commit de986accc262bbe96dbb1c09c4682dd09b1e225d Author: macronova Date: Mon Oct 9 10:44:07 2023 -0700 Clean branch diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..1b0c1a6 --- /dev/null +++ b/LICENSE @@ -0,0 +1,26 @@ +MIT License + + Copyright + (c) 2023 + Macronova + + Permission + is + hereby + granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/common/.sops.yaml b/common/.sops.yaml new file mode 100644 index 0000000..f2b9bc3 --- /dev/null +++ b/common/.sops.yaml @@ -0,0 +1,17 @@ +keys: + - &blitzar age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9 + - ¯onova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra + - &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33 + - &singularity age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu +creation_rules: + - path_regex: secrets.yaml$ + key_groups: + - age: + - *blitzar + - *macronova + - *nebula + - path_regex: auths.yaml$ + key_groups: + - age: + - *macronova + - *singularity diff --git a/common/auths.yaml b/common/auths.yaml new file mode 100644 index 0000000..303a187 --- /dev/null +++ b/common/auths.yaml @@ -0,0 +1,39 @@ +cloudflare: + singularity: ENC[AES256_GCM,data:pb2HNPTSAJ47oOeo77+lR1WrCpjMm8UtqOvHJWpKlnOcvw+2q2S2SpB3CbY5Ovp28Vq29paVUOnc5f2SZA==,iv:H5tf/Uq9uk4u0ZPxmW7UrgRXuHMGBU8KTMwnhODC7IQ=,tag:xvte0Rkh8Rgds6r5VIkTUA==,type:str] +mail: + macronova: + password: ENC[AES256_GCM,data:wJMS3WqmAMQiOiyDUvmwH6Bes4L8GZC/2MxXP23M+RUrN7esqQsaMXLksY/33TuopuekVAvW9K+D2go5quaxdZhB/cVrhXqIjLVLV6Wa+WkYlbeQvJ5ix3R40X455opndrCQCQslatzcgGxmMS8qj5j0UcOfng==,iv:jfo7REVvIDI9MiWRsBi4MoTHfO6lHY5oQI9WyUecnnQ=,tag:hrSHzh4DK5Skav6A3fwD5A==,type:str] +users: + root: + password: ENC[AES256_GCM,data:RhoImsE3Yjn5K6LYqedCew8vd2LXPvIMuY70nCGpQRyfpBfGL4yXMDXRtZtU3VPLlqvjkSGSzvgWta/pni83JdPxqYqRBPi0M/fEondL3Phpx4/xL9K4Fr7QZ3BDsWj07Wi/DKk+qvMFkAQhczJ3bePbCE723A==,iv:pWzCTJ4ahsBI8OYpL9Bd0k23ka0PCDZDP+yuxIfkbvk=,tag:fBy4ZQM30ny4Ab5fVbkMwg==,type:str] +xray: + config.json: ENC[AES256_GCM,data:OfdVi938yFyZxV9aXRmLcO6Yr/fwocu2msSUHXIfTZUn4D2lrQhZMCtdkJoZxI/4hCxPGGns9FlJ10++iVJTPAp0UyEV2f2bsWfR/K9X1oD0j0jSdF4V7bwXUeAFtdCJKcuZ8zj/7UrrUucQ3Pwg2iYrzkzyJq38qWu47mIv8N2ata+mS+mle66Fh2YX74pZ6BuziUGuZ6QSVjz/s/YvCfyhPQD1t4zAEjHD2/jigZ4ZKhE7HbdDt3/W1S8m5+DhWSf+INVjcQt+DU4buEz1jNrQQxZXJTR4ZtRQJI6/oUN6deQLQtzBIIL7dGlbsTKp9IW6bho4mP/u162muq0vNskUafawWwaSpdyRnqTzqRHuzA1JfsSJVc6awf+3N35VjCBNmLXOTsdl4GNXt4IA4sRNyXS3dnToW1V9Jbr4zuECsdm2XnnODvkc/wwbL0JG9uav9soerd+FZ/9LZ8ETvN/8UcbjuQtrdSwLvu+bKb/mkJ9k03/cZL0OPeSYvJo1tBjN+bR/r2WG0iQSLsIkZoIv4PfhjveBRitFHUeZYQAbVbxK+LbV5pzfb8Nbf7tMJyXBSBf1d364Z85Aj5+AgTTW7LQqKKSs9YuHsQSARBlqPBdXnh25nTgPfUIt/Z+PDE8ryxOW8vITvo8RJ6b15Y1niwwFFcfbpdn13r+/9exFaV48huVllZz3C7HpC57GBrMyIN34G2ZA/VQ7UW8LxJLxhaBDLj0jHHI/BzTsBvwzvWKWFbnIu1yKX9Nn9I+Qa4RSxfSbiLjGUkRelL6+ktzCZmUxx+DiUOITpQ2F36XBGbclZHKhBIJRoSYNPGP6BKB/7s3l2pk5MZW8rmhe0Y1gK3aVZEfS2d6sIxD5xZ7gVV+U6hVaa+CAGf9mlHWbnMWnjuHeuKGAXgw0c0GjpQvL6c7G16sCFBDyeaiiJJPUDyHCiY83m/UeL2RjhYAbG4ydDflP1/BfZl4YV5xNFnbvMWehNV7JY5J8FbepdIwz6OJ6tibt7Qfny7/uYvA5+dKb53G/A0MzLG9IkiLpfTVdfVwD1iU288hqcADCY1yw+m46ivGvU/GJNHxUzmZ1rvxB9+cxox2BIJp75Fre39EMcu0at8br9K+NGE63e2epdXqUQ0Qi3PQL/4Dx9xI1SVtn62DwOuFuAgjYbVP3BA7PYePan6nMEBOhIR+pJJWxBhYGeKJIuqBECoX6ht0ldVzn8wyoa0eEs2sc5LpqqrxAJij4oRprjol/7MYU+ZESMP2Cap46qsSeqCX8v6d/wz73VEmyzbzgSsfGfoXhu9k9eM+Xt5ULhjYyK1Rt+HoVRapyBI+tsk+AUc14ItBvQZfmZ0QZZgTyLXyYzDbGg3t2ZBCC/vedPzeRSW/PgBTS/fiVBRzKTms62IWZ1ggyn9X8QXpyWbIix9BFThfm2c1stKcCXp1iKs0IdNj6Lrwvoimuzs6nS7+oWhTJrELuNz9ok6sFxg6GDAv+9v+7dYZnYm6SwlzTD/DIxlqT2ozW2cqwNwilBC7gyxFH7wUuHD1tz7t5mkkIi+r2rq4gIRS/UFcW37zV0deg3JpFxhEkitIw4+WWG8gcuollYw60xfCI5qu4kIZiTYV7oRQYJTnJDF44pDngq1frOuPIT+D5lh+R4TSYL9/4zt6Cdp+2FLddyyyW6mUSXIz6ribg+q6JV2Su8qozBWAlAr3lkesBCuobgBRXECPfIksg9SOVhZulAu1/mo0H/F7XJvTBgQurx1+nTgfJSoQtLlbgSCYr4aViJZOMOdL+yZk5tBwKNx+sF6mZwhe4pSlpIbqtPJeDDA0JC6/OabvSFFXhkYOUll7nA071oUvtdiXYoh2Vv7GJdJMHxxbSVjKv/dYbfXuDN+036bXnXbu2WPbxRTyRxLeLSCli+ngxbl5BOPS+2N/JItTcaRur7K98vuaHDzr1y6eA0GXJxm0PDqMd2F2MW12QDLTtEhq0+hn5HJcOBB4CNLn0mBXbMS8VHDoLokwMtZg3ukcBMnBfza9Q7BcBovypOtjrZ50zU40x4bA7YwPojHSXkAHrUNElBPSOjV5JvkAcX6CF6BG8PloJc+5aC3eGFQ/teymS9HbmPpCI7rXV5D7gsy9kdL1yVtQpOLsdcoERidyh21aEL2q5s26ri8/7e7TF4bpVE1bNiuus68kNZxqabuBfVOEzS0yKBnEHxqtJxZlPvakVQjdfQ0faLLjzXCvXsn3+pPQf0h8yXtLKmlIOlC+G2CoSGtXQ30ha7XuQqzWQBCu5Wv3fAHQyAgJIRzGn+OVz86r2/Gt4sRIECWKPylZi3Yh0XkNIA53T170hUTIi+aSSUgH7trKm0hp7VMJIBa74gyBuQnfez/lI/IDxkiZICmatYgjRL1QkHBvvxmT+4LYHy+nIuSu8OQX0HVRlRY3mkdarH8ypMvqqDkuCtOJPyQlW3qZxg1Us68X4lyviQISd0EeBf7/pRXXGpk6t50CYCvB0Hpz6e/CQZnTcyMvLzwpR1L/SqLL0vHY+bE7B72pL97o3o5GfiBvgKvIhgqqqwYQpt34mR580ZH2UkfgeCWI9uvpv/WaX8y0jHf2rifhLcTYShDLcv2j+/Kq5kGx+UjaRe2JFYKWOCX0S7JUO/FVDaL56F1u/WVSj7LSWQhtWK18OdZfyx8Epdce+bgcEx2zv5I8HByQznbib6bIrWOIWzp5y4wdoIlbmbUC2zax6j9v5Mxwpdy5VW2731fCsOX9SarqeK4GGzhYzqqxePJpif+AD4xcAY53XgOg38hQ8nUdJvSk7xVb0Sl4iWezHF6tt495/tlw6yyNQfs1TfMnYP4o0UhN8jTi8FnA1V1cMiKnOz4FWPl06X6cyZZDwO3ZmfSNjilusNdeuXUMJk67+h5xyik+r7Mkduz6fbno6YRTGFwkz,iv:a/F/UBjwV+rteo2Qle9XOVYW9ltdD/nfLh/1Pr5yiWU=,tag:tYd1w+b7DfZERGZQwRbHoA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpRDcyaExMVktDMjQ1dWZL + VHUvYVNUWDV5UEpRVlAwMEdMVHRGMWRmQVUwCjI5VzBhY1RjQm9LeEtXbFpGK29p + cm5icTg3OHp1QTZ4NnhSMGtmbHh6eTAKLS0tIDBrN00rSUxiLzFFMWNZSldESmxU + b3hEc3lScGl3UTRGNjQvZTFQYzMzQncKr9RA+wl52Ul+BiTq+0UrSBrd0QrWsfNs + fMiGMUrp+dxjBoG4S0oYJbXdoPJb+us4a+YZzsmraWbwbqph5vOXQg== + -----END AGE ENCRYPTED FILE----- + - recipient: age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWUdCMmlmL3I1YUJYcDQ2 + Z0pyUTkzS0RMcGFvODBNUnNscGg3Ykp0WHpnCjQ1NnlWMXhtZnA3NUNiVXRFM05F + Yk9Jb0lmRjVINXdBTVlpUVErODZlbFEKLS0tIDhheE9OSXJUcktMRGpaejRKOVNn + ZW9EMlgrMnFHaHdQSWgvM25ocmNoVEkKo7H1Y+kZrtmk58Oe6d51wJQLF5T7OZtX + 0LgNOjevRPfxG4FpNk9yhLyrelpHkiSmBFTGHqbnouFE54L1eot/UQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-08-18T20:53:15Z" + mac: ENC[AES256_GCM,data:o7gv08Xcb9SeJ8tpONnFNnXiAFoehlGZenfJzaxnUQ9VgzKJgRCzWHoI4BgqL2I0zXmnQ3Cs3FTGQxS5XbVDzr/FhK4gv4ikBdllg8aJbQJ5GdtZh/qqrLiNjea3jmfEAHuLWe43+ZGySOKZtCFgNARO8jgVg4HIPsrb7pSU/38=,iv:Me2r64RnA2Hn+RpqI9X8eLfFC9jGTyo2sEaA9pkyz0U=,tag:XlRP5GvsfVrlAXH8CF+lnw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/common/constants.nix b/common/constants.nix new file mode 100644 index 0000000..138271c --- /dev/null +++ b/common/constants.nix @@ -0,0 +1,62 @@ +{ config, lib, ... }: with lib; { + options.constants = { + domain = mkOption { + type = types.str; + default = "invariantspace.com"; + description = '' + Store the default domain for all devices. + ''; + }; + homeDir = mkOption { + type = types.str; + default = "/home/${config.constants.userName}"; + description = '' + The default home directory for the default user. + ''; + }; + localhost = mkOption { + type = types.str; + default = "127.0.0.1"; + description = '' + Store the default localhost address. + ''; + }; + postMaster = mkOption { + type = types.str; + default = "trivial@${config.constants.domain}"; + description = '' + Store the default post master email address. + ''; + }; + publicKeys = mkOption { + type = types.listOf types.str; + default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHPT/zRq5fffcUmjxcwG2cTr09fOa9O4rBUb6ob2CyNy macronova@blitzar" + ]; + description = '' + The public keys for SSH authentication. + ''; + }; + privateKeyFiles = mkOption { + type = types.listOf types.str; + default = if config.services.openssh.enable then builtins.map (key: key.path) config.services.openssh.hostKeys else [ "/root/.ssh/${config.networking.hostName}" ]; + description = '' + The private key files for sops. + ''; + }; + sopsFile = mkOption { + type = types.path; + default = ./secrets.yaml; + description = '' + The secrets file for device. + ''; + }; + userName = mkOption { + type = types.str; + default = "macronova"; + description = '' + The default username across all devices. + ''; + }; + }; +} diff --git a/common/default.nix b/common/default.nix new file mode 100644 index 0000000..dcbf408 --- /dev/null +++ b/common/default.nix @@ -0,0 +1,12 @@ +{ inputs, ... }: + +{ + imports = with inputs; [ + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + ] ++ [ + ./constants.nix + ./secrets.nix + ./users.nix + ]; +} diff --git a/common/secrets.nix b/common/secrets.nix new file mode 100644 index 0000000..0f0e6cd --- /dev/null +++ b/common/secrets.nix @@ -0,0 +1,8 @@ +{ config, ... }: + +{ + sops = with config.constants; { + age.sshKeyPaths = privateKeyFiles; + defaultSopsFile = sopsFile; + }; +} diff --git a/common/secrets.yaml b/common/secrets.yaml new file mode 100644 index 0000000..94f55f2 --- /dev/null +++ b/common/secrets.yaml @@ -0,0 +1,43 @@ +cloudflare: + nebula: ENC[AES256_GCM,data:uK5RBgh8WfwpbIbTQSd9XGomc9GyvU1pWId7xqULwxOUPraXKWACG7GSSER/RPoDp0GQbd/Usc/HzXQPvQ==,iv:R8/jU6jYHfmBQ5KnV0lkDCVyj4rZmd0ZInIa7vrh79U=,tag:kjbZjvMYZMJOv/K1mYHPow==,type:str] +users: + macronova: + password: ENC[AES256_GCM,data:o3WtsW7x9wy+gtl8UiT/s5q7F7Ym4q/CGvTy5Hl6FfvaEhbC/GPHQKVbz0MmRF3WV7Oq3jNxdryxWgXcd+WSCHoThNRIh/B4ZpLePD9Yi7Bf6trEYGWMdQM1Qx9pET7FaEBVOJC8eg+Ca4b/cASo53iuim6wzw==,iv:dbypWZHIXhl1kSnyiqW6R/O4NZb7u0R9X+tYpCKEMw4=,tag:bgCiGaH7EVfu7Sox0vulug==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQnQ1TkRrd1lEMG9vbDd6 + R2RYMDRNNWVLUTBqNEtjL1lvMGpOSzh5ZW1jCm56VU5uWElBNm9xUUJPTDYyTGs0 + dmRSMmR3RXJHc00yUENpTVROajFBMTgKLS0tIEo3SVlzcXBGdzg3aXNZaG0xbXc5 + eEMyWFZ4VVByelVxNm80SkxYdExwV0UKXTtkHk7LMBy0LY4tjbcpxGHhxnwbTexe + 98TKQMBQncPR7IVZDkOHmsYq20jSCWEdV6vLH2mQH6Kqq4HQCS6/sA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRjM2VEx1N25CK00yVGht + TzNpbi8vVXF0WmJGTldtWTFWdS9UZHNoTmp3CjZOeXpvOVE0M2kzbEdKTzlBYVFa + LzFzaFM5SmlwQytDMFhtb0ttb2N1c3MKLS0tIDgrTVJpaWdZSzlPL0Z2WE9RSno0 + QmRJUlY0NTJZMnVKdUJLWk1yZFRkb1UKaubDYas4I2MGs6XauGSmev03UgF6btYB + ynok/qxNaXFL4MwuHnL5W/TnHpGAE6M7PLLEV4Kf+yaHojbLLxUw6A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUWJLL3FxWE1mbnZsN0dU + VlBXUHZlRFlOR01WSUlmdkw1eGtpaDhlSmdBClVWRGZ5anFHWFRKcUFuNkJ3Y2lz + Kys1N29QVWozZXI5eVFSV21OSHFqRG8KLS0tIG9CYmRuUm5YQzZidTR2R1l0a05h + TG5mYWd3MnI5TlZiNXBjb0JJY3BvN0EKUd0ldQPe0/zdHjsmKEUhH7xkpO4nLfd5 + fnTk1jGonJg+t+TqLLg/YYKlcNkgExWaIZ7wrd0RVKXOeC2BtM/wzQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-08-18T01:56:26Z" + mac: ENC[AES256_GCM,data:hYx5DAqxXmnVRpFiE+jamI+/hYODzOsQ6+t9Gjf4mxgKXOHNDBwsmfxtNc/ZGOyfVlwa7tdGlKUxkiqe1SlJ/5v+Z5O6xv2dGJM/E+1D1YFuhcnye6EL9IYtia0ziS0A/vcN1afpaXZK7G6pMWCtjTLZ76hRyu0FlPJh5MMQZYo=,iv:TsSyplcz4JHrEr/n7XOVWGvP+ttYv9+HsQpbGYFq13I=,tag:DDiAY0sTKPRSsG59kv4j0g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/common/users.nix b/common/users.nix new file mode 100644 index 0000000..240b67f --- /dev/null +++ b/common/users.nix @@ -0,0 +1,99 @@ +{ config, pkgs, ... }: + +let + usr = config.constants.userName; + usrPwdFile = "users/${usr}/password"; +in +{ + environment.systemPackages = with pkgs.fishPlugins; [ + fzf-fish + pisces + puffer + tide + ]; + + home-manager = { + useGlobalPkgs = true; + users.