macronova/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Clean branch

Browse source
This commit is contained in:
Invariantspace 2023-10-09 10:44:07 -07:00
commit de986accc2
42 changed files with 1959 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

26
LICENSE Normal file
View file

@ -0,0 +1,26 @@
MIT License
Copyright
(c) 2023
Macronova
Permission
is
hereby
granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

17
common/.sops.yaml Normal file
View file

@ -0,0 +1,17 @@
keys:
- &blitzar age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9
- &macronova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
- &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33
- &singularity age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *blitzar
- *macronova
- *nebula
- path_regex: auths.yaml$
key_groups:
- age:
- *macronova
- *singularity

39
common/auths.yaml Normal file
View file

@ -0,0 +1,39 @@
cloudflare:
singularity: ENC[AES256_GCM,data:pb2HNPTSAJ47oOeo77+lR1WrCpjMm8UtqOvHJWpKlnOcvw+2q2S2SpB3CbY5Ovp28Vq29paVUOnc5f2SZA==,iv:H5tf/Uq9uk4u0ZPxmW7UrgRXuHMGBU8KTMwnhODC7IQ=,tag:xvte0Rkh8Rgds6r5VIkTUA==,type:str]
mail:
macronova:
password: ENC[AES256_GCM,data:wJMS3WqmAMQiOiyDUvmwH6Bes4L8GZC/2MxXP23M+RUrN7esqQsaMXLksY/33TuopuekVAvW9K+D2go5quaxdZhB/cVrhXqIjLVLV6Wa+WkYlbeQvJ5ix3R40X455opndrCQCQslatzcgGxmMS8qj5j0UcOfng==,iv:jfo7REVvIDI9MiWRsBi4MoTHfO6lHY5oQI9WyUecnnQ=,tag:hrSHzh4DK5Skav6A3fwD5A==,type:str]
users:
root:
password: ENC[AES256_GCM,data:RhoImsE3Yjn5K6LYqedCew8vd2LXPvIMuY70nCGpQRyfpBfGL4yXMDXRtZtU3VPLlqvjkSGSzvgWta/pni83JdPxqYqRBPi0M/fEondL3Phpx4/xL9K4Fr7QZ3BDsWj07Wi/DKk+qvMFkAQhczJ3bePbCE723A==,iv:pWzCTJ4ahsBI8OYpL9Bd0k23ka0PCDZDP+yuxIfkbvk=,tag:fBy4ZQM30ny4Ab5fVbkMwg==,type:str]
xray:
config.json: ENC[AES256_GCM,data:OfdVi938yFyZxV9aXRmLcO6Yr/fwocu2msSUHXIfTZUn4D2lrQhZMCtdkJoZxI/4hCxPGGns9FlJ10++iVJTPAp0UyEV2f2bsWfR/K9X1oD0j0jSdF4V7bwXUeAFtdCJKcuZ8zj/7UrrUucQ3Pwg2iYrzkzyJq38qWu47mIv8N2ata+mS+mle66Fh2YX74pZ6BuziUGuZ6QSVjz/s/YvCfyhPQD1t4zAEjHD2/jigZ4ZKhE7HbdDt3/W1S8m5+DhWSf+INVjcQt+DU4buEz1jNrQQxZXJTR4ZtRQJI6/oUN6deQLQtzBIIL7dGlbsTKp9IW6bho4mP/u162muq0vNskUafawWwaSpdyRnqTzqRHuzA1JfsSJVc6awf+3N35VjCBNmLXOTsdl4GNXt4IA4sRNyXS3dnToW1V9Jbr4zuECsdm2XnnODvkc/wwbL0JG9uav9soerd+FZ/9LZ8ETvN/8UcbjuQtrdSwLvu+bKb/mkJ9k03/cZL0OPeSYvJo1tBjN+bR/r2WG0iQSLsIkZoIv4PfhjveBRitFHUeZYQAbVbxK+LbV5pzfb8Nbf7tMJyXBSBf1d364Z85Aj5+AgTTW7LQqKKSs9YuHsQSARBlqPBdXnh25nTgPfUIt/Z+PDE8ryxOW8vITvo8RJ6b15Y1niwwFFcfbpdn13r+/9exFaV48huVllZz3C7HpC57GBrMyIN34G2ZA/VQ7UW8LxJLxhaBDLj0jHHI/BzTsBvwzvWKWFbnIu1yKX9Nn9I+Qa4RSxfSbiLjGUkRelL6+ktzCZmUxx+DiUOITpQ2F36XBGbclZHKhBIJRoSYNPGP6BKB/7s3l2pk5MZW8rmhe0Y1gK3aVZEfS2d6sIxD5xZ7gVV+U6hVaa+CAGf9mlHWbnMWnjuHeuKGAXgw0c0GjpQvL6c7G16sCFBDyeaiiJJPUDyHCiY83m/UeL2RjhYAbG4ydDflP1/BfZl4YV5xNFnbvMWehNV7JY5J8FbepdIwz6OJ6tibt7Qfny7/uYvA5+dKb53G/A0MzLG9IkiLpfTVdfVwD1iU288hqcADCY1yw+m46ivGvU/GJNHxUzmZ1rvxB9+cxox2BIJp75Fre39EMcu0at8br9K+NGE63e2epdXqUQ0Qi3PQL/4Dx9xI1SVtn62DwOuFuAgjYbVP3BA7PYePan6nMEBOhIR+pJJWxBhYGeKJIuqBECoX6ht0ldVzn8wyoa0eEs2sc5LpqqrxAJij4oRprjol/7MYU+ZESMP2Cap46qsSeqCX8v6d/wz73VEmyzbzgSsfGfoXhu9k9eM+Xt5ULhjYyK1Rt+HoVRapyBI+tsk+AUc14ItBvQZfmZ0QZZgTyLXyYzDbGg3t2ZBCC/vedPzeRSW/PgBTS/fiVBRzKTms62IWZ1ggyn9X8QXpyWbIix9BFThfm2c1stKcCXp1iKs0IdNj6Lrwvoimuzs6nS7+oWhTJrELuNz9ok6sFxg6GDAv+9v+7dYZnYm6SwlzTD/DIxlqT2ozW2cqwNwilBC7gyxFH7wUuHD1tz7t5mkkIi+r2rq4gIRS/UFcW37zV0deg3JpFxhEkitIw4+WWG8gcuollYw60xfCI5qu4kIZiTYV7oRQYJTnJDF44pDngq1frOuPIT+D5lh+R4TSYL9/4zt6Cdp+2FLddyyyW6mUSXIz6ribg+q6JV2Su8qozBWAlAr3lkesBCuobgBRXECPfIksg9SOVhZulAu1/mo0H/F7XJvTBgQurx1+nTgfJSoQtLlbgSCYr4aViJZOMOdL+yZk5tBwKNx+sF6mZwhe4pSlpIbqtPJeDDA0JC6/OabvSFFXhkYOUll7nA071oUvtdiXYoh2Vv7GJdJMHxxbSVjKv/dYbfXuDN+036bXnXbu2WPbxRTyRxLeLSCli+ngxbl5BOPS+2N/JItTcaRur7K98vuaHDzr1y6eA0GXJxm0PDqMd2F2MW12QDLTtEhq0+hn5HJcOBB4CNLn0mBXbMS8VHDoLokwMtZg3ukcBMnBfza9Q7BcBovypOtjrZ50zU40x4bA7YwPojHSXkAHrUNElBPSOjV5JvkAcX6CF6BG8PloJc+5aC3eGFQ/teymS9HbmPpCI7rXV5D7gsy9kdL1yVtQpOLsdcoERidyh21aEL2q5s26ri8/7e7TF4bpVE1bNiuus68kNZxqabuBfVOEzS0yKBnEHxqtJxZlPvakVQjdfQ0faLLjzXCvXsn3+pPQf0h8yXtLKmlIOlC+G2CoSGtXQ30ha7XuQqzWQBCu5Wv3fAHQyAgJIRzGn+OVz86r2/Gt4sRIECWKPylZi3Yh0XkNIA53T170hUTIi+aSSUgH7trKm0hp7VMJIBa74gyBuQnfez/lI/IDxkiZICmatYgjRL1QkHBvvxmT+4LYHy+nIuSu8OQX0HVRlRY3mkdarH8ypMvqqDkuCtOJPyQlW3qZxg1Us68X4lyviQISd0EeBf7/pRXXGpk6t50CYCvB0Hpz6e/CQZnTcyMvLzwpR1L/SqLL0vHY+bE7B72pL97o3o5GfiBvgKvIhgqqqwYQpt34mR580ZH2UkfgeCWI9uvpv/WaX8y0jHf2rifhLcTYShDLcv2j+/Kq5kGx+UjaRe2JFYKWOCX0S7JUO/FVDaL56F1u/WVSj7LSWQhtWK18OdZfyx8Epdce+bgcEx2zv5I8HByQznbib6bIrWOIWzp5y4wdoIlbmbUC2zax6j9v5Mxwpdy5VW2731fCsOX9SarqeK4GGzhYzqqxePJpif+AD4xcAY53XgOg38hQ8nUdJvSk7xVb0Sl4iWezHF6tt495/tlw6yyNQfs1TfMnYP4o0UhN8jTi8FnA1V1cMiKnOz4FWPl06X6cyZZDwO3ZmfSNjilusNdeuXUMJk67+h5xyik+r7Mkduz6fbno6YRTGFwkz,iv:a/F/UBjwV+rteo2Qle9XOVYW9ltdD/nfLh/1Pr5yiWU=,tag:tYd1w+b7DfZERGZQwRbHoA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpRDcyaExMVktDMjQ1dWZL
VHUvYVNUWDV5UEpRVlAwMEdMVHRGMWRmQVUwCjI5VzBhY1RjQm9LeEtXbFpGK29p
cm5icTg3OHp1QTZ4NnhSMGtmbHh6eTAKLS0tIDBrN00rSUxiLzFFMWNZSldESmxU
b3hEc3lScGl3UTRGNjQvZTFQYzMzQncKr9RA+wl52Ul+BiTq+0UrSBrd0QrWsfNs
fMiGMUrp+dxjBoG4S0oYJbXdoPJb+us4a+YZzsmraWbwbqph5vOXQg==
-----END AGE ENCRYPTED FILE-----
- recipient: age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWUdCMmlmL3I1YUJYcDQ2
Z0pyUTkzS0RMcGFvODBNUnNscGg3Ykp0WHpnCjQ1NnlWMXhtZnA3NUNiVXRFM05F
Yk9Jb0lmRjVINXdBTVlpUVErODZlbFEKLS0tIDhheE9OSXJUcktMRGpaejRKOVNn
ZW9EMlgrMnFHaHdQSWgvM25ocmNoVEkKo7H1Y+kZrtmk58Oe6d51wJQLF5T7OZtX
0LgNOjevRPfxG4FpNk9yhLyrelpHkiSmBFTGHqbnouFE54L1eot/UQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-18T20:53:15Z"
mac: ENC[AES256_GCM,data:o7gv08Xcb9SeJ8tpONnFNnXiAFoehlGZenfJzaxnUQ9VgzKJgRCzWHoI4BgqL2I0zXmnQ3Cs3FTGQxS5XbVDzr/FhK4gv4ikBdllg8aJbQJ5GdtZh/qqrLiNjea3jmfEAHuLWe43+ZGySOKZtCFgNARO8jgVg4HIPsrb7pSU/38=,iv:Me2r64RnA2Hn+RpqI9X8eLfFC9jGTyo2sEaA9pkyz0U=,tag:XlRP5GvsfVrlAXH8CF+lnw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

