macronova/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Reformat with alejandra

Browse source
This commit is contained in:
Invariantspace 2024-08-14 11:14:20 -07:00
parent 7b2b5b3b80
commit 52a81ddb21
No known key found for this signature in database
GPG key ID: EBC4A20067373921
53 changed files with 764 additions and 746 deletions
Download patch file Download diff file Expand all files Collapse all files

12
common/constants.nix
View file

@ -1,5 +1,8 @@
{ config, lib, ... }: {
config,
lib,
...
}:
with lib; { with lib; {
options.constants = { options.constants = {
domain = mkOption { domain = mkOption {
@ -50,7 +53,10 @@ with lib; {
}; };
privateKeyFiles = mkOption { privateKeyFiles = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = if config.services.openssh.enable then builtins.map (key: key.path) config.services.openssh.hostKeys else [ "/root/.ssh/${config.networking.hostName}" ]; default =
if config.services.openssh.enable
then builtins.map (key: key.path) config.services.openssh.hostKeys
else ["/root/.ssh/${config.networking.hostName}"];
description = '' description = ''
The private key files for sops. The private key files for sops.
''; '';

6
common/default.nix
View file

@ -1,6 +1,4 @@
{ inputs, ... }: {inputs, ...}: {
{
imports = with inputs; [ imports = with inputs; [
home-manager.nixosModules.default home-manager.nixosModules.default
sops-nix.nixosModules.default sops-nix.nixosModules.default
@ -9,5 +7,5 @@
./users.nix ./users.nix
]; ];
home-manager.sharedModules = [ inputs.plasma-manager.homeManagerModules.plasma-manager ]; home-manager.sharedModules = [inputs.plasma-manager.homeManagerModules.plasma-manager];
} }

4
common/secrets.nix
View file

@ -1,6 +1,4 @@
{ config, ... }: {config, ...}: {
{
sops = with config.constants; { sops = with config.constants; {
age.sshKeyPaths = privateKeyFiles; age.sshKeyPaths = privateKeyFiles;
defaultSopsFile = sopsFile; defaultSopsFile = sopsFile;

