macronova/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Cleanup

Browse source
This commit is contained in:
Sicheng Pan 2025-10-15 22:24:37 -07:00
parent 70f0c6118e
commit e9cdacbfc8
Signed by: macronova
GPG key ID: CE969670FB4B4A56
20 changed files with 142 additions and 310 deletions
Download patch file Download diff file Expand all files Collapse all files

2
common/.sops.yaml
View file

@ -1,5 +1,4 @@
keys: keys:
- &blitzar age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9
- &macronova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra - &macronova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
- &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33 - &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33
- &protostar age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw - &protostar age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw
@ -9,7 +8,6 @@ creation_rules:
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
- age: - age:
- *blitzar
- *macronova - *macronova
- *nebula - *nebula
- *quasar - *quasar

39
common/secrets.yaml
View file

@ -4,41 +4,32 @@ users:
password: ENC[AES256_GCM,data:b1ct21IrepupexfV5CZV31/HRLRbhPY8EZDAA5rkYisSkke5Z6K8IlFePkbRAEre08qastLPr8FARal+s/co6kfR+aFcqD55hMcLaXvthg4xI6K4NRX0Ifp28JaEy0c515qLbvDLiyMsHQ==,iv:uK96mBa7ewu6SjPWb5aJDPKKASSqWFNGfRt88jWhbP8=,tag:eeVXcr3JOOpqO35y0wcXIQ==,type:str] password: ENC[AES256_GCM,data:b1ct21IrepupexfV5CZV31/HRLRbhPY8EZDAA5rkYisSkke5Z6K8IlFePkbRAEre08qastLPr8FARal+s/co6kfR+aFcqD55hMcLaXvthg4xI6K4NRX0Ifp28JaEy0c515qLbvDLiyMsHQ==,iv:uK96mBa7ewu6SjPWb5aJDPKKASSqWFNGfRt88jWhbP8=,tag:eeVXcr3JOOpqO35y0wcXIQ==,type:str]
sops: sops:
age: age:
- recipient: age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMbE1SSUFoeW9KendRZ2VS
MnhEQkJ1SGpRQ29hU0JxU2VYNG9zcDFramd3CmFIdkVYSFM1cVRaeHQwQXA1a0Jw
MjQ3OGpqazZSa2NVN0lDT3pvMENWZWMKLS0tIENFbzZ4cWRZOVRLMGRibHdLbmNJ
elc3Z2FTajA5ajBpd1FYcW8wRnF0VFkKiSmUned7JKZgUx9XWzCCbThmtj8nKlnm
v8bxGW0phdVNcol67EpvxtJWOvHw4clP4PdB/7D+3X5sIF4vgF17kw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra - recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsa3p3amVJeWtTWEtZbTR6 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBady8xYTJvS0kyN3dsVURi
Y1lTbGVtdGVkY1BXbUVBdktWZVFNTW41eVY0Cit0ejlaOWkyYzEvaXhrYytPamhQ SXg5VzNGQ1cyYnZ3VUV0dkRRV1dZL1kzaldrCmxvc084Z3hpL3k1YzcxeFNaWkFE
MXN3Sk5lU2IwU28vWGV1eUVEWC9WbUUKLS0tIEdPaHM1Z0c1c0F0NFNSYzRIdGUr M1l6ZUg1K0ZSNm5NVmtXTzlVYUwxWnMKLS0tIDluN2VjamdjTVZrc3drOUtkZ1pR