${usr} = { + home = { + packages = with pkgs; [ + dua + fd + nil + nixpkgs-fmt + rclone + sops + ]; + stateVersion = config.system.stateVersion; + }; + programs = { + bat.enable = true; + bottom.enable = true; + direnv = { + enable = true; + nix-direnv.enable = true; + }; + eza = { + enable = true; + enableAliases = true; + }; + fish.enable = true; + fzf.enable = true; + git = { + enable = true; + extraConfig = { + core.autocrlf = "input"; + pull.rebase = false; + push.autoSetupRemote = true; + }; + ignores = [ + ".direnv" + ".envrc" + ]; + userEmail = config.constants.postMaster; + userName = config.constants.userName; + }; + helix = { + enable = true; + defaultEditor = true; + settings = { + editor = { + lsp.display-inlay-hints = true; + soft-wrap.enable = true; + }; + theme = "base16_transparent"; + }; + }; + ripgrep.enable = true; + tealdeer.enable = true; + zoxide = { + enable = true; + options = [ "--cmd cd" ]; + }; + }; + }; + }; + + programs.fish.enable = true; + + sops.secrets.${usrPwdFile}.neededForUsers = true; + + users = { + mutableUsers = false; + users.${usr} = { + description = "Sicheng Pan"; + extraGroups = [ + "audio" + "input" + "networkmanager" + "uinput" + "wheel" + ]; + hashedPasswordFile = config.sops.secrets.${usrPwdFile}.path; + home = config.constants.homeDir; + isNormalUser = true; + openssh.authorizedKeys.keys = config.constants.publicKeys; + shell = pkgs.fish; + }; + }; +} diff --git a/darwin/quasar/default.nix b/darwin/quasar/default.nix new file mode 100644 index 0000000..587c91d --- /dev/null +++ b/darwin/quasar/default.nix @@ -0,0 +1,54 @@ +{ config, pkgs, ... }: + +{ + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + + # Add trusted users + nix.settings.trusted-users = [ "root" "@admin" ]; + + # Configure nixpkgs + nixpkgs.config.allowUnfree = true; + + # Use common system packages + environment = { + systemPackages = with pkgs; [ + bat + bottom + direnv + dua + exa + fd + fzf + helix + nil + nixpkgs-fmt + rclone + ripgrep + tealdeer + zoxide + ]; + shells = [ pkgs.fish ]; + }; + + # Enable fish + programs.fish = { + enable = true; + interactiveShellInit = '' + alias ls=exa + zoxide init --cmd cd fish | source + ''; + }; + users.users.macronova = { + home = "/Users/macronova"; + shell = "${pkgs.fish}/bin/fish"; + }; + + # Auto upgrade nix package and the daemon service. + services.nix-daemon.enable = true; + # nix.package = pkgs.nix; + + # Used for backwards compatibility, please read the changelog before changing. + # $ darwin-rebuild changelog + system.stateVersion = 4; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..b0121d1 --- /dev/null +++ b/flake.lock @@ -0,0 +1,453 @@ +{ + "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, + "darkmatter": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1683347392, + "narHash": "sha256-snW+8pJvBQ1B11FmUf6kSgARZW5OvW9uXgxA2VrlzcQ=", + "owner": "VandalByte", + "repo": "darkmatter-grub-theme", + "rev": "efe1abbde0aa9410217247d415ff734583af9711", + "type": "gitlab" + }, + "original": { + "owner": "VandalByte", + "repo": "darkmatter-grub-theme", + "type": "gitlab" + } + }, + "darwin": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1696360011, + "narHash": "sha256-HpPv27qMuPou4acXcZ8Klm7Zt0Elv9dgDvSJaomWb9Y=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "8b6ea26d5d2e8359d06278364f41fbc4b903b28a", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1696814493, + "narHash": "sha256-1qArVsJGG2RHbV2iKFpAmM5os3myvwpXMOdFy5nh54M=", + "owner": "nix-community", + "repo": "disko", + "rev": "32ce057c183506cecb0b84950e4eaf39f37e8c75", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "hardware": { + "locked": { + "lastModified": 1696614066, + "narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixos-hardware", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1696737557, + "narHash": "sha256-YD/pjDjj/BNmisEvRdM/vspkCU3xyyeGVAUWhvVSi5Y=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3c1d8758ac3f55ab96dcaf4d271c39da4b6e836d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_5", + "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-23_05": "nixpkgs-23_05", + "utils": "utils" + }, + "locked": { + "lastModified": 1689976554, + "narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, + "nix-custom": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_6", + "wallpaper-engine-kde-plugin-lib": "wallpaper-engine-kde-plugin-lib" + }, + "locked": { + "lastModified": 1691983676, + "narHash": "sha256-0K/o6iPzC/eOBM1FNWu5rl9B0yA52Z4mqHHvvk1xLGc=", + "ref": "refs/heads/main", + "rev": "fbf346f822d68ed20fc36486175a484693c23366", + "revCount": 3, + "type": "git", + "url": "https://forgejo.invariantspace.com/macronova/nix-custom" + }, + "original": { + "type": "git", + "url": "https://forgejo.invariantspace.com/macronova/nix-custom" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1661353537, + "narHash": "sha256-1E2IGPajOsrkR49mM5h55OtYnU0dGyre6gl60NXKITE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0e304ff0d9db453a4b230e9386418fd974d5804a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs-23_05": { + "locked": { + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1696717752, + "narHash": "sha256-qEq1styCyQHSrw7AOhskH2qwCFx93bOwsGEzUIrZC0g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2f3b6b3fcd9fa0a4e6b544180c058a70890a7cc1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1687274257, + "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", + "path": "/nix/store/22qgs3skscd9bmrxv9xv4q5d4wwm5ppx-source", + "rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