388
common/users.nix
View file

@ -1,18 +1,19 @@
{ config, pkgs, ... }: {
config,
let pkgs,
...
}: let
home = config.constants.homeDir; home = config.constants.homeDir;
usr = config.constants.userName; usr = config.constants.userName;
usrPwdFile = "users/${usr}/password"; usrPwdFile = "users/${usr}/password";
in in {
{
console.enable = false; console.enable = false;
fonts = { fonts = {
fontDir.enable = true; fontDir.enable = true;
fontconfig.defaultFonts = { fontconfig.defaultFonts = {
sansSerif = [ "Inter" "Noto Sans CJK SC" ]; sansSerif = ["Inter" "Noto Sans CJK SC"];
monospace = [ "Iosevka" "Noto Sans Mono CJK SC" ]; monospace = ["Iosevka" "Noto Sans Mono CJK SC"];
}; };
packages = with pkgs; [ packages = with pkgs; [
inter inter
@ -24,182 +25,209 @@ in
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users.${usr} = { config, osConfig, pkgs, ... }: users.${usr} = {
{ config,
home = { osConfig,
file.kvantum = { pkgs,
enable = config.programs.plasma.enable; ...
target = ".config/Kvantum/kvantum.kvconfig"; }: {
text = '' home = {
[General] file.kvantum = {
theme=Sweet-Ambar-Blue enable = config.programs.plasma.enable;
''; target = ".config/Kvantum/kvantum.kvconfig";
}; text = ''
packages = with pkgs; [ [General]
theme=Sweet-Ambar-Blue
'';
};
packages = with pkgs;
[
alejandra
dua dua
fd fd
nil nil
nixpkgs-fmt
rclone rclone
sops sops
] ++ (if config.programs.plasma.enable then [ ]
sweet-ambar-blue ++ (
wallpaper-engine-plasma6-plugin if config.programs.plasma.enable
yorha-sound-theme then
] ++ (with kdePackages; [ [
qtmultimedia sweet-ambar-blue
qtstyleplugin-kvantum wallpaper-engine-plasma6-plugin
qtwebchannel yorha-sound-theme
qtwebengine ]
qtwebsockets ++ (with kdePackages; [
]) else [ ]); qtmultimedia
stateVersion = osConfig.system.stateVersion; qtstyleplugin-kvantum
}; qtwebchannel
programs = { qtwebengine
bat.enable = true; qtwebsockets
bottom.enable = true; ])
direnv = { else []
enable = true; );
nix-direnv.enable = true; stateVersion = osConfig.system.stateVersion;
};
eza.enable = true;
fish.enable = true;
fzf.enable = true;
git = {
enable = true;
extraConfig = {
core.autocrlf = "input";
init.defaultBranch = "development";
pull.rebase = false;
push.autoSetupRemote = true;
};
ignores = [
".direnv"
".envrc"
];
userEmail = osConfig.constants.postMaster;
userName = osConfig.constants.userName;
};
helix = {
enable = true;
defaultEditor = true;
settings = {
editor = {
lsp.display-inlay-hints = true;
soft-wrap.enable = true;
};
theme = "base16_transparent";
};
};
plasma = {
input.touchpads = [
{
enable = false;
name = "ASUE120A:00 04F3:319B Touchpad";
productId = "319B";
vendorId = "04F3";
}
];
kscreenlocker = {
autoLock = true;
lockOnResume = true;
passwordRequired = true;
appearance.wallpaperPictureOfTheDay.provider = "bing";
};
kwin = {
effects = {
blur.enable = true;
desktopSwitching.animation = "slide";
dimAdminMode.enable = true;
windowOpenClose.animation = "glide";
};
scripts.polonium = {
enable = true;
settings.layout.engine = "binaryTree";
};
virtualDesktops = {
number = 4;
rows = 1;
};
};
overrideConfig = true;
panels = [
{
floating = false;
height = 36;
widgets = [
{
kickoff = {
icon = "nix-snowflake-white";
sortAlphabetically = true;
};
}
"org.kde.plasma.pager"
{
iconTasks.launchers = [];
}
"org.kde.plasma.marginsseparator"
{
systemTray.items = {
shown = [
"org.kde.kdeconnect"
];
hidden = [
"org.kde.plasma.battery"
"org.kde.plasma.bluetooth"
"org.kde.plasma.brightness"
"org.kde.plasma.devicenotifier"
"org.kde.plasma.manage-inputmethod"
"Fcitx"
];
};
}
"org.kde.plasma.digitalclock"
];
}
];
powerdevil.AC = {
autoSuspend.action = "nothing";
dimDisplay.enable = true;
powerButtonAction = "showLogoutScreen";
whenLaptopLidClosed = "turnOffScreen";
whenSleepingEnter = "standby";
};
spectacle.shortcuts.captureRectangularRegion = "Meta+Shift+S";
workspace = {
colorScheme = "SweetAmbarBlue";
desktop.icons = {
alignment = "left";
arrangement = "leftToRight";
lockInPlace = true;
sorting = {
foldersFirst = true;
mode = "type";
};
};
iconTheme = "Sweet-Rainbow";
lookAndFeel = "Sweet-Ambar-Blue";
soundTheme = "yorha";
};
};
ripgrep.enable = true;
starship = {
enable = true;
enableTransience = true;
};
tealdeer.enable = true;
zoxide = {
enable = true;
options = [ "--cmd cd" ];
};
};
xdg.enable = true;
}; };
programs = {
bat.enable = true;
bottom.enable = true;
direnv = {
enable = true;
nix-direnv.enable = true;
};
eza.enable = true;
firefox.enable = config.programs.plasma.enable;
fish.enable = true;
fzf.enable = true;
git = {
enable = true;
extraConfig = {
core.autocrlf = "input";
init.defaultBranch = "development";
pull.rebase = false;
push.autoSetupRemote = true;
};
ignores = [
".direnv"
".envrc"
];
userEmail = osConfig.constants.postMaster;
userName = osConfig.constants.userName;
};
helix = {
enable = true;
defaultEditor = true;
settings = {
editor = {
lsp.display-inlay-hints = true;
soft-wrap.enable = true;
};
theme = "base16_transparent";
};
};
kitty = {
enable = config.programs.plasma.enable;
settings = {
background_opacity = "0.96";
remember_window_size = "no";
};
theme = "Tokyo Night Moon";
};
plasma = {
configFile = {
kded5rc.Module-browserintegrationreminder.autoload = false;
kdeglobals.General = {
TerminalApplication = "kitty";
TerminalService = "kitty.desktop";
};
};
input.touchpads = [
{
enable = false;
name = "ASUE120A:00 04F3:319B Touchpad";
productId = "319B";
vendorId = "04F3";
}
];
kscreenlocker = {
autoLock = true;
lockOnResume = true;
passwordRequired = true;
appearance.wallpaperPictureOfTheDay.provider = "bing";
};
kwin = {
effects = {
blur.enable = true;
desktopSwitching.animation = "slide";
dimAdminMode.enable = true;
windowOpenClose.animation = "glide";
};
scripts.polonium = {
enable = true;
settings.layout.engine = "binaryTree";
};
virtualDesktops = {
number = 4;
rows = 1;
};
};
overrideConfig = true;
panels = [
{
floating = false;
height = 36;
widgets = [
{
kickoff = {
icon = "nix-snowflake-white";
sortAlphabetically = true;
};
}
"org.kde.plasma.pager"
{
iconTasks.launchers = [];
}
"org.kde.plasma.marginsseparator"
{
systemTray.items = {
shown = [
"org.kde.kdeconnect"
];
hidden = [
"org.kde.plasma.battery"
"org.kde.plasma.bluetooth"
"org.kde.plasma.brightness"
"org.kde.plasma.devicenotifier"
"org.kde.plasma.manage-inputmethod"
"Fcitx"
];
};
}
"org.kde.plasma.digitalclock"
];
}
];
powerdevil.AC = {
autoSuspend.action = "nothing";
dimDisplay.enable = true;
powerButtonAction = "showLogoutScreen";
whenLaptopLidClosed = "turnOffScreen";
whenSleepingEnter = "standby";
};
spectacle.shortcuts.captureRectangularRegion = "Meta+Shift+S";
workspace = {
colorScheme = "SweetAmbarBlue";
desktop.icons = {
alignment = "left";
arrangement = "leftToRight";
lockInPlace = true;
sorting = {
foldersFirst = true;
mode = "type";
};
};
iconTheme = "Sweet-Rainbow";
lookAndFeel = "Sweet-Ambar-Blue";
soundTheme = "yorha";
};
};
ripgrep.enable = true;
starship = {
enable = true;
enableTransience = true;
};
tealdeer.enable = true;
zoxide = {
enable = true;
options = ["--cmd cd"];
};
};
};
}; };
i18n = { i18n = {
defaultLocale = "zh_CN.UTF-8"; defaultLocale = "zh_CN.UTF-8";
supportedLocales = [ "all" ]; supportedLocales = ["all"];
}; };
programs = { programs = {
@ -209,12 +237,14 @@ in
services = { services = {
openssh = { openssh = {
hostKeys = [{ hostKeys = [
comment = "host@${config.networking.hostName}"; {
path = "/etc/ssh/host"; comment = "host@${config.networking.hostName}";
rounds = 100; path = "/etc/ssh/host";
type = "ed25519"; rounds = 100;
}]; type = "ed25519";
}
];
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;

84
flake.nix
View file

@ -13,47 +13,51 @@
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
}; };
outputs = inputs@{ self, nixpkgs, nix-custom, ... }: outputs = inputs @ {
let self,
linuxCfgDir = ./linux; nixpkgs,
templateDir = ./template; nix-custom,
in ...
{ }: let
nixosConfigurations = builtins.mapAttrs linuxCfgDir = ./linux;
(instance: _: templateDir = ./template;
nixpkgs.lib.nixosSystem ({ in {
modules = [ nixosConfigurations =
# Import config from folder builtins.mapAttrs
(linuxCfgDir + "/${instance}") (instance: _:
# Setup Nix nixpkgs.lib.nixosSystem {
({ pkgs, ... }: { modules = [
networking.hostName = instance; # Import config from folder
nix = { (linuxCfgDir + "/${instance}")
gc = { # Setup Nix
automatic = true; ({pkgs, ...}: {
options = "--delete-older-than 30d"; networking.hostName = instance;
}; nix = {
settings = { gc = {
auto-optimise-store = true; automatic = true;
experimental-features = [ "nix-command" "flakes" ]; options = "--delete-older-than 30d";
trusted-substituters = [ "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" ];
};
}; };
nixpkgs = { settings = {
config.allowUnfree = true; auto-optimise-store = true;
overlays = [ nix-custom.overlays.default ]; experimental-features = ["nix-command" "flakes"];
trusted-substituters = ["https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"];
}; };
}) };
]; nixpkgs = {
specialArgs = { inherit inputs; }; config.allowUnfree = true;
})) overlays = [nix-custom.overlays.default];
(builtins.readDir linuxCfgDir); };
templates = builtins.mapAttrs })
(template: _: { ];
path = templateDir + "/${template}"; specialArgs = {inherit inputs;};
description = "Template flake setup: ${template}";
}) })
(builtins.readDir templateDir); (builtins.readDir linuxCfgDir);
}; templates =
builtins.mapAttrs
(template: _: {
path = templateDir + "/${template}";
description = "Template flake setup: ${template}";
})
(builtins.readDir templateDir);
};
} }

