ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:main
Branches Tags
ahuston-0:main
ahuston-0:update-flake-lock
ahuston-0:feature/add-jessica
ahuston-0:feature/gitea-minio
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:hotfix/zfs-import
Branches Tags
ahuston-0:update-flake-lock
ahuston-0:main
ahuston-0:feature/add-jessica
ahuston-0:feature/gitea-minio
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes

1 Commits
main ... hotfix/zfs

Author SHA1 Message Date
ahuston-0
3e094a0a4f
fix ordering on postResumeCommands 
ZFS moved import from postDeviceCommands to postResumeCommands and now
my key import doesnt work :(

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2024-10-20 18:38:40 -04:00
128 changed files with 903 additions and 5385 deletions
Show Stats Expand all files Collapse all files

9
.gitconfig
View File

@ -1,11 +1,6 @@
# run `grep -Pv "^#" .gitconfig >> .git/config` to append the merge config to your repo file :) # run `grep -Pv "^#" .gitconfig >> .git/config` to append the merge config to your repo file :)
# run `git mergetool --tool=sops-mergetool <path to secret>/secrets.yaml` to use this once configured # run `git mergetool --tool=sops-mergetool <path to secret>/secrets.yaml` to use this once configured
# if for whatever reason the below doesn't work, try modifying the mergetool command as below
# find: $(git rev-parse --show-toplevel)/utils/sops-mergetool.sh
# replace: ./utils/sops-mergetool.sh
[mergetool "sops-mergetool"] [mergetool "sops-mergetool"]
cmd = bash -c "$(git rev-parse --show-toplevel)/utils/sops-mergetool.sh \"\$BASE\" \"\$LOCAL\" \"\$REMOTE\" \"\$MERGED\"" cmd = bash -c "$(git --exec-path)/sops-mergetool.sh \"$BASE\" \"$LOCAL\" \"$REMOTE\" \"$MERGED\""
[merge] [merge]
tool = nvimdiff tool = nvimdiff3
[mergetool "nvimdiff"]
layout = MERGED

35
.github/settings.yml vendored
View File

@ -4,44 +4,60 @@ repository:
# The name of the repository. Changing this will rename the repository # The name of the repository. Changing this will rename the repository
name: nix-dotfiles name: nix-dotfiles
# A short description of the repository that will show up on GitHub # A short description of the repository that will show up on GitHub
description: RAD-Dev Infra description: RAD-Dev Infra
# A URL with more information about the repository # A URL with more information about the repository
# homepage: "https://nix-community.org" # homepage: "https://nix-community.org"
# A comma-separated list of topics to set on the repository # A comma-separated list of topics to set on the repository
topics: "nixos" topics: "nixos"
# Either `true` to make the repository private, or `false` to make it public. # Either `true` to make the repository private, or `false` to make it public.
private: false private: false
# Either `true` to enable issues for this repository, `false` to disable them. # Either `true` to enable issues for this repository, `false` to disable them.
has_issues: true has_issues: true
# Either `true` to enable projects for this repository, or `false` to disable them. # Either `true` to enable projects for this repository, or `false` to disable them.
# If projects are disabled for the organization, passing `true` will cause an API error. # If projects are disabled for the organization, passing `true` will cause an API error.
has_projects: true has_projects: true
# Either `true` to enable the wiki for this repository, `false` to disable it. # Either `true` to enable the wiki for this repository, `false` to disable it.
has_wiki: false has_wiki: false
# Either `true` to enable downloads for this repository, `false` to disable them. # Either `true` to enable downloads for this repository, `false` to disable them.
has_downloads: false has_downloads: false
# Updates the default branch for this repository. # Updates the default branch for this repository.
default_branch: main default_branch: main
# Either `true` to allow squash-merging pull requests, or `false` to prevent # Either `true` to allow squash-merging pull requests, or `false` to prevent
# squash-merging. # squash-merging.
allow_squash_merge: true allow_squash_merge: true
# Either `true` to allow merging pull requests with a merge commit, or `false` # Either `true` to allow merging pull requests with a merge commit, or `false`
# to prevent merging pull requests with merge commits. # to prevent merging pull requests with merge commits.
allow_merge_commit: false allow_merge_commit: false
# Either `true` to allow rebase-merging pull requests, or `false` to prevent # Either `true` to allow rebase-merging pull requests, or `false` to prevent
# rebase-merging. # rebase-merging.
allow_rebase_merge: true allow_rebase_merge: true
# Either `true` to enable automatic deletion of branches on merge, or `false` to disable # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
delete_branch_on_merge: true delete_branch_on_merge: true
# Either `true` to enable automated security fixes, or `false` to disable # Either `true` to enable automated security fixes, or `false` to disable
# automated security fixes. # automated security fixes.
enable_automated_security_fixes: true enable_automated_security_fixes: true
# Either `true` to enable vulnerability alerts, or `false` to disable # Either `true` to enable vulnerability alerts, or `false` to disable
# vulnerability alerts. # vulnerability alerts.
enable_vulnerability_alerts: true enable_vulnerability_alerts: true
allow_auto_merge: true allow_auto_merge: true
# Labels: define labels for Issues and Pull Requests # Labels: define labels for Issues and Pull Requests
# #
labels: labels:
@ -88,16 +104,29 @@ labels:
- name: automated - name: automated
color: '#42b528' color: '#42b528'
description: PR was automatically generated (through a bot or CI/CD) description: PR was automatically generated (through a bot or CI/CD)
# Milestones: define milestones for Issues and Pull Requests # Milestones: define milestones for Issues and Pull Requests
milestones: milestones:
- title: Go-Live - title: Go-Live
description: >- description: >-
All requirements for official go-live: - Automated testing via Hydra/Actions - Automated deployments via Hydra/Actions - 90+% testing coverage - Functional formatter with custom rules - palatine-hill is fully stable, enough so that jeeves can be migrated All requirements for official go-live:
- Automated testing via Hydra/Actions
- Automated deployments via Hydra/Actions
- 90+% testing coverage
- Functional formatter with custom rules
- palatine-hill is fully stable, enough so that jeeves can be migrated
# The state of the milestone. Either `open` or `closed` # The state of the milestone. Either `open` or `closed`
state: open state: open
- title: Jeeves Migration - title: Jeeves Migration
description: >- description: >-
Test common use-cases for Jeeves - Quadro GPU support - Multi-GPU support - Plex support - Docker support - ZFS support Test common use-cases for Jeeves
- Quadro GPU support
- Multi-GPU support
- Plex support
- Docker support
- ZFS support
# Collaborators: give specific users access to this repository. # Collaborators: give specific users access to this repository.
# See https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator for available options # See https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator for available options
collaborators: collaborators:
@ -121,6 +150,7 @@ teams:
# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions. # * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access. # * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
# permission: admin # permission: admin
branches: branches:
# gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/nix-community/infra/branches/master/protection # gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/nix-community/infra/branches/master/protection
@ -135,6 +165,7 @@ branches:
# `Maximum pull requests to merge`: 5 # `Maximum pull requests to merge`: 5
# `Only merge non-failing pull requests`: true # `Only merge non-failing pull requests`: true
# `Consider check failed after`: 60 minutes # `Consider check failed after`: 60 minutes
- name: main - name: main
# https://docs.github.com/en/rest/reference/repos#update-branch-protection # https://docs.github.com/en/rest/reference/repos#update-branch-protection
# Branch Protection settings. Set to null to disable # Branch Protection settings. Set to null to disable

27
.github/workflows/flake-health-checks.yml vendored
View File

@ -5,29 +5,16 @@ on:
pull_request: pull_request:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs: jobs:
health-check: health-check:
name: "Perform Nix flake checks" name: "Perform Nix flake checks"
runs-on: ubuntu-latest runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
steps: steps:
- name: Get Latest Determinate Nix Installer binary - uses: DeterminateSystems/nix-installer-action@main
id: latest-installer - uses: DeterminateSystems/magic-nix-cache-action@main
uses: sigyl-actions/gitea-action-get-latest-release@main
with:
repository: ahuston-0/determinate-nix-mirror
- name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main
with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix flake check --accept-flake-config - run: nix flake check --accept-flake-config

149
.github/workflows/flake-update.yml vendored
View File

@ -4,131 +4,64 @@ on:
workflow_dispatch: workflow_dispatch:
schedule: schedule:
- cron: "00 12 * * *" - cron: "00 12 * * *"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs: jobs:
update_lockfile: createPullRequest:
runs-on: ubuntu-latest runs-on: ubuntu-latest
#if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main
steps: steps:
- name: Checkout repository - uses: actions/checkout@v4
uses: actions/checkout@v4 - name: Login to Docker Hub
- name: Get Latest Determinate Nix Installer binary uses: docker/login-action@v3
id: latest-installer
uses: sigyl-actions/gitea-action-get-latest-release@main
with: with:
repository: ahuston-0/determinate-nix-mirror username: ${{ secrets.DOCKERHUB_USERNAME }}
- name: Install nix password: ${{ secrets.DOCKERHUB_TOKEN }}
uses: https://github.com/DeterminateSystems/nix-installer-action@main - name: Install Nix
uses: cachix/install-nix-action@v24
with: with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux extra_nix_config: |
- name: Setup Attic cache experimental-features = nix-command flakes
uses: ryanccn/attic-action@v0 install_url: https://releases.nixos.org/nix/nix-2.19.0/install
with: - uses: DeterminateSystems/magic-nix-cache-action@main
endpoint: ${{ secrets.ATTIC_ENDPOINT }} - name: Calculate pre-drv
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- name: Get pre-snapshot of evaluations
run: nix ./utils/eval-to-drv.sh pre run: nix ./utils/eval-to-drv.sh pre
- name: Update flake.lock - name: Pull latest docker images
id: update run: nix ./utils/fetch-docker.sh
run: | - name: Update flake.lock (part 1)
nix flake update 2> >(tee /dev/stderr) | awk ' run: nix flake update
/^• Updated input/ {in_update = 1; print; next} - name: Calculate post-drv
in_update && !/^warning:/ {print}
/^$/ {in_update = 0}
' > update.log
echo "UPDATE_LOG<<EOF" >> $GITHUB_ENV
cat update.log >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
rm update.log
- name: Get post-snapshot of evaluations
run: nix ./utils/eval-to-drv.sh post run: nix ./utils/eval-to-drv.sh post
- name: Calculate diff - name: Calculate diff
run: nix ./utils/diff-evals.sh run: nix ./utils/diff-evals.sh
- name: upload diff file as artifact - name: Read diff into environment
id: upload-diff
uses: actions/upload-artifact@v3
with:
name: nix-flake-diff.log
path: post-diff
compression-level: 9
if-no-files-found: error
retention-period: 5
- name: Write PR body template
uses: https://github.com/DamianReeves/write-file-action@v1.3
with:
path: pr_body.template
contents: |
- The following Nix Flake inputs were updated:
Flake input changes:
```shell
${{ env.UPDATE_LOG }}
```
Flake evaluation diff:
```shell
nix-diff-placeholder
```
Auto-generated by [update.yml][1] with the help of
[create-pull-request][2].
[1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml
[2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
- name: Generate PR body
uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0
with:
files: "pr_body.template"
output-filename: "pr_body.md"
- name: template diff into PR body
run: | run: |
nix utils/inject-diff.py delimiter="$(openssl rand -hex 8)"
- name: Save PR body {
id: pr_body echo "POSTDIFF<<${delimiter}"
uses: juliangruber/read-file-action@v1 cat post-diff
with: echo "${delimiter}"
path: "pr_body.md" } >> $GITHUB_ENV
- name: Remove temporary files
run: |
rm pr_body.template - name: Restore flake.lock for next step
rm pre.json run: git restore flake.lock
rm post.json - name: Update flake.lock
rm post-diff id: update
- name: Create Pull Request uses: DeterminateSystems/update-flake-lock@main
id: create-pull-request
# uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@7174d368c2e4450dea17b297819eb28ae93ee645
uses: https://nayeonie.com/ahuston-0/create-pull-request@main
with: with:
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
add-paths: flake.lock pr-body: |
body-path: pr_body.md Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>'
title: 'automated: Update `flake.lock`'
commit-message: |
automated: Update `flake.lock`
Auto-generated by [update.yml][1] with the help of ```
[create-pull-request][2]. {{ env.GIT_COMMIT_MESSAGE }}
```
[1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml ```
[2]: https://forgejo.stefka.eu/jiriks74/create-pull-request {{ env.POSTDIFF }}
branch: update-flake-lock ```
delete-branch: true
pr-labels: | # Labels to be set on the PR pr-labels: | # Labels to be set on the PR
dependencies dependencies
automated automated
- name: Print PR number
run: |
echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
permissions: permissions:
pull-requests: write pull-requests: write
contents: write contents: write

4
.github/workflows/lock-health-checks.yml vendored
View File

@ -5,9 +5,7 @@ on:
pull_request: pull_request:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs: jobs:
health-check: health-check:
name: "Check health of `flake.lock`" name: "Check health of `flake.lock`"

17
.github/workflows/nix-fmt.yml vendored Normal file
View File

@ -0,0 +1,17 @@
name: "Check Nix formatting"
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
merge_group:
jobs:
health-check:
name: "Perform Nix format checks"
runs-on: ubuntu-latest
steps:
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- uses: actions/checkout@v4
- run: nix fmt -- --check .

29
.sops.yaml
View File

@ -1,15 +1,20 @@
keys: keys:
# The PGP keys in keys/ # The PGP keys in keys/
- &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330 - &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330
# Generate AGE keys from SSH keys with: # Generate AGE keys from SSH keys with:
# ssh-keygen -A # ssh-keygen -A
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
# cspell:disable # cspell:disable
- &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
- &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc - &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
#- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
- &selinunte age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
# cspell:enable # cspell:enable
servers: &servers
- *palatine-hill
# add new users by executing: sops users/<user>/secrets.yaml # add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below # then have someone already in the repo run the below
# #
@ -24,34 +29,18 @@ creation_rules:
- *palatine-hill - *palatine-hill
- *artemision - *artemision
- *artemision-home - *artemision-home
- path_regex: systems/palatine-hill/secrets.*\.yaml$ - path_regex: systems/palatine-hill/secrets.*\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *palatine-hill - *palatine-hill
- path_regex: systems/artemision/secrets.*\.yaml$ - path_regex: systems/artemision/secrets.*\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *artemision - *artemision
- path_regex: systems/selinunte/secrets.*\.yaml$
key_groups:
- pgp:
- *admin_alice
age:
- *artemision
- *selinunte
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$
key_groups:
- pgp:
- *admin_alice
age:
- *palatine-hill
- path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
key_groups:
- pgp:
- *admin_alice
age:
- *palatine-hill

4
.vscode/settings.json vendored
View File

@ -1,7 +1,5 @@
{ {
"cSpell.enableFiletypes": [ "cSpell.enableFiletypes": ["nix"],
"nix"
],
"cSpell.words": [ "cSpell.words": [
"aarch", "aarch",
"abmlevel", "abmlevel",

4
README.md
View File

@ -14,7 +14,9 @@ to onboard a new user or system.
Although we are not actively looking for new members to join in on this repo, Although we are not actively looking for new members to join in on this repo,
we are not strictly opposed. Please reach out to we are not strictly opposed. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) for further information. [@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill)
for further information.
## Repo Structure ## Repo Structure

15
docs/CONTRIBUTING.md
View File

@ -40,12 +40,12 @@ and will eventually trip a check when merging to main.
| Branch Name | Use Case | | Branch Name | Use Case |
|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| main | protected branch which all machines pull from, do not try to push directly | | main | protected branch which all machines pull from, do not try to push directly |
| feature/\<item> | \<item> is a new feature added to the repo, for personal or common use | | feature/\<item\> | \<item\> is a new feature added to the repo, for personal or common use |
| fixup/\<item> | \<item> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical | | fixup/\<item\> | \<item\> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical |
| hotfix/\<item> | \<item> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process | | hotfix/\<item\> | \<item\> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process |
| urgent/\<item> | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues | | urgent/\<item\> | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues |
| exp/\<item> | \<item> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches | | exp/\<item\> | \<item\> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches |
| merge/\<item> | \<item> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch | | merge/\<item\> | \<item\> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch |
### Review Process ### Review Process
@ -107,7 +107,8 @@ rules.
We allow secrets to be embedded in the repository using `sops-nix`. As part of We allow secrets to be embedded in the repository using `sops-nix`. As part of
the process everything is encrypted, however adding a new user is a change the process everything is encrypted, however adding a new user is a change
that every existing SOPS user needs to participate in. Please reach out to that every existing SOPS user needs to participate in. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) or if you are interested [@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill) if you are interested
in using secrets on your machines. in using secrets on your machines.
## CI/CD ## CI/CD

6
docs/sample-setup.sh
View File

@ -54,6 +54,8 @@ if [ $PROCEED != "Y" ]; then
lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
fi fi
if [ $CREATEPARTS = "Y" ]; then if [ $CREATEPARTS = "Y" ]; then
# Create partition table # Create partition table
sudo parted "/dev/$DRIVE" -- mklabel gpt sudo parted "/dev/$DRIVE" -- mklabel gpt
@ -121,7 +123,7 @@ fi
DOTS="/mnt/root/dotfiles" DOTS="/mnt/root/dotfiles"
GC="git -C $DOTS" GC="git -C $DOTS"
sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists" sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
sudo $GC clone https://nayeonie.com/ahuston-0/nix-dotfiles.git . sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git .