RWdVbU5MMWQvRWdnM25COHpFZ255OXcKpDW1Gt/RkG3JwLZgQFgTGgzbKatesZry T0tmMWtPR3pSczVsSHluQXpDNGh3ZlkKgBXGceWCSUQJEk08o3wue1MpSdTy1474
VFBhZxHHWihtmhc7LC+BqMqUFMShYnxvL9DyT/5LCke2sqwhiozWwg== 44iusWYmlCauK3DCH0MHD0sZEl5pC4jKdELIGM1ziiG7oEHppblxWw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33 - recipient: age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNXB3T3JNSE1PdXNncWZn YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByL0V5OHk1b0VncU43VDZQ
ZlhXeTl4aFczR2U5cGpQcFBBdnFZcEtxSjBZCmVzSWREczJpNzA4Q21SVFBncGZ6 anROeCtEYTF1YWlBNk1IeVp5a01PYXoxTjM0CkJHNmRuTWwrNDNKcFo2Z3JjVnpF
OXAzUmJTNFFHcXZRdmI0M0c2TVBSOUUKLS0tIDlmZHQ0eHVJbHArQjZzaXBKSFVr bk5QbDhxNVVTQlhTU3JQSlZucVhJM2sKLS0tIDIrQjdYZk4yc0h2VDdPZVNMVUpE
RWJyK0djYytwTVFBcU1NY0lBSHhPYjAKClAJfMtUuQvbzTiysT4eX/sW+67MnL8m THg5TUlWdjhYc2ErRnIvMHdtTFQwRXcKLjtHY0ZDhQV42afMvoF8STed8ltI9rMH
1hHzsm24rLUvSzfX4gX4vhYUdcn4pPKXCkdhJ1eeFwMAcJV0piudHQ== krtmaulaYIthU7nz2jxqQShzpBJmduuCVILK1kL3lGYFQiFhRuqQrw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age14ffp5y3urw7vuj07nkmh6su4qauy6dkwz5u4m408cv4895v5kqdsd34pkt - recipient: age14ffp5y3urw7vuj07nkmh6su4qauy6dkwz5u4m408cv4895v5kqdsd34pkt
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZHo5MEdYNWhmUGF2RmYx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2WTY4ZGVBMkZmcUVLblc3
Tmg2K0RENytQdUtDeTdKZUFtRlVzZFBrMzA4Cmc5SnVDY3RBVWlHelorczl0clAr MFdsS3p4c1V2aE9kejFwTVlhNXdMZ1RidkRZCjFtV2JoR0FKQ2Myd2ptem9Oamd0
TGxpa1EzRzJuUm9DMFNGN1dxNlJqRVEKLS0tIFZDMHRlUlU3TUdvYVl5U1FhaXRk TVViTlRUdTRvN2tHZVhMSFpzQURkQU0KLS0tIFZ6bnRFZ3VRNGxlcnlKcXB0QkEz
SEJyR1Npa1NCVE8rNytzRWhNM1kzUmcKhR9a+dWRPlI1fL3hwC0x9/m8nhNvFhNS YUx4L0JuZkRTaU5yQnl6dmk0M3h5djgK7x18TrFrkjBSwBWy+BYW5tvx4/4TpAd3
Gcki3AUC5Z2eCXkpZHxFctywfYGJfz9IHincJdkdwWnVoqiwsJ9lzQ== j0A+HI1d9WlwUUxsz7oD+mm3fbEryOWCUqAq21w4ns6UHDJGZH3rGQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-01T04:30:14Z" lastmodified: "2024-09-01T04:30:14Z"
mac: ENC[AES256_GCM,data:ct8vaGlaPj69vzRm9baA2rxbuBM+MYX3Gjtg8m1cdHtldifvrYcw+hb1b9qC/Jhn3ppqpPO/8PhqqMU9U+aUBaSRV0AdDZs63T1/591SU3NDC6rmRBtkbrGk4g4jw4/Guw9Gs8F2r6xWf91KobAoHg9HLI+PK+pOSlfl4o8PBww=,iv:iPGlDkj5mnUxdtoSMztH8BPwSID0FJQDZfc2JenQngw=,tag:1QUCclV0Cs6hsPBANupj1g==,type:str] mac: ENC[AES256_GCM,data:ct8vaGlaPj69vzRm9baA2rxbuBM+MYX3Gjtg8m1cdHtldifvrYcw+hb1b9qC/Jhn3ppqpPO/8PhqqMU9U+aUBaSRV0AdDZs63T1/591SU3NDC6rmRBtkbrGk4g4jw4/Guw9Gs8F2r6xWf91KobAoHg9HLI+PK+pOSlfl4o8PBww=,iv:iPGlDkj5mnUxdtoSMztH8BPwSID0FJQDZfc2JenQngw=,tag:1QUCclV0Cs6hsPBANupj1g==,type:str]