62
common/constants.nix Normal file
View file

@ -0,0 +1,62 @@
{ config, lib, ... }: with lib; {
options.constants = {
domain = mkOption {
type = types.str;
default = "invariantspace.com";
description = ''
Store the default domain for all devices.
'';
};
homeDir = mkOption {
type = types.str;
default = "/home/${config.constants.userName}";
description = ''
The default home directory for the default user.
'';
};
localhost = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
Store the default localhost address.
'';
};
postMaster = mkOption {
type = types.str;
default = "trivial@${config.constants.domain}";
description = ''
Store the default post master email address.
'';
};
publicKeys = mkOption {
type = types.listOf types.str;
default = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHPT/zRq5fffcUmjxcwG2cTr09fOa9O4rBUb6ob2CyNy macronova@blitzar"
];
description = ''
The public keys for SSH authentication.
'';
};
privateKeyFiles = mkOption {
type = types.listOf types.str;
default = if config.services.openssh.enable then builtins.map (key: key.path) config.services.openssh.hostKeys else [ "/root/.ssh/${config.networking.hostName}" ];
description = ''
The private key files for sops.
'';
};
sopsFile = mkOption {
type = types.path;
default = ./secrets.yaml;
description = ''
The secrets file for device.
'';
};
userName = mkOption {
type = types.str;
default = "macronova";
description = ''
The default username across all devices.
'';
};
};
}

12
common/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ inputs, ... }:
{
imports = with inputs; [
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
] ++ [
./constants.nix
./secrets.nix
./users.nix
];
}

8
common/secrets.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, ... }:
{
sops = with config.constants; {
age.sshKeyPaths = privateKeyFiles;
defaultSopsFile = sopsFile;
};
}

43
common/secrets.yaml Normal file
View file

@ -0,0 +1,43 @@
cloudflare:
nebula: ENC[AES256_GCM,data:uK5RBgh8WfwpbIbTQSd9XGomc9GyvU1pWId7xqULwxOUPraXKWACG7GSSER/RPoDp0GQbd/Usc/HzXQPvQ==,iv:R8/jU6jYHfmBQ5KnV0lkDCVyj4rZmd0ZInIa7vrh79U=,tag:kjbZjvMYZMJOv/K1mYHPow==,type:str]
users:
macronova:
password: ENC[AES256_GCM,data:o3WtsW7x9wy+gtl8UiT/s5q7F7Ym4q/CGvTy5Hl6FfvaEhbC/GPHQKVbz0MmRF3WV7Oq3jNxdryxWgXcd+WSCHoThNRIh/B4ZpLePD9Yi7Bf6trEYGWMdQM1Qx9pET7FaEBVOJC8eg+Ca4b/cASo53iuim6wzw==,iv:dbypWZHIXhl1kSnyiqW6R/O4NZb7u0R9X+tYpCKEMw4=,tag:bgCiGaH7EVfu7Sox0vulug==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQnQ1TkRrd1lEMG9vbDd6
R2RYMDRNNWVLUTBqNEtjL1lvMGpOSzh5ZW1jCm56VU5uWElBNm9xUUJPTDYyTGs0
dmRSMmR3RXJHc00yUENpTVROajFBMTgKLS0tIEo3SVlzcXBGdzg3aXNZaG0xbXc5
eEMyWFZ4VVByelVxNm80SkxYdExwV0UKXTtkHk7LMBy0LY4tjbcpxGHhxnwbTexe
98TKQMBQncPR7IVZDkOHmsYq20jSCWEdV6vLH2mQH6Kqq4HQCS6/sA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRjM2VEx1N25CK00yVGht
TzNpbi8vVXF0WmJGTldtWTFWdS9UZHNoTmp3CjZOeXpvOVE0M2kzbEdKTzlBYVFa
LzFzaFM5SmlwQytDMFhtb0ttb2N1c3MKLS0tIDgrTVJpaWdZSzlPL0Z2WE9RSno0
QmRJUlY0NTJZMnVKdUJLWk1yZFRkb1UKaubDYas4I2MGs6XauGSmev03UgF6btYB
ynok/qxNaXFL4MwuHnL5W/TnHpGAE6M7PLLEV4Kf+yaHojbLLxUw6A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUWJLL3FxWE1mbnZsN0dU
VlBXUHZlRFlOR01WSUlmdkw1eGtpaDhlSmdBClVWRGZ5anFHWFRKcUFuNkJ3Y2lz
Kys1N29QVWozZXI5eVFSV21OSHFqRG8KLS0tIG9CYmRuUm5YQzZidTR2R1l0a05h
TG5mYWd3MnI5TlZiNXBjb0JJY3BvN0EKUd0ldQPe0/zdHjsmKEUhH7xkpO4nLfd5
fnTk1jGonJg+t+TqLLg/YYKlcNkgExWaIZ7wrd0RVKXOeC2BtM/wzQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-18T01:56:26Z"
mac: ENC[AES256_GCM,data:hYx5DAqxXmnVRpFiE+jamI+/hYODzOsQ6+t9Gjf4mxgKXOHNDBwsmfxtNc/ZGOyfVlwa7tdGlKUxkiqe1SlJ/5v+Z5O6xv2dGJM/E+1D1YFuhcnye6EL9IYtia0ziS0A/vcN1afpaXZK7G6pMWCtjTLZ76hRyu0FlPJh5MMQZYo=,iv:TsSyplcz4JHrEr/n7XOVWGvP+ttYv9+HsQpbGYFq13I=,tag:DDiAY0sTKPRSsG59kv4j0g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