sudo $GC checkout "$FEATUREBRANCH" sudo $GC checkout "$FEATUREBRANCH"
# Create ssh keys # Create ssh keys
@ -179,4 +181,4 @@ Host github.com
IdentityFile /root/.ssh/id_ed25519_ghdeploy IdentityFile /root/.ssh/id_ed25519_ghdeploy
EOF EOF
printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
sudo "$GC" remote set-url origin 'ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git' sudo "$GC" remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git'

642
flake.lock generated
View File

@ -1,85 +1,72 @@
{ {
"nodes": { "nodes": {
"base16": { "attic": {
"inputs": { "inputs": {
"fromYaml": "fromYaml" "crane": "crane",
"flake-compat": [
"flake-compat"
],
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
]
}, },
"locked": { "locked": {
"lastModified": 1746562888, "lastModified": 1728577371,
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", "narHash": "sha256-f3bKclEV5t1eP1OH7kTGv/tLzlToSRIe0ktkdl1jihw=",
"owner": "SenchoPens", "owner": "zhaofengli",
"repo": "base16.nix", "repo": "attic",
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", "rev": "e5c8d2d50981a34602358d917e7be011b2c397a8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "SenchoPens", "owner": "zhaofengli",
"repo": "base16.nix", "repo": "attic",
"type": "github" "type": "github"
} }
}, },
"base16-fish": { "crane": {
"flake": false, "inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1622559957, "lastModified": 1722960479,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "tomyun", "owner": "ipetkov",
"repo": "base16-fish", "repo": "crane",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tomyun", "owner": "ipetkov",
"repo": "base16-fish", "repo": "crane",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1736852337,
"narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1732806396,
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github" "type": "github"
} }
}, },
"firefox-addons": { "firefox-addons": {
"inputs": { "inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1748730131, "lastModified": 1728965006,
"narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=", "narHash": "sha256-TXBxJMGC6P+cn5La/lIgVzb9ETutsOI3A3urHihB7FA=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0", "rev": "f4947cf2d1a469b23fee54ad948c539f6aa431a7",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -89,30 +76,14 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1744642301,
"narHash": "sha256-5A6LL7T0lttn1vrKsNOKUk9V0ittdW0VEqh6AtefxJ4=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "59e3de00f01e5adb851d824cf7911bd90c31083a",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1696426674,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 69, "revCount": 57,
"type": "tarball", "type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@ -124,32 +95,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1743550720, "lastModified": 1727826117,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5", "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -165,11 +115,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1726560853,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -178,48 +128,6 @@
"type": "github" "type": "github"
} }
}, },
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1731966426,
"narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "106af9e2f715e2d828df706c386a685698f3223b",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"stylix",
"flake-compat"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -241,45 +149,6 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_2": {
"inputs": {
"nixpkgs": [
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1744584021,
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "48.1",
"repo": "gnome-shell",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -287,11 +156,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748737919, "lastModified": 1728903686,
"narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=", "narHash": "sha256-ZHFrGNWDDriZ4m8CA/5kDa250SG1LiiLPApv1p/JF0o=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5675a9686851d9626560052a032c4e14e533c1fa", "rev": "e1aec543f5caf643ca0d94b6a633101942fd065f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -300,29 +169,6 @@
"type": "github" "type": "github"
} }
}, },
"hydra": {
"inputs": {
"nix": "nix",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1748756240,
"narHash": "sha256-hiplweg3818WiWqnTCEXW0xKhzLUmJaAK2SPJXSkOEU=",
"ref": "add-gitea-pulls",
"rev": "ae8c1554cb8aec9772cb25ec5c7a3b7a1cf11f34",
"revCount": 4379,
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
},
"original": {
"ref": "add-gitea-pulls",
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
}
},
"hyprland-contrib": { "hyprland-contrib": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -330,11 +176,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747572947, "lastModified": 1725551787,
"narHash": "sha256-PMQoXbfmWPuXnF8EaWqRmvTvl7+WFUrDVgufFRPgOM4=", "narHash": "sha256-6LgsZHz8w3g4c9bRUwRAR+WIMwFGGf3P1VZQcKNRf2o=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "910dad4c5755c1735d30da10c96d9086aa2a608d", "rev": "1e531dc49ad36c88b45bf836081a7a2c8927e072",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -343,39 +189,6 @@
"type": "github" "type": "github"
} }
}, },
"nix": {
"flake": false,
"locked": {
"lastModified": 1748154947,
"narHash": "sha256-rCpANMHFIlafta6J/G0ILRd+WNSnzv/lzi40Y8f1AR8=",
"owner": "NixOS",
"repo": "nix",
"rev": "d761dad79c79af17aa476a29749bd9d69747548f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.29-maintenance",
"repo": "nix",
"type": "github"
}
},
"nix-eval-jobs": {
"flake": false,
"locked": {
"lastModified": 1748211873,
"narHash": "sha256-AJ22q6yWc1hPkqssXMxQqD6QUeJ6hbx52xWHhKsmuP0=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "d9262e535e35454daebcebd434bdb9c1486bb998",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-eval-jobs",
"type": "github"
}
},
"nix-index-database": { "nix-index-database": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -383,11 +196,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748751003, "lastModified": 1728790083,
"narHash": "sha256-i4GZdKAK97S0ZMU3w4fqgEJr0cVywzqjugt2qZPrScs=", "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "2860bee699248d828c2ed9097a1cd82c2f991b43", "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -398,11 +211,11 @@
}, },
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1736643958, "lastModified": 1728781282,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", "rev": "16340f605f4e8e5cf07fd74dcbe692eee2d4f51b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -411,35 +224,6 @@
"type": "github" "type": "github"
} }
}, },
"nixos-cosmic": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
],
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1748776124,
"narHash": "sha256-vs2cMCHX9wnWJutXhQyWkWOpMF/Xbw0ZAUAFGsKLifA=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "e989a41092f6f0375e7afb789bc97cb30d01fdb8",
"type": "github"
},
"original": {
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"type": "github"
}
},
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
@ -448,11 +232,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747663185, "lastModified": 1728867876,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", "narHash": "sha256-NCyOA8WZNoojmXH+kBDrQj3LwvakYNzSc0h+LTXkmPE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", "rev": "fdf142111597f6c6283cf5ffe092b6293a3911d0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -463,11 +247,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1748634340, "lastModified": 1728729581,
"narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -483,14 +267,15 @@
], ],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"search": "search"
}, },
"locked": { "locked": {
"lastModified": 1748287559, "lastModified": 1728919967,
"narHash": "sha256-dvUE9HGwzEXyv6G7LuZFQCmRYFuXLJBO4+crCTxe5zs=", "narHash": "sha256-zQl8z8iagvrekF4tFK1au7mGH8x0zoGppo6geLPioQk=",
"owner": "SuperSandro2000", "owner": "SuperSandro2000",
"repo": "nixos-modules", "repo": "nixos-modules",
"rev": "9ae063877f8c5d42c39b739ae1d00f9657ad17f4", "rev": "1aba521c9cd2cd97490846ac83fd73ae84625c8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -501,77 +286,48 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1748762463, "lastModified": 1728492678,
"narHash": "sha256-rb8vudY2u0SgdWh83SAhM5QZT91ZOnvjOLGTO4pdGTc=", "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0d0bc640d371e9e8c9914c42951b3d6522bc5dda", "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-unstable-small", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1743296961, "lastModified": 1727825735,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
"owner": "nix-community", "type": "tarball",
"repo": "nixpkgs.lib", "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "type": "tarball",
"repo": "nixpkgs.lib", "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
"type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1748421225, "lastModified": 1728740863,
"narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=", "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "78add7b7abb61689e34fc23070a8f55e1d26185b", "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-24.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nur": {
"inputs": {
"flake-parts": [
"stylix",
"flake-parts"
],
"nixpkgs": [
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1746056780,
"narHash": "sha256-/emueQGaoT4vu0QjU9LDOG5roxRSfdY0K2KkxuzazcM=",
"owner": "nix-community",
"repo": "NUR",
"rev": "d476cd0972dd6242d76374fcc277e6735715c167",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -580,14 +336,17 @@
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
] ]
}, },
"locked": { "locked": {
"lastModified": 1747372754, "lastModified": 1728778939,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "narHash": "sha256-WybK5E3hpGxtCYtBwpRj1E9JoiVxe+8kX83snTNaFHE=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "rev": "ff68f91754be6f3427e4986d7949e6273659be1d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -598,15 +357,14 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"attic": "attic",
"firefox-addons": "firefox-addons", "firefox-addons": "firefox-addons",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"hydra": "hydra",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixos-cosmic": "nixos-cosmic",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules", "nixos-modules": "nixos-modules",
@ -615,8 +373,7 @@
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"rust-overlay": "rust-overlay", "rust-overlay": "rust-overlay",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"stylix": "stylix", "systems": "systems",
"systems": "systems_2",
"wired-notify": "wired-notify" "wired-notify": "wired-notify"
} }
}, },
@ -627,11 +384,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748746145, "lastModified": 1728959392,
"narHash": "sha256-bwkCAK9pOyI2Ww4Q4oO1Ynv7O9aZPrsIAMMASmhVGp4=", "narHash": "sha256-fp4he1QQjE+vasDMspZYeXrwTm9otwEqLwEN6FKZ5v0=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "12a0d94a2f2b06714f747ab97b2fa546f46b460c", "rev": "4c6e317300f05b8871f585b826b6f583e7dc4a9b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -640,18 +397,46 @@
"type": "github" "type": "github"
} }
}, },
"search": {
"inputs": {
"flake-utils": [
"nixos-modules",
"flake-utils"
],
"nixpkgs": [
"nixos-modules",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728423244,
"narHash": "sha256-+YwNsyIFj3dXyLVQd1ry4pCNmtOpbceKUrkNS8wp9Ho=",
"owner": "nuschtos",
"repo": "search",
"rev": "f276cc3b391493ba3a8b30170776860f9520b7fa",
"type": "github"
},
"original": {
"owner": "nuschtos",
"repo": "search",
"type": "github"
}
},
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
] ]
}, },
"locked": { "locked": {
"lastModified": 1747603214, "lastModified": 1728345710,
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -660,47 +445,6 @@
"type": "github" "type": "github"
} }
}, },
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": [
"flake-compat"
],
"flake-parts": "flake-parts_2",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
"nur": "nur",
"systems": "systems",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1748717073,
"narHash": "sha256-Yxo8A7BgNpRXTrB359LyfQ0NjJuiaLIS6sTTUCulEX0=",
"owner": "danth",
"repo": "stylix",
"rev": "64b9f2c2df31bb87bdd2360a2feb58c817b4d16c",
"type": "github"
},
"original": {
"owner": "danth",
"repo": "stylix",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -716,124 +460,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1735730497,
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1744974599,
"narHash": "sha256-Fg+rdGs5FAgfkYNCs74lnl8vkQmiZVdBsziyPhVqrlY=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "28c26a621123ad4ebd5bbfb34ab39421c0144bdd",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1745111349,
"narHash": "sha256-udV+nHdpqgkJI9D0mtvvAzbqubt9jdifS/KhTTbJ45w=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "e009f18a01182b63559fb28f1c786eb027c3dee9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1725758778,
"narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "122c9e5c0e6f27211361a04fae92df97940eccf9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"wired-notify": { "wired-notify": {
"inputs": { "inputs": {
"flake-parts": [ "flake-parts": [
@ -847,11 +473,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1743305055, "lastModified": 1727849733,
"narHash": "sha256-NIsi8Dno9YsOLUUTrLU4p+hxYeJr3Vkg1gIpQKVTaDs=", "narHash": "sha256-mqxs/nyzOEKiBHa94OtcOLYBXd65P8tO4DUVTHWHn6o=",
"owner": "Toqozz", "owner": "Toqozz",
"repo": "wired-notify", "repo": "wired-notify",
"rev": "75d43f54a02b15f2a15f5c1a0e1c7d15100067a6", "rev": "a1f6965737754e7424f9468f6befef885a9ee0ad",
"type": "github" "type": "github"
}, },
"original": { "original": {

66
flake.nix
View File

@ -5,42 +5,42 @@
substituters = [ substituters = [
"https://cache.nixos.org/?priority=1&want-mass-query=true" "https://cache.nixos.org/?priority=1&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
"https://attic.nayeonie.com/nix-cache"
"https://cosmic.cachix.org/"
]; ];
trusted-substituters = [ trusted-substituters = [
"https://cache.nixos.org" "https://cache.nixos.org"
"https://attic.alicehuston.xyz/cache-nix-dot"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://attic.nayeonie.com/nix-cache"
"https://cosmic.cachix.org/"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-cache:grGRsHhqNDhkEuTODvHJXYmoCClntC+U8XAJQzwMaZM="
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
]; ];
trusted-users = [ "root" ]; trusted-users = [ "root" ];
allow-import-from-derivation = true;
fallback = true;
}; };
inputs = { inputs = {
# flake inputs with no explicit deps (in alphabetic order)
flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
#nixpkgs.url = "github:nuschtos/nuschtpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
#nixpkgs.url = "github:nixos/nixpkgs/1d2fe0135f360c970aee1d57a53f816f3c9bddae?narHash=sha256-Up7YlXIupmT7fEtC4Oj676M91INg0HAoamiswAsA3rc%3D";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
# flake inputs with dependencies (in alphabetic order) attic = {
url = "github:zhaofengli/attic";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
flake-compat.follows = "flake-compat";
flake-parts.follows = "flake-parts";
};
};
firefox-addons = { firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
}; };
}; };
@ -54,13 +54,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hydra = {
url = "git+https://nayeonie.com/ahuston-0/hydra?ref=add-gitea-pulls";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
hyprland-contrib = { hyprland-contrib = {
url = "github:hyprwm/contrib"; url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -71,16 +64,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-cosmic = {
url = "github:lilyinstarlight/nixos-cosmic";
inputs = {
flake-compat.follows = "flake-compat";
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
rust-overlay.follows = "rust-overlay";
};
};
nixos-generators = { nixos-generators = {
url = "github:nix-community/nixos-generators"; url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -98,6 +81,7 @@
url = "github:cachix/git-hooks.nix"; url = "github:cachix/git-hooks.nix";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
flake-compat.follows = "flake-compat"; flake-compat.follows = "flake-compat";
}; };
}; };
@ -113,15 +97,7 @@
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
}; nixpkgs-stable.follows = "nixpkgs-stable";
};
stylix = {
url = "github:danth/stylix";
inputs = {
flake-compat.follows = "flake-compat";
home-manager.follows = "home-manager";
nixpkgs.follows = "nixpkgs";
}; };
}; };
@ -141,7 +117,7 @@
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
# disable arm for now as hydra isn't set up for it # disable arm for now as hydra isn't set up for it
# "aarch64-linuxa # "aarch64-linux"
]; ];
forEachSystem = lib.genAttrs systems; forEachSystem = lib.genAttrs systems;
@ -157,13 +133,13 @@
lib = self; lib = self;
} }
); );
inherit (lib.adev.systems) genSystems getImages; inherit (lib.rad-dev.systems) genSystems getImages;
inherit (self) outputs; # for hydra inherit (self) outputs; # for hydra
in in
rec { rec {
inherit lib; # for allowing use of custom functions in nix repl inherit lib; # for allowing use of custom functions in nix repl
hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; }; #hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
nixosConfigurations = genSystems inputs outputs src (src + "/systems"); nixosConfigurations = genSystems inputs outputs src (src + "/systems");
@ -173,10 +149,6 @@
qcow = getImages nixosConfigurations "qcow"; qcow = getImages nixosConfigurations "qcow";
}; };
packages.x86_64-linux.lego-latest =
nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/lego-latest/default.nix
{ };
checks = import ./checks.nix { inherit inputs forEachSystem formatter; }; checks = import ./checks.nix { inherit inputs forEachSystem formatter; };
devShells = import ./shell.nix { inherit inputs forEachSystem checks; }; devShells = import ./shell.nix { inherit inputs forEachSystem checks; };

13
hydra/jobsets.nix
View File

@ -19,6 +19,7 @@ let
prs = readJSONFile pulls; prs = readJSONFile pulls;
refs = readJSONFile branches; refs = readJSONFile branches;
repo = "RAD-Development/nix-dotfiles";
# template for creating a job # template for creating a job
makeJob = makeJob =
@ -27,7 +28,6 @@ let
keepnr ? 3, keepnr ? 3,
description, description,
flake, flake,
enabled ? 1,
}: }:
{ {
inherit inherit
@ -35,8 +35,8 @@ let
flake flake
schedulingshares schedulingshares
keepnr keepnr
enabled
; ;
enabled = 1;
type = 1; type = 1;
hidden = false; hidden = false;
checkinterval = 300; # every 5 minutes checkinterval = 300; # every 5 minutes
@ -44,9 +44,7 @@ let
emailoverride = ""; emailoverride = "";
}; };
giteaHost = "ssh://gitea@nayeonie.com:2222"; # Create a hydra job for a branch
repo = "ahuston-0/nix-dotfiles";
# # Create a hydra job for a branch
jobOfRef = jobOfRef =
name: name:
{ ref, ... }: { ref, ... }:
@ -57,7 +55,7 @@ let
name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}"; name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}";
value = makeJob { value = makeJob {
description = "Branch ${name}"; description = "Branch ${name}";
flake = "git+${giteaHost}/${repo}?ref=${ref}"; flake = "git+ssh://git@github.com/${repo}?ref=${ref}";
}; };
}; };
@ -66,8 +64,7 @@ let
name = if info.draft then "draft-${id}" else "pr-${id}"; name = if info.draft then "draft-${id}" else "pr-${id}";
value = makeJob { value = makeJob {
description = "PR ${id}: ${info.title}"; description = "PR ${id}: ${info.title}";
flake = "git+${giteaHost}/${repo}?ref=${info.head.ref}"; flake = "git+ssh://git@github.com/${info.head.repo.full_name}?ref=${info.head.ref}";
enabled = info.state == "open";
}; };
}; };

12
hydra/spec.json
View File

@ -1,7 +1,7 @@
{ {
"enabled": 1, "enabled": 1,
"hidden": false, "hidden": false,
"description": "ahuston-0's personal server infra", "description": "RAD Development infrastructure",
"nixexprinput": "nixexpr", "nixexprinput": "nixexpr",
"nixexprpath": "hydra/jobsets.nix", "nixexprpath": "hydra/jobsets.nix",
"checkinterval": 60, "checkinterval": 60,
@ -12,7 +12,7 @@
"type": 0, "type": 0,
"inputs": { "inputs": {
"nixexpr": { "nixexpr": {
"value": "ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git main", "value": "https://github.com/RAD-Development/nix-dotfiles main",
"type": "git", "type": "git",
"emailresponsible": false "emailresponsible": false
}, },
@ -22,13 +22,13 @@
"emailresponsible": false "emailresponsible": false
}, },
"pulls": { "pulls": {
"type": "giteapulls", "type": "githubpulls",
"value": "nayeonie.com ahuston-0 nix-dotfiles https", "value": "RAD-Development nix-dotfiles",
"emailresponsible": false "emailresponsible": false
}, },
"branches": { "branches": {
"type": "gitea_refs", "type": "github_refs",
"value": "nayeonie.com ahuston-0 nix-dotfiles heads https -", "value": "RAD-Development nix-dotfiles heads -",
"emailresponsible": false "emailresponsible": false
} }
} }

43
lib/container-utils.nix
View File

@ -1,43 +0,0 @@
{ lib, ... }:
{
# Given a attrset of images and a function which generates an image spec,
# generates a set of containers (although this could in theory be used for
# other things... I'd like to see people try)
#
# container set must be in the below format
# { container-name = {image = "image-uri"; scale = n;}; }
# where image-uri gets passed in to the container-spec function as a custom
# parameter, and scale is an integer that generates the containers
#
# container-spec must be a function which accepts two parameter (the
# container name and image name) and ideally returns an oci-compliant
# container.
#
# args:
# containers: an AttrSet which specifies the imageUri and scale of each
# container
# container-spec: a function which produces an oci-compliant container spec
#
# type:
# AttrSet -> (String -> AttrSet -> AttrSet) -> AttrSet
createTemplatedContainers =
containers: container-spec:
builtins.listToAttrs (
lib.flatten (
lib.mapAttrsToList (
name: value:
(map (
num:
let
container-name = "${name}-${toString num}";
in
{
name = container-name;
value = container-spec container-name value.image;
}
) (lib.lists.range 1 value.scale))
) containers
)
);
}

21
lib/default.nix
View File

@ -1,9 +1,8 @@
{ lib, ... }: { lib, ... }:
{ {
# create adev namespace for lib # create rad-dev namespace for lib
adev = rec { rad-dev = rec {
systems = import ./systems.nix { inherit lib; }; systems = import ./systems.nix { inherit lib; };
container-utils = import ./container-utils.nix { inherit lib; };
# any(), but checks if any value in the list is true # any(), but checks if any value in the list is true
# #
@ -57,21 +56,5 @@
# type: # type:
# fileList :: Path -> String -> [Path] # fileList :: Path -> String -> [Path]
fileList = dir: map (file: dir + "/${file}") (ls dir); fileList = dir: map (file: dir + "/${file}") (ls dir);
# reduce an attribute set to a string
#
# example:
# given attrset {host1 = "palatine-hill"; host2 = "jeeves";}
# and func (host: hostname: host + " is " + hostname + ", " )
# mapAttrsToString would return 'host1 is palatine-hill, host2 is jeeves, '
#
# args:
# func: an function to apply to attrSet to turn each entry into one string
# attrSet: an attribute set to reduce
#
# type:
# mapAttrsToString :: AttrSet -> (String -> Any -> String) -> String
mapAttrsToString =
func: attrSet: (lib.foldl' (cur: next: cur + next) "" (lib.mapAttrsToList func attrSet));
}; };
} }

4
lib/systems.nix
View File

@ -176,7 +176,7 @@ rec {
(configPath + "/configuration.nix") (configPath + "/configuration.nix")
] ]
++ modules ++ modules
++ (lib.adev.fileList (src + "/modules")) ++ (lib.rad-dev.fileList (src + "/modules"))
++ genWrapper sops genSops args ++ genWrapper sops genSops args
++ genWrapper home genHome args ++ genWrapper home genHome args
++ genWrapper true genUsers args ++ genWrapper true genUsers args
@ -222,7 +222,7 @@ rec {
// import configPath { inherit inputs; } // import configPath { inherit inputs; }
); );
} }
) (lib.adev.lsdir path) ) (lib.rad-dev.lsdir path)
); );
# gets all the images of a specified format # gets all the images of a specified format

2
modules/autopull.nix
View File

@ -61,7 +61,7 @@ in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
environment.systemPackages = environment.systemPackages =
[ pkgs.git ] [ pkgs.git ]
++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [ ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.rad-dev.mapGetAttr "ssh-key" repos)) [
pkgs.openssh pkgs.openssh
]; ];

2
modules/base.nix
View File

@ -15,7 +15,7 @@
programs = { programs = {
zsh.enable = true; zsh.enable = true;
fish.enable = false; fish.enable = true;
}; };
users = { users = {

1
modules/boot.nix
View File

@ -35,6 +35,7 @@ in
config.boot = lib.mkIf cfg.default { config.boot = lib.mkIf cfg.default {
supportedFilesystems = [ cfg.filesystem ]; supportedFilesystems = [ cfg.filesystem ];
tmp.useTmpfs = true; tmp.useTmpfs = true;
kernelPackages = pkgs.linuxPackages_6_10;
kernelParams = kernelParams =
[ "nordrand" ] [ "nordrand" ]
++ lib.optional (cfg.cpuType == "amd") "kvm-amd" ++ lib.optional (cfg.cpuType == "amd") "kvm-amd"

7
modules/docker.nix
View File

@ -7,14 +7,9 @@
extraGroups = [ "docker" ]; extraGroups = [ "docker" ];
uid = 600; uid = 600;
}; };
groups = { groups.docker-service = {
docker-service = {
gid = 600; gid = 600;
}; };
haproxy = {
gid = 99;
};
};
}; };
virtualisation.docker = { virtualisation.docker = {

4
modules/kub_net.nix
View File

@ -1,10 +1,10 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.services.adev.k3s-net; cfg = config.services.rad-dev.k3s-net;
in in
{ {
options = { options = {
services.adev.k3s-net = { services.rad-dev.k3s-net = {
enable = lib.mkOption { enable = lib.mkOption {
default = false; default = false;
example = true; example = true;

5
modules/locale.nix
View File

@ -4,9 +4,8 @@
console.keyMap = lib.mkDefault "us"; console.keyMap = lib.mkDefault "us";
i18n = { i18n = {
defaultLocale = lib.mkDefault "en_US.UTF-8"; defaultLocale = lib.mkDefault "en_US.utf8";
defaultCharset = "UTF-8"; supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
#extraLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
extraLocaleSettings = lib.mkDefault { extraLocaleSettings = lib.mkDefault {
LC_ADDRESS = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";

2
modules/plocate.nix
View File

@ -3,7 +3,7 @@
{ {
services.locate = { services.locate = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
# localuser = lib.mkDefault null; localuser = lib.mkDefault null;
package = lib.mkDefault pkgs.plocate; package = lib.mkDefault pkgs.plocate;
}; };
} }

25
modules/update.nix
View File

@ -1,34 +1,19 @@
{ lib, ... }: { lib, ... }:
{ {
services.autopull = { services.autopull = {
enable = lib.mkDefault true; enable = lib.mkDefault false;
repo.dotfiles = { repo.dotfiles = {
enable = lib.mkDefault true; enable = lib.mkDefault false;
ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_giteadeploy"; ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy";
path = lib.mkDefault /root/dotfiles; path = lib.mkDefault /root/dotfiles;
}; };
}; };
system.autoUpgrade = { system.autoUpgrade = {
enable = lib.mkDefault true; enable = lib.mkDefault false;
flags = [ "--accept-flake-config" ]; flags = [ "--accept-flake-config" ];
randomizedDelaySec = "1h"; randomizedDelaySec = "1h";
persistent = true; persistent = true;
flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git"; flake = "github:RAD-Development/nix-dotfiles";
};
services.nix-verify = {
daily = {
enable = true;
verify-contents = false;
verify-trust = false;
};
weekly = {
enable = true;
verify-contents = true;
verify-trust = false;
frequency = "1week";
randomized-delay-sec = "6hour";
};
}; };
} }

11
modules/users.nix
View File

@ -1,11 +0,0 @@
{
...
}:
{
users.groups = {
users = {
gid = 100;
};
};
}

110
modules/verify.nix
View File

@ -1,110 +0,0 @@
{
config,
lib,
...
}:
let
cfg = config.services.nix-verify;
verify-type =
with lib.types;
attrsOf (
submodule (
{ name, ... }:
{
options = {
enable = lib.mkEnableOption "verify status of nix store";
service-name = lib.mkOption {
type = lib.types.str;
description = "the name of the systemd service. ${name} by default";
default = name;
};
verify-contents = lib.mkEnableOption "verify contents of nix store";
verify-trust = lib.mkEnableOption "verify if each path is trusted";
signatures-needed = lib.mkOption {
type = lib.types.int;
description = "number of signatures needed when verifying trust. Not needed if verify-trust is disabled or not set.";
default = -1;
};
frequency = lib.mkOption {
type = lib.types.str;
description = "systemd-timer compatible time between pulls";
default = "1day";
};
randomized-delay-sec = lib.mkOption {
type = lib.types.str;
description = "systemd-timer compatible time randomized delay";
default = "0";
};
};
}
)
);
in
{
options = {
services.nix-verify = lib.mkOption {
type = verify-type;
default = { };
};
};
config =
let
verifiers = lib.filterAttrs (_: { enable, ... }: enable) cfg;
in
{
systemd.services = lib.mapAttrs' (
_:
{
service-name,
verify-contents,
verify-trust,
signatures-needed,
...
