macronova/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Cleanup

Browse source
This commit is contained in:
Sicheng Pan 2025-10-15 22:24:37 -07:00
parent 70f0c6118e
commit e9cdacbfc8
Signed by: macronova
GPG key ID: CE969670FB4B4A56
20 changed files with 142 additions and 310 deletions
Download patch file Download diff file Expand all files Collapse all files

2
common/.sops.yaml
View file

@ -1,5 +1,4 @@
keys:
- &blitzar age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9
- &macronova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
- &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33
- &protostar age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw
@ -9,7 +8,6 @@ creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *blitzar
- *macronova
- *nebula
- *quasar

39
common/secrets.yaml
View file

@ -4,41 +4,32 @@ users:
password: ENC[AES256_GCM,data:b1ct21IrepupexfV5CZV31/HRLRbhPY8EZDAA5rkYisSkke5Z6K8IlFePkbRAEre08qastLPr8FARal+s/co6kfR+aFcqD55hMcLaXvthg4xI6K4NRX0Ifp28JaEy0c515qLbvDLiyMsHQ==,iv:uK96mBa7ewu6SjPWb5aJDPKKASSqWFNGfRt88jWhbP8=,tag:eeVXcr3JOOpqO35y0wcXIQ==,type:str]
sops:
age:
- recipient: age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMbE1SSUFoeW9KendRZ2VS
MnhEQkJ1SGpRQ29hU0JxU2VYNG9zcDFramd3CmFIdkVYSFM1cVRaeHQwQXA1a0Jw
MjQ3OGpqazZSa2NVN0lDT3pvMENWZWMKLS0tIENFbzZ4cWRZOVRLMGRibHdLbmNJ
elc3Z2FTajA5ajBpd1FYcW8wRnF0VFkKiSmUned7JKZgUx9XWzCCbThmtj8nKlnm
v8bxGW0phdVNcol67EpvxtJWOvHw4clP4PdB/7D+3X5sIF4vgF17kw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsa3p3amVJeWtTWEtZbTR6
Y1lTbGVtdGVkY1BXbUVBdktWZVFNTW41eVY0Cit0ejlaOWkyYzEvaXhrYytPamhQ
MXN3Sk5lU2IwU28vWGV1eUVEWC9WbUUKLS0tIEdPaHM1Z0c1c0F0NFNSYzRIdGUr
RWdVbU5MMWQvRWdnM25COHpFZ255OXcKpDW1Gt/RkG3JwLZgQFgTGgzbKatesZry
VFBhZxHHWihtmhc7LC+BqMqUFMShYnxvL9DyT/5LCke2sqwhiozWwg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBady8xYTJvS0kyN3dsVURi
SXg5VzNGQ1cyYnZ3VUV0dkRRV1dZL1kzaldrCmxvc084Z3hpL3k1YzcxeFNaWkFE
M1l6ZUg1K0ZSNm5NVmtXTzlVYUwxWnMKLS0tIDluN2VjamdjTVZrc3drOUtkZ1pR
T0tmMWtPR3pSczVsSHluQXpDNGh3ZlkKgBXGceWCSUQJEk08o3wue1MpSdTy1474
44iusWYmlCauK3DCH0MHD0sZEl5pC4jKdELIGM1ziiG7oEHppblxWw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNXB3T3JNSE1PdXNncWZn
ZlhXeTl4aFczR2U5cGpQcFBBdnFZcEtxSjBZCmVzSWREczJpNzA4Q21SVFBncGZ6
OXAzUmJTNFFHcXZRdmI0M0c2TVBSOUUKLS0tIDlmZHQ0eHVJbHArQjZzaXBKSFVr
RWJyK0djYytwTVFBcU1NY0lBSHhPYjAKClAJfMtUuQvbzTiysT4eX/sW+67MnL8m
1hHzsm24rLUvSzfX4gX4vhYUdcn4pPKXCkdhJ1eeFwMAcJV0piudHQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByL0V5OHk1b0VncU43VDZQ
anROeCtEYTF1YWlBNk1IeVp5a01PYXoxTjM0CkJHNmRuTWwrNDNKcFo2Z3JjVnpF
bk5QbDhxNVVTQlhTU3JQSlZucVhJM2sKLS0tIDIrQjdYZk4yc0h2VDdPZVNMVUpE
THg5TUlWdjhYc2ErRnIvMHdtTFQwRXcKLjtHY0ZDhQV42afMvoF8STed8ltI9rMH
krtmaulaYIthU7nz2jxqQShzpBJmduuCVILK1kL3lGYFQiFhRuqQrw==
-----END AGE ENCRYPTED FILE-----
- recipient: age14ffp5y3urw7vuj07nkmh6su4qauy6dkwz5u4m408cv4895v5kqdsd34pkt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZHo5MEdYNWhmUGF2RmYx
Tmg2K0RENytQdUtDeTdKZUFtRlVzZFBrMzA4Cmc5SnVDY3RBVWlHelorczl0clAr
TGxpa1EzRzJuUm9DMFNGN1dxNlJqRVEKLS0tIFZDMHRlUlU3TUdvYVl5U1FhaXRk
SEJyR1Npa1NCVE8rNytzRWhNM1kzUmcKhR9a+dWRPlI1fL3hwC0x9/m8nhNvFhNS
Gcki3AUC5Z2eCXkpZHxFctywfYGJfz9IHincJdkdwWnVoqiwsJ9lzQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2WTY4ZGVBMkZmcUVLblc3
MFdsS3p4c1V2aE9kejFwTVlhNXdMZ1RidkRZCjFtV2JoR0FKQ2Myd2ptem9Oamd0
TVViTlRUdTRvN2tHZVhMSFpzQURkQU0KLS0tIFZ6bnRFZ3VRNGxlcnlKcXB0QkEz
YUx4L0JuZkRTaU5yQnl6dmk0M3h5djgK7x18TrFrkjBSwBWy+BYW5tvx4/4TpAd3
j0A+HI1d9WlwUUxsz7oD+mm3fbEryOWCUqAq21w4ns6UHDJGZH3rGQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-01T04:30:14Z"
mac: ENC[AES256_GCM,data:ct8vaGlaPj69vzRm9baA2rxbuBM+MYX3Gjtg8m1cdHtldifvrYcw+hb1b9qC/Jhn3ppqpPO/8PhqqMU9U+aUBaSRV0AdDZs63T1/591SU3NDC6rmRBtkbrGk4g4jw4/Guw9Gs8F2r6xWf91KobAoHg9HLI+PK+pOSlfl4o8PBww=,iv:iPGlDkj5mnUxdtoSMztH8BPwSID0FJQDZfc2JenQngw=,tag:1QUCclV0Cs6hsPBANupj1g==,type:str]