99
common/users.nix Normal file
View file

@ -0,0 +1,99 @@
{ config, pkgs, ... }:
let
usr = config.constants.userName;
usrPwdFile = "users/${usr}/password";
in
{
environment.systemPackages = with pkgs.fishPlugins; [
fzf-fish
pisces
puffer
tide
];
home-manager = {
useGlobalPkgs = true;
users.${usr} = {
home = {
packages = with pkgs; [
dua
fd
nil
nixpkgs-fmt
rclone
sops
];
stateVersion = config.system.stateVersion;
};
programs = {
bat.enable = true;
bottom.enable = true;
direnv = {
enable = true;
nix-direnv.enable = true;
};
eza = {
enable = true;
enableAliases = true;
};
fish.enable = true;
fzf.enable = true;
git = {
enable = true;
extraConfig = {
core.autocrlf = "input";
pull.rebase = false;
push.autoSetupRemote = true;
};
ignores = [
".direnv"
".envrc"
];
userEmail = config.constants.postMaster;
userName = config.constants.userName;
};
helix = {
enable = true;
defaultEditor = true;
settings = {
editor = {
lsp.display-inlay-hints = true;
soft-wrap.enable = true;
};
theme = "base16_transparent";
};
};
ripgrep.enable = true;
tealdeer.enable = true;
zoxide = {
enable = true;
options = [ "--cmd cd" ];
};
};
};
};
programs.fish.enable = true;
sops.secrets.${usrPwdFile}.neededForUsers = true;
users = {
mutableUsers = false;
users.${usr} = {
description = "Sicheng Pan";
extraGroups = [
"audio"
"input"
"networkmanager"
"uinput"
"wheel"
];
hashedPasswordFile = config.sops.secrets.${usrPwdFile}.path;
home = config.constants.homeDir;
isNormalUser = true;
openssh.authorizedKeys.keys = config.constants.publicKeys;
shell = pkgs.fish;
};
};
}

54
darwin/quasar/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ config, pkgs, ... }:
{
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
# Add trusted users
nix.settings.trusted-users = [ "root" "@admin" ];
# Configure nixpkgs
nixpkgs.config.allowUnfree = true;
# Use common system packages
environment = {
systemPackages = with pkgs; [
bat
bottom
direnv
dua
exa
fd
fzf
helix
nil
nixpkgs-fmt
rclone
ripgrep
tealdeer
zoxide
];
shells = [ pkgs.fish ];
};
# Enable fish
programs.fish = {
enable = true;
interactiveShellInit = ''
alias ls=exa
zoxide init --cmd cd fish | source
'';
};
users.users.macronova = {
home = "/Users/macronova";
shell = "${pkgs.fish}/bin/fish";
};
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# nix.package = pkgs.nix;
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
}

453
flake.lock generated Normal file
View file

@ -0,0 +1,453 @@
{
"nodes": {
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"darkmatter": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1683347392,
"narHash": "sha256-snW+8pJvBQ1B11FmUf6kSgARZW5OvW9uXgxA2VrlzcQ=",
"owner": "VandalByte",
"repo": "darkmatter-grub-theme",
"rev": "efe1abbde0aa9410217247d415ff734583af9711",
"type": "gitlab"
},
"original": {
"owner": "VandalByte",
"repo": "darkmatter-grub-theme",
"type": "gitlab"
}
},
"darwin": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1696360011,
"narHash": "sha256-HpPv27qMuPou4acXcZ8Klm7Zt0Elv9dgDvSJaomWb9Y=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "8b6ea26d5d2e8359d06278364f41fbc4b903b28a",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1696814493,
"narHash": "sha256-1qArVsJGG2RHbV2iKFpAmM5os3myvwpXMOdFy5nh54M=",
"owner": "nix-community",
"repo": "disko",
"rev": "32ce057c183506cecb0b84950e4eaf39f37e8c75",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"hardware": {
"locked": {
"lastModified": 1696614066,
"narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixos-hardware",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1696737557,
"narHash": "sha256-YD/pjDjj/BNmisEvRdM/vspkCU3xyyeGVAUWhvVSi5Y=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3c1d8758ac3f55ab96dcaf4d271c39da4b6e836d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_5",
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
"utils": "utils"
},
"locked": {
"lastModified": 1689976554,
"narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"nix-custom": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_6",
"wallpaper-engine-kde-plugin-lib": "wallpaper-engine-kde-plugin-lib"
},
"locked": {
"lastModified": 1691983676,
"narHash": "sha256-0K/o6iPzC/eOBM1FNWu5rl9B0yA52Z4mqHHvvk1xLGc=",
"ref": "refs/heads/main",
"rev": "fbf346f822d68ed20fc36486175a484693c23366",
"revCount": 3,
"type": "git",
"url": "https://forgejo.invariantspace.com/macronova/nix-custom"
},
"original": {
"type": "git",
"url": "https://forgejo.invariantspace.com/macronova/nix-custom"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1661353537,
"narHash": "sha256-1E2IGPajOsrkR49mM5h55OtYnU0dGyre6gl60NXKITE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0e304ff0d9db453a4b230e9386418fd974d5804a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-22_11": {
"locked": {
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1684782344,
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1696717752,
"narHash": "sha256-qEq1styCyQHSrw7AOhskH2qwCFx93bOwsGEzUIrZC0g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2f3b6b3fcd9fa0a4e6b544180c058a70890a7cc1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1687274257,
"narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=",
"path": "/nix/store/22qgs3skscd9bmrxv9xv4q5d4wwm5ppx-source",
"rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5",
"type": "path"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1696725822,
"narHash": "sha256-B7uAOS7TkLlOg1aX01rQlYbydcyB6ZnLJSfaYbKVww8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5aabb5780a11c500981993d49ee93cfa6df9307b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1696604326,
"narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1670751203,
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1691654369,
"narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1696604326,
"narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1696693680,
"narHash": "sha256-PH0HQTkqyj7DmdPKPwrrXwVURLBqzZs4nqnDw9q8mhg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "945559664c1dc5836173ee12896ba421d9b37181",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"darkmatter": "darkmatter",
"darwin": "darwin",
"disko": "disko",
"hardware": "hardware",
"home-manager": "home-manager",
"mailserver": "mailserver",
"nix-custom": "nix-custom",
"nixpkgs": "nixpkgs_7",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1696734395,
"narHash": "sha256-O/g/wwBqqSS7RQ53bE6Ssf0pXVTCYfN7NnJDhKfggQY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d7380c38d407eaf06d111832f4368ba3486b800e",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"wallpaper-engine-kde-plugin-lib": {
"flake": false,
"locked": {
"lastModified": 1691303010,
"narHash": "sha256-BVtTnJA1RLUU/Tj7WI/80ja4pI8NezHCjKvB72VjrZk=",
"ref": "refs/heads/main",
"rev": "f972b2a24c9c3cc2d3e4f41d2ebd14f1473cebdf",
"revCount": 557,
"submodules": true,
"type": "git",
"url": "https://github.com/catsout/wallpaper-engine-kde-plugin"
},
"original": {
"submodules": true,
"type": "git",
"url": "https://github.com/catsout/wallpaper-engine-kde-plugin"
}
}
},
"root": "root",
"version": 7
}

62
flake.nix Normal file
View file

@ -0,0 +1,62 @@
{
description = "Entrypoint of all nix configurations";
inputs = {
darkmatter.url = "gitlab:VandalByte/darkmatter-grub-theme";
darwin.url = "github:lnl7/nix-darwin";
disko.url = "github:nix-community/disko";
hardware.url = "github:nixos/nixos-hardware";
home-manager.url = "github:nix-community/home-manager";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-custom.url = "git+https://forgejo.invariantspace.com/macronova/nix-custom";
sops-nix.url = "github:Mic92/sops-nix";
};
outputs = inputs@{ self, darwin, nixpkgs, ... }:
let
darwinConfigDir = ./darwin;
linuxConfigDir = ./linux;
templateDir = ./template;
systemArgs = archPath: instance: {
modules = [
# Import config from folder
(archPath + "/${instance}")
# Setup Nix
({ pkgs, ... }: {
nix = {
gc = {
automatic = true;
options = "--delete-older-than 30d";
};
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
};
};
nixpkgs.config.allowUnfree = true;
})
];
specialArgs = { inherit inputs; };
};
in
{
darwinConfigurations = builtins.mapAttrs
(instance: _:
darwin.lib.darwinSystem (systemArgs darwinConfigDir instance // {
system = "aarch64-darwin";
}))
(builtins.readDir darwinConfigDir);
nixosConfigurations = builtins.mapAttrs
(instance: _:
nixpkgs.lib.nixosSystem (systemArgs linuxConfigDir instance))
(builtins.readDir linuxConfigDir);
templates = builtins.mapAttrs
(template: _: {
path = templateDir + "/${template}";
description = "Template flake setup: ${template}";
})
(builtins.readDir templateDir);
};
}

17
linux/blitzar/audio.nix Normal file
View file

@ -0,0 +1,17 @@
{ ... }: {
security.rtkit.enable = true;
# Enable pipewire
services.pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
};
# Enable noisetorch
programs.noisetorch.enable = true;
}

73
linux/blitzar/configuration.nix Normal file
View file

@ -0,0 +1,73 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ pkgs, ... }:
{
# Configure boot loader
boot.loader.grub = {
enable = true;
device = "nodev";
efiSupport = true;
efiInstallAsRemovable = true;
darkmatter-theme = {
enable = true;
style = "nixos";
resolution = "1440p";
};
};
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# Enable bluetooth
hardware.bluetooth.enable = true;
# Enable hardware accelerated video decoding
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
];
};
# Enable firmware update
services.fwupd.enable = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

18
linux/blitzar/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ inputs, ... }: {
imports = with inputs; [
darkmatter.nixosModule
disko.nixosModules.disko
hardware.nixosModules.asus-zephyrus-ga402
] ++ [
./audio.nix
./configuration.nix
./disko.nix
./gui.nix
./hardware-configuration.nix
./network.nix
./locale.nix
./syncthing.nix
./zfs.nix
../../common
];
}

88
linux/blitzar/disko.nix Normal file
View file

@ -0,0 +1,88 @@
{ ... }: {
disko.devices = {
# Partition the physical disk
disk = {
storage = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "esp";
start = "2MiB";
end = "2GiB";
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
}
{
name = "zfs";
start = "2GiB";
end = "100%";
content = {
type = "zfs";
pool = "zroot";
};
}
];
};
};
};
# Construct the primary zfs pool for this system.
zpool.zroot = {
type = "zpool";
options = {
ashift = "12";
autotrim = "on";
listsnapshots = "on";
};
rootFsOptions = {
acltype = "posix";
atime = "off";
compression = "zstd";
dnodesize = "auto";
mountpoint = "none";
normalization = "formD";
xattr = "sa";
};
datasets = {
# Encrypt main dataset
main = {
type = "zfs_fs";
options = {
encryption = "on";
keyformat = "passphrase";
};
};
# Create dataset for home
"main/home" = {
type = "zfs_fs";
mountpoint = "/home";
};
# Create dataset for nix store
"main/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
};
# Create dataset for root
"main/root" = {
type = "zfs_fs";
mountpoint = "/";
};
# Reserve space for performance
reservation = {
type = "zfs_fs";
options.refreservation = "256G";
};
};
};
};
}

67
linux/blitzar/gui.nix Normal file
View file

@ -0,0 +1,67 @@
{ config, inputs, pkgs, ... }: {
home-manager.users.${config.constants.userName} = {
home.packages = with pkgs; [
exactaudiocopy
haruna
jellyfin-media-player
lutris
nvtop-amd
mono
picard
qbittorrent
sweet
sweet-nova
telegram-desktop
thunderbird
wineWowPackages.waylandFull
winetricks
yuzu-mainline
] ++ (with pkgs.libsForQt5; [
kirigami-addons
qt5.qtwebsockets
]) ++ [
inputs.nix-custom.packages.${pkgs.system}.wallpaper-engine-kde-plugin-lib
(pkgs.python3.withPackages (ps: with ps; [
websockets
]))
];
programs = {
firefox.enable = true;
kitty = {
enable = true;
settings = {
background_opacity = "0.72";
remember_window_size = "no";
};
theme = "Tokyo Night Moon";
};
obs-studio.enable = true;
};
};
programs.clash-verge = {
enable = true;
tunMode = true;
autoStart = true;
};
programs.dconf.enable = true;
programs.steam.enable = true;
services.colord.enable = true;
services.xserver = {
enable = true;
displayManager = {
defaultSession = "plasmawayland";
autoLogin.user = "macronova";
sddm = {
enable = true;
autoLogin.relogin = true;
};
};
desktopManager.plasma5.enable = true;
videoDrivers = [ "amdgpu" ];
};
}

26
linux/blitzar/hardware-configuration.nix Normal file
View file

@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

82
linux/blitzar/locale.nix Normal file
View file

@ -0,0 +1,82 @@
{ pkgs, ... }: {
# Configure default fonts
fonts = {
packages = with pkgs; [
inter
iosevka
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-emoji
meslo-lgs-nf
];
fontconfig.defaultFonts = {
serif = [ "Noto Serif" "Noto Serif CJK SC" ];
sansSerif = [ "Inter" "Noto Sans CJK SC" ];
monospace = [ "Iosevka" "Noto Sans CJK SC" ];
};
};
# Configure input methods
i18n = {
defaultLocale = "en_US.UTF-8";
inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [ fcitx5-rime ];
};
supportedLocales = [
"C.UTF-8/UTF-8"
"en_US.UTF-8/UTF-8"
"ja_JP.UTF-8/UTF-8"
"zh_CN.GB18030/GB18030"
"zh_CN.UTF-8/UTF-8"
];
};
# Configure keyboard mapping
services.kanata = {
enable = true;
keyboards.core = {
devices = [ "/dev/input/by-id/usb-ASUSTeK_Computer_Inc._N-KEY_Device-if02-event-kbd" ];
config = ''
(defsrc
esc f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 del
grv 1 2 3 4 5 6 7 8 9 0 - = bspc
tab q w e r t y u i o p [ ] \
caps a s d f g h j k l ; ' ret
lsft z x c v b n m , . / rsft up
lctl lmet lalt spc ralt rctl left down rght
)
(deflayer base
_ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ @li _ _ _
)
(deflayer index
XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX @lb XX @lm XX XX XX XX XX
XX XX XX XX XX XX XX XX XX
)
(deflayer media
XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX prev next XX XX XX
XX XX XX pp XX @li XX XX XX
)
(defalias
li (layer-toggle index)
lb (layer-switch base)
lm (layer-switch media)
)
'';
};
};
}

14
linux/blitzar/network.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, ... }: {
networking = {
domain = config.constants.domain;
hostId = "30f8f777";
hostName = "blitzar";
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
nftables.enable = true;
wireless.iwd.enable = true;
};
services.resolved.enable = true;
}

27
linux/blitzar/syncthing.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, ... }:
{
services.syncthing = {
enable = true;
dataDir = config.constants.homeDir;
openDefaultPorts = true;
overrideDevices = true;
overrideFolders = true;
settings = {
devices.nebula = {
name = "nebula";
id = "KCQSN3M-UWBEDE6-SCS5LS7-WFKFLDK-WT5ECNB-3Z47WAM-ZMA52UL-ZNJUYQ7";
};
folders.music = {
enable = true;
devices = [ "nebula" ];
id = "Music";
label = "Music";
path = "~/Music";
type = "sendonly";
};
};
user = config.constants.userName;
};
}

83
linux/blitzar/zfs.nix Normal file
View file

@ -0,0 +1,83 @@
{ config, lib, ... }: {
boot = {
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
loader.grub.zfsSupport = true;
zfs.enableUnstable = true;
};
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
};
services.zrepl = {
enable = true;
settings = {
global = {
logging = [{
type = "syslog";
level = "info";
format = "human";
}];
};
jobs = [
{
name = "snapshot";
type = "snap";
filesystems = { "zroot/main/home" = true; };
snapshotting = {
type = "periodic";
prefix = "zrepl-";
interval = "1h";
};
pruning = {
keep = [{
type = "grid";
regex = "^zrepl-.*";
grid = lib.concatStringsSep " | " [ "1x1h(keep=all)" "24x1h" "7x1d" "4x1w" ];
}];
};
}
{
name = "push-to-local-drive";
type = "push";
send = { encrypted = true; };
connect = {
type = "local";
listener_name = "sink-to-local-drive";
client_identity = config.networking.hostName;
};
filesystems = { "zroot/main/home" = true; };
replication = {
protection = {
initial = "guarantee_resumability";
incremental = "guarantee_incremental";
};
};
snapshotting = { type = "manual"; };
pruning = {
keep_sender = [{ type = "regex"; regex = ".*"; }];
keep_receiver = [{
type = "grid";
regex = "^zrepl-.*";
grid = lib.concatStringsSep " | " [ "1x1h(keep=all)" "365x1d" "52x1w" ];
}];
};
}
{
name = "sink-to-local-drive";
type = "sink";
recv = { placeholder = { encryption = "off"; }; };
root_fs = "zbackup";
serve = {
type = "local";
listener_name = "sink-to-local-drive";
};
}
];
};
};
}

29
linux/nebula/caddy.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
{
services.caddy =
{
enable = true;
virtualHosts =
let
conduitCfg = config.services.matrix-conduit.settings.global;
forgejoCfg = config.services.gitea.settings.server;
dn = config.constants.domain;
lh = config.constants.localhost;
in
{
"forgejo.${dn}".extraConfig = ''
reverse_proxy ${forgejoCfg.HTTP_ADDR}:${toString forgejoCfg.HTTP_PORT}
'';
"jellyfin.${dn}".extraConfig = ''
reverse_proxy ${lh}:8096
'';
"matrix.${dn}".extraConfig = ''
reverse_proxy /_matrix/* ${conduitCfg.address}:${toString conduitCfg.port}
file_server {
root ${pkgs.cinny}
}
'';
};
};
}

11
linux/nebula/conduit.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, ... }:
{
services.matrix-conduit = {
enable = true;
settings.global = {
address = config.constants.localhost;
server_name = config.constants.domain;
};
};
}

33
linux/nebula/configuration.nix Normal file
View file

@ -0,0 +1,33 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ ... }:
{
# Configure boot loader
boot.loader.grub = {
enable = true;
device = "nodev";
efiSupport = true;
efiInstallAsRemovable = true;
darkmatter-theme = {
enable = true;
style = "nixos";
};
};
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

22
linux/nebula/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ inputs, ... }:
{
imports = with inputs; [
darkmatter.nixosModule
disko.nixosModules.disko
hardware.nixosModules.common-cpu-amd
hardware.nixosModules.common-cpu-amd-pstate
] ++ [
./caddy.nix
./conduit.nix
./configuration.nix
./disko.nix
./forgejo.nix
./hardware-configuration.nix
./jellyfin.nix
./network.nix
./syncthing.nix
./zfs.nix
../../common
];
}

88
linux/nebula/disko.nix Executable file
View file

@ -0,0 +1,88 @@
{ ... }: {
disko.devices = {
# Partition the physical disk
disk = {
storage = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "esp";
start = "1MiB";
end = "1GiB";
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
}
{
name = "zfs";
start = "1GiB";
end = "100%";
content = {
type = "zfs";
pool = "zroot";
};
}
];
};
};
};
# Construct the primary zfs pool for this system.
zpool.zroot = {
type = "zpool";
options = {
ashift = "12";
autotrim = "on";
listsnapshots = "on";
};
rootFsOptions = {
acltype = "posix";
atime = "off";
compression = "zstd";
dnodesize = "auto";
mountpoint = "none";
normalization = "formD";
xattr = "sa";
};
datasets = {
# Encrypt main dataset
main = {
type = "zfs_fs";
options = {
encryption = "on";
keyformat = "passphrase";
};
};
# Create dataset for home
"main/home" = {
type = "zfs_fs";
mountpoint = "/home";
};
# Create dataset for nix store
"main/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
};
# Create dataset for root
"main/root" = {
type = "zfs_fs";
mountpoint = "/";
};
# Reserve space for performance
reservation = {
type = "zfs_fs";
options.refreservation = "128G";
};
};
};
};
}

18
linux/nebula/forgejo.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, pkgs, ... }:
{
services.gitea = {
enable = true;
appName = "Forgejo";
package = pkgs.forgejo;
settings = {
server = let dn = config.constants.domain; in {
DOMAIN = dn;
HTTP_ADDR = config.constants.localhost;
ROOT_URL = "https://forgejo.${dn}";
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
};
};
}

27
linux/nebula/hardware-configuration.nix Normal file
View file

@ -0,0 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

9
linux/nebula/jellyfin.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, ... }:
{
hardware.opengl.enable = true;
services.jellyfin = {
enable = true;
user = config.constants.userName;
};
}

43
linux/nebula/network.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, ... }:
let hn = "nebula"; in {
networking = {
domain = config.constants.domain;
firewall.allowedTCPPorts = [ 80 443 ];
hostId = "e6449321";
hostName = hn;
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
nftables.enable = true;
tempAddresses = "disabled";
wireless.iwd.enable = true;
};
sops.secrets."cloudflare/${hn}" = { };
services.cloudflare-dyndns = {
enable = true;
apiTokenFile = config.sops.secrets."cloudflare/${hn}".path;
domains = builtins.attrNames config.services.caddy.virtualHosts;
ipv4 = false;
ipv6 = true;
};
services.openssh = {
enable = true;
hostKeys = [{
comment = "host@${hn}";
path = "/etc/ssh/host";
rounds = 100;
type = "ed25519";
}];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
services.resolved.enable = true;
}

26
linux/nebula/syncthing.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, ... }:
{
services.syncthing = {
enable = true;
dataDir = config.constants.homeDir;
openDefaultPorts = true;
overrideDevices = true;
overrideFolders = true;
settings = {
devices.blitzar = {
name = "blitzar";
id = "JQQYTRP-GEJITYH-NSHUZ2T-YWS5XDC-7R6E47Z-NUXON4D-4QR77VU-AE4Q3AR";
};
folders.music = {
enable = true;
devices = [ "blitzar" ];
id = "Music";
label = "Music";
path = "~/Music";
type = "receiveonly";
};
};
user = config.constants.userName;
};
}

15
linux/nebula/zfs.nix Executable file
View file

@ -0,0 +1,15 @@
{ config, ... }: {
boot = {
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
loader.grub.zfsSupport = true;
zfs.enableUnstable = true;
};
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
};
}

59
linux/singularity/caddy.nix Normal file
View file

@ -0,0 +1,59 @@
{ config, ... }:
{
services.caddy = {
enable = true;
email = config.constants.postMaster;
virtualHosts =
let
dn = config.constants.domain;
msfqdn = config.mailserver.fqdn;
mtfqdn = "matrix.${dn}";
vaultCfg = config.services.vaultwarden.config;
wn = s: "/.well-known/${s}";
in
{
"${dn}".extraConfig = let wnm = wn "matrix"; in ''
header ${wnm}/* Content-Type application/json
header ${wnm}/* Access-Control-Allow-Origin *
respond ${wnm}/server `{ "m.server": "${mtfqdn}:443" }`
respond ${wnm}/client `{
"m.homeserver": { "base_url": "https://${mtfqdn}" },
"m.identity_server": { "base_url": "https://${mtfqdn}" }
}`
'';
${msfqdn} = {
extraConfig = ''
file_server ${wn "acme-challenge"}/* {
root ${config.security.acme.defaults.webroot}/
}
'';
useACMEHost = msfqdn;
};
"vault.${dn}".extraConfig =
''
reverse_proxy /notifications/hub/negotiate ${vaultCfg.ROCKET_ADDRESS}:${
toString vaultCfg.ROCKET_PORT
}
reverse_proxy /notifications/hub ${vaultCfg.WEBSOCKET_ADDRESS}:${
toString vaultCfg.WEBSOCKET_PORT
}
reverse_proxy ${vaultCfg.ROCKET_ADDRESS}:${
toString vaultCfg.ROCKET_PORT
} {
header_up X-Real-IP {remote_host}
}
'';
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = config.constants.postMaster;
webroot = "/var/lib/acme/acme-challenge";
};
};
}

37
linux/singularity/configuration.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, pkgs, ... }:
{
boot = {
tmp.cleanOnBoot = true;
loader.grub.device = "/dev/sda";
};
constants.sopsFile = ../../common/auths.yaml;
environment.systemPackages = with pkgs; [
bat
bottom
helix
];
programs = {
fish.enable = true;
git.enable = true;
};
sops.secrets."users/root/password".neededForUsers = true;
system.stateVersion = "23.11";
users = {
mutableUsers = false;
users.root = {
openssh.authorizedKeys.keys = config.constants.publicKeys;
hashedPasswordFile = config.sops.secrets."users/root/password".path;
shell = pkgs.fish;
};
};
zramSwap.enable = true;
}

16
linux/singularity/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ inputs, ... }: {
imports = with inputs; [
mailserver.nixosModule
sops-nix.nixosModules.sops
] ++ [
./caddy.nix
./configuration.nix
./hardware-configuration.nix
./mailserver.nix
./network.nix
./vaultwarden.nix
./xray.nix
../../common/constants.nix
../../common/secrets.nix
];
}

38
linux/singularity/hardware-configuration.nix Normal file
View file

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
# boot.initrd.availableKernelModules =
# [ "ata_piix" "virtio_pci" "virtio_scsi" "sd_mod" ];
# boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# fileSystems."/" = {
# device = "/dev/disk/by-uuid/6d3bf8cd-1996-45fb-";
# fsType = "ext4";
# };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; };
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
# networking.interfaces.ens19.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

25
linux/singularity/mailserver.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, ... }:
let
dn = config.constants.domain;
usr = config.constants.userName;
mailSecret = "mail/${usr}/password";
in
{
mailserver =
{
enable = true;
fqdn = "mail.${dn}";
domains = [ dn ];
loginAccounts = {
"${usr}@${dn}" = {
aliases = [ config.constants.postMaster ];
hashedPasswordFile = config.sops.secrets.${mailSecret}.path;
};
};
certificateScheme = "acme";
};
sops.secrets.${mailSecret} = { };
}

34
linux/singularity/network.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, ... }:
let hn = "singularity"; in {
networking = {
domain = config.constants.domain;
firewall.allowedTCPPorts = [ 80 443 50051 ];
hostName = hn;
hostId = "2cadb253";
};
services.openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
hostKeys = [{
comment = "host@${hn}";
path = "/etc/ssh/host";
rounds = 100;
type = "ed25519";
}];
};
sops.secrets."cloudflare/${hn}" = { };
services.cloudflare-dyndns = {
enable = true;
apiTokenFile = config.sops.secrets."cloudflare/${hn}".path;
domains = builtins.attrNames config.services.caddy.virtualHosts;
};
services.resolved.enable = true;
}

18
linux/singularity/vaultwarden.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, ... }:
{
services.vaultwarden = let lh = config.constants.localhost; in {
enable = true;
config = {
# Disable signup
SIGNUPS_ALLOWED = false;
# Specify service port
ROCKET_ADDRESS = lh;
ROCKET_PORT = 25487;
# Specify notification port
WEBSOCKET_ENABLED = true;
WEBSOCKET_ADDRESS = lh;
WEBSOCKET_PORT = 40513;
};
};
}

10
linux/singularity/xray.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, ... }:
let xrayCfg = "xray/config.json"; in {
services.xray = {
enable = true;
settingsFile = config.sops.secrets.${xrayCfg}.path;
};
sops.secrets.${xrayCfg}.mode = "0444";
}

15
template/context/flake.nix Normal file
View file

@ -0,0 +1,15 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, flake-utils, nixpkgs }:
flake-utils.lib.eachDefaultSystem (system:
let pkgs = nixpkgs.legacyPackages.${system};
in {
devShells.default = pkgs.mkShell {
packages = with pkgs; [ texlive.combined.scheme-full ];
};
});
}

16
template/rust-nightly/flake.nix Normal file
View file

@ -0,0 +1,16 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
fenix.url = "github:nix-community/fenix";
};
outputs = { self, fenix, flake-utils, nixpkgs }:
flake-utils.lib.eachDefaultSystem (system:
let pkgs = nixpkgs.legacyPackages.${system};
in {
devShells.default = pkgs.mkShell {
packages = [ fenix.packages.${system}.complete.toolchain ];
};
});
}