}:
lib.nameValuePair "nix-verifiers@${service-name}" {
requires = [ "multi-user.target" ];
after = [ "multi-user.target" ];
description =
"Verify nix store (verify-contents: ${lib.boolToString verify-contents}, verify-trust: "
+ "${lib.boolToString verify-trust}, signatures-needed: ${builtins.toString signatures-needed})";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart =
"${config.nix.package}/bin/nix store verify --all "
+ lib.optionalString (!verify-contents) "--no-contents "
+ lib.optionalString (!verify-trust) "--no-trust "
+ lib.optionalString (signatures-needed >= 0) "--sigs-needed ${signatures-needed}";
};
}
) verifiers;
systemd.timers = lib.mapAttrs' (
_:
{
service-name,
frequency,
randomized-delay-sec,
...
}:
lib.nameValuePair "nix-verifiers@${service-name}" {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = frequency;
OnUnitActiveSec = frequency;
RandomizedDelaySec = randomized-delay-sec;
Unit = "nix-verifiers@${service-name}.service";
};
}
) verifiers;
};
}

4
modules/yubikey.nix
View File

@ -5,11 +5,11 @@
... ...
}: }:
let let
cfg = config.services.adev.yubikey; cfg = config.services.rad-dev.yubikey;
in in
{ {
options = { options = {
services.adev.yubikey = { services.rad-dev.yubikey = {
enable = lib.mkEnableOption "enable yubikey defaults"; enable = lib.mkEnableOption "enable yubikey defaults";
enable-desktop-app = lib.mkEnableOption "installs desktop application"; enable-desktop-app = lib.mkEnableOption "installs desktop application";
}; };

39
pkgs/lego-latest/default.nix
View File

@ -1,39 +0,0 @@
{
lib,
fetchFromGitHub,
buildGoModule,
}:
buildGoModule rec {
pname = "lego";
version = "4.21.0";
src = fetchFromGitHub {
owner = "go-acme";
repo = pname;
rev = "v${version}";
hash = "sha256-3dSvQfkBNh8Bt10nv4xGplv4iY3gWvDu2EDN6UovSdc=";
};
vendorHash = "sha256-teA6fnKl4ATePOYL/zuemyiVy9jgsxikqmuQJwwA8wE=";
doCheck = false;
subPackages = [ "cmd/lego" ];
ldflags = [
"-s"
"-w"
"-X main.version=${version}"
];
meta = with lib; {
description = "Let's Encrypt client and ACME library written in Go";
license = licenses.mit;
homepage = "https://go-acme.github.io/lego/";
maintainers = teams.acme.members;
mainProgram = "lego";
};
#passthru.tests.lego = nixosTests.acme;
}

8
shell.nix
View File

@ -38,17 +38,13 @@ forEachSystem (
}; };
# constructs a custom shell with commonly used utilities # constructs a custom shell with commonly used utilities
adev = pkgs.mkShell { rad-dev = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
deadnix deadnix
pre-commit pre-commit
treefmt treefmt
statix statix
nixfmt-rfc-style nixfmt-rfc-style
jsonfmt
mdformat
shfmt
yamlfmt
]; ];
}; };
in in
@ -56,7 +52,7 @@ forEachSystem (
default = pkgs.mkShell { default = pkgs.mkShell {
inputsFrom = [ inputsFrom = [
pre-commit pre-commit
adev rad-dev
sops sops
]; ];
}; };

17
utils/sops-mergetool.sh → sops-mergetool.sh
View File

@ -1,27 +1,17 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Exit on first error and verify variables have been set/passed via CLI # Exit on first error and verify variables have been set/passed via CLI
#set -eu set -eu
set -v
set -x
# Rename our variables to friendlier equivalents # Rename our variables to friendlier equivalents
# https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver # https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver
base="$1" base="$1"; local_="$2"; remote="$3"; merged="$4"
local_="$2"
remote="$3"
merged="$4"
echo "$base"
echo "$local_"
echo "$remote"
echo "$merged"
# Resolve our default mergetool # Resolve our default mergetool
# https://github.com/git/git/blob/v2.8.2/git-mergetool--lib.sh#L3 # https://github.com/git/git/blob/v2.8.2/git-mergetool--lib.sh#L3
mergetool="$(git config --get merge.tool)" mergetool="$(git config --get merge.tool)"
GIT_DIR="$(git --exec-path)" GIT_DIR="$(git --exec-path)"
if test "$mergetool" = ""; then if test "$mergetool" = ""; then
echo 'No default `merge.tool` was set for `git`. Please set one via `git config --set merge.tool <tool>`' 1>&2 echo "No default \`merge.tool\` was set for \`git\`. Please set one via \`git config --set merge.tool <tool>\`" 1>&2
exit 1 exit 1
fi fi
@ -86,3 +76,4 @@ set -eu
# Re-encrypt content # Re-encrypt content
sops --encrypt "$merged_decrypted" > "$merged" sops --encrypt "$merged_decrypted" > "$merged"

2
statix.toml
View File

@ -1,4 +1,4 @@
disabled = ["empty_pattern"] disabled = ["empty_pattern"]
nix_version = '2.25' nix_version = '2.23'
ignore = ['.direnv'] ignore = ['.direnv']

438
systems/artemision/ao3_skins/happy_17th.css
View File

@ -1,438 +0,0 @@
#footer .group,
.post fieldset fieldset,
fieldset fieldset {
background: none;
}
#header {
background: #000 url('https://media.archiveofourown.org/news/milestones/2024-08-seventeen-years-otw/2024-08-seventeen-years-otw-pattern.jpg');
background-size: 350px;
}
#header .heading a,
#header .primary .dropdown a:focus,
#header .heading a:visited,
#main .pagination .current,
h2 {
color: #ffe8b4;
}
#header .clear,
#footer {
border-color: #191919;
}
#header .actions a[href="/menu/fandoms"],
#header .actions a[href="/menu/browse"],
#header .actions a[href="/menu/search"],
#header .actions a[href="/menu/about"] {
color: #fff;
}
#footer ul {
background: url('https://live.staticflickr.com/7284/9616997915_4194b6c6f7_h.jpg');
background-size: 350px;
}
#footer ul li:nth-child(1) ul,
#footer ul li:nth-child(2) ul,
#footer ul li:nth-child(3) ul,
#footer ul li:nth-child(4) ul {
background: rgba(0, 0, 0, 0.0);
}
#header .primary {
background: #8a1a10;
}
#footer {
background: #8a1a10;
}
input[type="text"],
textarea,
select {
background: #222;
color: #fff;
}
select:focus {
background: #2a2a2a;
}
option {
background: #555;
color: #fff;
}
#work form fieldset.work.meta dl dd.warning.required fieldset,
#main form fieldset.work.meta dl dd.warning.required fieldset {
color: #fff;
}
#bookmark-form form {
background: #2a2a2a;
color: #fff;
}
#error {
color: #191919;
}
fieldset,
.verbose fieldset {
border-color: #404040;
background: #191919;
border: 1px solid #595959;
}
.search [role=tooltip] {
background: #333;
border: 1px solid #666;
}
#main a:visited {
color: #ccc;
}
#main a.tag:visited:hover {
color: #111;
}
body,
.group,
.group .group,
.region,
.flash,
form dl,
#main .verbose legend,
.notice,
ul.notes,
table,
th,
td:hover,
tr:hover,
.symbol .question:hover,
#modal,
.ui-sortable li,
.required .autocomplete,
.autocomplete .notice,
.system .intro,
.comment_error,
.kudos_error,
div.dynamic,
.dynamic form,
#ui-datepicker-div,
.ui-datepicker table {
background: #191919;
color: #eee;
border-color: #222;
outline: #111;
box-shadow: none;
}
#header .actions a:hover,
#header .actions a:focus,
#header .dropdown:hover a,
#header .open a,
#header .menu,
#small_login,
.group.listbox,
fieldset fieldset.listbox,
.listbox,
form blockquote.userstuff,
input:focus,
textarea:focus,
li.relationships a,
.group.listbox .index,
.dashboard fieldset fieldset.listbox .index,
#dashboard a:hover,
th,
#dashboard .secondary,
.secondary,
.thread .even,
.system .tweet_list li,
.ui-datepicker tr:hover {
background: #2A2A2A;
}
a,
a.tag,
a:link,
#header a:visited,
#header .primary .open a,
#header .primary .dropdown:hover a,
#header #search input:focus,
#header #search input:hover,
.userstuff h2,
#dashboard a,
#dashboard span,
#dashboard .current,
.group .heading,
.filters dt a:hover {
color: #fff;
}
#header .dropdown .menu a:hover,
#header .dropdown .menu a:focus,
.splash .favorite li:nth-of-type(odd) a,
.ui-datepicker td:hover,
#tos_prompt .heading,
#tos_prompt [disabled] {
background: #111;
color: #ffe8b4;
}
#outer,
.javascript,
.statistics .index li:nth-of-type(even),
#tos_prompt,
.announcement input[type="submit"] {
background: #191919;
}
#dashboard ul,
dl.meta,
.group.listbox,
fieldset fieldset.listbox,
#main li.blurb,
form blockquote.userstuff,
div.comment,
li.comment,
.toggled form,
form dl dt,
form.single fieldset,
#inner .module .heading,
.bookmark .status span,
.splash .news li,
.filters .group dt.bookmarker {
border-color: #555;
}
.group.listbox,
fieldset fieldset.listbox,
#main li.blurb,
.wrapper,
#dashboard .secondary,
.secondary,
form blockquote.userstuff,
.thread .comment,
.toggled form {
box-shadow: 1px 1px 3px #000;
}
#dashboard .current,
.actions a:active,
a.current,
.current a:visited,
span.unread,
.replied,
span.claimed,
dl.index dd,
.own,
.draft,
.draft .unread,
.child,
.unwrangled,
.unreviewed,
.ui-sortable li:hover {
background: #000;
border-color: #555;
box-shadow: -1px -1px 3px #000;
}
input,
textarea {
box-shadow: inset 0 1px 2px #000;
}
li.blurb,
.blurb .blurb,
.listbox .index,
fieldset fieldset.listbox,
.dashboard .listbox .index {
box-shadow: inset 1px 1px 3px #000;
}
#footer a:hover,
#footer a:focus,
.autocomplete .dropdown ul li:hover,
.autocomplete .dropdown li.selected,
a.tag:hover,
.listbox .heading a.tag:visited:hover,
.symbol .question {
background: #ffedc5;
border-color: #988352;
color: #111;
}
#header #greeting img,
#header .user a:hover,
#header .user a:focus,
#header fieldset,
#header form,
#header p,
#dashboard a:hover,
.actions a:hover,
.actions input:hover,
.delete a,
span.delete,
span.unread,
.replied,
span.claimed,
.draggable,
.droppable,
span.requested,
a.work,
.blurb h4 a:link,
.blurb h4 img,
.splash .module h3,
.splash .browse li a:before,
.required,
.error,
.comment_error,
.kudos_error,
a.cloud7,
a.cloud8,
#tos_prompt .heading {
color: #ffe8b4;
}
#greeting .icon,
#dashboard,
#dashboard.own,
.error,
.comment_error,
.kudos_error,
.LV_invalid,
.LV_invalid_field,
input.LV_invalid_field:hover,
input.LV_invalid_field:active,
textarea.LV_invalid_field:hover,
textarea.LV_invalid_field:active,
.qtip-content {
border-color: #8a1a10;
}
.splash .favorite li:nth-of-type(odd) a:hover,
.splash .favorite li:nth-of-type(odd) a:focus .splash .favorite li:nth-of-type(odd) a:visited:hover,
.splash .favorite li:nth-of-type(odd) a:visited:focus {
background: #ffe8b4;
color: #111;
}
a:visited,
.actions a:visited,
.action a:link,
.action a:visited,
.listbox .heading a:visited,
span.series .divider {
color: #999;
}
.actions a,
.actions a:link,
.action,
.action:link,
.actions input,
input[type="submit"],
button,
.current,
.actions label,
#header .actions a,
#outer .current {
background: #555;
border-color: #222;
color: #eee;
box-shadow: inset 0 -8px 4px #232323, inset 0 8px 7px #555;
text-shadow: none;
}
.actions a:hover,
.actions input:hover,
#dashboard a:hover,
.actions a:focus,
.actions input:focus,
#dashboard a:focus,
.actions .disabled select {
color: #999;
border-color: #000;
box-shadow: inset 2px 2px 2px #000;
}
.actions a:active,
.current,
a.current,
.current a:visited {
color: #fff;
background: #555;
border-color: #fff;
box-shadow: inset 1px 1px 3px #191919;
}
.delete a,
span.delete {
box-shadow: -1px -1px 2px rgba(255,255,255.25);
}
.actions label.disabled {
background: #222;
box-shadow: none;
}
ul.required-tags,
.bookmark .status span,
.blurb .icon {
opacity: 0.9;
border: 0;
}
#outer .group .heading,
#header .actions a,
fieldset.listbox .heading,
.userstuff .heading {
text-shadow: none;
color: #fff;
background: none;
}
#header .actions a,
fieldset fieldset,
.mce-container button,
.filters .expander,
.actions .disabled select {
box-shadow: none;
}
fieldset fieldset.listbox {
outline: none;
}
form dd.required {
color: #eee;
}
.mce-container input:focus {
background: #F3EFEC;
}
.announcement .userstuff a,
.announcement .userstuff a:link,
.announcement .userstuff a:visited:hover {
color: #111;
}
.announcement .userstuff a:visited {
color: #666;
}
.announcement .userstuff a:hover,
.announcement .userstuff a:focus {
color: #999;
}
.event.announcement .userstuff a,
.filters .expander {
color: #eee;
}

68
systems/artemision/configuration.nix
View File

@ -6,18 +6,17 @@
}: }:
{ {
imports = [ imports = [
./audio.nix
./desktop.nix
./fingerprint.nix
./fonts.nix
./graphics.nix
./libvirt.nix
./polkit.nix
./programs.nix ./programs.nix
./steam.nix ./desktop.nix
./stylix.nix
./wifi.nix ./wifi.nix
./zerotier.nix ./zerotier.nix
./fonts.nix
./polkit.nix
./audio.nix
./fingerprint.nix
./steam.nix
./graphics.nix
./libvirt.nix
]; ];
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
@ -32,15 +31,19 @@
}; };
boot = { boot = {
#kernelPackages = lib.mkForce pkgs.linuxPackages_6_6; kernelPackages = lib.mkForce pkgs.linuxPackages_zen;
useSystemdBoot = true; useSystemdBoot = true;
default = true; default = true;
}; };
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = { services = {
flatpak.enable = true;
calibre-web = { calibre-web = {
enable = true; enable = true;
listen = { listen = {
@ -60,18 +63,28 @@
fwupd = { fwupd = {
enable = true; enable = true;
# package = package =
# (import (builtins.fetchTarball { (import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz"; url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
# sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk"; sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
# }) { inherit (pkgs) system; }).fwupd; }) { inherit (pkgs) system; }).fwupd;
}; };
mullvad-vpn.enable = true;
fprintd.enable = lib.mkForce false; fprintd.enable = lib.mkForce false;
openssh.enable = lib.mkForce false; openssh.enable = lib.mkForce false;
adev.yubikey = { spotifyd = {
enable = true;
settings = {
global = {
username = "snowinginwonderland@gmail.com";
password_cmd = "cat ${config.sops.secrets."apps/spotify".path}";
use_mpris = false;
};
};
#systemd.services.spotifyd.serviceConfig = systemd.services.spotifyd.
};
rad-dev.yubikey = {
enable = true; enable = true;
enable-desktop-app = true; enable-desktop-app = true;
}; };
@ -79,22 +92,19 @@
users.users.alice.extraGroups = [ "calibre-web" ]; users.users.alice.extraGroups = [ "calibre-web" ];
system.autoUpgrade.enable = false;
system.stateVersion = "24.05"; system.stateVersion = "24.05";
programs.adb.enable = true; programs.adb.enable = true;
environment.variables = {
"KWIN_DRM_NO_DIRECT_SCANOUT" = "1";
};
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
#secrets = { secrets = {
# "apps/spotify" = { "apps/spotify" = {
# group = "audio"; group = "audio";
# restartUnits = [ "spotifyd.service" ]; restartUnits = [ "spotifyd.service" ];
# mode = "0440"; mode = "0440";
# }; };
#}; };
}; };
} }

1
systems/artemision/default.nix
View File

@ -7,7 +7,6 @@
users = [ "alice" ]; users = [ "alice" ];
modules = [ modules = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd inputs.nixos-hardware.nixosModules.framework-16-7040-amd
inputs.stylix.nixosModules.stylix
{ {
environment.systemPackages = [ environment.systemPackages = [
inputs.wired-notify.packages.x86_64-linux.default inputs.wired-notify.packages.x86_64-linux.default

19
systems/artemision/desktop.nix
View File

@ -7,9 +7,7 @@
hyprland = { hyprland = {
enable = true; enable = true;
xwayland.enable = true; xwayland.enable = true;
withUWSM = true;
}; };
hyprlock.enable = true;
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
#pinentryPackage = pkgs.pinentry-rofi; #pinentryPackage = pkgs.pinentry-rofi;
@ -32,10 +30,23 @@
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";
services = { services = {
xserver = {
enable = true;
displayManager.session = [
{
manage = "desktop";
name = "hyprland";
start = ''
bash ${./hypr/wrappedhl} &
waitPID=$!
'';
}
];
displayManager.gdm = { displayManager.gdm = {
enable = true; enable = true;
wayland = true; wayland = true;
}; };
};
dbus = { dbus = {
enable = true; enable = true;
@ -43,10 +54,6 @@
}; };
}; };
powerManagement = {
enable = true;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
libsForQt5.qt5.qtwayland libsForQt5.qt5.qtwayland
qt6.qtwayland qt6.qtwayland

18
systems/artemision/fonts.nix
View File

@ -3,13 +3,17 @@
fonts = { fonts = {
fontconfig.enable = true; fontconfig.enable = true;
enableDefaultPackages = true; enableDefaultPackages = true;
packages = with pkgs.nerd-fonts; [ packages = with pkgs; [
fira-code (nerdfonts.override {
droid-sans-mono fonts = [
hack "FiraCode"
dejavu-sans-mono "DroidSansMono"
noto "Hack"
open-dyslexic "DejaVuSansMono"
"Noto"
"OpenDyslexic"
];
})
]; ];
}; };
} }

2
systems/artemision/hardware.nix
View File

@ -86,7 +86,7 @@
}; };
}; };
swapDevices = [ { device = "/dev/disk/by-uuid/3ec276b5-9088-45b0-9cb4-60812f2d1a73"; } ]; swapDevices = [ { device = "/dev/disk/by-uuid/7f0dba0f-d04e-4c94-9fba-1d0811673df1"; } ];
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
"nixos-pv" = { "nixos-pv" = {

19
systems/artemision/private-wifi.nix
View File

@ -1,19 +0,0 @@
{ ... }:
{
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
"192.168.76.1"
];
services.resolved = {
enable = true;
dnssec = "false";
domains = [ "~." ];
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
dnsovertls = "true";
};
}

24
systems/artemision/programs.nix
View File

@ -3,7 +3,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
act act
alacritty alacritty
attic-client
amdgpu_top amdgpu_top
bat bat
bitwarden-cli bitwarden-cli
@ -13,12 +12,12 @@
calibre calibre
# calibre dedrm? # calibre dedrm?
candy-icons candy-icons
chromium nemo-with-extensions
chromedriver
croc croc
deadnix deadnix
direnv direnv
easyeffects discord
discord-canary
eza eza
fanficfare fanficfare
ferium ferium
@ -30,29 +29,25 @@
glances glances
gpu-viewer gpu-viewer
grim grim
helvum
htop htop
hwloc hwloc
ipmiview ipmiview
iperf3 iperf3
# ipscan ipscan
jp2a jp2a
jq jq
kdePackages.kdenlive kdenlive
kitty kitty
kubectl kubectl
kubernetes-helm kubernetes-helm
libreoffice-fresh
libtool libtool
lsof lsof
lynis lynis
masterpdfeditor4 masterpdfeditor4
minikube minikube
mons mons
mpv
# nbt explorer? # nbt explorer?
ncdu ncdu
nemo-with-extensions
neofetch neofetch
neovim neovim
nix-init nix-init
@ -62,7 +57,6 @@
nixpkgs-fmt nixpkgs-fmt
nmap nmap
obs-studio obs-studio
obsidian
ocrmypdf ocrmypdf
pciutils pciutils
#disabled until wxpython compat with python3.12 #disabled until wxpython compat with python3.12