1696725822, + "narHash": "sha256-B7uAOS7TkLlOg1aX01rQlYbydcyB6ZnLJSfaYbKVww8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5aabb5780a11c500981993d49ee93cfa6df9307b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1696604326, + "narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1670751203, + "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1691654369, + "narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1696604326, + "narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1696693680, + "narHash": "sha256-PH0HQTkqyj7DmdPKPwrrXwVURLBqzZs4nqnDw9q8mhg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "945559664c1dc5836173ee12896ba421d9b37181", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "darkmatter": "darkmatter", + "darwin": "darwin", + "disko": "disko", + "hardware": "hardware", + "home-manager": "home-manager", + "mailserver": "mailserver", + "nix-custom": "nix-custom", + "nixpkgs": "nixpkgs_7", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_8", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1696734395, + "narHash": "sha256-O/g/wwBqqSS7RQ53bE6Ssf0pXVTCYfN7NnJDhKfggQY=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "d7380c38d407eaf06d111832f4368ba3486b800e", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "wallpaper-engine-kde-plugin-lib": { + "flake": false, + "locked": { + "lastModified": 1691303010, + "narHash": "sha256-BVtTnJA1RLUU/Tj7WI/80ja4pI8NezHCjKvB72VjrZk=", + "ref": "refs/heads/main", + "rev": "f972b2a24c9c3cc2d3e4f41d2ebd14f1473cebdf", + "revCount": 557, + "submodules": true, + "type": "git", + "url": "https://github.com/catsout/wallpaper-engine-kde-plugin" + }, + "original": { + "submodules": true, + "type": "git", + "url": "https://github.com/catsout/wallpaper-engine-kde-plugin" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..128e846 --- /dev/null +++ b/flake.nix @@ -0,0 +1,62 @@ +{ + description = "Entrypoint of all nix configurations"; + + inputs = { + darkmatter.url = "gitlab:VandalByte/darkmatter-grub-theme"; + darwin.url = "github:lnl7/nix-darwin"; + disko.url = "github:nix-community/disko"; + hardware.url = "github:nixos/nixos-hardware"; + home-manager.url = "github:nix-community/home-manager"; + mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nix-custom.url = "git+https://forgejo.invariantspace.com/macronova/nix-custom"; + sops-nix.url = "github:Mic92/sops-nix"; + }; + + outputs = inputs@{ self, darwin, nixpkgs, ... }: + let + darwinConfigDir = ./darwin; + linuxConfigDir = ./linux; + templateDir = ./template; + systemArgs = archPath: instance: { + modules = [ + # Import config from folder + (archPath + "/${instance}") + # Setup Nix + ({ pkgs, ... }: { + nix = { + gc = { + automatic = true; + options = "--delete-older-than 30d"; + }; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + }; + }; + nixpkgs.config.allowUnfree = true; + }) + ]; + specialArgs = { inherit inputs; }; + }; + in + { + darwinConfigurations = builtins.mapAttrs + (instance: _: + darwin.lib.darwinSystem (systemArgs darwinConfigDir instance // { + system = "aarch64-darwin"; + })) + (builtins.readDir darwinConfigDir); + nixosConfigurations = builtins.mapAttrs + (instance: _: + nixpkgs.lib.nixosSystem (systemArgs linuxConfigDir instance)) + (builtins.readDir linuxConfigDir); + templates = builtins.mapAttrs + (template: _: { + path = templateDir + "/${template}"; + description = "Template flake setup: ${template}"; + }) + (builtins.readDir templateDir); + }; + +} diff --git a/linux/blitzar/audio.nix b/linux/blitzar/audio.nix new file mode 100644 index 0000000..0dc2630 --- /dev/null +++ b/linux/blitzar/audio.nix @@ -0,0 +1,17 @@ +{ ... }: { + security.rtkit.enable = true; + + # Enable pipewire + services.pipewire = { + enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + }; + + # Enable noisetorch + programs.noisetorch.enable = true; + +} diff --git a/linux/blitzar/configuration.nix b/linux/blitzar/configuration.nix new file mode 100644 index 0000000..dee1bcc --- /dev/null +++ b/linux/blitzar/configuration.nix @@ -0,0 +1,73 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ pkgs, ... }: + +{ + # Configure boot loader + boot.loader.grub = { + enable = true; + device = "nodev"; + efiSupport = true; + efiInstallAsRemovable = true; + darkmatter-theme = { + enable = true; + style = "nixos"; + resolution = "1440p"; + }; + }; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Enable bluetooth + hardware.bluetooth.enable = true; + + # Enable hardware accelerated video decoding + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + libvdpau-va-gl + ]; + }; + + # Enable firmware update + services.fwupd.enable = true; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.11"; # Did you read the comment? + +} + diff --git a/linux/blitzar/default.nix b/linux/blitzar/default.nix new file mode 100644 index 0000000..0990797 --- /dev/null +++ b/linux/blitzar/default.nix @@ -0,0 +1,18 @@ +{ inputs, ... }: { + imports = with inputs; [ + darkmatter.nixosModule + disko.nixosModules.disko + hardware.nixosModules.asus-zephyrus-ga402 + ] ++ [ + ./audio.nix + ./configuration.nix + ./disko.nix + ./gui.nix + ./hardware-configuration.nix + ./network.nix + ./locale.nix + ./syncthing.nix + ./zfs.nix + ../../common + ]; +} diff --git a/linux/blitzar/disko.nix b/linux/blitzar/disko.nix new file mode 100644 index 0000000..462b1ca --- /dev/null +++ b/linux/blitzar/disko.nix @@ -0,0 +1,88 @@ +{ ... }: { + disko.devices = { + # Partition the physical disk + disk = { + storage = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "esp"; + start = "2MiB"; + end = "2GiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "zfs"; + start = "2GiB"; + end = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + } + ]; + }; + }; + }; + + # Construct the primary zfs pool for this system. + zpool.zroot = { + type = "zpool"; + options = { + ashift = "12"; + autotrim = "on"; + listsnapshots = "on"; + }; + rootFsOptions = { + acltype = "posix"; + atime = "off"; + compression = "zstd"; + dnodesize = "auto"; + mountpoint = "none"; + normalization = "formD"; + xattr = "sa"; + }; + datasets = { + # Encrypt main dataset + main = { + type = "zfs_fs"; + options = { + encryption = "on"; + keyformat = "passphrase"; + }; + }; + # Create dataset for home + "main/home" = { + type = "zfs_fs"; + mountpoint = "/home"; + }; + # Create dataset for nix store + "main/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + # Create dataset for root + "main/root" = { + type = "zfs_fs"; + mountpoint = "/"; + }; + # Reserve space for performance + reservation = { + type = "zfs_fs"; + options.refreservation = "256G"; + }; + }; + }; + }; + +} diff --git a/linux/blitzar/gui.nix b/linux/blitzar/gui.nix new file mode 100644 index 0000000..c2bdfec --- /dev/null +++ b/linux/blitzar/gui.nix @@ -0,0 +1,67 @@ +{ config, inputs, pkgs, ... }: { + home-manager.users.${config.constants.userName} = { + home.packages = with pkgs; [ + exactaudiocopy + haruna + jellyfin-media-player + lutris + nvtop-amd + mono + picard + qbittorrent + sweet + sweet-nova + telegram-desktop + thunderbird + wineWowPackages.waylandFull + winetricks + yuzu-mainline + ] ++ (with pkgs.libsForQt5; [ + kirigami-addons + qt5.qtwebsockets + ]) ++ [ + inputs.nix-custom.packages.${pkgs.system}.wallpaper-engine-kde-plugin-lib + (pkgs.python3.withPackages (ps: with ps; [ + websockets + ])) + ]; + programs = { + firefox.enable = true; + kitty = { + enable = true; + settings = { + background_opacity = "0.72"; + remember_window_size = "no"; + }; + theme = "Tokyo Night Moon"; + }; + obs-studio.enable = true; + }; + }; + + programs.clash-verge = { + enable = true; + tunMode = true; + autoStart = true; + }; + + programs.dconf.enable = true; + + programs.steam.enable = true; + + services.colord.enable = true; + + services.xserver = { + enable = true; + displayManager = { + defaultSession = "plasmawayland"; + autoLogin.user = "macronova"; + sddm = { + enable = true; + autoLogin.relogin = true; + }; + }; + desktopManager.plasma5.enable = true; + videoDrivers = [ "amdgpu" ]; + }; +} diff --git a/linux/blitzar/hardware-configuration.nix b/linux/blitzar/hardware-configuration.nix new file mode 100644 index 0000000..a742e83 --- /dev/null +++ b/linux/blitzar/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/linux/blitzar/locale.nix b/linux/blitzar/locale.nix new file mode 100644 index 0000000..7fd75cc --- /dev/null +++ b/linux/blitzar/locale.nix @@ -0,0 +1,82 @@ +{ pkgs, ... }: { + # Configure default fonts + fonts = { + packages = with pkgs; [ + inter + iosevka + noto-fonts + noto-fonts-cjk-sans + noto-fonts-cjk-serif + noto-fonts-emoji + meslo-lgs-nf + ]; + fontconfig.defaultFonts = { + serif = [ "Noto Serif" "Noto Serif CJK SC" ]; + sansSerif = [ "Inter" "Noto Sans CJK SC" ]; + monospace = [ "Iosevka" "Noto Sans CJK SC" ]; + }; + }; + + # Configure input methods + i18n = { + defaultLocale = "en_US.UTF-8"; + inputMethod = { + enabled = "fcitx5"; + fcitx5.addons = with pkgs; [ fcitx5-rime ]; + }; + supportedLocales = [ + "C.UTF-8/UTF-8" + "en_US.UTF-8/UTF-8" + "ja_JP.UTF-8/UTF-8" + "zh_CN.GB18030/GB18030" + "zh_CN.UTF-8/UTF-8" + ]; + }; + + # Configure keyboard mapping + services.kanata = { + enable = true; + keyboards.core = { + devices = [ "/dev/input/by-id/usb-ASUSTeK_Computer_Inc._N-KEY_Device-if02-event-kbd" ]; + config = '' + (defsrc + esc f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 del + grv 1 2 3 4 5 6 7 8 9 0 - = bspc + tab q w e r t y u i o p [ ] \ + caps a s d f g h j k l ; ' ret + lsft z x c v b n m , . / rsft up + lctl lmet lalt spc ralt rctl left down rght + ) + (deflayer base + _ _ _ _ _ _ _ _ _ _ _ _ _ _ + _ _ _ _ _ _ _ _ _ _ _ _ _ _ + _ _ _ _ _ _ _ _ _ _ _ _ _ _ + _ _ _ _ _ _ _ _ _ _ _ _ _ + _ _ _ _ _ _ _ _ _ _ _ _ _ + _ _ _ _ _ @li _ _ _ + ) + (deflayer index + XX XX XX XX XX XX XX XX XX XX XX XX XX XX + XX XX XX XX XX XX XX XX XX XX XX XX XX XX + XX XX XX XX XX XX XX XX XX XX XX XX XX XX + XX XX XX XX XX XX XX XX XX XX XX XX XX + XX XX XX XX XX @lb XX @lm XX XX XX XX XX + XX XX XX XX XX XX XX XX XX + ) + (deflayer media + XX XX XX XX XX XX XX XX XX XX XX XX XX XX + XX XX XX XX XX XX XX XX XX XX XX XX XX XX + XX XX XX XX XX XX XX XX XX XX XX XX XX XX + XX XX XX XX XX XX XX XX XX XX XX XX XX + XX XX XX XX XX XX XX XX prev next XX XX XX + XX XX XX pp XX @li XX XX XX + ) + (defalias + li (layer-toggle index) + lb (layer-switch base) + lm (layer-switch media) + ) + ''; + }; + }; +} diff --git a/linux/blitzar/network.nix b/linux/blitzar/network.nix new file mode 100644 index 0000000..2538798 --- /dev/null +++ b/linux/blitzar/network.nix @@ -0,0 +1,14 @@ +{ config, ... }: { + networking = { + domain = config.constants.domain; + hostId = "30f8f777"; + hostName = "blitzar"; + networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; + nftables.enable = true; + wireless.iwd.enable = true; + }; + services.resolved.enable = true; +} diff --git