sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Compare commits

base: sora:main
Branches Tags
sora:main sora:dev
..
compare: sora:80469f2130bb684f440a8649d6bccfcc75fabffe
Branches Tags
sora:dev sora:main

1 Commits
main ... 80469f2130

Author SHA1 Message Date
Renovate Bot
80469f2130 Update cachix/install-nix-action action to v27
Some checks failed
Nix Build / build-nixos (push) Failing after 13s
Details
Nix Build / build-nixos (pull_request) Failing after 12s
Details
2024-05-17 00:01:30 +00:00
101 changed files with 1653 additions and 2864 deletions
Expand all files Collapse all files

12
.gitea/workflows/build.yml
View File

@@ -12,17 +12,17 @@ jobs:
build-nixos:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v4
- name: "Install Nix ❄️"
uses: cachix/install-nix-action@v31
uses: cachix/install-nix-action@v27
# - uses: DeterminateSystems/nix-installer-action@v4
- uses: DeterminateSystems/magic-nix-cache-action@v13
- uses: DeterminateSystems/flake-checker-action@v12
- uses: DeterminateSystems/nix-installer-action@v4
- uses: DeterminateSystems/magic-nix-cache-action@v4
- uses: DeterminateSystems/flake-checker-action@v4
- name: "Install Cachix ❄️"
uses: cachix/cachix-action@v17
uses: cachix/cachix-action@v14
with:
name: helcel
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"

6
.gitea/workflows/update.yml
View File

@@ -13,15 +13,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@v4
- name: Install nix
uses: DeterminateSystems/nix-installer-action@v22
uses: DeterminateSystems/nix-installer-action@v11
with:
github-token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
extra_nix_config: |
experimental-features = nix-command flakes
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v28
uses: DeterminateSystems/update-flake-lock@v21
with:
token: ${{ secrets.GT_TOKEN_FOR_UPDATES }}
pr-title: "[chore] Update flake.lock"

70
.sops.yaml
View File

@@ -9,57 +9,55 @@ keys:
- &avalon age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
- &valinor age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
- &asgard age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
- &gateway age1lqvnzlendlmtwgstzrj4xzrwpatwx56k5az5au78fyg99yecwfzs3s6xn6
- &sandbox age1pf4auk6u2tmefuqpuc6mntr26cp4wcsmlhnn98arzxsp3753ruqsj0jqk3
creation_rules:
- path_regex: modules/shared/sops/private/iriy.[a-z]+
key_groups:
- age:
- *iriy
pgp:
- *sora
- age:
- *iriy
pgp:
- *sora
- path_regex: modules/shared/sops/private/avalon.[a-z]+
key_groups:
- age:
- *avalon
pgp:
- *sora
- age:
- *avalon
pgp:
- *sora
- path_regex: modules/shared/sops/private/valinor.[a-z]+
key_groups:
- age:
- *valinor
pgp:
- *sora
- age:
- *valinor
pgp:
- *sora
- path_regex: modules/shared/sops/private/asgard.[a-z]+
key_groups:
- age:
- *asgard
pgp:
- *sora
- age:
- *asgard
pgp:
- *sora
- path_regex: modules/shared/sops/common.[a-z]+
key_groups:
- age:
- *valinor
- *iriy
- *avalon
- *asgard
- *gateway
pgp:
- *sora
- age:
- *valinor
- *iriy
- *avalon
- *asgard
pgp:
- *sora
- path_regex: modules/shared/sops/mock.[a-z]+
key_groups:
- age:
- *ci
- *sandbox
- age:
- *ci
- path_regex: modules/server/sops/server.[a-z]+
key_groups:
- age:
- *avalon
- *sandbox
pgp:
- *sora
- age:
- *valinor
- *iriy
- *avalon
- *asgard
pgp:
- *sora

305
flake.lock generated
View File

@@ -4,16 +4,17 @@
"inputs": {
"flake-parts": "flake-parts",
"haskell-flake": "haskell-flake",
"hercules-ci-effects": "hercules-ci-effects",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1770259557,
"narHash": "sha256-EvZ09k9+mzXAngPzU2K7oLLUDlKoT1numb4bDb3Gtl4=",
"lastModified": 1714877287,
"narHash": "sha256-mf1/RfkyhzwLLeqU8AdosbBfRQuQzuVMX7XL7GejoRI=",
"owner": "hercules-ci",
"repo": "arion",
"rev": "9b24cf65c72cb0e9616e437d55e1ac8e5c6bc715",
"rev": "e9945eb6cdaf5c946bacd5a330e7b5ac7b3b2fdd",
"type": "github"
},
"original": {
@@ -45,11 +46,11 @@
]
},
"locked": {
"lastModified": 1777780666,
"narHash": "sha256-8wURyQMdDkGUarSTKOGdCuFfYiwa3HbzwscUfn3STDE=",
"lastModified": 1713946171,
"narHash": "sha256-lc75rgRQLdp4Dzogv5cfqOg6qYc5Rp83oedF2t0kDp8=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "8c62fba0854ba15c8917aed18894dbccb48a3777",
"rev": "230a197063de9287128e2c68a7a4b0cd7d0b50a7",
"type": "github"
},
"original": {
@@ -67,11 +68,11 @@
]
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"lastModified": 1714641030,
"narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
"type": "github"
},
"original": {
@@ -83,31 +84,31 @@
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nur",
"arion",
"hercules-ci-effects",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
"id": "flake-parts",
"type": "indirect"
}
},
"hardware": {
"locked": {
"lastModified": 1778143761,
"narHash": "sha256-lkesY6x2X2qxlqLM7CT2iM/0rP2JB7fruPN3h8POXmI=",
"lastModified": 1715148395,
"narHash": "sha256-lRxjTxY3103LGMjWdVqntKZHhlmMX12QUjeFrQMmGaE=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "3bcaa367d4c550d687a17ac792fd5cda214ee871",
"rev": "a4e2b7909fc1bdf30c30ef21d388fde0b5cdde4a",
"type": "github"
},
"original": {
@@ -132,6 +133,28 @@
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713898448,
"narHash": "sha256-6q6ojsp/Z9P2goqnxyfCSzFOD92T3Uobmj8oVAicUOs=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "c0302ec12d569532a6b6bd218f698bc402e93adc",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -139,20 +162,150 @@
]
},
"locked": {
"lastModified": 1777851538,
"narHash": "sha256-Gp8qwTEYNoy2yvmErVGlvLOQvrtEECCAKbonW7VJef8=",
"lastModified": 1715380449,
"narHash": "sha256-716+f9Rj3wjSyD1xitCv2FcYbgPz1WIVDj+ZBclH99Y=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "cc09c0f9b7eaa95c2d9827338a5eb03d32505ca5",
"rev": "d7682620185f213df384c363288093b486b2883f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"hyprcursor": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1713612213,
"narHash": "sha256-zJboXgWNpNhKyNF8H/3UYzWkx7w00TOCGKi3cwi+tsw=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "cab4746180f210a3c1dd3d53e45c510e309e90e1",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprcursor",
"type": "github"
}
},
"hyprland": {
"inputs": {
"hyprcursor": "hyprcursor",
"hyprlang": "hyprlang",
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems",
"xdph": "xdph"
},
"locked": {
"lastModified": 1715468612,
"narHash": "sha256-AF5bXnJqS7sj9ioJ/X6g1vg91nM9rtpf4iMIdPLjrRc=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "33a7b7bb6b307d6e4a093f75ffdda0419cd7ffaf",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"hyprland",
"xdph",
"nixpkgs"
],
"systems": [
"hyprland",
"xdph",
"systems"
]
},
"locked": {
"lastModified": 1691753796,
"narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1713121246,
"narHash": "sha256-502X0Q0fhN6tJK7iEUA8CghONKSatW/Mqj4Wappd++0=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "78fcaa27ae9e1d782faa3ff06c8ea55ddce63706",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1715287423,
"narHash": "sha256-B7AJIjOyWgVMKhu7DlOnWa0VprdhywUVHuB/j+EwSxM=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "e2fc1c0eb8b392110588f478cce644348ead7271",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"type": "github"
}
},
"nix-colors": {
"inputs": {
"base16-schemes": "base16-schemes",
@@ -172,34 +325,18 @@
"type": "github"
}
},
"nixUnstable": {
"locked": {
"lastModified": 1778274207,
"narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1778003029,
"narHash": "sha256-q/nkKLDtHIyLjZpKhWk3cSK5IYsFqtMd6UtXF3ddjgA=",
"lastModified": 1715266358,
"narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0c88e1f2bdb93d5999019e99cb0e61e1fe2af4c5",
"rev": "f1010e0469db743d14519a1efd37e23f8513d714",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.11",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@@ -219,33 +356,13 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1778376280,
"narHash": "sha256-pL2F2FF2FN7zWr5o/vG7GiYOSjp+DUNyPIYqNaLQFFs=",
"lastModified": 1715471078,
"narHash": "sha256-r+Ha1S9eJEvFg2l1Fto4eDmWgrtZvVgP5vli/S6r4Qk=",
"owner": "nix-community",
"repo": "nur",
"rev": "828688994167eb57628c98fd1d7e1223b079cda1",
"rev": "8400f61e548792303e73595aeee026701813ca9b",
"type": "github"
},
"original": {
@@ -260,8 +377,8 @@
"darwin": "darwin",
"hardware": "hardware",
"home-manager": "home-manager",
"hyprland": "hyprland",
"nix-colors": "nix-colors",
"nixUnstable": "nixUnstable",
"nixpkgs": "nixpkgs",
"nur": "nur",
"sops-nix": "sops-nix"
@@ -271,14 +388,17 @@
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1777944972,
"narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
"lastModified": 1715244550,
"narHash": "sha256-ffOZL3eaZz5Y1nQ9muC36wBCWwS1hSRLhUzlA9hV2oI=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
"rev": "0dc50257c00ee3c65fef3a255f6564cfbfe6eb7f",
"type": "github"
},
"original": {
@@ -286,6 +406,51 @@
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1714662532,
"narHash": "sha256-Pj2xGSYhapYbXL7sk7TTlOtCZcTfPQoL3fPbZeg7L4Y=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "1f228ba2f1f254195c0b571302b37482861abee3",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
}
},
"root": "root",

17
flake.nix
View File

@@ -1,14 +1,13 @@
{
description = "SoraFlake";
inputs = {
# Trick renovate into working: "github:NixOS/nixpkgs/nixpkgs-unstable"
nixUnstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
hardware.url = "github:nixos/nixos-hardware";
nur.url = "github:nix-community/nur";
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
@@ -17,13 +16,14 @@
inputs.nixpkgs.follows = "nixpkgs";
};
# hyprland = {
# url = "github:hyprwm/Hyprland";
# inputs.nixpkgs.follows = "nixpkgs";
# };
hyprland = {
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-stable.follows = "nixpkgs";
};
nix-colors.url = "github:misterio77/nix-colors";
@@ -44,7 +44,6 @@
avalon = gen.generate { host = "avalon"; };
ci = gen.generate { host = "ci"; };
sandbox = gen.generate { host = "sandbox"; };
gateway = gen.generate { host = "gateway"; };
};
darwinConfigurations = { asgard = gen.generate { host = "asgard"; }; };
homeConfigurations = {

6
generator.nix
View File

@@ -6,7 +6,6 @@
in ({
"nixos" = inputs.nixpkgs.lib.nixosSystem {
system = syscfg.syscfg.system;
specialArgs = { inherit inputs; };
modules = [
./modules/shared/syscfg
./modules/shared/sops
@@ -29,8 +28,7 @@
syscfg
{ usercfg = userConfig; }
inputs.nix-colors.homeManagerModule
# inputs.hyprland.homeManagerModules.default
inputs.sops-nix.homeManagerModules.sops
inputs.hyprland.homeManagerModules.default
];
}) syscfg.syscfg.users);
}
@@ -54,7 +52,7 @@
nameValuePair userConfig.username {
imports = [
inputs.nix-colors.homeManagerModule
inputs.sops-nix.homeManagerModules.sops
inputs.hyprland.homeManagerModules
];
}) syscfg.syscfg.users);
}

11
modules/home/base/default.nix
View File

@@ -1,6 +1,5 @@
{ lib, config, ... }: {
#environment.sessionVariables.SOPS_AGE_KEY_FILE = keyFilePath;
systemd.user.startServices = "sd-switch";
programs.home-manager.enable = true;
@@ -8,14 +7,6 @@
username = "${config.usercfg.username}";
homeDirectory = "/home/${config.usercfg.username}";
stateVersion = "24.11";
stateVersion = "23.11";
};
#SOPS
# sops.defaultSopsFile = ./sops/${config.usercfg.username}.yaml;
# sops.age.keyFile = "/var/lib/sops-nix/age-key.txt";
# sops.age.generateKey = true;
# sops.secrets."github_user_key" = { };
# sops.secrets."curse_forge_key" = { };
}