@ -70,14 +64,12 @@
prismlauncher prismlauncher
protonmail-bridge protonmail-bridge
protontricks protontricks
proxychains
qrencode qrencode
redshift redshift
restic restic
ripgrep ripgrep
rpi-imager rpi-imager
rofi-wayland rofi-wayland
samba
signal-desktop signal-desktop
# signal in tray? # signal in tray?
siji siji
@ -97,16 +89,18 @@
tig tig
tokei tokei
tree tree
unipicker
unzip unzip
unipicker
uutils-coreutils-noprefix uutils-coreutils-noprefix
ventoy
vscode vscode
watchman watchman
wget wget
wl-clipboard wl-clipboard
yq xboxdrv
yt-dlp yt-dlp
zoom-us zoom-us
zoxide zoxide
zoom
]; ];
} }

56
systems/artemision/secrets.yaml
View File

@ -1,42 +1,46 @@
hello: ENC[AES256_GCM,data:BTCBuBxHFO8vwXU/bsAZryM5rXUOEi0brlvq6DtqfZbzxGz4LaW89VO75MERHQ==,iv:fwqI3arwtlZQ5DtvpVbh21ThuZP8zcqCHsmuJuCfCsY=,tag:tkkEO8/eEDCakdlT0NvajA==,type:str] hello: ENC[AES256_GCM,data:UJlsd5kvnhEv7eJeYwg+NHm9sgUAxYM5DoR0gDPLi9J7P+8FI8WPMkN1wEAHJA==,iv:NFSdZQ1OK4BT+EAGZz122NB7WrVCEzv4wwMxFIE/OKI=,tag:6YT7Vw8tFrw9iEFKxeKRFQ==,type:str]
example_key: ENC[AES256_GCM,data:xzsymSb4oD70twtoKQ==,iv:9vBmAKET2VIuDSq7AOyvdYWLGlL6cYHTWxy/Z5bB1+c=,tag:NbV4eA2aaY4cQAKUy3QOpw==,type:str] example_key: ENC[AES256_GCM,data:KMXgMrqe7M101ZMJ2g==,iv:MJ3Iiu/0KIVhPFnqfovysqvPJAv1OsnxE4VIsuexFkE=,tag:X6KIKNGym8/9VglmG3SNRw==,type:str]
#ENC[AES256_GCM,data:zeOCzRd/nFRhbANHxPyyjw==,iv:9MmHl3OyhJHVU+cUFJ4QitHd4SeDe3ctaky+yfvk8Zs=,tag:uPGRJtgQj1vIdLt2+w0krg==,type:comment] #ENC[AES256_GCM,data:QR3WNE/a1hZIXnTjFjK3kA==,iv:eXoZJ5rQaYqN7LjEp2M13OCMwuQ+80M5AXjV0uNc4C8=,tag:sCvL6pr9zAyWZziffVFMzg==,type:comment]
example_array: example_array:
- ENC[AES256_GCM,data:Nwn96XJv8xZWRYv8qws=,iv:K30LBMC8e1vUS0XE+4EIYb3xUUyn6232YmhV2vI9Qnc=,tag:HRe3S88zwj/CjG6NTvjdRQ==,type:str] - ENC[AES256_GCM,data:g8PulCLrXZYSEdZJELE=,iv:irGwciFn1zXBxFpGAJtD46EQLGUO5oqdCzRgv1204JE=,tag:2MuDdRYMjhtTY++lPuj1FQ==,type:str]
- ENC[AES256_GCM,data:l2nuwoAbwaDFHpEWV1Y=,iv:7/2rTd8agUvx73eftpOgidV4XjDUv/JppLIIsiuycnU=,tag:Ohi4JULWDNXJPWZaeXHEdw==,type:str] - ENC[AES256_GCM,data:qv7GvmoOX8VSdaiW/90=,iv:6NOWeWqHUV9ciKPmZF4C7ijuIPFr3YZi3Dh7xWnb07k=,tag:VHXdBhWmEpb7uavCPqGZ4w==,type:str]
example_number: ENC[AES256_GCM,data:toi1e/biUd2Tng==,iv:MPCfhhX9DDaOSzx/L5LTf2VYffin8XvxVyhNDqZLsec=,tag:tE/lml3afP/NjRtpPraoRQ==,type:float] example_number: ENC[AES256_GCM,data:g8BIEIcwKRLSbw==,iv:Ay4aiukAvXeDhzlpMPn++zR0Tt2lMqCx362uN37S+ac=,tag:NTtNaIu5u8YsIm0M4OgL0A==,type:float]
example_booleans: example_booleans:
- ENC[AES256_GCM,data:02CVNA==,iv:L9GmIm9ynm2cWTyd3iYo4fgIeneUyFpEzzzxicM/YNI=,tag:k2EIboiL+c4W1H2OpA2Rqw==,type:bool] - ENC[AES256_GCM,data:94T9mg==,iv:qKGJke4SGhgN09Yebh5MPrRBDNnguJQ+1dl5XQffGZQ=,tag:0Pa3eujmSxDCnAHKHsx6yQ==,type:bool]
- ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool] - ENC[AES256_GCM,data:gEvfi+Q=,iv:0DrXoZk8OkdUShc7WAKOL8xG26RFZp3M3qYFAb1hDAs=,tag:uemBrdF87nrfLpfnQ8bD8g==,type:bool]
apps: apps:
spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str] spotify: ENC[AES256_GCM,data:bp1pdOfS+VGWLtepUjg7KFWw8Fk=,iv:twGO3CjzRxAU81C93mX8qIEZ/FYIQRJnMd2HIuvP9q8=,tag:AJgs0QGFH30E8+ZpaB02TQ==,type:str]
wifi-env: ENC[AES256_GCM,data:2BM4wQq+RfASkg9lcH+fW7eD0VaPJMXABp3z0sYXqZbVzv9R9eAxSokxzcifT/1JK8PBwvZkWtEFrKAT3phXIZzoEySnGKGYazz8fqWWWhMJotLNNo5VkX70hLppgE9vYxf9vQSq0PLWYCN0jUO0H9mHjOT6mDzKUHegcC53jzkNY3WTfLkyzDWJVMP9IbVQ22N5QlJbzZNqrNTaOtcRm06PBz7pNuEKOy4jj5ipZOh6ceR81Xy6BXM7MzFN27lYbzfVvcDmlwqPORAmr7/00QBy2cp38rTswJEzYf1x2Q==,iv:DSTVPw9qtmo02/usZZDpHsYlX3sSW+2XrnawtBkRNmQ=,tag:3p3eW+3BEQrOmHlBNUEOaA==,type:str] wifi-env: ENC[AES256_GCM,data:6+fHf25fx/PuutOXhMZqx2JVVSDTW7fQU8XOCc2vyUpg7HiRpOKFu5PIZoJQexvJoBNNciiQkju17+xuxnQ48dsRgsdS+wfH86Af55MfqDjG1el/htEOER9f9sTpMwGjIKD1zalkMp7oX17UlIqiCQg7HfcZFb8T4eHzu9w48umiC3WpwlKLykF5W600gYbXx1E1FjwgCwxJ1zRmBTXoz6WHvQ==,iv:DmUyn3/Q7jwqHrK7wSCqIRO1jJsOHNbmG6a/l1YdMmQ=,tag:S3CtTdFyn2Lg5nGlHVU66g==,type:str]
#ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment] #ENC[AES256_GCM,data:pC2Kdy7wNc0=,iv:J7Ggfv6K3dCzL42j5MGd+BjQGseoAoYs4k6+yc3FSiA=,tag:9MriduP9SEIi+c1q4tfzlQ==,type:comment]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWbElNRkxyZ2VjaitiTWx2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZC9aczBZekVGMVRBYlFV
eThsY0h3a2NCZDloWG0rU1ZwVnhOY2VJTXlFCnp3UzNDR216L2R4cVdyWjFqbkRr MUpDZFFPRTIzL1hpR25vd2pjZzJnRE12TkhRCjdiV3VxVnJpL2l2OU1rNVE3K2kv
cFJGQjQ4Qk9zblYyckVFY3VNekNuajQKLS0tIEdRWldHMjlpTElxQWFVUlh4L1lz akF1UFNtdDFYdUNIMjVwWitOUDJ1UUEKLS0tIFJkSGU1MC90ZlM0TXJOeWlWTnJT
d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR RFVEMjg4bjd4SUF2SjVWZVNDWlpiR1EKmWM9G8/vb1+GX4zGiIj/So4apfi3wzyp
D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA== yGi0T3fen3jzfU38xFZ25Tn0pDTQaSG7PkVKQn9YBJ4pGb9JDPfTjw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-15T15:37:51Z" lastmodified: "2024-09-20T13:52:31Z"
mac: ENC[AES256_GCM,data:qJ8NdnzVrgQb0rGwjZFHrS+eJrUjQEk4M4uo5bnk4eY7aKaHejARcYOIhp0H/DMdlix+Dm3DAAeeRWn8AKCatXaSzYD/VHHbjfp0lKBCsC8CZFeCELQ5GGEHnVot3WGb4J+QdfupwdduExSSMd6XeZGFVbSGhLzRbiiWA+i8I3o=,iv:oxWiDCH60apKT0/fJbWp1cIZ9cvd6mJKlP3xAjMBXIo=,tag:0We6eCJnsncujCt+CwK9UQ==,type:str] mac: ENC[AES256_GCM,data:IT/GEdJtQHSjzVRdIBIRq1y0Lby4k6gGVDfeg3/bjdDNWkPCnGOc5Uerz3TJ95M3oKMgFiQW2Sa4m/8QX9qhtVfH7gleMhJbzkz1DGKozoCxqWX71BBfiwcAuLG1fzDwfpT4DcRK1ppfC/9kMZ3g7r9Ug6EceXUKXP3uaUgfNjg=,iv:WpEhLffmICyR7bbe0cnT9fjqyL59gVxumz/lsE3oBfU=,tag:k0GSSZeQC9bJ1TWRwhaGQA==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:57:09Z" - created_at: "2024-09-05T06:10:45Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4DQWNzDMjrP2ISAQdALiZMzuQViM23hoFebCXYfQUIvCluWqAEeSJyE/LRHG8w hF4DQWNzDMjrP2ISAQdAVPGTjbrJcO6UTQ9bYOqiVqJMehxGkfNMtgnQQL36mQsw
nQnIVPRIbzLzWfCf+48EW6f7zonHmNY7D9F9KohDmCTcJ5/WvXsJKjebuohR62TF CznpGVos/aNWRKmt0nkfjHuI0y71foFWt7BB/acKspE5YUu831wgrRbB8TyN69DK
1GYBCQIQq7nEvwSfn+l5AevKIiodA4BLfM326JSx5hJ6XdrE0MzZo1uoMwKKuxig 1GgBCQIQjanvxCPgcaSWLqw2oXXPzTJ1PRJc2UA4kayYIzvOUP9QBoEruDki0GVi
mPbDP8Rx51v9f+9DzjBg6kQD5w411HADL8th+wSkpmasP8ozIeiNiIKzzoJc/fD6 5n+ZiGGtvx7bihZ1WeJiHcOArPr3xrrrPv6nuAxP05HbSRYhaAU79eOTT1p7MtSO
AOsExCUt8FU= A0BHgVYuL00FHg==
=wRT+ =Luz2
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.9.0

5
systems/artemision/steam.nix
View File

@ -4,10 +4,7 @@
environment.systemPackages = [ pkgs.steam-run ]; environment.systemPackages = [ pkgs.steam-run ];
hardware.steam-hardware.enable = true; hardware.steam-hardware.enable = true;
programs = { programs = {
gamescope = { gamescope.enable = true;
enable = true;
capSysNice = true;
};
steam = { steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;

16
systems/artemision/stylix.nix
View File

@ -1,16 +0,0 @@
{ pkgs, ... }:
# let
# randWallpaper = pkgs.runCommand "stylix-wallpaper" { } ''
# numWallpapers =
# $((1 + $RANDOM % 10))
# in
{
stylix = {
enable = true;
image = "${pkgs.hyprland}/share/hypr/wall2.png";
#image = "/home/alice/Pictures/Screenshots/screenshot_2024-12-04-2030.png";
polarity = "dark";
};
}

35
systems/artemision/wifi.nix
View File

@ -1,13 +1,9 @@
{ config, lib, ... }: { config, ... }:
let let
always = 100; always = 100;
home = 99; home = 99;
public_wifi = false;
in in
{ {
imports = lib.optionals (!public_wifi) [
./private-wifi.nix
];
networking.wireless = { networking.wireless = {
enable = true; enable = true;
secretsFile = config.sops.secrets."wifi-env".path; secretsFile = config.sops.secrets."wifi-env".path;
@ -27,20 +23,29 @@ in
"5HuFios".pskRaw = "ext:PASS_longboat_home"; "5HuFios".pskRaw = "ext:PASS_longboat_home";
"24HuFios".pskRaw = "ext:PASS_longboat_home"; "24HuFios".pskRaw = "ext:PASS_longboat_home";
"Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie"; "Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie";
"Fios-Qn3RB".pskRaw = "ext:PASS_parkridge"; "optimumwifi" = { };
"Mojo Dojo Casa House".pskRaw = "ext:PASS_Carly"; "CableWiFi" = { };
# Public wifi connections
# set public_wifi on line 5 to true if connecting to one of these
#"optimumwifi" = { };
#"CableWiFi" = { };
#"Hilton Honors" = { };
# Work wifi
"JPMCVisitor" = { }; "JPMCVisitor" = { };
}; };
}; };
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
"192.168.76.1"
];
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
dnsovertls = "true";
};
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {

43
systems/palatine-hill/acme.nix
View File

@ -1,43 +0,0 @@
{
config,
lib,
pkgs,
outputs,
...
}:
{
security.acme = {
acceptTerms = true;
defaults.email = "aliceghuston@gmail.com";
certs."nayeonie.com" = {
dnsProvider = "dnsimple";
environmentFile = config.sops.secrets."acme/dnsimple".path;
dnsPropagationCheck = false;
group = "haproxy";
extraDomainNames = [
"*.nayeonie.com"
# "alicehuston.xyz"
# "*.alicehuston.xyz"
];
};
};
systemd.services."acme-nayeonie.com.service".path = lib.mkForce (
with pkgs;
[
coreutils
diffutils
openssl
]
++ [
outputs.packages.x86_64-linux.lego-latest
]
);
sops.secrets = {
"acme/dnsimple" = {
owner = "root";
};
};
}

31
systems/palatine-hill/attic/default.nix
View File

@ -8,22 +8,34 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
attic-client attic-client
attic
]; ];
systemd.services.atticd.environment = { services = {
RUST_LOG = "INFO"; postgresql = {
enable = true;
ensureDatabases = [ "atticd" ];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
];
upgrade = {
enable = true;
stopServices = [ "atticd" ];
};
}; };
services = {
atticd = { atticd = {
enable = true; enable = true;
environmentFile = config.sops.secrets."attic/secret-key".path; credentialsFile = config.sops.secrets."attic/secret-key".path;
settings = { settings = {
listen = "[::]:8183"; listen = "[::]:8183";
allowed-hosts = [ "attic.nayeonie.com" ]; allowed-hosts = [ "attic.alicehuston.xyz" ];
api-endpoint = "https://attic.nayeonie.com/"; api-endpoint = "https://attic.alicehuston.xyz";
compression.type = "none"; # let ZFS do the compressing compression.type = "none"; # let ZFS do the compressing
database = { database = {
url = "postgres://atticd?host=/run/postgresql"; url = "postgres://atticd?host=/run/postgresql";
@ -36,10 +48,7 @@
type = "s3"; type = "s3";
region = "us-east-1"; region = "us-east-1";
bucket = "cache-nix-dot"; bucket = "cache-nix-dot";
endpoint = "https://minio.nayeonie.com"; endpoint = "https://minio.alicehuston.xyz";
};
garbage-collection = {
interval = "5 minutes";
}; };
# Warning: If you change any of the values here, it will be # Warning: If you change any of the values here, it will be
@ -87,7 +96,7 @@
serviceConfig = { serviceConfig = {
User = "root"; User = "root";
Restart = "always"; Restart = "always";
ExecStart = "${pkgs.attic-client}/bin/attic watch-store nix-cache"; ExecStart = "${pkgs.attic}/bin/attic watch-store cache-nix-dot";
}; };
}; };
attic-sync-hydra = { attic-sync-hydra = {

2
systems/palatine-hill/attic/sync-attic.bash
View File

@ -6,5 +6,5 @@ sync_directories=(
) )
for dir in "${sync_directories[@]}"; do for dir in "${sync_directories[@]}"; do
find "$dir" -regex ".*\.drv$" -exec attic push nix-cache '{}' \; find "$dir" -regex ".*\.drv$" -exec attic push cache-nix-dot '{}' \;
done done

61
systems/palatine-hill/configuration.nix
View File

@ -6,20 +6,14 @@
}: }:
{ {
imports = [ imports = [
./acme.nix
./attic ./attic
./docker ./docker.nix
./gitea.nix
./firewall.nix
./haproxy ./haproxy
./hardware-changes.nix ./hardware-changes.nix
./hydra.nix ./hydra.nix
./minio.nix ./minio.nix
./networking.nix ./networking.nix
./nextcloud.nix ./nextcloud.nix
#./plex
./postgresql.nix
./samba.nix
./zfs.nix ./zfs.nix
]; ];
@ -58,45 +52,44 @@
}; };
}; };
environment = { environment.systemPackages = with pkgs; [
systemPackages = with pkgs; [
chromedriver
chromium
docker-compose docker-compose
filebot
intel-gpu-tools intel-gpu-tools
jellyfin-ffmpeg jellyfin-ffmpeg
jq jq
yt-dlp
yq
]; ];
etc = {
# Creates /etc/lynis/custom.prf
"lynis/custom.prf" = {
text = ''
skip-test=BANN-7126
skip-test=BANN-7130
skip-test=DEB-0520
skip-test=DEB-0810
skip-test=FIRE-4513
skip-test=HRDN-7222
skip-test=KRNL-5820
skip-test=LOGG-2190
skip-test=LYNIS
skip-test=TOOL-5002
'';
mode = "0440";
};
};
};
services = { services = {
samba.enable = true; samba.enable = true;
nfs.server.enable = true; nfs.server.enable = true;
openssh.ports = [ 666 ]; openssh.ports = [ 666 ];
smartd.enable = true; smartd.enable = true;
calibre-server.enable = false;
postgresql = {
enable = true;
enableJIT = true;
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map alice postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
# initialScript = config.sops.secrets."postgres/init".path;
upgrade = {
enable = true;
stopServices = [
"hydra-evaluator"
"hydra-init"
"hydra-notify"
"hydra-queue-runner"
"hydra-send-stats"
"hydra-server"
];
};
};
}; };
nix.gc.options = "--delete-older-than 150d"; nix.gc.options = "--delete-older-than 150d";

7
systems/palatine-hill/default.nix
View File

@ -1,10 +1,5 @@
{ inputs, ... }: { inputs, ... }:
{ {
users = [ "alice" ]; users = [ "alice" ];
modules = [ modules = [ inputs.attic.nixosModules.atticd ];
# inputs.attic.nixosModules.atticd
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.supermicro
];
} }

5
systems/palatine-hill/docker.nix Normal file
View File

@ -0,0 +1,5 @@
{ ... }:
{
virtualisation.docker.daemon.settings.data-root = "/var/lib/docker2";
}

115
systems/palatine-hill/docker/act-runner.nix
View File

@ -1,115 +0,0 @@
{
config,
...
}:
let
vars = import ../vars.nix;
act_path = vars.primary_act;
act_config_path = ./act_config.yaml;
in
{
virtualisation.oci-containers.containers = {
act-stable-latest-main = {
image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
ports = [ "8088:8088" ];
volumes = [
"${act_config_path}:/config.yaml"
"${act_path}/stable-latest-main/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-main";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-1 = {
image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${./act_config.yaml}:/config.yaml"
"${act_path}/stable-latest-1/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-1";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-2 = {
image = "gitea/act_runner:latest";
pull = "always";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_config_path}:/config.yaml"
"${act_path}/stable-latest-2/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-2";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
};
systemd = {
timers."custom-watchtower@act-runner" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "20m";
OnUnitActiveSec = "5m";
Unit = "custom-watchtower@act-runner.service";
};
};
services."custom-watchtower@act-runner" = {
bindsTo = [ "docker.service" ];
after = [ "docker.service" ];
description = "a watchtower-esque script for systemd-based oci-containers";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'act-runner'";
};
};
};
sops.secrets = {
"docker/act-runner" = {
owner = "root";
restartUnits = [
"docker-act-stable-latest-main.service"
"docker-act-stable-latest-1.service"
"docker-act-stable-latest-2.service"
];
};
};
}

95
systems/palatine-hill/docker/act_config.yaml
View File

@ -1,95 +0,0 @@
# Example configuration file, it's safe to copy this as the default config file without any modification.
# You don't have to copy this file to your instance,
# just run `./act_runner generate-config > config.yaml` to generate a config file.
log:
# The level of logging, can be trace, debug, info, warn, error, fatal
level: debug
runner:
# Where to store the registration result.
file: .runner
# Execute how many tasks concurrently at the same time.
capacity: 1
# Extra environment variables to run jobs.
envs:
A_TEST_ENV_NAME_1: a_test_env_value_1
A_TEST_ENV_NAME_2: a_test_env_value_2
# Extra environment variables to run jobs from a file.
# It will be ignored if it's empty or the file doesn't exist.
env_file: .env
# The timeout for a job to be finished.
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
timeout: 3h
# The timeout for the runner to wait for running jobs to finish when shutting down.
# Any running jobs that haven't finished after this timeout will be cancelled.
shutdown_timeout: 30m
# Whether skip verifying the TLS certificate of the Gitea instance.
insecure: false
# The timeout for fetching the job from the Gitea instance.
fetch_timeout: 5s
# The interval for fetching the job from the Gitea instance.
fetch_interval: 2s
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
# Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `daemon`, will use labels in `.runner` file.