8
common/users.nix
View file

@ -48,6 +48,7 @@ in {
nil nil
rclone rclone
sops sops
unar
] ]
++ ( ++ (
if config.programs.plasma.enable if config.programs.plasma.enable
@ -182,10 +183,7 @@ in {
iconTasks.launchers = []; iconTasks.launchers = [];
} }
{ {
systemTray = { systemTray = {};
icons.scaleToFit = false;
items.showAll = true;
};
} }
{ {
digitalClock.timeZone.selected = ["Local"]; digitalClock.timeZone.selected = ["Local"];
@ -271,6 +269,8 @@ in {
sops.secrets.${usrPwdFile}.neededForUsers = true; sops.secrets.${usrPwdFile}.neededForUsers = true;
time.timeZone = "America/Los_Angeles";
users = { users = {
mutableUsers = false; mutableUsers = false;
users.${userName} = { users.${userName} = {

253
flake.lock generated
View file

@ -19,11 +19,11 @@
"candy-icons": { "candy-icons": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1755120597, "lastModified": 1757455208,
"narHash": "sha256-Kl8wTfEo+FBU5SE4ho0yLt7j2LHTJsAIfWor0hLdIlw=", "narHash": "sha256-wJ86TUjiVYT64QunDk85Jji5vo0Os+D9t/fsyKRM+P0=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "278998cb51c68de9d590c84d8fd1625223772792", "rev": "40cbbc8821db020e2668c309cd5a7bbfabd0be06",
"revCount": 1332, "revCount": 1337,
"type": "git", "type": "git",
"url": "https://github.com/EliverLara/candy-icons" "url": "https://github.com/EliverLara/candy-icons"
}, },
@ -34,7 +34,9 @@
}, },
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1758287904, "lastModified": 1758287904,
@ -50,22 +52,6 @@
"type": "github" "type": "github"
} }
}, },
"feishin-latest": {
"flake": false,
"locked": {
"lastModified": 1759244337,
"narHash": "sha256-Amz5Cm9L+GCpts2HRDm34KkcBzg1sPBA/0WKMOpwSoI=",
"ref": "refs/heads/development",
"rev": "f1a75d8e8123ccd6c32ded5ae960e767dfbab2a3",
"revCount": 1908,
"type": "git",
"url": "https://github.com/jeffvli/feishin"
},
"original": {
"type": "git",
"url": "https://github.com/jeffvli/feishin"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -205,11 +191,11 @@
}, },
"hardware": { "hardware": {
"locked": { "locked": {
"lastModified": 1759261527, "lastModified": 1760106635,
"narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -220,14 +206,16 @@
}, },
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1759536080, "lastModified": 1760500983,
"narHash": "sha256-0aXlKPxm2M+F5oywX2TTbY0e6h+tQ+6OYyx7UZn3A4A=", "narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "edafd6da1936426708f1be0b1a4288007f16639a", "rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -260,14 +248,16 @@
"jovian": { "jovian": {
"inputs": { "inputs": {
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_3" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1759387127, "lastModified": 1760534924,
"narHash": "sha256-uuwJAP92SkHmnI1zo7rrK/gEuHtb97vFZcMa5w+0SZA=", "narHash": "sha256-OIOCC86DxTxp1VG7xAiM+YABtVqp6vTkYIoAiGQMqso=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "0cc290e05882745060fccfe6d7d073f913e0cce7", "rev": "100b4e000032b865563a9754e5bca189bc544764",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -281,7 +271,9 @@
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_4", "nixpkgs": [
"nixpkgs"
],
"nixpkgs-25_05": "nixpkgs-25_05" "nixpkgs-25_05": "nixpkgs-25_05"
}, },
"locked": { "locked": {
@ -301,9 +293,10 @@
"nix-custom": { "nix-custom": {
"inputs": { "inputs": {
"candy-icons": "candy-icons", "candy-icons": "candy-icons",
"feishin-latest": "feishin-latest",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_5", "nixpkgs": [
"nixpkgs"
],
"sweet-ambar-blue": "sweet-ambar-blue", "sweet-ambar-blue": "sweet-ambar-blue",
"sweet-ambar-blue-dark": "sweet-ambar-blue-dark", "sweet-ambar-blue-dark": "sweet-ambar-blue-dark",
"sweet-folders": "sweet-folders", "sweet-folders": "sweet-folders",
@ -312,11 +305,11 @@
"yorha-sound-theme": "yorha-sound-theme" "yorha-sound-theme": "yorha-sound-theme"
}, },
"locked": { "locked": {
"lastModified": 1759540951, "lastModified": 1760589026,