69
modules/home/base/sops/sora.yaml
View File

@@ -1,69 +0,0 @@
curse_forge_key: ENC[AES256_GCM,data:PhhwPhUys/WDzXb40iFlrUcwFEJVzi49vDlm5Hpc7IUwbBiQI1Zvi6115THMvarnGESDyouPfoZP0wha,iv:x//EzR4QwdD0UxqV97yUepc39DopoqiDT21unpF9R2E=,tag:5jM1EibWo0wI+PS70+kb/Q==,type:str]
github_user_key: ENC[AES256_GCM,data:RvBsQjWGd2qRCvBzcpMv8FIXGY/GiPd9o0x2Oq+NlbXxR2NMqNBNLw==,iv:99AcmOWFft7XQAn7YrGjZuCvz0M5wUkYeInsWwyeUFM=,tag:wkw2YQGi9j/8XtOFd8KhdQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBraWFDRFUxQ2l5OWV1OXNK
UExEbWZkM0kzVk1rZG4yY3pBLzdMVWVJS0UwCnhlWFJ5T2lZUXJyNkg1ejQxaU1t
L3F2RUhldTY3N2xXL0hwczNKRzNjcncKLS0tIEkycHoxcDBGNyt2V3RDY29wNGVp
TGg5Rk05VkRsaXM1Q0NxMmtMajRORDAKqjFldiAYJKjmnkeDkwanjYvhL6645DZ5
dVXExjqO/DG733ge8HFyKzpfpkzRymV1giUwxBdII1dd0mJ2ncINeA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3UkRjblIvYStZUzQyRHA1
ZGVXeHhrN0kyVkxZdms5U3gwVFlPMW12MVJjCjRkVURpZXBzb0tYenB4dGxKamh6
VXVBMmo1Ujkvd2VTRExyWE5MbVJaclUKLS0tIDVhRkYzZmEzUG00Q2IwOWZUMVVt
ODVIbytpcjN1cVMyaG1qVVdkRmtaMzQKNsvD9DpK/raDBob+IcuNk72tQDts36kJ
QhtoLy8MvUymi49PdEWrgyf68w5XwRO/U4iINhR0qzm0glg/XcyHjA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc3hKWkk3ckNOY2UyTVhG
MmtLaEd0K04yaGxiOUoxMXkzOEFnYis4VkhnCktDRFM2bS8vb05OWDdwa0RwRlNO
cmlZemtxVGZ6S0tNTDV1cmE1N0pVWnMKLS0tIE9EZllycHJpcEY2R1pwOFhOZEU3
L01IcytDd3BPb0VOTW9DQ2lUdUVJS0kKiD+C+3mK1b/eIwCEFanFgYGLNk3JNPQ7
i1UqzbHVxSd0q/YVwdKAcj0jA6EezGm275tgq7IVsy2sHkvRMaEDtQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweVU3TkxFZzRnd2I2clN2
ZTlTWmhwQkhVc1hnOXFvZVVDSWpHMVh1TGtrCkc3M1pUTnZCMHpvYXB5ZVhreGxa
ZVY2cG5Ja2ltL3k2Q1VEalc5TTNFMXcKLS0tIGd5UWl0RGVXT211Zm51dlB6WFZ1
STRtTVpVTCtVZ1FUNENqWFFVNTNuaVUKN6HRiZjTdENeif8dJ29urBxPXDaosjjY
InN4Ko6YUaGfvB1DTrKIzrxOpsHS+XjisoGfT71tJwwEOoREklEO/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-23T18:05:22Z"
mac: ENC[AES256_GCM,data:YSi2xIwz50VxUDL3QzGVUwRWUgZhvudSLCKgwIbWm8gkuAJ/V2sVRhJNVQJ1YvLO44ob5hmrgR4wSnOdAbS7FrpbLcJuoYBjVUTDjy+j6otnIDxEcYeciHhZ1pV/OiydBmJC+lZ4+SRdWdokL2HaXRKgc9QT9e/MdAbFIzI1x90=,iv:8rj8yEqHTMgoGu31RVskYizmROB/5I0ajZJ/EcmlVfE=,tag:PILFCyXY8sXYGxCEHS7qCg==,type:str]
pgp:
- created_at: "2023-04-20T10:20:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA6R3Y9nD7qMBAQ/8CVWQaYKfOzvPIllZyyWpUjHRLLXaR8MNJ8U5WI/tdwdN
9UScDYJFuYRW7Q9s4Mt961kBGpaHqe9MUZBxUDlYX59+EN3FbO/eMQ5OqI05ESmL
TvZB4+S9C5o73nuypSDNvYz+Lgq6DO25ZPhXdtPhx2DE4G31/wft/LpxhjalIjI8
MU0Dv22R4qC+glJbe4GIF2IJ8XoxnnzjiGeSqiyv0QIBM0SzOtA5sKwNohWBnW7g
7vxOTm5+kyzG0dDjt3tFApgPDaA1wjofzhRuuveF52VBsuIA2opFdpqkyICvK6rn
NB5kUaPlY6A0m+n0oHSfY5wm/AnHNE4Oob/ifumAaB0EAJVUTRauI5M8SeJF0ya1
U0IQ9N2lb7Y6q4pqHywIa6fnylsqCfxInAYKMuslRq8f9t/qakb4/MYcnPrwpzjw
73/naiNoJmG6NVTkM52qTtOqZAmsaQd5cigTuPW2Z2CJq1yLZEVGSSd1DUGUjBDK
nQGucpVVVpD+ifrIPz+Iqwy+5NoZZm/Oa9pKJGFzqXinnDNZaqtgpmTw9QxcSeaP
VvGZG9CDd89MtAm1VQyuqi1bQ2faq3G0xNrLl7xUsfmjx4ofW+JXR87OzvGfLPhu
Sjl3kS9j5/MEBRBg3n9gNkgSu5Sy3ilhckY3yjTgAT9Gw2giDhCiUXi1/7KrGprS
UQHPCSsjyWsyuYVa3lAP/WPdVclc4WOdfYcetUCXBVP7LQr0bq+IG+2J0nnY3mDt
Va5k4sP1qu6Ecrs2JioQ1V2H+VmcrRykBWnMXl1tDSWKMA==
=pS8X
-----END PGP MESSAGE-----
fp: 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0
unencrypted_suffix: _unencrypted
version: 3.9.2

14
modules/home/cli/git/default.nix
View File

@@ -1,17 +1,15 @@
{ config, lib, pkgs, ... }: {
{ config, pkgs, ... }: {
programs.git = {
enable = true;
signing = lib.mkIf (config.usercfg.git.key != null) {
key = config.usercfg.git.key;
userEmail = "${config.usercfg.git.email}";
userName = "${config.usercfg.git.username}";
signing = {
key = "${config.usercfg.git.key}";
signByDefault = true;
};
ignores = [ "*result*" ".direnv" "node_modules" ];
settings = {
core.hooksPath = "./.dev/hooks";
user.email = "${config.usercfg.git.email}";
user.name = "${config.usercfg.git.username}";
};
extraConfig = { core.hooksPath = "./.dev/hooks"; };
};
home.packages = with pkgs; [ tig ];

2
modules/home/cli/other/default.nix
View File

@@ -12,7 +12,7 @@
cbonsai
pipes-rs
cmatrix
#cava
cava
sl
];
}

4
modules/home/cli/zsh/default.nix
View File

@@ -9,14 +9,12 @@ in {
"sudo" = "sudo ";
"devsh" =
"nix develop --profile /tmp/devsh-env ${nixflake_url}#devsh -c zsh";
"cdevsh" =
"nix develop --profile /tmp/devsh-env -c zsh";
"nixb" = "(sudo nixos-rebuild switch --flake ${nixflake_url})";
"nixgc" = "sudo nix-collect-garbage -d && nix-collect-garbage -d";
"ssh" = "TERM=xterm-256color ${pkgs.openssh}/bin/ssh";
"top" = "btop";
};
initContent = ''
initExtra = ''
sopsu() {nix-shell -p sops --run "sops updatekeys $1";}
sopsn() {nix-shell -p sops --run "sops $1";}
'';

2
modules/home/gui/apps/develop/default.nix
View File

@@ -2,6 +2,6 @@
imports = [ ./vscodium ];
config = lib.mkIf (config.syscfg.make.develop) {
home.packages = with pkgs; [ blender godot_4 openscad-unstable orca-slicer pandoc claude-code];
home.packages = with pkgs; [ blender godot_4 ];
};
}

19
modules/home/gui/apps/develop/vscodium/default.nix
View File

@@ -4,17 +4,14 @@
programs.vscode = {
enable = true;
package = pkgs.vscodium;
#profiles.default = {
profiles.default.extensions = with pkgs.vscode-extensions; [
bbenoist.nix
esbenp.prettier-vscode
golang.go
ms-python.vscode-pylance
ms-vscode.cpptools
dbaeumer.vscode-eslint
continue.continue
];
#};
extensions = with pkgs.vscode-extensions; [
bbenoist.nix
esbenp.prettier-vscode
golang.go
ms-python.vscode-pylance
ms-vscode.cpptools
dbaeumer.vscode-eslint
];
};
};
}

14
modules/home/gui/apps/pipewire/default.nix
View File

@@ -25,20 +25,6 @@
}
}
}
{ name = "libpipewire-module-loopback"
args = {
node.description = "Virtual Loopback"
audio.position = [ FL FR ]
capture.props = {
media.class = "Audio/Sink"
node.name = "vloopback_sink"
}
playback.props = {
media.class = "Audio/Source"
node.name = "vloopback_source"
}
}
}
]
'';
};

3
modules/home/gui/base/default.nix
View File

@@ -10,11 +10,8 @@
xfce.tumbler
telegram-desktop
discord-canary
pavucontrol
keepassxc
nextcloud-client
gramps
];
};

16
modules/home/gui/games/default.nix
View File

@@ -1,22 +1,20 @@
{ inputs, lib, config, pkgs, ... }: {
{ lib, config, pkgs, ... }: {
imports = [ ./openttd.nix ./wow.nix ];
imports = [ ./openttd.nix ];
config = lib.mkIf (config.syscfg.make.game) {
home.packages = with pkgs; [
# custom.simc
#games
# steam
steam
gamemode
#gamescope
#mangohud
gamescope
mangohud
prismlauncher
openttd-jgrpp
#bottles
lutris
unstable.umu-launcher
# wine
bottles
];
};

23
modules/home/gui/games/wow.nix
View File

@@ -1,23 +0,0 @@
{ pkgs, lib, config, sops, ... }: {
config = lib.mkIf (config.syscfg.make.game) {
home.packages = with pkgs;
[
# custom.simc
unstable.instawow
];
# templates buggy currently
#xdg.configFile."instawow/config.json" = ''${config.sops.templates."instawow_config.json".path}'';
sops.templates."instawow_config.json".content = ''
{
"auto_update_check": true,
"access_tokens": {
"cfcore": "${config.sops.placeholder.curse_forge_key}",
"github": "${config.sops.placeholder.github_user_key}",
"wago_addons": null
}
}'';
};
}

2
modules/home/gui/theme/default.nix
View File

@@ -28,7 +28,7 @@ in {
qt = {
enable = true;
platformTheme.name = "gtk";
platformTheme.name = "gtk3";
};
home.packages = [ wallpaperGen pkgs.swww ];

50
modules/home/gui/theme/gtk-theme-gen.nix
View File

@@ -11,8 +11,8 @@ in pkgs.stdenv.mkDerivation rec {
src = pkgs.fetchFromGitHub {
owner = "vinceliuice";
repo = "Orchis-theme";
rev = "5b73376721cf307101e22d7031c1f4b1344d1f63";
sha256 = "sha256-+2/CsgJ+rdDpCp+r5B/zys3PtFgtnu+ohTEUOtJNd1Y=";
rev = "be8b0aff92ed0741174b74c2ee10c74b15be0474";
sha256 = "sha256-m7xh/1uIDh2BM0hTPA5QymXQt6yV7mM7Ivg5VaF2PvM=";
};
nativeBuildInputs = with pkgs; [ gtk3 sassc ];
@@ -22,43 +22,43 @@ in pkgs.stdenv.mkDerivation rec {
preInstall = ''
mkdir -p $out/share/themes
cat > src/_sass/_color-palette-${scheme.slug}.scss << 'EOF'
$red-light: #${scheme.palette.low0F};
$red-dark: #${scheme.palette.high0F};
$red-light: #${scheme.palette.base0F};
$red-dark: #${scheme.palette.base0F};
$pink-light: #${scheme.palette.low0E};
$pink-dark: #${scheme.palette.high0E};
$pink-light: #${scheme.palette.base0E};
$pink-dark: #${scheme.palette.base0E};
$purple-light: #${scheme.palette.low0D};
$purple-dark: #${scheme.palette.high0D};
$purple-light: #${scheme.palette.base0D};
$purple-dark: #${scheme.palette.base0D};
$blue-light: #${scheme.palette.low0C};
$blue-dark: #${scheme.palette.high0C};
$blue-light: #${scheme.palette.base0C};
$blue-dark: #${scheme.palette.base0C};
$teal-light: #${scheme.palette.low0B};
$teal-dark: #${scheme.palette.high0B};
$teal-light: #${scheme.palette.base0B};
$teal-dark: #${scheme.palette.base0B};
$green-light: #${scheme.palette.low0A};
$green-dark: #${scheme.palette.high0A};
$sea-light: #${scheme.palette.alt_low0B};
$sea-dark: #${scheme.palette.alt_high0B};
$green-light: #${scheme.palette.base0A};
$green-dark: #${scheme.palette.base0A};
$sea-light: #${scheme.palette.base0B};
$sea-dark: #${scheme.palette.base0B};
$yellow-light: #${scheme.palette.low09};
$yellow-dark: #${scheme.palette.low09};
$yellow-light: #${scheme.palette.base09};
$yellow-dark: #${scheme.palette.base09};
$orange-light: #${scheme.palette.low08};
$orange-dark: #${scheme.palette.high08};
$orange-light: #${scheme.palette.base08};
$orange-dark: #${scheme.palette.base08};
$grey-050: #${scheme.palette.base07};
$grey-100: #${scheme.palette.base07};
$grey-150: #${scheme.palette.base06};
$grey-150: #${scheme.palette.base07};
$grey-200: #${scheme.palette.base06};
$grey-250: #${scheme.palette.base05};
$grey-250: #${scheme.palette.base06};
$grey-300: #${scheme.palette.base05};
$grey-350: #${scheme.palette.base04};
$grey-350: #${scheme.palette.base05};
$grey-400: #${scheme.palette.base04};
$grey-450: #${scheme.palette.base03};
$grey-450: #${scheme.palette.base04};
$grey-500: #${scheme.palette.base03};
$grey-550: #${scheme.palette.base02};
$grey-550: #${scheme.palette.base03};
$grey-600: #${scheme.palette.base02};
$grey-650: #${scheme.palette.base02};
$grey-700: #${scheme.palette.base01};

7
modules/home/wayland/apps/eww/bar/css/_clock.scss
View File

@@ -17,8 +17,7 @@ calendar {
font-weight: bold;
}
label {
font-size: 20pt;
.button {
color: $base0C;
}
@@ -36,6 +35,9 @@ calendar {
margin-top: -4pt;
}
.minute, .hour, .day, .month {
font-size: 20pt;
}
.date {
color: $base0C;
@@ -45,4 +47,5 @@ calendar {
.datetime {
padding: $gaps-window;
}

5
modules/home/wayland/apps/eww/bar/css/_systray.scss
View File

@@ -1,6 +1,3 @@
.tray * {
padding: $border-width 0px;
}
.tray menu {
background-color: $base01;
color: $base07;
@@ -11,7 +8,7 @@
padding: 10px 0px;
>menuitem {
margin: 2px $border-width;
margin: 0px $border-width;
padding: 0px 10px;
&:disabled label {

3
modules/home/wayland/apps/eww/bar/eww.scss
View File

@@ -101,9 +101,6 @@ tooltip {
}
.modevent:hover {
@include border-active;
border-right-style: none;
border-bottom-right-radius: 0;
border-top-right-radius: 0;
}
.modinner {

2
modules/home/wayland/apps/eww/bar/eww.yuck
View File

@@ -48,7 +48,7 @@
(defwindow bar
:monitor 1
:monitor 0
:geometry (geometry
:x "0%"
:y "0%"