8
common/users.nix
View file

@ -48,6 +48,7 @@ in {
nil
rclone
sops
unar
]
++ (
if config.programs.plasma.enable
@ -182,10 +183,7 @@ in {
iconTasks.launchers = [];
}
{
systemTray = {
icons.scaleToFit = false;
items.showAll = true;
};
systemTray = {};
}
{
digitalClock.timeZone.selected = ["Local"];
@ -271,6 +269,8 @@ in {
sops.secrets.${usrPwdFile}.neededForUsers = true;
time.timeZone = "America/Los_Angeles";
users = {
mutableUsers = false;
users.${userName} = {

253
flake.lock generated
View file

@ -19,11 +19,11 @@
"candy-icons": {
"flake": false,
"locked": {
"lastModified": 1755120597,
"narHash": "sha256-Kl8wTfEo+FBU5SE4ho0yLt7j2LHTJsAIfWor0hLdIlw=",
"lastModified": 1757455208,
"narHash": "sha256-wJ86TUjiVYT64QunDk85Jji5vo0Os+D9t/fsyKRM+P0=",
"ref": "refs/heads/master",
"rev": "278998cb51c68de9d590c84d8fd1625223772792",
"revCount": 1332,
"rev": "40cbbc8821db020e2668c309cd5a7bbfabd0be06",
"revCount": 1337,
"type": "git",
"url": "https://github.com/EliverLara/candy-icons"
},
@ -34,7 +34,9 @@
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1758287904,
@ -50,22 +52,6 @@
"type": "github"
}
},
"feishin-latest": {
"flake": false,
"locked": {
"lastModified": 1759244337,
"narHash": "sha256-Amz5Cm9L+GCpts2HRDm34KkcBzg1sPBA/0WKMOpwSoI=",
"ref": "refs/heads/development",
"rev": "f1a75d8e8123ccd6c32ded5ae960e767dfbab2a3",
"revCount": 1908,
"type": "git",
"url": "https://github.com/jeffvli/feishin"
},
"original": {
"type": "git",
"url": "https://github.com/jeffvli/feishin"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -205,11 +191,11 @@
},
"hardware": {
"locked": {
"lastModified": 1759261527,
"narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=",
"lastModified": 1760106635,
"narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "e087756cf4abbe1a34f3544c480fc1034d68742f",
"rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903",
"type": "github"
},
"original": {
@ -220,14 +206,16 @@
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs_2"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1759536080,
"narHash": "sha256-0aXlKPxm2M+F5oywX2TTbY0e6h+tQ+6OYyx7UZn3A4A=",
"lastModified": 1760500983,
"narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "edafd6da1936426708f1be0b1a4288007f16639a",
"rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa",
"type": "github"
},
"original": {
@ -260,14 +248,16 @@
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_3"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1759387127,
"narHash": "sha256-uuwJAP92SkHmnI1zo7rrK/gEuHtb97vFZcMa5w+0SZA=",
"lastModified": 1760534924,
"narHash": "sha256-OIOCC86DxTxp1VG7xAiM+YABtVqp6vTkYIoAiGQMqso=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "0cc290e05882745060fccfe6d7d073f913e0cce7",
"rev": "100b4e000032b865563a9754e5bca189bc544764",
"type": "github"
},
"original": {
@ -281,7 +271,9 @@
"blobs": "blobs",
"flake-compat": "flake-compat",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_4",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-25_05": "nixpkgs-25_05"
},
"locked": {
@ -301,9 +293,10 @@
"nix-custom": {
"inputs": {
"candy-icons": "candy-icons",
"feishin-latest": "feishin-latest",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_5",
"nixpkgs": [
"nixpkgs"
],
"sweet-ambar-blue": "sweet-ambar-blue",
"sweet-ambar-blue-dark": "sweet-ambar-blue-dark",
"sweet-folders": "sweet-folders",
@ -312,11 +305,11 @@
"yorha-sound-theme": "yorha-sound-theme"
},
"locked": {
"lastModified": 1759540951,
"narHash": "sha256-99dPs9ww00pcKPpDsH8btsP0Eg6aFVmcxSfDCG9k0fA=",
"lastModified": 1760589026,