labels:
- "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
- "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
- "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
#cache:
# Enable cache server to use actions/cache.
#enabled: true
# The directory to store the cache data.
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
#dir: ""
# The host of the cache server.
# It's not for the address to listen, but the address to connect from job containers.
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
#host: ""
# The port of the cache server.
# 0 means to use a random available port.
#port: 0
# The external cache server URL. Valid only when enable is true.
# If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
# The URL should generally end with "/".
#external_server: ""
container:
# Specifies the network to which the container will connect.
# Could be host, bridge or the name of a custom network.
# If it's empty, act_runner will create a network automatically.
network: ""
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: false
# And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
options:
# The parent directory of a job's working directory.
# NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically.
# If the path starts with '/', the '/' will be trimmed.
# For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
# If it's empty, /workspace will be used.
workdir_parent:
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
# For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
# valid_volumes:
# - data
# - /src/*.json
# If you want to allow any volume, please use the following configuration:
# valid_volumes:
# - '**'
valid_volumes: []
# overrides the docker client host with the specified one.
# If it's empty, act_runner will find an available docker host automatically.
# If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
docker_host: ""
# Pull docker image(s) even if already present
force_pull: true
# Rebuild docker image(s) even if already present
force_rebuild: false
host:
# The parent directory of a job's working directory.
# If it's empty, $HOME/.cache/act/ will be used.
workdir_parent:

152
systems/palatine-hill/docker/archiveteam.nix
View File

@ -1,152 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
containers = {
archiveteam-imgur = {
image = "imgur-grab";
scale = 1;
};
archiveteam-telegram = {
image = "telegram-grab";
scale = 3;
};
archiveteam-reddit = {
image = "reddit-grab";
scale = 0;
};
archiveteam-dpreview = {
image = "dpreview-grab";
scale = 0;
};
archiveteam-issuu = {
image = "issuu-grab";
scale = 0;
};
archiveteam-urls = {
image = "urls-grab";
scale = 2;
};
archiveteam-urlteam = {
image = "terroroftinytown-client-grab";
scale = 2;
};
archiveteam-mediafire = {
image = "mediafire-grab";
scale = 1;
};
archiveteam-github = {
image = "github-grab";
scale = 1;
};
archiveteam-lineblog = {
image = "lineblog-grab";
scale = 0;
};
archiveteam-banciyuan = {
image = "banciyuan-grab";
scale = 0;
};
archiveteam-wysp = {
image = "wysp-grab";
scale = 0;
};
archiveteam-xuite = {
image = "xuite-grab";
scale = 0;
};
archiveteam-gfycat = {
image = "gfycat-grab";
scale = 0;
};
archiveteam-skyblog = {
image = "skyblog-grab";
scale = 0;
};
archiveteam-zowa = {
image = "zowa-grab";
scale = 0;
};
archiveteam-blogger = {
image = "blogger-grab";
scale = 1;
};
archiveteam-vbox7 = {
image = "vbox7-grab";
scale = 0;
};
archiveteam-pastebin = {
image = "pastebin-grab";
scale = 1;
};
archiveteam-youtube = {
image = "youtube-grab";
scale = 0;
};
archiveteam-deviantart = {
image = "deviantart-grab";
scale = 0;
};
archiveteam-postnews = {
image = "postnews-grab";
scale = 0;
};
archiveteam-askfm = {
image = "askfm-grab";
scale = 1;
};
archiveteam-mangz = {
image = "mangaz-grab";
scale = 1;
};
archiveteam-cohost = {
image = "cohost-grab";
scale = 1;
};
};
container-spec = container-name: container: {
image = "atdr.meo.ws/archiveteam/${container}:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "archiveteam";
};
volumes = [ "${at_path}/${container-name}:/grab/data" ];
log-driver = "local";
cmd = lib.splitString " " "--concurrent 6 AmAnd0";
};
inherit (lib.adev.container-utils) createTemplatedContainers;
vars = import ../vars.nix;
at_path = vars.primary_archiveteam;
in
{
virtualisation.oci-containers.containers = createTemplatedContainers containers container-spec;
systemd = {
timers."custom-watchtower@archiveteam" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "20m";
OnUnitActiveSec = "5m";
Unit = "custom-watchtower@archiveteam.service";
};
};
services."custom-watchtower@archiveteam" = {
bindsTo = [ "docker.service" ];
after = [ "docker.service" ];
description = "a watchtower-esque script for systemd-based oci-containers";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'archiveteam'";
};
};
};
}

124
systems/palatine-hill/docker/arr.nix
View File

@ -1,124 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
bazarr = {
image = "ghcr.io/linuxserver/bazarr:latest";
ports = [ "6767:6767" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/bazarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
prowlarr = {
image = "ghcr.io/linuxserver/prowlarr:latest";
ports = [ "9696:9696" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.primary_docker}/prowlarr:/config" ];
autoStart = true;
};
radarr = {
image = "ghcr.io/linuxserver/radarr:latest";
ports = [ "7878:7878" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/radarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
sonarr = {
image = "ghcr.io/linuxserver/sonarr:latest";
ports = [ "8989:8989" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/sonarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
lidarr = {
image = "ghcr.io/linuxserver/lidarr:latest";
ports = [ "8686:8686" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/lidarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
readarr = {
image = "ghcr.io/linuxserver/readarr:latest";
ports = [ "8787:8787" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/readarr:/config"
"${vars.primary_plex_storage}/data:/data"
];
autoStart = true;
};
unpackerr = {
image = "golift/unpackerr:latest";
user = "600:100";
environment = {
TZ = "America/New_York";
};
volumes = [
"${vars.primary_docker}/unpackerr:/config"
"${vars.primary_plex_storage}:/data"
];
autoStart = true;
};
overseerr = {
image = "lscr.io/linuxserver/overseerr";
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.primary_docker}/overseerr:/config" ];
# TODO: remove ports later since this is going through web
ports = [ "5055:5055" ]; # Web UI port
dependsOn = [
"radarr"
"sonarr"
];
extraOptions = [ "--network=haproxy-net" ];
autoStart = true;
};
};
}

32
systems/palatine-hill/docker/books.nix
View File

@ -1,32 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
docker_path = vars.primary_docker;
calibre_path = vars.primary_calibre;
in
{
virtualisation.oci-containers.containers = {
automated-ffdl-alice = {
image = "mrtyton/automated-ffdl:latest";
user = "600:100";
extraOptions = [ "--restart=unless-stopped" ];
environment = {
PUID = "600";
PGID = "100";
};
volumes = [
"${docker_path}/auto-fic/config:/config"
"${calibre_path}/ffdl-alice:/var/lib/calibre-server"
];
};
};
services.autopull = {
enable = true;
repo.FanFicFare-alice = {
enable = true;
path = /ZFS/ZFS-primary/calibre/ffdl-alice/config/FanFicFare;
};
};
}

80
systems/palatine-hill/docker/default.nix
View File

@ -1,80 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./act-runner.nix
./arr.nix
# temp disable archiveteam for tiktok archiving
#./archiveteam.nix
# ./books.nix
#./firefly.nix
#./foundry.nix
./glances.nix
# ./haproxy.nix
./minecraft.nix
./nextcloud.nix
# ./postgres.nix
# ./restic.nix
./torr.nix
# ./unifi.nix
];
virtualisation.oci-containers.backend = "docker";
virtualisation.docker.daemon.settings = {
data-root = "/var/lib/docker2";
bip = "169.254.253.254/23";
fixed-cidr = "169.254.252.0/23";
default-address-pools = [
{
base = "169.254.2.0/23";
size = 28;
}
{
base = "169.254.4.0/22";
size = 28;
}
{
base = "169.254.8.0/21";
size = 28;
}
{
base = "169.254.16.0/20";
size = 28;
}
{
base = "169.254.32.0/19";
size = 28;
}
{
base = "169.254.64.0/18";
size = 28;
}
{
base = "169.254.128.0/18";
size = 28;
}
{
base = "169.254.192.0/19";
size = 28;
}
{
base = "169.254.224.0/20";
size = 28;
}
{
base = "169.254.240.0/21";
size = 28;
}
{
base = "169.254.248.0/22";
size = 28;
}
];
mtu = 9000;
};
}

25
systems/palatine-hill/docker/firefly.nix
View File

@ -1,25 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
ffiii_path = "${vars.primary_docker}/firefly-iii";
in
{
virtualisation.oci-containers.containers = {
firefly = {
image = "fireflyiii/core:latest";
extraOptions = [
"--network=firefly-iii_default"
"--network=postgres-net"
];
environmentFiles = [ "${ffiii_path}/.env" ];
ports = [ "4188:8080" ];
volumes = [ "${ffiii_path}/app/upload:/var/www/html/storage/upload" ];
};
fidi = {
image = "fireflyiii/data-importer:latest";
environmentFiles = [ "${ffiii_path}/.fidi.env" ];
ports = [ "4187:8080" ];
dependsOn = [ "firefly" ];
};
};
}

28
systems/palatine-hill/docker/foundry.nix
View File

@ -1,28 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
fvtt_path = "${vars.primary_games}/foundryvtt";
in
{
virtualisation.oci-containers.containers = {
foundryvtt = {
image = "felddy/foundryvtt:11";
hostname = "foundryvtt";
environment = {
#CONTAINER_PRESERVE_CONFIG= "true";
TIMEZONE = "America/New_York";
FOUNDRY_MINIFY_STATIC_FILES = "true";
};
environmentFiles = [ config.sops.secrets."docker/foundry".path ];
volumes = [ "${fvtt_path}:/data" ];
extraOptions = [
"--network=haproxy-net"
];
};
};
sops.secrets."docker/foundry" = {
owner = "docker-service";
restartUnits = [ "docker-foundryvtt.service" ];
};
}

25
systems/palatine-hill/docker/glances.nix
View File

@ -1,25 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
glances_path = "${vars.primary_docker}/glances";
in
{
virtualisation.oci-containers.containers = {
glances = {
image = "nicolargo/glances:latest-full";
pull = "always";
extraOptions = [
"--pid=host"
"--network=haproxy-net"
];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"${glances_path}/glances.conf:/glances/conf/glances.conf"
];
environment = {
GLANCES_OPT = "-C /glances/conf/glances.conf -w";
};
};
};
}

207
systems/palatine-hill/docker/haproxy.cfg
View File

@ -1,207 +0,0 @@
global
# stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
# log stdout format raw local0 info
log stdout format raw local0
crt-base /etc/ssl/certs/
maxconn 120000
defaults
log global
mode http
timeout client 2000m
timeout connect 200s
timeout server 2000m
timeout http-request 2000m
frontend stats # you can call this whatever you want
mode http
bind *:9000 # default port, but you can pick any port
stats enable # turns on stats module
stats refresh 10s # set auto-refresh rate
#Application Setup
frontend ContentSwitching
bind *:80
# bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem crt /var/lib/acme/nayeonie.com/full.pem strict-sni
mode http
option httplog
# max-age is mandatory
# 16000000 seconds is a bit more than 6 months
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
# Front-end acess control list
http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
# Front-end acess control list
acl host_www hdr(host) -i www.alicehuston.xyz
acl host_www hdr(host) -i alicehuston.xyz
# acl host_ldapui hdr(host) -i authui.alicehuston.xyz
acl host_glances hdr(host) -i monit.alicehuston.xyz
acl host_glances hdr(host) -i glances.alicehuston.xyz
# acl host_foundry hdr(host) -i dnd.alicehuston.xyz
# acl host_netdata hdr(host) -i netdata.alicehuston.xyz
#acl host_terraria hdr(host) -i terraria.alicehuston.xyz
acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz
acl host_nextcloud hdr(host) -i nayeonie.com
acl host_hydra hdr(host) -i hydra.alicehuston.xyz
acl host_attic hdr(host) -i attic.alicehuston.xyz
acl host_minio hdr(host) -i minio.alicehuston.xyz
acl host_minio_console hdr(host) -i minio-console.alicehuston.xyz
acl host_attic hdr(host) -i attic.nayeonie.com
acl host_minio hdr(host) -i minio.nayeonie.com
acl host_minio_console hdr(host) -i minio-console.nayeonie.com
#acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz
# acl host_collabora hdr(host) -i collabora.alicehuston.xyz
acl host_prometheus hdr(host) -i prom.alicehuston.xyz
acl host_gitea hdr(host) -i git.alicehuston.xyz
acl host_gitea hdr(host) -i nayeonie.com
# Backend-forwarding
use_backend www_nodes if host_www
# use_backend ldapui_nodes if host_ldapui
use_backend glances_nodes if host_glances
use_backend foundry_nodes if host_foundry
# use_backend netdata_nodes if host_netdata
# use_backend terraria_nodes if host_terraria
use_backend nextcloud_nodes if host_nextcloud
use_backend hydra_nodes if host_hydra
use_backend attic_nodes if host_attic
#use_backend nextcloud_vol_nodes if host_nextcloud_vol
# use_backend collabora_nodes if host_collabora
use_backend prometheus_nodes if host_prometheus
use_backend minio_nodes if host_minio
use_backend minio_console_nodes if host_minio_console
use_backend gitea_nodes if host_gitea
#frontend ldap
# bind *:389
# bind *:636 ssl crt /etc/ssl/certs/cloudflare.pem
# mode tcp
# option tcplog
# acl host_ldap hdr(host) -i auth.alicehuston.xyz
# use_backend ldap_nodes if host_ldap
backend nextcloud_nodes
mode http
server server nextcloud:80
acl url_discovery path /.well-known/caldav /.well-known/carddav
http-request redirect location /remote.php/dav/ code 301 if url_discovery
acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
#backend nextcloud_nodes
# mode http
# server nxserver nextcloud:80
# acl url_discovery path /.well-known/caldav /.well-known/carddav
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
# http-request set-header X-Forwarded-Host %[req.hdr(Host)]
#backend nextcloud_vol_nodes
# mode http
# server server nextcloud-vol:80
# acl url_discovery path /.well-known/caldav /.well-known/carddav
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
#backend terraria_nodes
# mode http
# server server terraria:6526
#backend collabora_nodes
# mode http
# server server collabora:9980
backend www_nodes
mode http
server server grafana:3000
backend minio_nodes
mode http
server server 192.168.76.2:8500
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
backend minio_console_nodes
mode http
server server 192.168.76.2:8501
# backend foundry_nodes
# timeout tunnel 50s
# mode http
# server server foundryvtt:30000
#backend ldap_nodes
# mode tcp
# balance roundrobin
# option ldap-check
# server ldap1 192.168.76.2:1636 ssl ca-file /etc/ssl/certs/origin_ca_rsa_root.pem
#
#backend ldapui_nodes
# mode http
# server server 192.168.76.2:18081
backend glances_nodes
mode http
server server glances:61208
backend hydra_nodes
mode http
server server 192.168.76.2:3000
backend attic_nodes
mode http
server server 192.168.76.2:8183
backend prometheus_nodes
mode http
server server 192.168.76.2:9001
backend gitea_nodes
mode http
server server 192.168.76.2:6443
#backend netdata_nodes
# mode http
# server server 192.168.76.2:19999
# backend dnd_nodes
# mode http
# server server foundry:30000
# acl host_www hdr(host) -i www.tmmworkshop.com
frontend giteassh
mode tcp
bind :2222
default_backend giteassh_nodes
backend giteassh_nodes
mode tcp
server s1 192.168.76.2:2223
frontend minecraft
mode tcp
bind :25565
default_backend router_nodes
backend router_nodes
mode tcp
server s1 mc-router:25565

33
systems/palatine-hill/docker/haproxy.nix
View File

@ -1,33 +0,0 @@
{ ... }:
{
virtualisation.oci-containers.containers = {
haproxy = {
image = "haproxy:latest";
extraOptions = [
"--restart=always"
"--network=haproxy-net"
];
volumes = [
"${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg:ro"
"/ZFS/ZFS-primary/docker/haproxy/certs:/etc/ssl/certs:ro"
];
ports = [
"80:80"
"443:443"
"25565:25565"
];
environment = {
PUID = "600";
PGID = "600";
};
dependsOn = [
"nextcloud"
"grafana"
"foundryvtt"
"glances"
"mc-router"
];
};
};
}

97
systems/palatine-hill/docker/minecraft.nix
View File

@ -1,97 +0,0 @@
{ config, lib, ... }:
let
servers = {
atm6 = "atm6.alicehuston.xyz";
stoneblock3 = "sb3.alicehuston.xyz";
RAD2 = "rad.alicehuston.xyz";
skyfactory = "sf.alicehuston.xyz";
divinejourney = "dj.alicehuston.xyz";
rlcraft = "rlcraft.alicehuston.xyz";
arcanum-institute = "arcanum.alicehuston.xyz";
# bcg-plus = "bcg.alicehuston.xyz";
};
defaultServer = "rlcraft";
# defaultEnv = {
# EULA = "true";
# TYPE = "AUTO_CURSEFORGE";
# STOP_SERVER_ANNOUNCE_DELAY = "120";
# STOP_DURATION = "600";
# SYNC_CHUNK_WRITES = "false";
# USE_AIKAR_FLAGS = "true";
# MEMORY = "8GB";
# ALLOW_FLIGHT = "true";
# MAX_TICK_TIME = "-1";
# };
# defaultOptions = [
# "--stop-signal=SIGTERM"
# "--stop-timeout=1800"
# "--network=minecraft-net"
# ];
# vars = import ../vars.nix;
# minecraft_path = "${vars.primary_games}/minecraft";
in
{
virtualisation.oci-containers.containers = {
mc-router = {
image = "itzg/mc-router:latest";
pull = "always";
extraOptions = [
"--network=haproxy-net"
"--network=minecraft-net"
];
cmd = [
(
"--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
+ (lib.adev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
)
];
};
# rlcraft = {
# image = "itzg/minecraft-server:java8";
# volumes = [
# "${minecraft_path}/rlcraft/modpacks:/modpacks:ro"
# "${minecraft_path}/rlcraft/data:/data"
# ];
# hostname = "rlcraft";
# environment = defaultEnv // {
# VERSION = "1.12.2";
# CF_SLUG = "rlcraft";
# DIFFICULTY = "hard";
# ENABLE_COMMAND_BLOCK = "true";
# };
# extraOptions = defaultOptions;
# log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# };
# bcg-plus = {
# image = "itzg/minecraft-server:java17";
# volumes = [
# "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
# "${minecraft_path}/bcg-plus/data:/data"
# ];
# hostname = "bcg-plus";
# environment = defaultEnv // {
# VERSION = "1.17";
# CF_SLUG = "bcg";
# DIFFICULTY = "normal";
# DEBUG = "true";
# # ENABLE_COMMAND_BLOCK = "true";
# };
# extraOptions = defaultOptions;
# log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# };
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/minecraft".owner = "docker-service";
};
};
}

7
systems/palatine-hill/docker/nextcloud-image/nextcloud-apache.nix Normal file
View File

@ -0,0 +1,7 @@
{
imageName = "nextcloud";
imageDigest = "sha256:fe7f941cc514fe01e343a515c7b33e6b12707c718157f6e25a67119e9918a061";
sha256 = "07w9rvmr2qy037ljdmk6w1n2dmwwa31ig7gzfb084wiv18hjfrg4";
finalImageName = "nextcloud";
finalImageTag = "apache";
}

111
systems/palatine-hill/docker/nextcloud.nix
View File

@ -1,111 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
nextcloud_path = vars.primary_nextcloud;
redis_path = vars.primary_redis;
# nextcloud-image = import ./nextcloud-image { inherit pkgs; };
nextcloud-base = {
# image comes from running docker compose build in nextcloud-docker/.examples/full/apache
image = "nextcloud-nextcloud";
pull = "always";
hostname = "nextcloud";
volumes = [
"${nextcloud_path}/nc_data:/var/www/html:z"
"${nextcloud_path}/nc_php:/usr/local/etc/php"
"${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"
#"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
];
extraOptions = [
"--network=haproxy-net"
"--network=postgres-net"
"--network=nextcloud_default"
];
dependsOn = [ "redis" ];
environmentFiles = [ config.sops.secrets."docker/nextcloud".path ];
};
in
{
virtualisation.oci-containers.containers = {
nextcloud = nextcloud-base // {
ports = [ "9999:80" ];
};
redis = {
image = "redis:latest";
pull = "always";
user = "600:600";
volumes = [
"${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
"${redis_path}:/data"
];
extraOptions = [
"--network=nextcloud_default"
];
cmd = [
"redis-server"
"/usr/local/etc/redis/redis.conf"
];
};
go-vod = {
image = "radialapps/go-vod:latest";
pull = "always";
dependsOn = [ "nextcloud" ];
environment = {
NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";
};
volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri:/dev/dri"
];
};
collabora-code = {
image = "collabora/code:latest";
pull = "always";
dependsOn = [ "nextcloud" ];
environment = {
aliasgroup1 = "https://collabora.nayenoie.com:443";
aliasgroup2 = "https://nextcloud.alicehuston.xyz:443";
aliasgroup3 = "https://.*:443";
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
};
environmentFiles = [
config.sops.secrets."docker/collabora".path
];
extraOptions = [
"--network=haproxy-net"
"--privileged"
];
ports = [ "9980:9980" ];
};
};
users.users.www-data = {
uid = 33;
isSystemUser = true;
group = "www-data";
};
users.groups.www-data = {
gid = 33;
members = [ "www-data" ];
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/redis" = {
owner = "docker-service";
restartUnits = [ "docker-redis.service" ];
};
"docker/nextcloud" = {
owner = "www-data";
restartUnits = [ "docker-nextcloud.service" ];
};
"docker/collabora" = {
owner = "www-data";
restartUnits = [ "docker-collabora-code.service" ];
};
};
};
}

22
systems/palatine-hill/docker/openvpn/se.protonvpn.udp.ovpn
View File

File diff suppressed because one or more lines are too long

67
systems/palatine-hill/docker/postgres.nix
View File

@ -1,67 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
psql_path = "${vars.primary_db}/postgresql";
in
{
virtualisation.oci-containers.containers = {
postgres = {
image = "postgres:16";
user = "600:600";
volumes = [
"${psql_path}/primary_new:/var/lib/postgresql/data"
"${psql_path}/pg_archives:/opt/pg_archives"
];
log-driver = "local";
extraOptions = [
"--network=postgres-net"
"--health-cmd='pg_isready -U firefly'"
"--health-interval=1s"
"--health-timeout=5s"
"--health-retries=15"
"--shm-size=1gb"
"--restart=always"
];
environmentFiles = [ config.sops.secrets."docker/pg".path ];
};
postgres-secondary = {
image = "postgres:16";
user = "600:600";
volumes = [
"${psql_path}/secondary_new:/var/lib/postgresql/data"
"${psql_path}/pg_archives:/opt/pg_archives"
];
log-driver = "local";
extraOptions = [
"--network=postgres-net"
"--health-cmd='pg_isready -U firefly'"
"--health-interval=1s"
"--health-timeout=5s"
"--health-retries=15"
"--shm-size=1gb"
"--restart=always"
];
environmentFiles = [ config.sops.secrets."docker/pg".path ];
};
postgres-adminer = {
image = "adminer/latest";
user = "600:600";
ports = [ "4191:8080" ];
dependsOn = [ "postgres" ];
extraOptions = [
"--restart=always"
"--network=postgres-net"
];
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/pg".owner = "docker-service";
};
};
}

38
systems/palatine-hill/docker/restic.nix
View File

@ -1,38 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
restic_path = "${vars.primary_backups}/restic";
in
{
virtualisation.oci-containers.containers = {
restic = {
image = "restic/rest-server:latest";
volumes = [ "${restic_path}:/data" ];
environment = {
OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd";
};
ports = [ "8010:8000" ];
extraOptions = [
"--restart=always"
"--network=restic_restic"
];
};
grafana = {
image = "grafana/grafana:latest";
extraOptions = [
"--restart=always"
"--network=haproxy-net"
];
volumes = [
"grafanadata:/var/lib/grafana"
"${restic_path}/dashboards:/dashboards"
"${restic_path}/grafana.ini:/etc/grafana/grafana.ini"
];
environment = {
GF_USERS_DEFAULT_THEME = "dark";
};
};
};
}

130
systems/palatine-hill/docker/torr.nix
View File

@ -1,130 +0,0 @@
{ config, pkgs, ... }:
let
delugeBase = {
pull = "always";
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
UMASK = "000";
DEBUG = "true";
DELUGE_DAEMON_LOG_LEVEL = "debug";
DELUGE_WEB_LOG_LEVEL = "debug";
};
};
vars = import ../vars.nix;
#docker_path = vars.primary_docker;
torr_path = vars.primary_torr;
deluge_path = "${torr_path}/deluge";
delugevpn_path = "${torr_path}/delugevpn";
#genSopsConfWg = file: {
# "${file}" = {
# format = "binary";
# sopsFile = ./wg/${file};
# path = "${delugevpn_path}/config/wireguard/configs/${file}";
# owner = "docker-service";
# group = "users";
# restartUnits = [ "docker-delugeVPN.service" ];
# };
#};
genSopsConfOvpn = file: {
"${file}" = {
format = "binary";
sopsFile = ./openvpn/${file};
path = "${delugevpn_path}/config/openvpn/configs/${file}";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
in
{
virtualisation.oci-containers.containers = {
deluge = delugeBase // {
image = "binhex/arch-deluge";
volumes = [
"${deluge_path}/config:/config"
"${deluge_path}/data/:/data"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"8084:8112"
"29433:29433"
];
};
delugeVPN = delugeBase // {
image = "binhex/arch-delugevpn:latest";
capabilities = {
NET_ADMIN = true;
};
autoRemoveOnStop = false;
environment = delugeBase.environment // {
VPN_ENABLED = "yes";
VPN_CLIENT = "openvpn";
VPN_PROV = "protonvpn";
ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.0.0/16";
ENABLE_STARTUP_SCRIPTS = "yes";
#NAME_SERVERS = "194.242.2.9";
#NAME_SERVERS = "9.9.9.9";
# note, delete /config/perms.txt to force a bulk permissions update
};
environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
volumes = [
"${delugevpn_path}/config:/config"
"${deluge_path}/data:/data" # use common torrent path yuck
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"8085:8112"
"8119:8118"
"39275:39275"
"39275:39275/udp"
"48346:48346"
"48346:48346/udp"
];
};
};
systemd.services.docker-delugeVPN = {
serviceConfig = {
ExecStartPre = [
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
+ "-type l -not -name network.ovpn "
+ "| ${pkgs.coreutils}/bin/shuf -n 1 "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
)
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
+ "-type l "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
)
];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
};
};
sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
"docker/delugevpn" = {
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
"docker/protonvpn-start-script" = {
path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
}

61
systems/palatine-hill/docker/unifi.nix
View File

@ -1,61 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
unifi_path = "${vars.primary_docker}/unifi-2.0";
mongo_path = "${vars.primary_db}/mongo";
in
{
virtualisation.oci-containers.containers = {
unifi-controller = {
image = "lscr.io/linuxserver/unifi-network-application:latest";
volumes = [ "${unifi_path}/config:/config" ];
log-driver = "local";
dependsOn = [ "mongodb" ];
extraOptions = [ "--restart=unless-stopped" ];
ports = [
"8443:8443"
"3478:3478/udp"
"10001:10001/udp"
"8080:8080"
"1900:1900/udp" # optional
"8843:8843" # optional
"8880:8880" # optional
"6789:6789" # optional
"5514:5514/udp" # optional
];
environment = {
PUID = "1000";
PGID = "100";
TZ = "America/New_York";
MEM_LIMIT = "1024"; # optional
MEM_STARTUP = "1024"; # optional
MONGO_USER = "unifi";
MONGO_HOST = "mongodb";
MONGO_PORT = "27017";
MONGO_DBNAME = "unifi";
};
environmentFiles = [ config.sops.secrets."docker/unifi".path ];
};
mongodb = {
image = "docker.io/mongo:7.0";
environment = {
PUID = "1000";
PGID = "100";
TZ = "America/New_York";
};
extraOptions = [ "--restart=unless-stopped" ];
volumes = [
"${mongo_path}/unifi:/data/db"
"${unifi_path}/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro"
];
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/unifi".owner = "docker-service";
};
};
}

26
systems/palatine-hill/docker/watchtower.bash
View File

@ -1,26 +0,0 @@
#! /usr/bin/env nix
#! nix shell nixpkgs#docker nixpkgs#bash nixpkgs#gawk --command bash
outdated_msg="Project code is out of date and needs to be upgraded. To remedy this problem immediately, you may reboot your warrior."