a/linux/blitzar/syncthing.nix b/linux/blitzar/syncthing.nix new file mode 100644 index 0000000..cb703f4 --- /dev/null +++ b/linux/blitzar/syncthing.nix @@ -0,0 +1,27 @@ +{ config, ... }: + +{ + services.syncthing = { + enable = true; + dataDir = config.constants.homeDir; + openDefaultPorts = true; + overrideDevices = true; + overrideFolders = true; + settings = { + devices.nebula = { + name = "nebula"; + id = "KCQSN3M-UWBEDE6-SCS5LS7-WFKFLDK-WT5ECNB-3Z47WAM-ZMA52UL-ZNJUYQ7"; + }; + folders.music = { + enable = true; + devices = [ "nebula" ]; + id = "Music"; + label = "Music"; + path = "~/Music"; + type = "sendonly"; + }; + }; + user = config.constants.userName; + }; +} + diff --git a/linux/blitzar/zfs.nix b/linux/blitzar/zfs.nix new file mode 100644 index 0000000..e00bff8 --- /dev/null +++ b/linux/blitzar/zfs.nix @@ -0,0 +1,83 @@ +{ config, lib, ... }: { + + boot = { + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + loader.grub.zfsSupport = true; + zfs.enableUnstable = true; + }; + + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; + + services.zrepl = { + enable = true; + settings = { + global = { + logging = [{ + type = "syslog"; + level = "info"; + format = "human"; + }]; + }; + jobs = [ + { + name = "snapshot"; + type = "snap"; + filesystems = { "zroot/main/home" = true; }; + snapshotting = { + type = "periodic"; + prefix = "zrepl-"; + interval = "1h"; + }; + pruning = { + keep = [{ + type = "grid"; + regex = "^zrepl-.*"; + grid = lib.concatStringsSep " | " [ "1x1h(keep=all)" "24x1h" "7x1d" "4x1w" ]; + }]; + }; + } + { + name = "push-to-local-drive"; + type = "push"; + send = { encrypted = true; }; + connect = { + type = "local"; + listener_name = "sink-to-local-drive"; + client_identity = config.networking.hostName; + }; + filesystems = { "zroot/main/home" = true; }; + replication = { + protection = { + initial = "guarantee_resumability"; + incremental = "guarantee_incremental"; + }; + }; + snapshotting = { type = "manual"; }; + pruning = { + keep_sender = [{ type = "regex"; regex = ".*"; }]; + keep_receiver = [{ + type = "grid"; + regex = "^zrepl-.*"; + grid = lib.concatStringsSep " | " [ "1x1h(keep=all)" "365x1d" "52x1w" ]; + }]; + }; + } + { + name = "sink-to-local-drive"; + type = "sink"; + recv = { placeholder = { encryption = "off"; }; }; + root_fs = "zbackup"; + serve = { + type = "local"; + listener_name = "sink-to-local-drive"; + }; + } + ]; + }; + }; + +} + diff --git a/linux/nebula/caddy.nix b/linux/nebula/caddy.nix new file mode 100644 index 0000000..973d629 --- /dev/null +++ b/linux/nebula/caddy.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + services.caddy = + { + enable = true; + virtualHosts = + let + conduitCfg = config.services.matrix-conduit.settings.global; + forgejoCfg = config.services.gitea.settings.server; + dn = config.constants.domain; + lh = config.constants.localhost; + in + { + "forgejo.${dn}".extraConfig = '' + reverse_proxy ${forgejoCfg.HTTP_ADDR}:${toString forgejoCfg.HTTP_PORT} + ''; + "jellyfin.${dn}".extraConfig = '' + reverse_proxy ${lh}:8096 + ''; + "matrix.${dn}".extraConfig = '' + reverse_proxy /_matrix/* ${conduitCfg.address}:${toString conduitCfg.port} + file_server { + root ${pkgs.cinny} + } + ''; + }; + }; +} diff --git a/linux/nebula/conduit.nix b/linux/nebula/conduit.nix new file mode 100644 index 0000000..789053f --- /dev/null +++ b/linux/nebula/conduit.nix @@ -0,0 +1,11 @@ +{ config, ... }: + +{ + services.matrix-conduit = { + enable = true; + settings.global = { + address = config.constants.localhost; + server_name = config.constants.domain; + }; + }; +} diff --git a/linux/nebula/configuration.nix b/linux/nebula/configuration.nix new file mode 100644 index 0000000..2e2561d --- /dev/null +++ b/linux/nebula/configuration.nix @@ -0,0 +1,33 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running `nixos-help`). + +{ ... }: + +{ + + # Configure boot loader + boot.loader.grub = { + enable = true; + device = "nodev"; + efiSupport = true; + efiInstallAsRemovable = true; + darkmatter-theme = { + enable = true; + style = "nixos"; + }; + }; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + +} + diff --git a/linux/nebula/default.nix b/linux/nebula/default.nix new file mode 100644 index 0000000..3495a5a --- /dev/null +++ b/linux/nebula/default.nix @@ -0,0 +1,22 @@ +{ inputs, ... }: + +{ + imports = with inputs; [ + darkmatter.nixosModule + disko.nixosModules.disko + hardware.nixosModules.common-cpu-amd + hardware.nixosModules.common-cpu-amd-pstate + ] ++ [ + ./caddy.nix + ./conduit.nix + ./configuration.nix + ./disko.nix + ./forgejo.nix + ./hardware-configuration.nix + ./jellyfin.nix + ./network.nix + ./syncthing.nix + ./zfs.nix + ../../common + ]; +} diff --git a/linux/nebula/disko.nix b/linux/nebula/disko.nix new file mode 100755 index 0000000..cf9d602 --- /dev/null +++ b/linux/nebula/disko.nix @@ -0,0 +1,88 @@ +{ ... }: { + disko.devices = { + # Partition the physical disk + disk = { + storage = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "esp"; + start = "1MiB"; + end = "1GiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "zfs"; + start = "1GiB"; + end = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + } + ]; + }; + }; + }; + + # Construct the primary zfs pool for this system. + zpool.zroot = { + type = "zpool"; + options = { + ashift = "12"; + autotrim = "on"; + listsnapshots = "on"; + }; + rootFsOptions = { + acltype = "posix"; + atime = "off"; + compression = "zstd"; + dnodesize = "auto"; + mountpoint = "none"; + normalization = "formD"; + xattr = "sa"; + }; + datasets = { + # Encrypt main dataset + main = { + type = "zfs_fs"; + options = { + encryption = "on"; + keyformat = "passphrase"; + }; + }; + # Create dataset for home + "main/home" = { + type = "zfs_fs"; + mountpoint = "/home"; + }; + # Create dataset for nix store + "main/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + # Create dataset for root + "main/root" = { + type = "zfs_fs"; + mountpoint = "/"; + }; + # Reserve space for performance + reservation = { + type = "zfs_fs"; + options.refreservation = "128G"; + }; + }; + }; + }; + +} diff --git a/linux/nebula/forgejo.nix b/linux/nebula/forgejo.nix new file mode 100644 index 0000000..f3de21b --- /dev/null +++ b/linux/nebula/forgejo.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + services.gitea = { + enable = true; + appName = "Forgejo"; + package = pkgs.forgejo; + settings = { + server = let dn = config.constants.domain; in { + DOMAIN = dn; + HTTP_ADDR = config.constants.localhost; + ROOT_URL = "https://forgejo.${dn}"; + }; + service.DISABLE_REGISTRATION = true; + session.COOKIE_SECURE = true; + }; + }; +} diff --git a/linux/nebula/hardware-configuration.nix b/linux/nebula/hardware-configuration.nix new file mode 100644 index 0000000..53c759a --- /dev/null +++ b/linux/nebula/hardware-configuration.nix @@ -0,0 +1,27 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "uas" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/linux/nebula/jellyfin.nix b/linux/nebula/jellyfin.nix new file mode 100644 index 0000000..7c21c0f --- /dev/null +++ b/linux/nebula/jellyfin.nix @@ -0,0 +1,9 @@ +{ config, ... }: +{ + hardware.opengl.enable = true; + + services.jellyfin = { + enable = true; + user = config.constants.userName; + }; +} diff --git a/linux/nebula/network.nix b/linux/nebula/network.nix new file mode 100644 index 0000000..73be887 --- /dev/null +++ b/linux/nebula/network.nix @@ -0,0 +1,43 @@ +{ config, ... }: + +let hn = "nebula"; in { + networking = { + domain = config.constants.domain; + firewall.allowedTCPPorts = [ 80 443 ]; + hostId = "e6449321"; + hostName = hn; + networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; + nftables.enable = true; + tempAddresses = "disabled"; + wireless.iwd.enable = true; + }; + + sops.secrets."cloudflare/${hn}" = { }; + + services.cloudflare-dyndns = { + enable = true; + apiTokenFile = config.sops.secrets."cloudflare/${hn}".path; + domains = builtins.attrNames config.services.caddy.virtualHosts; + ipv4 = false; + ipv6 = true; + }; + + services.openssh = { + enable = true; + hostKeys = [{ + comment = "host@${hn}"; + path = "/etc/ssh/host"; + rounds = 100; + type = "ed25519"; + }]; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + + services.resolved.enable = true; +} diff --git a/linux/nebula/syncthing.nix b/linux/nebula/syncthing.nix new file mode 100644 index 0000000..0bb67d1 --- /dev/null +++ b/linux/nebula/syncthing.nix @@ -0,0 +1,26 @@ +{ config, ... }: + +{ + services.syncthing = { + enable = true; + dataDir = config.constants.homeDir; + openDefaultPorts = true; + overrideDevices = true; + overrideFolders = true; + settings = { + devices.blitzar = { + name = "blitzar"; + id = "JQQYTRP-GEJITYH-NSHUZ2T-YWS5XDC-7R6E47Z-NUXON4D-4QR77VU-AE4Q3AR"; + }; + folders.music = { + enable = true; + devices = [ "blitzar" ]; + id = "Music"; + label = "Music"; + path = "~/Music"; + type = "receiveonly"; + }; + }; + user = config.constants.userName; + }; +} diff --git a/linux/nebula/zfs.nix b/linux/nebula/zfs.nix new file mode 100755 index 0000000..a6165a2 --- /dev/null +++ b/linux/nebula/zfs.nix @@ -0,0 +1,15 @@ +{ config, ... }: { + + boot = { + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + loader.grub.zfsSupport = true; + zfs.enableUnstable = true; + }; + + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; + +} + diff --git a/linux/singularity/caddy.nix b/linux/singularity/caddy.nix new file mode 100644 index 0000000..9482837 --- /dev/null +++ b/linux/singularity/caddy.nix @@ -0,0 +1,59 @@ +{ config, ... }: + +{ + + services.caddy = { + enable = true; + email = config.constants.postMaster; + virtualHosts = + let + dn = config.constants.domain; + msfqdn = config.mailserver.fqdn; + mtfqdn = "matrix.${dn}"; + vaultCfg = config.services.vaultwarden.config; + wn = s: "/.well-known/${s}"; + in + { + "${dn}".extraConfig = let wnm = wn "matrix"; in '' + header ${wnm}/* Content-Type application/json + header ${wnm}/* Access-Control-Allow-Origin * + respond ${wnm}/server `{ "m.server": "${mtfqdn}:443" }` + respond ${wnm}/client `{ + "m.homeserver": { "base_url": "https://${mtfqdn}" }, + "m.identity_server": { "base_url": "https://${mtfqdn}" } + }` + ''; + ${msfqdn} = { + extraConfig = '' + file_server ${wn "acme-challenge"}/* { + root ${config.security.acme.defaults.webroot}/ + } + ''; + useACMEHost = msfqdn; + }; + "vault.