26
modules/home/wayland/apps/eww/bar/modules/clock.yuck
View File

@@ -5,30 +5,28 @@
(eventbox
:onhover "${EWW_CMD} update date_rev=true"
:onhoverlost "${EWW_CMD} update date_rev=false"
:onclick "(sleep 0.1 && ${EWW_CMD} open --toggle calendar)"
:onrightclick "(sleep 0.1 && ${EWW_CMD} open --toggle powermenu)"
(box
:class "datetime"
(overlay
(box
:orientation "v"
(label :show-truncated false
:class "hour"
:text {hour})
(label :show-truncated false
:class "minute"
:text {minute}))
(button
:class "hour" hour)
(button
:class "minute" minute))
(revealer
:reveal date_rev
(box
:class "date"
:orientation "v"
(label :show-truncated "false"
:class "day"
:text {day})
(label :show-truncated "false"
:class "month"
:text {month}))
(button
:onclick "${EWW_CMD} open --toggle calendar"
:onrightclick "${EWW_CMD} open --toggle powermenu"
:class "day" day)
(button
:onclick "${EWW_CMD} open --toggle calendar"
:onrightclick "${EWW_CMD} open --toggle powermenu"
:class "month" month))
)
)
)

28
modules/home/wayland/apps/eww/bar/modules/sys.yuck
View File

@@ -6,21 +6,23 @@
(defwidget sys-mod []
(module
(eventbox
:onclick "(sleep 0.1 && ${EWW_CMD} open --toggle sys)"
(button
:class "module"
:onclick "${EWW_CMD} open --toggle sys"
(box
:orientation "v"
(circular-progress
:value {EWW_CPU.avg}
:class "cpubar"
:thickness 6
(label :class "icon-text" :text "C"))
:orientation "v"
(circular-progress
:value {EWW_CPU.avg}
:class "cpubar"
:thickness 6
(label :class "icon-text" :text "C"))
(circular-progress
:value {gpu.devices[0].GRBM2?.CommandProcessor-Graphics?.value?:0}
:class "gpubar"
:thickness 6
(label :class "icon-text" :text "G"))
(circular-progress
:value {gpu.devices[0].GRBM2?.CommandProcessor-Graphics?.value?:0}
:class "gpubar"
:thickness 6
(label :class "icon-text" :text "G"))
(circular-progress
:value {100*memory.used/memory.total}
:class "membar"

2
modules/home/wayland/apps/eww/bar/modules/systray.yuck
View File

@@ -7,7 +7,7 @@
:class "tray"
:space-evenly "true"
:orientation "v"
:icon-size 20
:icon-size 24
:prepend-new "false"
)
)

1
modules/home/wayland/apps/eww/bar/modules/workspaces.yuck
View File

@@ -11,7 +11,6 @@
(button
:onclick "hyprctl dispatch workspace ${ws.number}"
(label
:show-truncated false
:class "icon-text ${ws.color}"
:text `${ws.focused ? "󰜗" : "󰝥"}`
)

2
modules/home/wayland/apps/eww/bar/scripts/workspaces
View File

@@ -64,7 +64,7 @@ done
generate
# main loop
socat -u UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/"$HYPRLAND_INSTANCE_SIGNATURE"/.socket2.sock - | rg --line-buffered "workspace|mon(itor)?" | while read -r line; do
socat -u UNIX-CONNECT:/tmp/hypr/"$HYPRLAND_INSTANCE_SIGNATURE"/.socket2.sock - | rg --line-buffered "workspace|mon(itor)?" | while read -r line; do
case ${line%>>*} in
"workspace")
focusedws=${line#*>>}

2
modules/home/wayland/apps/eww/bar/windows/calendar.yuck
View File

@@ -1,5 +1,5 @@
(defwindow calendar
:monitor 1
:monitor 0
:geometry (geometry
:x "0%"
:y "0%"

2
modules/home/wayland/apps/eww/bar/windows/powermenu.yuck
View File

@@ -34,7 +34,7 @@
)
(defwindow powermenu
:monitor 1
:monitor 0
:stacking "overlay"
:geometry (geometry
:anchor "center"

9
modules/home/wayland/apps/eww/bar/windows/radio.yuck
View File

@@ -2,7 +2,7 @@
(defvar radio_rev false)
(defwindow radio
:monitor 1
:monitor 0
:geometry (geometry
:x "0%"
:y "0%"
@@ -100,11 +100,8 @@
(box
:orientation "v"
(button
:onclick "(sleep 0.1 && ${EWW_CMD} open --toggle --no-daemonize radio)"
(label
:show-truncated false
:class "icon-text"
:text "󰝚")
:onclick "${EWW_CMD} open --toggle --no-daemonize radio"
(label :class "icon-text" :text "󰝚")
)
)
)

2
modules/home/wayland/apps/eww/bar/windows/sys.yuck
View File

@@ -129,7 +129,7 @@
)
(defwindow sys
:monitor 1
:monitor 0
:stacking "overlay"
:geometry (geometry
:x "0%"

97
modules/home/wayland/apps/kanshi/default.nix
View File

@@ -4,70 +4,56 @@
services.kanshi = {
enable = true;
systemdTarget = "graphical-session.target";
settings = [
{
profile.name = "tower_0";
profile.outputs = [
profiles = {
tower_0 = {
outputs = [{
criteria = "CEX CX133 0x00000001";
mode = "1920x1200@59.972";
position = "0,0";
scale = 1.0;
status = "enable";
}];
};
tower_1 = {
outputs = [{
criteria = "AOC 16G3 1DDP7HA000348";
mode = "1920x1080@144.000";
position = "0,0";
status = "enable";
scale = 1.0;
adaptiveSync = true;
}];
};
tower_2 = {
outputs = [
{
criteria = "AOC 24E1W1 GNSKCHA086899";
mode = "1920x1080@60.000";
position = "0,0";
status = "enable";
scale = 1.0;
adaptiveSync = true;
}
{
criteria = "AOC 24E1W1 GNSKBHA080346";
mode = "1920x1080@60.000";
position = "1920,0";
status = "enable";
scale = 1.0;
adaptiveSync = true;
}
];
}
{
profile.name = "tower_1";
profile.outputs = [
{
criteria = "AOC 24E1W1 GNSKCHA086899";
mode = "1920x1080@60.000";
position = "0,0";
status = "enable";
scale = 1.0;
adaptiveSync = true;
}
{
criteria = "AOC 24E1W1 GNSKBHA080346";
mode = "1920x1080@60.000";
position = "0,0";
status = "enable";
scale = 1.0;
adaptiveSync = true;
}
{
criteria = "LG UNKNOWN_TBD";
criteria = "AOC 16G3 1DDP7HA000348";
mode = "1920x1080@144.000";
position = "0,0";
status = "enable";
scale = 1.0;
adaptiveSync = true;
}
{
criteria = "CEX CX133 0x00000001";
mode = "1920x1200@59.972";
position = "0,1080";
scale = 1.0;
status = "enable";
}
];
}
{
profile.name = "laptop_0";
profile.outputs = [{
};
laptop_0 = {
outputs = [{
criteria = "LG Display 0x060A Unknown";
mode = "1920x1080@60.020";
position = "0,0";
scale = 1.0;
status = "enable";
}];
}
{
profile.name = "laptop_1";
profile.outputs = [
};
laptop_1 = {
outputs = [
{
criteria = "CEX CX133 0x00000001";
mode = "2560x1600@59.972";
@@ -83,10 +69,9 @@
status = "enable";
}
];
}
{
profile.name = "laptop_2";
profile.outputs = [
};
laptop_2 = {
outputs = [
{
criteria = "AOC 16G3 1DDP7HA000348";
mode = "1920x1080@144.000";
@@ -103,8 +88,8 @@
status = "enable";
}
];
}
];
};
};
};
};
}

2
modules/home/wayland/apps/waylock/default.nix
View File

@@ -5,8 +5,6 @@
xdg.configFile."swaylock/config".text = ''
screenshots
grace-no-mouse
grace-no-touch
grace=5
effect-pixelate=5
fade-in=0.2

8
modules/home/wayland/base/default.nix
View File

@@ -17,12 +17,8 @@ in {
dbus-hyprland-environment
wayland
hyprpicker
hyprshot
grim
slurp
satty
swappy
cliphist
wl-clipboard
@@ -46,8 +42,6 @@ in {
[ "discord-402572971681644545.desktop" ];
"x-scheme-handler/discord-696343075731144724" =
[ "discord-696343075731144724.desktop" ];
"x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ];
"x-scheme-handler/tonsite" = [ "org.telegram.desktop.desktop" ];
"x-scheme-handler/http" = [ "firefox.desktop" ];
"x-scheme-handler/https" = [ "firefox.desktop" ];
"x-scheme-handler/chrome" = [ "firefox.desktop" ];

26
modules/home/wayland/hyprland/config.nix
View File

@@ -1,12 +1,11 @@
{ lib, config, pkgs, ... }: {
config = lib.mkIf (config.usercfg.wm == "Wayland") {
wayland.windowManager.hyprland = {
enable = true;
xwayland.enable = true;
extraConfig = ''
monitor=,preferred,auto,auto
env=bitdepth,10
input {
kb_layout = us, ru
kb_variant = intl, phonetic
@@ -14,7 +13,7 @@
follow_mouse = 1
sensitivity = 0
sensitivity = 0 # -0.5 # -1.0 - 1.0, 0 means no modification.
touchpad {
natural_scroll=no
@@ -61,10 +60,10 @@
fullscreen_opacity = 1.0
# shadow
# drop_shadow = no
# shadow_range = 60
# shadow_offset = 0 5
# shadow_render_power = 4
drop_shadow = no
shadow_range = 60
shadow_offset = 0 5
shadow_render_power = 4
#col.shadow = rgba(00000099)
}
@@ -86,10 +85,12 @@
}
master {
new_status = master
new_is_master = true
}
gesture = 3, vertical, workspace
gestures {
workspace_swipe = off
}
exec-once = eww open bar
#exec-once = waybar
@@ -144,11 +145,6 @@
windowrulev2 = float,class:^(org.telegram.desktop)$,title:^(Media viewer)$
windowrulev2 = center,class:^(org.telegram.desktop)$,title:^(Media viewer)$
#SPECIAL NO SLEEP
windowrulev2 = idleinhibit fullscreen, class:^(.*)
windowrulev2 = idleinhibit focus, class:^(steam_app_.*)$
windowrulev2 = idleinhibit focus, class:^(mpv)$
layerrule = blur,^(eww-blur)
#binds
@@ -164,7 +160,7 @@
bind = SUPER SHIFT,D,exec, ~/.config/hypr/themes/apatheia/eww/launch_bar
bind = SUPER, V, exec, cliphist list | wofi -dmenu | cliphist decode | wl-copy
bind = , PRINT, exec, hyprshot -m region --raw | satty --filename - --early-exit --action-on-enter save-to-clipboard --copy-command 'wl-copy'
bind = , Print, exec, grim -g "$(slurp -d)" - | swappy -f -
bind = SUPER, L, exec, swaylock

4
modules/home/xorg/bspwm/config.nix
View File

@@ -110,7 +110,7 @@
telegram-desktop &
nextcloud &
jellyfin-mpv-shim &
#flameshot &
flameshot &
sleep 2
@@ -265,7 +265,7 @@
# Screenshots
Print
hyprshot -m region
flameshot gui
# Lock Desktop
super + l

2
modules/home/xorg/bspwm/default.nix
View File

@@ -5,7 +5,7 @@
config = lib.mkIf (config.usercfg.wm == "X11") {
xsession.windowManager.bspwm = { enable = true; };
services.sxhkd = { enable = true; };
home.packages = with pkgs; [ xrandr arandr hyprshot xtrlock i3lock ];
home.packages = with pkgs; [ xrandr arandr flameshot xtrlock i3lock ];
};
}

6
modules/nixos/gui/audio/default.nix
View File

@@ -2,9 +2,9 @@
let cfg = config.syscfg.make.gui;
in {
config = lib.mkIf cfg {
# sound.enable = true;
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pulseaudio.enable = false; #25.05 change to services
services.pipewire = {
enable = true;
alsa.enable = true;
@@ -13,6 +13,6 @@ in {
# wireplumber.enable = true;
};
environment.systemPackages = with pkgs; [ easyeffects alsa-utils ];
environment.systemPackages = with pkgs; [ easyeffects ];
};
}

3
modules/nixos/gui/games/default.nix
View File

@@ -5,9 +5,6 @@ in {
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
extraCompatPackages = with pkgs; [proton-ge-bin];
};
programs.gamemode.enable = true;
};
}

1
modules/nixos/gui/xserver/default.nix
View File

@@ -1,6 +1,5 @@
{ lib, config, pkgs, ... }: {
config = lib.mkIf (config.syscfg.make.gui) {
programs.xwayland.enable = true;
services.xserver = {
enable = true;
videoDrivers = [ "amd" ];

2
modules/nixos/system/hw/boot/default.nix
View File

@@ -9,7 +9,7 @@ in {
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
efiSysMountPoint = "/boot/efi";
};
};
};

2
modules/nixos/system/hw/default.nix
View File

@@ -1 +1 @@
{ ... }: { imports = [ ./base ./boot ./fs ./graphics ./power ./udev ./virt ]; }
{ ... }: { imports = [ ./base ./boot ./fs ./opengl ./power ./udev ./virt ]; }

4
modules/nixos/system/hw/graphics/default.nix
View File

@@ -1,4 +0,0 @@
{ ... }: {
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
}

5
modules/nixos/system/hw/opengl/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }: {
hardware.opengl.enable = true;
hardware.opengl.driSupport = true;
hardware.opengl.driSupport32Bit = true;
}

15
modules/nixos/system/hw/power/default.nix
View File

@@ -7,23 +7,8 @@
STOP_CHARGE_THRESH_BAT0 = 90;
CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
MEM_SLEEP_ON_BAT = "deep";
};
};
powerManagement.enable = true;
# suspend to RAM (deep) rather than `s2idle`
boot.kernelParams = [ "mem_sleep_default=deep" ];
# suspend-then-hibernate
systemd.sleep.extraConfig = ''
HibernateDelaySec=30m
SuspendState=mem
'';
services.logind.settings.Login.HandleLidSwitch = "suspend-then-hibernate";
# Hibernate on power button pressed
services.logind.settings.Login.HandlePowerKey = "hibernate";
services.logind.settings.Login.HandlePowerKeyLongPress = "poweroff";
systemd.user.services.battery_monitor = {
wants = [ "display-manager.service" ];

7
modules/nixos/system/hw/virt/default.nix
View File

@@ -11,10 +11,9 @@
dockerSocket.enable = true;
dockerCompat = true;
defaultNetwork.settings = {
#dnsname.enable = true;
dns_enabled = true;
#internal = true;
#name = "internal";
dnsname.enable = true;
internal = true;
name = "internal";
};
};
};

11
modules/nixos/system/network/base/default.nix
View File

@@ -4,15 +4,6 @@
useDHCP = true;
nameservers = [ "1.1.1.1" "9.9.9.9" ];
firewall = {
enable = true;
allowedUDPPorts =
(if config.syscfg.server ? wireguard then [ 1515 ] else [ ]) ++
[ ];
allowedTCPPorts =
(if config.syscfg.server ? web then [ 80 443 22 ] else [ ]) ++
[ ];
};
firewall = { enable = true; };
};
}

34
modules/nixos/system/network/wireguard/default.nix
View File

@@ -1,12 +1,4 @@
{ config, lib, pkgs, ... }: let
isValidPeer = p:
(p ? syscfg.net.wg.enable) &&
(p.syscfg.net.wg.enable == true) &&
(p.syscfg.net.wg.pubkey != config.syscfg.net.wg.pubkey);
activePeers = builtins.filter isValidPeer config.syscfg.peers;
in
{
{ config, lib, ... }: {
config = lib.mkIf (config.syscfg.net.wg.enable) {
networking.wireguard = {
enable = true;
@@ -17,26 +9,14 @@ in
config.sops.secrets."${config.syscfg.hostname}_wg_priv".path;
listenPort = 1515;
mtu = 1340;
peers =
if (config.syscfg.server ? wireguard && config.syscfg.server.wireguard) then
map (p: {
name = p.syscfg.hostname;
publicKey = p.syscfg.net.wg.pubkey;
allowedIPs = [ p.syscfg.net.wg.ip4 p.syscfg.net.wg.ip6 ];
}) activePeers
else
[{
allowedIPs = [ "10.10.1.0/24" "fd10:10:10::0/64" ];
endpoint = "vpn.helcel.net:1515";
publicKey = "NFBJvYXZC+bd62jhrKnM7/pugidWhgR6+C5qIiUiq3Q=";
persistentKeepalive = 30;
}];
peers = [{
allowedIPs = [ "10.10.1.0/24" "fd10:10:10::0/64" ];
endpoint = "vpn.helcel.net:1515";
publicKey = "NFBJvYXZC+bd62jhrKnM7/pugidWhgR6+C5qIiUiq3Q=";
persistentKeepalive = 30;
}];
};
};
};
systemd.services."wireguard-wg0" = {
after = [ "network-online.target" "nss-lookup.target" ];
wants = [ "network-online.target" "nss-lookup.target" ];
};
};
}

8
modules/nixos/system/nix/default.nix
View File

@@ -1,4 +1,4 @@
{ inputs, pkgs, ... }: {
{ pkgs, ... }: {
nixpkgs.config = {
permittedInsecurePackages = [ ];
allowUnfree = true;
@@ -8,9 +8,9 @@
};
};
nixpkgs.overlays = import ../../../../overlays { inherit inputs pkgs; };
nixpkgs.overlays = import ../../../../overlays { inherit pkgs; };
nix = {
package = pkgs.nixVersions.stable;
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
@@ -37,5 +37,5 @@
];
};
};
system.stateVersion = "24.11";
system.stateVersion = "24.05";
}

8
modules/nixos/system/xdg/default.nix
View File

@@ -15,16 +15,16 @@
GBM_BACKEND = "amd-drm";
__GL_GSYNC_ALLOWED = "0";
__GL_VRR_ALLOWED = "1";
__GLX_VENDOR_LIBRARY_NAME = "amd";
WLR_DRM_NO_ATOMIC = "1";
__GLX_VENDOR_LIBRARY_NAME = "amd";
_JAVA_AWT_WM_NONREPARENTING = "1";
QT_QPA_PLATFORM = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
# GDK_BACKEND = "wayland";
GDK_BACKEND = "wayland";
WLR_NO_HARDWARE_CURSORS = "1";
MOZ_ENABLE_WAYLAND = "1";
# WLR_BACKEND = "vulkan";
# WLR_RENDERER = "vulkan";
WLR_BACKEND = "vulkan";
WLR_RENDERER = "vulkan";
XCURSOR_SIZE = "24";
NIXOS_OZONE_WL = "1";
};

3
modules/nixos/tools/debug/default.nix
View File

@@ -2,9 +2,6 @@
config = lib.mkIf (config.syscfg.make.develop) {
programs.adb.enable = true;
# services.udev.packages = [
# pkgs.android-udev-rules
# ];
programs.wireshark.enable = true;
environment.systemPackages = with pkgs; [ wget dconf wireshark ];

65
modules/nixos/tools/default.nix
View File

@@ -1,64 +1 @@
{ pkgs, ... }: {
imports = [ ./debug ./develop ];
# services.telegraf = {
# enable = true;
# extraConfig = {
# agent = {
# interval = "10s";
# round_interval = true;
# metric_batch_size = 1000;
# metric_buffer_limit = 10000;
# collection_jitter = "0s";
# flush_interval = "10s";
# flush_jitter = "0s";
# precision = "";
# hostname = "valinor";
# omit_hostname = false;
# };
# inputs.cpu = {
# percpu = true;
# totalcpu = true;
# collect_cpu_time = false;
# report_active = false;
# };
# inputs.mem = {};
# inputs.swap = {};
# inputs.system = {};
# inputs.disk = {
# ignore_fs = ["tmpfs" "devtmpfs" "devfs"];
# };
# inputs.net = {};
# inputs.netstat = {};
# inputs.ping = {
# urls = ["8.8.8.8" "8.8.4.4"];
# count = 4;
# interval = "60s";
# binary = "${pkgs.iputils.out}/bin/ping";
# };
# inputs.internet_speed = {
# interval = "2m";
# };
# inputs.net_response = {
# protocol = "tcp";
# address = "google.com:80";
# timeout = "5s";
# read_timeout = "5s";
# interval = "30s";
# };
# outputs.influxdb_v2 = {
# urls = [""];
# token = "";
# organization = "";
# bucket = "";
# };
# };
# };
}
{ ... }: { imports = [ ./debug ./develop ]; }

11
modules/nixos/tools/develop/default.nix
View File

@@ -6,13 +6,10 @@ let
includeEmulator = false;
};
in {
imports = [ ./ollama ];
config = lib.mkIf (config.syscfg.make.develop) {
environment.systemPackages = with pkgs;
[
# android-tools
unstable.androidStudioPackages.canary
];
environment.systemPackages = with pkgs; [
android-tools
androidStudioPackages.canary
];
};
}

16
modules/nixos/tools/develop/ollama/default.nix
View File

@@ -1,16 +0,0 @@
{ lib, config, pkgs, ... }:
let
ollamaPkg = pkgs.ollama-rocm;
in{
config = lib.mkIf (config.syscfg.make.develop) {
services.ollama = {
enable = true;
package = ollamaPkg;
acceleration = "rocm";
loadModels = [ "deepseek-v2:lite" "qwen2.5-coder:7b" "qwen2.5-coder:1.5b" ];
syncModels = true;
};
environment.systemPackages = with pkgs; [ ollamaPkg ];
};
}

2
modules/nixos/users/default.nix
View File

@@ -11,7 +11,6 @@ in {
extraGroups = [
"networkmanager"
"wheel"
"dialout"
"vboxsf"
"adbusers"
"libvirtd"
@@ -22,7 +21,6 @@ in {
"docker"
"podman"
"wireshark"
"gamemode"
];
}) config.syscfg.users);
};

40
modules/server/containers/default.nix
View File

@@ -1,40 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.syscfg.server.containers;
enabledConfigs = lib.filterAttrs (name: c: c.enable) cfg;
containerSetsList = lib.mapAttrsToList (name: containerCfg:
import (./defs + "/${name}.nix") {
inherit config pkgs lib containerCfg;
}
) enabledConfigs;
mergedContainers = lib.attrsets.mergeAttrsList (lib.map(e: e.containers) containerSetsList);
allPathConfigs = lib.flatten (lib.map (e: e.paths or []) containerSetsList);
in
{
config = lib.mkIf ( enabledConfigs != {} ) {
virtualisation.oci-containers = {
backend = "podman";
containers = mergedContainers;
};
systemd.services.podman-gc = {
description = "Podman garbage collection";
serviceConfig.Type = "oneshot";
script = ''
${pkgs.podman}/bin/podman container prune -f
${pkgs.podman}/bin/podman image prune -f
'';
startAt = "weekly";
};
system.activationScripts.container-setup-dirs = {
deps = [ "users" "groups" ];
text = lib.concatStringsSep "\n" (map (cfg: ''
mkdir -p "${cfg.path}"
chown ${cfg.owner} "${cfg.path}"
chmod ${cfg.mode} "${cfg.path}"
'') allPathConfigs);
};
};
}

84
modules/server/containers/defs/authentik.nix
View File

@@ -1,84 +0,0 @@
{ config, containerCfg, pkgs, lib, ... }:
let
serverCfg = config.syscfg.server;
in {
paths = [{
path="${serverCfg.dataPath}/authentik/media";
owner = "1000:1000";
mode = "0755";
}{
path="${serverCfg.dataPath}/authentik/templates";
owner = "1000:1000";
mode = "0755";
}];
containers = {
auth_server = {
image = "ghcr.io/goauthentik/server:latest";
hostname = "auth_server";
volumes = [
"${serverCfg.dataPath}/authentik/media:/media"
"${serverCfg.dataPath}/authentik/templates:/templates"
];
environmentFiles = [
config.sops.secrets."AUTHENTIK".path
];
environment = {
"AUTHENTIK_REDIS__HOST" = "host.containers.internal";
"AUTHENTIK_POSTGRESQL__HOST" = "host.containers.internal";
"AUTHENTIK_POSTGRESQL__USER" = "authentik_user";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik_db";
"AUTHENTIK_EMAIL__HOST" = "${serverCfg.mailDomain}";
"AUTHENTIK_EMAIL__PORT" = "587";
"AUTHENTIK_EMAIL__USERNAME" = "noreply@${serverCfg.hostDomain}";
"AUTHENTIK_EMAIL__USE_TLS" = "true";
"AUTHENTIK_EMAIL__USE_SSL" = "false";
"AUTHENTIK_EMAIL__TIMEOUT" = "10";
"AUTHENTIK_EMAIL__FROM" = "sso@noreply.${serverCfg.hostDomain}";
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.sso.entrypoints" = "web-secure";
"traefik.http.routers.sso.rule" = "Host(`sso.${serverCfg.hostDomain}`)";
"traefik.http.routers.sso.tls" = "true";
"traefik.http.services.sso.loadbalancer.server.port" = "${toString containerCfg.port}";
};
cmd = [ "server" ];
extraOptions = [
"--add-host=host.containers.internal:host-gateway"
"--replace"
"--rm"
"--ip=${containerCfg.ip}"
];
ports = [
"9999:${toString containerCfg.port}"
];
};
auth_worker = {
image = "ghcr.io/goauthentik/server:latest";
hostname = "auth_worker";
volumes = [
"${serverCfg.dataPath}/authentik/media:/media"
"${serverCfg.dataPath}/authentik/templates:/templates"
"/var/run/docker.sock:/var/run/docker.sock"
];
environmentFiles = [
config.sops.secrets."AUTHENTIK".path
];
environment = {
"AUTHENTIK_REDIS__HOST" = "host.containers.internal";
"AUTHENTIK_POSTGRESQL__HOST" = "host.containers.internal";
"AUTHENTIK_POSTGRESQL__USER" = "authentik_user";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik_db";
};
extraOptions = [
"--add-host=host.containers.internal:host-gateway"
"--replace"
"--rm"
];
cmd = [ "worker" ];
};
};
}

76
modules/server/database/default.nix
View File

@@ -1,76 +0,0 @@
{ config, lib, pkgs, ... }:
let
listNames = config.syscfg.server.db;
containerNames = lib.mapAttrsToList
(name: cfg: name)
(lib.filterAttrs (name: cfg: cfg.db or false) config.syscfg.server.containers);
allApps = lib.unique (listNames ++ containerNames);
in {
config = lib.mkIf ( builtins.length allApps > 0) {
services.postgresql = {
enable = true;
enableTCPIP = true; # Required to listen on network interfaces
settings = {
listen_addresses = lib.mkForce "*";
};
authentication = pkgs.lib.mkOverride 10 ''
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.0.0.0/8 scram-sha-256
host all all 169.254.0.0/16 scram-sha-256
'';
ensureDatabases = map (name: "${name}_db") allApps;
ensureUsers = map (name: { name = "${name}_user"; }) allApps;
};
services.postgresqlBackup = {
enable = true;
location = "/var/lib/postgresql/backups";
startAt = "*-*-* 04:00:00"; # Runs every day at 4 AM
backupAll = true; # Backs up all databases and roles
};
services.redis.servers."main" = {
enable = true;
port = 6379;
bind = "*";
settings.protected-mode = "no";
};
systemd.services.postgresql-init = {
description = "Custom Postgres Setup (Ownership & Passwords)";
after = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
User = "postgres";
RemainAfterExit = true;
};
script = ''
${pkgs.coreutils}/bin/sleep 2
PSQL="${pkgs.postgresql}/bin/psql"
${lib.concatMapStringsSep "\n" (name: ''
$PSQL -tAc "ALTER DATABASE ${name}_db OWNER TO ${name}_user;"
if [ -f "${config.sops.secrets."${lib.toUpper name}".path}" ]; then
PASS=$(grep "^DB_PASSWORD=" "${config.sops.secrets."${lib.toUpper name}".path}" | cut -d'=' -f2-)
echo $PASS
if $PSQL -tAc "ALTER USER ${name}_user WITH PASSWORD '$PASS';" ; then
echo " Successfully set password for ${name}_user"
else
echo " FAILED to set password for ${name}_user"
fi
fi
'') allApps}
'';
};
};
}

16
modules/server/default.nix
View File

@@ -1,3 +1,15 @@
{ config, pkgs, lib, ... }:{
imports = [ ./containers ./database ./nftables ./openssh ./sops ];
{ config, pkgs, lib, ... }:
let
in {
imports = [ ./sops ];
environment.systemPackages = with pkgs; [ arion ];
virtualisation.arion = {
backend = "podman-socket";
projects = {
cloud.settings = import ./docker/cloud.nix { inherit config pkgs lib; };
authentik.settings =
import ./docker/authentik.nix { inherit config pkgs lib; };
};
};
}

104
modules/server/docker/authentik.nix Normal file
View File

@@ -0,0 +1,104 @@
{ config, pkgs, lib, ... }:
let serverCfg = config.syscfg.server;
in {
project.name = "authentik";
networks = {
internal = {
name = lib.mkForce "internal";
internal = true;
};
external = {
name = lib.mkForce "external";
internal = false;
};
};
services = {
auth_postgresql.service = {
image = "postgres:14-alpine";
container_name = "auth_postgresql";
restart = "unless-stopped";
networks = [ "internal" ];
volumes = [ ];
environment = {
POSTGRES_PASSWORD = "/run/secrets/AUTHENTIK_POSTGRESQL__PASSWORD";
POSTGRES_USER = "authentik";
POSTGRES_DB = "authentik";
};
};
auth_redis.service = {
image = "redis:alpine";
container_name = "auth_redis";
restart = "unless-stopped";
networks = [ "internal" ];
volumes = [ ];
environment = { };
labels = { "traefik.enable" = "false"; };
};
auth_server.service = {
image = "ghcr.io/goauthentik/server:latest";
container_name = "auth_server";
restart = "unless-stopped";
networks = [ "internal" "external" ];
volumes = [
"${serverCfg.dataPath}/authentik/media:/media"
"${serverCfg.dataPath}/authentik/templates:/templates"
];
environment = {
"AUTHENTIK_REDIS__HOST" = "auth_redis";
"AUTHENTIK_POSTGRESQL__HOST" = "auth_postgresql";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "AUTHENTIK_DB_PASSWORD";
"AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
"AUTHENTIK_EMAIL__HOST" = "${serverCfg.mailDomain}";
"AUTHENTIK_EMAIL__PORT" = "587";
"AUTHENTIK_EMAIL__USERNAME" = "noreply@${serverCfg.hostDomain}";
"AUTHENTIK_EMAIL__PASSWORD" = "AUTHENTIK_EMAIL_PASSWORD";
"AUTHENTIK_EMAIL__USE_TLS" = "true";
"AUTHENTIK_EMAIL__USE_SSL" = "false";
"AUTHENTIK_EMAIL__TIMEOUT" = "10";
"AUTHENTIK_EMAIL__FROM" = "sso@noreply.${serverCfg.hostDomain}";
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.sso.entrypoints" = "web-secure";
"traefik.http.routers.sso.rule" = "Host(`sso.${serverCfg.hostDomain}`)";
"traefik.http.routers.sso.tls" = "true";
"traefik.http.services.sso.loadbalancer.server.port" = "9000";
"traefik.docker.network" = "external";
};
command = "server";
ports = [
"9999:9000" # host:container
];
};
auth_worker.service = {
image = "ghcr.io/goauthentik/server:latest";
container_name = "auth_worker";
restart = "unless-stopped";
networks = [ "internal" ];
volumes = [
"${serverCfg.dataPath}/authentik/media:/media"
"${serverCfg.dataPath}/authentik/templates:/templates"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
"AUTHENTIK_REDIS__HOST" = "auth_redis";
"AUTHENTIK_POSTGRESQL__HOST" = "auth_postgresql";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "AUTHENTIK_DB_PASSWORD";
"AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
};
labels = { "traefik.enable" = "false"; };
command = "worker";
user = "root";
};
};
}

0
modules/server/containers/defs/cloud.nix → modules/server/docker/cloud.nix
View File

0
modules/server/containers/defs/sample.nix → modules/server/docker/sample.nix
View File

0
modules/server/containers/defs/traefik.nix → modules/server/docker/traefik.nix
View File

47
modules/server/nftables/default.nix
View File

@@ -1,47 +0,0 @@
{ config, lib, ... }:{
config = lib.mkIf (config.syscfg.server.nftables.enable) {
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
networking.nftables.enable = true;
networking.nftables.ruleset = ''
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
tcp dport {5432, 6379} ip saddr { 10.0.0.0/8 169.254.0.0/16 } accept
}
}
table inet nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
${lib.concatMapStringsSep "\n" (rule:
let
srcInt = builtins.elemAt rule 0;
dstAddr4 = builtins.elemAt rule 1;
dstAddr6 = builtins.elemAt rule 2;
srcPort = toString (builtins.elemAt rule 3);
dstPort = toString (builtins.elemAt rule 4);
in ''
iifname "${srcInt}" tcp dport ${srcPort} counter dnat ip to ${dstAddr4}:${dstPort}
iifname "${srcInt}" udp dport ${srcPort} counter dnat ip to ${dstAddr4}:${dstPort}
iifname "${srcInt}" tcp dport ${srcPort} counter dnat ip6 to [${dstAddr6}]:${dstPort}
iifname "${srcInt}" udp dport ${srcPort} counter dnat ip6 to [${dstAddr6}]:${dstPort}
''
) config.syscfg.server.nftables.ports}
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oifname { ${lib.concatMapStringsSep ", " (iface: ''"${iface}"'') config.syscfg.server.nftables.ifs} } masquerade
}
}
'';
};
}

27
modules/server/openssh/default.nix
View File

@@ -1,27 +0,0 @@
{ config, lib, ... }:
let
allUsers = lib.concatMap (peer: if peer.syscfg ? users then peer.syscfg.users else []) config.syscfg.peers;
groupedUsers = lib.groupBy (u: u.username) allUsers;
allowedUsernames = map (u: u.username) config.syscfg.users;
activeUsers = lib.filterAttrs (name: _: lib.elem name allowedUsernames) groupedUsers;
in {
config = lib.mkIf (config.syscfg.server.openssh) {
services.openssh = {
enable = true;
ports = [ 422 ];
banner = "";
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
ClientAliveInterval = 60;
ClientAliveCountMax = 3;
TCPKeepAlive = true;
};
};
users.users = lib.mapAttrs (name: userList: {
openssh.authorizedKeys.keys = lib.unique (
lib.concatMap (u: if u ? pubssh then [ u.pubssh ] else []) userList
);
}) activeUsers;
};
}

22
modules/server/sops/default.nix
View File

@@ -1,16 +1,10 @@
{ config, lib, pkgs, ... }:
let
listNames = config.syscfg.server.db;
containerNames = lib.mapAttrsToList (name: cfg: name)
(lib.filterAttrs (name: cfg: cfg.db or false) config.syscfg.server.containers);
allApps = lib.unique (listNames ++ containerNames);
in{
config = lib.mkIf (config.syscfg.server.sops) {
sops.secrets = {
INFOMANIAK_API_KEY = { sopsFile = ./server.yaml; };
} // (lib.genAttrs (map (name: "${lib.toUpper name}") allApps) (name: {
owner = "postgres";
sopsFile = ./server.yaml;
}));
{ config, pkgs, ... }: {
sops.secrets.INFOMANIAK_API_KEY = { sopsFile = ./server.yaml; };
sops.secrets."${config.syscfg.hostname}_ssh_pub" = {
mode = "0400";
owner = config.users.users.${config.syscfg.defaultUser}.name;
group = config.users.users.${config.syscfg.defaultUser}.group;
};
sops.secrets."${config.syscfg.hostname}_wg_priv" = { };
sops.secrets."${config.syscfg.hostname}_wg_pub" = { };
}

81
modules/server/sops/server.yaml
View File

@@ -1,47 +1,68 @@
INFOMANIAK_API_KEY: ENC[AES256_GCM,data:QhjQoCMxogXAPtvUbf/EWkqsFAndn73LBuTqj5essjruekynH287D/CYN/cwfcnDqZoh6Z4A9p08uUmXzqmTiralAhsCoc+Ljb/monmsruc=,iv:8rMGNc9398jnFXZm34fOht6fMNDAcDZ68B1jwoQPn2Q=,tag:ZlQnPaxkCktpwiC6HzmFVg==,type:str]
AUTHENTIK: ENC[AES256_GCM,data:jNcqbLEMbaQ7mmn4dK4LFguecDDxrBsQZaqfQeQ+iGel6mD4jAC6rNdGC8H8NepRWmc0ZjNC6Fe4EaGllbjq/50SqlB47DtyuuCwOZFP6fiU4sD13B7t0Fg/7xMomqnRnJ+3UyVzt6PgEzzQNoPPpHxVGpR+TJnROhflcmCKi/JdAR6dspNqJEbrjp4LVk28Rp9Od6lbsOGphRb79z/DKA1QYRPuE7QU7Edzqqy09g5nKjGxIxjWNEYPt0WiD3537eBICfWm5krs8jxyf6TSiGasHSgSDyJSbnoNkPzSf9A5Jwtulu1jFgjvY/v+qhs9649USp1MzogSAfDZBNC4irge/lb5EPPIQ31EC/Dybza9dX/h6cR/KyQm5GsxBBJzm33rzC/4aCCRlcsAl5eO4JZn4MZta4yHss2UQHQ48i15OSdBwwTbTt240UbrIIje0hfOM6R+Uk3VOY/+VtBV/D+0ks2SUEKMvWgqJDhDh4FVqeR0a9dpLhOAvaWryAAETjlHljOrcF3Q3WooZbBDvLyMMtsHIeF1JDqwghI3,iv:8RdNbsnVVu4awW6yrpLGxAtM7o6uN5vgZIotmT6osW8=,tag:rNaCeG6STXINm42x1b2jcw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4Rzc3ak4vRVZiNWxNZEN3
N21rSjZqUm9XVWF5TUxNTXVybEMzNCtod0NnClNjODB6VWhzU1VHeVdlZ3hEaE5D
MW9WWWYvYmt5TmNzMzNudDhLSW12RnMKLS0tIDdjc2ZOK3QxaTFJMFdpTHFzcklr
clZnQXpPbWs5aXZJeUlxOWhJNmIrOFkKZfZ19Y4yfCJi1GrxLsv76JyBmuxW/glF
BCJCvmdSSOJx5JW26Y3Y3LwiIuL8yboKR+8ZAwU2fG5OQfs+2czFdQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZk1VY3NEZmRkS0J6dU03
OUtETWpHL2hLN09kRytNUEhmVnA5WW9yVXlNCmZaZnQ2YUlMMmlrZ2dEZDVFMHA5
OUpqOTJJbHVVREtpSFUyaDJDbXltaTgKLS0tIFY0ZkF3Ym5oeHViN3J4eW4vSVYz
QkhuU0NLWElyVXpZd2ZpOHhwam04R28KFuaI35e8pB25M2dlP19gApso12ZYJ3ld
BpMnp97ShX0I8bZRIYxSHpSrB/J+tt1V4pfGdJq7uWZM7XacPy666A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pf4auk6u2tmefuqpuc6mntr26cp4wcsmlhnn98arzxsp3753ruqsj0jqk3
- recipient: age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1cEpsb2gvbDJ0aG5BRWNS
WXgydFo3ZkF3SmVIU1EvaHVjb3RvK3BxVDJrCis2ME9zUEVGQURFdmJXS2lTSklk
V3ZONHpTZVJqMUxOVkd5ZDlqVTRNdzgKLS0tIGwwR0k1Vll6bEdmZVZvVktzMTRN
S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk
d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuZXNjRzJsdFpTdDZhSkRB
eW1qSStnZHN5Tzh3bFA1azZIRk42V1RzSTJJCi9MV0k5ZXNQOWJFYnlXdnB3azBL
NzNldkFLWlEyT01MeWlFU3RKODU4dWcKLS0tIFJXL1ZsNDgydTgxVGRMYWxyQTNT
K1M0TDd1eGd1V3pOcjl1M1VrdDUvbG8KpsWlrr14MOh/8mG+rXpswPPFE3VnpKGt
03DWUII3+MMEWLJPLxkNJ9BzCm4Kl1QNHSbJ7Ex6df0b7nB6Ed6Hvw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-06T01:10:20Z"
mac: ENC[AES256_GCM,data:O4RLfEE6z0uDRpZdL47Or+z/PTeJ+zgzXN9kJS6Nebs9Uhw0XUJUPGhAocLokiMin5sQcpxXG5Q8oc2rAkq2GDbtna4u26dtNkd2Q/vtly6DqUaIRXXt3TL5cfJwMNa76fp+ERKLwGbBG+/BFWajzYJtcE257I8t3X4UmAdqYmE=,iv:uYLh8LnGobf7t3Ur7drEiA6n3Vv0e0yhlja6Uww8jiU=,tag:ZK3OCCsiMPtKl28lrGKtqQ==,type:str]
- recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5U1VjTjlIMTdLRFQ5R1Av
SVBLMFZtV3ppK2VXWjdYelNGTGFOZUJaMndBCjYyZ0IveXFiVDlSUEtNOXk2L3g3
UmFIRE1GMEs2QVhUcFJkTHpCWmhhbG8KLS0tIG94NStMUnFZRTRsK2w4cDd4Rms5
M1MwTEtJNEFDdjRLVFRseThxNGJUQ0kKKN7QX9qUojNQBknbInaXslaKsAAhEj5y
QMXAU6TxlHMv+wZy2RQwMe/zE7RP24TypnX894iV0usTHujyxvfk3w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUHFYMWdVczRPdEFSbFR5
VmcxeEU4YWxwRTlDUkRkNVY0dFh5cjVUNjNnCkRSblNaS214dkdrd3JnNE5rZnR3
S0JVeXova1h2VnB2ODY0SUYxZm45TjAKLS0tIFN1QXFyTkt3SmV0UVhGMlMxTmpN
VW83cnd2TnQwWlVCUnpzZ29NRE1SekUKBGVCaijugxR6eSxvk19nncR9X6bmSSUq
VoxtHBkJbz/4mcQ/SUb4Wv1Rt5875tLWygS7qKmh8jzoP7JI4E9qWQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-08T16:05:46Z"
mac: ENC[AES256_GCM,data:X6AUVWJRcwH45W9NoQxI8Lp6l+5RFpgCNB6cdUZZODHDdTUMt9a6wr9YfU56C7QkdlxXdj6xCOCscJtw/WY2Y+XchWXaUVZZsoZ9xUo28aksUtHSyE9WJBHCeSqss79IW6k/GeDPiDOfz4om+udDvtdpyKbtvbw2a+K5st+62d4=,iv:REGTavU8DkalUbfO1J2+VccYnRRrOqstSFq/RU7Co5Q=,tag:2t8mwqa76kVQyeWS85zXsA==,type:str]
pgp:
- created_at: "2026-05-05T23:46:27Z"
- created_at: "2024-05-08T15:46:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6R3Y9nD7qMBAQ/+JdTDmQhL1+iX7yeyGs1kt9yQeMYkJ+bQD3LqlQVh6Xea
yPIdcMBjAf1CNlkJKeJ4QK3f8rsZkxHmUFVDz7yCXctsp81hNBMZ0sauBM50OU4W
gQsDailZHgG5qCqKx91qSyVLtzVy4zcoTXy8TWLrSwztCt9qqX9LFZTKyZzNTiHW
DHYSwaJdTteXY89pZjPAQ6UtIdoVWaVfvCgaSZAxr3K8IJmobvMhhk/Fgm3CoE6Y
mfQd4lQhoqxrn2M/FKc30vg0yKVsiW3qlfnJCVHCxYUtQLVs3cF05lmj7CYy+0Mu
7eZlfVj84hCLmd4ccOITkrOTqcBKWKQ5EpE8DGvWlLPEZt407MjaphEJ7dYhkfr/
x4HrahZoeVbYX2Va0++picut+cE/NL9F/QMfqP4QhdHQhe74FlQcxpGDtcUIQep5
8MvbEAhUpGL4sErg6afmIapxXi3euIXcBDYPatgoAlsH7E8rUTX1Sd4VOgV89kEJ
pkl4OOwcaiF+brqtDiTGZf5l6AOugiYTp2Rtq9KMcGEGEmXFLcFKVjNEkZIxNxt3
EtrXrNmOCVJm71yOn2ruD9n2EXzFULfeyOhup7eYVfynkEWYlCQNHeaqMy2q656m
LWVd89AUzWLcsmY8naWpfekU9K//hLHxRLBzqfouYXJ+Ji/HOvfRj7NZBg6UtgfS
XgFOJg3EaLAZEyvEZKWpnWlf3gBTRK3ffaLzs+eddSgzYUutzlOYUZb7v3iEdjta
4Ik4F1M+kOGieyVxxLHOHMrOn09+WMmFIiPpBtCIcZmtwOzXNdhbZdFWNx5qPhU=
=wXdG
hQIMA6R3Y9nD7qMBAQ//bYK5gdxv8fNvG6P4GrD27gQRQXhLGF2+hS54sqEqjeN8
NZpHVbNNRR3AggOkT7QY1JO8bOhWscefH1vvBmBuODzh5Fw42t4zNPEDjWZEetxa
rClbLEvo7Kz8UKCNb9JIeYx7cr8sPWCmg4GvV1wGjhjr+u5ovuheORnHl+qoLsqv
P12PV7VzwC52v92GWiu9LRJqfqZra5GjUXGVXzBcZ9i6CnUDejzssWjhO/fmzKum
GbGIi9sf3RmVYsUASDgRBmVAZC3KF7RLi0L6WY0etRocAaWSAgnU1lZ04E8ZtLjk
DlCtIpreJ1H0Ym+5EXB94PG0KZjayxKc20YDQ+yYwwSmiCVaUCLlYX2BOoncUYFF
MxVgWYwn14R5jyGbh4NyiBxPGHvIUx5RCIo70pMgS6W5ALZYTcNDLF82mj1xTOTy
bcuaa7FCuXJif457LCe5TcAa5WYDgKX8pUKzFRhWIckcGwgFCUB0Z7+L9L7F0yt/
YZd71cY0Lxlwi61CnWgZZMx2FFpHyBCEmF1A180KUtB1jSkS/AVmlM2z9I0QsR62
fTFIaqimPMjUzbuTs0QjUXf8OJZo0/cwo9XeGyCBtJTg7cLdsOFouqfvXhvkdCrR
xCLE2Ke5jwmoPKs1t+YpwMMzB57j/rluZCgiz45w7YDXKf4gEp2ra9siFiC/y9PS
XgEPymUiDZY0w9S5oGr94cNc6LQId16Zgt1vWHLzgg8QZqkxLTBjUXXc7aoCISQp
AwUE62KJucVvWjB3kcgDbNvaDWWC5O48zUavmzkmmP1sqKf0gO/XG52PDG/DF3Y=
=cs0r
-----END PGP MESSAGE-----
fp: 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0
unencrypted_suffix: _unencrypted
version: 3.12.1
version: 3.8.1

2
modules/shared/colors/default.nix
View File

@@ -1,5 +1,5 @@
{ config, ... }: {
imports = [ ./sorahiro.nix ];
imports = [ ./sorahiro_soft.nix ];
colorScheme.palette.border-radius = "#8";
colorScheme.palette.border-width = "#2";

67
modules/shared/colors/sorahiro.nix
View File

@@ -1,67 +0,0 @@
{ nix-colors, ... }:
let use_pastelle = true;
in{
# usage: a = "#${config.colorScheme.palette.base00}";
colorScheme = {
slug = "sorahiro";
name = "sorahiro";
author = "Soraefir @ Helcel";
variant = "dark";
palette = rec {
# Format: Name, Pantone, RAL
base00 = "#000000"; # Black / 419C / 9005
base01 = "#060a0f"; # Rich Black / 532C / 9005
base02 = "#212c38"; # Yankees Blue / 433C / 5011
base03 = "#3f5268"; # Police Blue / 432C / 5000
base04 = "#617b9a"; # Slate Gray / 5415C / 5014
base05 = "#90a7c1"; # Pewter Blue / 535C / 5024
base06 = "#c9d3df"; # Columbia Blue / 538C / 7047
base07 = "#fcfcfc"; # Lotion / 663C / 9016
alt00 = "#000000"; # Black / 419C / 9005
alt01 = "#0c0906"; # Vampire Black / 419C / 9005
alt02 = "#312920"; # Pine Tree / 440C / 6022
alt03 = "#5b4e3e"; # Olive Drab Camouflage / 411C / 7013
alt04 = "#887660"; # Shadow / 404C / 7002
alt05 = "#b8a083"; # Pale Taupe / 480C / 1019
alt06 = "#e1cfb9"; # Desert Sand / 482C / 1015
alt07 = "#fcfcfc"; # Lotion / 663C / 9016
base08 = if use_pastelle then low08 else high08;
base09 = if use_pastelle then low09 else high09;
base0A = if use_pastelle then low0A else high0A;
base0B = if use_pastelle then low0B else high0B;
base0C = if use_pastelle then low0C else high0C;
base0D = if use_pastelle then low0D else high0D;
base0E = if use_pastelle then low0E else high0E;
base0F = if use_pastelle then low0F else high0F;
high08 = "#f09732"; # Deep Saffron / 804C / 1033
high09 = "#f2d831"; # Dandelion / 114C / 1016
high0A = "#98f12f"; # Green Lizard / 375C / 6038
high0B = "#34f4f0"; # Fluorescent Blue / 3252C / 6027
high0C = "#3193f5"; # Brilliant Azure / 2727C / 5015
high0D = "#c156f6"; # Blue-Violet / 2592C / 4006
high0E = "#f62ac0"; # Royal Pink / 807C / 4010
high0F = "#f42060"; # Deep Carmine Pink / 1925C / 3018
alt_high08 = "#f66824"; # Orange-Red / 165C / 2008
alt_high0B = "#41f3a4"; # Eucalyptus / 3395C / 6037
alt_high0C = "#2abef8"; # Spiro Disco Ball / 298C / 5012
alt_high0D = "#837ff5"; # Violets Are Blue / 814C / 4005
low08 = "#ffac56"; # Rajah / 150C / 1017
low09 = "#feea74"; # Shandy / 127C / 1016
low0A = "#bffe8a"; # Menthol / 374C / 6018
low0B = "#4cfefa"; # Electric Blue / 3252C / 6027
low0C = "#62acfd"; # Blue Jeans / 279C / 5012
low0D = "#9b9bfd"; # Maximum Blue Purple / 2715C / 4005
low0E = "#fe9bda"; # Lavender Rose / 223C / 4003
low0F = "#fc8999"; # Tulip / 1775C / 3014
alt_low08 = "#fe946a"; # Atomic Tangerine / 811C / 1034
alt_low0B = "#87febf"; # Aquamarine / 353C / 6019
alt_low0C = "#38c3fd"; # Picton Blue / 298C / 5012
alt_low0D = "#dca2ff"; # Mauve / 2572C / 4005
};
};
}

29
modules/shared/colors/sorahiro_hard.nix Executable file
View File

@@ -0,0 +1,29 @@
{ nix-colors, ... }: {
# usage: a = "#${config.colorScheme.palette.base00}";
colorScheme = {
slug = "sorahiro-hard";
name = "sorahiro-hard";
author = "Soraefir @ Helcel";
variant = "dark";
palette = {
# Format: Name, Pantone, RAL
base00 = "#030B12"; # Rich Black / 6C / 000-15-00
base01 = "#0C1D2E"; # Maastricht Blue / 5395C / 270-20-15
base02 = "#203A53"; # Japanese Indigo / 534C / 260-20-20
base03 = "#425F7C"; # Deep Space Sparkle / 7699C / 260-40-20
base04 = "#93A9BE"; # Pewter Blue / 535C / 260-70-15
base05 = "#B6C5D5"; # Pastel Blue / 5445C / 260-80-10
base06 = "#D6DFE8"; # Gainsboro / 642C / 260-90-05
base07 = "#F0F3F7"; # White / 656C / 290-92-05
base08 = "#F59331"; # Deep Saffron / 715C / 070-70-70
base09 = "#F5F531"; # Maximum Yellow / 394C / 100-80-80
base0A = "#93F531"; # French Lime / 7488C / 120-70-75
base0B = "#31F593"; # Eucalyptus / 3385C / 160-70-50
base0C = "#3193F5"; # Brilliant Azure / 2727C / 280-50-40
baseOD = "#9331F5"; # Blue-Violet / 7442C / 300-40-45
base0E = "#F53193"; # Royal Pink / 232C / 350-50-50
base0F = "#F53131"; # Deep Carmine Pink / 1788C / 040-50-70
};
};
}

29
modules/shared/colors/sorahiro_soft.nix Executable file
View File

@@ -0,0 +1,29 @@
{ nix-colors, ... }: {
# usage: a = "#${config.colorScheme.palette.base00}";
colorScheme = {
slug = "sorahiro-soft";
name = "sorahiro-soft";
author = "Soraefir @ Helcel";
variant = "dark";
palette = {
# Format: Name, Pantone, RAL
base00 = "#030B12"; # Rich Black / 6C / 000-15-00
base01 = "#0C1D2E"; # Maastricht Blue / 5395C / 270-20-15
base02 = "#203A53"; # Japanese Indigo / 534C / 260-20-20
base03 = "#425F7C"; # Deep Space Sparkle / 7699C / 260-40-20
base04 = "#93A9BE"; # Pewter Blue / 535C / 260-70-15
base05 = "#B6C5D5"; # Pastel Blue / 5445C / 260-80-10
base06 = "#D6DFE8"; # Gainsboro / 642C / 260-90-05
base07 = "#F0F3F7"; # White / 656C / 290-92-05
base08 = "#F5B97D"; # Mellow Apricot / 156C / 070-80-40
base09 = "#F5F57D"; # Sunny / 393C / 100-90-50
base0A = "#B9F57D"; # Yellow-Green / 373C / 120-80-60
base0B = "#7DF5B9"; # Aquamarine / 3375C / 150-80-40
base0C = "#7DB9F5"; # Light Azure / 278C / 250-70-30
base0D = "#B97DF5"; # Lavender / 2572C / 310-60-35
base0E = "#F57DB9"; # Persian Pink / 211C / 350-60-45
base0F = "#F57D7D"; # Light Coral / 170C / 030-60-50
};
};
}

119
modules/shared/sops/common.yaml
View File

File diff suppressed because one or more lines are too long

28
modules/shared/sops/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, pkgs, ... }:
let
isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ];
keyFilePath = (if isCI then
@@ -14,15 +14,19 @@ in {
sops.age.keyFile = keyFilePath;
sops.age.generateKey = true;
sops.secrets = lib.mkMerge [
{
wifi = { };
"${config.syscfg.hostname}_ssh_priv" = {
mode = "0400";
owner = config.users.users.${config.syscfg.defaultUser}.name;
group = config.users.users.${config.syscfg.defaultUser}.group;
};
"${config.syscfg.hostname}_wg_priv" = { };
}
];
sops.secrets.wifi = { };
sops.secrets."${config.syscfg.hostname}_ssh_priv" = {
mode = "0400";
owner = config.users.users.${config.syscfg.defaultUser}.name;
group = config.users.users.${config.syscfg.defaultUser}.group;
};
sops.secrets."${config.syscfg.hostname}_ssh_pub" = {
mode = "0400";
owner = config.users.users.${config.syscfg.defaultUser}.name;
group = config.users.users.${config.syscfg.defaultUser}.group;
};
sops.secrets."${config.syscfg.hostname}_wg_priv" = { };
sops.secrets."${config.syscfg.hostname}_wg_pub" = { };
}

