v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

Compare commits

merge into: v:update_mastodon
Branches Tags
v:new
v:main
v:update_mastodon
v:reboot
v:renovate/renovate-renovate-37.x
...
pull from: v:new
Branches Tags
v:new
v:main
v:update_mastodon
v:reboot
v:renovate/renovate-renovate-37.x
Sign in to create a new pull request.

100 commits
update_mas ... new

Author SHA1 Message Date
Vivian
eff1752c64 Merge branch 'new' of ssh://git.0x76.dev:42/v/infrastructure into new 2025-08-20 21:00:05 +02:00
Vivian
2b1a720c8f add nicotine 2025-08-20 20:59:11 +02:00
Vivian
d49a173439 updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-08-19 13:36:05 +02:00
Vivian
4255553aab updates 2025-08-18 12:56:39 +02:00
Vivian
5c1fc8e86c Merge branch 'new' of ssh://git.0x76.dev:42/v/infrastructure into new 2025-07-21 22:28:49 +02:00
Vivian
34ef9e32c9 remove workflows 2025-07-21 22:28:43 +02:00
Vivian
f833c25447 saleae 2025-07-15 12:08:08 +02:00
Vivian
b32c281fa5 updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-07-11 15:54:24 +02:00
Vivian
1b698c6911 Merge branch 'new' of ssh://git.0x76.dev:42/v/infrastructure into new 2025-07-10 22:04:41 +02:00
Vivian
1b4f2a21d7 update
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-07-09 10:37:47 +02:00
Vivian
ea79340ad6 Merge branch 'new' of ssh://git.0x76.dev:42/v/infrastructure into new 2025-07-02 17:11:41 +02:00
Vivian
bc9bae0c88 updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-06-27 16:00:04 +02:00
Vivian
69cb4f9de6 minor updates 2025-06-26 09:42:14 +02:00
Vivian
2011e03edc minor updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-06-25 15:52:00 +02:00
Vivian
00eedb9a16 update nvim 2025-06-19 19:50:38 +02:00
Vivian
722397ac43 lock
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-06-12 10:09:51 +02:00
Vivian
773df94aa6 config updates 2025-06-05 09:11:36 +02:00
Vivian
4d68f77111 desktop: update progs
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-06-04 23:02:48 +02:00
Vivian
46ec55b24b updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-05-28 14:44:53 +02:00
Vivian
bb43ee4e1d Merge branch 'new' of ssh://git.0x76.dev:42/v/infrastructure into new
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-05-05 15:04:53 +02:00
Vivian
fc075254bb nvim config, mostly 2025-05-05 15:04:48 +02:00
Vivian
10e8aea249 install calibre
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-03-24 12:13:08 +01:00
Vivian
529a7e7767 update lock
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-01-16 11:06:38 +01:00
Vivian
0c216cd3a1 disable auto-move gnome 2025-01-16 10:43:37 +01:00
Vivian
d4f97f528c some updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-01-11 10:58:57 +01:00
Vivian
715d42169e some updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2025-01-08 20:25:20 +01:00
Vivian
002adf25c2 some updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-12-30 21:02:16 +01:00
Vivian
afa692e17d ricing 2024-12-30 10:19:30 +01:00
Vivian
8413ab2e0f hyprlock
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-12-27 14:38:41 +01:00
Vivian
c9fb02840b bit more ricing
Some checks are pending
Lint / lint (push) Waiting to run
Details
2024-12-27 12:04:38 +01:00
Vivian
a24394ecf6 flake update 2024-12-21 14:26:31 +01:00
Vivian
b964998c17 update 2024-12-20 11:27:35 +01:00
Vivian
b0845c833a Fix artifacting of laptop
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-12-17 08:49:56 +01:00
Vivian
bff04dd948 flake update
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-12-10 09:04:19 +01:00
Vivian
52f607e2f4 updated 2024-12-07 11:13:24 +01:00
Vivian
d214e81b23 Merge branch 'new' of ssh://git.0x76.dev:42/v/infrastructure into new
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-12-04 15:23:02 +01:00
Vivian
1e633dd97d update 2024-12-04 15:13:10 +01:00
Vivian
0d2d9f5be5 Merge branch 'new' of ssh://git.0x76.dev:42/v/infrastructure into new
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-11-30 15:53:31 +01:00
Vivian
cc0c0c6538 fix nvidia 2024-11-30 15:53:25 +01:00
Vivian
359c8534f9 update aoife
Some checks are pending
Lint / lint (push) Waiting to run
Details
2024-11-29 20:52:57 +01:00
Vivian
6aa17892b1 updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-11-24 10:38:14 +01:00
Vivian
45a989280b temp disable displaylink & libreoffice due to build failures
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-11-22 13:15:49 +01:00
Vivian
fa2c29d88e update lock
Some checks are pending
Lint / lint (push) Waiting to run
Details
2024-11-22 11:13:10 +01:00
Vivian
cdf9881428 Merge branch 'new' of ssh://git.0x76.dev:42/v/infrastructure into new 2024-11-22 11:12:19 +01:00
Vivian
c253f696a9 small updates
Some checks are pending
Lint / lint (push) Waiting to run
Details
2024-11-22 11:11:28 +01:00
Vivian
7e48aee857 install zed 2024-11-08 12:59:41 +01:00
Vivian
084904a8bc updated 2024-11-05 10:17:35 +01:00
Vivian
17c199069c updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-10-28 12:28:59 +01:00
Vivian
c4b08af314 updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-10-26 09:49:22 +02:00
Vivian
98fb1316e7 updates
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-10-24 22:07:17 +02:00
Vivian
d4dcdef371 :x
Some checks failed
Lint / lint (push) Has been cancelled
Details
2024-10-17 17:30:54 +02:00
Vivian
ccbbb7f26e updates 2024-10-17 17:30:48 +02:00
Vivian
375587cfa4 Merge branch 'new' of ssh://git.0x76.dev:42/v/infrastructure into new 
the commit.
 2024-09-28 19:59:01 +02:00
Vivian
a1cec54ec8 update nvim 2024-09-14 23:45:56 +02:00
Vivian
f0380bbe4e Merge branch 'new' of ssh://git.0x76.dev:42/v/infrastructure into new 2024-09-12 21:23:28 +02:00
Vivian
b745ec7b85 updates 2024-09-12 21:23:26 +02:00
Vivian
1121272da3 fix warnings 2024-09-12 10:26:45 +02:00
Vivian
f42c42b0a7 cleanup & updates 2024-09-09 08:36:20 +02:00
Vivian
c4b8889492 updates 2024-08-23 09:49:49 +02:00
Vivian
07020f01c3 updates 2024-08-19 18:21:56 +02:00
Vivian
d266a48b98 Merge branch 'containers' into new 2024-08-01 11:15:29 +02:00
Vivian
fa23dd9e01 updates 2024-08-01 11:14:27 +02:00
Vivian
a9207d6844 initial setup 2024-07-07 10:58:58 +02:00
Vivian
06f6f5f4a6 disable starship (for now) 2024-07-07 10:14:45 +02:00
Vivian
cfc82b3817 updates 2024-07-07 10:08:10 +02:00
Vivian
a3283256b4 updates 2024-06-08 14:03:24 +02:00
Vivian
f2767b0596 updates 2024-05-02 09:17:40 +02:00
Vivian
f70a18723f various updates 2024-04-24 12:05:59 +02:00
Vivian
46151ed25b various updates 2024-04-03 10:45:17 +02:00
Vivian
ef35ed546e monitor mirroring 2024-04-02 17:54:13 +02:00
Vivian
6215afa533 very simple waybar 2024-03-23 22:48:37 +01:00
Vivian
39c8317c93 fix theming 2024-03-23 20:43:43 +01:00
Vivian
edfe487b8a default hyprland conf 2024-03-23 12:23:57 +01:00
Vivian
d629b5d4ed some cleanup 2024-03-21 20:21:07 +01:00
Vivian
05b317d275 more nvim config 2024-03-21 17:20:29 +01:00
Vivian
123fd7b129 more nvim config 2024-03-21 14:41:17 +01:00
Vivian
586f01ac58 even more nvim config 2024-03-19 17:26:28 +01:00
Vivian
3783ec19c6 more nvim config 2024-03-19 12:37:21 +01:00
Vivian
3a56012932 mold in rust 2024-03-19 10:27:04 +01:00
Vivian
5eefa66896 big nvim updates 2024-03-19 10:14:30 +01:00
Vivian
636e23deb7 various updates 2024-03-18 17:12:51 +01:00
Vivian
89ce2c97d9 some minor config 2024-03-14 11:47:49 +01:00
Vivian
457537462a minor updates 2024-03-04 15:22:52 +01:00
Vivian
4416a21e47 more net sec stuff 2024-02-26 12:19:32 +01:00
Vivian
8d7f778b65 wireshark 2024-02-20 16:18:54 +01:00
Vivian
4960ed0866 aoife updates 2024-02-20 10:56:17 +01:00
Vivian
c2552d39a1 update 2024-02-04 14:27:26 +01:00
Vivian
6d342f9d6e pin kernel to fix flicker 2024-01-26 10:31:50 +01:00
Vivian
166a9cd75a update lock 2024-01-08 10:55:23 +01:00
Vivian
f156c2396f initial implementation of meta 2024-01-05 17:30:26 +01:00
Vivian
dfd934873b fix aoife 2024-01-05 10:45:34 +01:00
Vivian
dcc9d733ae add aoife 2024-01-03 17:01:29 +01:00
Vivian
a04a4bcf3a fix plex_update 2024-01-03 15:53:19 +01:00
Vivian
af2b5a14f2 move pkgs 2024-01-03 15:50:11 +01:00
Vivian
84f07ef08f fix infinite recursion 2024-01-03 15:49:32 +01:00
Vivian
96a07f14dd switch to fup 2024-01-03 12:06:11 +01:00
Vivian
26f8150f49 move common completely 2024-01-03 11:41:04 +01:00
Vivian
23aa68d0fa add modules 2024-01-03 11:40:31 +01:00
Vivian
e913bd96d5 add hm 2024-01-03 11:36:37 +01:00
Vivian
3d63c94742 initial rewrite 2024-01-03 11:33:00 +01:00
147 changed files with 3464 additions and 11902 deletions
Download patch file Download diff file Expand all files Collapse all files

22
.forgejo/workflows/lint.yml
View file

@ -1,22 +0,0 @@
name: Lint
on: [push]
jobs:
lint:
runs-on: docker
env:
container:
image: ghcr.io/catthehacker/ubuntu:js-20.04
steps:
- uses: actions/checkout@v3
- uses: https://github.com/cachix/install-nix-action@v22
env:
with:
nix_path: nixpkgs=channel:nixos-unstable
- run: |
sed -i '/^access-tokens/ d' /etc/nix/nix.conf
nix profile install 'nixpkgs#deadnix' 'nixpkgs#statix' 'nixpkgs#yamllint'
statix check .
deadnix -f
yamllint .

22
.forgejo/workflows/nix.yml
View file

@ -1,22 +0,0 @@
name: Nix
# on: [push]
jobs:
lint:
runs-on: docker
env:
container:
image: ghcr.io/catthehacker/ubuntu:js-20.04
steps:
- uses: actions/checkout@v3
- name: Check Nix flake inputs
uses: https://github.com/DeterminateSystems/flake-checker-action@v5
- uses: https://github.com/cachix/install-nix-action@v22
env:
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Run `nix flake check`
run: |
sed -i '/^access-tokens/ d' /etc/nix/nix.conf
nix run '.#' -- -V

37
.forgejo/workflows/plex_update.yml
View file

@ -1,37 +0,0 @@
name: Plex Update
on:
push:
branches:
- main
- ci
schedule:
- cron: '0 0 * * *'
jobs:
update:
runs-on: docker
container:
image: ghcr.io/catthehacker/ubuntu:js-20.04
steps:
- uses: actions/checkout@v3
- uses: https://github.com/cachix/install-nix-action@v22
with:
nix_path: nixpkgs=channel:nixos-unstable
- env:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
run: |
git config user.name "Forgejo Actions Bot"
git config user.email "<>"
# Run Update script
./nixos/pkgs/plex-pass/update.sh
git add ./nixos/pkgs/plex-pass/
# Push if changed
if git status ./nixos/pkgs/plex-pass/ | grep -q "to be committed"; then
git commit -m "Update Plex"
git push origin main
fi

BIN
assets/wallpaper-nix-pink.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 59 KiB

86
nixos/common/default.nix → common/default.nix
View file

@ -1,30 +1,31 @@
{ lib, pkgs, inputs, config, ... }: { {
imports = lib,
[ ./users ./modules inputs.vault-secrets.nixosModules.vault-secrets ]; inputs,
pkgs,
vault-secrets = ...
let }:
inherit (config.networking) domain hostName; {
server = if domain == "olympus" then "vault" else "vault-0"; imports = [
in ./users
lib.mkIf (domain == "olympus" || domain == "hades") { ./modules
vaultPrefix = "${domain}_secrets/nixos"; ];
vaultAddress = "http://${server}.${domain}:8200/";
approlePrefix = "${domain}-${hostName}";
};
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = {
sharedModules = [ ./hm-modules inputs.nixvim.homeManagerModules.nixvim ]; inherit inputs;
};
sharedModules = [
./hm-modules
inputs.nixvim.homeModules.nixvim
inputs.catppuccin.homeModules.catppuccin
inputs.autostart.homeManagerModules.xdg-autostart
];
}; };
virtualisation.oci-containers.backend = lib.mkDefault "podman"; virtualisation.oci-containers.backend = lib.mkDefault "podman";
# Clean /tmp on boot.
boot.tmp.cleanOnBoot = true;
# Set your time zone. # Set your time zone.
time.timeZone = lib.mkDefault "Europe/Amsterdam"; time.timeZone = lib.mkDefault "Europe/Amsterdam";
@ -33,7 +34,7 @@
# https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255 # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255
systemd.oomd = { systemd.oomd = {
enableRootSlice = true; enableRootSlice = true;
enableUserServices = true; enableUserSlices = true;
}; };
# security.polkit.enable = lib.mkDefault true; # security.polkit.enable = lib.mkDefault true;
@ -41,25 +42,26 @@
# Nix Settings # Nix Settings
nix = { nix = {
registry.nixpkgs.flake = inputs.nixpkgs; # registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; # nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
package = pkgs.nixUnstable; package = pkgs.lix;
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
trusted-users = [ "root" "vivian" ]; trusted-users = [
"root"
"vivian"
];
substituters = [ substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org" "https://nixpkgs-review-bot.cachix.org"
"https://colmena.cachix.org"
# "https://cache.garnix.io"
"https://cachix.cachix.org" "https://cachix.cachix.org"
"https://hyprland.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE=" "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
# "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
]; ];
}; };
optimise = { optimise = {
@ -77,21 +79,23 @@
''; '';
}; };
nixpkgs.config.allowUnfree = true; services = {
# Limit the systemd journal to 100 MB of disk or the
# last 7 days of logs, whichever happens first.
journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
# Limit the systemd journal to 100 MB of disk or the dbus.implementation = "broker";
# last 7 days of logs, whichever happens first.
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
# Enable SSH # Enable SSH
services.openssh = { openssh = {
enable = true; enable = true;
settings = { settings = {
PasswordAuthentication = lib.mkDefault false; PasswordAuthentication = lib.mkDefault false;
PermitRootLogin = lib.mkDefault "no"; PermitRootLogin = lib.mkDefault "no";
};
}; };
}; };

0
nixos/common/desktop/README.md → common/desktop/README.md
View file

67
nixos/common/desktop/default.nix → common/desktop/default.nix
View file

@ -1,4 +1,10 @@
{ pkgs, lib, inputs, ... }: { {
pkgs,
lib,
inputs,
...
}:
{
# Bootloader. # Bootloader.
boot = { boot = {
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
@ -7,36 +13,43 @@
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi"; efi.efiSysMountPoint = "/boot/efi";
}; };
kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; }; kernel.sysctl = lib.mkDefault { "fs.inotify.max_user_watches" = 524288; };
initrd = { initrd = {
systemd.enable = true; systemd.enable = true;
verbose = false; verbose = false;
}; };
}; };
programs.nix-ld.enable = true; # programs.nix-ld.enable = true;
hardware.keyboard.qmk.enable = true; hardware.keyboard.qmk.enable = true;
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users.vivian = import ./home.nix; users.vivian = import ./home.nix;
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = {
inherit inputs;
};
}; };
services = { services = {
pulseaudio.enable = false;
# Enable my config for the gnome desktop environment # Enable my config for the gnome desktop environment
v.gnome.enable = true; v.gnome.enable = lib.mkDefault true;
flatpak.enable = true;
# Enable CUPS to print documents. # Enable CUPS to print documents.
printing.enable = true; printing.enable = true;
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; audio.enable = true;
alsa.support32Bit = true; # alsa.enable = true;
# alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
# If you want to use JACK applications, uncomment this # If you want to use JACK applications, uncomment this
#jack.enable = true; jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default, # use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now) # no need to redefine it in your config for now)
@ -62,19 +75,15 @@
}; };
# Global Packages # Global Packages
environment.systemPackages = with pkgs; [ wireguard-tools sbctl podman-compose ]; environment.systemPackages = with pkgs; [
wireguard-tools
sbctl
]; # ++ (if config.virtualisation.podman.enable then [ pkgs.podman-compose ] else []);
# programs.virt-manager = {
# enable = true;
# };
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
virtualisation = { virtualisation = {
podman.enable = true; podman.enable = lib.mkDefault true;
libvirtd = { libvirtd = {
enable = true; enable = true;
qemu.package = pkgs.qemu_kvm; qemu.package = pkgs.qemu_kvm;
@ -83,30 +92,36 @@
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
material-design-icons material-design-icons
noto-fonts noto-fonts
noto-fonts-cjk noto-fonts-cjk-sans
noto-fonts-emoji noto-fonts-emoji
dejavu_fonts dejavu_fonts
(nerdfonts.override {
fonts = nerd-fonts.dejavu-sans-mono
[ "DejaVuSansMono" "Ubuntu" "DroidSansMono" "NerdFontsSymbolsOnly" ]; nerd-fonts.ubuntu
}) nerd-fonts.droid-sans-mono
nerd-fonts.symbols-only
]; ];
programs = { programs = {
steam = { steam = {
enable = true; enable = true;
# Open ports in the firewall for Steam Remote Play # Open ports in the firewall for Steam Remote Play
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
package = pkgs.steam.override { package = pkgs.steam.override {
extraPkgs = pkgs: with pkgs; [ gamescope mangohud ]; extraPkgs =
pkgs: with pkgs; [
gamescope
mangohud
];
}; };
}; };
gamemode.enable = true;
adb.enable = true; adb.enable = true;
}; };
networking = { networking = {
# Networking # Networking
networkmanager.enable = true; networkmanager.enable = true;

125
common/desktop/home.nix Normal file
View file

@ -0,0 +1,125 @@
{
pkgs,
inputs,
config,
...
}:
let
tex = pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-full;
};
my-python-packages =
ps: with ps; [
cryptography
flask
ipwhois
numpy
pandas
pyasn
pyshark
requests
scapy
z3-solver
];
in
{
home.packages = with pkgs; [
(python3.withPackages my-python-packages)
btop
calibre
celluloid # video player
# cinny-desktop
comma
discord
element-desktop
firefox
foliate # epub reader
gcc
jellyfin-media-player
krita
neofetch
nicotine-plus
nixpkgs-review
qmk
signal-desktop
solo2-cli
spotify
unzip
yt-dlp
(lib.hiPrio (
pkgs.writeShellScriptBin "obsidian" ''
unset WAYLAND_DISPLAY
${pkgs.obsidian}/bin/obsidian
''
))
];
# Enable my own hm modules
themes.v.catppuccin.enable = true;
programs = {
v = {
vscode.enable = true;
nvim.enable = true;
rust.enable = true;
};
zed-editor = {
enable = true;
};
# firefox.enable = true;
chromium = {
enable = true;
extensions = [
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # bitwarden
];
};
direnv = {
enable = true;
nix-direnv.enable = true;
};
zsh = {
enable = true;
sessionVariables = {
DIRENV_LOG_FORMAT = "";
};
};
kitty = {
enable = true;
shellIntegration.enableZshIntegration = true;
};
};
xdg.autoStart = {
packages = with pkgs; [
element-desktop
signal-desktop
firefox
discord
];
};
# Syncthing
services.syncthing.enable = true;
xdg.userDirs =
let
home = config.home.homeDirectory;
in
{
enable = true;
createDirectories = true;
desktop = "${home}/.desktop";
documents = "${home}/cloud/Documents";
download = "${home}/dl";
music = "${home}/cloud/Music";
pictures = "${home}/cloud/Pictures";
publicShare = "${home}/.publicShare";
templates = "${home}/.templates";
videos = "${home}/cloud/Videos";
};
}

4
nixos/common/generic-vm.nix → common/generic-vm.nix
View file

@ -1,5 +1,5 @@
_: { { lib, ... }: {
networking.useDHCP = true; networking.useDHCP = lib.mkDefault true;
# Enable qemu guest agent # Enable qemu guest agent
services.qemuGuest.enable = true; services.qemuGuest.enable = true;

62
common/hm-modules/catppuccin/default.nix Normal file
View file

@ -0,0 +1,62 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.themes.v.catppuccin;
in
{
options.themes.v.catppuccin = {
enable = mkEnableOption "catppuccin";
};
config = mkIf cfg.enable {
catppuccin = {
enable = true;
flavor = "frappe";
accent = "pink";
waybar.enable = false;
mako.enable = false;
rofi.enable = true;
hyprland.enable = true;
kitty.enable = true;
kvantum.enable = true;
};
# home.pointerCursor = {
# name = "Bibata_Ghost";
# size = 24;
# package = pkgs.bibata-cursors-translucent;
# };
programs.kitty = {
# themeFile = "Catppuccin-Frappe";
font.name = "DejaVuSansMono Nerd Font";
};
gtk = {
enable = true;
# iconTheme = {
# name = "Papirus-Dark";
# package = pkgs.papirus-icon-theme.override { color = "violet"; };
# };
# cursorTheme = {
# inherit (config.home.pointerCursor) name package size;
# };
};
qt = {
enable = true;
# platformTheme = "qtct";
style.name = "kvantum";
platformTheme.name = "kvantum";
};
};
}

10
common/hm-modules/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
imports = [
./catppuccin
./nvim
./vscode.nix
./git.nix
./rust.nix
];
}

0
nixos/common/hm-modules/git.nix → common/hm-modules/git.nix
View file

225
common/hm-modules/nvim/default.nix Normal file
View file

@ -0,0 +1,225 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.programs.v.nvim;
in
with lib;
{
options.programs.v.nvim = {
enable = mkEnableOption "nvim";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ fd ];
home.file.".config/nvim/lua".source = ./lua;
programs.nixvim =
{ helpers, ... }:
{
enable = true;
imports = [
./keybinds.nix
./lsp.nix
];
package = pkgs.neovim-unwrapped;
vimAlias = true;
luaLoader.enable = true;
performance = {
# byteCompileLua.enable = true;
# combinePlugins.enable = true;
};
globals.mapleader = " ";
opts = {
number = true;
conceallevel = 2;
expandtab = true;
tabstop = 2;
shiftwidth = 2;
smartindent = true;
title = true;
spell = true;
spelllang = "en_gb";
};
clipboard.providers.wl-copy.enable = true;
extraPlugins = with pkgs.vimPlugins; [
FixCursorHold-nvim
];
extraConfigLua = "";
colorschemes.catppuccin = {
enable = true;
settings.flavour = "frappe";
};
plugins = {
nvim-surround.enable = true;
zen-mode = {
enable = true;
settings = {
window.options = {
number = false;
};
};
};
# codecompanion = {
# enable = true;
#
# };
vimwiki = {
enable = true;
settings = {
list = [
{
ext = ".md";
path = "~/cloud/Notes/";
syntax = "markdown";
}
];
};
};
image = {
enable = false;
settings.backend = "kitty";
};
web-devicons.enable = true;
bufferline.enable = true;
nix.enable = true;
luasnip.enable = true;
startup = {
enable = true;
theme = "my_theme";
};
obsidian = {
enable = false;
settings = {
new_notes_location = "notes_subdir";
notes_subdir = "Unsorted";
daily_notes = {
folder = "Diary/Daily";
};
workspaces = [
{
name = "notes";
path = "~/cloud/Notes";
}
];
completion = {
min_chars = 2;
nvim_cmp = true;
};
picker.name = "telescope.nvim";
};
};
fidget = {
enable = true;
settings = {
progress = {
ignore = [ "ltex" ];
display.done_ttl = 5;
};
notification = {
override_vim_notify = true;
};
};
};
neotest = {
enable = true;
adapters = {
plenary.enable = true;
python.enable = true;
rust = {
enable = true;
settings.args = [ "--no-capture" ];
};
};
};
treesitter = {
enable = true;
nixGrammars = true;
settings = {
highlight.enable = true;
incremental_selection.enable = true;
indent.enable = true;
};
};
# Git
committia.enable = true;
gitsigns.enable = true;
lualine = {
enable = true;
settings.options.theme = "catppuccin";
};
oil = {
enable = true;
};
telescope = {
enable = true;
settings.defaults.preview.ls_short = true;
extensions.file-browser = {
enable = true;
settings = {
hijack_netrw = true;
dir_icon = "";
};
};
extensions.fzf-native.enable = true;
extensions.fzf-native.settings.fuzzy = true;
extensions.frecency.enable = true;
extensions.ui-select.enable = true;
};
comment.enable = true;
vimtex.enable = false;
typst-preview.enable = true;
floaterm.enable = true;
cmp = {
enable = true;
autoEnableSources = true;
settings = {
cmdline.":".sources = [ { name = "path"; } ];
snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
mapping = {
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.close()";
};
sources = [
{ name = "nvim_lsp_signature_help"; }
{ name = "path"; }
{ name = "spell"; }
{
name = "buffer";
# Words from other open buffers can also be suggested.
option.get_bufnrs.__raw = "vim.api.nvim_list_bufs";
}
{ name = "nvim_lsp"; }
{ name = "luasnip"; }
];
};
};
};
};
};
}

195
common/hm-modules/nvim/keybinds.nix Normal file
View file

@ -0,0 +1,195 @@
{ helpers, ... }:
{
keymaps = with helpers; [
# Disable arrow keys
{
mode = "n";
key = "<Up>";
action = "<Nop>";
}
{
mode = "n";
key = "<Down>";
action = "<Nop>";
}
{
mode = "n";
key = "<Left>";
action = "<Nop>";
}
{
mode = "n";
key = "<Right>";
action = "<Nop>";
}
# General
{
mode = "n";
key = "<leader>";
action = ":noh<CR>";
}
# Telescope
{
mode = "n";
key = "<leader>ff";
action = ":Telescope find_files<CR>";
}
{
mode = "n";
key = "<leader>fs";
action = ":Telescope lsp_dynamic_workspace_symbols<CR>";
}
{
mode = "n";
key = "<leader>fg";
action = mkRaw "require('telescope.builtin').live_grep";
}
{
mode = "n";
key = "<leader>fb";
action = ":Telescope buffers<CR>";
}
{
mode = "n";
key = "<leader>fo";
action = ":Telescope oldfiles<CR>";
}
{
mode = "n";
key = "<leader>fr";
action = ":Telescope frecency<CR>";
}
{
mode = "n";
key = "<leader>zf";
action = ":Telescope spell_suggest<CR>";
}
# {
# mode = "n";
#key = "<leader>ob";
# action = mkRaw "require('obsidian_picker').obsidian_picker";
#}
# Commenting
{
mode = "n";
key = "<C-/>";
action = mkRaw "require('Comment.api').toggle.linewise.current";
}
{
mode = "x";
key = "<C-/>";
action = mkRaw ''
function()
local esc = vim.api.nvim_replace_termcodes(
'<ESC>', true, false, true
)
vim.api.nvim_feedkeys(esc, 'nx', false)
require('Comment.api').toggle.linewise(vim.fn.visualmode())
end
'';
}
# Float Term
{
mode = "n";
key = "t";
action = ":FloatermToggle myfloat<CR>";
}
{
mode = "t";
key = "<ESC>";
action = mkRaw "function() vim.cmd(':FloatermToggle myfloat') end";
}
# Switch buffers
{
mode = "n";
key = "<leader>q";
action = ":bd<CR>"; # Delete buffer
}
{
mode = "n";
key = "<leader>s";
action = ":bn<CR>"; # Buffer next
}
{
mode = "n";
key = "<leader>a";
action = ":bp<CR>"; # Buffer previous
}
# Change Indenting
{
mode = "i";
key = "<S-Tab>";
action = "<C-o><<";
}
{
mode = "n";
key = "<S-Tab>";
action = "<<_";
}
{
mode = "n";
key = "<Tab>";
action = ">>_";
}
{
mode = "v";
key = "<Tab>";
action = ">gv";
}
{
mode = "v";
key = "<S-Tab>";
action = "<gv";
}
# Neotest
{
mode = "n";
key = "<leader>nr";
action = mkRaw "require('neotest').run.run";
}
{
mode = "n";
key = "<leader>no";
action = mkRaw "require('neotest').output.open";
}
{
mode = "n";
key = "<leader>ns";
action = mkRaw "require('neotest').run.stop";
}
{
mode = "n";
key = "<leader>nf";
action = mkRaw "function() require('neotest').run.run(vim.fn.expand('%')) end";
}
# LSP
{
mode = "n";
key = "<M-CR>";
action = mkRaw "vim.lsp.buf.code_action";
}
{
mode = "n";
key = "<leader>e";
action = mkRaw "vim.diagnostic.open_float";
}
# oil
{
mode = "n";
key = "_";
action = "<CMD>Oil<CR>";
}
# Tiny mist (Typst)
# {
# mode = "n";
# key = "<leader>tp";
# action = mkRaw ''
# client:exec_cmd({
# title = "pin",
# command = "tinymist.pinMain",
# arguments = { vim.api.nvim_buf_get_name(0) },
# }, { bufnr = bufnr })
# '';
# }
];
}

127
common/hm-modules/nvim/lsp.nix Normal file
View file

@ -0,0 +1,127 @@
{ pkgs, ... }:
{
plugins = {
rustaceanvim = {
enable = true;
settings = {
auto_attach = true;
server = {
standalone = false;
default_settings = {
rust-analyzer = {
inlayHints = {
lifetimeElisionHints = {
enable = "always";
};
};
cargo.features = "all";
check = {
command = "clippy";
};
cachePriming.enable = false;
};
};
};
};
};
lsp = {
enable = true;
inlayHints = true;
keymaps = {
lspBuf = {
K = "hover";
gD = "references";
gd = "definition";
gi = "implementation";
gt = "type_definition";
"<leader>rn" = "rename";
"g=" = "format";
};
diagnostic = {
"<leader>j" = "goto_next";
"<leader>k" = "goto_prev";
};
};
servers = {
cssls.enable = true;
nil_ls.enable = true; # NixOS
dockerls.enable = true;
rust_analyzer = {
enable = false;
installCargo = false;
installRustc = false;
};
# pyright.enable = true;
# pylsp = {
# enable = true;
# settings.plugins = {
# black = {
# enabled = true;
# cache_config = true;
# };
# pycodestyle = {
# maxLineLength = 100;
# };
# };
# };
elixirls.enable = true;
clangd.enable = true;
yamlls.enable = true;
lua_ls.enable = true;
tinymist = {
enable = true;
rootMarkers = [ "main.typ" ];
onAttach.function = ''
vim.keymap.set("n", "<leader>tp", function()
client:exec_cmd({
title = "pin",
command = "tinymist.pinMain",
arguments = { vim.api.nvim_buf_get_name(0) },
}, { bufnr = bufnr })
end, { desc = "[T]inymist [P]in", noremap = true })
vim.keymap.set("n", "<leader>tu", function()
client:exec_cmd({
title = "unpin",
command = "tinymist.pinMain",
arguments = { vim.v.null },
}, { bufnr = bufnr })
end, { desc = "[T]inymist [U]npin", noremap = true })
'';
settings = {
formatterMode = "typstyle"; # or "typstfmt"
};
};
};
};
trouble.enable = true;
lspkind.enable = true;
lspsaga = {
enable = true;
lightbulb.enable = false;
};
nvim-lightbulb = {
enable = true;
settings = {
autocmd.enabled = true;
number.enabled = true;
};
};
none-ls = {
enable = true;
sources = {
formatting = {
nixfmt = {
enable = true;
package = pkgs.nixfmt-rfc-style;
};
};
};
};
};
}

48
common/hm-modules/nvim/lua/obsidian_picker.lua Normal file
View file

@ -0,0 +1,48 @@
local pickers = require "telescope.pickers"
local finders = require "telescope.finders"
local conf = require("telescope.config").values
local actions = require("telescope.actions")
local action_state = require("telescope.actions.state")
local obsidian_commands = require("obsidian.commands").commands
local results = {}
for key, _ in pairs(obsidian_commands) do
table.insert(results, string.sub(key, 9))
end
Local = 100
local Local = 3
print(Local)
local obsidian_picker = function(opts)
opts = opts or require("telescope.themes").get_dropdown{}
pickers.new(opts, {
prompt_title = "Obsidian",
finder = finders.new_table {
results = results,
-- entry_maker = function(entry)
-- return {
-- value = entry,
-- display = entry[1],
-- ordinal = entry[1],
-- }
-- end
},
sorter = conf.generic_sorter(opts),
attach_mappings = function(prompt_bufnr, map)
actions.select_default:replace(function()
actions.close(prompt_bufnr)
local selection = action_state.get_selected_entry()
vim.cmd(':Obsidian' .. selection[1])
end)
return true
end,
}):find()
end
-- obsidian_picker()
return {
obsidian_picker = obsidian_picker
}

75
common/hm-modules/nvim/lua/startup/themes/my_theme.lua Normal file
View file

@ -0,0 +1,75 @@
local settings = {
-- every line should be same width without escaped \
header = {
type = "text",
oldfiles_directory = false,
align = "center",
fold_section = false,
title = "Header",
margin = 5,
content = {
" ███╗ ██╗ ███████╗ ██████╗ ██╗ ██╗ ██╗ ███╗ ███╗",
" ████╗ ██║ ██╔════╝██╔═══██╗ ██║ ██║ ██║ ████╗ ████║",
" ██╔██╗ ██║ █████╗ ██║ ██║ ██║ ██║ ██║ ██╔████╔██║",
" ██║╚██╗██║ ██╔══╝ ██║ ██║ ╚██╗ ██╔╝ ██║ ██║╚██╔╝██║",
" ██║ ╚████║ ███████╗╚██████╔╝ ╚████╔╝ ██║ ██║ ╚═╝ ██║",
" ╚═╝ ╚═══╝ ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝ ╚═╝",
},
highlight = "Statement",
default_color = "",
oldfiles_amount = 0,
},
-- name which will be displayed and command
body = {
type = "mapping",
oldfiles_directory = false,
align = "center",
fold_section = false,
title = "Basic Commands",
margin = 5,
content = {
{ " Find File", "Telescope find_files", "<leader>ff"},
{ "󰍉 Find Word ", "Telescope live_grep", "<leader>fg"},
{ " Recent Files", "Telescope oldfiles", "<leader>fo"},
{ " File Browser", "Telescope file_browser", "<leader>fs"},
{ " New File", "lua require'startup'.new_file()", "<leader>nf"},
},
highlight = "String",
default_color = "",
oldfiles_amount = 0,
},
footer = {
type = "text",
oldfiles_directory = false,
align = "center",
fold_section = false,
title = "Footer",
margin = 5,
content = { "bottom text" },
highlight = "Number",
default_color = "",
oldfiles_amount = 0,
},
options = {
mapping_keys = true,
cursor_column = 0.5,
empty_lines_between_mappings = true,
disable_statuslines = true,
paddings = { 1, 3, 3, 0 },
},
mappings = {
execute_command = "<CR>",
open_file = "o",
open_file_split = "<c-o>",
open_section = "<TAB>",
open_help = "?",
},
colors = {
background = "#1f2227",
folded_section = "#56b6c2",
},
parts = { "header", "body", "footer" },
}
return settings

35
common/hm-modules/nvim/obsidian_picker.lua Normal file
View file

@ -0,0 +1,35 @@
local pickers = require "telescope.pickers"
local finders = require "telescope.finders"
local conf = require("telescope.config").values
local actions = require("telescope.actions")
local action_state = require("telescope.actions.state")
local obsidian_commands = require("obsidian.commands").commands
local results = {}
for key, _ in pairs(obsidian_commands) do
table.insert(results, string.sub(key, 9))
end
local obsidian_picker = function(opts)
opts = opts or require("telescope.themes").get_dropdown {}
pickers.new(opts, {
prompt_title = "Obsidian",
finder = finders.new_table {
results = results,
},
sorter = conf.generic_sorter(opts),
attach_mappings = function(prompt_bufnr, map)
actions.select_default:replace(function()
actions.close(prompt_bufnr)
local selection = action_state.get_selected_entry()
vim.cmd(':Obsidian' .. selection[1])
end)
return true
end,
}):find()
end
return {
obsidian_picker = obsidian_picker
}

41
common/hm-modules/rust.nix Normal file
View file

@ -0,0 +1,41 @@
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.programs.v.rust;
in
{
options.programs.v.rust.enable = mkEnableOption "rust";
config = mkIf cfg.enable {
home = {
packages = with pkgs; [
bacon
rustup
cargo-binutils
cargo-nextest
cargo-msrv
cargo-dist
cargo-cross
cargo-generate
];
file.".cargo/config.toml".text = ''
[registries.crates-io]
protocol = "sparse"
[build]
rustc-wrapper = "${pkgs.sccache}/bin/sccache"
[profile.rust-analyzer]
inherits = "dev"
'';
sessionPath = [ "$HOME/.cargo/bin" ];
};
};
}

115
common/hm-modules/vscode.nix Normal file
View file

@ -0,0 +1,115 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.programs.v.vscode;
in
{
options.programs.v.vscode = {
enable = mkEnableOption "vscode";
};
config = mkIf cfg.enable {
programs.vscode = {
enable = true;
package = pkgs.vscode;
profiles.default = {
userSettings = {
"ltex.language" = "en-GB";
"latex-workshop.linting.chktex.enabled" = true;
"latex-workshop.latex.clean.subfolder.enabled" = true;
"latex-workshop.latex.outDir" = "%TMPDIR%/%RELATIVE_DOC%";
"editor.fontFamily" = "'DejaVuSansMono Nerd Font', 'monospace', monospace";
"keyboard.dispatch" = "keyCode";
"rust-analyzer.server.path" = "${pkgs.rust-analyzer}/bin/rust-analyzer";
"rust-analyzer.check.extraArgs" = [
"--profile"
"rust-analyzer"
];
"rust-analyzer.check.command" = "clippy";
"terminal.integrated.defaultProfile.linux" = "zsh";
"nix.enableLanguageServer" = true; # Enable LSP.
"nix.serverPath" = "${pkgs.nil}/bin/nil";
"[nix]" = {
"editor.defaultFormatter" = "brettm12345.nixfmt-vscode";
};
"[python]" = {
"editor.formatOnType" = true;
};
"debug.allowBreakpointsEverywhere" = true;
"C_Cpp.clang_format_fallbackStyle" = "{ BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 0}";
# "crates.compatibleDecorator" = "✓";
# "crates.errorDecorator" = "✗";
# "crates.incompatibleDecorator" = "🛇";
# Verilog
"verilog.formatting.verilogHDL.formatter" = "verible-verilog-format";
"verilog.languageServer.svls.enabled" = true;
"verilog.languageServer.svls.path" = "${pkgs.svls}/bin/svls";
"verilog.languageServer.veribleVerilogLs.enabled" = true;
"verilog.languageServer.veribleVerilogLs.path" = "${pkgs.verible}/bin/verible-verilog-ls";
"verilog.formatting.veribleVerilogFormatter.path" = "${pkgs.verible}/bin/verible-verilog-format";
"verilog.linting.linter" = "verilator";
"verilog.linting.path" = "${pkgs.verilator}/bin/verilator";
"[verilog]" = {
"editor.defaultFormatter" = "mshr-h.veriloghdl";
};
# Don't index unecessary things
"files.exclude" = {
"**/.vscode" = true;
"**/.git" = true;
"**/.svn" = true;
"**/.hg" = true;
"**/.deps" = true;
"**/CVS" = true;
"**/.DS_Store" = true;
"/bin" = true;
"/boot" = true;
"/cdrom" = true;
"/dev" = true;
"/proc" = true;
"/etc" = true;
"/nix" = true;
};
};
extensions = with pkgs.vscode-extensions; [
brettm12345.nixfmt-vscode
# catppuccin.catppuccin-vsc
codezombiech.gitignore
codezombiech.gitignore
davidlday.languagetool-linter
editorconfig.editorconfig
foxundermoon.shell-format
github.copilot
github.copilot-chat
github.vscode-github-actions
james-yu.latex-workshop
jnoortheen.nix-ide
mkhl.direnv
ms-vscode-remote.remote-ssh
ms-vscode.cpptools
ms-vsliveshare.vsliveshare
mshr-h.veriloghdl
# platformio.platformio-ide
redhat.vscode-xml
redhat.vscode-yaml
rust-lang.rust-analyzer
skellock.just
sumneko.lua
tamasfe.even-better-toml
vadimcn.vscode-lldb
vadimcn.vscode-lldb
valentjn.vscode-ltex
vscodevim.vim
xaver.clang-format
continue.continue
];
};
};
};
}

11
common/modules/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }: {
imports = [
./meta.nix
./nginx.nix
./dns.nix
./flood.nix
./gnome
./unpackerr.nix
./vault.nix
];
}

30
nixos/common/modules/dns.nix → common/modules/dns.nix
View file

@ -1,18 +1,22 @@
{ config, pkgs, lib, hosts, flat_hosts, ... }: { config, pkgs, lib, self, ... }:
# DNS Module to set up Unbound DNS with all my hosts in the config # DNS Module to set up Unbound DNS with all my hosts in the config
# Used for DNS Servers and my laptop # Used for DNS Servers and my laptop
with lib; with lib;
let let
inherit (builtins) filter hasAttr attrNames; inherit (builtins) filter attrValues;
domains = attrNames hosts; domains = [ "hades" "olympus" "thalassa" ];
ipv4Host = filter (hasAttr "ip") flat_hosts; mapConfig = host: {
ipv6Hosts = filter (hasAttr "ip6") flat_hosts; inherit (host.config.networking) hostName domain;
inherit (host.config.meta) ipv4 ipv6;
};
hosts = (map mapConfig (attrValues self.nixosConfigurations));
ipv4Hosts = filter (v: v.ipv4 != null) hosts;
ipv6Hosts = filter (v: v.ipv6 != null) hosts;
localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"''; localData = { hostName, domain, ipv4, ... }: ''"${hostName}.${domain}. A ${ipv4}"'';
local6Data = { hostname, realm, ip6, ... }: local6Data = { hostName, domain, ipv6, ... }: ''"${hostName}.${domain}. AAAA ${ipv6}"'';
''"${hostname}.${realm}. AAAA ${ip6}"''; ptrData = { hostName, domain, ipv4, ... }: ''"${ipv4} ${hostName}.${domain}"'';
ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"''; ptr6Data = { hostName, domain, ipv6, ... }: ''"${ipv6} ${hostName}.${domain}"'';
ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"'';
cfg = config.services.v.dns; cfg = config.services.v.dns;
in { in {
@ -37,7 +41,7 @@ in {
}; };
mode = mkOption { mode = mkOption {
type = enum [ "server" "laptop" ]; type = types.enum [ "server" "laptop" ];
default = "laptop"; default = "laptop";
description = '' description = ''
Whether to configure the DNS in server mode (listen on all interfaces) or laptop mode (just on localhost) Whether to configure the DNS in server mode (listen on all interfaces) or laptop mode (just on localhost)
@ -69,8 +73,8 @@ in {
local-zone = local-zone =
map (localdomain: ''"${localdomain}}." transparent'') domains; map (localdomain: ''"${localdomain}}." transparent'') domains;
local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts); local-data = (map localData ipv4Hosts) ++ (map local6Data ipv6Hosts);
local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts); local-data-ptr = (map ptrData ipv4Hosts) ++ (map ptr6Data ipv6Hosts);
private-address = [ private-address = [
"127.0.0.0/8" "127.0.0.0/8"

6
nixos/common/modules/flood.nix → common/modules/flood.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib; with lib;
let cfg = config.services.flood; let cfg = config.services.v.flood;
in { in {
options.services.flood = { options.services.v.flood = {
enable = mkEnableOption "flood"; enable = mkEnableOption "flood";
user = mkOption { user = mkOption {
@ -94,7 +94,7 @@ in {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Enable SSL. Enable SSL.
key.pem and fullchain.pem needed in runtime directory. key.pem and fullchain.pem needed in runtime directory.
''; '';
}; };

87
nixos/common/modules/gnome/default.nix → common/modules/gnome/default.nix
View file

@ -1,11 +1,14 @@
{ config, pkgs, lib, inputs, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let cfg = config.services.v.gnome; let
in { cfg = config.services.v.gnome;
imports = [ in
inputs.gnome-autounlock-keyring.nixosModules.default {
];
options.services.v.gnome = { options.services.v.gnome = {
enable = mkEnableOption "v.gnome"; enable = mkEnableOption "v.gnome";
hm = mkOption { hm = mkOption {
@ -33,17 +36,17 @@ in {
xserver = { xserver = {
enable = true; enable = true;
excludePackages = [ pkgs.xterm ]; excludePackages = [ pkgs.xterm ];
# Configure keymap in X11 # Configure keymap in X11
xkb = {
layout = "us"; layout = "us";
xkbVariant = "altgr-intl"; variant = "altgr-intl";
};
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
}; };
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = lib.mkDefault true;
desktopManager.gnome.enable = true;
udev.packages = with pkgs; [ gnome-settings-daemon ];
dbus.enable = true; dbus.enable = true;
udisks2.enable = true; udisks2.enable = true;
}; };
@ -52,35 +55,49 @@ in {
# Add Home-manager dconf stuff # Add Home-manager dconf stuff
home-manager.sharedModules = mkIf cfg.hm [ ./hm.nix ]; home-manager.sharedModules = mkIf cfg.hm [ ./hm.nix ];
environment.gnome.excludePackages =
(with pkgs; [ gnome-photos gnome-tour gnome-connections ]) environment.gnome.excludePackages = (
++ (with pkgs.gnome; [ with pkgs;
atomix # puzzle game [
gnome-photos
gnome-tour
gnome-connections
gnome-calendar
epiphany # web browser epiphany # web browser
geary # email reader geary # email reader
gedit # text editor
gnome-calendar
gnome-clocks
gnome-contacts
gnome-maps
gnome-music
gnome-notes
gnome-terminal
gnome-weather
hitori # sudoku game
iagno # go game
simple-scan # document scanner simple-scan # document scanner
tali # poker game
totem # video player totem # video player
]); gnome-terminal
gnome-contacts
atomix # puzzle game
gnome-maps
gedit # text editor
gnome-music
gnome-clocks
iagno # go game
tali # poker game
hitori # sudoku game
gnome-notes
gnome-weather
gnome-software
]
);
services.gnome.evolution-data-server.enable = lib.mkForce false;
services.gnome.gnome-online-accounts.enable = false;
services.gnome.gnome-remote-desktop.enable = false;
services.gnome.gnome-user-share.enable = false;
services.gnome.rygel.enable = false;
services.gnome.tinysparql.enable = false;
services.gnome.localsearch.enable = false;
# Services required for gnome # Services required for gnome
programs.dconf.enable = true; programs.dconf.enable = true;
# Extra gnome packages # Extra gnome packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gnome.gnome-tweaks gnome-tweaks
gnome.gnome-boxes gnome-boxes
]; ];
}; };
} }

166
common/modules/gnome/hm.nix Normal file
View file

@ -0,0 +1,166 @@
{ lib, pkgs, ... }:
with lib.hm.gvariant;
let
inherit (builtins) attrNames map;
inherit (lib.attrsets) mapAttrs' nameValuePair;
generate_custom_keybindings =
binds:
{
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = map (
name: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}/"
) (attrNames binds);
};
}
// mapAttrs' (
name: nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}"
) binds;
in
{
xdg.mimeApps.enable = true;
xdg.mimeApps.defaultApplications = {
"text/plain" = "org.gnome.TextEditor.desktop";
"application/pdf" = "org.gnome.Evince.desktop";
# Firefox
"text/html" = "firefox.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/chrome" = "firefox.desktop";
"application/x-extension-htm" = "firefox.desktop";
"application/x-extension-shtml" = "firefox.desktop";
"application/xhtml+xml" = "firefox.desktop";
"application/x-extension-xhtml" = "firefox.desktop";
"application/x-extension-xht" = "firefox.desktop";
"application/x-extension-html" = "firefox.desktop";
# Images
"image/bmp" = "org.gnome.Loupe.desktop";
"image/gif" = "org.gnome.Loupe.desktop";
"image/jpg" = "org.gnome.Loupe.desktop";
"image/pjpeg" = "org.gnome.Loupe.desktop";
"image/png" = "org.gnome.Loupe.desktop";
"image/tiff" = "org.gnome.Loupe.desktop";
"image/webp" = "org.gnome.Loupe.desktop";
"image/x-bmp" = "org.gnome.Loupe.desktop";
"image/x-gray" = "org.gnome.Loupe.desktop";
"image/x-icb" = "org.gnome.Loupe.desktop";
"image/x-ico" = "org.gnome.Loupe.desktop";
"image/x-png" = "org.gnome.Loupe.desktop";
"image/x-portable-anymap" = "org.gnome.Loupe.desktop";
"image/x-portable-bitmap" = "org.gnome.Loupe.desktop";
"image/x-portable-graymap" = "org.gnome.Loupe.desktop";
"image/x-portable-pixmap" = "org.gnome.Loupe.desktop";
"image/x-xbitmap" = "org.gnome.Loupe.desktop";
"image/x-xpixmap" = "org.gnome.Loupe.desktop";
"image/x-pcx" = "org.gnome.Loupe.desktop";
"image/svg+xml" = "org.gnome.Loupe.desktop";
"image/svg+xml-compressed" = "org.gnome.Loupe.desktop";
"image/vnd.wap.wbmp" = "org.gnome.Loupe.desktop";
"image/x-icns" = "org.gnome.Loupe.desktop";
};
dconf.settings =
{
"org/gnome/shell" = {
disable-user-extensions = false;
enabled-extensions = with pkgs.gnomeExtensions; [
auto-move-windows.extensionUuid
];
};
# "org/gnome/shell/extensions/auto-move-windows" = {
# application-list = [
# "element-desktop.desktop:1"
# "discord.desktop:1"
# "firefox.desktop:2"
# "obsidian.desktop:3"
# ];
# };
"org/gnome/desktop/input-sources" = {
sources = [
(mkTuple [
"xkb"
"us+altgr-intl"
])
];
xkb-options = [ "terminate:ctrl_alt_bksp" ];
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/mutter" = {
attach-modal-dialogs = true;
dynamic-workspaces = false;
edge-tiling = true;
focus-change-on-pointer-rest = true;
workspaces-only-on-primary = true;
};
"org/gnome/mutter/keybindings" = {
toggle-tiled-left = [ "<Super>bracketleft" ];
toggle-tiled-right = [ "<Super>bracketright" ];
};
"org/gnome/shell/keybindings" = {
toggle-overview = [ "<Super>d" ];
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
"org/gnome/desktop/wm/preferences" = {
auto-raise = false;
num-workspaces = 6;
focus-mode = "sloppy";
};
"org/gnome/desktop/wm/keybindings" = {
raise-or-lower = [ "<Super>s" ];
switch-applications = [ "<Super>Tab" ];
switch-applications-backward = [ "<Super>Tab" ];
move-to-workspace-1 = [ "<Shift><Super>1" ];
move-to-workspace-2 = [ "<Shift><Super>2" ];
move-to-workspace-3 = [ "<Shift><Super>3" ];
move-to-workspace-4 = [ "<Shift><Super>4" ];
move-to-workspace-5 = [ "<Shift><Super>5" ];
move-to-workspace-6 = [ "<Shift><Super>6" ];
switch-to-workspace-1 = [ "<Super>1" ];
switch-to-workspace-2 = [ "<Super>2" ];
switch-to-workspace-3 = [ "<Super>3" ];
switch-to-workspace-4 = [ "<Super>4" ];
switch-to-workspace-5 = [ "<Super>5" ];
switch-to-workspace-6 = [ "<Super>6" ];
toggle-fullscreen = [ "<Super><Shift>M" ];
toggle-maximized = [ "<Super>m" ];
close = [ "<Super>Q" ];
};
"org/gnome/tweaks" = {
show-extensions-notice = false;
};
"org/gnome/boxes" = {
first-run = false;
};
}
// generate_custom_keybindings {
"terminal" = {
binding = "<Super>Return";
command = "${pkgs.kitty}/bin/kitty";
name = "Open Terminal";
};
"firefox" = {
binding = "<Super>f";
command = "firefox";
name = "Open Firefox";
};
};
}

89
common/modules/meta.nix Normal file
View file

@ -0,0 +1,89 @@
{ lib, config, ... }:
with lib;
let
exposesOpts = {
options = {
domain = mkOption {
type = types.str;
example = "<name>.example.com";
description = lib.mdDoc ''
The domain under which this service should be available
'';
};
port = mkOption {
type = types.int;
default = 80;
example = 4242;
description = lib.mdDoc ''
The port under which the service runs on the host
'';
};
};
};
in {
options.meta = {
exposes = mkOption {
type = with types; attrsOf (submodule exposesOpts);
default = { };
description = ''
Exposed services
'';
};
ipv4 = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Host's IPv4 Address
'';
};
ipv6 = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Host's IPv6 address
'';
};
mac = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Own MAC Address
'';
};
isLaptop = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Is this host a Laptop (i.e. no DNS entries should be made).
'';
};
realm = mkOption {
readOnly = true;
type = types.nullOr (types.enum [ "thalassa" "hades" "olympus" ]);
default = config.networking.domain;
defaultText = literalExpression "config.network.domain";
};
};
config = {
# TODO: Open Firewall
assertions = [
# {
# assertion = config.meta.mac != null;
# message =
# "${config.networking.fqdnOrHostName} is missing a mac address";
# }
# {
# assertion = !config.meta.isLaptop -> config.meta.ipv4 != null;
# message =
# "${config.networking.fqdnOrHostName} needs ipv4 address set as it is not a laptop";
# }
];
};
}

0
nixos/common/modules/nginx.nix → common/modules/nginx.nix
View file

0
nixos/common/modules/unpackerr.nix → common/modules/unpackerr.nix
View file

0
nixos/common/modules/vault.nix → common/modules/vault.nix
View file

32
nixos/common/users/default.nix → common/users/default.nix
View file

@ -1,5 +1,16 @@
{ config, pkgs, lib, ... }: { {
imports = [ ./laura.nix ./vivian.nix ./jonathan.nix ]; config,
pkgs,
lib,
inputs,
...
}:
{
imports = [
./laura.nix
./vivian.nix
./jonathan.nix
];
programs = { programs = {
# Setup ZSH to use grml config # Setup ZSH to use grml config
@ -11,12 +22,15 @@
interactiveShellInit = '' interactiveShellInit = ''
source "${pkgs.grml-zsh-config}/etc/zsh/zshrc" source "${pkgs.grml-zsh-config}/etc/zsh/zshrc"
export FZF_DEFAULT_COMMAND="${pkgs.ripgrep}/bin/rg --files --follow" export FZF_DEFAULT_COMMAND="${pkgs.ripgrep}/bin/rg --files --follow"
source "${pkgs.fzf}/share/fzf/key-bindings.zsh" export FZF_CTRL_T_COMMAND="$FZF_DEFAULT_COMMAND"
source "${pkgs.fzf}/share/fzf/completion.zsh" export FZF_CTRL_R_COMMAND="$FZF_DEFAULT_COMMAND"
eval "$(${pkgs.zoxide}/bin/zoxide init zsh)" eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
eval "$(${pkgs.fzf}/bin/fzf --zsh)"
export TEMPDIRS="$HOME/tmp"
''; '';
# otherwise it'll override the grml prompt # otherwise it'll override the grml prompt
promptInit = ""; promptInit = lib.mkDefault "";
}; };
# Install Neovim and set it as alias for vi(m) # Install Neovim and set it as alias for vi(m)
@ -36,8 +50,7 @@
# Configure the root account # Configure the root account
users.extraUsers.root = { users.extraUsers.root = {
# Allow my SSH keys for logging in as root. # Allow my SSH keys for logging in as root.
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys = config.users.extraUsers.vivian.openssh.authorizedKeys.keys;
config.users.extraUsers.vivian.openssh.authorizedKeys.keys;
# Also use zsh for root # Also use zsh for root
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
@ -54,6 +67,9 @@
ripgrep ripgrep
rsync rsync
zoxide zoxide
# Terminfo
kitty.terminfo
]; ];
programs.tmux = { programs.tmux = {
@ -66,6 +82,4 @@
setw -g mouse on setw -g mouse on
''; '';
}; };
} }

0
nixos/common/users/jonathan.nix → common/users/jonathan.nix
View file

6
nixos/common/users/laura.nix → common/users/laura.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
users.extraUsers.laura = { users.extraUsers.laura = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; shell = pkgs.zsh;
@ -6,9 +7,10 @@
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIlFUUXbwOkhNUjoA6zueTdRuaylgpgFqSe/xWGK9zb laura@zmeura" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIlFUUXbwOkhNUjoA6zueTdRuaylgpgFqSe/xWGK9zb laura@zmeura"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkk9/80askWhInQk03JMntF6SThAYkFZNm+lIGt4E7 laura@mura" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkk9/80askWhInQk03JMntF6SThAYkFZNm+lIGt4E7 laura@mura"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxoq/J/0ad3AOK/CxPvsIGQjRUzURSuNAtmNOqUmKcr laura@cherry"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMKbP2/vNTybDoEwdFaQvAI1zCVpdTBN25avfeCV0jP laura@bosbes"
]; ];
extraGroups = [ ]; extraGroups = [ ];
}; };
} }

3
nixos/common/users/vivian.nix → common/users/vivian.nix
View file

@ -12,9 +12,9 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 vivian@bastion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 vivian@bastion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB vivian@bastion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB vivian@bastion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh vivian@aoife" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh vivian@aoife"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBMTCUjDbDjAiEKbKmLPavuYM0wJIBdjgytLsg1uWuGc vivian@nord"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+HbsgJTQS6pvnMEI5NPKjIf78z+9A7CTIt3abi+PS6 vivian@eevee" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+HbsgJTQS6pvnMEI5NPKjIf78z+9A7CTIt3abi+PS6 vivian@eevee"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMypFe7cSMgvEI1sdxRtdC+AalXa0ryB/zkO9KmQGOxK vivian@nothing2"
]; ];
# Make me admin # Make me admin
@ -41,6 +41,5 @@
homeDirectory = "/home/vivian"; homeDirectory = "/home/vivian";
stateVersion = "23.05"; stateVersion = "23.05";
}; };
}; };
} }

1695
flake.lock generated
View file

File diff suppressed because it is too large Load diff

260
flake.nix
View file

@ -6,7 +6,7 @@
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable"; nixpkgs.url = "nixpkgs/nixos-unstable";
nixpkgs_stable.url = "nixpkgs/nixos-23.05"; flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
colmena.url = "github:zhaofengli/colmena"; colmena.url = "github:zhaofengli/colmena";
deploy.url = "github:serokell/deploy-rs"; deploy.url = "github:serokell/deploy-rs";
@ -17,13 +17,7 @@
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
riff.url = "github:DeterminateSystems/riff"; mailserver.url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git";
webcord.url = "github:fufexan/webcord-flake";
comma.url = "github:nix-community/comma";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
mailserver.inputs.nixpkgs.follows = "nixpkgs"; mailserver.inputs.nixpkgs.follows = "nixpkgs";
nixvim.url = "github:pta2002/nixvim"; nixvim.url = "github:pta2002/nixvim";
@ -33,132 +27,172 @@
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
lanzaboote = { lanzaboote.url = "github:nix-community/lanzaboote";
url = "github:nix-community/lanzaboote"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
vault-unseal.url = "git+https://git.0x76.dev/v/vault-unseal.git"; vault-unseal.url = "git+https://git.0x76.dev/v/vault-unseal.git";
vault-unseal.inputs.nixpkgs.follows = "nixpkgs";
gnome-autounlock-keyring.url = "git+https://git.0x76.dev/v/gnome-autounlock-keyring.git"; gnome-autounlock-keyring.url = "git+https://git.0x76.dev/v/gnome-autounlock-keyring.git";
attic.url = "github:zhaofengli/attic"; t.url = "github:jdonszelmann/t-rs";
t.inputs.nixpkgs.follows = "nixpkgs";
attic.url = "github:zhaofengli/attic";
attic.inputs.nixpkgs.follows = "nixpkgs";
catppuccin.url = "github:catppuccin/nix";
# Website(s)
essentials.url = "github:jdonszelmann/essentials"; essentials.url = "github:jdonszelmann/essentials";
essentials.inputs.nixpkgs.follows = "nixpkgs";
autostart.url = "github:Zocker1999NET/home-manager-xdg-autostart";
hyprland-qtutils.url = "github:hyprwm/hyprland-qtutils";
}; };
outputs = outputs =
{ self {
, nixpkgs self,
, nixpkgs_stable nixpkgs,
, vault-secrets flake-utils-plus,
, colmena nur,
, nixos-generators attic,
, nur deploy,
, attic home-manager,
, deploy gnome-autounlock-keyring,
, ... lanzaboote,
t,
catppuccin,
...
}@inputs: }@inputs:
let let
inherit (nixpkgs) lib; pkgs = self.pkgs.x86_64-linux.nixpkgs;
util = import ./nixos/util.nix inputs;
inherit (util) hosts flat_hosts nixHosts;
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [ (import ./nixos/pkgs) vault-secrets.overlay nur.overlay ];
};
pkgs_stable = import nixpkgs_stable {
inherit system;
config.allowUnfree = true;
};
# Define args each module gets access to (access to hosts is useful for DNS/DHCP)
specialArgs = { inherit hosts flat_hosts inputs pkgs_stable; };
# Script to apply local colmena deployments
apply-local = pkgs.writeShellScriptBin "apply-local" '' apply-local = pkgs.writeShellScriptBin "apply-local" ''
"${ nh os switch --ask
colmena.packages.${system}.colmena
}"/bin/colmena apply-local --sudo $@
'';
fast-repl = pkgs.writeShellScriptBin "fast-repl" ''
source /etc/set-environment
nix repl --file "${./.}/repl.nix" $@
''; '';
in in
{ flake-utils-plus.lib.mkFlake {
# Make the nixosConfigurations for compat reasons (e.g. vault) # `self` and `inputs` arguments are required
nixosConfigurations = inherit self inputs;
(import (inputs.colmena + "/src/nix/hive/eval.nix") {
rawFlake = self;
colmenaOptions =
import (inputs.colmena + "/src/nix/hive/options.nix");
colmenaModules =
import (inputs.colmena + "/src/nix/hive/modules.nix");
}).nodes;
# Make the colmena configuration # Supported systems, used for packages, apps, devShell and multiple other definitions. Defaults to `flake-utils.lib.defaultSystems`.
colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el) supportedSystems = [ "x86_64-linux" ];
{
meta = {
inherit specialArgs;
nixpkgs = pkgs;
};
}
nixHosts;
packages.${system} = { # Channels config
inherit apply-local; channelsConfig = {
allowUnfree = true;
permittedInsecurePackages = [ "electron" ];
};
sharedOverlays = [
(import ./pkgs)
nur.overlays.default
];
default = colmena.packages.${system}.colmena; # host defaults
hostDefaults = {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
gnome-autounlock-keyring.nixosModules.default
catppuccin.nixosModules.catppuccin
./common
];
proxmox-lxc = nixos-generators.nixosGenerate { specialArgs = {
inherit system specialArgs; inherit self inputs home-manager;
format = "proxmox-lxc";
modules = util.base_imports
++ [ (import ./nixos/templates/proxmox-lxc.nix) ];
};
# Broken
proxmox-vm = nixos-generators.nixosGenerate {
inherit system specialArgs;
format = "proxmox";
modules = util.base_imports
++ [ (import ./nixos/templates/proxmox-vm.nix) ];
}; };
}; };
# Use by running `nix develop` # hosts
devShells.${system}.default = pkgs.mkShell { hosts = {
VAULT_ADDR = "http://vault.olympus:8200/"; "olympus.bastion" = {
buildInputs = with pkgs; [ modules = [
attic.packages.${pkgs.system}.attic ./common/generic-vm.nix
apply-local ./hosts/olympus/bastion
colmena.packages.${system}.colmena ];
deploy.packages.${system}.deploy-rs };
cachix
deadnix aoife = {
statix modules = [
nixfmt lanzaboote.nixosModules.lanzaboote
nixpkgs-fmt ./common/desktop
nixUnstable ./hosts/thalassa/aoife
nil ];
vault };
yamllint
jq eevee = {
(vault-push-approle-envs self { }) modules = [
(vault-push-approles self { }) ./common/desktop
fast-repl ./hosts/olympus/eevee
]; ];
};
};
# deploy-rs
deploy = {
user = "root";
nodes = {
"bastion-olympus" = {
hostname = "bastion.olympus";
fastConnection = true;
remoteBuild = true;
profiles = {
system = {
path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations."olympus.bastion";
};
};
};
aoife = {
remoteBuild = true;
fastConnection = true;
hostname = "aoife";
profiles.system.path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations.aoife;
};
eevee = {
fastConnection = true;
hostname = "eevee.olympus";
profiles.system.path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations.eevee;
};
};
};
# Outputs
outputsBuilder = channels: {
devShells.default = channels.nixpkgs.mkShell {
name = "devShell";
VAULT_ADDR = "http://vault.olympus:8200/";
NH_FLAKE = "/home/vivian/src/infrastructure-new";
packages = with pkgs; [
# attic.packages.${system}.attic
apply-local
deploy.packages.${system}.deploy-rs
deadnix
statix
# vault
yamllint
jq
fup-repl
nh
nixfmt-rfc-style
];
};
};
# Checks
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib // {
x86_64-linux.mac = pkgs.stdenvNoCC.mkDerivation {
name = "mac check";
src = self;
dontBuild = true;
doCheck = true;
checkPhase = ''
echo "Hello World"
'';
installPhase = "mkdir $out";
};
}; };
}; };
} }

1
flux/.gitignore vendored
View file

@ -1 +0,0 @@
old_cluster

12
flux/README.md
View file

@ -1,12 +0,0 @@
# Kubernetes Cluster
This is my personal Kubernetes Cluster. [Flux] watches this git repo and reconciles and changes made to the cluster.
## Bootstrap
```sh
flux bootstrap git --url ssh://gitea@git.0x76.dev:42/v/infrastructure.git --branch=main --path=flux/olympus/base --ssh-key-algorithm=ed25519
```
## References
Heavily inspired by: [onedr0p's cluster](https://github.com/onedr0p/home-cluster)
[Flux]: https://github.com/fluxcd/flux2

15
flux/olympus/apps/flux-system/external-secret.yaml
View file

@ -1,15 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: weave-gitops
namespace: flux-system
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: oidc-auth
dataFrom:
- extract:
key: flux-system/weave-gitops

6
flux/olympus/apps/flux-system/kustomization.yaml
View file

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- rbac.yaml
- external-secret.yaml
- weave-gitops-dashboard.yaml

76
flux/olympus/apps/flux-system/rbac.yaml
View file

@ -1,76 +0,0 @@
---
# Admin cluster role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: weave-admin
rules:
# Flux Resources
- apiGroups: ["kustomize.toolkit.fluxcd.io"]
resources: ["kustomizations"]
verbs: ["get", "list", "patch"]
- apiGroups: ["helm.toolkit.fluxcd.io"]
resources: ["helmreleases"]
verbs: ["get", "list", "patch"]
- apiGroups: ["source.toolkit.fluxcd.io"]
resources:
[
"buckets",
"helmcharts",
"gitrepositories",
"helmrepositories",
"ocirepositories",
]
verbs: ["get", "list", "patch"]
- apiGroups: ["notification.toolkit.fluxcd.io"]
resources: ["providers", "alerts"]
verbs: ["get", "list"]
- apiGroups: ["infra.contrib.fluxcd.io"]
resources: ["terraforms"]
verbs: ["get", "list", "patch"]
# Resources managed via Flux
- apiGroups: [""]
resources:
[
"configmaps",
"secrets",
"pods",
"services",
"namespaces",
"persistentvolumes",
"persistentvolumeclaims",
]
verbs: ["get", "list"]
- apiGroups: ["apps"]
resources: ["deployments", "replicasets", "statefulsets"]
verbs: ["get", "list"]
- apiGroups: ["batch"]
resources: ["jobs", "cronjobs"]
verbs: ["get", "list"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["get", "list"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles", "clusterroles", "rolebindings", "clusterrolebindings"]
verbs: ["get", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list"]
# Feedback
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "watch", "list"]
---
# Bind the cluster admin role to admins
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: weave-admin
subjects:
- kind: User
name: "victor@xirion.net"
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: weave-admin
apiGroup: rbac.authorization.k8s.io

48
flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml
View file

@ -1,48 +0,0 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
annotations:
metadata.weave.works/description: This is the source location for the Weave GitOps
Dashboard's helm chart.
labels:
app.kubernetes.io/component: ui
app.kubernetes.io/created-by: weave-gitops-cli
app.kubernetes.io/name: weave-gitops-dashboard
app.kubernetes.io/part-of: weave-gitops
name: ww-gitops
namespace: flux-system
spec:
interval: 1h0m0s
type: oci
url: oci://ghcr.io/weaveworks/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
annotations:
metadata.weave.works/description: This is the Weave GitOps Dashboard. It provides
a simple way to get insights into your GitOps workloads.
name: ww-gitops
namespace: flux-system
spec:
chart:
spec:
chart: weave-gitops
sourceRef:
kind: HelmRepository
name: ww-gitops
interval: 1h0m0s
values:
ingress:
enabled: true
hosts:
- host: flux.0x76.dev
paths:
- path: /
pathType: ImplementationSpecific
adminUser:
create: true
passwordHash: $2a$10$uIY/YYe.CcRerpVvfk04muX86hLfXRH.K6jATZaVPqp.bnUIu/bsC
username: admin

6
flux/olympus/apps/kustomization.yaml
View file

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- flux-system
- services
- websites

4
flux/olympus/apps/services/kustomization.yaml
View file

@ -1,4 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- renovate

57
flux/olympus/apps/services/renovate/config.yaml
View file

@ -1,57 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: renovate
namespace: services
data:
config.js: |-
module.exports = {
"binarySource": "install",
"repositories": ["v/infrastructure"],
"flux": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"helm-values": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"kubernetes": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"hostRules": [
{
"hostType": "docker",
"matchHost": "ghcr.io",
"username": "NULLx76",
"password": process.env.GITHUB_COM_TOKEN
}
],
"packageRules": [
{
"automerge": true,
"automergeType": "branch",
"matchUpdateTypes": ["minor", "patch", "pin", "digest"],
"matchPackageNames": [
"renovate/renovate"
],
"matchPackagePrefixes": [
"git.0x76.dev"
]
}
],
// ignore individual fluxcd images
"ignoreDeps": [
"ghcr.io/fluxcd/helm-controller",
"ghcr.io/fluxcd/image-automation-controller",
"ghcr.io/fluxcd/image-reflector-controller",
"ghcr.io/fluxcd/kustomize-controller",
"ghcr.io/fluxcd/notification-controller",
"ghcr.io/fluxcd/source-controller"
],
"regexManagers": [
{
"fileMatch": [".+\\.nix"],
"matchStrings": ["image\\s*=\\s*\"(?<depName>.*?):(?<currentValue>.*?)\"\\s*;\\s*"],
"datasourceTemplate": "docker"
}
]
};

46
flux/olympus/apps/services/renovate/cronjob.yaml
View file

@ -1,46 +0,0 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: renovate
namespace: services
spec:
# Run every 8 hours
schedule: "0 */8 * * *"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
volumes:
- name: config-volume
configMap:
name: renovate
- name: work-volume
emptyDir: {}
containers:
- name: renovate
image: renovate/renovate:37.67.3
volumeMounts:
- name: config-volume
mountPath: /opt/renovate/
- name: work-volume
mountPath: /tmp/renovate/
env:
- name: LOG_LEVEL
value: debug
- name: RENOVATE_ENDPOINT
value: "https://git.0x76.dev/api/v1/"
- name: RENOVATE_PLATFORM
value: gitea
- name: RENOVATE_AUTODISCOVER
value: "false"
- name: RENOVATE_GIT_AUTHOR
value: "Renovate Bot <renovate@xirion.net>"
- name: RENOVATE_CONFIG_FILE
value: "/opt/renovate/config.js"
- name: RENOVATE_BASE_DIR
value: "/tmp/renovate"
envFrom:
- secretRef:
name: renovate
restartPolicy: Never

21
flux/olympus/apps/services/renovate/external-secret.yaml
View file

@ -1,21 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: renovate
namespace: services
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: renovate
data:
- secretKey: RENOVATE_TOKEN
remoteRef:
key: gitops/renovate
property: gitea_token
- secretKey: GITHUB_COM_TOKEN
remoteRef:
key: gitops/renovate
property: github_token

6
flux/olympus/apps/services/renovate/kustomization.yaml
View file

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secret.yaml
- config.yaml
- cronjob.yaml

52
flux/olympus/apps/websites/0x76.yaml
View file

@ -1,52 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: x76dev
namespace: websites
labels:
app: x76dev
spec:
replicas: 1
selector:
matchLabels:
app: x76dev
template:
metadata:
labels:
app: x76dev
spec:
containers:
- name: x76dev
image: git.0x76.dev/v/0x76.dev:5
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: x76dev
namespace: websites
spec:
selector:
app: x76dev
ports:
- protocol: TCP
port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: x76dev
namespace: websites
spec:
rules:
- host: "0x76.dev"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: x76dev
port:
number: 80

52
flux/olympus/apps/websites/blog.yaml
View file

@ -1,52 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: blog
namespace: websites
labels:
app: blog
spec:
replicas: 1
selector:
matchLabels:
app: blog
template:
metadata:
labels:
app: blog
spec:
containers:
- name: blog
image: git.0x76.dev/v/blog.xirion.net:5
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: blog
namespace: websites
spec:
selector:
app: blog
ports:
- protocol: TCP
port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: blog
namespace: websites
spec:
rules:
- host: "blog.xirion.net"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: blog
port:
number: 8080

52
flux/olympus/apps/websites/internal.yaml
View file

@ -1,52 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: internal
namespace: websites
labels:
app: internal
spec:
replicas: 1
selector:
matchLabels:
app: internal
template:
metadata:
labels:
app: internal
spec:
containers:
- name: internal
image: git.0x76.dev/v/internal.xirion.net:1
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: internal
namespace: websites
spec:
selector:
app: internal
ports:
- protocol: TCP
port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: internal
namespace: websites
spec:
rules:
- host: "internal.xirion.net"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: internal
port:
number: 8080

9
flux/olympus/apps/websites/kustomization.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
namespace: websites
resources:
- 0x76.yaml
- internal.yaml
- blog.yaml
- xirion.yaml

52
flux/olympus/apps/websites/xirion.yaml
View file

@ -1,52 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: xirion
namespace: websites
labels:
app: xirion
spec:
replicas: 1
selector:
matchLabels:
app: xirion
template:
metadata:
labels:
app: xirion
spec:
containers:
- name: xirion
image: git.0x76.dev/v/xirion.net:2
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: xirion
namespace: websites
spec:
selector:
app: xirion
ports:
- protocol: TCP
port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: xirion
namespace: websites
spec:
rules:
- host: "xirion.net"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: xirion
port:
number: 80

15
flux/olympus/base/apps.yaml
View file

@ -1,15 +0,0 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: apps
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: core
path: ./flux/olympus/apps
prune: true
sourceRef:
kind: GitRepository
name: flux-system

13
flux/olympus/base/core.yaml
View file

@ -1,13 +0,0 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: core
namespace: flux-system
spec:
interval: 10m0s
path: ./flux/olympus/core
prune: true
sourceRef:
kind: GitRepository
name: flux-system

8029
flux/olympus/base/flux-system/gotk-components.yaml
View file

File diff suppressed because it is too large Load diff

27
flux/olympus/base/flux-system/gotk-sync.yaml
View file

@ -1,27 +0,0 @@
# This manifest was generated by flux. DO NOT EDIT.
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 1m0s
ref:
branch: main
secretRef:
name: flux-system
url: ssh://gitea@git.0x76.dev:42/v/infrastructure.git
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 10m0s
path: ./flux/olympus/base
prune: true
sourceRef:
kind: GitRepository
name: flux-system

6
flux/olympus/base/flux-system/kustomization.yaml
View file

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml
- repositories

8
flux/olympus/base/flux-system/repositories/helm/external-secrets.yaml
View file

@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: external-secrets
namespace: flux-system
spec:
interval: 1h
url: https://charts.external-secrets.io

5
flux/olympus/base/flux-system/repositories/helm/kustomization.yaml
View file

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secrets.yaml

5
flux/olympus/base/flux-system/repositories/kustomization.yaml
View file

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm

1
flux/olympus/core/external-secrets/.gitignore vendored
View file

@ -1 +0,0 @@
vault-secret-id.yaml

29
flux/olympus/core/external-secrets/helm-release.yaml
View file

@ -1,29 +0,0 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: external-secrets
namespace: security
spec:
interval: 30m
chart:
spec:
chart: external-secrets
version: 0.9.9
interval: 30m
sourceRef:
kind: HelmRepository
name: external-secrets
namespace: flux-system
values:
installCRDs: true
replicaCount: 1
leaderElect: true
# serviceMonitor:
# enabled: true
# webhook:
# serviceMonitor:
# enabled: true
# certController:
# serviceMonitor:
# enabled: true

5
flux/olympus/core/external-secrets/kustomization.yaml
View file

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- vault-secret-store.yaml

7
flux/olympus/core/external-secrets/vault-secret-id.example.yaml
View file

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: vault-secret-id
namespace: security
data:
secret-id: XXXXXX # Obtain by `vault write -f auth/approle/role/external-secrets/secret-id`

27
flux/olympus/core/external-secrets/vault-secret-store.yaml
View file

@ -1,27 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: vault
namespace: security
spec:
provider:
vault:
server: "http://vault.olympus:8200"
path: "k8s"
version: "v2"
auth:
# VaultAppRole authenticates with Vault using the
# App Role auth mechanism
# https://www.vaultproject.io/docs/auth/approle
appRole:
# Path where the App Role authentication backend is mounted
path: "approle"
# RoleID configured in the App Role authentication backend
# `vault read auth/approle/role/external-secrets/role-id`
roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0"
# Reference to a key in a K8 Secret that contains the App Role SecretId
# (not commited in git)
secretRef:
name: "vault-secret-id"
namespace: "security"
key: "secret-id"

5
flux/olympus/core/kustomization.yaml
View file

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespaces
- external-secrets

6
flux/olympus/core/namespaces/kustomization.yaml
View file

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- websites.yaml
- security.yaml
- services.yaml

4
flux/olympus/core/namespaces/security.yaml
View file

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: security

4
flux/olympus/core/namespaces/services.yaml
View file

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: services

4
flux/olympus/core/namespaces/websites.yaml
View file

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: websites

6
nixos/hosts/olympus/bastion/containers/common.nix → hosts/olympus/bastion/containers/common.nix
View file

@ -1,6 +1,12 @@
# common container config # common container config
{ lib, ... }: { { lib, ... }: {
imports = [
../../../../common
];
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
networking.useHostResolvConf = lib.mkForce false; networking.useHostResolvConf = lib.mkForce false;
services.resolved.enable = true; services.resolved.enable = true;
system.stateVersion = lib.mkDefault "24.05";
} }

82
hosts/olympus/bastion/containers/default.nix Normal file
View file

@ -0,0 +1,82 @@
{
config,
lib,
inputs,
...
}:
let
hostAddress = "10.42.99.1";
hostAddress6 = "fc00::1";
in
{
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "ens18";
# Lazy IPv6 connectivity for the container
enableIPv6 = true;
};
networking.firewall.allowedTCPPorts = [
8384
22000
];
networking.firewall.allowedUDPPorts = [
22000
21027
];
# Containers network is
# * 10.42.99.0/24
# * fc00:x
users.groups.backup = {
gid = 10000;
members = [ "vivian" ];
};
containers = {
syncthing = {
autoStart = true;
inherit hostAddress hostAddress6;
localAddress = "10.42.99.2";
localAddress6 = "fc00::2";
forwardPorts = [
{
containerPort = 8384;
hostPort = 8384;
protocol = "tcp";
}
];
bindMounts = {
"/data" = {
hostPath = "/mnt/backup";
isReadOnly = false;
};
};
specialArgs = {
inherit inputs;
};
config =
{ pkgs, ... }:
{
users.groups.backup = {
gid = 10000;
members = [ "syncthing" ];
};
imports = [
./common.nix
./syncthing.nix
inputs.home-manager.nixosModules.home-manager
inputs.gnome-autounlock-keyring.nixosModules.default
inputs.catppuccin.nixosModules.catppuccin
];
};
};
};
}

7
hosts/olympus/bastion/containers/dns.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }: {
services.v.dns = {
enable = true;
openFirewall = true;
mode = "server";
};
}

8
hosts/olympus/bastion/containers/syncthing.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
services.syncthing = {
enable = true;
openDefaultPorts = true;
guiAddress = "0.0.0.0:8384";
};
}

23
nixos/hosts/olympus/bastion/configuration.nix → hosts/olympus/bastion/default.nix
View file

@ -2,16 +2,30 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ pkgs, inputs, ... }: { { pkgs, ... }: {
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./containers ./containers
./immich.nix
# ./vms.nix # ./vms.nix
]; ];
programs.nix-ld.enable = true; programs.nix-ld.enable = true;
meta = {
ipv4 = "10.42.42.4";
ipv6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d";
mac = "82:F0:7C:CB:BD:6D";
};
services.scrutiny = {
enable = true;
openFirewall = true;
influxdb.enable = true;
collector.enable = false;
};
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
@ -24,15 +38,10 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
virtualisation.podman.enable = true; virtualisation.docker.enable = true;
# Additional packages # Additional packages
environment.systemPackages = with pkgs; [ vault ]; environment.systemPackages = with pkgs; [ vault ];
networking.useNetworkd = true; networking.useNetworkd = true;
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "curses";
};
} }

5
nixos/hosts/olympus/bastion/hardware-configuration.nix → hosts/olympus/bastion/hardware-configuration.nix
View file

@ -19,6 +19,11 @@
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/mnt/backup" = {
device = "/dev/disk/by-uuid/83b1e87f-975f-4150-b673-81087f84f0bb";
fsType = "ext4";
};
swapDevices = swapDevices =
[{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }]; [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];

78
hosts/olympus/bastion/immich.nix Normal file
View file

@ -0,0 +1,78 @@
{ config, pkgs, ... }:
{
boot.kernel.sysctl = { "vm.overcommit_memory" = 1; };
virtualisation.oci-containers.backend = "docker";
virtualisation.docker.autoPrune.enable = true;
systemd.services.init-filerun-network-and-files = {
description = "Create the network bridge for Immich.";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script =
let
dockercli = "${config.virtualisation.docker.package}/bin/docker";
in
''
# immich-net network
check=$(${dockercli} network ls | grep "immich-net" || true)
if [ -z "$check" ]; then
${dockercli} network create immich-net
else
echo "immich-net already exists in docker"
fi
'';
};
virtualisation.oci-containers.containers = {
immich = {
autoStart = true;
image = "ghcr.io/imagegenius/immich:latest";
volumes = [
"/mnt/backup/immich/config:/config"
"/mnt/backup/immich/photos:/photos"
"/mnt/backup/replicated/photos:/replicated"
"/mnt/backup/immich/config/machine-learning:/config/machine-learning"
];
ports = [ "2283:8080" ];
environment = {
PUID = "1000";
PGID = "1000";
TZ = "Europe/Amsterdam"; # Change this to your timezone
DB_HOSTNAME = "postgres14";
DB_USERNAME = "postgres";
DB_PASSWORD = "postgres";
DB_DATABASE_NAME = "immich";
REDIS_HOSTNAME = "redis";
};
extraOptions = [
"--network=immich-net"
"--pull=always"
# "--gpus=all"
];
};
redis = {
autoStart = true;
image = "redis";
ports = [ "6379:6379" ];
extraOptions = [ "--network=immich-net" ];
};
postgres14 = {
autoStart = true;
image = "tensorchord/pgvecto-rs:pg14-v0.2.0";
ports = [ "5432:5432" ];
volumes = [ "pgdata:/var/lib/postgresql/data" ];
environment = {
POSTGRES_USER = "postgres";
POSTGRES_PASSWORD = "postgres";
POSTGRES_DB = "immich";
};
extraOptions = [ "--network=immich-net" ];
};
};
}

0
nixos/hosts/olympus/bastion/vms.nix → hosts/olympus/bastion/vms.nix
View file

0
nixos/hosts/olympus/eevee/configuration.nix → hosts/olympus/eevee/default.nix
View file

0
nixos/hosts/olympus/eevee/hardware-configuration.nix → hosts/olympus/eevee/hardware-configuration.nix
View file

15
nixos/hosts/olympus/eevee/hardware.nix → hosts/olympus/eevee/hardware.nix
View file

@ -1,11 +1,12 @@
{ pkgs, ... }: { { config, pkgs, ... }:
{
hardware = { hardware = {
enableAllFirmware = true; enableAllFirmware = true;
nvidia = { nvidia = {
# package = config.boot.kernelPackages.nvidiaPackages.stable; package = config.boot.kernelPackages.nvidiaPackages.beta;
# Open drivers cause gdm to crash # Open drivers cause gdm to crash
# open = true; open = false;
# nvidia-drm.modeset=1 # nvidia-drm.modeset=1
modesetting.enable = true; modesetting.enable = true;
@ -13,13 +14,7 @@
}; };
# Hardware acceleration # Hardware acceleration
opengl = { graphics.enable = true;
enable = true;
# Vulkan
driSupport = true;
driSupport32Bit = true;
};
logitech.wireless = { logitech.wireless = {
enable = true; enable = true;

0
nixos/hosts/olympus/eevee/home/.gitignore → hosts/olympus/eevee/home/.gitignore vendored
View file

1
nixos/hosts/olympus/eevee/home/default.nix → hosts/olympus/eevee/home/default.nix
View file

@ -4,6 +4,5 @@
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
zoom-us
]; ];
} }

146
hosts/thalassa/aoife/69-probe-rs.rules Normal file
View file

@ -0,0 +1,146 @@
# Copy this file to /etc/udev/rules.d/
# If rules fail to reload automatically, you can refresh udev rules
# with the command "udevadm control --reload"
# This rules are based on the udev rules from the OpenOCD project, with unsupported probes removed.
# See http://openocd.org/ for more details.
#
# This file is available under the GNU General Public License v2.0
ACTION!="add|change", GOTO="probe_rs_rules_end"
SUBSYSTEM=="gpio", MODE="0660", GROUP="plugdev", TAG+="uaccess"
SUBSYSTEM!="usb|tty|hidraw", GOTO="probe_rs_rules_end"
# Please keep this list sorted by VID:PID
# STMicroelectronics ST-LINK V1
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3744", MODE="660", GROUP="plugdev", TAG+="uaccess"
# STMicroelectronics ST-LINK/V2
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="660", GROUP="plugdev", TAG+="uaccess"
# STMicroelectronics ST-LINK/V2.1
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3752", MODE="660", GROUP="plugdev", TAG+="uaccess"
# STMicroelectronics STLINK-V3
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374f", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3753", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3754", MODE="660", GROUP="plugdev", TAG+="uaccess"
# SEGGER J-Link
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0101", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0102", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0103", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0104", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0105", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0107", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0108", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1001", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1002", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1003", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1004", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1005", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1006", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1007", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1008", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1009", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100c", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100f", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1010", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1011", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1012", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1013", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1014", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1015", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1016", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1017", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1018", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1019", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101c", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101f", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1020", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1021", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1022", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1023", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1024", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1025", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1026", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1027", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1028", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1029", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102c", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102f", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1050", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1051", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1052", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1053", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1054", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1055", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1056", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1057", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1058", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1059", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105c", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105f", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1060", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1061", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1062", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1063", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1064", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1065", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1066", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1067", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1068", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1069", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106b", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106c", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106d", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106e", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106f", MODE="660", GROUP="plugdev", TAG+="uaccess"
# FT232H
ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6014", MODE="660", GROUP="plugdev", TAG+="uaccess"
# FT2232x
ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", MODE="660", GROUP="plugdev", TAG+="uaccess"
# FT4232H
ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", MODE="660", GROUP="plugdev", TAG+="uaccess"
# FTDI-based Olimex devices
ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x0003", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x0004", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x002a", MODE="660", GROUP="plugdev", TAG+="uaccess"
ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x002b", MODE="660", GROUP="plugdev", TAG+="uaccess"
# Espressif USB JTAG/serial debug unit
ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1001", MODE="660", GROUP="plugdev", TAG+="uaccess"
# Espressif USB Bridge
ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1002", MODE="660", GROUP="plugdev", TAG+="uaccess"
# CMSIS-DAP compatible adapters
ATTRS{product}=="*CMSIS-DAP*", MODE="660", GROUP="plugdev", TAG+="uaccess"
# WCH Link (CMSIS-DAP compatible adapter)
ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="8011", MODE="660", GROUP="plugdev", TAG+="uaccess"
LABEL="probe_rs_rules_end"

0
nixos/hosts/thalassa/aoife/README.md → hosts/thalassa/aoife/README.md
View file

62
nixos/hosts/thalassa/aoife/configuration.nix → hosts/thalassa/aoife/default.nix
View file

@ -2,19 +2,34 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ inputs, lib, ... }: { {
inputs,
lib,
pkgs,
...
}:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z
./hardware.nix ./hardware.nix
./uni.nix
]; ];
meta = {
mac = "04:7b:cb:b6:2d:88";
isLaptop = true;
};
users.users.vivian.extraGroups = [ "adbusers" ];
# Bootloader. # Bootloader.
boot = { boot = {
bootspec.enable = true; bootspec.enable = true;
initrd.kernelModules = [ "amdgpu" ]; initrd.kernelModules = [ "amdgpu" ];
resumeDevice = "/dev/nvme0n1p2"; resumeDevice = "/dev/nvme0n1p2";
loader.systemd-boot.enable = lib.mkForce false; loader.systemd-boot.enable = lib.mkForce false; # Using lanzaboote instead
kernel.sysctl = { kernel.sysctl = {
"perf_event_paranoid" = 1; "perf_event_paranoid" = 1;
@ -28,12 +43,51 @@
}; };
home-manager.users.vivian = import ./home; home-manager.users.vivian = import ./home;
programs = {
nix-ld.enable = true;
nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
hyprland = {
enable = true;
withUWSM = true;
};
hyprlock.enable = true;
evolution.enable = false;
};
services = {
hypridle.enable = true;
displayManager.gdm.enable = true;
flatpak.enable = true;
gnome.gnome-keyring.enable = true;
ollama = {
enable = false;
acceleration = "rocm";
rocmOverrideGfx = "10.3.4";
};
interception-tools = {
enable = true;
plugins = [ pkgs.interception-tools-plugins.caps2esc ];
udevmonConfig = ''
- JOB: "${pkgs.interception-tools}/bin/intercept -g $DEVNODE | ${pkgs.interception-tools-plugins.caps2esc}/bin/caps2esc | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE"
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK, KEY_ESC]
'';
};
};
# Enable Ozone rendering for Chromium and Electron apps. # Enable Ozone rendering for Chromium and Electron apps.
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";
# environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

0
nixos/hosts/thalassa/aoife/hardware-configuration.nix → hosts/thalassa/aoife/hardware-configuration.nix
View file

83
hosts/thalassa/aoife/hardware.nix Normal file
View file

@ -0,0 +1,83 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
pciutils
usbutils
lshw
];
boot = {
kernelParams = [
"amdgpu.dcdebugmask=0x10" # Disables partial screen refresh, fixes flicker
"kvm.enable_virt_at_load=0"
];
};
hardware = {
enableAllFirmware = true;
bluetooth.enable = true;
# OpenGL + Vulkan
graphics = {
enable = true;
extraPackages = with pkgs; [
mesa
];
};
amdgpu = {
initrd.enable = true;
opencl.enable = true;
# Temp disabled as it breaks GTK
# amdvlk.enable = true;
};
};
services = {
fwupd.enable = true;
hardware.bolt.enable = true;
fprintd = {
enable = true;
# fprintd test suite fails
package = pkgs.fprintd.overrideAttrs {
mesonCheckFlags = [
"--no-suite"
"fprintd:TestPamFprintd"
];
};
};
# Video Driver
xserver = {
# videoDrivers = [ "displaylink" ];
dpi = 280;
};
# SSD Trim
fstrim.enable = true;
# Power Management
upower.enable = true;
thermald.enable = true;
};
# hardware.trackpoint.enable = true;
# FS
fileSystems."/".options = [ "compress=zstd" ];
powerManagement = {
enable = true;
powertop.enable = true;
};
security = {
tpm2 = {
enable = true;
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
tctiEnvironment.enable = true;
};
}; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.vivian.extraGroups = [ "tss" ]; # tss group has access to TPM devices
}

0
nixos/hosts/thalassa/aoife/home/.gitignore → hosts/thalassa/aoife/home/.gitignore vendored
View file

46
hosts/thalassa/aoife/home/default.nix Normal file
View file

@ -0,0 +1,46 @@
{ pkgs, ... }: {
imports = [
./starship.nix
./hyprland.nix
];
# Custom dconf settings
dconf.settings."org/gnome/desktop/input-sources" = {
# xkb-options = [ "caps:swapescape" ];
};
programs.zsh.envExtra = ''
source ~/.zshrc.secrets
'';
home.packages = with pkgs; [
eduvpn-client
localsend
typst
];
programs.ssh.enable = true;
programs.ssh.matchBlocks = {
"student-linux.tudelft.nl" = {
user = "vroest";
};
"login.delftblue.tudelft.nl" = {
user = "vroest";
};
"cese01" = {
hostname = "cese01.ewi.tudelft.nl";
user = "vroest";
proxyJump = "student-linux.tudelft.nl";
};
"cese" = {
user = "root";
hostname = "10.0.3.121";
proxyJump = "cese01";
};
"bastion.olympus" = { };
"bastion.hades" = { };
};
}

0
nixos/hosts/thalassa/null/home/eww/eww.scss → hosts/thalassa/aoife/home/eww/eww.scss
View file

0
nixos/hosts/thalassa/null/home/eww/eww.yuck → hosts/thalassa/aoife/home/eww/eww.yuck
View file

0
nixos/hosts/thalassa/null/home/eww/scripts/do-not-disturb.sh → hosts/thalassa/aoife/home/eww/scripts/do-not-disturb.sh
View file

12
hosts/thalassa/aoife/home/eww/scripts/getvol Executable file
View file

@ -0,0 +1,12 @@
#!/bin/sh
if command -v pamixer &>/dev/null; then
if [ true == $(pamixer --get-mute) ]; then
echo 0
exit
else
pamixer --get-volume
fi
else
amixer -D pulse sget Master | awk -F '[^0-9]+' '/Left:/{print $3}'
fi

4
nixos/hosts/thalassa/null/home/eww/scripts/volume.sh → hosts/thalassa/aoife/home/eww/scripts/volume.sh
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
per="$(pamixer --get-volume)" per="???"
if pamixer --get-mute | rg -q true; then if pamixer --get-mute | rg -q true; then
icon="婢" icon="婢"
@ -12,4 +12,4 @@ else
icon="奄" #low icon="奄" #low
fi fi
printf "{\"icon\": \"${icon}\", \"percent\": \"${per}\"}" printf "{\"icon\": \"${icon}\", \"percent\": \"${per}\"}"

0
nixos/hosts/thalassa/null/home/eww/scripts/wifi.sh → hosts/thalassa/aoife/home/eww/scripts/wifi.sh
View file

0
nixos/hosts/thalassa/null/home/eww/scripts/workspaces.lua → hosts/thalassa/aoife/home/eww/scripts/workspaces.lua
View file

0
nixos/hosts/thalassa/null/home/eww/scripts/workspaces.sh → hosts/thalassa/aoife/home/eww/scripts/workspaces.sh
View file

333
hosts/thalassa/aoife/home/hyprland.nix Normal file
View file

@ -0,0 +1,333 @@
{
pkgs,
config,
inputs,
lib,
...
}:
let
terminal = "${config.programs.kitty.package}/bin/kitty -1";
in
{
imports = [
./waybar.nix
];
home.packages = with pkgs; [
hyprland-workspaces
inputs.gnome-autounlock-keyring.packages.${pkgs.system}.default
inputs.hyprland-qtutils.packages.${pkgs.system}.default
];
programs = {
rofi = {
enable = true;
package = pkgs.rofi-wayland;
theme = {
listview.columns = 1;
};
};
hyprlock = {
enable = true;
settings =
let
color = "rgba(242, 243, 244, 0.75)";
in
{
auth.fingerprint.enabled = true;
background = {
path = "screenshot";
blur_passes = 3;
};
};
};
# eww = {
# enable = true;
# configDir = ./eww;
# };
};
services = {
gnome-keyring.enable = true;
mako = {
enable = true;
settings.defaultTimeout = 5000;
};
hypridle = {
enable = true;
settings = {
general = {
lock_cmd = "pidof hyprlock || hyprlock";
before_sleep_cmd = "loginctl lock-session";
after_sleep_cmd = "hyprctl dispatch dpms on";
};
listener = [
{
timeout = 300; # 5 mins
on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -s set 10";
on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -r";
}
{
timeout = 300; # 5 mins
on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -sd tpacpi:kbd_backlight set 0";
on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -rd tpacpi::kbd_backlight";
}
{
timeout = 600; # 10 mins
on-timeout = "loginctl lock-session";
}
{
timeout = 1200; # 20 mins, screen off
on-timeout = "hyprctl dispatch dpms off";
on-resume = "hyprctl dispatch dpms on";
}
{
timeout = 2400; # 40 mins
on-timeout = "systemctl suspend";
}
];
};
};
hyprpaper =
let
wallpaper = ../../../../assets/wallpaper-nix-pink.png;
in
{
enable = true;
settings = {
preload = [ "${wallpaper}" ];
wallpaper = [ "eDP-1,${wallpaper}" ];
splash = false;
ipc = "off";
};
};
};
# Hack to ensure graphical dependent services start _after_ hyprland starts
# Needed as these services normally start after graphical-session-pre
systemd.user.services.hyprpaper.Unit.After = lib.mkForce "graphical-session.target";
systemd.user.services.waybar.Unit.After = lib.mkForce "graphical-session.target";
systemd.user.services.hypridle.Unit.After = lib.mkForce "graphical-session.target";
wayland.windowManager.hyprland =
let
toggle_mirror = pkgs.writeScriptBin "toggle_mirror.sh" ''
#!${pkgs.stdenv.shell}
if [ $(hyprctl monitors all -j | ${pkgs.jq}/bin/jq '.[1].activeWorkspace.id') = '-1' ]; then
hyprctl keyword monitor ",preferred,auto,1"
else
hyprctl keyword monitor ",preferred,auto,1,mirror,eDP-1"
fi
'';
# Autostart now handled by xdg.autoStart
startup = pkgs.writeScriptBin "startup.sh" ''
#!${pkgs.stdenv.shell}
# uwsm app -- ${pkgs.wl-clip-persist}/bin/wl-clip-persist -c both &
'';
in
{
enable = true;
systemd.enable = false; # using UWSM
plugins = with pkgs.hyprlandPlugins; [
hyprexpo
];
settings =
let
inherit (builtins) genList concatLists toString;
wpctl = "${pkgs.wireplumber}/bin/wpctl";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
menu = "${config.programs.rofi.package}/bin/rofi -columns 1 -show combi -modes combi -combi-modes \"window,drun,run\"";
fileManager = "${pkgs.nautilus}/bin/nautilus";
in
{
"$mod" = "SUPER";
exec-once = [
"${startup}/bin/startup.sh"
];
monitor = [
"eDP-1, 3840x2400@60,0x0,2"
",highres,auto,1"
];
input = {
touchpad.natural_scroll = true;
};
general = {
gaps_in = 5;
gaps_out = 10;
border_size = 2;
"col.active_border" = "rgba(babbf1ee) rgba(f4b8e4ee) 45deg";
"col.inactive_border" = "rgba(303446aa)";
layout = "dwindle";
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true;
};
group = {
"col.border_active" = "rgba(babbf1ee) rgba(f4b8e4ee) 45deg";
"col.border_inactive" = "rgba(232634aa)";
groupbar = {
font_size = 10;
height = 18;
"col.active" = "rgba(babbf1aa)";
"col.inactive" = "rgba(414559aa)";
text_color = "rgba(ffffffee)";
};
};
plugin.hyprexpo = {
workspace_method = "first 1";
enable_gesture = true;
gesture_positive = false;
gesture_fingers = 3;
};
decoration = {
rounding = 10;
blur = {
enabled = true;
size = 3;
passes = 1;
};
shadow = {
enabled = true;
color = "rgba(1a1a1aee)";
range = 4;
render_power = 3;
};
};
animations = {
enabled = "yes";
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 4, default"
"workspaces, 1, 4, default"
];
};
dwindle = {
preserve_split = "yes";
pseudotile = "yes";
};
gestures.workspace_swipe = true;
misc = {
force_default_wallpaper = 2;
disable_splash_rendering = true;
disable_hyprland_logo = true;
disable_autoreload = true;
};
windowrulev2 = [
"suppressevent maximize, class:.*"
"workspace 1 silent, class:^(Element)$"
"workspace 1 silent, class:^(discord)$"
"group, class:^(Element|discord)$,workspace:1"
"workspace 2 silent, class:^(firefox)$"
"float,class:^(firefox)$,title:^(Picture-in-Picture)$"
"workspace special:obsidian silent, class:^(obsidian)$"
];
# l -> works when screen is locked
# e -> repeats when held
bindel = [
",XF86AudioRaiseVolume,exec,${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%+"
",XF86AudioLowerVolume,exec,${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%-"
",XF86MonBrightnessUp,exec,${brightnessctl} -q s +5%"
",XF86MonBrightnessDown,exec,${brightnessctl} -q s 5%-"
];
bindl = [ ",XF86AudioMute, exec,${wpctl} set-mute @DEFAULT_AUDIO_SINK@ toggle" ];
bind =
[
"$mod, RETURN, exec, uwsm app -- ${terminal}"
"$mod, Q, killactive,"
"$mod SHIFT, Q, exec, uwsm stop,"
"$mod, E, exec, uwsm app -- ${fileManager}"
"$mod, V, togglefloating,"
"$mod, D, exec, uwsm app -- ${menu}"
"$mod, P, pseudo, # dwindle"
"$mod, J, togglesplit, # dwindle"
"$mod,m,fullscreen"
"$mod, L, exec, loginctl lock-session"
"$mod, space, hyprexpo:expo, toggle"
# Move focus with arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
# Scratch workspace
"$mod, S, togglespecialworkspace, scratch"
"$mod SHIFT, S, movetoworkspace, special:scratch"
# Obsidian Workspace
"$mod, O, togglespecialworkspace, obsidian"
"$mod SHIFT, O, movetoworkspace, special:obsidian"
# Groups aka Tabs
"$mod,g,togglegroup"
"$mod,tab,changegroupactive"
# PrintScreen
",Print,exec,uwsm app -- ${pkgs.grimblast}/bin/grimblast copysave area /home/vivian/cloud/Pictures/Screenshots/$(date +%s).png"
# Toggle Mirror for external displays on/off
",XF86Display,exec,${toggle_mirror}/bin/toggle_mirror.sh"
]
++ (
# workspaces
# binds $mod + [shift +] {1..10} to [move to] workspace {1..10}
concatLists (
genList (
x:
let
ws =
let
c = (x + 1) / 10;
in
toString (x + 1 - (c * 10));
in
[
"$mod, ${ws}, workspace, ${toString (x + 1)}"
"$mod SHIFT, ${ws}, movetoworkspacesilent, ${toString (x + 1)}"
]
) 10
)
);
# Bind mouse
bindm = [
# Move/resize windows with mod + LMB/RMB and dragging
"$mod, mouse:272, movewindow"
"$mod, mouse:273, resizewindow"
];
};
};
}

17
hosts/thalassa/aoife/home/starship.nix Normal file
View file

@ -0,0 +1,17 @@
{ pkgs, config, ...}:
let
starshipNerdFont = pkgs.runCommand "starship-nerd-font.toml" { STARSHIP_CACHE = "/tmp"; } ''
${config.programs.starship.package}/bin/starship preset nerd-font-symbols > $out
'';
in{
programs.starship = {
enable = false;
enableZshIntegration = true;
enableFishIntegration = true;
enableNushellIntegration = true;
settings = {
nix_shell.heuristic = true;
} // builtins.fromTOML (builtins.readFile starshipNerdFont);
};
}

Some files were not shown because too many files have changed in this diff Show more