v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

Compare commits

base: v:new
Branches Tags
v:new
v:main
v:reboot
v:renovate/renovate-renovate-37.x
..
compare: v:main
Branches Tags
v:new
v:main
v:reboot
v:renovate/renovate-renovate-37.x

73 commits
new ... main

Author SHA1 Message Date
Vivian
521077f287 fix flood
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2025-07-10 23:39:36 +02:00
Vivian
9b29d097f8 jesec to normal rtorrent
Some checks are pending
Plex Update / update (push) Waiting to run
Details
2025-07-10 19:34:44 +02:00
Vivian
e18b028d06 updates 2025-07-10 18:17:11 +02:00
Vivian
59397eb79f mastodon
Some checks are pending
Plex Update / update (push) Waiting to run
Details
2025-07-10 17:04:41 +02:00
Vivian
11e544d189 Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure 2025-07-10 11:34:15 +02:00
Vivian
08f24d0141 update plex
Some checks are pending
Plex Update / update (push) Waiting to run
Details
2025-07-09 10:44:23 +02:00
Vivian
658b7afddd update mailserver config
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2025-06-04 11:25:28 +02:00
Vivian
a2fd3a998d Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure 2025-05-29 14:01:35 +02:00
Vivian
82f22fb7e7 update mastodon 2025-05-29 13:53:41 +02:00
Vivian
729fea169e update plex
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2025-05-29 11:39:00 +02:00
Vivian
5031415d51 updates
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2025-05-24 14:02:31 +02:00
Vivian
816daa70f2 updates
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2025-05-18 19:05:37 +02:00
Vivian
2fe6723d1d update website 2025-05-05 20:34:53 +02:00
Vivian
9acd943fdb update website
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2025-05-05 20:27:39 +02:00
Vivian
8a9e751c34 update overseerr
Some checks are pending
Plex Update / update (push) Waiting to run
Details
2025-05-05 19:49:25 +02:00
Vivian
80cbfcd310 Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure
Some checks are pending
Plex Update / update (push) Waiting to run
Details
2025-05-05 16:48:03 +02:00
Vivian
f6515bc525 update mastodon 2025-05-05 16:47:58 +02:00
Vivian
99d0ccedf9 Merge branch 'main' into HEAD
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2025-04-25 15:24:50 +02:00
Vivian
f633887486 updates 2025-04-25 15:23:38 +02:00
Vivian
0eba84a592 Merge remote-tracking branch 'origin/main'
Some checks are pending
Plex Update / update (push) Waiting to run
Details
2025-04-25 15:23:02 +02:00
Vivian
9573df8e21 update mastodon 2025-04-25 15:21:49 +02:00
Vivian
0ef43c8a20 Revert "update masto" 
This reverts commit c788335493.
 2025-03-24 12:30:53 +01:00
Vivian
6c47c1ca86 Revert "update masto" 
This reverts commit 3581f899d7.
 2025-03-24 12:30:51 +01:00
Vivian
540101f305 update rtorrent
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2025-03-24 12:24:06 +01:00
Vivian
3581f899d7 update masto
Some checks are pending
Plex Update / update (push) Waiting to run
Details
2025-03-24 12:23:51 +01:00
Vivian
c788335493 update masto
Some checks are pending
Plex Update / update (push) Waiting to run
Details
2025-03-24 12:14:12 +01:00
Vivian
9d5a39f58e plex update
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2025-03-22 11:12:41 +01:00
Vivian
7035014076 updates
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2025-02-06 13:09:21 +01:00
Vivian
bc93b5bd45 update config
Some checks are pending
Plex Update / update (push) Waiting to run
Details
2025-02-06 11:28:06 +01:00
Vivian
30325bac2f update plex
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2025-01-27 15:08:10 +01:00
Vivian
163b0b255a Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure
Some checks failed
Plex Update / update (push) Has been cancelled
Details
2024-12-21 14:17:23 +01:00
Vivian
0f598ae802 disable more 2024-12-21 14:17:21 +01:00
Vivian Roest
9b9c5eba3a update lock 2024-12-21 14:16:23 +01:00
Vivian
5233433029 disable books 2024-12-21 12:52:38 +01:00
Vivian
e9fbd21380 gay 2024-12-21 12:49:44 +01:00
Vivian Roest
902bbb659e update 0x76 2024-12-21 12:47:38 +01:00
Vivian Roest
86f36047d9 updates 2024-12-21 11:37:48 +01:00
Vivian Roest
78095f6879 update plex 2024-12-21 11:37:43 +01:00
Vivian Roest
20768a25be updates 2024-11-18 17:35:29 +01:00
Vivian Roest
cb2cf64a70 disable unifi 2024-11-12 10:16:11 +01:00
Vivian Roest
07a888a537 disable tud 2024-11-02 10:51:32 +01:00
Vivian
9d976b6c2f updated olympus
Some checks are pending
Plex Update / update (push) Waiting to run
Details
2024-11-01 16:51:49 +01:00
Vivian
c5bc2e1a19 updates 2024-10-31 15:39:24 +01:00
Vivian Roest
448b9e7439 updates 2024-09-07 10:42:06 +02:00
Vivian
bdb27514d5 updates 2024-09-05 09:04:44 +02:00
Vivian
70a9c548b4 update plex 2024-08-22 22:20:37 +02:00
Vivian
7ec290370d update flaresolverr 2024-08-22 21:17:14 +02:00
Vivian Roest
9f24d100f4 disable attic, unifi 2024-08-20 21:28:30 +02:00
Vivian
8d3aebf9ca updates 2024-08-20 16:56:58 +02:00
Vivian
a115a8614a update plex 2024-08-04 13:45:54 +02:00
Vivian Roest
5f85c5c2db updates 2024-08-01 14:28:55 +02:00
Vivian
3a72f649d4 matrix: sliding sync 2024-07-13 23:59:59 +02:00
Vivian
8009002c89 Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure 2024-07-13 11:27:52 +02:00
Vivian
f3e3e4bfc4 update plex 2024-07-13 11:27:48 +02:00
Vivian Roest
92b0bee3dd update glitch 2024-07-05 11:28:07 +02:00
Vivian
d85d28bf9e update glitch 2024-07-05 10:51:33 +02:00
Vivian Roest
774d96444e updates 2024-07-04 10:40:05 +02:00
Vivian Roest
0d14b1a2de flake update 2024-07-03 13:42:20 +02:00
Vivian
6c3cc4df70 add website 2024-06-13 22:50:01 +02:00
Vivian
1cbb509689 update plex 2024-06-02 09:59:34 +02:00
Vivian Roest
a172f2ca0f updates 2024-06-01 21:58:00 +02:00
Vivian
2ad73a7cdf update masto 2024-06-01 21:42:19 +02:00
Vivian
045c0ed739 update glitch 2024-06-01 21:01:24 +02:00
Vivian
87ffa71fe4 updates 2024-06-01 18:01:41 +02:00
Vivian Roest
7e7d275411 update flake 2024-04-25 09:26:12 +02:00
Vivian
121d11c0ab ci 2024-03-18 09:21:59 +01:00
Vivian
52483f2ea1 Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure 2024-02-14 15:29:57 +01:00
Vivian
a82965d754 inject queer.af IP addr 2024-02-14 15:27:32 +01:00
Vivian
7829c0bbd4 Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure 
the commit.
 2024-02-04 14:36:23 +01:00
Vivian
71449b62aa masto update 2024-02-04 14:36:16 +01:00
Vivian
140fe8df72 change url 2024-01-04 11:56:36 +01:00
Vivian
a520f77309 add bear 2024-01-04 11:17:26 +01:00
Vivian
cb4949cc10 update 2024-01-03 16:23:42 +01:00
180 changed files with 13165 additions and 4608 deletions
Show stats Expand all files Collapse all files

22
.forgejo/workflows/lint.yml
View file

@ -1,22 +0,0 @@
name: Lint
on: [push]
jobs:
lint:
runs-on: docker
env:
container:
image: ghcr.io/catthehacker/ubuntu:js-20.04
steps:
- uses: actions/checkout@v3
- uses: https://github.com/cachix/install-nix-action@v22
env:
with:
nix_path: nixpkgs=channel:nixos-unstable
- run: |
sed -i '/^access-tokens/ d' /etc/nix/nix.conf
nix profile install 'nixpkgs#deadnix' 'nixpkgs#statix' 'nixpkgs#yamllint'
statix check .
deadnix -f
yamllint .

22
.forgejo/workflows/nix.yml
View file

@ -1,22 +0,0 @@
name: Nix
# on: [push]
jobs:
lint:
runs-on: docker
env:
container:
image: ghcr.io/catthehacker/ubuntu:js-20.04
steps:
- uses: actions/checkout@v3
- name: Check Nix flake inputs
uses: https://github.com/DeterminateSystems/flake-checker-action@v5
- uses: https://github.com/cachix/install-nix-action@v22
env:
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Run `nix flake check`
run: |
sed -i '/^access-tokens/ d' /etc/nix/nix.conf
nix run '.#' -- -V

5
.forgejo/workflows/plex_update.yml
View file

@ -21,14 +21,15 @@ jobs:
- env: - env:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }} VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }} VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
NIXPKGS_ALLOW_UNFREE: 1
run: | run: |
git config user.name "Forgejo Actions Bot" git config user.name "Forgejo Actions Bot"
git config user.email "<>" git config user.email "<>"
# Run Update script # Run Update script
./pkgs/plex-pass/update.sh ./nixos/pkgs/plex-pass/update.sh
git add ./pkgs/plex-pass/ git add ./nixos/pkgs/plex-pass/
# Push if changed # Push if changed
if git status ./nixos/pkgs/plex-pass/ | grep -q "to be committed"; then if git status ./nixos/pkgs/plex-pass/ | grep -q "to be committed"; then

BIN
assets/wallpaper-nix-pink.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 59 KiB

124
common/desktop/home.nix
View file

@ -1,124 +0,0 @@
{
pkgs,
inputs,
config,
...
}:
let
tex = pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-full;
};
my-python-packages =
ps: with ps; [
cryptography
flask
ipwhois
numpy
pandas
pyasn
pyshark
requests
scapy
z3-solver
];
in
{
home.packages = with pkgs; [
(python3.withPackages my-python-packages)
btop
calibre
celluloid # video player
comma
cinny-desktop
discord
element-desktop
foliate # epub reader
firefox
gcc
gimp
jellyfin-media-player
neofetch
nixpkgs-review
qmk
signal-desktop
solo2-cli
spotify
unzip
yt-dlp
obsidian
(lib.hiPrio (
pkgs.writeShellScriptBin "obsidian" ''
unset WAYLAND_DISPLAY
${pkgs.obsidian}/bin/obsidian
''
))
];
# Enable my own hm modules
themes.v.catppuccin.enable = true;
programs = {
v = {
vscode.enable = true;
nvim.enable = true;
rust.enable = true;
};
zed-editor = {
enable = true;
};
# firefox.enable = true;
chromium = {
enable = true;
extensions = [
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # bitwarden
];
};
direnv = {
enable = true;
nix-direnv.enable = true;
};
zsh = {
enable = true;
sessionVariables = {
DIRENV_LOG_FORMAT = "";
};
};
kitty = {
enable = true;
shellIntegration.enableZshIntegration = true;
};
};
xdg.autoStart = {
packages = with pkgs; [
element-desktop
firefox
discord
];
};
# Syncthing
services.syncthing.enable = true;
xdg.userDirs =
let
home = config.home.homeDirectory;
in
{
enable = true;
createDirectories = true;
desktop = "${home}/.desktop";
documents = "${home}/cloud/Documents";
download = "${home}/dl";
music = "${home}/cloud/Music";
pictures = "${home}/cloud/Pictures";
publicShare = "${home}/.publicShare";
templates = "${home}/.templates";
videos = "${home}/cloud/Videos";
};
}

62
common/hm-modules/catppuccin/default.nix
View file

@ -1,62 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.themes.v.catppuccin;
in
{
options.themes.v.catppuccin = {
enable = mkEnableOption "catppuccin";
};
config = mkIf cfg.enable {
catppuccin = {
enable = true;
flavor = "frappe";
accent = "pink";
waybar.enable = false;
mako.enable = false;
rofi.enable = true;
hyprland.enable = true;
kitty.enable = true;
kvantum.enable = true;
};
# home.pointerCursor = {
# name = "Bibata_Ghost";
# size = 24;
# package = pkgs.bibata-cursors-translucent;
# };
programs.kitty = {
# themeFile = "Catppuccin-Frappe";
font.name = "DejaVuSansMono Nerd Font";
};
gtk = {
enable = true;
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme.override { color = "violet"; };
};
# cursorTheme = {
# inherit (config.home.pointerCursor) name package size;
# };
};
qt = {
enable = true;
# platformTheme = "qtct";
style.name = "kvantum";
platformTheme.name = "kvantum";
};
};
}

10
common/hm-modules/default.nix
View file

@ -1,10 +0,0 @@
{ ... }:
{
imports = [
./catppuccin
./nvim
./vscode.nix
./git.nix
./rust.nix
];
}

220
common/hm-modules/nvim/default.nix
View file

@ -1,220 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.programs.v.nvim;
in
with lib;
{
options.programs.v.nvim = {
enable = mkEnableOption "nvim";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ fd ];
home.file.".config/nvim/lua".source = ./lua;
programs.nixvim =
{ helpers, ... }:
{
enable = true;
imports = [
./keybinds.nix
./lsp.nix
];
package = pkgs.neovim-unwrapped;
vimAlias = true;
luaLoader.enable = true;
performance = {
byteCompileLua.enable = true;
combinePlugins.enable = true;
};
globals.mapleader = " ";
opts = {
number = true;
conceallevel = 2;
expandtab = true;
tabstop = 2;
shiftwidth = 2;
smartindent = true;
title = true;
spell = true;
spelllang = "en_gb";
};
clipboard.providers.wl-copy.enable = true;
extraPlugins = with pkgs.vimPlugins; [
FixCursorHold-nvim
];
extraConfigLua = "";
colorschemes.catppuccin = {
enable = true;
settings.flavour = "frappe";
};
plugins = {
nvim-surround.enable = true;
zen-mode = {
enable = true;
settings = {
window.options = {
number = false;
};
};
};
vimwiki = {
enable = true;
settings = {
list = [
{
ext = ".md";
path = "~/cloud/Notes/";
syntax = "markdown";
}
];
};
};
image = {
enable = false;
settings.backend = "kitty";
};
web-devicons.enable = true;
bufferline.enable = true;
nix.enable = true;
luasnip.enable = true;
startup = {
enable = true;
theme = "my_theme";
};
obsidian = {
enable = false;
settings = {
new_notes_location = "notes_subdir";
notes_subdir = "Unsorted";
daily_notes = {
folder = "Diary/Daily";
};
workspaces = [
{
name = "notes";
path = "~/cloud/Notes";
}
];
completion = {
min_chars = 2;
nvim_cmp = true;
};
picker.name = "telescope.nvim";
};
};
fidget = {
enable = true;
settings = {
progress = {
ignore = [ "ltex" ];
display.done_ttl = 5;
};
notification = {
override_vim_notify = true;
};
};
};
neotest = {
enable = true;
adapters = {
plenary.enable = true;
python.enable = true;
rust = {
enable = true;
settings.args = [ "--no-capture" ];
};
};
};
treesitter = {
enable = true;
nixGrammars = true;
settings = {
highlight.enable = true;
incremental_selection.enable = true;
indent.enable = true;
};
};
# Git
committia.enable = true;
gitsigns.enable = true;
lualine = {
enable = true;
settings.options.theme = "catppuccin";
};
oil = {
enable = true;
};
telescope = {
enable = true;
settings.defaults.preview.ls_short = true;
extensions.file-browser = {
enable = true;
settings = {
hijack_netrw = true;
dir_icon = "";
};
};
extensions.fzf-native.enable = true;
extensions.fzf-native.settings.fuzzy = true;
extensions.frecency.enable = true;
extensions.ui-select.enable = true;
};
comment.enable = true;
vimtex.enable = false;
typst-preview.enable = true;
floaterm.enable = true;
cmp = {
enable = true;
autoEnableSources = true;
settings = {
cmdline.":".sources = [ { name = "path"; } ];
snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
mapping = {
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.close()";
};
sources = [
{ name = "nvim_lsp_signature_help"; }
{ name = "path"; }
{ name = "spell"; }
{
name = "buffer";
# Words from other open buffers can also be suggested.
option.get_bufnrs.__raw = "vim.api.nvim_list_bufs";
}
{ name = "nvim_lsp"; }
{ name = "luasnip"; }
];
};
};
};
};
};
}

185
common/hm-modules/nvim/keybinds.nix
View file

@ -1,185 +0,0 @@
{ helpers, ... }:
{
keymaps = with helpers; [
# Disable arrow keys
{
mode = "n";
key = "<Up>";
action = "<Nop>";
}
{
mode = "n";
key = "<Down>";
action = "<Nop>";
}
{
mode = "n";
key = "<Left>";
action = "<Nop>";
}
{
mode = "n";
key = "<Right>";
action = "<Nop>";
}
# General
{
mode = "n";
key = "<leader>";
action = ":noh<CR>";
}
# Telescope
{
mode = "n";
key = "<leader>ff";
action = ":Telescope find_files<CR>";
}
{
mode = "n";
key = "<leader>fs";
action = ":Telescope lsp_dynamic_workspace_symbols<CR>";
}
{
mode = "n";
key = "<leader>fg";
action = mkRaw "require('telescope.builtin').live_grep";
}
{
mode = "n";
key = "<leader>fb";
action = ":Telescope buffers<CR>";
}
{
mode = "n";
key = "<leader>fo";
action = ":Telescope oldfiles<CR>";
}
{
mode = "n";
key = "<leader>fr";
action = ":Telescope frecency<CR>";
}
# Commenting
{
mode = "n";
key = "<C-/>";
action = mkRaw "require('Comment.api').toggle.linewise.current";
}
{
mode = "x";
key = "<C-/>";
action = mkRaw ''
function()
local esc = vim.api.nvim_replace_termcodes(
'<ESC>', true, false, true
)
vim.api.nvim_feedkeys(esc, 'nx', false)
require('Comment.api').toggle.linewise(vim.fn.visualmode())
end
'';
}
# Float Term
{
mode = "n";
key = "t";
action = ":FloatermToggle myfloat<CR>";
}
{
mode = "t";
key = "<ESC>";
action = mkRaw "function() vim.cmd(':FloatermToggle myfloat') end";
}
# Switch buffers
{
mode = "n";
key = "<leader>q";
action = ":bd<CR>"; # Delete buffer
}
{
mode = "n";
key = "<leader>s";
action = ":bn<CR>"; # Buffer next
}
{
mode = "n";
key = "<leader>a";
action = ":bp<CR>"; # Buffer previous
}
# Change Indenting
{
mode = "i";
key = "<S-Tab>";
action = "<C-o><<";
}
{
mode = "n";
key = "<S-Tab>";
action = "<<_";
}
{
mode = "n";
key = "<Tab>";
action = ">>_";
}
{
mode = "v";
key = "<Tab>";
action = ">gv";
}
{
mode = "v";
key = "<S-Tab>";
action = "<gv";
}
# Neotest
{
mode = "n";
key = "<leader>nr";
action = mkRaw "require('neotest').run.run";
}
{
mode = "n";
key = "<leader>no";
action = mkRaw "require('neotest').output.open";
}
{
mode = "n";
key = "<leader>ns";
action = mkRaw "require('neotest').run.stop";
}
{
mode = "n";
key = "<leader>nf";
action = mkRaw "function() require('neotest').run.run(vim.fn.expand('%')) end";
}
# LSP
{
mode = "n";
key = "<M-CR>";
action = mkRaw "vim.lsp.buf.code_action";
}
{
mode = "n";
key = "<leader>e";
action = mkRaw "vim.diagnostic.open_float";
}
# oil
{
mode = "n";
key = "_";
action = "<CMD>Oil<CR>";
}
# Tiny mist (Typst)
# {
# mode = "n";
# key = "<leader>tp";
# action = mkRaw ''
# client:exec_cmd({
# title = "pin",
# command = "tinymist.pinMain",
# arguments = { vim.api.nvim_buf_get_name(0) },
# }, { bufnr = bufnr })
# '';
# }
];
}

127
common/hm-modules/nvim/lsp.nix
View file

@ -1,127 +0,0 @@
{ pkgs, ... }:
{
plugins = {
rustaceanvim = {
enable = true;
settings = {
auto_attach = true;
server = {
standalone = false;
default_settings = {
rust-analyzer = {
inlayHints = {
lifetimeElisionHints = {
enable = "always";
};
};
cargo.features = "all";
check = {
command = "clippy";
};
cachePriming.enable = false;
};
};
};
};
};
lsp = {
enable = true;
inlayHints = true;
keymaps = {
lspBuf = {
K = "hover";
gD = "references";
gd = "definition";
gi = "implementation";
gt = "type_definition";
"<leader>rn" = "rename";
"g=" = "format";
};
diagnostic = {
"<leader>j" = "goto_next";
"<leader>k" = "goto_prev";
};
};
servers = {
cssls.enable = true;
nil_ls.enable = true; # NixOS
dockerls.enable = true;
rust_analyzer = {
enable = false;
installCargo = false;
installRustc = false;
};
pyright.enable = true;
pylsp = {
enable = true;
settings.plugins = {
black = {
enabled = true;
cache_config = true;
};
pycodestyle = {
maxLineLength = 100;
};
};
};
elixirls.enable = true;
clangd.enable = true;
yamlls.enable = true;
lua_ls.enable = true;
tinymist = {
enable = true;
rootMarkers = [ "main.typ" ];
onAttach.function = ''
vim.keymap.set("n", "<leader>tp", function()
client:exec_cmd({
title = "pin",
command = "tinymist.pinMain",
arguments = { vim.api.nvim_buf_get_name(0) },
}, { bufnr = bufnr })
end, { desc = "[T]inymist [P]in", noremap = true })
vim.keymap.set("n", "<leader>tu", function()
client:exec_cmd({
title = "unpin",
command = "tinymist.pinMain",
arguments = { vim.v.null },
}, { bufnr = bufnr })
end, { desc = "[T]inymist [U]npin", noremap = true })
'';
settings = {
formatterMode = "typstyle"; # or "typstfmt"
};
};
};
};
trouble.enable = true;
lspkind.enable = true;
lspsaga = {
enable = true;
lightbulb.enable = false;
};
nvim-lightbulb = {
enable = true;
settings = {
autocmd.enabled = true;
number.enabled = true;
};
};
none-ls = {
enable = true;
sources = {
formatting = {
nixfmt = {
enable = true;
package = pkgs.nixfmt-rfc-style;
};
};
};
};
};
}

48
common/hm-modules/nvim/lua/obsidian_picker.lua
View file

@ -1,48 +0,0 @@
local pickers = require "telescope.pickers"
local finders = require "telescope.finders"
local conf = require("telescope.config").values
local actions = require("telescope.actions")
local action_state = require("telescope.actions.state")
local obsidian_commands = require("obsidian.commands").commands
local results = {}
for key, _ in pairs(obsidian_commands) do
table.insert(results, string.sub(key, 9))
end
Local = 100
local Local = 3
print(Local)
local obsidian_picker = function(opts)
opts = opts or require("telescope.themes").get_dropdown{}
pickers.new(opts, {
prompt_title = "Obsidian",
finder = finders.new_table {
results = results,
-- entry_maker = function(entry)
-- return {
-- value = entry,
-- display = entry[1],
-- ordinal = entry[1],
-- }
-- end
},
sorter = conf.generic_sorter(opts),
attach_mappings = function(prompt_bufnr, map)
actions.select_default:replace(function()
actions.close(prompt_bufnr)
local selection = action_state.get_selected_entry()
vim.cmd(':Obsidian' .. selection[1])
end)
return true
end,
}):find()
end
-- obsidian_picker()
return {
obsidian_picker = obsidian_picker
}

75
common/hm-modules/nvim/lua/startup/themes/my_theme.lua
View file

@ -1,75 +0,0 @@
local settings = {
-- every line should be same width without escaped \
header = {
type = "text",
oldfiles_directory = false,
align = "center",
fold_section = false,
title = "Header",
margin = 5,
content = {
" ███╗ ██╗ ███████╗ ██████╗ ██╗ ██╗ ██╗ ███╗ ███╗",
" ████╗ ██║ ██╔════╝██╔═══██╗ ██║ ██║ ██║ ████╗ ████║",
" ██╔██╗ ██║ █████╗ ██║ ██║ ██║ ██║ ██║ ██╔████╔██║",
" ██║╚██╗██║ ██╔══╝ ██║ ██║ ╚██╗ ██╔╝ ██║ ██║╚██╔╝██║",
" ██║ ╚████║ ███████╗╚██████╔╝ ╚████╔╝ ██║ ██║ ╚═╝ ██║",
" ╚═╝ ╚═══╝ ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝ ╚═╝",
},
highlight = "Statement",
default_color = "",
oldfiles_amount = 0,
},
-- name which will be displayed and command
body = {
type = "mapping",
oldfiles_directory = false,
align = "center",
fold_section = false,
title = "Basic Commands",
margin = 5,
content = {
{ " Find File", "Telescope find_files", "<leader>ff"},
{ "󰍉 Find Word ", "Telescope live_grep", "<leader>fg"},
{ " Recent Files", "Telescope oldfiles", "<leader>fo"},
{ " File Browser", "Telescope file_browser", "<leader>fs"},
{ " New File", "lua require'startup'.new_file()", "<leader>nf"},
},
highlight = "String",
default_color = "",
oldfiles_amount = 0,
},
footer = {
type = "text",
oldfiles_directory = false,
align = "center",
fold_section = false,
title = "Footer",
margin = 5,
content = { "bottom text" },
highlight = "Number",
default_color = "",
oldfiles_amount = 0,
},
options = {
mapping_keys = true,
cursor_column = 0.5,
empty_lines_between_mappings = true,
disable_statuslines = true,
paddings = { 1, 3, 3, 0 },
},
mappings = {
execute_command = "<CR>",
open_file = "o",
open_file_split = "<c-o>",
open_section = "<TAB>",
open_help = "?",
},
colors = {
background = "#1f2227",
folded_section = "#56b6c2",
},
parts = { "header", "body", "footer" },
}
return settings

35
common/hm-modules/nvim/obsidian_picker.lua
View file

@ -1,35 +0,0 @@
local pickers = require "telescope.pickers"
local finders = require "telescope.finders"
local conf = require("telescope.config").values
local actions = require("telescope.actions")
local action_state = require("telescope.actions.state")
local obsidian_commands = require("obsidian.commands").commands
local results = {}
for key, _ in pairs(obsidian_commands) do
table.insert(results, string.sub(key, 9))
end
local obsidian_picker = function(opts)
opts = opts or require("telescope.themes").get_dropdown {}
pickers.new(opts, {
prompt_title = "Obsidian",
finder = finders.new_table {
results = results,
},
sorter = conf.generic_sorter(opts),
attach_mappings = function(prompt_bufnr, map)
actions.select_default:replace(function()
actions.close(prompt_bufnr)
local selection = action_state.get_selected_entry()
vim.cmd(':Obsidian' .. selection[1])
end)
return true
end,
}):find()
end
return {
obsidian_picker = obsidian_picker
}

41
common/hm-modules/rust.nix
View file

@ -1,41 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.programs.v.rust;
in
{
options.programs.v.rust.enable = mkEnableOption "rust";
config = mkIf cfg.enable {
home = {
packages = with pkgs; [
bacon
rustup
cargo-binutils
cargo-nextest
cargo-msrv
cargo-dist
cargo-cross
cargo-generate
];
file.".cargo/config.toml".text = ''
[registries.crates-io]
protocol = "sparse"
[build]
rustc-wrapper = "${pkgs.sccache}/bin/sccache"
[profile.rust-analyzer]
inherits = "dev"
'';
sessionPath = [ "$HOME/.cargo/bin" ];
};
};
}

115
common/hm-modules/vscode.nix
View file

@ -1,115 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.programs.v.vscode;
in
{
options.programs.v.vscode = {
enable = mkEnableOption "vscode";
};
config = mkIf cfg.enable {
programs.vscode = {
enable = true;
package = pkgs.vscode;
profiles.default = {
userSettings = {
"ltex.language" = "en-GB";
"latex-workshop.linting.chktex.enabled" = true;
"latex-workshop.latex.clean.subfolder.enabled" = true;
"latex-workshop.latex.outDir" = "%TMPDIR%/%RELATIVE_DOC%";
"editor.fontFamily" = "'DejaVuSansMono Nerd Font', 'monospace', monospace";
"keyboard.dispatch" = "keyCode";
"rust-analyzer.server.path" = "${pkgs.rust-analyzer}/bin/rust-analyzer";
"rust-analyzer.check.extraArgs" = [
"--profile"
"rust-analyzer"
];
"rust-analyzer.check.command" = "clippy";
"terminal.integrated.defaultProfile.linux" = "zsh";
"nix.enableLanguageServer" = true; # Enable LSP.
"nix.serverPath" = "${pkgs.nil}/bin/nil";
"[nix]" = {
"editor.defaultFormatter" = "brettm12345.nixfmt-vscode";
};
"[python]" = {
"editor.formatOnType" = true;
};
"debug.allowBreakpointsEverywhere" = true;
"C_Cpp.clang_format_fallbackStyle" = "{ BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 0}";
# "crates.compatibleDecorator" = "✓";
# "crates.errorDecorator" = "✗";
# "crates.incompatibleDecorator" = "🛇";
# Verilog
"verilog.formatting.verilogHDL.formatter" = "verible-verilog-format";
"verilog.languageServer.svls.enabled" = true;
"verilog.languageServer.svls.path" = "${pkgs.svls}/bin/svls";
"verilog.languageServer.veribleVerilogLs.enabled" = true;
"verilog.languageServer.veribleVerilogLs.path" = "${pkgs.verible}/bin/verible-verilog-ls";
"verilog.formatting.veribleVerilogFormatter.path" = "${pkgs.verible}/bin/verible-verilog-format";
"verilog.linting.linter" = "verilator";
"verilog.linting.path" = "${pkgs.verilator}/bin/verilator";
"[verilog]" = {
"editor.defaultFormatter" = "mshr-h.veriloghdl";
};
# Don't index unecessary things
"files.exclude" = {
"**/.vscode" = true;
"**/.git" = true;
"**/.svn" = true;
"**/.hg" = true;
"**/.deps" = true;
"**/CVS" = true;
"**/.DS_Store" = true;
"/bin" = true;
"/boot" = true;
"/cdrom" = true;
"/dev" = true;
"/proc" = true;
"/etc" = true;
"/nix" = true;
};
};
extensions = with pkgs.vscode-extensions; [
brettm12345.nixfmt-vscode
# catppuccin.catppuccin-vsc
codezombiech.gitignore
codezombiech.gitignore
davidlday.languagetool-linter
editorconfig.editorconfig
foxundermoon.shell-format
github.copilot
github.copilot-chat
github.vscode-github-actions
james-yu.latex-workshop
jnoortheen.nix-ide
mkhl.direnv
ms-vscode-remote.remote-ssh
ms-vscode.cpptools
ms-vsliveshare.vsliveshare
mshr-h.veriloghdl
# platformio.platformio-ide
redhat.vscode-xml
redhat.vscode-yaml
rust-lang.rust-analyzer
skellock.just
sumneko.lua
tamasfe.even-better-toml
vadimcn.vscode-lldb
vadimcn.vscode-lldb
valentjn.vscode-ltex
vscodevim.vim
xaver.clang-format
continue.continue
];
};
};
};
}

11
common/modules/default.nix
View file

@ -1,11 +0,0 @@
{ ... }: {
imports = [
./meta.nix
./nginx.nix
./dns.nix
./flood.nix
./gnome
./unpackerr.nix
./vault.nix
];
}

166
common/modules/gnome/hm.nix
View file

@ -1,166 +0,0 @@
{ lib, pkgs, ... }:
with lib.hm.gvariant;
let
inherit (builtins) attrNames map;
inherit (lib.attrsets) mapAttrs' nameValuePair;
generate_custom_keybindings =
binds:
{
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = map (
name: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}/"
) (attrNames binds);
};
}
// mapAttrs' (
name: nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}"
) binds;
in
{
xdg.mimeApps.enable = true;
xdg.mimeApps.defaultApplications = {
"text/plain" = "org.gnome.TextEditor.desktop";
"application/pdf" = "org.gnome.Evince.desktop";
# Firefox
"text/html" = "firefox.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/chrome" = "firefox.desktop";
"application/x-extension-htm" = "firefox.desktop";
"application/x-extension-shtml" = "firefox.desktop";
"application/xhtml+xml" = "firefox.desktop";
"application/x-extension-xhtml" = "firefox.desktop";
"application/x-extension-xht" = "firefox.desktop";
"application/x-extension-html" = "firefox.desktop";
# Images
"image/bmp" = "org.gnome.Loupe.desktop";
"image/gif" = "org.gnome.Loupe.desktop";
"image/jpg" = "org.gnome.Loupe.desktop";
"image/pjpeg" = "org.gnome.Loupe.desktop";
"image/png" = "org.gnome.Loupe.desktop";
"image/tiff" = "org.gnome.Loupe.desktop";
"image/webp" = "org.gnome.Loupe.desktop";
"image/x-bmp" = "org.gnome.Loupe.desktop";
"image/x-gray" = "org.gnome.Loupe.desktop";
"image/x-icb" = "org.gnome.Loupe.desktop";
"image/x-ico" = "org.gnome.Loupe.desktop";
"image/x-png" = "org.gnome.Loupe.desktop";
"image/x-portable-anymap" = "org.gnome.Loupe.desktop";
"image/x-portable-bitmap" = "org.gnome.Loupe.desktop";
"image/x-portable-graymap" = "org.gnome.Loupe.desktop";
"image/x-portable-pixmap" = "org.gnome.Loupe.desktop";
"image/x-xbitmap" = "org.gnome.Loupe.desktop";
"image/x-xpixmap" = "org.gnome.Loupe.desktop";
"image/x-pcx" = "org.gnome.Loupe.desktop";
"image/svg+xml" = "org.gnome.Loupe.desktop";
"image/svg+xml-compressed" = "org.gnome.Loupe.desktop";
"image/vnd.wap.wbmp" = "org.gnome.Loupe.desktop";
"image/x-icns" = "org.gnome.Loupe.desktop";
};
dconf.settings =
{
"org/gnome/shell" = {
disable-user-extensions = false;
enabled-extensions = with pkgs.gnomeExtensions; [
auto-move-windows.extensionUuid
];
};
# "org/gnome/shell/extensions/auto-move-windows" = {
# application-list = [
# "element-desktop.desktop:1"
# "discord.desktop:1"
# "firefox.desktop:2"
# "obsidian.desktop:3"
# ];
# };
"org/gnome/desktop/input-sources" = {
sources = [
(mkTuple [
"xkb"
"us+altgr-intl"
])
];
xkb-options = [ "terminate:ctrl_alt_bksp" ];
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/mutter" = {
attach-modal-dialogs = true;
dynamic-workspaces = false;
edge-tiling = true;
focus-change-on-pointer-rest = true;
workspaces-only-on-primary = true;
};
"org/gnome/mutter/keybindings" = {
toggle-tiled-left = [ "<Super>bracketleft" ];
toggle-tiled-right = [ "<Super>bracketright" ];
};
"org/gnome/shell/keybindings" = {
toggle-overview = [ "<Super>d" ];
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
"org/gnome/desktop/wm/preferences" = {
auto-raise = false;
num-workspaces = 6;
focus-mode = "sloppy";
};
"org/gnome/desktop/wm/keybindings" = {
raise-or-lower = [ "<Super>s" ];
switch-applications = [ "<Super>Tab" ];
switch-applications-backward = [ "<Super>Tab" ];
move-to-workspace-1 = [ "<Shift><Super>1" ];
move-to-workspace-2 = [ "<Shift><Super>2" ];
move-to-workspace-3 = [ "<Shift><Super>3" ];
move-to-workspace-4 = [ "<Shift><Super>4" ];
move-to-workspace-5 = [ "<Shift><Super>5" ];
move-to-workspace-6 = [ "<Shift><Super>6" ];
switch-to-workspace-1 = [ "<Super>1" ];
switch-to-workspace-2 = [ "<Super>2" ];
switch-to-workspace-3 = [ "<Super>3" ];
switch-to-workspace-4 = [ "<Super>4" ];
switch-to-workspace-5 = [ "<Super>5" ];
switch-to-workspace-6 = [ "<Super>6" ];
toggle-fullscreen = [ "<Super><Shift>M" ];
toggle-maximized = [ "<Super>m" ];
close = [ "<Super>Q" ];
};
"org/gnome/tweaks" = {
show-extensions-notice = false;
};
"org/gnome/boxes" = {
first-run = false;
};
}
// generate_custom_keybindings {
"terminal" = {
binding = "<Super>Return";
command = "${pkgs.kitty}/bin/kitty";
name = "Open Terminal";
};
"firefox" = {
binding = "<Super>f";
command = "firefox";
name = "Open Firefox";
};
};
}

89
common/modules/meta.nix
View file

@ -1,89 +0,0 @@
{ lib, config, ... }:
with lib;
let
exposesOpts = {
options = {
domain = mkOption {
type = types.str;
example = "<name>.example.com";
description = lib.mdDoc ''
The domain under which this service should be available
'';
};
port = mkOption {
type = types.int;
default = 80;
example = 4242;
description = lib.mdDoc ''
The port under which the service runs on the host
'';
};
};
};
in {
options.meta = {
exposes = mkOption {
type = with types; attrsOf (submodule exposesOpts);
default = { };
description = ''
Exposed services
'';
};
ipv4 = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Host's IPv4 Address
'';
};
ipv6 = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Host's IPv6 address
'';
};
mac = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Own MAC Address
'';
};
isLaptop = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Is this host a Laptop (i.e. no DNS entries should be made).
'';
};
realm = mkOption {
readOnly = true;
type = types.nullOr (types.enum [ "thalassa" "hades" "olympus" ]);
default = config.networking.domain;
defaultText = literalExpression "config.network.domain";
};
};
config = {
# TODO: Open Firewall
assertions = [
# {
# assertion = config.meta.mac != null;
# message =
# "${config.networking.fqdnOrHostName} is missing a mac address";
# }
# {
# assertion = !config.meta.isLaptop -> config.meta.ipv4 != null;
# message =
# "${config.networking.fqdnOrHostName} needs ipv4 address set as it is not a laptop";
# }
];
};
}

955
flake.lock generated
View file

File diff suppressed because it is too large Load diff

241
flake.nix
View file

@ -6,7 +6,7 @@
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable"; nixpkgs.url = "nixpkgs/nixos-unstable";
flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus"; nixpkgs_stable.url = "nixpkgs/nixos-23.05";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
colmena.url = "github:zhaofengli/colmena"; colmena.url = "github:zhaofengli/colmena";
deploy.url = "github:serokell/deploy-rs"; deploy.url = "github:serokell/deploy-rs";
@ -17,7 +17,13 @@
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
mailserver.url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git"; riff.url = "github:DeterminateSystems/riff";
webcord.url = "github:fufexan/webcord-flake";
comma.url = "github:nix-community/comma";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
mailserver.inputs.nixpkgs.follows = "nixpkgs"; mailserver.inputs.nixpkgs.follows = "nixpkgs";
nixvim.url = "github:pta2002/nixvim"; nixvim.url = "github:pta2002/nixvim";
@ -27,172 +33,127 @@
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
lanzaboote.url = "github:nix-community/lanzaboote"; lanzaboote = {
lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; url = "github:nix-community/lanzaboote";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
vault-unseal.url = "git+https://git.0x76.dev/v/vault-unseal.git"; vault-unseal.url = "git+https://git.0x76.dev/v/vault-unseal.git";
vault-unseal.inputs.nixpkgs.follows = "nixpkgs";
gnome-autounlock-keyring.url = "git+https://git.0x76.dev/v/gnome-autounlock-keyring.git"; gnome-autounlock-keyring.url = "git+https://git.0x76.dev/v/gnome-autounlock-keyring.git";
t.url = "github:jdonszelmann/t-rs"; # Website(s)
t.inputs.nixpkgs.follows = "nixpkgs";
attic.url = "github:zhaofengli/attic";
attic.inputs.nixpkgs.follows = "nixpkgs";
catppuccin.url = "github:catppuccin/nix";
essentials.url = "github:jdonszelmann/essentials"; essentials.url = "github:jdonszelmann/essentials";
essentials.inputs.nixpkgs.follows = "nixpkgs";
autostart.url = "github:Zocker1999NET/home-manager-xdg-autostart";
hyprland-qtutils.url = "github:hyprwm/hyprland-qtutils";
}; };
outputs = outputs =
{ { self
self, , nixpkgs
nixpkgs, , nixpkgs_stable
flake-utils-plus, , vault-secrets
nur, , colmena
attic, , nixos-generators
deploy, , nur
home-manager, , deploy
gnome-autounlock-keyring, , ...
lanzaboote,
t,
catppuccin,
...
}@inputs: }@inputs:
let let
pkgs = self.pkgs.x86_64-linux.nixpkgs; inherit (nixpkgs) lib;
util = import ./nixos/util.nix inputs;
inherit (util) hosts flat_hosts nixHosts;
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [ (import ./nixos/pkgs) vault-secrets.overlays.default nur.overlay ];
};
pkgs_stable = import nixpkgs_stable {
inherit system;
config.allowUnfree = true;
};
# Define args each module gets access to (access to hosts is useful for DNS/DHCP)
specialArgs = { inherit hosts flat_hosts inputs pkgs_stable; };
# Script to apply local colmena deployments
apply-local = pkgs.writeShellScriptBin "apply-local" '' apply-local = pkgs.writeShellScriptBin "apply-local" ''
nh os switch --ask "${
colmena.packages.${system}.colmena
}"/bin/colmena apply-local --sudo $@
'';
fast-repl = pkgs.writeShellScriptBin "fast-repl" ''
source /etc/set-environment
nix repl --file "${./.}/repl.nix" $@
''; '';
in in
flake-utils-plus.lib.mkFlake { {
# `self` and `inputs` arguments are required # Make the nixosConfigurations for compat reasons (e.g. vault)
inherit self inputs; nixosConfigurations =
(import (inputs.colmena + "/src/nix/hive/eval.nix") {
rawFlake = self;
colmenaOptions =
import (inputs.colmena + "/src/nix/hive/options.nix");
colmenaModules =
import (inputs.colmena + "/src/nix/hive/modules.nix");
}).nodes;
# Supported systems, used for packages, apps, devShell and multiple other definitions. Defaults to `flake-utils.lib.defaultSystems`. # Make the colmena configuration
supportedSystems = [ "x86_64-linux" ]; colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el)
{
# Channels config meta = {
channelsConfig = { inherit specialArgs;
allowUnfree = true; nixpkgs = pkgs;
permittedInsecurePackages = [ "electron" ];
}; };
sharedOverlays = [ }
(import ./pkgs) nixHosts;
nur.overlays.default colmenaHive = colmena.lib.makeHive self.outputs.colmena;
];
# host defaults packages.${system} = {
hostDefaults = { inherit apply-local;
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
gnome-autounlock-keyring.nixosModules.default
catppuccin.nixosModules.catppuccin
./common
];
specialArgs = { default = colmena.packages.${system}.colmena;
inherit self inputs home-manager;
proxmox-lxc = nixos-generators.nixosGenerate {
inherit system specialArgs;
format = "proxmox-lxc";
modules = util.base_imports
++ [ (import ./nixos/templates/proxmox-lxc.nix) ];
};
# Broken
proxmox-vm = nixos-generators.nixosGenerate {
inherit system specialArgs;
format = "proxmox";
modules = util.base_imports
++ [ (import ./nixos/templates/proxmox-vm.nix) ];
}; };
}; };
# hosts # Use by running `nix develop`
hosts = { devShells.${system}.default = pkgs.mkShell {
"olympus.bastion" = {
modules = [
./common/generic-vm.nix
./hosts/olympus/bastion
];
};
aoife = {
modules = [
lanzaboote.nixosModules.lanzaboote
./common/desktop
./hosts/thalassa/aoife
];
};
eevee = {
modules = [
./common/desktop
./hosts/olympus/eevee
];
};
};
# deploy-rs
deploy = {
user = "root";
nodes = {
"bastion-olympus" = {
hostname = "bastion.olympus";
fastConnection = true;
remoteBuild = true;
profiles = {
system = {
path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations."olympus.bastion";
};
};
};
aoife = {
remoteBuild = true;
fastConnection = true;
hostname = "aoife";
profiles.system.path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations.aoife;
};
eevee = {
fastConnection = true;
hostname = "eevee.olympus";
profiles.system.path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations.eevee;
};
};
};
# Outputs
outputsBuilder = channels: {
devShells.default = channels.nixpkgs.mkShell {
name = "devShell";
VAULT_ADDR = "http://vault.olympus:8200/"; VAULT_ADDR = "http://vault.olympus:8200/";
NH_FLAKE = "/home/vivian/src/infrastructure-new"; buildInputs = with pkgs; [
packages = with pkgs; [
# attic.packages.${system}.attic
apply-local apply-local
colmena.packages.${system}.colmena
deploy.packages.${system}.deploy-rs deploy.packages.${system}.deploy-rs
cachix
deadnix deadnix
statix statix
# vault nixpkgs-fmt
nil
vault
yamllint yamllint
jq jq
fup-repl (vault-push-approle-envs self { })
nh (vault-push-approles self { })
nixfmt-rfc-style fast-repl
]; ];
}; };
}; };
# Checks
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib // {
x86_64-linux.mac = pkgs.stdenvNoCC.mkDerivation {
name = "mac check";
src = self;
dontBuild = true;
doCheck = true;
checkPhase = ''
echo "Hello World"
'';
installPhase = "mkdir $out";
};
};
};
} }

1
flux/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
old_cluster

12
flux/README.md Normal file
View file

@ -0,0 +1,12 @@
# Kubernetes Cluster
This is my personal Kubernetes Cluster. [Flux] watches this git repo and reconciles and changes made to the cluster.
## Bootstrap
```sh
flux bootstrap git --url ssh://gitea@git.0x76.dev:42/v/infrastructure.git --branch=main --path=flux/olympus/base --ssh-key-algorithm=ed25519
```
## References
Heavily inspired by: [onedr0p's cluster](https://github.com/onedr0p/home-cluster)
[Flux]: https://github.com/fluxcd/flux2

15
flux/olympus/apps/flux-system/external-secret.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: weave-gitops
namespace: flux-system
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: oidc-auth
dataFrom:
- extract:
key: flux-system/weave-gitops

6
flux/olympus/apps/flux-system/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- rbac.yaml
- external-secret.yaml
- weave-gitops-dashboard.yaml

76
flux/olympus/apps/flux-system/rbac.yaml Normal file
View file

@ -0,0 +1,76 @@
---
# Admin cluster role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: weave-admin
rules:
# Flux Resources
- apiGroups: ["kustomize.toolkit.fluxcd.io"]
resources: ["kustomizations"]
verbs: ["get", "list", "patch"]
- apiGroups: ["helm.toolkit.fluxcd.io"]
resources: ["helmreleases"]
verbs: ["get", "list", "patch"]
- apiGroups: ["source.toolkit.fluxcd.io"]
resources:
[
"buckets",
"helmcharts",
"gitrepositories",
"helmrepositories",
"ocirepositories",
]
verbs: ["get", "list", "patch"]
- apiGroups: ["notification.toolkit.fluxcd.io"]
resources: ["providers", "alerts"]
verbs: ["get", "list"]
- apiGroups: ["infra.contrib.fluxcd.io"]
resources: ["terraforms"]
verbs: ["get", "list", "patch"]
# Resources managed via Flux
- apiGroups: [""]
resources:
[
"configmaps",
"secrets",
"pods",
"services",
"namespaces",
"persistentvolumes",
"persistentvolumeclaims",
]
verbs: ["get", "list"]
- apiGroups: ["apps"]
resources: ["deployments", "replicasets", "statefulsets"]
verbs: ["get", "list"]
- apiGroups: ["batch"]
resources: ["jobs", "cronjobs"]
verbs: ["get", "list"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["get", "list"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles", "clusterroles", "rolebindings", "clusterrolebindings"]
verbs: ["get", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list"]
# Feedback
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "watch", "list"]
---
# Bind the cluster admin role to admins
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: weave-admin
subjects:
- kind: User
name: "victor@xirion.net"
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: weave-admin
apiGroup: rbac.authorization.k8s.io

48
flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml Normal file
View file

@ -0,0 +1,48 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
annotations:
metadata.weave.works/description: This is the source location for the Weave GitOps
Dashboard's helm chart.
labels:
app.kubernetes.io/component: ui
app.kubernetes.io/created-by: weave-gitops-cli
app.kubernetes.io/name: weave-gitops-dashboard
app.kubernetes.io/part-of: weave-gitops
name: ww-gitops
namespace: flux-system
spec:
interval: 1h0m0s
type: oci
url: oci://ghcr.io/weaveworks/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
annotations:
metadata.weave.works/description: This is the Weave GitOps Dashboard. It provides
a simple way to get insights into your GitOps workloads.
name: ww-gitops
namespace: flux-system
spec:
chart:
spec:
chart: weave-gitops
sourceRef:
kind: HelmRepository
name: ww-gitops
interval: 1h0m0s
values:
ingress:
enabled: true
hosts:
- host: flux.0x76.dev
paths:
- path: /
pathType: ImplementationSpecific
adminUser:
create: true
passwordHash: $2a$10$uIY/YYe.CcRerpVvfk04muX86hLfXRH.K6jATZaVPqp.bnUIu/bsC
username: admin

6
flux/olympus/apps/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- flux-system
- services
- websites

4
flux/olympus/apps/services/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- renovate

57
flux/olympus/apps/services/renovate/config.yaml Normal file
View file

@ -0,0 +1,57 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: renovate
namespace: services
data:
config.js: |-
module.exports = {
"binarySource": "install",
"repositories": ["v/infrastructure"],
"flux": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"helm-values": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"kubernetes": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"hostRules": [
{
"hostType": "docker",
"matchHost": "ghcr.io",
"username": "NULLx76",
"password": process.env.GITHUB_COM_TOKEN
}
],
"packageRules": [
{
"automerge": true,
"automergeType": "branch",
"matchUpdateTypes": ["minor", "patch", "pin", "digest"],
"matchPackageNames": [
"renovate/renovate"
],
"matchPackagePrefixes": [
"git.0x76.dev"
]
}
],
// ignore individual fluxcd images
"ignoreDeps": [
"ghcr.io/fluxcd/helm-controller",
"ghcr.io/fluxcd/image-automation-controller",
"ghcr.io/fluxcd/image-reflector-controller",
"ghcr.io/fluxcd/kustomize-controller",
"ghcr.io/fluxcd/notification-controller",
"ghcr.io/fluxcd/source-controller"
],
"regexManagers": [
{
"fileMatch": [".+\\.nix"],
"matchStrings": ["image\\s*=\\s*\"(?<depName>.*?):(?<currentValue>.*?)\"\\s*;\\s*"],
"datasourceTemplate": "docker"
}
]
};

46
flux/olympus/apps/services/renovate/cronjob.yaml Normal file
View file

@ -0,0 +1,46 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: renovate
namespace: services
spec:
# Run every 8 hours
schedule: "0 */8 * * *"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
volumes:
- name: config-volume
configMap:
name: renovate
- name: work-volume
emptyDir: {}
containers:
- name: renovate
image: renovate/renovate:37.67.3
volumeMounts:
- name: config-volume
mountPath: /opt/renovate/
- name: work-volume
mountPath: /tmp/renovate/
env:
- name: LOG_LEVEL
value: debug
- name: RENOVATE_ENDPOINT
value: "https://git.0x76.dev/api/v1/"
- name: RENOVATE_PLATFORM
value: gitea
- name: RENOVATE_AUTODISCOVER
value: "false"
- name: RENOVATE_GIT_AUTHOR
value: "Renovate Bot <renovate@xirion.net>"
- name: RENOVATE_CONFIG_FILE
value: "/opt/renovate/config.js"
- name: RENOVATE_BASE_DIR
value: "/tmp/renovate"
envFrom:
- secretRef:
name: renovate
restartPolicy: Never

21
flux/olympus/apps/services/renovate/external-secret.yaml Normal file
View file

@ -0,0 +1,21 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: renovate
namespace: services
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: renovate
data:
- secretKey: RENOVATE_TOKEN
remoteRef:
key: gitops/renovate
property: gitea_token
- secretKey: GITHUB_COM_TOKEN
remoteRef:
key: gitops/renovate
property: github_token

6
flux/olympus/apps/services/renovate/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secret.yaml
- config.yaml
- cronjob.yaml

52
flux/olympus/apps/websites/0x76.yaml Normal file
View file

@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: x76dev
namespace: websites
labels:
app: x76dev
spec:
replicas: 1
selector:
matchLabels:
app: x76dev
template:
metadata:
labels:
app: x76dev
spec:
containers:
- name: x76dev
image: git.0x76.dev/v/0x76.dev:5
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: x76dev
namespace: websites
spec:
selector:
app: x76dev
ports:
- protocol: TCP
port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: x76dev
namespace: websites
spec:
rules:
- host: "0x76.dev"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: x76dev
port:
number: 80

52
flux/olympus/apps/websites/blog.yaml Normal file
View file

@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: blog
namespace: websites
labels:
app: blog
spec:
replicas: 1
selector:
matchLabels:
app: blog
template:
metadata:
labels:
app: blog
spec:
containers:
- name: blog
image: git.0x76.dev/v/blog.xirion.net:5
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: blog
namespace: websites
spec:
selector:
app: blog
ports:
- protocol: TCP
port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: blog
namespace: websites
spec:
rules:
- host: "blog.xirion.net"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: blog
port:
number: 8080

52
flux/olympus/apps/websites/internal.yaml Normal file
View file

@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: internal
namespace: websites
labels:
app: internal
spec:
replicas: 1
selector:
matchLabels:
app: internal
template:
metadata:
labels:
app: internal
spec:
containers:
- name: internal
image: git.0x76.dev/v/internal.xirion.net:1
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: internal
namespace: websites
spec:
selector:
app: internal
ports:
- protocol: TCP
port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: internal
namespace: websites
spec:
rules:
- host: "internal.xirion.net"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: internal
port:
number: 8080

9
flux/olympus/apps/websites/kustomization.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
namespace: websites
resources:
- 0x76.yaml
- internal.yaml
- blog.yaml
- xirion.yaml

52
flux/olympus/apps/websites/xirion.yaml Normal file
View file

@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: xirion
namespace: websites
labels:
app: xirion
spec:
replicas: 1
selector:
matchLabels:
app: xirion
template:
metadata:
labels:
app: xirion
spec:
containers:
- name: xirion
image: git.0x76.dev/v/xirion.net:2
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: xirion
namespace: websites
spec:
selector:
app: xirion
ports:
- protocol: TCP
port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: xirion
namespace: websites
spec:
rules:
- host: "xirion.net"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: xirion
port:
number: 80

15
flux/olympus/base/apps.yaml Normal file
View file

@ -0,0 +1,15 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: apps
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: core
path: ./flux/olympus/apps
prune: true
sourceRef:
kind: GitRepository
name: flux-system

13
flux/olympus/base/core.yaml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: core
namespace: flux-system
spec:
interval: 10m0s
path: ./flux/olympus/core
prune: true
sourceRef:
kind: GitRepository
name: flux-system

8029
flux/olympus/base/flux-system/gotk-components.yaml Normal file
View file

File diff suppressed because it is too large Load diff

27
flux/olympus/base/flux-system/gotk-sync.yaml Normal file
View file

@ -0,0 +1,27 @@
# This manifest was generated by flux. DO NOT EDIT.
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 1m0s
ref:
branch: main
secretRef:
name: flux-system
url: ssh://gitea@git.0x76.dev:42/v/infrastructure.git
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 10m0s
path: ./flux/olympus/base
prune: true
sourceRef:
kind: GitRepository
name: flux-system

6
flux/olympus/base/flux-system/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml
- repositories

8
flux/olympus/base/flux-system/repositories/helm/external-secrets.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: external-secrets
namespace: flux-system
spec:
interval: 1h
url: https://charts.external-secrets.io

5
flux/olympus/base/flux-system/repositories/helm/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secrets.yaml

5
flux/olympus/base/flux-system/repositories/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm

1
flux/olympus/core/external-secrets/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
vault-secret-id.yaml

29
flux/olympus/core/external-secrets/helm-release.yaml Normal file
View file

@ -0,0 +1,29 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: external-secrets
namespace: security
spec:
interval: 30m
chart:
spec:
chart: external-secrets
version: 0.9.9
interval: 30m
sourceRef:
kind: HelmRepository
name: external-secrets
namespace: flux-system
values:
installCRDs: true
replicaCount: 1
leaderElect: true
# serviceMonitor:
# enabled: true
# webhook:
# serviceMonitor:
# enabled: true
# certController:
# serviceMonitor:
# enabled: true

5
flux/olympus/core/external-secrets/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- vault-secret-store.yaml

7
flux/olympus/core/external-secrets/vault-secret-id.example.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: vault-secret-id
namespace: security
data:
secret-id: XXXXXX # Obtain by `vault write -f auth/approle/role/external-secrets/secret-id`

27
flux/olympus/core/external-secrets/vault-secret-store.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: vault
namespace: security
spec:
provider:
vault:
server: "http://vault.olympus:8200"
path: "k8s"
version: "v2"
auth:
# VaultAppRole authenticates with Vault using the
# App Role auth mechanism
# https://www.vaultproject.io/docs/auth/approle
appRole:
# Path where the App Role authentication backend is mounted
path: "approle"
# RoleID configured in the App Role authentication backend
# `vault read auth/approle/role/external-secrets/role-id`
roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0"
# Reference to a key in a K8 Secret that contains the App Role SecretId
# (not commited in git)
secretRef:
name: "vault-secret-id"
namespace: "security"
key: "secret-id"

5
flux/olympus/core/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespaces
- external-secrets

6
flux/olympus/core/namespaces/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- websites.yaml
- security.yaml
- services.yaml

4
flux/olympus/core/namespaces/security.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: security

4
flux/olympus/core/namespaces/services.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: services

4
flux/olympus/core/namespaces/websites.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: websites

82
hosts/olympus/bastion/containers/default.nix
View file

@ -1,82 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
hostAddress = "10.42.99.1";
hostAddress6 = "fc00::1";
in
{
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "ens18";
# Lazy IPv6 connectivity for the container
enableIPv6 = true;
};
networking.firewall.allowedTCPPorts = [
8384
22000
];
networking.firewall.allowedUDPPorts = [
22000
21027
];
# Containers network is
# * 10.42.99.0/24
# * fc00:x
users.groups.backup = {
gid = 10000;
members = [ "vivian" ];
};
containers = {
syncthing = {
autoStart = true;
inherit hostAddress hostAddress6;
localAddress = "10.42.99.2";
localAddress6 = "fc00::2";
forwardPorts = [
{
containerPort = 8384;
hostPort = 8384;
protocol = "tcp";
}
];
bindMounts = {
"/data" = {
hostPath = "/mnt/backup";
isReadOnly = false;
};
};
specialArgs = {
inherit inputs;
};
config =
{ pkgs, ... }:
{
users.groups.backup = {
gid = 10000;
members = [ "syncthing" ];
};
imports = [
./common.nix
./syncthing.nix
inputs.home-manager.nixosModules.home-manager
inputs.gnome-autounlock-keyring.nixosModules.default
inputs.catppuccin.nixosModules.catppuccin
];
};
};
};
}

7
hosts/olympus/bastion/containers/dns.nix
View file

@ -1,7 +0,0 @@
{ ... }: {
services.v.dns = {
enable = true;
openFirewall = true;
mode = "server";
};
}

8
hosts/olympus/bastion/containers/syncthing.nix
View file

@ -1,8 +0,0 @@
{ ... }:
{
services.syncthing = {
enable = true;
openDefaultPorts = true;
guiAddress = "0.0.0.0:8384";
};
}

78
hosts/olympus/bastion/immich.nix
View file

@ -1,78 +0,0 @@
{ config, pkgs, ... }:
{
boot.kernel.sysctl = { "vm.overcommit_memory" = 1; };
virtualisation.oci-containers.backend = "docker";
virtualisation.docker.autoPrune.enable = true;
systemd.services.init-filerun-network-and-files = {
description = "Create the network bridge for Immich.";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script =
let
dockercli = "${config.virtualisation.docker.package}/bin/docker";
in
''
# immich-net network
check=$(${dockercli} network ls | grep "immich-net" || true)
if [ -z "$check" ]; then
${dockercli} network create immich-net
else
echo "immich-net already exists in docker"
fi
'';
};
virtualisation.oci-containers.containers = {
immich = {
autoStart = true;
image = "ghcr.io/imagegenius/immich:latest";
volumes = [
"/mnt/backup/immich/config:/config"
"/mnt/backup/immich/photos:/photos"
"/mnt/backup/replicated/photos:/replicated"
"/mnt/backup/immich/config/machine-learning:/config/machine-learning"
];
ports = [ "2283:8080" ];
environment = {
PUID = "1000";
PGID = "1000";
TZ = "Europe/Amsterdam"; # Change this to your timezone
DB_HOSTNAME = "postgres14";
DB_USERNAME = "postgres";
DB_PASSWORD = "postgres";
DB_DATABASE_NAME = "immich";
REDIS_HOSTNAME = "redis";
};
extraOptions = [
"--network=immich-net"
"--pull=always"
# "--gpus=all"
];
};
redis = {
autoStart = true;
image = "redis";
ports = [ "6379:6379" ];
extraOptions = [ "--network=immich-net" ];
};
postgres14 = {
autoStart = true;
image = "tensorchord/pgvecto-rs:pg14-v0.2.0";
ports = [ "5432:5432" ];
volumes = [ "pgdata:/var/lib/postgresql/data" ];
environment = {
POSTGRES_USER = "postgres";
POSTGRES_PASSWORD = "postgres";
POSTGRES_DB = "immich";
};
extraOptions = [ "--network=immich-net" ];
};
};
}

146
hosts/thalassa/aoife/69-probe-rs.rules
View file

@ -1,146 +0,0 @@
# Copy this file to /etc/udev/rules.d/
# If rules fail to reload automatically, you can refresh udev rules
# with the command "udevadm control --reload"
# This rules are based on the udev rules from the OpenOCD project, with unsupported probes removed.
# See http://openocd.org/ for more details.
#
# This file is available under the GNU General Public License v2.0
ACTION!="add|change", GOTO="probe_rs_rules_end"
SUBSYSTEM=="gpio", MODE="0660", GROUP="plugdev", TAG+="uaccess"
SUBSYSTEM!="usb|tty|hidraw", GOTO="probe_rs_rules_end"
# Please keep this list sorted by VID:PID
# STMicroelectronics ST-LINK V1
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3744", MODE="660", GROUP="plugdev", TAG+="uaccess"
# STMicroelectronics ST-LINK/V2
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="660", GROUP="plugdev", TAG+="uaccess"
# STMicroelectronics ST-LINK/V2.1
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3752", MODE="660", GROUP="plugdev", TAG+="uaccess"
# STMicroelectronics STLINK-V3
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374f", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3753", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3754", MODE="660", GROUP="plugdev", TAG+="uaccess"
# SEGGER J-Link
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0101", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0102", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0103", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0104", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0105", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0107", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0108", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1001", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1002", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1003", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1004", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1005", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1006", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1007", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1008", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1009", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100c", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100f", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1010", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1011", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1012", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1013", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1014", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1015", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1016", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1017", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1018", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1019", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101c", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101f", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1020", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1021", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1022", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1023", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1024", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1025", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1026", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1027", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1028", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1029", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102c", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102f", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1050", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1051", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1052", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1053", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1054", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1055", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1056", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1057", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1058", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1059", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105c", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105f", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1060", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1061", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1062", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1063", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1064", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1065", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1066", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1067", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1068", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1069", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106c", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106f", MODE="660", GROUP="plugdev", TAG+="uaccess"
# FT232H
ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6014", MODE="660", GROUP="plugdev", TAG+="uaccess"
# FT2232x
ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", MODE="660", GROUP="plugdev", TAG+="uaccess"
# FT4232H
ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", MODE="660", GROUP="plugdev", TAG+="uaccess"
# FTDI-based Olimex devices
ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x0003", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x0004", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x002a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x002b", MODE="660", GROUP="plugdev", TAG+="uaccess"
# Espressif USB JTAG/serial debug unit
ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1001", MODE="660", GROUP="plugdev", TAG+="uaccess"
# Espressif USB Bridge
ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1002", MODE="660", GROUP="plugdev", TAG+="uaccess"
# CMSIS-DAP compatible adapters
ATTRS{product}=="*CMSIS-DAP*", MODE="660", GROUP="plugdev", TAG+="uaccess"
# WCH Link (CMSIS-DAP compatible adapter)
ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="8011", MODE="660", GROUP="plugdev", TAG+="uaccess"
LABEL="probe_rs_rules_end"

83
hosts/thalassa/aoife/hardware.nix
View file

@ -1,83 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
pciutils
usbutils
lshw
];
boot = {
kernelParams = [
"amdgpu.dcdebugmask=0x10" # Disables partial screen refresh, fixes flicker
"kvm.enable_virt_at_load=0"
];
};
hardware = {
enableAllFirmware = true;
bluetooth.enable = true;
# OpenGL + Vulkan
graphics = {
enable = true;
extraPackages = with pkgs; [
mesa
];
};
amdgpu = {
initrd.enable = true;
opencl.enable = true;
# Temp disabled as it breaks GTK
# amdvlk.enable = true;
};
};
services = {
fwupd.enable = true;
hardware.bolt.enable = true;
fprintd = {
enable = true;
# fprintd test suite fails
package = pkgs.fprintd.overrideAttrs {
mesonCheckFlags = [
"--no-suite"
"fprintd:TestPamFprintd"
];
};
};
# Video Driver
xserver = {
# videoDrivers = [ "displaylink" ];
dpi = 280;
};
# SSD Trim
fstrim.enable = true;
# Power Management
upower.enable = true;
thermald.enable = true;
};
# hardware.trackpoint.enable = true;
# FS
fileSystems."/".options = [ "compress=zstd" ];
powerManagement = {
enable = true;
powertop.enable = true;
};
security = {
tpm2 = {
enable = true;
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
tctiEnvironment.enable = true;
};
}; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.vivian.extraGroups = [ "tss" ]; # tss group has access to TPM devices
}

46
hosts/thalassa/aoife/home/default.nix
View file

@ -1,46 +0,0 @@
{ pkgs, ... }: {
imports = [
./starship.nix
./hyprland.nix
];
# Custom dconf settings
dconf.settings."org/gnome/desktop/input-sources" = {
# xkb-options = [ "caps:swapescape" ];
};
programs.zsh.envExtra = ''
source ~/.zshrc.secrets
'';
home.packages = with pkgs; [
eduvpn-client
localsend
typst
];
programs.ssh.enable = true;
programs.ssh.matchBlocks = {
"student-linux.tudelft.nl" = {
user = "vroest";
};
"login.delftblue.tudelft.nl" = {
user = "vroest";
};
"cese01" = {
hostname = "cese01.ewi.tudelft.nl";
user = "vroest";
proxyJump = "student-linux.tudelft.nl";
};
"cese" = {
user = "root";
hostname = "10.0.3.121";
proxyJump = "cese01";
};
"bastion.olympus" = { };
"bastion.hades" = { };
};
}

12
hosts/thalassa/aoife/home/eww/scripts/getvol
View file

@ -1,12 +0,0 @@
#!/bin/sh
if command -v pamixer &>/dev/null; then
if [ true == $(pamixer --get-mute) ]; then
echo 0
exit
else
pamixer --get-volume
fi
else
amixer -D pulse sget Master | awk -F '[^0-9]+' '/Left:/{print $3}'
fi

333
hosts/thalassa/aoife/home/hyprland.nix
View file

@ -1,333 +0,0 @@
{
pkgs,
config,
inputs,
lib,
...
}:
let
terminal = "${config.programs.kitty.package}/bin/kitty -1";
in
{
imports = [
./waybar.nix
];
home.packages = with pkgs; [
hyprland-workspaces
inputs.gnome-autounlock-keyring.packages.${pkgs.system}.default
inputs.hyprland-qtutils.packages.${pkgs.system}.default
];
programs = {
rofi = {
enable = true;
package = pkgs.rofi-wayland;
theme = {
listview.columns = 1;
};
};
hyprlock = {
enable = true;
settings =
let
color = "rgba(242, 243, 244, 0.75)";
in
{
auth.fingerprint.enabled = true;
background = {
path = "screenshot";
blur_passes = 3;
};
};
};
# eww = {
# enable = true;
# configDir = ./eww;
# };
};
services = {
gnome-keyring.enable = true;
mako = {
enable = true;
settings.defaultTimeout = 5000;
};
hypridle = {
enable = true;
settings = {
general = {
lock_cmd = "pidof hyprlock || hyprlock";
before_sleep_cmd = "loginctl lock-session";
after_sleep_cmd = "hyprctl dispatch dpms on";
};
listener = [
{
timeout = 300; # 5 mins
on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -s set 10";
on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -r";
}
{
timeout = 300; # 5 mins
on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -sd tpacpi:kbd_backlight set 0";
on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -rd tpacpi::kbd_backlight";
}
{
timeout = 600; # 10 mins
on-timeout = "loginctl lock-session";
}
{
timeout = 1200; # 20 mins, screen off
on-timeout = "hyprctl dispatch dpms off";
on-resume = "hyprctl dispatch dpms on";
}
{
timeout = 2400; # 40 mins
on-timeout = "systemctl suspend";
}
];
};
};
hyprpaper =
let
wallpaper = ../../../../assets/wallpaper-nix-pink.png;
in
{
enable = true;
settings = {
preload = [ "${wallpaper}" ];
wallpaper = [ "eDP-1,${wallpaper}" ];
splash = false;
ipc = "off";
};
};
};
# Hack to ensure graphical dependent services start _after_ hyprland starts
# Needed as these services normally start after graphical-session-pre
systemd.user.services.hyprpaper.Unit.After = lib.mkForce "graphical-session.target";
systemd.user.services.waybar.Unit.After = lib.mkForce "graphical-session.target";
systemd.user.services.hypridle.Unit.After = lib.mkForce "graphical-session.target";
wayland.windowManager.hyprland =
let
toggle_mirror = pkgs.writeScriptBin "toggle_mirror.sh" ''
#!${pkgs.stdenv.shell}
if [ $(hyprctl monitors all -j | ${pkgs.jq}/bin/jq '.[1].activeWorkspace.id') = '-1' ]; then
hyprctl keyword monitor ",preferred,auto,1"
else
hyprctl keyword monitor ",preferred,auto,1,mirror,eDP-1"
fi
'';
# Autostart now handled by xdg.autoStart
startup = pkgs.writeScriptBin "startup.sh" ''
#!${pkgs.stdenv.shell}
# uwsm app -- ${pkgs.wl-clip-persist}/bin/wl-clip-persist -c both &
'';
in
{
enable = true;
systemd.enable = false; # using UWSM
plugins = with pkgs.hyprlandPlugins; [
hyprexpo
];
settings =
let
inherit (builtins) genList concatLists toString;
wpctl = "${pkgs.wireplumber}/bin/wpctl";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
menu = "${config.programs.rofi.package}/bin/rofi -columns 1 -show combi -modes combi -combi-modes \"window,drun,run\"";
fileManager = "${pkgs.nautilus}/bin/nautilus";
in
{
"$mod" = "SUPER";
exec-once = [
"${startup}/bin/startup.sh"
];
monitor = [
"eDP-1, 3840x2400@60,0x0,2"
",highres,auto,1"
];
input = {
touchpad.natural_scroll = true;
};
general = {
gaps_in = 5;
gaps_out = 10;
border_size = 2;
"col.active_border" = "rgba(babbf1ee) rgba(f4b8e4ee) 45deg";
"col.inactive_border" = "rgba(303446aa)";
layout = "dwindle";
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true;
};
group = {
"col.border_active" = "rgba(babbf1ee) rgba(f4b8e4ee) 45deg";
"col.border_inactive" = "rgba(232634aa)";
groupbar = {
font_size = 10;
height = 18;
"col.active" = "rgba(babbf1aa)";
"col.inactive" = "rgba(414559aa)";
text_color = "rgba(ffffffee)";
};
};
plugin.hyprexpo = {
workspace_method = "first 1";
enable_gesture = true;
gesture_positive = false;
gesture_fingers = 3;
};
decoration = {
rounding = 10;
blur = {
enabled = true;
size = 3;
passes = 1;
};
shadow = {
enabled = true;
color = "rgba(1a1a1aee)";
range = 4;
render_power = 3;
};
};
animations = {
enabled = "yes";
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 4, default"
"workspaces, 1, 4, default"
];
};
dwindle = {
preserve_split = "yes";
pseudotile = "yes";
};
gestures.workspace_swipe = true;
misc = {
force_default_wallpaper = 2;
disable_splash_rendering = true;
disable_hyprland_logo = true;
disable_autoreload = true;
};
windowrulev2 = [
"suppressevent maximize, class:.*"
"workspace 1 silent, class:^(Element)$"
"workspace 1 silent, class:^(discord)$"
"group, class:^(Element|discord)$,workspace:1"
"workspace 2 silent, class:^(firefox)$"
"float,class:^(firefox)$,title:^(Picture-in-Picture)$"
"workspace special:obsidian silent, class:^(obsidian)$"
];
# l -> works when screen is locked
# e -> repeats when held
bindel = [
",XF86AudioRaiseVolume,exec,${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%+"
",XF86AudioLowerVolume,exec,${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%-"
",XF86MonBrightnessUp,exec,${brightnessctl} -q s +5%"
",XF86MonBrightnessDown,exec,${brightnessctl} -q s 5%-"
];
bindl = [ ",XF86AudioMute, exec,${wpctl} set-mute @DEFAULT_AUDIO_SINK@ toggle" ];
bind =
[
"$mod, RETURN, exec, uwsm app -- ${terminal}"
"$mod, Q, killactive,"
"$mod SHIFT, Q, exec, uwsm stop,"
"$mod, E, exec, uwsm app -- ${fileManager}"
"$mod, V, togglefloating,"
"$mod, D, exec, uwsm app -- ${menu}"
"$mod, P, pseudo, # dwindle"
"$mod, J, togglesplit, # dwindle"
"$mod,m,fullscreen"
"$mod, L, exec, loginctl lock-session"
"$mod, space, hyprexpo:expo, toggle"
# Move focus with arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
# Scratch workspace
"$mod, S, togglespecialworkspace, scratch"
"$mod SHIFT, S, movetoworkspace, special:scratch"
# Obsidian Workspace
"$mod, O, togglespecialworkspace, obsidian"
"$mod SHIFT, O, movetoworkspace, special:obsidian"
# Groups aka Tabs
"$mod,g,togglegroup"
"$mod,tab,changegroupactive"
# PrintScreen
",Print,exec,uwsm app -- ${pkgs.grimblast}/bin/grimblast copysave area /home/vivian/cloud/Pictures/Screenshots/$(date +%s).png"
# Toggle Mirror for external displays on/off
",XF86Display,exec,${toggle_mirror}/bin/toggle_mirror.sh"
]
++ (
# workspaces
# binds $mod + [shift +] {1..10} to [move to] workspace {1..10}
concatLists (
genList (
x:
let
ws =
let
c = (x + 1) / 10;
in
toString (x + 1 - (c * 10));
in
[
"$mod, ${ws}, workspace, ${toString (x + 1)}"
"$mod SHIFT, ${ws}, movetoworkspacesilent, ${toString (x + 1)}"
]
) 10
)
);
# Bind mouse
bindm = [
# Move/resize windows with mod + LMB/RMB and dragging
"$mod, mouse:272, movewindow"
"$mod, mouse:273, resizewindow"
];
};
};
}

17
hosts/thalassa/aoife/home/starship.nix
View file

@ -1,17 +0,0 @@
{ pkgs, config, ...}:
let
starshipNerdFont = pkgs.runCommand "starship-nerd-font.toml" { STARSHIP_CACHE = "/tmp"; } ''
${config.programs.starship.package}/bin/starship preset nerd-font-symbols > $out
'';
in{
programs.starship = {
enable = false;
enableZshIntegration = true;
enableFishIntegration = true;
enableNushellIntegration = true;
settings = {
nix_shell.heuristic = true;
} // builtins.fromTOML (builtins.readFile starshipNerdFont);
};
}

125
hosts/thalassa/aoife/home/waybar.css
View file

@ -1,125 +0,0 @@
/* Catppucin Frappe */
@define-color base #303446;
@define-color mantle #292c3c;
@define-color crust #232634;
@define-color text #c6d0f5;
@define-color subtext0 #a5adce;
@define-color subtext1 #b5bfe2;
@define-color surface0 #414559;
@define-color surface1 #51576d;
@define-color surface2 #626880;
@define-color overlay0 #737994;
@define-color overlay1 #838ba7;
@define-color overlay2 #949cbb;
@define-color blue #8caaee;
@define-color lavender #babbf1;
@define-color sapphire #85c1dc;
@define-color sky #99d1db;
@define-color teal #81c8be;
@define-color green #a6d189;
@define-color yellow #e5c890;
@define-color peach #ef9f76;
@define-color maroon #ea999c;
@define-color red #e78284;
@define-color mauve #ca9ee6;
@define-color pink #f4b8e4;
@define-color flamingo #eebebe;
@define-color rosewater #f2d5cf;
window {
border: none;
font-family: DejaVuSansM Nerd Font, sans-serif;
font-size: 13px;
color: @text;
}
window#waybar {
color: @text;
background-color: rgba(0, 0, 0, 0);
transition-property: background-color;
transition-duration: 0.5s;
transition-duration: .5s;
}
window#waybar.hidden {
opacity: 0.2;
}
#workspaces {
/* background: @overlay0; */
}
#workspaces button {
color: @text;
/* background: @background3; */
/* margin: 7px 5px 10px 5px; */
}
#workspaces button:hover {
background: @surface0;
color: @text;
}
#workspaces button.active {
color: @crust;
background: @overlay2;
border: none;
}
#clock,
#battery,
#network,
#power-profiles-daemon,
#wireplumber {
padding: 0px 20px;
border-radius: 8px;
margin-left: 5px;
color: @crust;
}
#wireplumber {
padding: 0px 20px 0px 17px;
background-color: @teal;
}
#network {
padding: 0px 15px 0px 20px;
background-color: @green;
}
#battery {
background-color: @lavender;
}
#clock {
background-color: @pink;
}
#power-profiles-daemon {
background-color: @mauve;
}
@keyframes blink {
to {
background-color: rgba(30, 34, 42, 0.5);
color: #abb2bf;
}
}
#battery.critical:not(.charging) {
color: #f53c3c;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
label:focus {
background-color: #000000;
}

82
hosts/thalassa/aoife/home/waybar.nix
View file

@ -1,82 +0,0 @@
{ pkgs, config, ... }:
let
terminal = "${config.programs.kitty.package}/bin/kitty -1";
in
{
programs.waybar = {
enable = true;
systemd.enable = true;
style = ./waybar.css;
settings = {
mainBar = {
layer = "top";
position = "top";
height = 30;
modules-left = [ "hyprland/workspaces" ];
modules-center = [ "clock" ];
modules-right = [
"wireplumber"
"power-profiles-daemon"
"network"
"battery"
];
wireplumber = {
format = "󰕾 {volume}%";
format-muted = "󰖁";
on-click = "${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_SINK@ toggle";
};
network =
let
nmtui = pkgs.writeScriptBin "nmtui.sh" ''
#!${pkgs.stdenv.shell}
unset COLORTERM
TERM=xterm-old ${pkgs.networkmanager}/bin/nmtui
'';
in
{
format-wifi = "󰖩 {essid} ({signalStrength}%)";
format-ethernet = "󰈀 {ifname}: {ipaddr}/{cidr}";
format-disconnected = "󰌙 ";
tooltip-format = "{ifname}: {ipaddr}";
on-click = "${terminal} --execute ${nmtui}/bin/nmtui.sh";
};
power-profiles-daemon = {
format = "{icon}";
format-icons = {
performance = "󰓅";
balanced = "󰾅";
power-saver = "󰾆";
};
};
battery = {
states = {
warning = 30;
critical = 15;
};
format = "󱐋 {capacity}%";
format-discharging = "{icon} {capacity}%";
format-icons = [
"󰂎"
"󰁺"
"󰁻"
"󰁼"
"󰁽"
"󰁾"
"󰁿"
"󰂀"
"󰂁"
"󰂂"
"󰁹"
];
};
};
};
};
}

33
hosts/thalassa/aoife/uni.nix
View file

@ -1,33 +0,0 @@
# Config options needed for various university courses
{ pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
esp-generate
espflash
];
users.extraGroups.plugdev = { };
users.extraUsers.vivian.extraGroups = [
"dialout"
"plugdev"
];
hardware.saleae-logic.enable = true;
programs.nix-ld = {
enable = true;
package = pkgs.nix-ld-rs;
libraries = [
];
};
services.udev.packages = [
pkgs.openocd # This should(?) be the same as the probe-rs rules below, but just to be sure
(pkgs.writeTextFile {
name = "probe-rs-udev";
destination = "/etc/udev/rules.d/69-probe-rs.rules";
text = builtins.readFile ./69-probe-rs.rules;
})
];
}

72
common/default.nix → nixos/common/default.nix
View file

@ -1,32 +1,30 @@
{ { lib, pkgs, inputs, config, ... }: {
lib, imports =
inputs, [ ./users ./modules inputs.vault-secrets.nixosModules.vault-secrets ];
pkgs,
... vault-secrets =
}: let
{ inherit (config.networking) domain hostName;
imports = [ server = if domain == "olympus" then "vault" else "vault-0";
./users in
./modules lib.mkIf (domain == "olympus" || domain == "hades") {
]; vaultPrefix = "${domain}_secrets/nixos";
vaultAddress = "http://${server}.${domain}:8200/";
approlePrefix = "${domain}-${hostName}";
};
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { extraSpecialArgs = { inherit inputs; };
inherit inputs; sharedModules = [ ./hm-modules inputs.nixvim.homeManagerModules.nixvim ];
};
sharedModules = [
./hm-modules
inputs.nixvim.homeManagerModules.nixvim
inputs.autostart.homeManagerModules.xdg-autostart
inputs.catppuccin.homeModules.catppuccin
inputs.autostart.homeManagerModules.xdg-autostart
];
}; };
virtualisation.oci-containers.backend = lib.mkDefault "podman"; virtualisation.oci-containers.backend = lib.mkDefault "podman";
# Clean /tmp on boot.
boot.tmp.cleanOnBoot = true;
# Set your time zone. # Set your time zone.
time.timeZone = lib.mkDefault "Europe/Amsterdam"; time.timeZone = lib.mkDefault "Europe/Amsterdam";
@ -43,26 +41,25 @@
# Nix Settings # Nix Settings
nix = { nix = {
# registry.nixpkgs.flake = inputs.nixpkgs; registry.nixpkgs.flake = inputs.nixpkgs;
# nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
package = pkgs.lix; # package = pkgs.nixUnstable;
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
trusted-users = [ trusted-users = [ "root" "vivian" ];
"root"
"vivian"
];
substituters = [ substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org" "https://nixpkgs-review-bot.cachix.org"
"https://colmena.cachix.org"
# "https://cache.garnix.io"
"https://cachix.cachix.org" "https://cachix.cachix.org"
"https://hyprland.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE=" "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
# "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
]; ];
}; };
optimise = { optimise = {
@ -80,25 +77,28 @@
''; '';
}; };
services = { nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36"
];
# Limit the systemd journal to 100 MB of disk or the # Limit the systemd journal to 100 MB of disk or the
# last 7 days of logs, whichever happens first. # last 7 days of logs, whichever happens first.
journald.extraConfig = '' services.journald.extraConfig = ''
SystemMaxUse=100M SystemMaxUse=100M
MaxFileSec=7day MaxFileSec=7day
''; '';
dbus.implementation = "broker";
# Enable SSH # Enable SSH
openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {
PasswordAuthentication = lib.mkDefault false; PasswordAuthentication = lib.mkDefault false;
PermitRootLogin = lib.mkDefault "no"; PermitRootLogin = lib.mkDefault "no";
}; };
}; };
};
# Debloat # Debloat
documentation = { documentation = {

0
common/desktop/README.md → nixos/common/desktop/README.md
View file

67
common/desktop/default.nix → nixos/common/desktop/default.nix
View file

@ -1,10 +1,4 @@
{ { pkgs, lib, inputs, ... }: {
pkgs,
lib,
inputs,
...
}:
{
# Bootloader. # Bootloader.
boot = { boot = {
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
@ -13,43 +7,36 @@
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi"; efi.efiSysMountPoint = "/boot/efi";
}; };
kernel.sysctl = lib.mkDefault { "fs.inotify.max_user_watches" = 524288; }; kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; };
initrd = { initrd = {
systemd.enable = true; systemd.enable = true;
verbose = false; verbose = false;
}; };
}; };
# programs.nix-ld.enable = true; programs.nix-ld.enable = true;
hardware.keyboard.qmk.enable = true; hardware.keyboard.qmk.enable = true;
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users.vivian = import ./home.nix; users.vivian = import ./home.nix;
extraSpecialArgs = { extraSpecialArgs = { inherit inputs; };
inherit inputs;
}; };
};
services = { services = {
pulseaudio.enable = false;
# Enable my config for the gnome desktop environment # Enable my config for the gnome desktop environment
v.gnome.enable = lib.mkDefault true; v.gnome.enable = true;
flatpak.enable = true;
# Enable CUPS to print documents. # Enable CUPS to print documents.
printing.enable = true; printing.enable = true;
pipewire = { pipewire = {
enable = true; enable = true;
audio.enable = true; alsa.enable = true;
# alsa.enable = true; alsa.support32Bit = true;
# alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
# If you want to use JACK applications, uncomment this # If you want to use JACK applications, uncomment this
jack.enable = true; #jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default, # use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now) # no need to redefine it in your config for now)
@ -75,15 +62,19 @@
}; };
# Global Packages # Global Packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ wireguard-tools sbctl podman-compose ];
wireguard-tools
sbctl
]; # ++ (if config.virtualisation.podman.enable then [ pkgs.podman-compose ] else []);
# programs.virt-manager = {
# enable = true;
# };
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
virtualisation = { virtualisation = {
podman.enable = lib.mkDefault true; podman.enable = true;
libvirtd = { libvirtd = {
enable = true; enable = true;
qemu.package = pkgs.qemu_kvm; qemu.package = pkgs.qemu_kvm;
@ -92,36 +83,30 @@
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
material-design-icons material-design-icons
noto-fonts noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk
noto-fonts-emoji noto-fonts-emoji
dejavu_fonts dejavu_fonts
(nerdfonts.override {
nerd-fonts.dejavu-sans-mono fonts =
nerd-fonts.ubuntu [ "DejaVuSansMono" "Ubuntu" "DroidSansMono" "NerdFontsSymbolsOnly" ];
nerd-fonts.droid-sans-mono })
nerd-fonts.symbols-only
]; ];
programs = { programs = {
steam = { steam = {
enable = true; enable = true;
# Open ports in the firewall for Steam Remote Play # Open ports in the firewall for Steam Remote Play
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
package = pkgs.steam.override { package = pkgs.steam.override {
extraPkgs = extraPkgs = pkgs: with pkgs; [ gamescope mangohud ];
pkgs: with pkgs; [
gamescope
mangohud
];
}; };
}; };
gamemode.enable = true;
adb.enable = true; adb.enable = true;
}; };
networking = { networking = {
# Networking # Networking
networkmanager.enable = true; networkmanager.enable = true;

97
nixos/common/desktop/home.nix Normal file
View file

@ -0,0 +1,97 @@
{ pkgs, inputs, config, ... }:
let
tex = pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-full;
dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; };
};
my-python-packages = ps: with ps; [ pandas requests numpy ];
in {
home.packages = with pkgs; [
(python3.withPackages my-python-packages)
btop
calibre
celluloid
element-desktop
fusee-launcher
fractal-next
foliate
gcc
gimp
helix
inputs.attic.packages.${pkgs.system}.attic
inputs.comma.packages.${pkgs.system}.default
# inputs.webcord.packages.${pkgs.system}.default
discord
dogdns
jetbrains.clion
jetbrains.rust-rover
kdenlive
libreoffice-fresh
mattermost-desktop
mullvad-vpn
neofetch
nixfmt
nixpkgs-review
plex-media-player
plexamp
spotify
qmk
solo2-cli
tex
unzip
yt-dlp
];
# Enable my own hm modules
themes.v.catppuccin.enable = true;
programs = {
v = {
vscode.enable = true;
nvim.enable = true;
rust.enable = true;
};
riff = {
enable = true;
direnv = true;
};
firefox.enable = true;
chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
};
direnv = {
enable = true;
nix-direnv.enable = true;
};
zsh = {
enable = true;
sessionVariables = { DIRENV_LOG_FORMAT = ""; };
};
thunderbird = {
enable = true;
profiles.default = { isDefault = true; };
};
};
# Syncthing
services.syncthing.enable = true;
xdg.userDirs = let home = config.home.homeDirectory;
in {
enable = true;
createDirectories = true;
desktop = "${home}/.desktop";
documents = "${home}/cloud/Documents";
download = "${home}/dl";
music = "${home}/cloud/Music";
pictures = "${home}/cloud/Pictures";
publicShare = "${home}/.publicShare";
templates = "${home}/.templates";
videos = "${home}/cloud/Videos";
};
}

13
nixos/common/generic-lxc.nix Normal file
View file

@ -0,0 +1,13 @@
_: {
# See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/
# Supress systemd services that don't work (correctly) on LXC
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
# https://github.com/NixOS/nixpkgs/issues/157449#issuecomment-1459299764
boot.specialFileSystems."/run".options = [ "rshared" ];
}

4
common/generic-vm.nix → nixos/common/generic-vm.nix
View file

@ -1,5 +1,5 @@
{ lib, ... }: { _: {
networking.useDHCP = lib.mkDefault true; networking.useDHCP = true;
# Enable qemu guest agent # Enable qemu guest agent
services.qemuGuest.enable = true; services.qemuGuest.enable = true;

40
nixos/common/hm-modules/catppuccin.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.themes.v.catppuccin;
in {
options.themes.v.catppuccin = { enable = mkEnableOption "catppuccin"; };
config =
let
theme = "Catppuccin-Pink-Dark";
cursorTheme = config.home.pointerCursor.name;
in
mkIf cfg.enable {
home.pointerCursor = {
name = "Bibata_Ghost";
size = 24;
package = pkgs.bibata-cursors-translucent;
};
gtk = {
enable = true;
theme = {
name = theme;
package = pkgs.catppuccin-gtk;
};
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme.override { color = "violet"; };
};
cursorTheme = {
name = cursorTheme;
inherit (config.home.pointerCursor) package size;
};
};
programs.vscode = {
userSettings."workbench.colorTheme" = "Catppuccin Frappé";
extensions = [ pkgs.vscode-extensions.catppuccin.catppuccin-vsc ];
};
};
}

3
nixos/common/hm-modules/default.nix Normal file
View file

@ -0,0 +1,3 @@
{ ... }: {
imports = [ ./catppuccin.nix ./nvim.nix ./riff.nix ./vscode.nix ./git.nix ./rust.nix ];
}

0
common/hm-modules/git.nix → nixos/common/hm-modules/git.nix
View file

190
nixos/common/hm-modules/nvim.nix Normal file
View file

@ -0,0 +1,190 @@
{ config, pkgs, lib, ... }:
let cfg = config.programs.v.nvim;
in with lib; {
options.programs.v.nvim = { enable = mkEnableOption "nvim"; };
config = mkIf cfg.enable {
programs.nixvim = {
enable = true;
package = pkgs.neovim-unwrapped;
vimAlias = true;
luaLoader.enable = true;
globals.mapleader = " ";
options.number = true;
clipboard = { providers.wl-copy.enable = true; };
keymaps = [
{
mode = "n";
key = "<leader>ff";
action = "require('telescope.builtin').find_files";
lua = true;
}
{
mode = "n";
key = "<leader>fg";
action = "require('telescope.builtin').live_grep";
lua = true;
}
{
mode = "n";
key = "<C-_>";
action = "require('Comment.api').toggle.linewise.current";
lua = true;
}
{
mode = "x";
key = "<C-_>";
action = ''
function()
local esc = vim.api.nvim_replace_termcodes(
'<ESC>', true, false, true
)
vim.api.nvim_feedkeys(esc, 'nx', false)
require('Comment.api').toggle.linewise(vim.fn.visualmode())
end
'';
lua = true;
}
{
mode = "n";
key = "g=";
action = "vim.lsp.buf.format";
lua = true;
}
{
mode = "n";
key = "t";
action = ":FloatermToggle myfloat<CR>";
}
{
mode = "t";
key = "<ESC>";
action = "function() vim.cmd(':FloatermToggle myfloat') end";
lua = true;
}
];
extraPlugins = with pkgs.vimPlugins; [
FixCursorHold-nvim
luasnip
plenary-nvim
neotest
neotest-plenary
neotest-rust
];
colorschemes.catppuccin = {
enable = true;
flavour = "frappe";
};
extraConfigLua = ''
require("neotest").setup({
adapters = {
require("neotest-plenary"),
require("neotest-rust") {
args = { "--no-capture" },
}
},
})
'';
plugins = {
bufferline.enable = true;
none-ls = {
enable = true;
sources = {
formatting.nixpkgs_fmt.enable = true;
code_actions.shellcheck.enable = true;
code_actions.statix.enable = true;
diagnostics = {
statix.enable = true;
deadnix.enable = true;
shellcheck.enable = true;
};
};
};
nix.enable = true;
treesitter = {
enable = true;
nixGrammars = true;
disabledLanguages = [ "latex" ];
};
surround.enable = true;
fugitive.enable = true;
gitgutter.enable = true;
lualine = {
enable = true;
theme = "catppuccin";
};
telescope = {
enable = true;
extensions.fzf-native.enable = true;
extensions.fzf-native.fuzzy = true;
};
comment-nvim = { enable = true; };
lsp = {
enable = true;
servers = {
nil_ls.enable = true;
rust-analyzer = {
installCargo = false;
installRustc = false;
};
pyright.enable = true;
elixirls.enable = true;
clangd.enable = true;
yamlls.enable = true;
};
};
trouble.enable = true;
lspkind.enable = true;
vimtex.enable = true;
floaterm.enable = true;
nvim-cmp = {
enable = true;
autoEnableSources = true;
sources = [
{ name = "nvim_lsp"; }
{
name = "luasnip";
option = { show_autosnippets = true; };
}
{ name = "cmp-spell"; }
{ name = "cmp-rg"; }
{ name = "path"; }
{ name = "buffer"; }
];
snippet.expand = "luasnip";
mappingPresets = [ "insert" "cmdline" ];
mapping = {
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<Tab>" = {
modes = [ "i" "s" ];
action = ''
function(fallback)
local luasnip = require('luasnip')
if cmp.visible() then
cmp.select_next_item()
elseif luasnip.expandable() then
luasnip.expand()
elseif luasnip.expand_or_jumpable() then
luasnip.expand_or_jump()
else
fallback()
end
end
'';
};
};
};
};
};
};
}

28
nixos/common/hm-modules/riff.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let cfg = config.programs.riff;
in {
options.programs.riff = {
enable = mkEnableOption "riff";
direnv = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable direnv support
'';
};
};
config = mkIf cfg.enable {
home.packages = [ inputs.riff.packages.${pkgs.system}.riff ];
xdg.configFile."direnv/lib/riff.sh" = mkIf cfg.direnv {
executable = true;
text = ''
use_riff() {
watch_file Cargo.toml watch_file Cargo.lock
eval "$(riff --offline print-dev-env)"
}
'';
};
};
}

26
nixos/common/hm-modules/rust.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, lib, config, ... }:
with lib;
let cfg = config.programs.v.rust;
in {
options.programs.v.rust = { enable = mkEnableOption "rust"; };
config = mkIf cfg.enable {
home = {
packages = with pkgs; [ rustup cargo-nextest cargo-msrv cargo-dist cargo-cross];
file = {
".cargo/config.toml".text = ''
[registries.crates-io]
protocol = "sparse"
[build]
rustc-wrapper = "${pkgs.sccache}/bin/sccache"
[profile.rust-analyzer]
inherits = "dev"
'';
};
sessionPath = [ "$HOME/.cargo/bin" ];
};
};
}

79
nixos/common/hm-modules/vscode.nix Normal file
View file

@ -0,0 +1,79 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.programs.v.vscode;
in {
options.programs.v.vscode = { enable = mkEnableOption "vscode"; };
config = mkIf cfg.enable {
programs.vscode = {
enable = true;
package = pkgs.vscode;
userSettings = {
"ltex.language" = "en-GB";
"latex-workshop.linting.chktex.enabled" = true;
"latex-workshop.latex.clean.subfolder.enabled" = true;
"latex-workshop.latex.outDir" = "%TMPDIR%/%RELATIVE_DOC%";
"editor.fontFamily" =
"'DejaVuSansMono Nerd Font', 'monospace', monospace";
"keyboard.dispatch" = "keyCode";
"rust-analyzer.server.path" = "${pkgs.rust-analyzer}/bin/rust-analyzer";
"rust-analyzer.check.extraArgs" = ["--profile" "rust-analyzer"];
"rust-analyzer.check.command" = "clippy";
"terminal.integrated.defaultProfile.linux" = "zsh";
"nix.enableLanguageServer" = true; # Enable LSP.
"nix.serverPath" = "${pkgs.nil}/bin/nil";
"[nix]" = { "editor.defaultFormatter" = "brettm12345.nixfmt-vscode"; };
"[python]" = { "editor.formatOnType" = true; };
"debug.allowBreakpointsEverywhere" = true;
"C_Cpp.clang_format_fallbackStyle" =
"{ BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 0}";
"crates.compatibleDecorator" = "";
"crates.errorDecorator" = "";
"crates.incompatibleDecorator" = "🛇";
# Don't index unecessary things
"files.exclude" = {
"**/.vscode" = true;
"**/.git" = true;
"**/.svn" = true;
"**/.hg" = true;
"**/.deps" = true;
"**/CVS" = true;
"**/.DS_Store" = true;
"/bin" = true;
"/boot" = true;
"/cdrom" = true;
"/dev" = true;
"/proc" = true;
"/etc" = true;
"/nix" = true;
};
};
extensions = with pkgs.vscode-extensions;
with pkgs.v.vscode-extensions; [
brettm12345.nixfmt-vscode
codezombiech.gitignore
editorconfig.editorconfig
foxundermoon.shell-format
james-yu.latex-workshop
jnoortheen.nix-ide
matklad.rust-analyzer
mkhl.direnv
ms-vscode-remote.remote-ssh
ms-vscode.cpptools
platformio.platformio-ide
redhat.vscode-yaml
redhat.vscode-xml
tamasfe.even-better-toml
valentjn.vscode-ltex
vscodevim.vim
vadimcn.vscode-lldb
xaver.clang-format
sumneko.lua
davidlday.languagetool-linter
serayuzgur.crates
skellock.just
];
};
};
}

3
nixos/common/modules/default.nix Normal file
View file

@ -0,0 +1,3 @@
{ ... }: {
imports = [ ./meta.nix ./nginx.nix ./dns.nix ./flood.nix ./gnome ./unpackerr.nix ./vault.nix ];
}

29
common/modules/dns.nix → nixos/common/modules/dns.nix
View file

@ -1,22 +1,18 @@
{ config, pkgs, lib, self, ... }: { config, pkgs, lib, hosts, flat_hosts, ... }:
# DNS Module to set up Unbound DNS with all my hosts in the config # DNS Module to set up Unbound DNS with all my hosts in the config
# Used for DNS Servers and my laptop # Used for DNS Servers and my laptop
with lib; with lib;
let let
inherit (builtins) filter attrValues; inherit (builtins) filter hasAttr attrNames;
domains = [ "hades" "olympus" "thalassa" ]; domains = attrNames hosts;
mapConfig = host: { ipv4Host = filter (hasAttr "ip") flat_hosts;
inherit (host.config.networking) hostName domain; ipv6Hosts = filter (hasAttr "ip6") flat_hosts;
inherit (host.config.meta) ipv4 ipv6;
};
hosts = (map mapConfig (attrValues self.nixosConfigurations));
ipv4Hosts = filter (v: v.ipv4 != null) hosts;
ipv6Hosts = filter (v: v.ipv6 != null) hosts;
localData = { hostName, domain, ipv4, ... }: ''"${hostName}.${domain}. A ${ipv4}"''; localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"'';
local6Data = { hostName, domain, ipv6, ... }: ''"${hostName}.${domain}. AAAA ${ipv6}"''; local6Data = { hostname, realm, ip6, ... }:
ptrData = { hostName, domain, ipv4, ... }: ''"${ipv4} ${hostName}.${domain}"''; ''"${hostname}.${realm}. AAAA ${ip6}"'';
ptr6Data = { hostName, domain, ipv6, ... }: ''"${ipv6} ${hostName}.${domain}"''; ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"'';
ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"'';
cfg = config.services.v.dns; cfg = config.services.v.dns;
in { in {
@ -58,7 +54,6 @@ in {
enable = true; enable = true;
inherit (cfg) openFirewall; inherit (cfg) openFirewall;
inherit (config.services.unbound) group; inherit (config.services.unbound) group;
controlInterface = config.services.unbound.localControlSocketPath;
}; };
services.unbound = { services.unbound = {
enable = true; enable = true;
@ -73,8 +68,8 @@ in {
local-zone = local-zone =
map (localdomain: ''"${localdomain}}." transparent'') domains; map (localdomain: ''"${localdomain}}." transparent'') domains;
local-data = (map localData ipv4Hosts) ++ (map local6Data ipv6Hosts); local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts);
local-data-ptr = (map ptrData ipv4Hosts) ++ (map ptr6Data ipv6Hosts); local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts);
private-address = [ private-address = [
"127.0.0.0/8" "127.0.0.0/8"

0
common/modules/flood.nix → nixos/common/modules/flood.nix
View file

77
common/modules/gnome/default.nix → nixos/common/modules/gnome/default.nix
View file

@ -1,14 +1,11 @@
{ { config, pkgs, lib, inputs, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let cfg = config.services.v.gnome;
cfg = config.services.v.gnome; in {
in imports = [
{ inputs.gnome-autounlock-keyring.nixosModules.default
];
options.services.v.gnome = { options.services.v.gnome = {
enable = mkEnableOption "v.gnome"; enable = mkEnableOption "v.gnome";
hm = mkOption { hm = mkOption {
@ -36,17 +33,17 @@ in
xserver = { xserver = {
enable = true; enable = true;
excludePackages = [ pkgs.xterm ]; excludePackages = [ pkgs.xterm ];
# Configure keymap in X11 # Configure keymap in X11
xkb = {
layout = "us"; layout = "us";
variant = "altgr-intl"; xkbVariant = "altgr-intl";
};
# Enable the GNOME Desktop Environment. # Enable the GNOME Desktop Environment.
displayManager.gdm.enable = lib.mkDefault true; displayManager.gdm.enable = true;
desktopManager.gnome.enable = true; desktopManager.gnome.enable = true;
}; };
udev.packages = with pkgs; [ gnome-settings-daemon ]; udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
dbus.enable = true; dbus.enable = true;
udisks2.enable = true; udisks2.enable = true;
}; };
@ -55,49 +52,35 @@ in
# Add Home-manager dconf stuff # Add Home-manager dconf stuff
home-manager.sharedModules = mkIf cfg.hm [ ./hm.nix ]; home-manager.sharedModules = mkIf cfg.hm [ ./hm.nix ];
environment.gnome.excludePackages =
environment.gnome.excludePackages = ( (with pkgs; [ gnome-photos gnome-tour gnome-connections ])
with pkgs; ++ (with pkgs.gnome; [
[ atomix # puzzle game
gnome-photos
gnome-tour
gnome-connections
gnome-calendar
epiphany # web browser epiphany # web browser
geary # email reader geary # email reader
simple-scan # document scanner pkgs.gedit # text editor
totem # video player gnome-calendar
gnome-terminal
gnome-contacts
atomix # puzzle game
gnome-maps
gedit # text editor
gnome-music
gnome-clocks gnome-clocks
iagno # go game gnome-contacts
tali # poker game gnome-maps
hitori # sudoku game gnome-music
gnome-notes gnome-notes
gnome-terminal
gnome-weather gnome-weather
gnome-software hitori # sudoku game
] iagno # go game
); simple-scan # document scanner
tali # poker game
services.gnome.evolution-data-server.enable = lib.mkForce false; totem # video player
services.gnome.gnome-online-accounts.enable = false; ]);
services.gnome.gnome-remote-desktop.enable = false;
services.gnome.gnome-user-share.enable = false;
services.gnome.rygel.enable = false;
services.gnome.tinysparql.enable = false;
services.gnome.localsearch.enable = false;
# Services required for gnome # Services required for gnome
programs.dconf.enable = true; programs.dconf.enable = true;
# Extra gnome packages # Extra gnome packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gnome-tweaks gnome.gnome-tweaks
gnome-boxes gnome.gnome-boxes
]; ];
}; };
} }

132
nixos/common/modules/gnome/hm.nix Normal file
View file

@ -0,0 +1,132 @@
{ lib, ... }:
with lib.hm.gvariant;
let
inherit (builtins) attrNames map;
inherit (lib.attrsets) mapAttrs' nameValuePair;
generate_custom_keybindings = binds:
{
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = map (name:
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}/")
(attrNames binds);
};
} // mapAttrs' (name:
nameValuePair
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}")
binds;
in {
xdg.mimeApps.enable = true;
xdg.mimeApps.defaultApplications = {
"text/plain" = "org.gnome.TextEditor.desktop";
"application/pdf" = "org.gnome.Evince.desktop";
# Firefox
"text/html" = "firefox.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/chrome" = "firefox.desktop";
"application/x-extension-htm" = "firefox.desktop";
"application/x-extension-shtml" = "firefox.desktop";
"application/xhtml+xml" = "firefox.desktop";
"application/x-extension-xhtml" = "firefox.desktop";
"application/x-extension-xht" = "firefox.desktop";
"application/x-extension-html" = "firefox.desktop";
# Images
"image/bmp" = "org.gnome.eog.desktop";
"image/gif" = "org.gnome.eog.desktop";
"image/jpg" = "org.gnome.eog.desktop";
"image/pjpeg" = "org.gnome.eog.desktop";
"image/png" = "org.gnome.eog.desktop";
"image/tiff" = "org.gnome.eog.desktop";
"image/webp" = "org.gnome.eog.desktop";
"image/x-bmp" = "org.gnome.eog.desktop";
"image/x-gray" = "org.gnome.eog.desktop";
"image/x-icb" = "org.gnome.eog.desktop";
"image/x-ico" = "org.gnome.eog.desktop";
"image/x-png" = "org.gnome.eog.desktop";
"image/x-portable-anymap" = "org.gnome.eog.desktop";
"image/x-portable-bitmap" = "org.gnome.eog.desktop";
"image/x-portable-graymap" = "org.gnome.eog.desktop";
"image/x-portable-pixmap" = "org.gnome.eog.desktop";
"image/x-xbitmap" = "org.gnome.eog.desktop";
"image/x-xpixmap" = "org.gnome.eog.desktop";
"image/x-pcx" = "org.gnome.eog.desktop";
"image/svg+xml" = "org.gnome.eog.desktop";
"image/svg+xml-compressed" = "org.gnome.eog.desktop";
"image/vnd.wap.wbmp" = "org.gnome.eog.desktop";
"image/x-icns" = "org.gnome.eog.desktop";
};
dconf.settings = {
"org/gnome/desktop/input-sources" = {
sources = [ (mkTuple [ "xkb" "us+altgr-intl" ]) ];
xkb-options = [ "terminate:ctrl_alt_bksp" ];
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/mutter" = {
attach-modal-dialogs = true;
dynamic-workspaces = false;
edge-tiling = true;
focus-change-on-pointer-rest = true;
workspaces-only-on-primary = true;
};
"org/gnome/mutter/keybindings" = {
toggle-tiled-left = [ "<Super>bracketleft" ];
toggle-tiled-right = [ "<Super>bracketright" ];
};
"org/gnome/shell/keybindings" = { toggle-overview = [ "<Super>d" ]; };
"org/gnome/desktop/interface" = { color-scheme = "prefer-dark"; };
"org/gnome/desktop/wm/preferences" = {
auto-raise = false;
num-workspaces = 6;
focus-mode = "sloppy";
};
"org/gnome/desktop/wm/keybindings" = {
raise-or-lower = [ "<Super>s" ];
switch-applications = [ "<Super>Tab" ];
switch-applications-backward = [ "<Super>Tab" ];
move-to-workspace-1 = [ "<Shift><Super>1" ];
move-to-workspace-2 = [ "<Shift><Super>2" ];
move-to-workspace-3 = [ "<Shift><Super>3" ];
move-to-workspace-4 = [ "<Shift><Super>4" ];
move-to-workspace-5 = [ "<Shift><Super>5" ];
move-to-workspace-6 = [ "<Shift><Super>6" ];
switch-to-workspace-1 = [ "<Super>1" ];
switch-to-workspace-2 = [ "<Super>2" ];
switch-to-workspace-3 = [ "<Super>3" ];
switch-to-workspace-4 = [ "<Super>4" ];
switch-to-workspace-5 = [ "<Super>5" ];
switch-to-workspace-6 = [ "<Super>6" ];
toggle-fullscreen = [ "<Super><Shift>M" ];
toggle-maximized = [ "<Super>m" ];
close = [ "<Super>Q" ];
};
"org/gnome/tweaks" = { show-extensions-notice = false; };
"org/gnome/boxes" = { first-run = false; };
} // generate_custom_keybindings {
"terminal" = {
binding = "<Super>Return";
command = "kgx";
name = "Open Terminal";
};
"firefox" = {
binding = "<Super>f";
command = "firefox";
name = "Open Firefox";
};
};
}

43
nixos/common/modules/meta.nix Normal file
View file

@ -0,0 +1,43 @@
{ lib, ... }:
with lib;
let
exposesOpts = {
options = {
domain = mkOption {
type = types.str;
example = "<name>.example.com";
description = ''
The domain under which this service should be available
'';
};
port = mkOption {
type = types.int;
default = 80;
example = 4242;
description = ''
The port under which the service runs on the host
'';
};
};
};
in
{
options.meta = {
exposes = mkOption {
type = with types; attrsOf (submodule exposesOpts);
description = ''
Exposed services
'';
};
ipv4 = mkOption {
type = types.str;
description = ''
Own IPv4 Address
'';
};
};
config = { };
}

0
common/modules/nginx.nix → nixos/common/modules/nginx.nix
View file

0
common/modules/unpackerr.nix → nixos/common/modules/unpackerr.nix
View file

0
common/modules/vault.nix → nixos/common/modules/vault.nix
View file

32
common/users/default.nix → nixos/common/users/default.nix
View file

@ -1,16 +1,5 @@
{ { config, pkgs, lib, ... }: {
config, imports = [ ./laura.nix ./vivian.nix ./jonathan.nix ];
pkgs,
lib,
inputs,
...
}:
{
imports = [
./laura.nix
./vivian.nix
./jonathan.nix
];
programs = { programs = {
# Setup ZSH to use grml config # Setup ZSH to use grml config
@ -22,15 +11,12 @@
interactiveShellInit = '' interactiveShellInit = ''
source "${pkgs.grml-zsh-config}/etc/zsh/zshrc" source "${pkgs.grml-zsh-config}/etc/zsh/zshrc"
export FZF_DEFAULT_COMMAND="${pkgs.ripgrep}/bin/rg --files --follow" export FZF_DEFAULT_COMMAND="${pkgs.ripgrep}/bin/rg --files --follow"
export FZF_CTRL_T_COMMAND="$FZF_DEFAULT_COMMAND" source "${pkgs.fzf}/share/fzf/key-bindings.zsh"
export FZF_CTRL_R_COMMAND="$FZF_DEFAULT_COMMAND" source "${pkgs.fzf}/share/fzf/completion.zsh"
eval "$(${pkgs.zoxide}/bin/zoxide init zsh)" eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
eval "$(${pkgs.fzf}/bin/fzf --zsh)"
export TEMPDIRS="$HOME/tmp"
''; '';
# otherwise it'll override the grml prompt # otherwise it'll override the grml prompt
promptInit = lib.mkDefault ""; promptInit = "";
}; };
# Install Neovim and set it as alias for vi(m) # Install Neovim and set it as alias for vi(m)
@ -50,7 +36,8 @@
# Configure the root account # Configure the root account
users.extraUsers.root = { users.extraUsers.root = {
# Allow my SSH keys for logging in as root. # Allow my SSH keys for logging in as root.
openssh.authorizedKeys.keys = config.users.extraUsers.vivian.openssh.authorizedKeys.keys; openssh.authorizedKeys.keys =
config.users.extraUsers.vivian.openssh.authorizedKeys.keys;
# Also use zsh for root # Also use zsh for root
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
@ -67,9 +54,6 @@
ripgrep ripgrep
rsync rsync
zoxide zoxide
# Terminfo
kitty.terminfo
]; ];
programs.tmux = { programs.tmux = {
@ -82,4 +66,6 @@
setw -g mouse on setw -g mouse on
''; '';
}; };
} }

0
common/users/jonathan.nix → nixos/common/users/jonathan.nix
View file

6
common/users/laura.nix → nixos/common/users/laura.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
users.extraUsers.laura = { users.extraUsers.laura = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; shell = pkgs.zsh;
@ -7,10 +6,9 @@
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIlFUUXbwOkhNUjoA6zueTdRuaylgpgFqSe/xWGK9zb laura@zmeura" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIlFUUXbwOkhNUjoA6zueTdRuaylgpgFqSe/xWGK9zb laura@zmeura"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkk9/80askWhInQk03JMntF6SThAYkFZNm+lIGt4E7 laura@mura" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkk9/80askWhInQk03JMntF6SThAYkFZNm+lIGt4E7 laura@mura"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxoq/J/0ad3AOK/CxPvsIGQjRUzURSuNAtmNOqUmKcr laura@cherry"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMKbP2/vNTybDoEwdFaQvAI1zCVpdTBN25avfeCV0jP laura@bosbes"
]; ];
extraGroups = [ ]; extraGroups = [ ];
}; };
} }

3
common/users/vivian.nix → nixos/common/users/vivian.nix
View file

@ -12,9 +12,9 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 vivian@bastion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 vivian@bastion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB vivian@bastion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB vivian@bastion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh vivian@aoife" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh vivian@aoife"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBMTCUjDbDjAiEKbKmLPavuYM0wJIBdjgytLsg1uWuGc vivian@nord"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+HbsgJTQS6pvnMEI5NPKjIf78z+9A7CTIt3abi+PS6 vivian@eevee" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+HbsgJTQS6pvnMEI5NPKjIf78z+9A7CTIt3abi+PS6 vivian@eevee"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMypFe7cSMgvEI1sdxRtdC+AalXa0ryB/zkO9KmQGOxK vivian@nothing2"
]; ];
# Make me admin # Make me admin
@ -41,5 +41,6 @@
homeDirectory = "/home/vivian"; homeDirectory = "/home/vivian";
stateVersion = "23.05"; stateVersion = "23.05";
}; };
}; };
} }

7
nixos/hosts/hades/bastion/configuration.nix
View file

@ -9,12 +9,5 @@
vault vault
]; ];
environment.noXlibs = lib.mkForce false;
system.stateVersion = "22.11"; system.stateVersion = "22.11";
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "curses";
};
} }

21
nixos/hosts/hades/default.nix
View file

@ -17,6 +17,7 @@
"unifi" = { "unifi" = {
ip = "192.168.0.101"; ip = "192.168.0.101";
mac = "5a:00:b7:6c:d1:e2"; mac = "5a:00:b7:6c:d1:e2";
nix = false;
}; };
"jellyfin" = { "jellyfin" = {
ip = "192.168.0.102"; ip = "192.168.0.102";
@ -44,12 +45,9 @@
}; };
}; };
"tautulli" = { "tautulli" = {
nix = false;
ip = "192.168.0.106"; ip = "192.168.0.106";
mac = "BE:30:DB:F8:C6:55"; mac = "BE:30:DB:F8:C6:55";
exposes.tautulli = {
domain = "tautulli.xirion.net";
port = 8080;
};
}; };
"dns-1" = { "dns-1" = {
ip = "192.168.0.107"; ip = "192.168.0.107";
@ -83,10 +81,6 @@
mac = "00:50:56:91:0d:69"; mac = "00:50:56:91:0d:69";
type = "vm"; type = "vm";
}; };
"immich" = {
ip = "192.168.0.116";
mac = "06:8a:8e:3e:43:45";
};
"mail" = { "mail" = {
ip = "192.168.0.118"; ip = "192.168.0.118";
mac = "00:50:56:91:3b:03"; mac = "00:50:56:91:3b:03";
@ -139,6 +133,7 @@
"attic" = { "attic" = {
ip = "192.168.0.128"; ip = "192.168.0.128";
mac = "9E:AF:E9:FE:D4:D9"; mac = "9E:AF:E9:FE:D4:D9";
nix = false;
exposes.attic = { exposes.attic = {
domain = "attic.xirion.net"; domain = "attic.xirion.net";
port = 8080; port = 8080;
@ -158,16 +153,6 @@
"tudelft" = { "tudelft" = {
ip = "192.168.0.132"; ip = "192.168.0.132";
mac = "AE:B3:93:4B:04:76"; mac = "AE:B3:93:4B:04:76";
exposes = {
grist = {
domain = "grist.tud.0x76.dev";
port = 8484;
};
dex = {
domain = "dex.tud.0x76.dev";
port = 8000;
};
};
nix = false; nix = false;
}; };
"mastodon" = { "mastodon" = {

2
nixos/hosts/hades/dns/configuration.nix
View file

@ -34,6 +34,7 @@
"fedi.xirion.net typetransparent" "fedi.xirion.net typetransparent"
"grist.tud.0x76.dev typetransparent" "grist.tud.0x76.dev typetransparent"
"dex.tud.0x76.dev typetransparent" "dex.tud.0x76.dev typetransparent"
"queer.af typetransparent"
]; ];
local-data = [ local-data = [
@ -51,6 +52,7 @@
''"fedi.xirion.net A 192.168.0.122"'' ''"fedi.xirion.net A 192.168.0.122"''
''"grist.tud.0x76.dev A 192.168.0.122"'' ''"grist.tud.0x76.dev A 192.168.0.122"''
''"dex.tud.0x76.dev A 192.168.0.122"'' ''"dex.tud.0x76.dev A 192.168.0.122"''
''"queer.af A 65.108.48.233"''
]; ];
}; };
} }

6
nixos/hosts/hades/garage/configuration.nix
View file

@ -27,10 +27,10 @@ in {
services.garage = { services.garage = {
enable = true; enable = true;
package = pkgs.garage_0_9; package = pkgs.garage_1;
settings = { settings = {
db_engine = "lmdb"; # Recommended for mastodon db_engine = "lmdb";
replication_mode = "1"; replication_factor = 1;
compression_level = 0; compression_level = 0;
# For inter-node comms # For inter-node comms

3
nixos/hosts/hades/jellyfin/configuration.nix
View file

@ -51,6 +51,9 @@
WS_CRON_IMPORT = "1"; WS_CRON_IMPORT = "1";
WS_CRON_EXPORT = "1"; WS_CRON_EXPORT = "1";
WS_CRON_PROGRESS = "1"; WS_CRON_PROGRESS = "1";
WS_PUSH_ENABLED = "1";
WS_SYNC_PROGRESS = "1";
WS_API_AUTO = "1";
}; };
ports = [ "8080:8080" ]; ports = [ "8080:8080" ];
volumes = [ "/var/lib/watchstate:/config:rw" ]; volumes = [ "/var/lib/watchstate:/config:rw" ];

69
nixos/hosts/hades/lucy/configuration.nix
View file

@ -3,28 +3,6 @@
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ pkgs, ... }: { pkgs, ... }:
# let
# Redefining the package instead of overriding as overriding GoModules seems broken
# see: https://github.com/NixOS/nixpkgs/issues/86349
# _nuclei-latest = pkgs.buildGoModule rec {
# pname = "nuclei";
# version = "2.9.2";
#
# src = pkgs.fetchFromGitHub {
# owner = "projectdiscovery";
# repo = pname;
# rev = "1f9a065713924b28b203e2108fc76d7a1ec49068";
# hash = "sha256-QiegMoBy0gZMyQl2MRAwR14zXeh8wvVonyETdAzHbj0=";
# };
#
# vendorHash = "sha256-0JNwoBqLKH1F/0Tr8o35gCSNT/2plIjIQvZRuzAZ5P8=";
#
# modRoot = "./v2";
# subPackages = [ "cmd/nuclei/" ];
#
# doCheck = false;
# };
# in {
{ {
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];
@ -37,9 +15,13 @@
system.stateVersion = "23.05"; # Did you read the comment? system.stateVersion = "23.05"; # Did you read the comment?
# Additional packages # Additional packages
environment.systemPackages = with pkgs; [ jq wget jre8 ]; environment.systemPackages = with pkgs; [
boot.loader = { jq
wget
jdk17
];
boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot"; efi.efiSysMountPoint = "/boot";
@ -49,28 +31,25 @@
enable = true; enable = true;
allowedTCPPorts = [ 25565 ]; allowedTCPPorts = [ 25565 ];
}; };
users = { users = {
extraUsers = {
laura.extraGroups = [ "wheel" ];
vivian.extraGroups = [ "wheel" ];
julia = {
isNormalUser = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTvqk+CJG4VwN8wg3H1ZdbUVj1JuX7RYKH1ewRKfCPv julia@juliadijkstraarch"
# Below is Evelyn's keys
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDnZSVdqSybDwVooSZ+SGFM0YNu15sO/jgVqCBGDm33wj0fML5T4oviUrY6yABh+eAgy/NAztgM7+6L8Hlze5DBeMwNAvj9gr9QSzUetW0iqCscZJ8dDbW30O9449gw2JY/XZzcFMZAP5QEQGEgG/6QQ3yRwA3DMCsGhQQ37l/aS+RsKYq3ZSN4f1nFJCrm397QB8r+bhaexufXqwumxe8rlefoUNNVnmu54FA8Pc3jSdsWT4s/3mqF6NiRa53w13SBWyS+zopCy1tTSnRszgAkldpE7Vft/QnmpFavAWHzpfArv/uFXQ3fx5Cj5t70zB6VJEtaBxhdKXeQUFBCn7fmwfjV0Un9b8jLW94uDhDD3059trhMvJvqKebuqyZe74MTZH0IC3IobpSb9fHHvxuRwUQOMkkJmjv1p2y2R6v7s2tA1sZlIEBmRDvZcKo4hPBe6q13OePV3O8KAFzCmPBIfE6kQ/nLc+3k9OjFWFTshdDXUYpSVGjNrv/IanCXbEs="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0KA0uOoLXUN4LhU7LgtSk0atWyPlEz5LA8dIXs9xTl"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh victor@aoife"
];
extraGroups = [ "mc" "wheel" ];
};
};
groups.mc = { }; groups.mc = { };
groups.users = { };
extraUsers = {
laura.extraGroups = [ "wheel" ];
vivian.extraGroups = [
"wheel"
"mc"
];
julius = {
isNormalUser = true;
group = "users";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJBY9eQlR/JRnjVC2wKWQ+o02wDlGUlSgN/4e3i6ans"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBt9ie9/XBVPnKo6wENKjEd32hhPqjiQFnn+okXZ0LRT"
];
};
};
}; };
} }

Some files were not shown because too many files have changed in this diff Show more