"narHash": "sha256-cBy77jhQvkBjHEpPC4HAjVl6jYdz1FUfPYGZxZmzR18=",
"ref": "refs/heads/main",
"rev": "a0e3e71498d63a0905df9c83f4f56b80a42f2987",
"revCount": 44,
"rev": "97e696e37d7185f60aa35549be0a2c551c4c802a",
"revCount": 45,
"type": "git",
"url": "https://forgejo.invariantspace.com/macronova/nix-custom"
},
@ -349,16 +342,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1752596105,
"narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=",
"owner": "NixOS",
"lastModified": 1760524057,
"narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708",
"rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -379,138 +372,12 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1759036355,
"narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1756125398,
"narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1759036355,
"narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1756542300,
"narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1759070547,
"narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "647e5c14cbd5067f44ac86b74f014962df460840",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1758976413,
"narHash": "sha256-hEIDTaIqvW1NMfaNgz6pjhZPZKTmACJmXxGr/H6isIg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e3a3b32cc234f1683258d36c6232f150d57df015",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"plasma-manager": {
"inputs": {
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_7"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1759321049,
@ -530,14 +397,16 @@
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": "gitignore_2",
"nixpkgs": "nixpkgs_8"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1759523803,
"narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=",
"lastModified": 1760392170,
"narHash": "sha256-WftxJgr2MeDDFK47fQKywzC72L2jRc/PWcyGdjaDzkw=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835",
"rev": "46d55f0aeb1d567a78223e69729734f3dca25a85",
"type": "github"
},
"original": {
@ -555,7 +424,7 @@
"jovian": "jovian",
"mailserver": "mailserver",
"nix-custom": "nix-custom",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs",
"plasma-manager": "plasma-manager",
"pre-commit-hooks": "pre-commit-hooks",
"sops-nix": "sops-nix"
@ -563,14 +432,16 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_9"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1759188042,
"narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=",
"lastModified": 1760393368,
"narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d",
"rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437",
"type": "github"
},
"original": {
@ -582,11 +453,11 @@
"sweet-ambar-blue": {
"flake": false,
"locked": {
"lastModified": 1758309482,
"narHash": "sha256-0wlq+qJAL1xu70n/X/xXdhFUlPgwDIvyC6S0zx/IiVE=",
"lastModified": 1759874534,
"narHash": "sha256-aA/wuj7Oc+4fkOrL8Qj/kTF2NzZrZ3/rNAmYs9nFxpw=",
"ref": "Ambar-Blue",
"rev": "24b6235aefe3ac44ebac7c0a5562d7930dff318a",
"revCount": 343,
"rev": "f2d784908d2737b40379c55c79e9b09f1c6e6b99",
"revCount": 344,
"type": "git",
"url": "https://github.com/EliverLara/Sweet"
},
@ -599,11 +470,11 @@
"sweet-ambar-blue-dark": {
"flake": false,
"locked": {
"lastModified": 1758309597,
"narHash": "sha256-zFpUDXUZ3zv8/5CIW/acl+SuMEGNZWHWKCuqlUtnCf8=",
"lastModified": 1759874277,
"narHash": "sha256-rULe52jTuZ+SFUkPEq0r91LML1z6fcMuXI+SDxWh7xI=",
"ref": "Ambar-Blue-Dark",
"rev": "270ec6c58e073a6315ea4423d5e655c55e418020",
"revCount": 426,
"rev": "9f4378087326b6b594af7f61ea8a0ddea7f50056",
"revCount": 427,
"type": "git",
"url": "https://github.com/EliverLara/Sweet"
},