12
linux/blitzar/configuration.nix
View file

@ -1,16 +1,15 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{pkgs, ...}: {
{ pkgs, ... }:
{
# Configure boot # Configure boot
boot = { boot = {
initrd.systemd.enable = true; initrd.systemd.enable = true;
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
grub = let yorha = pkgs.yorha-grub-theme; in { grub = let
yorha = pkgs.yorha-grub-theme;
in {
enable = true; enable = true;
device = "nodev"; device = "nodev";
efiSupport = true; efiSupport = true;
@ -22,7 +21,7 @@
enable = true; enable = true;
extraConfig = "DeviceScale=1"; extraConfig = "DeviceScale=1";
theme = "target_2"; theme = "target_2";
themePackages = [ pkgs.adi1090x-plymouth-themes ]; themePackages = [pkgs.adi1090x-plymouth-themes];
}; };
}; };
@ -46,4 +45,3 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment? system.stateVersion = "24.05"; # Did you read the comment?
} }

4
linux/blitzar/default.nix
View file

@ -1,6 +1,4 @@
{ inputs, ... }: {inputs, ...}: {
{
imports = with inputs; [ imports = with inputs; [
disko.nixosModules.default disko.nixosModules.default
hardware.nixosModules.asus-zephyrus-ga402 hardware.nixosModules.asus-zephyrus-ga402

23
linux/blitzar/device.nix
View file

@ -1,15 +1,16 @@
{ config, pkgs, ... }:
let
usr = config.constants.userName;
in
{ {
config,
pkgs,
...
}: let
usr = config.constants.userName;
in {
hardware = { hardware = {
bluetooth.enable = true; bluetooth.enable = true;
graphics.enable = true; graphics.enable = true;
openrazer = { openrazer = {
enable = true; enable = true;
users = [ usr ]; users = [usr];
}; };
}; };
@ -32,7 +33,7 @@ in
kanata = { kanata = {
enable = true; enable = true;
keyboards.core = { keyboards.core = {
devices = [ "/dev/input/by-id/usb-ASUSTeK_Computer_Inc._N-KEY_Device-if02-event-kbd" ]; devices = ["/dev/input/by-id/usb-ASUSTeK_Computer_Inc._N-KEY_Device-if02-event-kbd"];
config = '' config = ''
(defsrc (defsrc
esc f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 del esc f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 del
@ -46,7 +47,7 @@ in
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ @li _ _ _ _ _ _ _ _ @li _ _ _
) )
@ -54,7 +55,7 @@ in
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX @lb XX @lm XX XX XX XX XX XX XX XX XX XX @lb XX @lm XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
) )
@ -62,7 +63,7 @@ in
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX prev next XX XX XX XX XX XX XX XX XX XX XX prev next XX XX XX
XX XX XX pp XX @li XX XX XX XX XX XX pp XX @li XX XX XX
) )
@ -86,7 +87,7 @@ in
printing.enable = true; printing.enable = true;
}; };
users.users.${usr}.extraGroups = [ "adbusers" "cdrom" ]; users.users.${usr}.extraGroups = ["adbusers" "cdrom"];
virtualisation = { virtualisation = {
containers.enable = true; containers.enable = true;

4
linux/blitzar/disko.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
disko.devices = { disko.devices = {
# Partition the physical disk # Partition the physical disk
disk.storage = { disk.storage = {

206
linux/blitzar/gui.nix
View file

@ -1,9 +1,19 @@
{ config, pkgs, ... }: {
config,
let usr = config.constants.userName; in { pkgs,
home-manager.users.${usr} = { config, pkgs, ... }: ...
let xdgCfg = config.xdg; in { }: let
home.packages = with pkgs; [ usr = config.constants.userName;
in {
home-manager.users.${usr} = {
config,
pkgs,
...
}: let
xdgCfg = config.xdg;
in {
home.packages = with pkgs;
[
feishin feishin
hunspell hunspell
hunspellDicts.en-us-large hunspellDicts.en-us-large
@ -20,114 +30,106 @@ let usr = config.constants.userName; in {
thunderbird thunderbird
winetricks winetricks
wineWowPackages.stagingFull wineWowPackages.stagingFull
] ++ (with kdePackages; [ ]
++ (with kdePackages; [
k3b k3b
kdepim-addons kdepim-addons
merkuro merkuro
]); ]);
programs = { programs = {
firefox.enable = true; git.signing = {
git.signing = { key = "0x6A815D4CB1637AAC";
key = "0x6A815D4CB1637AAC"; signByDefault = true;
signByDefault = true;
};
gpg = {
enable = true;
homedir = "${xdgCfg.dataHome}/gnupg";
};
kitty = {
enable = true;
settings = {
background_opacity = "0.96";
remember_window_size = "no";
};
theme = "Tokyo Night Moon";
};
mpv = {
enable = true;
config = {
osd-bar = "no";
border = "no";
};
scripts = with pkgs.mpvScripts; [
mpris
thumbfast
uosc
vr-reversal
];
};
obs-studio.enable = true;
plasma.enable = true;
zathura = {
enable = true;
options = {
completion-bg = "#504945";
completion-fg = "#ebdbb2";
completion-group-bg = "#3c3836";
completion-group-fg = "#928374";
completion-highlight-bg = "#83a598";
completion-highlight-fg = "#504945";
default-bg = "#1d2021";
default-fg = "#ebdbb2";
highlight-active-color = "#fe8019";
highlight-color = "#fabd2f";
index-active-bg = "#83a598";
index-active-fg = "#504945";
index-bg = "#504945";
index-fg = "#ebdbb2";
inputbar-bg = "#1d2021";
inputbar-fg = "#ebdbb2";
notification-bg = "#1d2021";
notification-error-bg = "#1d2021";
notification-error-fg = "#fb4934";
notification-fg = "#b8bb26";
notification-warning-bg = "#1d2021";
notification-warning-fg = "#fabd2f";
recolor = "true";
recolor-darkcolor = "#ebdbb2";
recolor-keephue = "true";
recolor-lightcolor = "#1d2021";
render-loading = "true";
render-loading-bg = "#1d2021";
render-loading-fg = "#ebdbb2";
selection-clipboard = "clipboard";
statusbar-bg = "#504945";
statusbar-fg = "#ebdbb2";
};
};
}; };
services = { gpg = {
easyeffects.enable = true; enable = true;
gpg-agent = { homedir = "${xdgCfg.dataHome}/gnupg";
enable = true; };
pinentryPackage = pkgs.pinentry-qt; mpv = {
enable = true;
config = {
osd-bar = "no";
border = "no";
}; };
xsettingsd = { scripts = with pkgs.mpvScripts; [
enable = true; mpris
settings = { thumbfast
"Gdk/UnscaledDPI" = 98304; uosc
"Gdk/WindowScalingFactor" = 2; vr-reversal
"Gtk/EnableAnimations" = 1; ];
"Gtk/DecorationLayout" = "icon:minimize,maximize,close"; };
"Net/ThemeName" = "Sweet-Ambar-Blue"; obs-studio.enable = true;
"Gtk/PrimaryButtonWarpsSlider" = 1; plasma.enable = true;
"Gtk/ToolbarStyle" = 3; zathura = {
"Gtk/MenuImages" = 1; enable = true;
"Gtk/ButtonImages" = 1; options = {
"Gtk/CursorThemeSize" = 96; completion-bg = "#504945";
"Gtk/CursorThemeName" = "Sweet-cursors"; completion-fg = "#ebdbb2";
"Net/SoundThemeName" = "yorha"; completion-group-bg = "#3c3836";
"Net/IconThemeName" = "Sweet-Rainbow"; completion-group-fg = "#928374";
"Gtk/FontName" = "Noto Sans, 10"; completion-highlight-bg = "#83a598";
}; completion-highlight-fg = "#504945";
default-bg = "#1d2021";
default-fg = "#ebdbb2";
highlight-active-color = "#fe8019";
highlight-color = "#fabd2f";
index-active-bg = "#83a598";
index-active-fg = "#504945";
index-bg = "#504945";
index-fg = "#ebdbb2";
inputbar-bg = "#1d2021";
inputbar-fg = "#ebdbb2";
notification-bg = "#1d2021";
notification-error-bg = "#1d2021";
notification-error-fg = "#fb4934";
notification-fg = "#b8bb26";
notification-warning-bg = "#1d2021";
notification-warning-fg = "#fabd2f";
recolor = "true";
recolor-darkcolor = "#ebdbb2";
recolor-keephue = "true";
recolor-lightcolor = "#1d2021";
render-loading = "true";
render-loading-bg = "#1d2021";
render-loading-fg = "#ebdbb2";
selection-clipboard = "clipboard";
statusbar-bg = "#504945";
statusbar-fg = "#ebdbb2";
}; };
}; };
}; };
services = {
easyeffects.enable = true;
gpg-agent = {
enable = true;
pinentryPackage = pkgs.pinentry-qt;
};
xsettingsd = {
enable = true;
settings = {
"Gdk/UnscaledDPI" = 98304;
"Gdk/WindowScalingFactor" = 2;
"Gtk/EnableAnimations" = 1;
"Gtk/DecorationLayout" = "icon:minimize,maximize,close";
"Net/ThemeName" = "Sweet-Ambar-Blue";
"Gtk/PrimaryButtonWarpsSlider" = 1;
"Gtk/ToolbarStyle" = 3;
"Gtk/MenuImages" = 1;
"Gtk/ButtonImages" = 1;
"Gtk/CursorThemeSize" = 96;
"Gtk/CursorThemeName" = "Sweet-cursors";
"Net/SoundThemeName" = "yorha";
"Net/IconThemeName" = "Sweet-Rainbow";
"Gtk/FontName" = "Noto Sans, 10";
};
};
};
};
i18n.inputMethod = { i18n.inputMethod = {
enable = true; enable = true;
type = "fcitx5"; type = "fcitx5";
fcitx5.addons = with pkgs; [ fcitx5-nord fcitx5-rime ]; fcitx5.addons = with pkgs; [fcitx5-nord fcitx5-rime];
}; };
programs = { programs = {
@ -148,7 +150,7 @@ let usr = config.constants.userName; in {
}; };
xserver = { xserver = {
enable = true; enable = true;
videoDrivers = [ "amdgpu" ]; videoDrivers = ["amdgpu"];
}; };
}; };
} }

23
linux/blitzar/hardware-configuration.nix
View file

@ -1,18 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ lib,
(modulesPath + "/installer/scan/not-detected.nix") pkgs,
]; modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ]; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

4
linux/blitzar/network.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
networking = { networking = {
hostId = "30f8f777"; hostId = "30f8f777";
networkmanager = { networkmanager = {

11
linux/blitzar/syncthing.nix
View file

@ -1,24 +1,21 @@
{ ... }: {...}: {
{
services.syncthing = { services.syncthing = {
enable = true; enable = true;
settings.folders = { settings.folders = {
game-data = { game-data = {
devices = [ "protostar" ]; devices = ["protostar"];
path = "~/Game/data"; path = "~/Game/data";
type = "sendonly"; type = "sendonly";
}; };
game-save = { game-save = {
devices = [ "protostar" ]; devices = ["protostar"];
path = "~/Game/save"; path = "~/Game/save";
}; };
music = { music = {
devices = [ "nebula" ]; devices = ["nebula"];
path = "~/Music"; path = "~/Music";
type = "sendonly"; type = "sendonly";
}; };
}; };
}; };
} }

4
linux/blitzar/tailscale.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
services.tailscale = { services.tailscale = {
enable = true; enable = true;
port = 22276; port = 22276;

60
linux/blitzar/zfs.nix
View file

@ -1,6 +1,8 @@
{ config, lib, ... }:
{ {
config,
lib,
...
}: {
boot = { boot = {
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
loader.grub.zfsSupport = true; loader.grub.zfsSupport = true;
@ -15,60 +17,71 @@
enable = true; enable = true;
settings = { settings = {
global = { global = {
logging = [{ logging = [
type = "syslog"; {
level = "info"; type = "syslog";
format = "human"; level = "info";
}]; format = "human";
}
];
}; };
jobs = [ jobs = [
{ {
name = "snapshot"; name = "snapshot";
type = "snap"; type = "snap";
filesystems = { "zroot/main/home" = true; }; filesystems = {"zroot/main/home" = true;};
snapshotting = { snapshotting = {
type = "periodic"; type = "periodic";
prefix = "zrepl-"; prefix = "zrepl-";
interval = "1h"; interval = "1h";
}; };
pruning = { pruning = {
keep = [{ keep = [
type = "grid"; {
regex = "^zrepl-.*"; type = "grid";
grid = lib.concatStringsSep " | " [ "1x1h(keep=all)" "24x1h" "7x1d" "4x1w" ]; regex = "^zrepl-.*";
}]; grid = lib.concatStringsSep " | " ["1x1h(keep=all)" "24x1h" "7x1d" "4x1w"];
}
];
}; };
} }
{ {
name = "push-to-local-drive"; name = "push-to-local-drive";
type = "push"; type = "push";
send = { encrypted = true; }; send = {encrypted = true;};
connect = { connect = {
type = "local"; type = "local";
listener_name = "sink-to-local-drive"; listener_name = "sink-to-local-drive";
client_identity = config.networking.hostName; client_identity = config.networking.hostName;
}; };
filesystems = { "zroot/main/home" = true; }; filesystems = {"zroot/main/home" = true;};
replication = { replication = {
protection = { protection = {
initial = "guarantee_resumability"; initial = "guarantee_resumability";
incremental = "guarantee_incremental"; incremental = "guarantee_incremental";
}; };
}; };
snapshotting = { type = "manual"; }; snapshotting = {type = "manual";};
pruning = { pruning = {
keep_sender = [{ type = "regex"; regex = ".*"; }]; keep_sender = [
keep_receiver = [{ {
type = "grid"; type = "regex";
regex = "^zrepl-.*"; regex = ".*";
grid = lib.concatStringsSep " | " [ "1x1h(keep=all)" "365x1d" "52x1w" ]; }
}]; ];
keep_receiver = [
{
type = "grid";
regex = "^zrepl-.*";
grid = lib.concatStringsSep " | " ["1x1h(keep=all)" "365x1d" "52x1w"];
}
];
}; };
} }
{ {
name = "sink-to-local-drive"; name = "sink-to-local-drive";
type = "sink"; type = "sink";
recv = { placeholder = { encryption = "off"; }; }; recv = {placeholder = {encryption = "off";};};
root_fs = "zbackup"; root_fs = "zbackup";
serve = { serve = {
type = "local"; type = "local";
@ -79,4 +92,3 @@
}; };
}; };
} }