label="$1"
label_val="$2"
if (($# != 2)); then
echo "usage: $0 label label_value"
fi
containers=$(docker ps --format '{{.Names}}' -f "label=${label}=${label_val}")
for container in ${containers[@]}; do
echo "checking ${container}"
last_msg=$(docker logs -n 1 "${container}")
if [[ $last_msg =~ $outdated_msg ]]; then
echo "${container} is outdated, restarting"
imageTag=$(docker ps --format '{{.Names}}\t{{.Image}}' -f "name=$container" | grep -w "$container" | awk '{print $NF}')
docker pull "$imageTag"
systemctl restart "docker-${container}"
fi
done

26
systems/palatine-hill/docker/wg/se-mma-wg-001.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:PytLIf5ceSyhxNs3p4N89GKxh7zTvTTbzKhw6SqEPrWSgRo+ntOZQgkUWBwFRGmWjFjMoMmkxaHkyrBLo/lYb6MAKuPNCb4Ss2ArSHk1qOl9u39lXYSs4NNaZYx6r5vs9IspYsIzfbkz2mad5ZaeEuDjiGCethaw9SthXNyjOOEIo/zYB/9Qju963kPXCpexu2/nbhwr/ilXzP8zzhzl712CMULV2GwISrKQcnJYyhqwzAuLmmsG50J3It3BZBUwTbyiIRK4ka0wrycqVmVDKyasUX71LYlq9MifttFCjQCN8xE7FmDl8nSBBaub9Vss5IAF+DcIRNRIQ7f6INuo,iv:CbvR5AEtENWTKP7UPqjYl7qNvyZvPZRFawrU8xoYdL4=,tag:9C5KmHeZkt62Ujkg2Wzt3A==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNTh3RHN5bGVDZ29YS0pD\nbXpoL3E1emlJeEJMUWo3SzM2ODQ4c2FndWxNCnZUN3dIaTM3bXpOWDcxSzhROHlM\nQlJTTGl2WEs1NlczUlhhMEcvWWlXaGsKLS0tIENlY3dvNEF4UEllQnR2aDJFbSs2\nVE05RnRDSVphNHcrR3paQ3BFOU8vNkUKOtItYEU8P0Wu6TDzPylTTGhwlAiSgDEq\nJnRYAH6kE+qAnpK2xQyG4n0xbhNiASUVQgNJJyN+5BZi0dDf7k9CQA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:g/ba90H1dGisB71/MWXkJDCQEXphWu0tOv04ScmEjKPm58TRM0W1oUVDPa7QWHrcdozz0LnQndhs4enW+SqRF39YBmL8OziddStVgTWC4chBazAPHBcGCgLApP9RAjNhiyosTIypLqppY08UIGU1Q1qEzcoHendu6hSMX09jG+A=,iv:6UPwNmUbjt+z7Vr7yuQ3fdsmTwBwE5AUQw3IzonqXZ4=,tag:nmloGiYkKXNGcbn8aBmNAQ==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAtZwfBH7XpTMkoZMd7QojukRfwU1Z7O/ZHcBzW0rYiTgw\nuYKmkKxSPqY9E/zzNpO0C52NwyAUerM851DaOHkZvcNBkMGdFLKvLf53wgPZKlkc\n1GgBCQIQNLHtkosd/X7cb8VScXNk8CVsckRQJWiHFkPtbYcyz9O55hJOdg0TGmbQ\nf4v9yNrVG6OFQTfV8IXbIJ7fANPNDTu/gDE/XB4W8GzgmLReAsaUnxJWd7a2LSFn\nCkiJsF+JY3QsYg==\n=55xj\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-002.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:ULynEBONpLJNPcSGjnFTLkrc4PNDNVqvpQ7LWqsMC0mW6SaDFn1e8MJkK4SSLjx2UCajMOyuvzNYzLd5AxMKBgsH/P1KAAednunOEU0ADKIzsrmEqr/zrX709yXPQY2783Os29jFFpCeQra8z3YR2vfU/PcOtqzoOuipRo0p1yUtehBLN40ogP9aLc+zxkoQxts20sU2EOe7rivU9WsBGQ2m3/Eg8ucH0aNdiN1BF/pIwyXbwMxcXtUCs0jVINJqsgFx2Ntmuz24dgZnTr8Hibz0v3F1LXcFbIIiH8OaCb3S4X2Zd/nCJqxRFz+cmzvcMplQHyE1XOYqP0OTA6s=,iv:skT932uptVD/zmbm/nxtzciD9dlYbJU4HzgHZtuathY=,tag:a/x3/an0q8hhexm4dpsVYA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4T0p1alJDd05KOTBjTVhL\nMVlPZno5YVlWRG0xUWZoUkJyVVZWRitLUTFZCmJmWXdzZHlGdG5GWWI2QWZXRUhY\nVVV1WUxaNWtVcmVtakI2dHpheS9HcTAKLS0tIDFsK0ZIR040dEdQQXV1NUpCQnVB\nOU9YU0NQSkwxMEtPdnRQeUYwc2hiczAKSynE6XsoUXyoLbUuuzqXbIbGoSeZR0S/\npMhZwI2fzh3vuLO0GpREkQRJ0azEvbbFPYdhJAFIBu/eRYd70IySlA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:pk7jtod+BCMqF6Hwgkd2AReDqkLGZvnBsDBJIipi/PNQQnq04BgT3TKDL3aQD4sKREjc0dyubQtvq4pAE3Fs+fOLgfhW6uYgvkreSg7Q7aSx299l2OaIc+pI47Emt0s+QIjFz2hd3KHxBkKr9xg5m3aITVex+96VqPUO5DPusqs=,iv:nsv3uPIz8iwrXAlQ0sd7J7T7jg3Yif4DsJV9g9aAAXY=,tag:xAIvz4KPTlpIuDZZfv3qkw==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAGNsLJiDmbwfugWEdArQwUDMm6yL6bHbRhQsniyz6RFYw\nbmOG9HElDZGrQor2N+OmjRJzBnmrC3H00PBuM1dx6L9pHZpf8/CT477ZE66IDxOw\n1GgBCQIQUtKFTM34FXDEV4sTfawGatyVDoqFq+gxtI6iJA+1YgrJkZzV/5yAlINb\nsiiO0h1dvUS7uMZT/EPEBDvprXwDXrk6GHTtxAQTP3XQzO3bz0x6RhMJOEj+7hEB\nrkne981/Q2FiDg==\n=kGYU\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-003.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:1pgCvsAcTSFMhb6OKujAtyEfR+Uu544RecoLxy6hhbj8PupUuosJ+lt5gOMqOzHvjUBMvKM/mqJ+JuahChclwXg+XCgB/7yh0tlwPyftPNoWltEwu/AsP7QUwXomfj/AbwzxfB8oTw4U2Ot4DfObDNvhfA88Sva2OE6mkapoRAAFND4CoglOoJ5F+vjLf0XsRCaHTVXCTwmd6BNb+ZHs+heztlaFRp5Mv8TINOlDl3yhW8V10r8ZhLoF421DVAtVLsuOQ6rbzGOZy9A+HfZJlaEZcgFHLKi40pBKQWw5xFrDp8gml/eMtkkKRZR88v+eXT+QCrg3biVYrdIhJlA=,iv:kIOTAido5Xm1fB5Xz7bsrwNM9dbjMIxvqIcNfXbUU6w=,tag:mrzFeyo4D3Y8lah9DU4kqg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZbFdnRDlGNUxhTFd3NHhM\nanZmMksxV2xJdUVRL1NFQlJySjU2ZUJSQkg0CnIxb0FIeWMzMzdNalVNUmhQM1lX\nd0h6RWdPak5QeS9WYksrcHhERmd6Y2MKLS0tIDc5ZEFhK0dycFM2N29wN09BOVNK\nTWJjNThyTUxqNWxsTmw5WmlBV0xlK2sKE3L8/VvO8vmsqUV939JM2qdVUOsHAN3p\nwFfeldy2T6ojCVLWdl3CnZ7DmRumweEsSq1JP1mkZzfxotZloMUH5w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:hmYfiTiGuO3oF/nGMP7vizC7nJtxYp1nFKoYsZR+GogpN3m3pqdKbLfqWLHXCI5o1l2nZjCo8VgUQYGrwePertOtlTF2rUz9fSxl3EsmoPbZOkt/NawjiIN3lARYTyoxwAq4Qtsna0OJTq9Yb+DlnMUTH+zk3/32K8dF2STRB84=,iv:8jYMtSSVOu5OIR4/TsM/upnZvvTh+ObkHcUiZtNLf+M=,tag:ANLwWSNxZxUM731LdQIO0A==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdADhzkz5iF5geZvou70PeWpN718CeGgvbs97VWhxL25gEw\nphKaEn/73p0Qjqnpu5xVQi0GwSOFVt2UFjLf55aEjdBPb/RwVp0kAeDzzaDSR6/m\n1GgBCQIQXglRmyXJWRT4RdsWOFM1SpuFV1F235UJIEn/O0yGiQvuBQF6OVuvqYgV\nYNi2KFUU+99WaQvxUYddGzCHMEC2AAuKSSNBvs2LSGu0Ic/KWjrcn6yeXEPuv8a/\nHsvjhXACkXWN/Q==\n=JWpI\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-004.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:s8ANdI9fL6hX9K3ypZcmxhQv3VWZ0BYCMmEWatNpQv+0t4kLMmDIbtvLVBTjLoFvWcfy31vAEhbhZPOE0iQXUohiwfVu67/nR3gzcVpeERvtYlqb4q4RwDIgFXKZUd7y55CIcJbpFRR6U5/NCG2+PEAD5J4OtNTkjnpleipNqcI7Ccg062jVqiavOeKw+eoLMomJsJYqdeTUb9nwYlYoe87aIhZFmAKe0Z1ps6ClzaHSWsr0RSbaDFgBJxUo1brEETsIkphNktIe2kVY72PaOqiNZavEhgPfIc42Ldr4zyaW9nrau8ZsiGM/1VxrHwEOlqW6QimZO9epv6jQgTm0,iv:lSZ5H1kkokiwr6o/X42ElkLvNnWOJZkuD4Tt+vkX8uc=,tag:G+bcX3QzEIcmkxjBsSGLNw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5R0J6UmFPVWo5ME84Q3Rq\nN0J3MmowemJNa0pwNlVqQjdUR0NOWTh2MEU4CitGbkt4UDhuYlRFTlp3eHNGV1JG\nc0p6ZVlxUURhQ1NLbDhvc3VPazh5MmMKLS0tIERTcW54OTFhYjcxUVliRFFmOExk\nL1JMb0VyTDAzd1h3TXgwQ1V3VzZmdWcKZLwB3/3M5Ph9xvkBUrTZXvE13R83NCaT\nHYCKZoJx/CexdDXpij/H9fMI2BgRP1UBgxyWVg0pAAPrxhNhpiteVA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:PC2Gk57K2IQbGsAjXvN7BDaYO09vg+MKZcrieA6kPFeWVK7Nbic9iQiRsqs8cMOgQ4ZWNFJqyCmSPNKhWAkhmcuc3TNXTCGUl9AsWUyVLU1KL0I48320U+72ce4RY0vtO8FjgPjeFRtuzrHO4eOQhULrX7FhtUYq3/meZjP3PmM=,iv:P3LfN/+LS8wbRFcTvJhCU1LEqayWCUwqtHAmPodUXZE=,tag:DMuEdIKy8hBo/jdvnv7yaQ==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAAVsYsC/Di95MPmvkveVSZVZLPDuyWGdmgFFjGz1/l0Qw\nklzbhejv4x04f9j8zWG1Nsnvkkgv2wf++514BCGBN/DvlcFrv1xVPcA2RCqxr49t\n1GYBCQIQJvmrC8GUr9qp0yYEcUzXAaYh9hUA+fGPc1L45PmWVwjnY2wRtco4Y/uu\nLI09Esz6GH9vVesL3oO9A1uXArKw9dqph+Q6l3XAbtUp/y2vSU2xZlaQ83hAP3S1\nTryM3Ex9a80=\n=d/cZ\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-005.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:lre1gMfmXwB/FxXrF7VguPFmunswv7Y2+GhIOJYu5ijTpDV0O3mumM5Xmk8dZ//3xPQuqFJBJEpMI8nggAWG3pEd4x5otDimJR0OHb0zoHbDE2YyNWR6pwUk07QkhTYJ0UzLFtReRCSgkQmbR20nfew1Ta9HYEDeqBH9+nFBBqlhJkYXybmjC+sWpyEkhnAUk2cjz74WiE4cFemLj8M1+pZYany9uSeY8MI+zO3PU6XyMEdEx9+H2vmvUR+MMzR01cZlHBPghgVlPtDAerTOOFo7Med/HSKUsFLm84K+DerjZ7tIP34xEY7NjW3epxk53UmUdbY8DJ+pBPVcL8k=,iv:CIHbLf6ARlXs3QQKg6hfO47WfQXYMtzCt/2Qv9Vmmgo=,tag:/uR4nPjpqEJ8zv8/H54xxg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWkhMT1dHNklvK2VXNGtq\nUG9tUS8xM0VoVDZTSTNvZ21teGYrSHRMelJrClU2Q2ovR01OK2E4d2F1aXRmaXRK\nckZ2WFhDYVA4bEVLMUl6WU0xd1p2NlkKLS0tIHZJV3FUYk5oNi9CQXlzSFUxSlVV\nV3Y3Q3RrT3JMVUh0Tmg5V3dtaURpcVEKRZ3dja+pVm2sAdQexiSw/si+CM2esjQM\nq0/9AfMPrULAdHrkvxLfyJRFWQlr2/g02QbeCE8HHYbVWSGaN2pJng==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:lxWz7NnYyAUyY52ewC1Eh9k1xDdJr0I2rEhiGukdKxg0G1gVhrj0UjFEdnkrMALrYbPh3yE1vj/E+xcPJZtrkuCQNTJkxnLlLijhXM39Um3M1KpIMDx5qOHggaT4T+HhdgJBqvkMiBypyP1ph9MPEYvg+mL4au6jd8fRaw2TUII=,iv:IbqBUWb1MrEcVy9rONDYzbB454XVYRi4mdtWo15RZ28=,tag:Cefs9e7CBk2/QsPS1LD3+A==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdARE07oxCX7FzLNlR9Pjmc1hUVGGD2KJdkFlM0cZl9uUEw\n1zW5R66Wy37KlREIRWXz2lnmN2Txpou+fC8zkxPcYXu+s+nWjbJbCRcv233RspPi\n1GgBCQIQWfGy65DBWWjSp2Sr9Ny/Pxvhzy0IF58AW32gTsxYmoeT+9qVuFcne3ut\nOEPyRqyBtnY3BOefXtBWsVBdtasFajhpp7rC2bSmd4sxacBL7DIwSVnTKpGs8Bsh\n8eCj7MwO/uRDFA==\n=frH4\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-101.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:iqmUJoBrXT91fFKdujhbHaLHcQF6J7+zjgaVsOwRkSwnB1OF/2BAf3jwvXjZiAIf7ytdrGjDR8t+Ze1hrncwJ/CuJuWtciX0qN9pky8p3Gpd85c5yZ1kWkC/wfT9VJ70EOe6gHYVnEk8PYqWfb+HaYWolUm4dqnMQcyZ1dkGJAyedvmrZvU/EyWPwwR3bVmVkup5skjExEx0POQSTJjE36Kewm/K4AQ3yBcCmmj7ZgYWQotViYW0iIQt3ZH+oItro+SqWb8/EcNjqQbU/1CkVtFEtIgyOpy1tZ7HFhaQI6xha78KC5nPn+dgckw1rrqbH5tUMEs0GHuAhi3v,iv:83eA9Rioryf5nDtcmput665AAR622yhd1ccbIz2aYQ4=,tag:b+j9T/tuEWORm3G9dDbVuA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Tjl2S2tsVGZPS09HaDFO\neHZ2NlN5OUJuRmlZem1xeGtISVMrU2g3WmtZCndobDRnenlWSUl3L00yQUVJUnYx\nR2pxbGJuTkJqT1Nocm9jK1Yra3QzQ1EKLS0tIGE4SjZIMzN5WEl2dnFWZkIwc2ps\nVENuVUUvK1FsTmQ4UFdDQ2hnL0laRUUKYAvGtZrZ5iHls6kXlkXjRZKLB+VotxBI\nqjsPoW1o/2HJ0IQt1HByaxxw80FFcaY79FMVBkJcdQjYOEHFuQjw+Q==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:xo7PG3dqcfwMra7b4AKA7tjBmdwGq6hmQdGCiVT+dx5U8u60B7iIhZA1Nlkrwj1tCqUDpBjVp5iGReYJ+fckYriBBRURFtSaNjmrBSUiswaR2FqxGiNKzW83TdLEncTMXlNdTWKxhPy8uRh0Xso/ZFqAWgPd3fvfUAVXgGmnCuw=,iv:zi0v2nJPhVmPeE7pNY5KGhJimYMtWhmHzareuZ39YN8=,tag:/2NKODtUaXJhxkJLqjn6gw==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAxkXTiqh3KhrshdFSX+QUvPyxL23iLm0y1nCsQGwCcBMw\nIg4RMlZVlbSUya2IPRc2J2gt7E0Fyp/oYw9Ytsa3u6cR5L41dRS4tZcpHkyJpU9h\n1GYBCQIQqCh2mj3ErvL1BYA+sgvIh8hbzmBH8uWWNpCHCP1StjtduMyLT6rBiWuv\nPvoCvz3WWXufEvn7DEutAs+T92oNMcEHcGWWbsn8U1dIXQ+7Cl2CWDNMlxIoKtVN\nuBcXPqKFZho=\n=M3My\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-102.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:MvHQjTIH2RUsf/Re8piWc+foojfH1GpkDdgTgN5uGkBd+hFABF58ATN02SyrSJilwZiUIcmmd9yei59JKNumhY6daIcVzwpipGp2E/5ziLE0LzJ2+9Ov084TEclMe5vbEnJqtiB3Vu0w/9wKzbiXGWi/doqpNV1YKgore90Z3Mol4bVC/4ZSmm/YvRNZg51HPHtX65uZKuER54KqqkZOj0zPB8YiJHDbvtdoX2u8gEAenOjboHkRXRU9jgjytoP2Pw8W1dikajTXvtcjTzJijHVXZb70b0Yr5QnLOZaT4ovZA2Y4lkllpmQ4m+up5V3AkIk8iSLlFHOSaYNY,iv:0JpG17m9kD7xJ5vEBibuKG+yLL+xiIHlldFQ9TuWZwU=,tag:mPI3NUTmCnAXhcZ1jyAgrg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLWklBZUQ3MFo1bUZuY1dy\nVGdUK0FlM1dSNFBYOEhkZUFMd1g0b2ErZXd3Clk2TlQ4aEROUEJFbmpwYXRQK21t\nalJ4Z0k5dlVHQzJzdWNUMnYvTFMvWTQKLS0tIE04TzNIcVlzby9IM0FNMWlOd1Z3\ndTFwa1ZoYjdqUGhUTVVqcmxPVThMV0UKa07ux2wYZCn/9pgejH2o2wAknVLo2YV+\npb49PUwm1wvXaUVOrgGWAEGV1WBkH0FjSUKpTGLZ1V5MJ+wBk1fzRg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:10Z",
"mac": "ENC[AES256_GCM,data:X6AY8uht59ISavkd199WKj+Tnvf6YRxLccRJe/TeEwYN6M9TDIkIDEJmiw25LuLWHq96k6kJ5LXg2XapvTddZs6XavANxVoafyB97JYcofsFgrt5ziVJQisLxxjwnOP7twUHtHN60TS+2Om4LKnx2qm4piMJpt1RTFQPquSrNGg=,iv:Zgl/L3ugPEyQTXnHqctDnRORC3fPTx/z/wAHFfo5ZS4=,tag:o3jdq1bHCzfavdNRwKk1Ww==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:10Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAWiLRFVRksLnX7OthQw84hoyjSEnsQyekp7kF/dbFAW4w\n4byTxDKfHHmSUvf9G96wOH/mNWpdAJiWlOQ7tPstVwoeHVBHSgf2vgd8MRTmrRzo\n1GgBCQIQjpgEmL08FuHrEGvT/WUSAIBXKhN56fyHOgT62NzOthiIIp6qxq27UjlX\np+ZUIR/X7qeJSVHJUKssNRnTKm1bbmbK/9ydXZtk/xHdFAD5YLZaz26ZknhaR7J1\ncHEHK6TQRL54lA==\n=DD6O\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-103.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:K1RimM2itH8391EFz2SYMn+tDlTcf9bopuci3hkZPqi0Obr4M1pgQGEbs8xxcCYknE5HLGuW/zbMXL5UvFcGIVlvX0q/eZBerTuUz/VMbkzWiQ5Gqy9BpdXbb1i6vBDnNkDpfxrAu8vadUMifoUVTUconhoOzoR5byOMmUdx84z9W1S/9oztd9fRXhJIkoI23mxbaKr+zK7bX8CS73tVk8+oBFjeUPSt6+IwlmWx1iKVBs5tY/RPQ7kGTe3lIdbe2QIgPS/T7/W4xMoI+i9Z+SrW3eLOUyHNWQg/3gCPbOwvYt3xhj8RaScmW5L1a0SMPDQ/5CatOoiV/vrA,iv:NreCE5+5wyEKowJgtFXw7YPhbixpn+qCK403zzrkkjo=,tag:ptYXTDaKEs17fZichb+lbg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YlBUcWdWVGNwaUlqMjdt\nTWVqUW5LdVlZWC9Uem0zQXI0UldFMDYweDNBClVJSTJHL0c4anFnOSsvcmhBaldD\nSHNUem9aQk8rTTdLUFpML01uMFJjNkUKLS0tIGY4dXFUVm1mVThrWmFyS3BkTlhS\nblA1MmN1Q3MzRERlN3pLMTExSkx1RjAKonRli3BpI6iucyJAbWvERBPR0f6ewrIp\nBIQVkEBod/pdSiahMWfXjFVH0nmU9Ip2CwhZl1pGNOaHhnLtrUWmBg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:10Z",
"mac": "ENC[AES256_GCM,data:kDO0Y1wIe/ZWTiXeuAQtCS+fn1gR6L514e8qs7mzt1B6/u5hChy2L3WRR0DQN9V0wjl2bp6muAdfTEDbO7PmAbSE8wKHjCy97tzDgVSrtodUvGZUbm62bA0cx1VzgcKrCYHglSDsxmnYc3atxKlM8uWJ9GM4F4O+wRj/AH1QLYM=,iv:DgTrwKlftGmyuRDbROApudP9xANL7aBTbGgYRYqN5ZA=,tag:ek8rci9l2iDrYxP3b2EBvA==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:10Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdA0ZIzTIWsWHwek/Z0bIQvfCa49t6aaM51M4HJFyCRpxQw\nJ7mW22C1kf35WAz5Hmm251B+UuW1wUITdavE3tYH9/yB1yQsTSgKd3Vze/r5Ebvu\n1GgBCQIQQJk9Blm+/vA3//hafY4tDtuCr7N+utLdDFK1lBy9+Qg8UtAiNP4fFffF\n8Eh0tx/Fg5n/2r4p9NGLFn/ZMMe9SnP19VsmGQQjA3RlK8jVmxvSCXLFzM85uZge\nYJDAMSU+8Q3qdg==\n=4Asa\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

38
systems/palatine-hill/firewall.nix
View File

@ -1,38 +0,0 @@
{ ... }:
{
networking.firewall.allowedTCPPorts = [
# qbit
8081
8082
8443
# hydra
3000
# minio
8500
8501
# gitea
2222
2223
8088
# attic
8183
# collabora
9980
# arr
6767
9696
7878
8989
8686
8787
5055
];
}

80
systems/palatine-hill/gitea.nix
View File

@ -1,80 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
base_path = "/ZFS/ZFS-primary/gitea";
in
{
services.gitea = {
enable = true;
appName = "Nayeonie's Trove";
database = {
type = "postgres";
passwordFile = config.sops.secrets."gitea/dbpass".path;
createDatabase = false;
host = "127.0.0.1";
name = "giteadb";
port = 5433;
};
settings = {
server = {
DOMAIN = "nayeonie.com";
ROOT_URL = "https://nayeonie.com/";
HTTP_PORT = 6443;
SSH_PORT = 2222;
SSH_LISTEN_PORT = 2223;
START_SSH_SERVER = true;
PUBLIC_URL_DETECTION = "auto";
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_MERGE_STYLE = "rebase-merge";
};
service = {
DISABLE_REGISTRATION = true;
};
log = {
LEVEL = "Trace";
ENABLE_SSH_LOG = true;
};
"log.console-warn" = {
LEVEL = "Trace";
ENABLE_SSH_LOG = true;
};