40
flake.nix
View file

@ -2,17 +2,41 @@
description = "Entrypoint of all nix configurations";
inputs = {
disko.url = "github:nix-community/disko";
disko = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/disko";
};
flake-utils.url = "github:numtide/flake-utils";
hardware.url = "github:nixos/nixos-hardware";
home-manager.url = "github:nix-community/home-manager";
jovian.url = "github:Jovian-Experiments/Jovian-NixOS";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
home-manager = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/home-manager";
};
jovian = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:Jovian-Experiments/Jovian-NixOS";
};
mailserver = {
inputs.nixpkgs.follows = "nixpkgs";
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-custom.url = "git+https://forgejo.invariantspace.com/macronova/nix-custom";
plasma-manager.url = "github:pjones/plasma-manager";
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
sops-nix.url = "github:Mic92/sops-nix";
nix-custom = {
inputs.nixpkgs.follows = "nixpkgs";
url = "git+https://forgejo.invariantspace.com/macronova/nix-custom";
};
plasma-manager = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:pjones/plasma-manager";
};
pre-commit-hooks = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:cachix/pre-commit-hooks.nix";
};
sops-nix = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:Mic92/sops-nix";
};
};
outputs = inputs @ {

9
linux/nebula/conduit.nix
View file

@ -4,15 +4,6 @@
settings.global = {
address = wildcard;
port = port.conduit;
# TODO: Use secret file when possible
turn_secret = "84EoJSEVnlH@eiqqV7K!2vmAr^G";
turn_uris = let
coturn-realm = "turn.${domain}";
in [
"turn:${coturn-realm}:${toString port.coturn-tls}?transport=udp"
"turn:${coturn-realm}:${toString port.coturn-tls}?transport=tcp"
];
turn_user_lifetime = "1h";
server_name = domain;
};
};

15
linux/nebula/configuration.nix
View file

@ -1,16 +1,17 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{...}: {
{pkgs, ...}: {
# Configure boot loader
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
tmp.cleanOnBoot = true;
};
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave

1
linux/nebula/hardware-configuration.nix
View file

@ -4,7 +4,6 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {

7
linux/nebula/zfs.nix
View file

@ -1,5 +1,8 @@
{...}: {
boot.loader.grub.zfsSupport = true;
{pkgs, ...}: {
boot = {
loader.grub.zfsSupport = true;
zfs.package = pkgs.zfs_unstable;
};
services.zfs = {
autoScrub.enable = true;

13
linux/protostar/configuration.nix
View file

@ -3,9 +3,13 @@
# and in the NixOS manual (accessible by running `nixos-help`).
{...}: {
# Configuration boot
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
tmp.cleanOnBoot = true;
};
# Change secrets file
@ -14,9 +18,6 @@
# Disable sudo password
security.sudo.wheelNeedsPassword = false;
# Set timezone automatically
services.automatic-timezoned.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave

3
linux/protostar/hardware-configuration.nix
View file

@ -4,7 +4,6 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
@ -13,9 +12,7 @@
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

2
linux/quasar/configuration.nix
View file

@ -4,6 +4,7 @@
{pkgs, ...}: {
# Configure boot
boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd.systemd.enable = true;
loader = {
efi.canTouchEfiVariables = true;
@ -23,6 +24,7 @@
theme = "target_2";
themePackages = [pkgs.adi1090x-plymouth-themes];
};
tmp.cleanOnBoot = true;
};
# This option defines the first version of NixOS you have installed on this particular machine,

12
linux/quasar/device.nix
View file

@ -5,9 +5,6 @@
}: let
userName = config.constants.userName;
in {
# TODO: Remove this when apex 5 works out of the box: https://github.com/paroj/xpad/pull/328
boot.kernelModules = ["xpad"];
hardware = {
bluetooth.enable = true;
graphics = {
@ -28,7 +25,6 @@ in {
security.rtkit.enable = true;
services = {
automatic-timezoned.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
@ -45,13 +41,7 @@ in {
pulse.enable = true;
};
printing.enable = true;
udev = {
packages = [pkgs.via];
# TODO: Remove this when apex 5 works out of the box: https://github.com/paroj/xpad/pull/328
extraRules = ''
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="37d7", ATTRS{idProduct}=="2501", RUN+="${pkgs.bash}/bin/bash -c 'echo 37d7 2501 > /sys/bus/usb/drivers/xpad/new_id'"
'';
};
udev.packages = [pkgs.via];
};
users.users.${userName}.extraGroups = ["adbusers" "cdrom" "docker"];

1
linux/quasar/hardware-configuration.nix
View file

@ -4,7 +4,6 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {

2
linux/quasar/zfs.nix
View file

@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}: {
boot = {
@ -8,6 +9,7 @@
zfs = {
extraPools = ["zarchive"];
requestEncryptionCredentials = ["zactive/main"];
package = pkgs.zfs_unstable;
};
};

5
linux/singularity/caddy.nix
View file

@ -69,10 +69,7 @@ with config.constants; {
}
'';
}
// (acme [
config.mailserver.fqdn
config.services.coturn.realm
]);
// (acme [config.mailserver.fqdn]);
};
security.acme = {

5
linux/singularity/configuration.nix
View file

@ -1,7 +1,8 @@
{...}: {
{pkgs, ...}: {
boot = {
tmp.cleanOnBoot = true;
kernelPackages = pkgs.linuxPackages_latest;
loader.grub.device = "/dev/sda";
tmp.cleanOnBoot = true;
};
constants.sopsFile = ../../common/auths.yaml;

20
linux/singularity/coturn.nix
View file

@ -1,20 +0,0 @@
{config, ...}:
with config.constants; let
acmeDir = config.security.acme.certs.${coturn-realm}.directory;
coturn-realm = "turn.${domain}";
in {
services.coturn = {
enable = true;
cert = "${acmeDir}/fullchain.pem";
listening-port = port.coturn;
min-port = port.coturn-relay-udp-min;
max-port = port.coturn-relay-udp-max;
pkey = "${acmeDir}/key.pem";
realm = coturn-realm;
static-auth-secret-file = config.sops.secrets.coturn.path;
tls-listening-port = port.coturn-tls;
use-auth-secret = true;
};
sops.secrets.coturn.owner = "turnserver";
}

1
linux/singularity/default.nix
View file

@ -4,7 +4,6 @@
../../common
./caddy.nix
./configuration.nix
./coturn.nix
./hardware-configuration.nix
./headscale.nix
./mailserver.nix

14
linux/singularity/hardware-configuration.nix
View file

@ -4,23 +4,11 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
# boot.initrd.availableKernelModules =
# [ "ata_piix" "virtio_pci" "virtio_scsi" "sd_mod" ];
# boot.initrd.kernelModules = [ ];
boot.kernelModules = [];
boot.extraModulePackages = [];
# fileSystems."/" = {
# device = "/dev/disk/by-uuid/6d3bf8cd-1996-45fb-";
# fsType = "ext4";
# };
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = {
@ -28,8 +16,6 @@
fsType = "ext4";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction