(out)
if __name__ == "__main__":
logging.basicConfig( level=logging.INFO)
inject_diff()