cache = {
enabled = true;
dir = "";
host = "192.168.76.2";
port = "8088";
};
"storage.minio" = {
STORAGE_TYPE = "minio";
MINIO_ENDPOINT = "minio.nayeonie.com";
MINIO_BUCKET = "gitea";
MINIO_LOCATION = "us-east-1";
MINIO_USE_SSL = true;
MINIO_INSECURE_SKIP_VERIFY = false;
MINIO_BUCKET_LOOKUP_TYPE = "auto";
};
};
stateDir = base_path;
lfs.enable = true;
recommendedDefaults = true;
};
systemd.services.gitea = {
requires = [ "docker.service" ];
after = [ "docker.service" ];
};
networking.firewall.allowedTCPPorts = [ 6443 ];
sops.secrets = {
"gitea/dbpass".owner = "gitea";
"gitea/minio".owner = "gitea";
};
}

14
systems/palatine-hill/hydra.nix
View File

@ -1,6 +1,7 @@
{ {
config, config,
inputs, lib,
pkgs,
... ...
}: }:
let let
@ -42,7 +43,6 @@ in
services = { services = {
hydra = { hydra = {
enable = true; enable = true;
package = inputs.hydra.packages.x86_64-linux.hydra;
hydraURL = "https://hydra.alicehuston.xyz"; hydraURL = "https://hydra.alicehuston.xyz";
smtpHost = "alicehuston.xyz"; smtpHost = "alicehuston.xyz";
notificationSender = "hydra@alicehuston.xyz"; notificationSender = "hydra@alicehuston.xyz";
@ -82,10 +82,10 @@ in
''; '';
}; };
# nix-serve = { nix-serve = {
# enable = true; enable = true;
# secretKeyFile = config.sops.secrets."nix-serve/secret-key".path; secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
# }; };
prometheus = { prometheus = {
enable = true; enable = true;
webExternalUrl = "https://prom.alicehuston.xyz"; webExternalUrl = "https://prom.alicehuston.xyz";
@ -134,7 +134,7 @@ in
sops = { sops = {
secrets = { secrets = {
"hydra/environment".owner = "hydra"; "hydra/environment".owner = "hydra";
# "nix-serve/secret-key".owner = "root"; "nix-serve/secret-key".owner = "root";
"alice/gha-hydra-token" = { "alice/gha-hydra-token" = {
sopsFile = ../../users/alice/secrets.yaml; sopsFile = ../../users/alice/secrets.yaml;
owner = "hydra"; owner = "hydra";

242
systems/palatine-hill/loki.nix
View File

@ -1,242 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
vars = import ./vars.nix;
loki_storage = vars.primary_loki;
in
{
# loki: port 3030 (8030)
#
services = {
loki = {
enable = true;
configuration = {
server.http_listen_port = 3030;
# auth_enabled = false;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
max_transfer_retries = 0;
};
schema_config = {
configs = [
{
from = "2023-07-01";
store = "tsdb";
object_store = "aws";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
tsdb_shipper = {
active_index_directory = "${loki_storage}/boltdb-shipper-active";
cache_location = "${loki_storage}/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
aws = {
directory = "${loki_storage}/chunks";
s3 = "s3://access_key:\${LOKI_S3_KEY}@custom_endpoint/bucket_name";
};
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
chunk_store_config = {
max_look_back_period = "0s";
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
compactor = {
working_directory = loki_storage;
shared_store = "filesystem";
compactor_ring = {
kvstore = {
store = "inmemory";
};
};
};
};
# user, group, dataDir, extraFlags, (configFile)
};
# promtail: port 3031 (8031)
#
promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [
{
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "pihole";
};
};
relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}
];
}
];
};
# extraFlags
};
# grafana: port 3010 (8010)
#
grafana = {
port = 3010;
# WARNING: this should match nginx setup!
# prevents "Request origin is not authorized"
rootUrl = "http://192.168.1.10:8010"; # helps with nginx / ws / live
protocol = "http";
addr = "127.0.0.1";
analytics.reporting.enable = false;
enable = true;
provision = {
enable = true;
datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://127.0.0.1:${toString config.services.prometheus.port}";
}
{
name = "Loki";
type = "loki";
access = "proxy";
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
}
];
};
};
};
/*
# nginx reverse proxy
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
# recommendedTlsSettings = true;
upstreams = {
"grafana" = {
servers = {
"127.0.0.1:${toString config.services.grafana.port}" = {};
};
};
"prometheus" = {
servers = {
"127.0.0.1:${toString config.services.prometheus.port}" = {};
};
};
"loki" = {
servers = {
"127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}" = {};
};
};
"promtail" = {
servers = {
"127.0.0.1:${toString config.services.promtail.configuration.server.http_listen_port}" = {};
};
};
};
virtualHosts.grafana = {
locations."/" = {
proxyPass = "http://grafana";
proxyWebsockets = true;
};
listen = [{
addr = "192.168.1.10";
port = 8010;
}];
};
virtualHosts.prometheus = {
locations."/".proxyPass = "http://prometheus";
listen = [{
addr = "192.168.1.10";
port = 8020;
}];
};
# confirm with http://192.168.1.10:8030/loki/api/v1/status/buildinfo
# (or) /config /metrics /ready
virtualHosts.loki = {
locations."/".proxyPass = "http://loki";
listen = [{
addr = "192.168.1.10";
port = 8030;
}];
};
virtualHosts.promtail = {
locations."/".proxyPass = "http://promtail";
listen = [{
addr = "192.168.1.10";
port = 8031;
}];
};
};
*/
systemd.services.loki.serviceConfig.environmentFile = config.sops.secrets."minio/loki".path;
sops.secrets = {
"minio/loki".owner = "root";
};
}

10
systems/palatine-hill/nextcloud.nix
View File

@ -17,10 +17,12 @@
systemd.services."nextcloud-pre-generate" = { systemd.services."nextcloud-pre-generate" = {
requires = [ requires = [
"docker-nextcloud.service" "docker.service"
"multi-user.target"
]; ];
after = [ after = [
"docker-nextcloud.service" "docker.service"
"multi-user.target"
]; ];
description = "incremental pre-generation of previews on nextcloud"; description = "incremental pre-generation of previews on nextcloud";
serviceConfig = { serviceConfig = {
@ -29,10 +31,10 @@
Group = "docker"; Group = "docker";
ExecStart = [ ExecStart = [
'' ''
${pkgs.bash}/bin/bash -c '${pkgs.docker}/bin/docker ps --format "{{.Names}}" | ${pkgs.gnugrep}/bin/grep -q "^nextcloud$"' ${pkgs.bash}/bin/bash -c '${pkgs.docker}/bin/docker ps --format "{{.Names}}" | ${pkgs.gnugrep}/bin/grep -q "^nextcloud-nextcloud-1$"'
'' ''
'' ''
${pkgs.docker}/bin/docker exec --user www-data nextcloud php occ preview:pre-generate ${pkgs.docker}/bin/docker exec --user www-data nextcloud-nextcloud-1 php occ preview:pre-generate
'' ''
]; ];
}; };

28
systems/palatine-hill/plex/default.nix
View File

@ -1,28 +0,0 @@
{
pkgs,
...
}:
let
vars = import ../vars.nix;
in
{
services.plex = {
enable = true;
dataDir = vars.primary_plex;
};
systemd.services.plex_permission = {
description = "maintains plex permissions";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash ${./plex_permission.sh}";
};
};
systemd.timers.plex_permission = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1h";
OnCalendar = "daily 03:00";
Unit = "plex_permission.service";
};
};
}

7
systems/palatine-hill/plex/plex_permission.sh
View File

@ -1,7 +0,0 @@
#!/bin/bash
plex_dir="/ZFS/ZFS-primary/plex"
chown docker-service:users -R "$plex_dir"
find "$plex_dir" -type f -exec chmod 664 {} \;
find "$plex_dir" -type d -exec chmod 775 {} \;

179
systems/palatine-hill/postgresql.nix
View File

@ -1,179 +0,0 @@
{
config,
lib,
pkgs,
...
}:
# sudo -u postgres vacuumdb --all --analyze-in-stages
# /var/lib/postgresql/16/delete_old_cluster.sh
let
vars = import ./vars.nix;
dataDir = "${vars.primary_db}/postgresql/nix/${config.services.postgresql.package.psqlSchema}";
backupLocation = "${vars.primary_db}/postgresql/nix_backups";
in
{
services = {
postgresql = {
inherit dataDir;
enable = true;
enableJIT = true;
package = pkgs.postgresql_16;
configurePgStatStatements = true;
enableAllPreloadedLibraries = true;
#preloadAllExtensions = true;
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map alice postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
# initialScript = config.sops.secrets."postgres/init".path;
ensureDatabases = [
"atticd"
"alice"
];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
{
name = "alice";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
login = true;
createrole = true;
createdb = true;
replication = true;
};
}
];
# Thank you NotAShelf
# https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74
# commented out statements are likely overriden by pgtune settings
# https://pgtune.leopard.in.ua/?dbVersion=17&osType=linux&dbType=web&cpuNum=64&totalMemory=8&totalMemoryUnit=GB&connectionNum=1024&hdType=hdd
settings = {
# Connectivity;
# max_connections = 100;
superuser_reserved_connections = 3;
# Memory Settings;
#shared_buffers = "1024 MB";
#work_mem = "32 MB";
#maintenance_work_mem = "320 MB";
#huge_pages = "off";
#effective_cache_size = "2 GB";
#effective_io_concurrency = 100; # concurrent IO only really activated if OS supports posix_fadvise function;
#random_page_cost = 1.25; # speed of random disk access relative to sequential access (1.0);
# Monitoring;
#shared_preload_libraries = "pg_stat_statements,auto_explain"; # per statement resource usage stats & log explain statements for slow queries
track_io_timing = "on"; # measure exact block IO times;
track_functions = "pl"; # track execution times of pl-language procedures if any;
# Replication;
wal_level = "replica"; # consider using at least "replica";
max_wal_senders = 0;
synchronous_commit = "on";
# Checkpointing: ;
checkpoint_timeout = "15 min";
#checkpoint_completion_target = 0.9;
#max_wal_size = "1024 MB";
#min_wal_size = "512 MB";
# WAL writing;
wal_compression = "on";
wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default);
wal_writer_delay = "200ms";
wal_writer_flush_after = "1MB";
# Background writer;
bgwriter_delay = "200ms";
bgwriter_lru_maxpages = 100;
bgwriter_lru_multiplier = 2.0;
bgwriter_flush_after = 0;
# Parallel queries: ;
#max_worker_processes = 6;
#max_parallel_workers_per_gather = 3;
#max_parallel_maintenance_workers = 3;
#max_parallel_workers = 6;
parallel_leader_participation = "on";
# Advanced features ;
enable_partitionwise_join = "on";
enable_partitionwise_aggregate = "on";
jit = "on";
jit_above_cost = 100000;
jit_inline_above_cost = 150000;
jit_optimize_above_cost = 500000;
# log slow queries
log_min_duration_statement = 100;
"auto_explain.log_min_duration" = 100;
# logging configuration
log_connections = true;
log_statement = "all";
logging_collector = true;
log_disconnections = true;
# from pgtune
# DB Version: 17
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 8 GB
# CPUs num: 64
# Connections num: 1024
# Data Storage: hdd
max_connections = 1024;
shared_buffers = "2GB";
effective_cache_size = "6GB";
maintenance_work_mem = "512MB";
checkpoint_completion_target = 0.9;
#wal_buffers = "16MB"; allow auto-tuning as per above
default_statistics_target = 100;
random_page_cost = 4;
effective_io_concurrency = 2;
work_mem = "512kB";
huge_pages = "off";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 64;
max_parallel_workers_per_gather = 4;
max_parallel_workers = 64;
max_parallel_maintenance_workers = 4;
};
refreshCollation = true;
vacuumAnalyzeTimer.enable = true;
upgrade = {
enable = true;
stopServices = [
"hydra-evaluator"
"hydra-init"
"hydra-notify"
"hydra-queue-runner"
"hydra-send-stats"
"hydra-server"
"atticd"
"gitea"
];
};
};
postgresqlBackup = {
enable = true;
compression = "zstd";
compressionLevel = 19;
pgdumpOptions = "--create --clean";
location = backupLocation;
};
};
}

36
systems/palatine-hill/samba.nix
View File

@ -1,36 +0,0 @@
{ ... }:
{
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
security = "user";
"workgroup" = "WORKGROUP";
"server string" = "palatine-hill";
"netbios name" = "palatine-hill";
#"use sendfile" = "yes";
#"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "192.168.76. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
zfs-primary-backups = {
path = "/ZFS/ZFS-primary/backups";
writeable = "yes";
browseable = "yes";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
networking.firewall.enable = true;
networking.firewall.allowPing = true;
}

70
systems/palatine-hill/secrets.yaml
View File

@ -1,62 +1,48 @@
hydra: hydra:
environment: ENC[AES256_GCM,data:G/6DOeRdjjp5PGpsHCHneW2X/OQzSH6gozKmgOlK6/bSdQltv4U00AYNOrUYYlH9Yab7JSYBfQinsqRKyDVEp7LLPdlxBaztJiSZGGAdio+JHWwR7UAhAEXSgOh4qFq0SjdZzQduEOdfSYfksut3dJiAvpj6oo6hxuo8mkW4+UacpBmvpnrzHjJHeYYbb3krIhKG6bBqHLT403rLf5oYjnY16XUuYO7deAH99JkfCJKlKnDf3GLfnX78XoXSdOMUyf57PPq5EKA8mFdtZsbAmis=,iv:s903rYHyocGtVJ594+HtCyULGtuom6aUVDcbXPbH93I=,tag:YFkFAIU7cNHSuYnN+lShgA==,type:str] environment: ENC[AES256_GCM,data:XUS68hCXWGMCoxxfecspEpFF8sxVJJVAm74ZZJM5/TiMAyzG0VTw17XQOgv+pP5aYABnQ3Rt9KFaxacaljrjFJ44O8qdGCQOi+g5+EpztHAI+yyeWkEqcVrcDKeb0jM0qygBUtyez5aLJyFwT7znqfNi3CHMP+cJTNVUAQkfL3RrU/lNzAZpIJ5tVG5PzDqMLDWMQXiDRICNdp9fUXyGee64bQ1NxGJALmYS9o1YT75e0nCBsIBD50+ChQvOTUfTGfxpG5SbnDGmL0JIUGB3MqM=,iv:TRsVfNxLnMuq5Wvu0ZX4JVHoIXQaj3Li3KsBXmoFiK8=,tag:gGTQo66uzdUBqCuUYHSE4A==,type:str]
nix-serve: nix-serve:
secret-key: ENC[AES256_GCM,data:M8MJHHO8Hd/Gm6Nxy7/IPr0s6jHEDBB9LpZq8lIWQirvZPpgNrMrnP2xFJWEuJF/ND9hU09ZHA3efIBej2siRPOWSEu4gE65W/GMtpCcwEXF0hR/ISvBsH0fci/6KGbUCVg1x9AJpjJsqevPN7I=,iv:Weuziu2me+kdB9zk68nvLnyxv0ICwB1qA4z0Q39tT6k=,tag:nhcFfRQOxEandrf6CivahA==,type:str] secret-key: ENC[AES256_GCM,data:dXpfTamvU17kkMwp0DZIktkh/iI96wgcQerEC9G0tdm7tL7NQSlS4giocf9uckXK1JNkK9q7urZznx82ZBV3kaZE8oZKgYtkR5xpHgGsbYgQbLx6gowKfBkPusikFl/BqUvUBLznYsYSkJddXJ4=,iv:yeHyAMY2NxQUyzirU9+ggF1O6kRsrM0lEJCY9U0qJN8=,tag:cSm1Obe6WnpHloF/JleVEA==,type:str]
attic: attic:
secret-key: ENC[AES256_GCM,data:/wYnCD7qggeHdsNqkp1rZK839o/1olhJUlT1lrZpv1hTOZDduP2OGhz8kh2PrQR6Mq2Y/ALgHG3cFpJs7G64xDK0qRVGIDlC/9sTQIcF2JL49Free8vADe5ads64EN3vWgfmFoBMPmL0mc4qnDBGnBkDueFN5gy+1szK9tWK23tMl1wEWVsiqBwhuWqQBNRxeaHR2tQXI2Yg3fefq5+laOUjnSe1a8Kx4dJ7rXZuXe+H4uyU7roYFxlLpI8qZig0eUO9WUMX9WP0tKOr5OjsbJzBbdVlVT7lZ9ROYUceoxmcWecLlcyv3Q==,iv:DjH78Getnt3zzK9QLj+HS0cF1wtaBeadxSTrRb1uic0=,tag:KMPtWCq1KT1SSthh3fdsew==,type:str] secret-key: ENC[AES256_GCM,data:0pVok0M5Ob08BdFBV57Ijr4MW6msdGuvgq7v5lunJocv/sM0u0Cy7ye67+me21YBy4xGqidAfQo0j4OQkn71Z7ouKJGQ6izqOuTvRerBLmY/V3GMnSrBgtb+gjKhwswf/T/WV/I2lc0GTrdiJi6JJC0VL14kJYWRQIdcadeGEoF+cZyzyHWV32TxyJrNlDGFu1aFhjKiHP50aDFxibIPwz1h9+lN6jEGEwsOa29K3gnL9zOmzaoS/F4wXEZlCXNETj6lvCd6Ywt3erkGmCvA4FTzfs/CdW/QcS2GneGUzoCy4NRcxx9dKQ==,iv:4QiN6tupBkIZbVkKt7MyLMiy5z/y0ExAT9xWVBL+pko=,tag:CT4F8y/rObKlIMCwtJk7AA==,type:str]
database-url: ENC[AES256_GCM,data:WHdAxNbkRxvNvfUWdPSbgeQXOS7f46OuDKTRuxf3cEyhbU5NAsGlCgfarUBXsHrCH79t7zDGlcRE,iv:trOxDY/ifsibKoX5YPOfKvX/q2ny6SgykiIBusgHxag=,tag:Cx9hhiJIhDLiojJmDdSDtg==,type:str] database-url: ENC[AES256_GCM,data:CrtsSB9KaA+KT9F34eM+z5trjb72wRKKy2LKOWDxBgvVtrNy5jj9c9KPnPCRWue1eABC1FdThKH1,iv:n3n16Qs/s77CxDNHws4lLTJaXx++DpqUrrVDp+Rpj2E=,tag:gkQhzX4gHPRmAQjZKBZF4Q==,type:str]
adm: ENC[AES256_GCM,data:mP4xFGK3+YwyiUMwFaG6tY3tWLGY2YTGa4DRuHzW5Za3McmwEFUzlQQ4hGS2bPKOKwM2Pe5HYBwJnFkd6KRwx5civqsBMwFt4dfZ31xDEi9RxpEm9jCnCcvB1CY8cxNARIhceC12X/ZR8ianUpoINYSjOj4BRy4TEEigi5+V4DkAXeG8+x8SWjj/mRMQMcZud4i69Ul7tpzbjUHm0s/Aasvmib13u4ZbGX/AyoOX8pQwkRHoyfMK2OvRbaeQf9fPcQxOSBALYOIXk9mEGxN1FTFHrTvrY5s0w+hC1mAjX4qm4ZM77RneAI0fJaq1hHSZETIpJOCiQfR3bLuyzWKVestOE29V8Pwq,iv:bjK1QkWUc2vs+oUoC5Z0AKR1/tmrhSLvP8BP8gzghOg=,tag:dmSDM+gbsJMDkqgIPWBfGQ==,type:str] adm: ENC[AES256_GCM,data:fTXg7sVtyjzm2zPLBSYX0wsAjhPZz/fwOWjk6bYEFNDAz9Esw2VFqG84E53cSj62KxClx8jlakA6RyXH5betcrxoRybrEuvdej76TS4kAP3cgK1OUEbcw0gWsgJPleH2BVAn6/5AhtISmglx0RykyKDtjBoxO1ewwwKesd5brIBD2DhLyaYJLFB42to1HmLe7FgYDaR2Q/W5B6W7RMueFwjA4/Y2ELoFQpwqF2HvcyFO58x8BFhIla6T+MB5l5I2qoYNlN5AayUur5xlALRUGH2PCJEiTrt8hXhYPkSlkiiwORBwwK7w89kO+tsHoDW8u3F/aKBbBnikIkaXnSa694mg0twmTOYL,iv:OBk9nrRA2t/9DvEI/OJTwp8nX4iP+foohueZON9Tlgs=,tag:Y1hVX2wva9QridJ5els9Fg==,type:str]
postgres: postgres:
init: ENC[AES256_GCM,data:trwA30EswHEPa6V2GuHsGgU4NK/j/UQveldwHng0Ilwyqh9aZCgF3axP48MmcciBssux8DZ4O5U=,iv:VC+tpG5yuiBE7pjZ85lYCwHG/bTePxeXQDz2zyLyLYA=,tag:5+jwWTv5T5YWwQpR58QfOA==,type:str] init: ENC[AES256_GCM,data:Pq24kdMXLAbePqIHPiJx3xXYEm2UbY598iNDf+z2k1HDhStHAd10CCyJYEgppCw2lkDNY54A3PQ=,iv:RE9DQ9Xw4tDFBD67dk3ggyqYqoGVhZf5kO53WoF3fJ4=,tag:dZwZfgI2H9JTClkyUI1MqQ==,type:str]
gitea:
dbpass: ENC[AES256_GCM,data:8jECcEJ8JnK7fztTckzLrQ==,iv:yQMp5VrierOKXwiop0NUA7Qbn2eH5iUCVlKppZwKLIQ=,tag:rI9WT7zLIaFxVcTu3ufW4g==,type:str]
minio: ENC[AES256_GCM,data:LxY6AD+CZ9VQEl5FrG6o0XiOiizLcwiLiyH1WJD8mMCPWhDjGzt+k+YPOm1BpWzTZF8+2EoxR9oKFJu9mzTibl2Ieits0/RNwh1VdQALXw3FwfRym7CFS+Z5S8H9kGMoXWRrr+I5,iv:g/wq0r2HKfX2AwirT4hm/H1Ms/mtbf4ZuFLISikRyoI=,tag:he99s/WpKoN+lHR8r4K30w==,type:str]
upsmon: upsmon:
password: ENC[AES256_GCM,data:52Rxsh7KUq+aYjQORBC+Yq5B,iv:F05g/a5bv7DQ+eLlMqsNeRHLxzl7AyXU1zAlmFevQ6o=,tag:xkGDD3hDF+u5fUbP33OrlA==,type:str] password: ENC[AES256_GCM,data:0tZKzQOYaij9jdnDTv61ma8i,iv:GEqlCOOUHTjUzfz+X5lCnqcX9SjAG6bVc8Luv97wnSg=,tag:XLvsucW6sIMHKG2AHmxZEw==,type:str]
minio: minio:
credentials: ENC[AES256_GCM,data:5Z/cTmxSuMq8BfRgYLGZZJ7o6AtmrQM3yNjR17YHr29S7ZWvGsjfM7DsLKectem01nvv3HoT4uyWSdhkOmZahzDb5OF1NEgjJhLqkKlCETMu0mmpwe1cx6iOd7kjB3E6Az/MWpXqZ/TrryL9FrQD2nnx9bHyWWIHRQv8,iv:jiYZXfU+OssC0rh/3yFZLEzD1+5mVDDl6gQ3oyk76E4=,tag:bevDszFv1zSa+/2qQIgC0w==,type:str] credentials: ENC[AES256_GCM,data:78ANAQ2756IISlkUFPxy9lQYRml8C9PvkkiXME4nMjtWwPgybvSM2nrO3yVhTgyOyUZjYYWzJlpwstfIAbuWEgGFhbMixSSNSgsWozojm0hWfPBWZ5x4iX++0ARFdfxIAjiGlM/HGa0YO/2tSA6oW6FqM4RbC1vPnqJc,iv:8Y+SilqKsUH/J6M+l4Wpm2J3nPXeoUhA1+GvhzlqMHE=,tag:5dYBlYPIUjd+U+r/dqJWIA==,type:str]
loki: ENC[AES256_GCM,data:ShC6hfsKifVaxLWRo1fqaOpsrYh4+w==,iv:KVSlPd0mBvPZikg/Agnl6q0UhxTmsNOeYdercYOhqMg=,tag:cj6ex9m7vDjInTJDGUlqFQ==,type:str]
docker:
minecraft: ENC[AES256_GCM,data:2k/m0ksnE92fACxQuBlOO72b19T7Nbnr58ezRddmKUVvePEgrdSnIsR3sh7PnmzwmG/ez0WTD+NKbtkQmRMDQ25vruA8gCf8Ig==,iv:X2SUidKTNAPZfbyiXFKprUbAhBxJcbF5bz+YTy4nuEA=,tag:AAvLXO888r9XvtnNfQgCpA==,type:str]
foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str]
nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str]
redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
collabora: ENC[AES256_GCM,data:LPRkzPEv5qfzeWSDbf+L+0asfmiK5Mhj8jCdfVyvVQAaD75Cbo4qLD0Nc80z,iv:/l2vAyYYJChhv6T+JkHT4I74ZpdhvbVqxlDWIM4Y4bw=,tag:/+uzn1vtd1RnO9/lGiQAKA==,type:str]
delugevpn: ENC[AES256_GCM,data:YGkgaQUuA9oteKD77tnFzxZSHctyOQjMNlfvJr3mPWAl2P8wfcshiUoa6SNp69pagxbzRV6mfuzwzinbkQCoZN3lw7uF76y0,iv:Bro0H4tFR+3wi9DGGq9a6ge4o4uPlVXBUF7h17zyqg8=,tag:N1kVNFasqGMx8R9qTq2dJA==,type:str]
protonvpn-start-script: ENC[AES256_GCM,data:ZnlDpCLdILHXSUCI6itWkqO4y75Lwjj7qT1DBkfueLneQOaQ0JhuE2FbOOajkmI046nP9fMrJbu3g4QZHsq1g8yqGU1wb0OOT+eS9+M92Md29B4NnUdwnVAO6/RzvRKXP2tsQ4iprx9An+BEFwZYD6WG6DQc6NjJVSgRcYvfH9rQey2VdwLysNsgFCs8eC6QgikqBpeg4eOIvDDNbdXPKkW+ZPph9xpzGkcFIMwlX5esg0n7qyUoMvWwBn4avC46U5erOw0fNajY60ri9sm5Afht6LZrFal71Hx/K9/5EXBp9dD4teLO2Ew0CQX0i94pKCuR207l9868s7Ao3udLp4wbiLnXoRKq+w==,iv:qR0kNYpb50NXEqSksvHBPAaRG51RKCsSwTq32nosxzo=,tag:+xRQyuWi4Ja/N9lcd11oJA==,type:str]
acme:
bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
server-validation: server-validation:
webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str] webhook: ENC[AES256_GCM,data:d8drMmXcbWCGwOanYr6jUCz5+d1bgTrPKMl4yxFi49oapqFUFSQo2pA3bP9DA2n0b63ZJp1IDyJGBRGjFUsSC8EkKQsYMIm962o++D4h7/l9GZU2TBcn5VgvSldETgwloMg92i3zEApNCeZTtwFwJuJTwmUsZmg528Kj7SBcDw4H18dW8MMfgzBTkZUh,iv:F/UtYjWNoG1la1xaNevRXP/4lNT2TgYfmukbncHILDA=,tag:fJpdG5di6j8Wm54KLHZEsg==,type:str]
typhon:
hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFcWo4V1QyZS9HbHNwT3Jl YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcTQ4SVM3dVN4UWZCSXBs
ZktNR2gwZ3BiWnYwZHpLUzR2YTlmN0ZUeEhnCkF6ekdkN0U2VGM1RFVhdTM0RW5u dFo1S0ZyOEM3c3ZtYTcvZlVNYStDdXd0NjB3CjY0NWc4UkVGUk1ZdTBBLyt2L0lX
bWdreGZrU0JwNDY1TnR2S1M3OTdKaWcKLS0tIEVBekE2eU8rcEhpVkhhWmxPc3JN M0lRbXFwRzFWSTNndC92SU5kSkowb28KLS0tIFhjMnJzZHRoTmJONDk1RjVsRVZq
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-01T23:54:50Z" lastmodified: "2024-07-07T23:09:33Z"
mac: ENC[AES256_GCM,data:xBSrKfuBEXYVqLhZF903HbLaCpgXyuo3r7/FUBPM9Pl+rKUGx8p7LKCIec2NPCGO8ylQvC8T2mochSHSAvN339nxPlQ7f/tKWc6QgicaX4Sb4k0wJdqamSJTq4mkg8482HOUiFCSi3lA3zWC3Y9ZixESmEWTbxe9sQ51Vo69lkw=,iv:XiGVzryZwo5UmJe7I8pkg5IEdms0vR9iRdlFu2wjUeI=,tag:jhOuV+aZd5rQF0xg+0tvOg==,type:str] mac: ENC[AES256_GCM,data:nr1JAEr2FGrYtiUhrQFsBPbiR+toxzYRZVPqq7zYBMeNy70a5jMgw6qm37M8Hmt7omO/KePE+Ol27FI9Aqn8OP3CQZoSWZbul+TTItV5UWC84G3MebaesnIiFQwbpM9hz08VoQ1zxUiUFnUY4bBr6okNSyJeqq/QmkkyqhK4Wlo=,iv:0MR7AiQEX2Cl7FUtRlxaY+R2oqSbanIhwaXAN/UnHH0=,tag:RpQCtsuelu3VQVB9HzJE+g==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:56:39Z" - created_at: "2024-09-05T06:10:49Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4DQWNzDMjrP2ISAQdAPOYlp/3ZJrcXZbu5+XI+BHNzMbzw7+YhTYOfNgujU1gw hF4DQWNzDMjrP2ISAQdAA1DGmMjNYHKHtel++ftsHqmQGqrjfL4VJTe62bEMfXcw
QfJDWAhiMd8cZF5PpX+RdN+Zrk5CCMgZH4hotv9gjf1oxitWuF2hv14k/RlAx8kr EQmF0itX7ns+GogeYeYaqxa0qraWzzGwsEDJOp+VJMmLPtw5999kdO1PikgyGkcV
1GgBCQIQB+LOoKIo7AHeucdV9NsM6H4Akv+Bzy8boarA4BGcyvgRWhS2u8zOQJc5 1GgBCQIQd5DwJiXbQ7bFPYPGg8xxEBeDsHYtKo0tv9uQi9Is0nYYHbI8+TuFUv2o
RKfRonTO51yjlKm0MEspvwrClO+aIuBaNNemuHdk4yhDUnNKVBFyLLOuqXbsFd+G Av5c+/hAX/1D4F8JDTnz7WbEO3X2H7VXNMQKQkYR1Ndds6ueyx1V4kFqQTD5qLG/
aSTmqvI3a/T5Cw== BpnwAmW4i9XVMg==
=ph+p =2NK4
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.8.1

17
systems/palatine-hill/typhon.nix
View File

@ -1,17 +0,0 @@
{ config, ... }:
let
vars = import ./vars.nix;
typhon_path = vars.primary_typhon;
in
{
services.typhon = {
enable = true;
hashedPasswordFile = config.sops.secrets."typhon/hashedPassword".path;
home = typhon_path;
};
sops.secrets = {
"typhon/hashedPassword".owner = "root";
};
}

22
systems/palatine-hill/vars.nix
View File

@ -1,22 +0,0 @@
rec {
zfs_primary = "/ZFS/ZFS-primary";
# primary
primary_act = "${zfs_primary}/act-runner";
primary_archiveteam = "${zfs_primary}/archiveteam";
primary_attic = "${zfs_primary}/attic";
primary_backups = "${zfs_primary}/backups";
primary_calibre = "${zfs_primary}/calibre";
primary_db = "${zfs_primary}/db";
primary_docker = "${zfs_primary}/docker";
primary_games = "${zfs_primary}/games";
primary_hydra = "${zfs_primary}/hydra";
primary_libvirt = "${zfs_primary}/libvirt";
primary_loki = "${zfs_primary}/loki";
primary_minio = "${zfs_primary}/minio";
primary_nextcloud = "${zfs_primary}/nextcloud";
primary_redis = "${zfs_primary}/redis";
primary_torr = "${zfs_primary}/torr";
primary_plex = "${zfs_primary}/plex";
primary_plex_storage = "${zfs_primary}/plex_storage";
}

35
systems/selinunte/audio.nix
View File

@ -1,35 +0,0 @@
{ pkgs, ... }:
{
# rtkit is optional but recommended
security.rtkit.enable = true;
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
pipewire.wireplumber.configPackages = [
(pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'')
];
blueman.enable = true;
};
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
environment.systemPackages = with pkgs; [ pavucontrol ];
programs.noisetorch.enable = true;
}

49
systems/selinunte/configuration.nix
View File

@ -1,49 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./audio.nix
./desktop.nix
./fonts.nix
./graphics.nix
./polkit.nix
./programs.nix
./steam.nix
./stylix.nix
];
time.timeZone = "America/New_York";
# temp workaround for building while in nixos-enter
#services.logrotate.checkConfig = false;
networking = {
hostId = "9f2e1ff9";
firewall.enable = true;
useNetworkd = true;
};
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_xanmod;
useSystemdBoot = true;
default = true;
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = {
flatpak.enable = true;
gvfs.enable = true;
openssh.enable = lib.mkForce false;
};
system.stateVersion = "25.11";
sops = {
defaultSopsFile = ./secrets.yaml;
};
}

23
systems/selinunte/default.nix
View File

@ -1,23 +0,0 @@
{ inputs, ... }:
{
system = "x86_64-linux";
home = true;
sops = true;
server = false;
users = [ "alice" ];
modules = [
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
inputs.stylix.nixosModules.stylix
{
environment.systemPackages = [
inputs.wired-notify.packages.x86_64-linux.default
inputs.hyprland-contrib.packages.x86_64-linux.grimblast
];
}
];
}

38
systems/selinunte/desktop.nix
View File

@ -1,38 +0,0 @@
{ pkgs, ... }:
{
# installs hyprland, and its dependencies
programs = {
hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
};
hyprlock.enable = true;
ydotool.enable = true;
};
# Optional, hint electron apps to use wayland:
environment.sessionVariables.NIXOS_OZONE_WL = "1";
services = {
displayManager.gdm = {
enable = true;
wayland = true;
};
dbus = {
enable = true;
implementation = "broker";
};
};
powerManagement = {
enable = true;
};
environment.systemPackages = with pkgs; [
libsForQt5.qt5.qtwayland
qt6.qtwayland
];
}

15
systems/selinunte/fonts.nix
View File

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
fonts = {
fontconfig.enable = true;
enableDefaultPackages = true;
packages = with pkgs.nerd-fonts; [
fira-code
droid-sans-mono
hack
dejavu-sans-mono
noto
open-dyslexic
];
};
}

40
systems/selinunte/graphics.nix
View File

@ -1,40 +0,0 @@
{ config, pkgs, ... }:
{
hardware.graphics = {
## radv: an open-source Vulkan driver from freedesktop
enable = true;
enable32Bit = true;
};
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

96
systems/selinunte/hardware.nix
View File

@ -1,96 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"usbhid"
"sd_mod"
"ip_vs"
"ip_vs_rr"
"nf_conntrack"
];
initrd.kernelModules = [
"dm-snapshot"
"r8152"
];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
kernelParams = [
"amdgpu.sg_display=0"
"amdgpu.graphics_sg=0"
"amdgpu.abmlevel=3"
];
};
fileSystems = {
"/" = lib.mkDefault {
device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/home" = {
device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/nix" = {
device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/5AD7-6005";
fsType = "vfat";
options = [
"noatime"
"nodiratime"
];
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/3ec276b5-9088-45b0-9cb4-60812f2d1a73"; } ];
boot.initrd.luks.devices = {
"nixos-pv" = {
device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a";
preLVM = true;
allowDiscards = true;
};
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

22
systems/selinunte/polkit.nix
View File

@ -1,22 +0,0 @@
{ pkgs, ... }:
{
security.polkit.enable = true;
environment.systemPackages = with pkgs; [ polkit_gnome ];
systemd = {
user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
}

112
systems/selinunte/programs.nix
View File

@ -1,112 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
act
alacritty
attic-client
amdgpu_top
bat
bitwarden-cli
bfg-repo-cleaner
btop
calibre
# calibre dedrm?
candy-icons
chromium
chromedriver
croc
deadnix
direnv
easyeffects
eza
fanficfare
ferium
fd
file
firefox
# gestures replacement
git
glances
gpu-viewer
grim
helvum
htop
hwloc
ipmiview
iperf3
# ipscan
jp2a
jq
kdePackages.kdenlive
kitty
kubectl
kubernetes-helm
libreoffice-fresh
libtool
lsof
lynis
masterpdfeditor4
minikube
mons
mpv
# nbt explorer?
ncdu
nemo-with-extensions
neofetch
neovim
nix-init
nix-output-monitor
nix-prefetch
nix-tree
nixpkgs-fmt
nmap
obs-studio
obsidian
ocrmypdf
pciutils
#disabled until wxpython compat with python3.12
#playonlinux
prismlauncher
protonmail-bridge
protontricks
proxychains
qrencode
redshift
restic
ripgrep
rpi-imager
rofi-wayland
samba
signal-desktop
# signal in tray?
siji
simple-mtpfs
skaffold
slack
slurp
smartmontools
snyk
sops
spotify
spotify-player
#swaylock/waylock?
sweet-nova
telegram-desktop
terraform
tig
tokei
tree
unipicker
unzip
uutils-coreutils-noprefix
vesktop
vscode
watchman
wget
wl-clipboard
yq
yt-dlp
zoom-us
zoxide
];
}

Some files were not shown because too many files have changed in this diff Show More