5
linux/comet/configuration.nix
View file

@ -1,10 +1,7 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{...}: {
{ ... }:
{
# Configure boot loader # Configure boot loader
boot.loader = { boot.loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;

4
linux/comet/default.nix
View file

@ -1,6 +1,4 @@
{ inputs, ... }: {inputs, ...}: {
{
imports = with inputs; [ imports = with inputs; [
hardware.nixosModules.common-cpu-intel hardware.nixosModules.common-cpu-intel
../../common ../../common

43
linux/comet/hardware-configuration.nix
View file

@ -1,32 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ lib,
(modulesPath + "/installer/scan/not-detected.nix") pkgs,
]; modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "uas" "sd_mod" "sdhci_acpi" ]; boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "uas" "sd_mod" "sdhci_acpi"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/9f65c4b3-1c87-42a0-8c1d-f3c1ff2e71b1";
device = "/dev/disk/by-uuid/9f65c4b3-1c87-42a0-8c1d-f3c1ff2e71b1"; fsType = "ext4";
fsType = "ext4"; };
};
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/1C5A-E5B5";
device = "/dev/disk/by-uuid/1C5A-E5B5"; fsType = "vfat";
fsType = "vfat"; };
};
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

4
linux/comet/network.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
networking = { networking = {
hostId = "3ddd2ad2"; hostId = "3ddd2ad2";
nftables.enable = true; nftables.enable = true;

4
linux/comet/tailscale.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
services.tailscale = { services.tailscale = {
enable = true; enable = true;
port = 12765; port = 12765;

4
linux/nebula/conduit.nix
View file

@ -1,6 +1,4 @@
{ config, ... }: {config, ...}: {
{
services.matrix-conduit = { services.matrix-conduit = {
enable = true; enable = true;
settings.global = with config.constants; { settings.global = with config.constants; {

6
linux/nebula/configuration.nix
View file

@ -1,10 +1,7 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{...}: {
{ ... }:
{
# Configure boot loader # Configure boot loader
boot.loader = { boot.loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
@ -22,4 +19,3 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment? system.stateVersion = "24.05"; # Did you read the comment?
} }

4
linux/nebula/default.nix
View file

@ -1,6 +1,4 @@
{ inputs, ... }: {inputs, ...}: {
{
imports = with inputs; [ imports = with inputs; [
disko.nixosModules.default disko.nixosModules.default
hardware.nixosModules.common-cpu-amd hardware.nixosModules.common-cpu-amd

5
linux/nebula/disko.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
disko.devices = { disko.devices = {
# Partition the physical disk # Partition the physical disk
disk.storage = { disk.storage = {
@ -77,5 +75,4 @@
}; };
}; };
}; };
} }

4
linux/nebula/forgejo.nix
View file

@ -1,6 +1,4 @@
{ config, ... }: {config, ...}: {
{
services.forgejo = { services.forgejo = {
enable = true; enable = true;
settings = { settings = {

23
linux/nebula/hardware-configuration.nix
View file

@ -1,18 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ lib,
(modulesPath + "/installer/scan/not-detected.nix") pkgs,
]; modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "uas" "sd_mod" ]; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "uas" "sd_mod"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

15
linux/nebula/jellyfin.nix
View file

@ -1,11 +1,12 @@
{ config, pkgs, ... }: {
config,
let pkgs,
...
}: let
const = config.constants; const = config.constants;
ports = const.port; ports = const.port;
usr = const.userName; usr = const.userName;
in in {
{
hardware.graphics.enable = true; hardware.graphics.enable = true;
services = { services = {
@ -38,7 +39,7 @@ in
}; };
}; };
sops.secrets.aria2 = { }; sops.secrets.aria2 = {};
users.users.${usr}.extraGroups = [ config.systemd.services.aria2.serviceConfig.Group ]; users.users.${usr}.extraGroups = [config.systemd.services.aria2.serviceConfig.Group];
} }

6
linux/nebula/network.nix
View file

@ -1,8 +1,6 @@
{ config, ... }: {config, ...}: {
{
networking = { networking = {
firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; firewall.trustedInterfaces = [config.services.tailscale.interfaceName];
hostId = "e6449321"; hostId = "e6449321";
networkmanager = { networkmanager = {
enable = true; enable = true;

6
linux/nebula/syncthing.nix
View file

@ -1,10 +1,8 @@
{ ... }: {...}: {
{
services.syncthing = { services.syncthing = {
enable = true; enable = true;
settings.folders.music = { settings.folders.music = {
devices = [ "blitzar" ]; devices = ["blitzar"];
path = "~/Music"; path = "~/Music";
type = "receiveonly"; type = "receiveonly";
}; };

4
linux/nebula/tailscale.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
services.tailscale = { services.tailscale = {
enable = true; enable = true;
port = 25555; port = 25555;

4
linux/nebula/writefreely.nix
View file

@ -1,6 +1,4 @@
{ config, ... }: {config, ...}: {
{
services.writefreely = with config.constants; { services.writefreely = with config.constants; {
enable = true; enable = true;
host = "writefreely.${domain}"; host = "writefreely.${domain}";

7
linux/nebula/zfs.nix
View file

@ -1,7 +1,4 @@
{ config, ... }: {config, ...}: {
{
boot = { boot = {
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
loader.grub.zfsSupport = true; loader.grub.zfsSupport = true;
@ -11,6 +8,4 @@
autoScrub.enable = true; autoScrub.enable = true;
trim.enable = true; trim.enable = true;
}; };
} }

7
linux/protostar/configuration.nix
View file

@ -1,10 +1,7 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{...}: {
{ ... }:
{
# Configuration boot # Configuration boot
boot.loader = { boot.loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
@ -27,6 +24,4 @@
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment? system.stateVersion = "24.05"; # Did you read the comment?
} }

4
linux/protostar/default.nix
View file

@ -1,6 +1,4 @@
{ inputs, ... }: {inputs, ...}: {
{
imports = with inputs; [ imports = with inputs; [
disko.nixosModules.default disko.nixosModules.default
jovian.nixosModules.default jovian.nixosModules.default

5
linux/protostar/disko.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
disko.devices = { disko.devices = {
# Partition the physical disk # Partition the physical disk
disk.storage = { disk.storage = {
@ -69,5 +67,4 @@
}; };
}; };
}; };
} }

17
linux/protostar/gui.nix
View file

@ -1,10 +1,12 @@
{ config, inputs, pkgs, ... }: {
config,
let inputs,
pkgs,
...
}: let
usr = config.constants.userName; usr = config.constants.userName;
jovianPkgs = pkgs.extend inputs.jovian.overlays.default; jovianPkgs = pkgs.extend inputs.jovian.overlays.default;
in in {
{
home-manager.users.${usr} = { home-manager.users.${usr} = {
home.packages = with jovianPkgs; [ home.packages = with jovianPkgs; [
feishin feishin
@ -20,10 +22,7 @@ in
winetricks winetricks
wineWowPackages.stagingFull wineWowPackages.stagingFull
]; ];
programs = { programs.plasma.enable = true;
firefox.enable = true;
plasma.enable = true;
};
}; };
jovian = { jovian = {
devices.steamdeck = { devices.steamdeck = {

23
linux/protostar/hardware-configuration.nix
View file

@ -1,18 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ lib,
(modulesPath + "/installer/scan/not-detected.nix") pkgs,
]; modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ]; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

6
linux/protostar/network.nix
View file

@ -1,8 +1,6 @@
{ config, ... }: {config, ...}: {
{
networking = { networking = {
firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; firewall.trustedInterfaces = [config.services.tailscale.interfaceName];
hostId = "74247225"; hostId = "74247225";
networkmanager.enable = true; networkmanager.enable = true;
nftables.enable = true; nftables.enable = true;

8
linux/protostar/syncthing.nix
View file

@ -1,16 +1,14 @@
{ ... }: {...}: {
{
services.syncthing = { services.syncthing = {
enable = true; enable = true;
settings.folders = { settings.folders = {
game-data = { game-data = {
devices = [ "blitzar" ]; devices = ["blitzar"];
path = "~/Game/data"; path = "~/Game/data";
type = "receiveonly"; type = "receiveonly";
}; };
game-save = { game-save = {
devices = [ "blitzar" ]; devices = ["blitzar"];
path = "~/Game/save"; path = "~/Game/save";
}; };
}; };

4
linux/protostar/tailscale.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
services.tailscale = { services.tailscale = {
enable = true; enable = true;
port = 25172; port = 25172;

5
linux/protostar/zfs.nix
View file

@ -1,9 +1,6 @@
{ ... }: {...}: {
{
services.zfs = { services.zfs = {
autoScrub.enable = true; autoScrub.enable = true;
trim.enable = true; trim.enable = true;
}; };
} }

123
linux/singularity/caddy.nix
View file

@ -1,70 +1,72 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
services.caddy = { services.caddy = {
enable = true; enable = true;
email = config.constants.postMaster; email = config.constants.postMaster;
virtualHosts = virtualHosts = let
let dn = config.constants.domain;
dn = config.constants.domain; homeSrv = s: "nebula:${portStr.${s}}";
homeSrv = s: "nebula:${portStr.${s}}"; localSrv = s: "${config.constants.localhost}:${portStr.${s}}";
localSrv = s: "${config.constants.localhost}:${portStr.${s}}"; msfqdn = config.mailserver.fqdn;
msfqdn = config.mailserver.fqdn; mtfqdn = "matrix.${dn}";
mtfqdn = "matrix.${dn}"; portStr = builtins.mapAttrs (n: v: toString v) config.constants.port;
portStr = builtins.mapAttrs (n: v: toString v) config.constants.port; wn = s: "/.well-known/${s}";
wn = s: "/.well-known/${s}"; in {
in "${dn}".extraConfig = let
{ wnm = wn "matrix";
"${dn}".extraConfig = let wnm = wn "matrix"; in '' in ''
header ${wnm}/* Content-Type application/json header ${wnm}/* Content-Type application/json
header ${wnm}/* Access-Control-Allow-Origin * header ${wnm}/* Access-Control-Allow-Origin *
respond ${wnm}/server `{ "m.server": "${mtfqdn}:${portStr.https}" }` respond ${wnm}/server `{ "m.server": "${mtfqdn}:${portStr.https}" }`
respond ${wnm}/client `{ respond ${wnm}/client `{
"m.homeserver": { "base_url": "https://${mtfqdn}" }, "m.homeserver": { "base_url": "https://${mtfqdn}" },
"m.identity_server": { "base_url": "https://${mtfqdn}" } "m.identity_server": { "base_url": "https://${mtfqdn}" }
}` }`
''; '';
"aria2.${dn}".extraConfig = '' "aria2.${dn}".extraConfig = ''
reverse_proxy /jsonrpc ${homeSrv "aria2"} reverse_proxy /jsonrpc ${homeSrv "aria2"}
file_server { file_server {
root ${pkgs.ariang}/share/ariang root ${pkgs.ariang}/share/ariang
}
'';
"forgejo.${dn}".extraConfig = ''
reverse_proxy ${homeSrv "forgejo"}
'';
"headscale.${dn}".extraConfig = ''
reverse_proxy ${localSrv "headscale"}
'';
"jellyfin.${dn}".extraConfig = ''
reverse_proxy ${homeSrv "jellyfin"}
'';
"jellyseerr.${dn}".extraConfig = ''
reverse_proxy ${homeSrv "jellyseerr"}
'';
${msfqdn} = {
extraConfig = ''
file_server ${wn "acme-challenge"}/* {
root ${config.security.acme.defaults.webroot}/
} }
''; '';
"forgejo.${dn}".extraConfig = '' useACMEHost = msfqdn;
reverse_proxy ${homeSrv "forgejo"}
'';
"headscale.${dn}".extraConfig = ''
reverse_proxy ${localSrv "headscale"}
'';
"jellyfin.${dn}".extraConfig = ''
reverse_proxy ${homeSrv "jellyfin"}
'';
"jellyseerr.${dn}".extraConfig = ''
reverse_proxy ${homeSrv "jellyseerr"}
'';
${msfqdn} = {
extraConfig = ''
file_server ${wn "acme-challenge"}/* {
root ${config.security.acme.defaults.webroot}/
}
'';
useACMEHost = msfqdn;
};
"matrix.${dn}".extraConfig = ''
reverse_proxy /_matrix/* ${homeSrv "conduit"}
file_server {
root ${pkgs.cinny}
}
'';
"vault.${dn}".extraConfig = ''
reverse_proxy ${localSrv "vault"} {
header_up X-Real-IP {remote_host}
}
'';
"writefreely.${dn}".extraConfig = ''
reverse_proxy ${homeSrv "writefreely"}
'';
}; };
"matrix.${dn}".extraConfig = ''
reverse_proxy /_matrix/* ${homeSrv "conduit"}
file_server {
root ${pkgs.cinny}
}
'';
"vault.${dn}".extraConfig = ''
reverse_proxy ${localSrv "vault"} {
header_up X-Real-IP {remote_host}
}
'';
"writefreely.${dn}".extraConfig = ''
reverse_proxy ${homeSrv "writefreely"}
'';
};
}; };
security.acme = { security.acme = {
@ -74,5 +76,4 @@
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenge";
}; };
}; };
} }

5
linux/singularity/configuration.nix
View file

@ -1,7 +1,4 @@
{ ... }: {...}: {
{
boot = { boot = {
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
loader.grub.device = "/dev/sda"; loader.grub.device = "/dev/sda";

4
linux/singularity/default.nix
View file

@ -1,6 +1,4 @@
{ inputs, ... }: {inputs, ...}: {
{
imports = with inputs; [ imports = with inputs; [
mailserver.nixosModules.default mailserver.nixosModules.default
../../common ../../common

26
linux/singularity/hardware-configuration.nix
View file

@ -1,28 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
# boot.initrd.availableKernelModules = # boot.initrd.availableKernelModules =
# [ "ata_piix" "virtio_pci" "virtio_scsi" "sd_mod" ]; # [ "ata_piix" "virtio_pci" "virtio_scsi" "sd_mod" ];
# boot.initrd.kernelModules = [ ]; # boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
# fileSystems."/" = { # fileSystems."/" = {
# device = "/dev/disk/by-uuid/6d3bf8cd-1996-45fb-"; # device = "/dev/disk/by-uuid/6d3bf8cd-1996-45fb-";
# fsType = "ext4"; # fsType = "ext4";
# }; # };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = [ "nvme" ]; boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; }; fileSystems."/" = {
device = "/dev/sda3";
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

4
linux/singularity/headscale.nix
View file

@ -1,6 +1,4 @@
{ config, ... }: {config, ...}: {
{
services = { services = {
headscale = with config.constants; { headscale = with config.constants; {
enable = true; enable = true;

13
linux/singularity/mailserver.nix
View file

@ -1,24 +1,21 @@
{ config, ... }: {config, ...}: let
let
dn = config.constants.domain; dn = config.constants.domain;
usr = config.constants.userName; usr = config.constants.userName;
mailSecret = "mail/${usr}/password"; mailSecret = "mail/${usr}/password";
in in {
{
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "mail.${dn}"; fqdn = "mail.${dn}";
domains = [ dn ]; domains = [dn];
loginAccounts = { loginAccounts = {
"${usr}@${dn}" = { "${usr}@${dn}" = {
aliases = [ config.constants.postMaster ]; aliases = [config.constants.postMaster];
hashedPasswordFile = config.sops.secrets.${mailSecret}.path; hashedPasswordFile = config.sops.secrets.${mailSecret}.path;
}; };
}; };
certificateScheme = "acme"; certificateScheme = "acme";
}; };
sops.secrets.${mailSecret} = { }; sops.secrets.${mailSecret} = {};
} }

10
linux/singularity/network.nix
View file

@ -1,8 +1,8 @@
{ config, ... }: {config, ...}: let
hn = config.networking.hostName;
let hn = config.networking.hostName; in { in {
networking = { networking = {
firewall.allowedTCPPorts = with config.constants.port; [ http https ]; firewall.allowedTCPPorts = with config.constants.port; [http https];
hostId = "2cadb253"; hostId = "2cadb253";
nftables.enable = true; nftables.enable = true;
}; };
@ -16,5 +16,5 @@ let hn = config.networking.hostName; in {
openssh.enable = true; openssh.enable = true;
}; };
sops.secrets."cloudflare/${hn}" = { }; sops.secrets."cloudflare/${hn}" = {};
} }

8
linux/singularity/vaultwarden.nix
View file

@ -1,9 +1,9 @@
{ config, ... }: {config, ...}: {
{
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
config = let const = config.constants; in { config = let
const = config.constants;
in {
# Disable signup # Disable signup
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
# Specify service port # Specify service port

26
template/context/flake.nix
View file

@ -4,15 +4,19 @@
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
}; };
outputs = { self, flake-utils, nixpkgs }: outputs = {
flake-utils.lib.eachDefaultSystem (system: self,
let pkgs = nixpkgs.legacyPackages.${system}; flake-utils,
in { nixpkgs,
devShells.default = pkgs.mkShell { }:
packages = with pkgs; [ texlive.combined.scheme-full ]; flake-utils.lib.eachDefaultSystem (system: let
TEXMFHOME = "$XDG_DATA_HOME/texmf"; pkgs = nixpkgs.legacyPackages.${system};
TEXMFVAR = "$XDG_CACHE_HOME/texlive/texmf-var"; in {
EXMFCONFIG = "$XDG_CONFIG_HOME/texlive/texmf-config"; devShells.default = pkgs.mkShell {
}; packages = with pkgs; [texlive.combined.scheme-full];
}); TEXMFHOME = "$XDG_DATA_HOME/texmf";
TEXMFVAR = "$XDG_CACHE_HOME/texlive/texmf-var";
EXMFCONFIG = "$XDG_CONFIG_HOME/texlive/texmf-config";
};
});
} }

28
template/r/flake.nix
View file

@ -4,16 +4,20 @@
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
}; };
outputs = { self, flake-utils, nixpkgs }: outputs = {
flake-utils.lib.eachDefaultSystem (system: self,
let pkgs = nixpkgs.legacyPackages.${system}; flake-utils,
in { nixpkgs,
devShells.default = pkgs.mkShell { }:
packages = with pkgs; [ flake-utils.lib.eachDefaultSystem (system: let
(rWrapper.override { pkgs = nixpkgs.legacyPackages.${system};
packages = with rPackages; [ tidyverse ]; in {
}) devShells.default = pkgs.mkShell {
]; packages = with pkgs; [
}; (rWrapper.override {
}); packages = with rPackages; [tidyverse];
})
];
};
});
} }

171
template/rust/flake.nix
View file

@ -10,114 +10,129 @@
}; };
}; };
outputs = { self, crane, fenix, flake-utils, nixpkgs, advisory-db }: outputs = {
flake-utils.lib.eachDefaultSystem (system: self,
let crane,
pkgs = nixpkgs.legacyPackages.${system}; fenix,
fenixPkgs = fenix.packages.${system}; flake-utils,
craneLib = crane.mkLib pkgs; nixpkgs,
src = craneLib.path ./.; advisory-db,
}:
flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
fenixPkgs = fenix.packages.${system};
craneLib = crane.mkLib pkgs;
src = craneLib.path ./.;
# Common arguments can be set here to avoid repeating them later # Common arguments can be set here to avoid repeating them later
commonArgs = with pkgs; { commonArgs = with pkgs; {
inherit src; inherit src;
strictDeps = true; strictDeps = true;
buildInputs = [ buildInputs =
[
# Add additional build inputs here # Add additional build inputs here
] ++ lib.optionals stdenv.isDarwin [ ]
++ lib.optionals stdenv.isDarwin [
# Additional darwin specific inputs can be set here # Additional darwin specific inputs can be set here
libiconv libiconv
]; ];
# Additional environment variables can be set directly # Additional environment variables can be set directly
# MY_CUSTOM_VAR = "some value"; # MY_CUSTOM_VAR = "some value";
}; };
craneLibLLvmTools = craneLib.overrideToolchain craneLibLLvmTools =
(fenixPkgs.complete.withComponents [ craneLib.overrideToolchain
"cargo" (fenixPkgs.complete.withComponents [
"llvm-tools" "cargo"
"rustc" "llvm-tools"
]); "rustc"
]);
# Build *just* the cargo dependencies, so we can reuse # Build *just* the cargo dependencies, so we can reuse
# all of that work (e.g. via cachix) when running in CI # all of that work (e.g. via cachix) when running in CI
cargoArtifacts = craneLib.buildDepsOnly commonArgs; cargoArtifacts = craneLib.buildDepsOnly commonArgs;
# Build the actual crate itself, reusing the dependency # Build the actual crate itself, reusing the dependency
# artifacts from above. # artifacts from above.
crate = craneLib.buildPackage (commonArgs // { crate = craneLib.buildPackage (commonArgs
// {
inherit cargoArtifacts; inherit cargoArtifacts;
}); });
in in {
{ checks = {
checks = { # Build the crate as part of `nix flake check` for convenience
# Build the crate as part of `nix flake check` for convenience inherit crate;
inherit crate;
# Run clippy (and deny all warnings) on the crate source, # Run clippy (and deny all warnings) on the crate source,
# again, resuing the dependency artifacts from above. # again, resuing the dependency artifacts from above.
# #
# Note that this is done as a separate derivation so that # Note that this is done as a separate derivation so that
# we can block the CI if there are issues here, but not # we can block the CI if there are issues here, but not
# prevent downstream consumers from building our crate by itself. # prevent downstream consumers from building our crate by itself.
clippy = craneLib.cargoClippy (commonArgs // { clippy = craneLib.cargoClippy (commonArgs
// {
inherit cargoArtifacts; inherit cargoArtifacts;
cargoClippyExtraArgs = "--all-targets -- --deny warnings"; cargoClippyExtraArgs = "--all-targets -- --deny warnings";
}); });
doc = craneLib.cargoDoc (commonArgs // { doc = craneLib.cargoDoc (commonArgs
// {
inherit cargoArtifacts; inherit cargoArtifacts;
}); });
# Check formatting # Check formatting
fmt = craneLib.cargoFmt { fmt = craneLib.cargoFmt {
inherit src; inherit src;
}; };
# Audit dependencies # Audit dependencies
audit = craneLib.cargoAudit { audit = craneLib.cargoAudit {
inherit src advisory-db; inherit src advisory-db;
}; };
# Audit licenses # Audit licenses
deny = craneLib.cargoDeny { deny = craneLib.cargoDeny {
inherit src; inherit src;
}; };
# Run tests with cargo-nextest # Run tests with cargo-nextest
# Consider setting `doCheck = false` on `my-crate` if you do not want # Consider setting `doCheck = false` on `my-crate` if you do not want
# the tests to run twice # the tests to run twice
nextest = craneLib.cargoNextest (commonArgs // { nextest = craneLib.cargoNextest (commonArgs
// {
inherit cargoArtifacts; inherit cargoArtifacts;
partitions = 1; partitions = 1;
partitionType = "count"; partitionType = "count";
}); });
}; };
packages = { packages =
{
default = crate; default = crate;
} // pkgs.lib.optionalAttrs (!pkgs.stdenv.isDarwin) { }
my-crate-llvm-coverage = craneLibLLvmTools.cargoLlvmCov (commonArgs // { // pkgs.lib.optionalAttrs (!pkgs.stdenv.isDarwin) {
inherit cargoArtifacts; my-crate-llvm-coverage = craneLibLLvmTools.cargoLlvmCov (commonArgs
}); // {
inherit cargoArtifacts;
});
}; };
apps.default = flake-utils.lib.mkApp { apps.default = flake-utils.lib.mkApp {
drv = crate; drv = crate;
}; };
devShells.default = craneLib.devShell { devShells.default = craneLib.devShell {
# Inherit inputs from checks. # Inherit inputs from checks.
# Enable after Cargo.toml and Cargo.lock are present # Enable after Cargo.toml and Cargo.lock are present
# Consider customizing deny.toml # Consider customizing deny.toml
# checks = self.checks.${system}; # checks = self.checks.${system};
# Extra inputs can be added here; cargo and rustc are provided by default # Extra inputs can be added here; cargo and rustc are provided by default
packages = [ packages = [
fenixPkgs.rust-analyzer fenixPkgs.rust-analyzer
]; ];
RUST_SRC_PATH = "${fenixPkgs.complete.rust-src}/lib/rustlib/src/rust/library"; RUST_SRC_PATH = "${fenixPkgs.complete.rust-src}/lib/rustlib/src/rust/library";
}; };
}); });
} }

20
template/typst/flake.nix
View file

@ -4,12 +4,16 @@
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
}; };
outputs = { self, flake-utils, nixpkgs }: outputs = {
flake-utils.lib.eachDefaultSystem (system: self,
let pkgs = nixpkgs.legacyPackages.${system}; flake-utils,
in { nixpkgs,
devShells.default = pkgs.mkShell { }:
packages = with pkgs; [ typst ]; flake-utils.lib.eachDefaultSystem (system: let
}; pkgs = nixpkgs.legacyPackages.${system};
}); in {
devShells.default = pkgs.mkShell {
packages = with pkgs; [typst];
};
});
} }