"narHash": "sha256-99dPs9ww00pcKPpDsH8btsP0Eg6aFVmcxSfDCG9k0fA=", "narHash": "sha256-cBy77jhQvkBjHEpPC4HAjVl6jYdz1FUfPYGZxZmzR18=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "a0e3e71498d63a0905df9c83f4f56b80a42f2987", "rev": "97e696e37d7185f60aa35549be0a2c551c4c802a",
"revCount": 44, "revCount": 45,
"type": "git", "type": "git",
"url": "https://forgejo.invariantspace.com/macronova/nix-custom" "url": "https://forgejo.invariantspace.com/macronova/nix-custom"
}, },
@ -349,16 +342,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1752596105, "lastModified": 1760524057,
"narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixpkgs-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -379,138 +372,12 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1759036355,
"narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1756125398,
"narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1759036355,
"narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1756542300,
"narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1759070547,
"narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "647e5c14cbd5067f44ac86b74f014962df460840",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1758976413,
"narHash": "sha256-hEIDTaIqvW1NMfaNgz6pjhZPZKTmACJmXxGr/H6isIg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e3a3b32cc234f1683258d36c6232f150d57df015",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"plasma-manager": { "plasma-manager": {
"inputs": { "inputs": {
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_7" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1759321049, "lastModified": 1759321049,
@ -530,14 +397,16 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"gitignore": "gitignore_2", "gitignore": "gitignore_2",
"nixpkgs": "nixpkgs_8" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1759523803, "lastModified": 1760392170,
"narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=", "narHash": "sha256-WftxJgr2MeDDFK47fQKywzC72L2jRc/PWcyGdjaDzkw=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835", "rev": "46d55f0aeb1d567a78223e69729734f3dca25a85",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -555,7 +424,7 @@
"jovian": "jovian", "jovian": "jovian",
"mailserver": "mailserver", "mailserver": "mailserver",
"nix-custom": "nix-custom", "nix-custom": "nix-custom",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs",
"plasma-manager": "plasma-manager", "plasma-manager": "plasma-manager",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
@ -563,14 +432,16 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_9" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1759188042, "lastModified": 1760393368,
"narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -582,11 +453,11 @@
"sweet-ambar-blue": { "sweet-ambar-blue": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1758309482, "lastModified": 1759874534,
"narHash": "sha256-0wlq+qJAL1xu70n/X/xXdhFUlPgwDIvyC6S0zx/IiVE=", "narHash": "sha256-aA/wuj7Oc+4fkOrL8Qj/kTF2NzZrZ3/rNAmYs9nFxpw=",
"ref": "Ambar-Blue", "ref": "Ambar-Blue",
"rev": "24b6235aefe3ac44ebac7c0a5562d7930dff318a", "rev": "f2d784908d2737b40379c55c79e9b09f1c6e6b99",
"revCount": 343, "revCount": 344,
"type": "git", "type": "git",
"url": "https://github.com/EliverLara/Sweet" "url": "https://github.com/EliverLara/Sweet"
}, },
@ -599,11 +470,11 @@
"sweet-ambar-blue-dark": { "sweet-ambar-blue-dark": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1758309597, "lastModified": 1759874277,
"narHash": "sha256-zFpUDXUZ3zv8/5CIW/acl+SuMEGNZWHWKCuqlUtnCf8=", "narHash": "sha256-rULe52jTuZ+SFUkPEq0r91LML1z6fcMuXI+SDxWh7xI=",
"ref": "Ambar-Blue-Dark", "ref": "Ambar-Blue-Dark",
"rev": "270ec6c58e073a6315ea4423d5e655c55e418020", "rev": "9f4378087326b6b594af7f61ea8a0ddea7f50056",
"revCount": 426, "revCount": 427,
"type": "git", "type": "git",
"url": "https://github.com/EliverLara/Sweet" "url": "https://github.com/EliverLara/Sweet"
}, },