${dn}".extraConfig = + '' + reverse_proxy /notifications/hub/negotiate ${vaultCfg.ROCKET_ADDRESS}:${ + toString vaultCfg.ROCKET_PORT + } + reverse_proxy /notifications/hub ${vaultCfg.WEBSOCKET_ADDRESS}:${ + toString vaultCfg.WEBSOCKET_PORT + } + reverse_proxy ${vaultCfg.ROCKET_ADDRESS}:${ + toString vaultCfg.ROCKET_PORT + } { + header_up X-Real-IP {remote_host} + } + ''; + }; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = config.constants.postMaster; + webroot = "/var/lib/acme/acme-challenge"; + }; + }; + +} diff --git a/linux/singularity/configuration.nix b/linux/singularity/configuration.nix new file mode 100644 index 0000000..00ef68f --- /dev/null +++ b/linux/singularity/configuration.nix @@ -0,0 +1,37 @@ +{ config, pkgs, ... }: + +{ + + boot = { + tmp.cleanOnBoot = true; + loader.grub.device = "/dev/sda"; + }; + + constants.sopsFile = ../../common/auths.yaml; + + environment.systemPackages = with pkgs; [ + bat + bottom + helix + ]; + + programs = { + fish.enable = true; + git.enable = true; + }; + + sops.secrets."users/root/password".neededForUsers = true; + + system.stateVersion = "23.11"; + + users = { + mutableUsers = false; + users.root = { + openssh.authorizedKeys.keys = config.constants.publicKeys; + hashedPasswordFile = config.sops.secrets."users/root/password".path; + shell = pkgs.fish; + }; + }; + + zramSwap.enable = true; +} diff --git a/linux/singularity/default.nix b/linux/singularity/default.nix new file mode 100644 index 0000000..f50210d --- /dev/null +++ b/linux/singularity/default.nix @@ -0,0 +1,16 @@ +{ inputs, ... }: { + imports = with inputs; [ + mailserver.nixosModule + sops-nix.nixosModules.sops + ] ++ [ + ./caddy.nix + ./configuration.nix + ./hardware-configuration.nix + ./mailserver.nix + ./network.nix + ./vaultwarden.nix + ./xray.nix + ../../common/constants.nix + ../../common/secrets.nix + ]; +} diff --git a/linux/singularity/hardware-configuration.nix b/linux/singularity/hardware-configuration.nix new file mode 100644 index 0000000..9b46b67 --- /dev/null +++ b/linux/singularity/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + # boot.initrd.availableKernelModules = + # [ "ata_piix" "virtio_pci" "virtio_scsi" "sd_mod" ]; + # boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # fileSystems."/" = { + # device = "/dev/disk/by-uuid/6d3bf8cd-1996-45fb-"; + # fsType = "ext4"; + # }; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; }; + + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + # networking.interfaces.ens19.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/linux/singularity/mailserver.nix b/linux/singularity/mailserver.nix new file mode 100644 index 0000000..5ced106 --- /dev/null +++ b/linux/singularity/mailserver.nix @@ -0,0 +1,25 @@ +{ config, ... }: + +let + dn = config.constants.domain; + usr = config.constants.userName; + mailSecret = "mail/${usr}/password"; +in +{ + mailserver = + { + enable = true; + fqdn = "mail.${dn}"; + domains = [ dn ]; + + loginAccounts = { + "${usr}@${dn}" = { + aliases = [ config.constants.postMaster ]; + hashedPasswordFile = config.sops.secrets.${mailSecret}.path; + }; + }; + + certificateScheme = "acme"; + }; + sops.secrets.${mailSecret} = { }; +} diff --git a/linux/singularity/network.nix b/linux/singularity/network.nix new file mode 100644 index 0000000..8f53d4e --- /dev/null +++ b/linux/singularity/network.nix @@ -0,0 +1,34 @@ +{ config, ... }: + +let hn = "singularity"; in { + networking = { + domain = config.constants.domain; + firewall.allowedTCPPorts = [ 80 443 50051 ]; + hostName = hn; + hostId = "2cadb253"; + }; + + services.openssh = { + enable = true; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + }; + hostKeys = [{ + comment = "host@${hn}"; + path = "/etc/ssh/host"; + rounds = 100; + type = "ed25519"; + }]; + }; + + sops.secrets."cloudflare/${hn}" = { }; + + services.cloudflare-dyndns = { + enable = true; + apiTokenFile = config.sops.secrets."cloudflare/${hn}".path; + domains = builtins.attrNames config.services.caddy.virtualHosts; + }; + + services.resolved.enable = true; +} diff --git a/linux/singularity/vaultwarden.nix b/linux/singularity/vaultwarden.nix new file mode 100644 index 0000000..d5d96c3 --- /dev/null +++ b/linux/singularity/vaultwarden.nix @@ -0,0 +1,18 @@ +{ config, ... }: + +{ + services.vaultwarden = let lh = config.constants.localhost; in { + enable = true; + config = { + # Disable signup + SIGNUPS_ALLOWED = false; + # Specify service port + ROCKET_ADDRESS = lh; + ROCKET_PORT = 25487; + # Specify notification port + WEBSOCKET_ENABLED = true; + WEBSOCKET_ADDRESS = lh; + WEBSOCKET_PORT = 40513; + }; + }; +} diff --git a/linux/singularity/xray.nix b/linux/singularity/xray.nix new file mode 100644 index 0000000..0ed6daa --- /dev/null +++ b/linux/singularity/xray.nix @@ -0,0 +1,10 @@ +{ config, ... }: + +let xrayCfg = "xray/config.json"; in { + services.xray = { + enable = true; + settingsFile = config.sops.secrets.${xrayCfg}.path; + }; + + sops.secrets.${xrayCfg}.mode = "0444"; +} diff --git a/template/context/flake.nix b/template/context/flake.nix new file mode 100644 index 0000000..cc42ef0 --- /dev/null +++ b/template/context/flake.nix @@ -0,0 +1,15 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = { self, flake-utils, nixpkgs }: + flake-utils.lib.eachDefaultSystem (system: + let pkgs = nixpkgs.legacyPackages.${system}; + in { + devShells.default = pkgs.mkShell { + packages = with pkgs; [ texlive.combined.scheme-full ]; + }; + }); +} diff --git a/template/rust-nightly/flake.nix b/template/rust-nightly/flake.nix new file mode 100644 index 0000000..da24505 --- /dev/null +++ b/template/rust-nightly/flake.nix @@ -0,0 +1,16 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + fenix.url = "github:nix-community/fenix"; + }; + + outputs = { self, fenix, flake-utils, nixpkgs }: + flake-utils.lib.eachDefaultSystem (system: + let pkgs = nixpkgs.legacyPackages.${system}; + in { + devShells.default = pkgs.mkShell { + packages = [ fenix.packages.${system}.complete.toolchain ]; + }; + }); +}