50
modules/shared/sops/mock.yaml
View File

@@ -1,34 +1,30 @@
ci_ssh_priv: ENC[AES256_GCM,data:OuWZVS+ul8ERoQHEH8Gq6GdHWY5E3spR0uRu7akTVHrr6vYPWZHdV/8fjqKvfHd+dAeymWXe2Li7NXfXQM+y4OH36r1z9DLstwD4ufUmoHZ/MIO6qlsugzYhMw==,iv:NbLyzilDIH5cT3SC0SLaOn0alxXSIyZ/4Tr1zSBjIjI=,tag:uOzoai0Rq6UthSkWHhw8Hg==,type:str]
ci_ssh_pub: ENC[AES256_GCM,data:Lu2Ec+HylJzt/IMu1b8AKgGsjpZT7X628pjOYQ==,iv:VZOA/Q9zmbMnf9DsXN90er+tSnJ+syg3QabDuDal92Q=,tag:lef6MRtvgyntMrxphatqmg==,type:str]
ci_wg_priv: ENC[AES256_GCM,data:IoCn7jrahiJBhKxPuGyexg==,iv:uHbrAq/mSQ6TtMqGhJez3d13u9ZK1S92w49ntXvbA3g=,tag:QrZghdiQbmC9pcjKtIuKug==,type:str]
ci_wg_pub: ENC[AES256_GCM,data:FB+DBkwDizA3C/s1TCkn,iv:GD3xmJEyD9yZaV72GubGCBi8BW74zmSr2hOl123g0mM=,tag:v189CtpJV7OX0sB9OJaWLA==,type:str]
sandbox_ssh_priv: ENC[AES256_GCM,data:Wj/M/0VEfY7Ruix7nwi09obpX+w6G+gfGK4ZFTKkbpEEM2JyFnRHhWYQiBvBQOXahTGQ+zAnibCNcHSTCBa66XjMhtY865Hs6FovVCfgx0awTZcns26w5vqJdg==,iv:2NbVjpKTyyiY4rtC/A6s2nABo5p0VAWtzC6b6TrHkvI=,tag:CVi4i9MNi/cU64cn9s0DRA==,type:str]
sandbox_ssh_pub: ENC[AES256_GCM,data:xbcGusta4qBO0hfmks+VCpN8N4dd/qGkGNREACVKxuSF,iv:/QMFyKaa3nOq1GrLNydq+Q8kS52fK6wsB3MioZN/qVM=,tag:WTZ2wlfBMmANw6EEWl5jew==,type:str]
sandbox_wg_priv: ENC[AES256_GCM,data:4trdnPhgjlUChATnNx9o3Q==,iv:3efDzVFVCqv6yCNgBEXfQ19oh2bZLPO8my33uBgviW0=,tag:Io1obSodHW/RWWIg8VS8Zg==,type:str]
sandbox_wg_pub: ENC[AES256_GCM,data:7L4SJdDMi5DZHpLfR6cs,iv:UULKRJvU0lktwmKGcIP/sRAZb0j2e0iL40o3DkSv/+U=,tag:irsolwnnfOjhYfiyanjxjw==,type:str]
PGP_KEY: ENC[AES256_GCM,data:lwwHWksY+ea8D3z9,iv:/tOEukP7LiNhhdSw870vPeUGhN2lse2v1pZ5fJQglc0=,tag:225sf9GjXc8/NZgcXJIxZA==,type:str]
wifi: ENC[AES256_GCM,data:Z+pbGAekk26GD3zg4TXVacP4Nrh93HPEMNcT0I1YaA==,iv:oiWZvnKvWmF/6cRZpCLsuf1uPJig6toNla5uT3t2kyM=,tag:iS3sq8JZsNUby9pSxYPw5g==,type:str]
ci_ssh_priv: ENC[AES256_GCM,data:3Fd7HtFzD+0Pm0qnmaNeivSrEJnH6A3CzLrSyYD4J1rpdHCYdFB2hbZAB5HF3yeCMlyqnApGHxi+9jN8FI54SzwqJQAgSZvKrkBhrs4JIQxPU0ZhOQHvneWYnA==,iv:NbLyzilDIH5cT3SC0SLaOn0alxXSIyZ/4Tr1zSBjIjI=,tag:xGfI8QRlkj4OZDVuV21Kcg==,type:str]
ci_ssh_pub: ENC[AES256_GCM,data:6BVY3GS9lMLR/dYNxyldcBJe1DrjG/yHjqfCIw==,iv:VZOA/Q9zmbMnf9DsXN90er+tSnJ+syg3QabDuDal92Q=,tag:+xwHADgq22cV5ai9xd6ceQ==,type:str]
ci_wg_priv: ENC[AES256_GCM,data:uA4eiEhQbbhLkrTyhRX4Tg==,iv:uHbrAq/mSQ6TtMqGhJez3d13u9ZK1S92w49ntXvbA3g=,tag:KwjiYrnuQxrydVKKV4xN4A==,type:str]
ci_wg_pub: ENC[AES256_GCM,data:MBIdTEkyJBvbTtYrQYS8,iv:GD3xmJEyD9yZaV72GubGCBi8BW74zmSr2hOl123g0mM=,tag:ekUniuYPCSxwlmB1yUbo4w==,type:str]
sandbox_ssh_priv: ENC[AES256_GCM,data:OG5ZsSQFEbUKLXtHF9MAHWYwnxBM0EyVyj54sPs9XEsFaRXq3WDa+ANnpVqBLtw6cPodLQHyJ5tY/Hr1rdINNGyLPEz/Zm3K7vz6iXUeThAKDhYaCH4vccFFtQ==,iv:2NbVjpKTyyiY4rtC/A6s2nABo5p0VAWtzC6b6TrHkvI=,tag:sO+SUMws8HncC9dmeiJPSg==,type:str]
sandbox_ssh_pub: ENC[AES256_GCM,data:6bwJAmLuN0dhC8OiBW8qL2Ejt70a2ar02YTAqimnhcez,iv:/QMFyKaa3nOq1GrLNydq+Q8kS52fK6wsB3MioZN/qVM=,tag:XxcTX/REbHl5MKtRecjM2g==,type:str]
sandbox_wg_priv: ENC[AES256_GCM,data:8d+WCtyGoEH3/4q1DZImUw==,iv:3efDzVFVCqv6yCNgBEXfQ19oh2bZLPO8my33uBgviW0=,tag:+WNPB7b6tVTzDlSVziDO2w==,type:str]
sandbox_wg_pub: ENC[AES256_GCM,data:rpxkijFKzyKx3uhEa/+j,iv:UULKRJvU0lktwmKGcIP/sRAZb0j2e0iL40o3DkSv/+U=,tag:OWHbfFPbTY6l3Bu/og78Bg==,type:str]
PGP_KEY: ENC[AES256_GCM,data:IVhL/l0JSPcefX1z,iv:/tOEukP7LiNhhdSw870vPeUGhN2lse2v1pZ5fJQglc0=,tag:++NUJeRhsDE9eRsbKu8Ldw==,type:str]
wifi: ENC[AES256_GCM,data:SV3yNB/0dBqggh0kOKU98Nodd0VS4K8kTqg7aLyeAg==,iv:w4nspNxswHl2CZ7diPUzupzotfjskzp91NIq4f0v0UM=,tag:7nUHijRlEgyliWn2ZuZo/Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age13qv9dn9806paqgpjwmmkwtdzvv4qpv0ulksq0epnn8ufaxeug5zskyas3z
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbHNVZjRzQi9ram1xNHk3
d3pTTStiMjBLZHgwL0cvUGRwRFFzWi9HS2dvCkQ0ZU5UK1owS0N5MHhxOXV1cGVy
RnFQbGlhVy9tSVZKYXBqbzZjZU9nd3cKLS0tIDdXdm1qVTYvdS9sQ0Z0aExpTzB1
WkNsWVpqaHRSWkl6YXVrN0NoemhiS1EKoDRocdztTLQ5LMwHdlszTFHy+rm+y4RE
f97a6Z2J87ZfObRbaap5adVD7qk/tTYHGshT/8G1JxjctsxRgdfsmA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZd0c5ZjZCb0Z6ZXlKaFph
S25LcnFaM3NueUdxOEkwQWRVYjZwNEx1TnpVCkJ1RnJsV2IwNWd5RVJBU2pOUnRa
UEcrdDVHUnZ3Zng4UVNWZjNhSzRmRGcKLS0tIEpMMGJCZmkrcnFwWjM4ZVF6VmJN
aFplU05pYXpPQWZRY202bVhFd3pHdHcKfauUQhzuUwpoaSlky+PlsOTrVQjyCSxi
NYlJ7ScbxzJsqTqJbZnD+lbSdWK2XVKXy1Vn4hR0C0WF7g2Y7CU7tg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pf4auk6u2tmefuqpuc6mntr26cp4wcsmlhnn98arzxsp3753ruqsj0jqk3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSHBpZGg0TlVtMFhjY2Ry
NzUrd1pPZFZNdFdLSUxrUUROaVNCTzdGR0hrCkVGUmpGemtFSDErRDArS0Y0WGZu
YkYzL2NGMTlnNW1NdStHOGpRN3A1VXcKLS0tIGs0MDIxTmpzSGtRWHZESFhNWXlS
Y3N0a2VPUHdoRlpUZ3BPVXROdDRHekEK2YN9ZgCaBPt/8kAkZNgsHp61SYqiFFXX
2lF0R1GNmYWm6T0YVCp/2ZN3z4GC+monctg1zoo5QsHfhIOpqIVoTA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-06T13:37:03Z"
mac: ENC[AES256_GCM,data:uI9yG3/jGNGn6yoN9W+9K/AUeSowe4Mb9vhh38pwkuKab9zXTFidCWyh1e0TEOsIHrhfK2GPc2fHwc309/la+CoiNxAIYtC4xmoCYxSGrDgbsZEONrusy9AEKpRCO8CqLYyLYaAG9sLqFyIz3GyEnS/j98V3LeemhFtS17J1VHI=,iv:x/7caaKnggoyEaCx5sf+zzSE+3d7atv+o9B1O3QX0Uc=,tag:Tzfs+ACx+4A6kxAZtVQ3KQ==,type:str]
lastmodified: "2024-04-14T21:03:55Z"
mac: ENC[AES256_GCM,data:W9kM3AaHcZcqVtT4qRpMRYKgmA9pBikAPhdKiPR/Y+0MSjY4c9LPeTBeS1vZzUaTgRHmNh/ns6I9SBO36Hio5qI6m/pjNdr9GfFbBpbnY+5mer6YTitq47TVySC9v+BRkES4A34h1Ky5yvJSDlz2kJfO/WVWllaQd0dxq8rgAU8=,iv:cRxgGKhD6KqXKpK4E12lWIIj99hBFSmGzSIv9LmYEyg=,tag:QXcswnB7GavGrBy1dFpQlQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.8.1

79
modules/shared/syscfg/default.nix
View File

@@ -1,21 +1,15 @@
{ inputs, lib, ... }:
let
systemsDir = ../../../systems;
systemNames = lib.attrNames (lib.filterAttrs
(name: type: type == "directory" && builtins.pathExists (systemsDir + "/${name}/cfg.nix"))
(builtins.readDir systemsDir));
userOpt = with lib; {
username = mkOption { type = types.str; };
pubssh = mkOption { type = types.str; default=""; };
wm = mkOption {
type = types.enum [ "Wayland" "X11" "-" ];
default = "-";
};
git = {
username = mkOption { type = types.str; default = "Anonymous";};
email = mkOption { type = types.str; default = "anonymous@domain"; };
key = mkOption { type = types.nullOr types.str; default=null; };
username = mkOption { type = types.str; };
email = mkOption { type = types.str; };
key = mkOption { type = types.str; };
};
};
netOpt = with lib; {
@@ -48,10 +42,6 @@ let
type = types.str;
default = "";
};
pubkey = mkOption {
type = types.str;
default = "";
};
};
};
makeOpt = with lib; {
@@ -65,7 +55,7 @@ let
};
virt = mkOption {
type = types.bool;
default = false;
default = true;
};
power = mkOption {
type = types.bool;
@@ -94,6 +84,7 @@ let
type = types.str;
default = "3306";
};
configPath = mkOption {
type = types.str;
default = "/media/config";
@@ -102,59 +93,6 @@ let
type = types.str;
default = "/media/data";
};
containers = mkOption {
type = types.attrsOf (types.submodule {
options = {
enable = mkOption { type = types.bool;default = false; };
db = mkOption { type = types.bool;default = false; };
ip = mkOption { type = types.str; };
port = mkOption { type = types.port; };
extraParam = mkOption { type = types.str; default = ""; };
};
});
default = {};
};
sops = mkOption {
type = types.bool;
default = false;
};
openssh = mkOption {
type = types.bool;
default = false;
};
wireguard = mkOption {
type = types.bool;
default = false;
};
web = mkOption {
type = types.bool;
default = false;
};
nftables = {
enable = mkOption {
type = types.bool;
default = false;
};
ifs = mkOption {
type = types.listOf types.str;
default = [ ];
};
ports = mkOption {
type = types.listOf (types.listOf (types.oneOf [ types.str types.int ]));
default = [];
description = "Forwarding rules: [ [srcInterface dstAddr srcPort dstPort] ... ]";
example = [
[ "ens3" "10.10.1.2" "IPV6" 22 2222 ]
[ "ens3" "10.10.1.2" "IPV6" 80 80 ]
[ "ens3" "10.10.1.2" "IPV6" 443 443 ]
];
};
};
db = mkOption {
type = types.listOf (types.str);
default = [ ];
};
};
in with lib; {
@@ -176,15 +114,12 @@ in with lib; {
type = types.listOf (types.submodule { options = userOpt; });
default = [ ];
};
peers = mkOption {
default = map (name: import (systemsDir + "/${name}/cfg.nix")) systemNames;
};
server = mkOption {
type = types.oneOf [
types.bool
(types.attrs)
(types.submodule { options = serverOpt; })
];
default = false;
default = { };
};
};
}

10
overlays/bambu-studio/default.nix
View File

@@ -1,10 +0,0 @@
{ final, prev, ... }:
prev.bambu-studio.overrideAttrs (oldAttrs: rec{
version = "02.00.01.50";
src = prev.fetchFromGitHub {
owner = "bambulab";
repo = "BambuStudio";
rev = "v${version}";
hash = "sha256-7mkrPl2CQSfc1lRjl1ilwxdYcK5iRU//QGKmdCicK30=";
};
})

16
overlays/default.nix
View File

@@ -1,16 +1,8 @@
{ inputs, pkgs, ... }:
{ pkgs, ... }:
[
(final: prev: {
#openttd-jgrpp = import ./openttd-jgrpp { inherit final prev; };
#yarn-berry = import ./yarn-berry { inherit final prev; };
#eww = import ./eww { inherit final prev; };
#bambu-studio = import ./bambu-studio { inherit final prev; };
wine = final.unstable.wineWow64Packages.unstableFull;
unstable = import inputs.nixUnstable {
system = final.stdenv.hostPlatform.system;
stdenv.hostPlatform.system = final.stdenv.hostPlatform.system;
config.allowUnfree = true;
};
openttd-jgrpp = import ./openttd-jgrpp { inherit final prev; };
yarn-berry = import ./yarn-berry { inherit final prev; };
eww = import ./eww { inherit final prev; };
})
]

6
overlays/eww/default.nix
View File

@@ -2,16 +2,16 @@
let old = prev.eww;
in final.rustPlatform.buildRustPackage rec {
pname = "eww";
version = "98c220126d912b935987766f56650b55f3e226eb";
version = "ebe5f349d184e79edc33199d064d9ec5f1e4dd9b";
src = prev.fetchFromGitHub {
owner = "elkowar";
repo = "eww";
rev = "${version}";
hash = "sha256-zi+5G05aakh8GBdfHL1qcNo/15VEm5mXtHGgKMAyp1U=";
hash = "sha256-WcAWIvIdGE0tcS7WJ6JlbRlUnKvpvut500NozUmJ6jY=";
};
cargoHash = "sha256-SEdr9nW5nBm1g6fjC5fZhqPbHQ7H6Kk0RL1V6OEQRdA=";
cargoHash = "sha256-8n21FN6uNj/y/PhCDzpB+1ZifIbpjn4d2YPy4vTcVBM=";
nativeBuildInputs = old.nativeBuildInputs;
buildInputs = old.buildInputs ++ [ final.libdbusmenu-gtk3 ];

4
overlays/openttd-jgrpp/default.nix
View File

@@ -1,10 +1,10 @@
{ final, prev, ... }:
prev.openttd-jgrpp.overrideAttrs (old: rec {
version = "0.65.3";
version = "0.55.3";
src = prev.fetchFromGitHub rec {
owner = "JGRennison";
repo = "OpenTTD-patches";
rev = "jgrpp-${version}";
hash = "sha256-lmDkYrk7qjUSTtCQQCN/pbuLDt3+2RI1K8A1H1GJRjw=";
hash = "sha256-E1+pXpXNHOu9nPTGSY8baVaKf1Um6IGDjpi1MmENez8=";
};
})

4
overlays/yarn-berry/default.nix
View File

@@ -1,10 +1,10 @@
{ final, prev, ... }:
prev.yarn-berry.overrideAttrs (old: rec {
version = "4.4.0";
version = "3.6.3";
src = prev.fetchFromGitHub {
owner = "yarnpkg";
repo = "berry";
rev = "@yarnpkg/cli/${version}";
hash = "sha256-X/axXgRsxek2EJ+B4EogAsaTWTZDEF1m5dXOTZ4OnQQ=";
hash = "sha256-5QEnFalOEMs1bKYDYpFGnF1YwiGuW3ZxstyJAjz1/KQ=";
};
})

2263
packages/amdgpu_top/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

8
packages/amdgpu_top/default.nix
View File

@@ -3,19 +3,19 @@
rustPlatform.buildRustPackage rec {
pname = "amdgpu_top";
version = "0.9.0";
version = "0.3.1";
src = fetchFromGitHub {
owner = "Umio-Yasuno";
repo = pname;
rev = "v${version}";
hash = "sha256-FUmOoVHDLb86cDA8b9t+wJkUSgY8Lo+abO3F0UBmi+A=";
hash = "sha256-bkrXm3lXJr+sZ09GeVHgfIp8JO3a/Ejrsm1Cm4eY4IU=";
};
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {
"libdrm_amdgpu_sys-0.7.4" =
"sha256-re38Ci4CnVmVzGwk3uB3htFQZ1j4W6+pXw4NbV26dEU=";
"libdrm_amdgpu_sys-0.2.2" =
"sha256-2QXT/6octEzokW8+0mHx02R8qQ3kCBDxZT4yyfDkM5A=";
};
};

4
packages/simc/default.nix
View File

@@ -1,13 +1,13 @@
{ stdenv, fetchFromGitHub, qt6 }:
stdenv.mkDerivation rec {
pname = "simc";
version = "b1fd592079d1a673ab53ea96d699a6e56424b0ee";
version = "ae04662fca7cad8bf218cd8e43ab05631caad758";
src = fetchFromGitHub rec {
owner = "simulationcraft";
repo = pname;
rev = version;
hash = "sha256-RPUCe7aoAYSNj9jv8HN7qhhxRIMmdCfhmUcr72VaHzg==";
hash = "sha256-mTo6YTgZMpfyWvdU1JEEmfmBjJlZwAgja1iliOem7mM=";
};
nativeBuildInputs =

2
shells/default.nix
View File

@@ -4,7 +4,7 @@ let
inputs.nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
in forEachSystem (system:
let
overlays = import ../overlays { inherit inputs pkgs; };
overlays = import ../overlays { inherit pkgs; };
overrides = { custom = import ../pkgs { inherit pkgs; }; };
pkgs = import inputs.nixpkgs { inherit system overlays; } // overrides;
in {

6
shells/devsh/default.nix
View File

@@ -16,10 +16,12 @@ pkgs.mkShell {
yarn-berry
crystal
shards
(with python313Packages; [ pip pandas numpy matplotlib typer pillow reportlab python-barcode pypdf markdown requests ])
python311Full
virtualenv
(with python311Packages; [ pip ])
pipenv
scala
sbt
cargo
#LIBS
openssl

2
systems/asguard/cfg.nix
View File

@@ -1,6 +1,6 @@
{
syscfg = {
hostname = "asgard";
hostname = "asguard";
defaultUser = "sora";
type = "macos";
system = "x86_64-darwin";

19
systems/avalon/cfg.nix
View File

@@ -23,16 +23,21 @@
}
];
make = {
gui = false;
cli = true;
virt = true;
power = false;
game = false;
develop = false;
};
net = {
wg = {
enable = true;
ip4 = "10.10.1.2/32";
ip6 = "fd10:10:10::2/128";
pubkey = "QlvpTiK6s/lIha9vKmo+teSy2Nw52qWLYatYjxVan3U=";
};
wlp = {
enable = false;
nif = "";
};
wg = {
enable = true;
ip4 = "10.10.1.2/32";
ip6 = "fd10:10:10::2/128";
};
};
}

14
systems/avalon/server/docker/secrets.txt
View File

@@ -1,14 +0,0 @@
AUTHENTIK_DB_PASSWORD=NTQRO0rhPCd4L3HLNK4AT09Npz+ks1jyRC6AOyo5u+k=
AUTHENTIK_SECRET_KEY=9Zw8Sy8257iJmRdBhUKGiq3d7uYAkhC9smuDUClE8aR1iPdpHHds+K2D1Zy3lwj2Hjnasu5jnopkhwnABWDu8A==
AUTHENTIK_EMAIL_PASSWORD=w+g:cPU+e.<q,f<mj3DFPxXxo4h2SVS9.;,T<!Sra>y!mNcAsiAp4jPCLTmjte2d
ETHERPAD_DB_PASSWORD=d43352c3906516bf4c34d63316509cb4b1621167af84c81b60689779a62b2348
ETHERPAD_ADMIN_PASSWORD=Hackme55#
COLLABORA_USER=...
COLLABORA_PASSWORD=...

11
systems/ci/cfg.nix
View File

@@ -21,5 +21,16 @@
game = true;
develop = true;
};
net = {
wlp = {
enable = false;
nif = "NA";
};
wg = {
enable = false;
ip4 = "";
ip6 = "";
};
};
};
}

2
systems/ci/hardware.nix
View File

@@ -8,7 +8,7 @@
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "v4l2loopback" ];
boot.extraModulePackages = with config.boot.kernelPackages;
[ v4l2loopback ];
[ v4l2loopback.out ];
fileSystems."/" = {
device = "NA";

44
systems/gateway/cfg.nix
View File

@@ -1,44 +0,0 @@
{
syscfg = {
hostname = "gateway";
type = "nixos";
system = "x86_64-linux";
defaultUser = "sora";
users = [{
username = "sora";
pubssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrrUB0KBjeAKPVG2Bdcm4mI9AMab7y97SOCdEHGogYv sora@gateway";
wm = "-";
git = {
email = "soraefir+git@helcel";
username = "soraefir";
key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
};
}];
make = {
cli = true;
};
net = {
wg = {
enable = true;
ip4 = "10.10.1.1/32";
ip6 = "fd10:10:10::1/128";
pubkey = "NFBJvYXZC+bd62jhrKnM7/pugidWhgR6+C5qIiUiq3Q=";
};
};
server = {
openssh = true;
wireguard = true;
web = true;
nftables = {
enable = true;
ifs = ["ens3" "wg0" ];
ports = [
[ "ens3" "10.10.1.2" "fd10:10:10::2" 22 2222 ] # SSH/GIT
[ "ens3" "10.10.1.2" "fd10:10:10::2" 80 80 ] # HTTP
[ "ens3" "10.10.1.2" "fd10:10:10::2" 443 443 ] # HTTPS
[ "ens3" "10.10.1.2" "fd10:10:10::2" 3979 3979 ] # OTTD
];
};
};
};
}

20
systems/gateway/default.nix
View File

@@ -1,20 +0,0 @@
{ config, lib, inputs, ... }: {
imports = [ ./hardware.nix ../../modules/server ];
system.autoUpgrade = {
enable = true;
flake = "git+https://git.helcel.net/sora/nixconfig";
flags = [
"--no-write-lock-file"
];
dates = "04:00";
randomizedDelaySec = "30min";
allowReboot = false;
};
networking.extraHosts = ''
10.10.1.2 git.helcel.net
10.10.1.2 avalon.helcel.net
'';
}

27
systems/gateway/hardware.nix
View File

@@ -1,27 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix" ) ];
boot.kernelPackages = pkgs.linuxPackages_latest;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.grub = {
enable = true;
device = "/dev/sda";
efiSupport = true;
};
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/25df457a-21d0-41ab-9de5-88ffc00e3469";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F24E-74FA";
fsType = "vfat";
options = [ "defaults" ];
};
}

3
systems/iriy/cfg.nix
View File

@@ -6,7 +6,6 @@
defaultUser = "sora";
users = [{
username = "sora";
pubssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGtotfQkclilrhEOzY3QUpOwYF+eOjHvqN6Of3NVg4x8NQLjx/X/gxC+GAllQxy9Zkz/N5wY0Fa4/6HoGheCRvWaN/nofz95VgtX8a1A/flrT8CGdBfRqXlcd4OEXhpFcbEm9VRXmxSKnsD4zySZr/151S+1PlQr8pJ1yyzxsIQx+RNo9P4gzpoJgkfZ3JIqLWb6B4aXallAg9Ha1WX0lx24voWNgg9AQt6/lccfmeoWAzBGUNq5a/mH59O+UCIM2y19ksEweY6URHpk6Ss597zp+0j2NYg8MS4rToYUb0Y7giNNBdKAzqNd+Wp6gjqBthuDIOfsXM082O5IarPKPJNVbx/Xpf3m1hYtxfL+LhEkdoE94iue601WqTltC0btS63LeZuoAZYji/GG/D8U7V77Lh3MV5/hJm5sK6wM6r7fCoenehgiy49z00NqtgM33rWNrpL9eXNKb//5Lxe7U58jPyteWpsL8+fJFcs/2uh4D5zN3d/I+yLZ1OMgUN6LM= sora@iriy";
wm = "Wayland";
git = {
email = "soraefir+git@helcel";
@@ -18,6 +17,7 @@
gui = true;
cli = true;
virt = true;
power = false;
game = true;
develop = true;
};
@@ -31,7 +31,6 @@
enable = true;
ip4 = "10.10.1.7/32";
ip6 = "fd10:10:10::7/128";
pubkey = "6d1bINFmH12ACAJLDOwfFIZgmNHV/FGGk0YJyDP50HQ=";
};
};
};

7
systems/iriy/hardware.nix
View File

@@ -7,10 +7,7 @@
boot.kernelModules = [ "v4l2loopback" "kvm-amd" ];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.extraModulePackages = with config.boot.kernelPackages;
[ v4l2loopback ];
boot.extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="VCam" exclusive_caps=1
'';
[ v4l2loopback.out ];
boot.loader.systemd-boot.extraEntries = {
"00-windows.conf" = ''
@@ -24,7 +21,7 @@
fsType = "ext4";
};
fileSystems."/boot" = {
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/349E-5086";
fsType = "vfat";
};

32
systems/sandbox/cfg.nix
View File

@@ -6,7 +6,6 @@
defaultUser = "sora";
users = [{
username = "sora";
pubssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrrUB0KBjeAKPVG2Bdcm4mI9AMab7y97SOCdEHGogYv sora@gateway";
wm = "-";
git = {
email = "soraefir+git@helcel";
@@ -15,30 +14,27 @@
};
}];
make = {
gui = false;
cli = true;
virt = true;
power = false;
game = false;
develop = false;
};
net = {
wlp = { enable = false; };
wg = { enable = false; };
};
server = {
openssh = true;
web = true;
sops = true;
hostDomain = "test.helcel.net";
shortName = "testcel";
mailDomain = "test@helcel";
mailServer = "infomaniak.ch";
mailDomain = "mail.helcel.net";
mailServer = "mail.helcel.net";
dbHost = "localhost";
containers = {
#cloud = {enable = true;};
authentik = {
enable = true;
db = true;
ip = "10.88.0.125";
port = 9000 ;
};
};
dbPort = "3306";
configPath = "/home/media/config";
dataPath = "/home/media/data";
};
};
}

5
systems/sandbox/default.nix
View File

@@ -1,4 +1,9 @@
{ config, inputs, ... }: {
imports = [ ./hardware.nix ../../modules/server ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0GpKd62XMlO410/iYkNG8MHdGGaeMG3Gmsf3Pv3u2BllUzR9Dpym1ZOz2lwo3iK0FimcQpOiJqSIahO59HJl8jQ9BoQrJMXH7l2kuq1T09cMNWGjlzowg0LWKWOzoBzOwcheyW68OJGgkSfvk9BdshkUYTLVBXjiI9jo/8Qkcv1WLJJvJmDBDwnbYDQpODXCEDQ/t3YVubb+ocLmh40sDUffJLWZQXN6OFW9N5XxnvY7K5x9ci9GU4Reei40K8yDw2Hgi0njzijRdzie3MJlKPPawJ2TATu9LsGuxfx8bJXVx+mNxP0lhO8dOOhP7p0ozTxlJJY9ZWaKgOz3SzYNCgJ1gH7NtTBtSruXd6pfmErUmuJEAeMD6+QF3yJ5tnVFNPoSHqjP+oL3CgSRpmuvn7ChSSI3J3UVhLux165VtwIL7UhosO2mCqmn0Yk2mSBkB/L4ZiWFmO3vYdagYNQX7xZHzCJ5my8vomiT+DUGb2h/o1NetKwIZJiFAuHxKt3k= sora@valinor"
];
}

21
systems/sandbox/hardware.nix
View File

@@ -1,27 +1,14 @@
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix" ) ];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.kernelPackages = pkgs.linuxPackages_latest;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.grub = {
enable = true;
device = "/dev/sda";
#efiSupport = true;
};
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/abc944c6-484a-4abe-a675-906e3781d71f";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C555-300B";
fsType = "vfat";
options = [ "defaults" ];
device = "/dev/sda3";
fsType = "btrfs";
};
}

2
systems/valinor/cfg.nix
View File

@@ -6,7 +6,6 @@
defaultUser = "sora";
users = [{
username = "sora";
pubssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCZibVYTvS4Dd+ZhGCpRpKfxs1fQeepNTzfzYk9I12Hyez25pQCeH+6ArrVhf6yX5Na1ffkvqTrNIDYJ1V2GHhemX0ruYp2B3xt229JszI7DeRC7YeG7v5uvsfTgicADCstGPSNorKXuNnHuBebSHpmWWbuKrYZdmcA/Az7H8uwF5+VQrnyASgZgwGV94MHinFVWsisB7o6iq4qxqpsUdtuZGbU0stDE5f9DLMDYuUxtx+jASRt+X60Bzjv3OFjU/b/YYzojTtuujkYXunNNTceCB4DTue5YMKQOlmd/IezL5nPAK9IsonPqojX9LPk2RvTCr4qalQ6AD92nq+xMW6FY1uJaKT81S8TvZcaqTm4FhEDkChuFq77biSUDhQkpcdNVOjUn5OtKpYl+0VkCaAx/8uyoylBacrn1XXLLg+gjwGCFHa2eeNu/BKIUa+5EK/FRwLpnEoPDkAHQ95JXQewChcUKG8A+Bz29XRKr9J64kbbGmwa+yjlVTPLSE6ZZE= sora@valinor";
wm = "Wayland";
git = {
email = "soraefir+git@helcel";
@@ -32,7 +31,6 @@
enable = true;
ip4 = "10.10.1.5/32";
ip6 = "fd10:10:10::5/128";
pubkey = "EUYd/dMdGcbxiWJXHhQhCXV00cr87pxiW1HExwCTGg0=";
};
};
};

Some files were not shown because too many files have changed in this diff Show More