40
flake.nix
View file

@ -2,17 +2,41 @@
description = "Entrypoint of all nix configurations"; description = "Entrypoint of all nix configurations";
inputs = { inputs = {
disko.url = "github:nix-community/disko"; disko = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/disko";
};
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
hardware.url = "github:nixos/nixos-hardware"; hardware.url = "github:nixos/nixos-hardware";
home-manager.url = "github:nix-community/home-manager"; home-manager = {
jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; inputs.nixpkgs.follows = "nixpkgs";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; url = "github:nix-community/home-manager";
};
jovian = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:Jovian-Experiments/Jovian-NixOS";
};
mailserver = {
inputs.nixpkgs.follows = "nixpkgs";
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-custom.url = "git+https://forgejo.invariantspace.com/macronova/nix-custom"; nix-custom = {
plasma-manager.url = "github:pjones/plasma-manager"; inputs.nixpkgs.follows = "nixpkgs";
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; url = "git+https://forgejo.invariantspace.com/macronova/nix-custom";
sops-nix.url = "github:Mic92/sops-nix"; };
plasma-manager = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:pjones/plasma-manager";
};
pre-commit-hooks = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:cachix/pre-commit-hooks.nix";
};
sops-nix = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:Mic92/sops-nix";
};
}; };
outputs = inputs @ { outputs = inputs @ {

9
linux/nebula/conduit.nix
View file

@ -4,15 +4,6 @@
settings.global = { settings.global = {
address = wildcard; address = wildcard;
port = port.conduit; port = port.conduit;
# TODO: Use secret file when possible
turn_secret = "84EoJSEVnlH@eiqqV7K!2vmAr^G";
turn_uris = let
coturn-realm = "turn.${domain}";
in [
"turn:${coturn-realm}:${toString port.coturn-tls}?transport=udp"
"turn:${coturn-realm}:${toString port.coturn-tls}?transport=tcp"
];
turn_user_lifetime = "1h";
server_name = domain; server_name = domain;
}; };
}; };

11
linux/nebula/configuration.nix
View file

@ -1,15 +1,16 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{...}: { {pkgs, ...}: {
# Configure boot loader # Configure boot loader
boot.loader = { boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
systemd-boot.enable = true; systemd-boot.enable = true;
}; };
tmp.cleanOnBoot = true;
# Set your time zone. };
time.timeZone = "America/Los_Angeles";
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

1
linux/nebula/hardware-configuration.nix
View file

@ -4,7 +4,6 @@
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: { }: {

7
linux/nebula/zfs.nix
View file

@ -1,5 +1,8 @@
{...}: { {pkgs, ...}: {
boot.loader.grub.zfsSupport = true; boot = {
loader.grub.zfsSupport = true;
zfs.package = pkgs.zfs_unstable;
};
services.zfs = { services.zfs = {
autoScrub.enable = true; autoScrub.enable = true;

9
linux/protostar/configuration.nix
View file

@ -3,20 +3,21 @@
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{...}: { {...}: {
# Configuration boot # Configuration boot
boot.loader = { boot = {
loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
systemd-boot.enable = true; systemd-boot.enable = true;
}; };
tmp.cleanOnBoot = true;
};
# Change secrets file # Change secrets file
constants.sopsFile = ../../common/auths.yaml; constants.sopsFile = ../../common/auths.yaml;
# Disable sudo password # Disable sudo password
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
# Set timezone automatically
services.automatic-timezoned.enable = true;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave # on your system were taken. It's perfectly fine and recommended to leave

3
linux/protostar/hardware-configuration.nix
View file

@ -4,7 +4,6 @@
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: { }: {
@ -13,9 +12,7 @@
]; ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"]; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

2
linux/quasar/configuration.nix
View file

@ -4,6 +4,7 @@
{pkgs, ...}: { {pkgs, ...}: {
# Configure boot # Configure boot
boot = { boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd.systemd.enable = true; initrd.systemd.enable = true;
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
@ -23,6 +24,7 @@
theme = "target_2"; theme = "target_2";
themePackages = [pkgs.adi1090x-plymouth-themes]; themePackages = [pkgs.adi1090x-plymouth-themes];
}; };
tmp.cleanOnBoot = true;
}; };
# This option defines the first version of NixOS you have installed on this particular machine, # This option defines the first version of NixOS you have installed on this particular machine,

12
linux/quasar/device.nix
View file

@ -5,9 +5,6 @@
}: let }: let
userName = config.constants.userName; userName = config.constants.userName;
in { in {
# TODO: Remove this when apex 5 works out of the box: https://github.com/paroj/xpad/pull/328
boot.kernelModules = ["xpad"];
hardware = { hardware = {
bluetooth.enable = true; bluetooth.enable = true;
graphics = { graphics = {
@ -28,7 +25,6 @@ in {
security.rtkit.enable = true; security.rtkit.enable = true;
services = { services = {
automatic-timezoned.enable = true;
avahi = { avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
@ -45,13 +41,7 @@ in {
pulse.enable = true; pulse.enable = true;
}; };
printing.enable = true; printing.enable = true;
udev = { udev.packages = [pkgs.via];
packages = [pkgs.via];
# TODO: Remove this when apex 5 works out of the box: https://github.com/paroj/xpad/pull/328
extraRules = ''
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="37d7", ATTRS{idProduct}=="2501", RUN+="${pkgs.bash}/bin/bash -c 'echo 37d7 2501 > /sys/bus/usb/drivers/xpad/new_id'"
'';
};
}; };
users.users.${userName}.extraGroups = ["adbusers" "cdrom" "docker"]; users.users.${userName}.extraGroups = ["adbusers" "cdrom" "docker"];

1
linux/quasar/hardware-configuration.nix
View file

@ -4,7 +4,6 @@
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: { }: {

2
linux/quasar/zfs.nix
View file

@ -1,6 +1,7 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: { }: {
boot = { boot = {
@ -8,6 +9,7 @@
zfs = { zfs = {
extraPools = ["zarchive"]; extraPools = ["zarchive"];
requestEncryptionCredentials = ["zactive/main"]; requestEncryptionCredentials = ["zactive/main"];
package = pkgs.zfs_unstable;
}; };
}; };

5
linux/singularity/caddy.nix
View file

@ -69,10 +69,7 @@ with config.constants; {
} }
''; '';
} }
// (acme [ // (acme [config.mailserver.fqdn]);
config.mailserver.fqdn
config.services.coturn.realm
]);
}; };
security.acme = { security.acme = {

5
linux/singularity/configuration.nix
View file

@ -1,7 +1,8 @@
{...}: { {pkgs, ...}: {
boot = { boot = {
tmp.cleanOnBoot = true; kernelPackages = pkgs.linuxPackages_latest;
loader.grub.device = "/dev/sda"; loader.grub.device = "/dev/sda";
tmp.cleanOnBoot = true;
}; };
constants.sopsFile = ../../common/auths.yaml; constants.sopsFile = ../../common/auths.yaml;

20
linux/singularity/coturn.nix
View file

@ -1,20 +0,0 @@
{config, ...}:
with config.constants; let
acmeDir = config.security.acme.certs.${coturn-realm}.directory;
coturn-realm = "turn.${domain}";
in {
services.coturn = {
enable = true;
cert = "${acmeDir}/fullchain.pem";
listening-port = port.coturn;
min-port = port.coturn-relay-udp-min;
max-port = port.coturn-relay-udp-max;
pkey = "${acmeDir}/key.pem";
realm = coturn-realm;
static-auth-secret-file = config.sops.secrets.coturn.path;
tls-listening-port = port.coturn-tls;
use-auth-secret = true;
};
sops.secrets.coturn.owner = "turnserver";
}

1
linux/singularity/default.nix
View file

@ -4,7 +4,6 @@
../../common ../../common
./caddy.nix ./caddy.nix
./configuration.nix ./configuration.nix
./coturn.nix
./hardware-configuration.nix ./hardware-configuration.nix
./headscale.nix ./headscale.nix
./mailserver.nix ./mailserver.nix

14
linux/singularity/hardware-configuration.nix
View file

@ -4,23 +4,11 @@
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: { }: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")]; imports = [(modulesPath + "/profiles/qemu-guest.nix")];
# boot.initrd.availableKernelModules =
# [ "ata_piix" "virtio_pci" "virtio_scsi" "sd_mod" ];
# boot.initrd.kernelModules = [ ];
boot.kernelModules = [];
boot.extraModulePackages = [];
# fileSystems."/" = {
# device = "/dev/disk/by-uuid/6d3bf8cd-1996-45fb-";
# fsType = "ext4";
# };
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = ["nvme"]; boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = { fileSystems."/" = {
@ -28,8 +16,6 @@
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction