uku/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: uku:45448d1099bf1bcd4dc1f471068a290a31bd465a
Branches Tags
uku:main
..
compare: uku:eed28e3219ecd0c6bedf0566cecde565691b60f8
Branches Tags
uku:main

No commits in common. "45448d1099bf1bcd4dc1f471068a290a31bd465a" and "eed28e3219ecd0c6bedf0566cecde565691b60f8" have entirely different histories.
45448d1099 ... eed28e3219

60 changed files with 646 additions and 824 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc
View file

@ -1,2 +1 @@
# shellcheck disable=SC2148
use flake use flake

1
.known_hosts Normal file
View file

@ -0,0 +1 @@
etna ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnkKSd4IV+PM88WKHHfEhSTlknHT0FVXzA0JUcCzOp+

13
configs/client.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
imports = [ imports = [
./common.nix ./common.nix
@ -8,16 +7,16 @@
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(ffmpeg-full.override { withUnfree = true; }) (ffmpeg-full.override {withUnfree = true;})
fastfetch fastfetch
lazygit lazygit
nixd nil
]; ];
hm.programs.keychain = { hm.programs.keychain = {
enable = true; enable = true;
agents = [ "ssh" ]; agents = ["ssh"];
keys = [ "id_ed25519" ]; keys = ["id_ed25519"];
}; };
networking = { networking = {
@ -25,7 +24,7 @@
networkmanager = { networkmanager = {
enable = true; enable = true;
dns = "systemd-resolved"; dns = "systemd-resolved";
plugins = [ pkgs.networkmanager-fortisslvpn ]; plugins = [pkgs.networkmanager-fortisslvpn];
}; };
}; };

57
configs/common.nix
View file

@ -10,25 +10,20 @@
vencord, vencord,
hydro, hydro,
... ...
}: }: let
let
username = "leo"; username = "leo";
stateVersion = "24.11"; stateVersion = "24.11";
rootPassword = _utils.setupSingleSecret config "rootPassword" { }; rootPassword = _utils.setupSingleSecret config "rootPassword" {};
secrets = _utils.setupSharedSecrets config { secrets = _utils.setupSharedSecrets config {
secrets = [ secrets = ["userPassword" "tailscaleKey"];
"userPassword"
"tailscaleKey"
];
}; };
in in {
{
imports = [ imports = [
agenix.nixosModules.default agenix.nixosModules.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
(lib.mkAliasOptionModule [ "hm" ] [ "home-manager" "users" username ]) (lib.mkAliasOptionModule ["hm"] ["home-manager" "users" username])
rootPassword.generate rootPassword.generate
secrets.generate secrets.generate
@ -40,15 +35,12 @@ in
age = { age = {
ageBin = lib.getExe pkgs.rage; ageBin = lib.getExe pkgs.rage;
identityPaths = [ "/etc/age/key" ]; identityPaths = ["/etc/age/key"];
}; };
boot = { boot = {
kernelPackages = lib.mkDefault pkgs.linuxPackages; # use lts kernelPackages = lib.mkDefault pkgs.linuxPackages; # use lts
kernelParams = [ kernelParams = ["quiet" "loglevel=3"];
"quiet"
"loglevel=3"
];
# faster tcp !!! # faster tcp !!!
kernel.sysctl = { kernel.sysctl = {
@ -73,7 +65,7 @@ in
]; ];
hm = { hm = {
home = { inherit stateVersion; }; home = {inherit stateVersion;};
programs.ssh = { programs.ssh = {
enable = true; enable = true;
@ -91,17 +83,14 @@ in
networking = { networking = {
useNetworkd = lib.mkDefault true; useNetworkd = lib.mkDefault true;
nameservers = [ nameservers = ["1.1.1.1" "1.0.0.1"];
"1.1.1.1"
"1.0.0.1"
];
}; };
nix = { nix = {
# package = pkgs.nixVersions.latest; # package = pkgs.nixVersions.latest;
channel.enable = false; channel.enable = false;
# The `flake:` syntax in `$NIX_PATH` seems to do some weird copying on Nix 2.24 # The `flake:` syntax in `$NIX_PATH` seems to do some weird copying on Nix 2.24
nixPath = [ "nixpkgs=${config.nixpkgs.flake.source}" ]; nixPath = ["nixpkgs=${config.nixpkgs.flake.source}"];
gc = { gc = {
automatic = true; automatic = true;
@ -121,14 +110,8 @@ in
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
experimental-features = [ experimental-features = ["nix-command" "flakes"];
"nix-command" trusted-users = ["root" "@wheel"];
"flakes"
];
trusted-users = [
"root"
"@wheel"
];
connect-timeout = 5; # fail fast if substituters are not available connect-timeout = 5; # fail fast if substituters are not available
builders-use-substitutes = true; builders-use-substitutes = true;
log-lines = 25; log-lines = 25;
@ -149,7 +132,7 @@ in
nixpkgs = { nixpkgs = {
config.allowUnfree = true; config.allowUnfree = true;
flake.setNixPath = false; flake.setNixPath = false;
overlays = [ (import ../exprs/overlay.nix { inherit vencord hydro; }) ]; overlays = [(import ../exprs/overlay.nix {inherit vencord hydro;})];
}; };
programs = { programs = {
@ -189,10 +172,7 @@ in
tailscale = { tailscale = {
enable = true; enable = true;
useRoutingFeatures = "both"; useRoutingFeatures = "both";
extraUpFlags = [ extraUpFlags = ["--ssh" "--stateful-filtering"];
"--ssh"
"--stateful-filtering"
];
authKeyFile = secrets.get "tailscaleKey"; authKeyFile = secrets.get "tailscaleKey";
}; };
}; };
@ -217,14 +197,7 @@ in
"${username}" = { "${username}" = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.fish; shell = pkgs.fish;
extraGroups = [ extraGroups = ["networkmanager" "wheel" "video" "libvirtd" "input" "docker"];
"networkmanager"
"wheel"
"video"
"libvirtd"
"input"
"docker"
];
hashedPasswordFile = secrets.get "userPassword"; hashedPasswordFile = secrets.get "userPassword";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+7+KfdOrhcnHayxvOENUeMx8rE4XEIV/AxMHiaNUP8" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+7+KfdOrhcnHayxvOENUeMx8rE4XEIV/AxMHiaNUP8"

13
configs/desktop.nix
View file

@ -5,8 +5,7 @@
catppuccin, catppuccin,
lanzaboote, lanzaboote,
... ...
}: }: {
{
imports = [ imports = [
catppuccin.nixosModules.catppuccin catppuccin.nixosModules.catppuccin
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
@ -25,10 +24,10 @@
boot = { boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
kernelModules = [ "v4l2loopback" ]; kernelModules = ["v4l2loopback"];
supportedFilesystems = [ "ntfs" ]; supportedFilesystems = ["ntfs"];
loader = { loader = {
systemd-boot.enable = lib.mkForce false; systemd-boot.enable = lib.mkForce false;
@ -62,7 +61,7 @@
]; ];
fontconfig.defaultFonts = { fontconfig.defaultFonts = {
emoji = [ "Twitter Color Emoji" ]; emoji = ["Twitter Color Emoji"];
}; };
}; };
@ -92,7 +91,7 @@
strawberry strawberry
teams-for-linux teams-for-linux
thunderbird thunderbird
(vesktop.override { withSystemVencord = true; }) (vesktop.override {withSystemVencord = true;})
vscode vscode
# libreoffice stuff # libreoffice stuff

11
configs/laptop.nix
View file

@ -3,11 +3,10 @@
pkgs, pkgs,
config, config,
... ...
}: }: {
{ imports = [./desktop.nix];
imports = [ ./desktop.nix ];
boot.initrd.kernelModules = [ "xe" ]; boot.initrd.kernelModules = ["xe"];
hardware = { hardware = {
bluetooth.enable = true; bluetooth.enable = true;
@ -19,7 +18,7 @@
vpl-gpu-rt vpl-gpu-rt
]; ];
extraPackages32 = [ pkgs.driversi686Linux.intel-media-driver ]; extraPackages32 = [pkgs.driversi686Linux.intel-media-driver];
}; };
}; };
@ -31,7 +30,7 @@
programs.light.enable = true; programs.light.enable = true;
# hyprland stuff # hyprland stuff
services.blueman = lib.mkIf config.programs.hyprland.enable { enable = true; }; services.blueman = lib.mkIf config.programs.hyprland.enable {enable = true;};
hm.wayland.windowManager.hyprland.settings.exec-once = with pkgs; [ hm.wayland.windowManager.hyprland.settings.exec-once = with pkgs; [
"${lib.getExe networkmanagerapplet}" "${lib.getExe networkmanagerapplet}"
"${lib.getExe' blueman "blueman-applet"}" "${lib.getExe' blueman "blueman-applet"}"

20
configs/server.nix
View file

@ -2,13 +2,11 @@
config, config,
_utils, _utils,
... ...
}: }: let
let
secrets = _utils.setupSharedSecrets config { secrets = _utils.setupSharedSecrets config {
secrets = [ "vmAuthToken" ]; secrets = ["vmAuthToken"];
}; };
in in {
{
imports = [ imports = [
./common.nix ./common.nix
secrets.generate secrets.generate
@ -23,7 +21,7 @@ in
}; };
services = { services = {
tailscale.extraUpFlags = [ "--advertise-exit-node" ]; tailscale.extraUpFlags = ["--advertise-exit-node"];
openssh = { openssh = {
enable = true; enable = true;
@ -48,22 +46,20 @@ in
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
port = 9091; port = 9091;
enabledCollectors = [ "systemd" ]; enabledCollectors = ["systemd"];
}; };
vmagent = { vmagent = {
enable = true; enable = true;
remoteWrite.url = "https://metrics.uku3lig.net/api/v1/write"; remoteWrite.url = "https://metrics.uku3lig.net/api/v1/write";
extraArgs = [ "-remoteWrite.bearerTokenFile=\${CREDENTIALS_DIRECTORY}/vm_auth_token" ]; extraArgs = ["-remoteWrite.bearerTokenFile=\${CREDENTIALS_DIRECTORY}/vm_auth_token"];
prometheusConfig = { prometheusConfig = {
global.scrape_interval = "15s"; global.scrape_interval = "15s";
scrape_configs = [ scrape_configs = [
{ {
job_name = "node"; job_name = "node";
static_configs = [ static_configs = [{targets = ["localhost:${builtins.toString config.services.prometheus.exporters.node.port}"];}];
{ targets = [ "localhost:${builtins.toString config.services.prometheus.exporters.node.port}" ]; }
];
relabel_configs = [ relabel_configs = [
{ {
target_label = "instance"; target_label = "instance";
@ -77,7 +73,7 @@ in
}; };
systemd = { systemd = {
services.vmagent.serviceConfig.LoadCredential = [ "vm_auth_token:${secrets.get "vmAuthToken"}" ]; services.vmagent.serviceConfig.LoadCredential = ["vm_auth_token:${secrets.get "vmAuthToken"}"];
# For more detail, see: # For more detail, see:
# https://0pointer.de/blog/projects/watchdog.html # https://0pointer.de/blog/projects/watchdog.html

17
exprs/idea-fixed.nix
View file

@ -22,19 +22,17 @@
pipewire, pipewire,
udev, udev,
xrandr, xrandr,
}: }: let
let
inherit (jetbrains) idea-ultimate; inherit (jetbrains) idea-ultimate;
in in
symlinkJoin { symlinkJoin {
name = "idea-ultimate-fixed-${idea-ultimate.version}"; name = "idea-ultimate-fixed-${idea-ultimate.version}";
paths = [ idea-ultimate ]; paths = [idea-ultimate];
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [makeWrapper];
postBuild = postBuild = let
let
runtimeLibs = [ runtimeLibs = [
stdenv.cc.cc.lib stdenv.cc.cc.lib
## native versions ## native versions
@ -65,10 +63,9 @@ symlinkJoin {
xrandr # needed for LWJGL [2.9.2, 3) https://github.com/LWJGL/lwjgl/issues/128 xrandr # needed for LWJGL [2.9.2, 3) https://github.com/LWJGL/lwjgl/issues/128
esbuild esbuild
]; ];
in in ''
''
wrapProgram $out/bin/idea-ultimate \ wrapProgram $out/bin/idea-ultimate \
--set LD_LIBRARY_PATH ${lib.makeLibraryPath runtimeLibs} \ --set LD_LIBRARY_PATH ${lib.makeLibraryPath runtimeLibs} \
--prefix PATH : ${lib.makeBinPath runtimePrograms} --prefix PATH : ${lib.makeBinPath runtimePrograms}
''; '';
} }

6
exprs/overlay.nix
View file

@ -1,11 +1,13 @@
inputs: final: prev: { inputs: final: prev: {
idea-ultimate-fixed = prev.callPackage ./idea-fixed.nix { }; idea-ultimate-fixed = prev.callPackage ./idea-fixed.nix {};
vencord = prev.vencord.overrideAttrs (old: rec { vencord = prev.vencord.overrideAttrs (old: rec {
version = "${old.version}+git.${inputs.vencord.shortRev}"; version = "${old.version}+git.${inputs.vencord.shortRev}";
src = inputs.vencord; src = inputs.vencord;
env = old.env // { env =
old.env
// {
VENCORD_REMOTE = "Vendicated/Vencord"; VENCORD_REMOTE = "Vendicated/Vencord";
VENCORD_HASH = src.shortRev; VENCORD_HASH = src.shortRev;
}; };

42
flake.lock generated
View file

@ -253,6 +253,26 @@
"type": "github" "type": "github"
} }
}, },
"nixinate": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1708891350,
"narHash": "sha256-VOQrKK7Df/IVuNki+NshVuGkTa/Tw0GigPjWcZff6kk=",
"owner": "matthewcroughan",
"repo": "nixinate",
"rev": "452f33c60df5b72ad0858f5f2cf224bdf1f17746",
"type": "github"
},
"original": {
"owner": "matthewcroughan",
"repo": "nixinate",
"type": "github"
}
},
"nixos-wsl": { "nixos-wsl": {
"inputs": { "inputs": {
"flake-compat": [], "flake-compat": [],
@ -305,10 +325,10 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"mystia": "mystia", "mystia": "mystia",
"nixinate": "nixinate",
"nixos-wsl": "nixos-wsl", "nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"systems": "systems_2", "systems": "systems_2",
"treefmt-nix": "treefmt-nix",
"ukubot-rs": "ukubot-rs", "ukubot-rs": "ukubot-rs",
"vencord": "vencord", "vencord": "vencord",
"vscode-extensions": "vscode-extensions" "vscode-extensions": "vscode-extensions"
@ -365,26 +385,6 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1735135567,
"narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "9e09d30a644c57257715902efbb3adc56c79cf28",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"ukubot-rs": { "ukubot-rs": {
"inputs": { "inputs": {
"flake-parts": [ "flake-parts": [

60
flake.nix
View file

@ -1,34 +1,31 @@
{ {
description = "example flake idk"; description = "example flake idk";
outputs = outputs = {
{ self,
agenix,
flake-parts, flake-parts,
treefmt-nix, nixinate,
agenix,
... ...
}@inputs: } @ inputs:
flake-parts.lib.mkFlake { inherit inputs; } { flake-parts.lib.mkFlake {inherit inputs;} {
systems = [ systems = ["x86_64-linux" "aarch64-linux"];
"x86_64-linux"
"aarch64-linux"
];
imports = [ imports = [
treefmt-nix.flakeModule
./systems ./systems
]; ];
perSystem = perSystem = {
{
pkgs, pkgs,
system, system,
self', self',
... ...
}: }: {
{ apps = (nixinate.nixinate.${system} self).nixinate;
devShells.default = pkgs.mkShellNoCC {
packages = with pkgs; [ devShells.default = with pkgs;
mkShellNoCC {
packages = [
agenix.packages.${system}.default agenix.packages.${system}.default
just just
self'.formatter self'.formatter
@ -36,24 +33,7 @@
]; ];
}; };
treefmt = { formatter = pkgs.alejandra;
projectRootFile = "flake.nix";
settings.excludes = [
".envrc"
".gitignore"
"*.age"
"flake.lock"
"justfile"
"LICENSE"
];
programs = {
nixfmt.enable = true;
prettier.enable = true;
stylua.enable = true;
};
};
}; };
}; };
@ -114,6 +94,11 @@
inputs.flake-compat.follows = ""; inputs.flake-compat.follows = "";
}; };
nixinate = {
url = "github:matthewcroughan/nixinate";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-wsl = { nixos-wsl = {
url = "github:nix-community/NixOS-WSL"; url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -124,11 +109,6 @@
# nix's most elaborate, overcomplicated joke # nix's most elaborate, overcomplicated joke
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
vscode-extensions = { vscode-extensions = {
url = "github:nix-community/nix-vscode-extensions"; url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

73
global/utils.nix
View file

@ -1,77 +1,56 @@
{ lib, ... }: {lib, ...}: {
{ setupSecrets = _config: {
setupSecrets =
_config:
{
secrets, secrets,
extra ? { }, extra ? {},
}: }: let
let
inherit (_config.networking) hostName; inherit (_config.networking) hostName;
in in {
{ generate = {age.secrets = lib.genAttrs secrets (name: extra // {file = ../secrets/${hostName}/${name}.age;});};
generate = {
age.secrets = lib.genAttrs secrets (name: extra // { file = ../secrets/${hostName}/${name}.age; });
};
get = name: _config.age.secrets.${name}.path; get = name: _config.age.secrets.${name}.path;
}; };
setupSingleSecret = setupSingleSecret = _config: name: extra: let
_config: name: extra:
let
inherit (_config.networking) hostName; inherit (_config.networking) hostName;
in in {
{ generate = {age.secrets.${name} = extra // {file = ../secrets/${hostName}/${name}.age;};};
generate = {
age.secrets.${name} = extra // {
file = ../secrets/${hostName}/${name}.age;
};
};
inherit (_config.age.secrets.${name}) path; inherit (_config.age.secrets.${name}) path;
}; };
setupSharedSecrets = setupSharedSecrets = _config: {
_config:
{
secrets, secrets,
extra ? { }, extra ? {},
}: }: {
{ generate = {age.secrets = lib.genAttrs secrets (name: extra // {file = ../secrets/shared/${name}.age;});};
generate = {
age.secrets = lib.genAttrs secrets (name: extra // { file = ../secrets/shared/${name}.age; });
};
get = name: _config.age.secrets.${name}.path; get = name: _config.age.secrets.${name}.path;
}; };
mkMinecraftServer = mkMinecraftServer = _config: {
_config:
{
name, name,
port, port,
remotePort, remotePort,
tag ? "java21", tag ? "java21",
dataDir ? "/var/lib/${name}", dataDir ? "/var/lib/${name}",
memory ? "4G", memory ? "4G",
env ? { }, env ? {},
envFiles ? [ ], envFiles ? [],
extraPorts ? [ ], extraPorts ? [],
}: }: let
let
inherit (_config.virtualisation.oci-containers) backend; inherit (_config.virtualisation.oci-containers) backend;
in in {
{
virtualisation.oci-containers.containers."mc-${name}" = { virtualisation.oci-containers.containers."mc-${name}" = {
image = "itzg/minecraft-server:${tag}"; image = "itzg/minecraft-server:${tag}";
ports = [ "${builtins.toString port}:25565" ] ++ extraPorts; ports = ["${builtins.toString port}:25565"] ++ extraPorts;
volumes = [ "${dataDir}:/data" ]; volumes = ["${dataDir}:/data"];
environmentFiles = envFiles; environmentFiles = envFiles;
environment = { environment =
{
EULA = "true"; EULA = "true";
MEMORY = memory; MEMORY = memory;
} // env; }
// env;
}; };
networking.firewall.allowedTCPPorts = [ port ]; networking.firewall.allowedTCPPorts = [port];
services.frp.settings.proxies = [ services.frp.settings.proxies = [
{ {

8
justfile
View file

@ -16,12 +16,8 @@ boot *args:
@sudo -v @sudo -v
sudo nixos-rebuild boot --flake . --keep-going {{args}} sudo nixos-rebuild boot --flake . --keep-going {{args}}
deploy system user="leo": deploy system:
#!/usr/bin/env bash nix run .#{{system}}
set -euxo pipefail
flake=$(nix eval --impure --raw --expr "(builtins.getFlake \"$PWD\").outPath")
nix copy "$flake" --to "ssh://{{user}}@{{system}}"
ssh -t "{{user}}@{{system}}" "sudo flock -w 60 /dev/shm/deploy-{{system}} nixos-rebuild switch --flake $flake#{{system}}"
lint *args: lint *args:
statix check -i flake.nix **/hardware-configuration.nix {{args}} statix check -i flake.nix **/hardware-configuration.nix {{args}}

9
programs/alacritty.nix
View file

@ -2,10 +2,8 @@
lib, lib,
pkgs, pkgs,
... ...
}: }: {
{ hm.programs.alacritty = let
hm.programs.alacritty =
let
theme = pkgs.fetchurl { theme = pkgs.fetchurl {
# url = "https://raw.githubusercontent.com/catppuccin/alacritty/ce476fb41f307d90f841c1a4fd7f0727c21248b2/catppuccin-macchiato.toml"; # url = "https://raw.githubusercontent.com/catppuccin/alacritty/ce476fb41f307d90f841c1a4fd7f0727c21248b2/catppuccin-macchiato.toml";
url = "https://raw.githubusercontent.com/rose-pine/alacritty/3c3e36eb5225b0eb6f1aa989f9d9e783a5b47a83/dist/rose-pine.toml"; url = "https://raw.githubusercontent.com/rose-pine/alacritty/3c3e36eb5225b0eb6f1aa989f9d9e783a5b47a83/dist/rose-pine.toml";
@ -13,8 +11,7 @@
}; };
themeAttr = builtins.fromTOML (builtins.readFile theme); themeAttr = builtins.fromTOML (builtins.readFile theme);
in in {
{
enable = true; enable = true;
settings = lib.recursiveUpdate themeAttr { settings = lib.recursiveUpdate themeAttr {
font = { font = {

11
programs/dotnet.nix
View file

@ -3,17 +3,14 @@
config, config,
pkgs, pkgs,
... ...
}: }: let
let
inherit (config.lib.file) mkOutOfStoreSymlink; inherit (config.lib.file) mkOutOfStoreSymlink;
in in {
{
home = { home = {
packages = [ pkgs.jetbrains.rider ]; packages = [pkgs.jetbrains.rider];
file = { file = {
".dotnet/8".source = ".dotnet/8".source = mkOutOfStoreSymlink "${pkgs.dotnetCorePackages.dotnet_8.sdk.unwrapped}/share/dotnet";
mkOutOfStoreSymlink "${pkgs.dotnetCorePackages.dotnet_8.sdk.unwrapped}/share/dotnet";
".dotnet/mono".source = mkOutOfStoreSymlink pkgs.mono; ".dotnet/mono".source = mkOutOfStoreSymlink pkgs.mono;
}; };
}; };

3
programs/fish.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
programs.fish.enable = true; programs.fish.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

9
programs/games.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
hardware = { hardware = {
xone.enable = true; xone.enable = true;
xpadneo.enable = true; xpadneo.enable = true;
@ -10,11 +9,7 @@
osu-lazer-bin osu-lazer-bin
(prismlauncher.override { (prismlauncher.override {
jdks = [ jdks = [temurin-bin-21 temurin-bin-17 temurin-bin-8];
temurin-bin-21
temurin-bin-17
temurin-bin-8
];
}) })
]; ];

5
programs/ghostty.nix
View file

@ -2,10 +2,9 @@
pkgs, pkgs,
ghostty, ghostty,
... ...
}: }: {
{
hm.home = { hm.home = {
packages = [ ghostty.packages.${pkgs.system}.default ]; packages = [ghostty.packages.${pkgs.system}.default];
file.".config/ghostty/config".text = '' file.".config/ghostty/config".text = ''
theme = light:catppuccin-latte,dark:catppuccin-mocha theme = light:catppuccin-latte,dark:catppuccin-mocha

3
programs/git.nix
View file

@ -1,5 +1,4 @@
{ config, ... }: {config, ...}: {
{
programs.git.enable = true; programs.git.enable = true;
hm.programs = { hm.programs = {

11
programs/gnome.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
services = { services = {
xserver.desktopManager.gnome.enable = true; xserver.desktopManager.gnome.enable = true;
displayManager = { displayManager = {
@ -14,14 +13,14 @@
hm.programs.gnome-shell = { hm.programs.gnome-shell = {
enable = true; enable = true;
extensions = with pkgs.gnomeExtensions; [ extensions = with pkgs.gnomeExtensions; [
{ package = appindicator; } {package = appindicator;}
{ package = dash-to-dock; } {package = dash-to-dock;}
{ package = blur-my-shell; } {package = blur-my-shell;}
]; ];
}; };
environment = with pkgs; { environment = with pkgs; {
systemPackages = [ gnome-tweaks ]; systemPackages = [gnome-tweaks];
gnome.excludePackages = [ gnome.excludePackages = [
gnome-tour gnome-tour

8
programs/hyprland-misc.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
# utility packages for hyprland, since you know it's not a DE # utility packages for hyprland, since you know it's not a DE
hm.home.packages = with pkgs; [ hm.home.packages = with pkgs; [
@ -15,10 +14,7 @@
thunar = { thunar = {
enable = true; enable = true;
plugins = with pkgs.xfce; [ plugins = with pkgs.xfce; [thunar-volman thunar-archive-plugin];
thunar-volman
thunar-archive-plugin
];
}; };
}; };
} }

36
programs/hyprland.nix
View file

@ -2,8 +2,7 @@
lib, lib,
pkgs, pkgs,
... ...
}: }: {
{
imports = [ imports = [
./hyprland-misc.nix ./hyprland-misc.nix
./alacritty.nix ./alacritty.nix
@ -21,7 +20,7 @@
}; };
}; };
xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; xdg.portal.extraPortals = with pkgs; [xdg-desktop-portal-gtk];
hm = { hm = {
home.packages = with pkgs; [ home.packages = with pkgs; [
@ -38,24 +37,11 @@
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
settings = settings = let
let
inherit (lib) getExe getExe'; inherit (lib) getExe getExe';
keys = [ keys = ["ampersand" "eacute" "quotedbl" "apostrophe" "parenleft" "minus" "egrave" "underscore" "ccedilla" "agrave"];
"ampersand"
"eacute"
"quotedbl"
"apostrophe"
"parenleft"
"minus"
"egrave"
"underscore"
"ccedilla"
"agrave"
];
in in
with pkgs; with pkgs; {
{
"$mod" = "SUPER"; "$mod" = "SUPER";
"$wl-paste" = getExe' wl-clipboard "wl-paste"; "$wl-paste" = getExe' wl-clipboard "wl-paste";
"$wpctl" = getExe' wireplumber "wpctl"; "$wpctl" = getExe' wireplumber "wpctl";
@ -166,18 +152,12 @@
++ ++
# Switch workspaces with mod + [0-9] # Switch workspaces with mod + [0-9]
# Move active window to a workspace with mod + SHIFT + [0-9] # Move active window to a workspace with mod + SHIFT + [0-9]
lib.flatten ( lib.flatten (builtins.map (i: let
builtins.map (
i:
let
key = builtins.elemAt keys (i - 1); key = builtins.elemAt keys (i - 1);
in in [
[
"$mod, ${key}, workspace, ${toString i}" "$mod, ${key}, workspace, ${toString i}"
"$mod SHIFT, ${key}, movetoworkspace, ${toString i}" "$mod SHIFT, ${key}, movetoworkspace, ${toString i}"
] ]) (lib.range 1 10));
) (lib.range 1 10)
);
bindm = [ bindm = [
"$mod, mouse:272, movewindow" "$mod, mouse:272, movewindow"

6
programs/java.nix
View file

@ -3,11 +3,9 @@
config, config,
pkgs, pkgs,
... ...
}: }: let
let
inherit (config.lib.file) mkOutOfStoreSymlink; inherit (config.lib.file) mkOutOfStoreSymlink;
in in {
{
home.file = { home.file = {
".jdks/temurin-21".source = mkOutOfStoreSymlink pkgs.temurin-bin-21; ".jdks/temurin-21".source = mkOutOfStoreSymlink pkgs.temurin-bin-21;
".jdks/temurin-17".source = mkOutOfStoreSymlink pkgs.temurin-bin-17; ".jdks/temurin-17".source = mkOutOfStoreSymlink pkgs.temurin-bin-17;

3
programs/kde.nix
View file

@ -2,8 +2,7 @@
pkgs, pkgs,
camasca, camasca,
... ...
}: }: {
{
services = { services = {
desktopManager.plasma6.enable = true; desktopManager.plasma6.enable = true;
displayManager.sddm = { displayManager.sddm = {

5
programs/neovim/default.nix
View file

@ -1,12 +1,11 @@
{ pkgs, ... }: {pkgs, ...}: {
{
hm.programs.neovim = { hm.programs.neovim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
extraLuaConfig = builtins.readFile ./init.lua; extraLuaConfig = builtins.readFile ./init.lua;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
(lua5_1.withPackages (ps: with ps; [ luarocks ])) (lua5_1.withPackages (ps: with ps; [luarocks]))
tree-sitter tree-sitter
]; ];

21
programs/neovim/init.lua
View file

@ -1,5 +1,5 @@
-- sets the <Leader> "key", which can be used in shortcuts -- sets the <Leader> "key", which can be used in shortcuts
vim.g.mapleader = " " vim.g.mapleader = ' '
vim.g.have_nerd_font = true vim.g.have_nerd_font = true
@ -8,7 +8,7 @@ vim.g.have_nerd_font = true
vim.opt.number = true vim.opt.number = true
-- enable mouse -- enable mouse
vim.opt.mouse = "a" vim.opt.mouse = 'a'
-- save undo history -- save undo history
vim.opt.undofile = true vim.opt.undofile = true
@ -31,19 +31,21 @@ vim.opt.splitbelow = true
vim.opt.list = true vim.opt.list = true
-- preview substitutions (:s & :%s) while typing -- preview substitutions (:s & :%s) while typing
vim.opt.inccommand = "split" vim.opt.inccommand = 'split'
-- highlight the line the cursor is on -- highlight the line the cursor is on
vim.opt.cursorline = true vim.opt.cursorline = true
-- sync os clipboard and neovim -- sync os clipboard and neovim
vim.schedule(function() vim.schedule(function()
vim.opt.clipboard = "unnamedplus" vim.opt.clipboard = 'unnamedplus'
end) end)
-- [[ shortcuts, see `:help vim.keymap.set()` ]] -- [[ shortcuts, see `:help vim.keymap.set()` ]]
-- hide search results when pressing esc -- hide search results when pressing esc
vim.keymap.set("n", "<Esc>", "<cmd>nohlsearch<CR>") vim.keymap.set('n', '<Esc>', '<cmd>nohlsearch<CR>')
-- disable arrow keys in normal mode -- disable arrow keys in normal mode
-- vim.keymap.set('n', '<left>', '<cmd>echo "Use h to move!!"<CR>') -- vim.keymap.set('n', '<left>', '<cmd>echo "Use h to move!!"<CR>')
@ -55,10 +57,11 @@ vim.keymap.set("n", "<Esc>", "<cmd>nohlsearch<CR>")
-- Use CTRL+<hjkl> to switch between windows -- Use CTRL+<hjkl> to switch between windows
-- --
-- See `:help wincmd` for a list of all window commands -- See `:help wincmd` for a list of all window commands
vim.keymap.set("n", "<C-h>", "<C-w><C-h>", { desc = "Move focus to the left window" }) vim.keymap.set('n', '<C-h>', '<C-w><C-h>', { desc = 'Move focus to the left window' })
vim.keymap.set("n", "<C-l>", "<C-w><C-l>", { desc = "Move focus to the right window" }) vim.keymap.set('n', '<C-l>', '<C-w><C-l>', { desc = 'Move focus to the right window' })
vim.keymap.set("n", "<C-j>", "<C-w><C-j>", { desc = "Move focus to the lower window" }) vim.keymap.set('n', '<C-j>', '<C-w><C-j>', { desc = 'Move focus to the lower window' })
vim.keymap.set("n", "<C-k>", "<C-w><C-k>", { desc = "Move focus to the upper window" }) vim.keymap.set('n', '<C-k>', '<C-w><C-k>', { desc = 'Move focus to the upper window' })
-- [[ plugin configuration ]] -- [[ plugin configuration ]]
require("nvim-treesitter.configs").setup({ require("nvim-treesitter.configs").setup({

13
programs/rust.nix
View file

@ -3,20 +3,15 @@
pkgs, pkgs,
config, config,
... ...
}: }: let
let toml = pkgs.formats.toml {};
toml = pkgs.formats.toml { }; in {
in
{
hm.home.file.".cargo/config.toml".source = toml.generate "config.toml" { hm.home.file.".cargo/config.toml".source = toml.generate "config.toml" {
build.target-dir = "${config.hm.home.homeDirectory}/.cargo/target"; build.target-dir = "${config.hm.home.homeDirectory}/.cargo/target";
target.x86_64-unknown-linux-gnu = { target.x86_64-unknown-linux-gnu = {
linker = "${lib.getExe pkgs.clang}"; linker = "${lib.getExe pkgs.clang}";
rustflags = [ rustflags = ["-C" "link-arg=-fuse-ld=${lib.getExe pkgs.mold}"];
"-C"
"link-arg=-fuse-ld=${lib.getExe pkgs.mold}"
];
}; };
}; };
} }

6
programs/starship/default.nix
View file

@ -1,13 +1,15 @@
{ {
hm.programs.starship = { hm.programs.starship = {
enable = true; enable = true;
settings = { settings =
{
add_newline = false; add_newline = false;
directory = { directory = {
truncation_length = 3; truncation_length = 3;
truncation_symbol = "/"; truncation_symbol = "/";
}; };
} // (import ./nerd-font.nix); }
// builtins.fromTOML (builtins.readFile ./nerd-font.toml);
}; };
} }

84
programs/starship/nerd-font.nix
View file

@ -1,84 +0,0 @@
{
aws.symbol = " ";
buf.symbol = " ";
c.symbol = " ";
conda.symbol = " ";
crystal.symbol = " ";
dart.symbol = " ";
directory.read_only = " 󰌾";
docker_context.symbol = " ";
elixir.symbol = " ";
elm.symbol = " ";
fennel.symbol = " ";
fossil_branch.symbol = " ";
git_branch.symbol = " ";
golang.symbol = " ";
guix_shell.symbol = " ";
haskell.symbol = " ";
haxe.symbol = " ";
hg_branch.symbol = " ";
hostname.ssh_symbol = " ";
java.symbol = " ";
julia.symbol = " ";
kotlin.symbol = " ";
lua.symbol = " ";
memory_usage.symbol = "󰍛 ";
meson.symbol = "󰔷 ";
nim.symbol = "󰆥 ";
nix_shell.symbol = " ";
nodejs.symbol = " ";
ocaml.symbol = " ";
package.symbol = "󰏗 ";
perl.symbol = " ";
php.symbol = " ";
pijul_channel.symbol = " ";
python.symbol = " ";
rlang.symbol = "󰟔 ";
ruby.symbol = " ";
rust.symbol = " ";
scala.symbol = " ";
swift.symbol = " ";
zig.symbol = " ";
os.symbols = {
Alpaquita = " ";
Alpine = " ";
Amazon = " ";
Android = " ";
Arch = " ";
Artix = " ";
CentOS = " ";
Debian = " ";
DragonFly = " ";
Emscripten = " ";
EndeavourOS = " ";
Fedora = " ";
FreeBSD = " ";
Garuda = "󰛓 ";
Gentoo = " ";
HardenedBSD = "󰞌 ";
Illumos = "󰈸 ";
Linux = " ";
Mabox = " ";
Macos = " ";
Manjaro = " ";
Mariner = " ";
MidnightBSD = " ";
Mint = " ";
NetBSD = " ";
NixOS = " ";
OpenBSD = "󰈺 ";
openSUSE = " ";
OracleLinux = "󰌷 ";
Pop = " ";
Raspbian = " ";
Redhat = " ";
RedHatEnterprise = " ";
Redox = "󰀘 ";
Solus = "󰠳 ";
SUSE = " ";
Ubuntu = " ";
Unknown = " ";
Windows = "󰍲 ";
};
}

160
programs/starship/nerd-font.toml Normal file
View file

@ -0,0 +1,160 @@
[aws]
symbol = " "
[buf]
symbol = " "
[c]
symbol = " "
[conda]
symbol = " "
[crystal]
symbol = " "
[dart]
symbol = " "
[directory]
read_only = " 󰌾"
[docker_context]
symbol = " "
[elixir]
symbol = " "
[elm]
symbol = " "
[fennel]
symbol = " "
[fossil_branch]
symbol = " "
[git_branch]
symbol = " "
[golang]
symbol = " "
[guix_shell]
symbol = " "
[haskell]
symbol = " "
[haxe]
symbol = " "
[hg_branch]
symbol = " "
[hostname]
ssh_symbol = " "
[java]
symbol = " "
[julia]
symbol = " "
[kotlin]
symbol = " "
[lua]
symbol = " "
[memory_usage]
symbol = "󰍛 "
[meson]
symbol = "󰔷 "
[nim]
symbol = "󰆥 "
[nix_shell]
symbol = " "
[nodejs]
symbol = " "
[ocaml]
symbol = " "
[os.symbols]
Alpaquita = " "
Alpine = " "
Amazon = " "
Android = " "
Arch = " "
Artix = " "
CentOS = " "
Debian = " "
DragonFly = " "
Emscripten = " "
EndeavourOS = " "
Fedora = " "
FreeBSD = " "
Garuda = "󰛓 "
Gentoo = " "
HardenedBSD = "󰞌 "
Illumos = "󰈸 "
Linux = " "
Mabox = " "
Macos = " "
Manjaro = " "
Mariner = " "
MidnightBSD = " "
Mint = " "
NetBSD = " "
NixOS = " "
OpenBSD = "󰈺 "
openSUSE = " "
OracleLinux = "󰌷 "
Pop = " "
Raspbian = " "
Redhat = " "
RedHatEnterprise = " "
Redox = "󰀘 "
Solus = "󰠳 "
SUSE = " "
Ubuntu = " "
Unknown = " "
Windows = "󰍲 "
[package]
symbol = "󰏗 "
[perl]
symbol = " "
[php]
symbol = " "
[pijul_channel]
symbol = " "
[python]
symbol = " "
[rlang]
symbol = "󰟔 "
[ruby]
symbol = " "
[rust]
symbol = " "
[scala]
symbol = " "
[swift]
symbol = " "
[zig]
symbol = " "

17
programs/vscode.nix
View file

@ -2,8 +2,7 @@
pkgs, pkgs,
vscode-extensions, vscode-extensions,
... ...
}: }: let
let
inherit (pkgs.stdenv.hostPlatform) system; inherit (pkgs.stdenv.hostPlatform) system;
extensions = vscode-extensions.extensions.${system}; extensions = vscode-extensions.extensions.${system};
@ -14,16 +13,14 @@ let
rust-lang.rust-analyzer rust-lang.rust-analyzer
wakatime.vscode-wakatime wakatime.vscode-wakatime
]; ];
in in {
{
hm.programs.vscode = { hm.programs.vscode = {
enable = true; enable = true;
enableUpdateCheck = false; enableUpdateCheck = false;
enableExtensionUpdateCheck = false; enableExtensionUpdateCheck = false;
mutableExtensionsDir = false; mutableExtensionsDir = false;
extensions = extensions = with extensions.vscode-marketplace;
with extensions.vscode-marketplace;
patched patched
++ [ ++ [
# style # style
@ -52,12 +49,8 @@ in
# cpp # cpp
mesonbuild.mesonbuild mesonbuild.mesonbuild
(ms-vscode.cmake-tools.overrideAttrs (_: { (ms-vscode.cmake-tools.overrideAttrs (_: {sourceRoot = "extension";}))
sourceRoot = "extension"; (ms-vscode.makefile-tools.overrideAttrs (_: {sourceRoot = "extension";}))
}))
(ms-vscode.makefile-tools.overrideAttrs (_: {
sourceRoot = "extension";
}))
twxs.cmake twxs.cmake
xaver.clang-format xaver.clang-format

27
programs/waybar/default.nix
View file

@ -3,8 +3,7 @@
pkgs, pkgs,
config, config,
... ...
}: }: {
{
hm.programs.waybar = { hm.programs.waybar = {
enable = true; enable = true;
style = ./style.css; style = ./style.css;
@ -16,23 +15,15 @@
height = 24; height = 24;
spacing = 2; spacing = 2;
modules-left = [ "hyprland/workspaces" ]; modules-left = ["hyprland/workspaces"];
modules-center = [ ]; modules-center = [];
modules-right = modules-right =
[ "memory" ] ["memory"]
++ lib.optionals (builtins.elem "amdgpu" config.services.xserver.videoDrivers) [ ++ lib.optionals (builtins.elem "amdgpu" config.services.xserver.videoDrivers) ["custom/gpu-usage"]
"custom/gpu-usage" ++ ["cpu" "wireplumber"]
] ++ lib.optionals config.services.power-profiles-daemon.enable ["battery"]
++ [ ++ lib.optionals config.programs.light.enable ["backlight"]
"cpu" ++ ["clock" "tray"];
"wireplumber"
]
++ lib.optionals config.services.power-profiles-daemon.enable [ "battery" ]
++ lib.optionals config.programs.light.enable [ "backlight" ]
++ [
"clock"
"tray"
];
"hyprland/workspaces" = { "hyprland/workspaces" = {
format = "{name}"; format = "{name}";

14
programs/waybar/style.css
View file

@ -31,9 +31,7 @@
@define-color rosewater #f4dbd6; @define-color rosewater #f4dbd6;
* { * {
font-family: font-family: Jetbrains Mono, sans-serif;
Jetbrains Mono,
sans-serif;
font-size: 12px; font-size: 12px;
} }
@ -41,7 +39,7 @@ window#waybar {
background-color: @base; background-color: @base;
color: @text; color: @text;
transition-property: background-color; transition-property: background-color;
transition-duration: 0.5s; transition-duration: .5s;
} }
button { button {
@ -84,12 +82,12 @@ button:hover {
} }
/* If workspaces is the leftmost module, omit left margin */ /* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces { .modules-left>widget:first-child>#workspaces {
margin-left: 0; margin-left: 0;
} }
/* If workspaces is the rightmost module, omit right margin */ /* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces { .modules-right>widget:last-child>#workspaces {
margin-right: 0; margin-right: 0;
} }
@ -156,11 +154,11 @@ button:hover {
background-color: @yellow; background-color: @yellow;
} }
#tray > .passive { #tray>.passive {
-gtk-icon-effect: dim; -gtk-icon-effect: dim;
} }
#tray > .needs-attention { #tray>.needs-attention {
-gtk-icon-effect: highlight; -gtk-icon-effect: highlight;
background-color: #eb4d4b; background-color: #eb4d4b;
} }

42
secrets/secrets.nix
View file

@ -5,17 +5,9 @@ let
etna = "age1m3jm6c5ywc5zntv5j4xhals0h28mpea88zzddq88zxcshmhteqwqu89qnh"; etna = "age1m3jm6c5ywc5zntv5j4xhals0h28mpea88zzddq88zxcshmhteqwqu89qnh";
vesuvio = "age1g2z0tztrv2w7wtludjrd85q7px3lvjms0cjj32zej9dqpjwpscwsle6xhf"; vesuvio = "age1g2z0tztrv2w7wtludjrd85q7px3lvjms0cjj32zej9dqpjwpscwsle6xhf";
main = [ main = [fuji kilimandjaro mottarone];
fuji all = main ++ [etna vesuvio];
kilimandjaro in {
mottarone
];
all = main ++ [
etna
vesuvio
];
in
{
"shared/userPassword.age".publicKeys = all; "shared/userPassword.age".publicKeys = all;
"shared/tailscaleKey.age".publicKeys = all; "shared/tailscaleKey.age".publicKeys = all;
"shared/frpToken.age".publicKeys = all; "shared/frpToken.age".publicKeys = all;
@ -25,19 +17,19 @@ in
"fuji-wsl/rootPassword.age".publicKeys = main; "fuji-wsl/rootPassword.age".publicKeys = main;
"kilimandjaro/rootPassword.age".publicKeys = main; "kilimandjaro/rootPassword.age".publicKeys = main;
"mottarone/rootPassword.age".publicKeys = main; "mottarone/rootPassword.age".publicKeys = main;
"etna/rootPassword.age".publicKeys = main ++ [ etna ]; "etna/rootPassword.age".publicKeys = main ++ [etna];
"vesuvio/rootPassword.age".publicKeys = main ++ [ vesuvio ]; "vesuvio/rootPassword.age".publicKeys = main ++ [vesuvio];
"etna/tunnelCreds.age".publicKeys = main ++ [ etna ]; "etna/tunnelCreds.age".publicKeys = main ++ [etna];
"etna/apiRsEnv.age".publicKeys = main ++ [ etna ]; "etna/apiRsEnv.age".publicKeys = main ++ [etna];
"etna/ukubotRsEnv.age".publicKeys = main ++ [ etna ]; "etna/ukubotRsEnv.age".publicKeys = main ++ [etna];
"etna/minecraftEnv.age".publicKeys = main ++ [ etna ]; "etna/minecraftEnv.age".publicKeys = main ++ [etna];
"etna/dendriteKey.age".publicKeys = main ++ [ etna ]; "etna/dendriteKey.age".publicKeys = main ++ [etna];
"etna/nextcloudAdminPass.age".publicKeys = main ++ [ etna ]; "etna/nextcloudAdminPass.age".publicKeys = main ++ [etna];
"etna/turnstileSecret.age".publicKeys = main ++ [ etna ]; "etna/turnstileSecret.age".publicKeys = main ++ [etna];
"etna/navidromeEnv.age".publicKeys = main ++ [ etna ]; "etna/navidromeEnv.age".publicKeys = main ++ [etna];
"etna/forgejoRunnerSecret.age".publicKeys = main ++ [ etna ]; "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna];
"etna/vaultwardenEnv.age".publicKeys = main ++ [ etna ]; "etna/vaultwardenEnv.age".publicKeys = main ++ [etna];
"etna/vmauthEnv.age".publicKeys = main ++ [ etna ]; "etna/vmauthEnv.age".publicKeys = main ++ [etna];
"etna/upsdUserPass.age".publicKeys = main ++ [ etna ]; "etna/upsdUserPass.age".publicKeys = main ++ [etna];
} }

21
systems/default.nix
View file

@ -2,17 +2,15 @@
lib, lib,
inputs, inputs,
... ...
}: }: let
let _utils = import ../global/utils.nix {inherit lib;};
_utils = import ../global/utils.nix { inherit lib; };
toSystem = toSystem = name: {
name:
{
role, role,
system, system,
}: }:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem
{
inherit system; inherit system;
modules = [ modules = [
@ -20,15 +18,12 @@ let
./${name}/hardware-configuration.nix ./${name}/hardware-configuration.nix
../configs/${role}.nix ../configs/${role}.nix
{ networking.hostName = name; } {networking.hostName = name;}
]; ];
specialArgs = inputs // { specialArgs = inputs // {inherit _utils;};
inherit _utils;
}; };
}; in {
in
{
flake.nixosConfigurations = lib.mapAttrs toSystem { flake.nixosConfigurations = lib.mapAttrs toSystem {
fuji = { fuji = {
role = "desktop"; role = "desktop";

10
systems/etna/default.nix
View file

@ -4,17 +4,15 @@
config, config,
_utils, _utils,
... ...
}: }: let
let
tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5"; tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; }; secrets = _utils.setupSharedSecrets config {secrets = ["frpToken"];};
cfTunnelSecret = _utils.setupSingleSecret config "tunnelCreds" { cfTunnelSecret = _utils.setupSingleSecret config "tunnelCreds" {
owner = "cloudflared"; owner = "cloudflared";
group = "cloudflared"; group = "cloudflared";
}; };
in in {
{
assertions = [ assertions = [
{ {
assertion = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.6.31"; assertion = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.6.31";
@ -23,7 +21,7 @@ in
]; ];
imports = [ imports = [
(lib.mkAliasOptionModule [ "cfTunnels" ] [ "services" "cloudflared" "tunnels" tunnelId "ingress" ]) (lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
secrets.generate secrets.generate
cfTunnelSecret.generate cfTunnelSecret.generate

52
systems/etna/dendrite.nix
View file

@ -2,34 +2,30 @@
config, config,
_utils, _utils,
... ...
}: }: let
let secretKey = _utils.setupSingleSecret config "dendriteKey" {};
secretKey = _utils.setupSingleSecret config "dendriteKey" { }; in {
in imports = [secretKey.generate];
{
imports = [ secretKey.generate ];
cfTunnels."m.uku.moe" = "http://localhost:80"; cfTunnels."m.uku.moe" = "http://localhost:80";
systemd.services.dendrite = { systemd.services.dendrite = {
after = [ "postgresql.service" ]; after = ["postgresql.service"];
serviceConfig.RestartSec = 10; serviceConfig.RestartSec = 10;
}; };
services = { services = {
dendrite = dendrite = let
let
database = { database = {
connection_string = "postgres:///dendrite?host=/run/postgresql"; connection_string = "postgres:///dendrite?host=/run/postgresql";
max_open_conns = 50; max_open_conns = 50;
max_idle_conns = 5; max_idle_conns = 5;
conn_max_lifetime = -1; conn_max_lifetime = -1;
}; };
in in {
{
enable = true; enable = true;
httpPort = 8008; httpPort = 8008;
loadCredential = [ "private_key:${secretKey.path}" ]; loadCredential = ["private_key:${secretKey.path}"];
settings = { settings = {
global = { global = {
@ -42,14 +38,14 @@ in
registration_disabled = true; registration_disabled = true;
}; };
app_service_api = { inherit database; }; app_service_api = {inherit database;};
federation_api = { inherit database; }; federation_api = {inherit database;};
key_server = { inherit database; }; key_server = {inherit database;};
media_api = { inherit database; }; media_api = {inherit database;};
mscs = { inherit database; }; mscs = {inherit database;};
relay_api = { inherit database; }; relay_api = {inherit database;};
room_server = { inherit database; }; room_server = {inherit database;};
sync_api = { inherit database; }; sync_api = {inherit database;};
user_api = { user_api = {
account_database = database; account_database = database;
device_database = database; device_database = database;
@ -59,7 +55,7 @@ in
postgresql = { postgresql = {
enable = true; enable = true;
ensureDatabases = [ "dendrite" ]; ensureDatabases = ["dendrite"];
ensureUsers = [ ensureUsers = [
{ {
name = "dendrite"; name = "dendrite";
@ -68,16 +64,10 @@ in
]; ];
}; };
nginx.virtualHosts."m.uku.moe".locations = nginx.virtualHosts."m.uku.moe".locations = let
let server = {"m.server" = "m.uku.moe:443";};
server = { client = {"m.homeserver"."base_url" = "https://m.uku.moe";};
"m.server" = "m.uku.moe:443"; in {
};
client = {
"m.homeserver"."base_url" = "https://m.uku.moe";
};
in
{
"=/.well-known/matrix/server" = { "=/.well-known/matrix/server" = {
return = "200 '${builtins.toJSON server}'"; return = "200 '${builtins.toJSON server}'";
}; };

13
systems/etna/forgejo.nix
View file

@ -3,21 +3,16 @@
config, config,
_utils, _utils,
... ...
}: }: let
let
secrets = _utils.setupSecrets config { secrets = _utils.setupSecrets config {
secrets = [ secrets = ["turnstileSecret" "forgejoRunnerSecret"];
"turnstileSecret"
"forgejoRunnerSecret"
];
extra = { extra = {
owner = "forgejo"; owner = "forgejo";
group = "forgejo"; group = "forgejo";
}; };
}; };
in in {
{ imports = [secrets.generate];
imports = [ secrets.generate ];
cfTunnels."git.uku3lig.net" = "http://localhost:3000"; cfTunnels."git.uku3lig.net" = "http://localhost:3000";

24
systems/etna/hardware-configuration.nix
View file

@ -7,22 +7,15 @@
pkgs, pkgs,
modulesPath, modulesPath,
... ...
}: }: {
{
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
"xhci_pci" boot.initrd.kernelModules = [];
"ahci" boot.kernelModules = ["kvm-intel"];
"usbhid" boot.extraModulePackages = [];
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/e136f8ad-b8d5-4706-ad24-725926fd50ec"; device = "/dev/disk/by-uuid/e136f8ad-b8d5-4706-ad24-725926fd50ec";
@ -32,10 +25,7 @@
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/FBB1-A79D"; device = "/dev/disk/by-uuid/FBB1-A79D";
fsType = "vfat"; fsType = "vfat";
options = [ options = ["fmask=0022" "dmask=0022"];
"fmask=0022"
"dmask=0022"
];
}; };
fileSystems."/data" = { fileSystems."/data" = {
@ -44,7 +34,7 @@
}; };
swapDevices = [ swapDevices = [
{ device = "/dev/disk/by-uuid/4982538e-5402-44c0-86c6-bf086c856615"; } {device = "/dev/disk/by-uuid/4982538e-5402-44c0-86c6-bf086c856615";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

3
systems/etna/immich.nix
View file

@ -1,5 +1,4 @@
{ ... }: {...}: {
{
services.immich = { services.immich = {
enable = true; enable = true;

14
systems/etna/metrics.nix
View file

@ -3,13 +3,11 @@
mystia, mystia,
_utils, _utils,
... ...
}: }: let
let
vmcfg = config.services.victoriametrics; vmcfg = config.services.victoriametrics;
secrets = _utils.setupSharedSecrets config { secrets = [ "vmAuthToken" ]; }; secrets = _utils.setupSharedSecrets config {secrets = ["vmAuthToken"];};
vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" { }; vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" {};
in in {
{
imports = [ imports = [
mystia.nixosModules.vmauth mystia.nixosModules.vmauth
secrets.generate secrets.generate
@ -49,12 +47,12 @@ in
scrape_configs = [ scrape_configs = [
{ {
job_name = "victoriametrics"; job_name = "victoriametrics";
static_configs = [ { targets = [ "${builtins.toString vmcfg.listenAddress}" ]; } ]; static_configs = [{targets = ["${builtins.toString vmcfg.listenAddress}"];}];
} }
{ {
job_name = "api-rs"; job_name = "api-rs";
static_configs = [ { targets = [ "localhost:5001" ]; } ]; static_configs = [{targets = ["localhost:5001"];}];
} }
]; ];
}; };

16
systems/etna/minecraft.nix
View file

@ -4,18 +4,17 @@
config, config,
_utils, _utils,
... ...
}: }: let
let
inherit (config.virtualisation.oci-containers) backend; inherit (config.virtualisation.oci-containers) backend;
secret = _utils.setupSingleSecret config "minecraftEnv" { }; secret = _utils.setupSingleSecret config "minecraftEnv" {};
lynn = _utils.mkMinecraftServer config { lynn = _utils.mkMinecraftServer config {
name = "lynn"; name = "lynn";
port = 25567; port = 25567;
remotePort = 6002; remotePort = 6002;
memory = "4G"; memory = "4G";
envFiles = [ secret.path ]; envFiles = [secret.path];
env = { env = {
USE_AIKAR_FLAGS = "true"; USE_AIKAR_FLAGS = "true";
TYPE = "MODRINTH"; TYPE = "MODRINTH";
@ -28,7 +27,7 @@ let
port = 25565; port = 25565;
remotePort = 6005; remotePort = 6005;
memory = "4G"; memory = "4G";
envFiles = [ secret.path ]; envFiles = [secret.path];
env = { env = {
USE_AIKAR_FLAGS = "true"; USE_AIKAR_FLAGS = "true";
TYPE = "MODRINTH"; TYPE = "MODRINTH";
@ -41,7 +40,7 @@ let
port = 25566; port = 25566;
remotePort = 6006; remotePort = 6006;
memory = "4G"; memory = "4G";
envFiles = [ secret.path ]; envFiles = [secret.path];
env = { env = {
USE_AIKAR_FLAGS = "true"; USE_AIKAR_FLAGS = "true";
TYPE = "MODRINTH"; TYPE = "MODRINTH";
@ -49,8 +48,7 @@ let
MODRINTH_PROJECTS = "spark, no-chat-reports"; MODRINTH_PROJECTS = "spark, no-chat-reports";
}; };
}; };
in in {
{
imports = [ imports = [
secret.generate secret.generate
@ -60,7 +58,7 @@ in
]; ];
systemd.services.restart-minecraft-servers = { systemd.services.restart-minecraft-servers = {
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
startAt = "*-*-* 05:00:00"; startAt = "*-*-* 05:00:00";
restartIfChanged = false; restartIfChanged = false;

8
systems/etna/navidrome.nix
View file

@ -2,17 +2,15 @@
config, config,
_utils, _utils,
... ...
}: }: let
let
cfg = config.services.navidrome; cfg = config.services.navidrome;
env = _utils.setupSingleSecret config "navidromeEnv" { env = _utils.setupSingleSecret config "navidromeEnv" {
inherit (cfg) group; inherit (cfg) group;
owner = cfg.user; owner = cfg.user;
}; };
in in {
{ imports = [env.generate];
imports = [ env.generate ];
cfTunnels."navidrome.uku3lig.net" = "http://localhost:4533"; cfTunnels."navidrome.uku3lig.net" = "http://localhost:4533";

8
systems/etna/nextcloud.nix
View file

@ -3,15 +3,13 @@
config, config,
_utils, _utils,
... ...
}: }: let
let
adminPass = _utils.setupSingleSecret config "nextcloudAdminPass" { adminPass = _utils.setupSingleSecret config "nextcloudAdminPass" {
owner = config.users.users.nextcloud.name; owner = config.users.users.nextcloud.name;
group = config.users.users.nextcloud.name; group = config.users.users.nextcloud.name;
}; };
in in {
{ imports = [adminPass.generate];
imports = [ adminPass.generate ];
# nextcloud generates nginx config # nextcloud generates nginx config
cfTunnels."cloud.uku3lig.net" = "http://localhost:80"; cfTunnels."cloud.uku3lig.net" = "http://localhost:80";

5
systems/etna/reposilite.nix
View file

@ -1,6 +1,5 @@
{ camasca, ... }: {camasca, ...}: {
{ imports = [camasca.nixosModules.reposilite];
imports = [ camasca.nixosModules.reposilite ];
cfTunnels."maven.uku3lig.net" = "http://localhost:8080"; cfTunnels."maven.uku3lig.net" = "http://localhost:8080";

17
systems/etna/satisfactory.nix
View file

@ -1,15 +1,10 @@
{ config, ... }: {config, ...}: let
let
inherit (config.virtualisation.oci-containers) backend; inherit (config.virtualisation.oci-containers) backend;
in in {
{
virtualisation.oci-containers.containers.satisfactory = { virtualisation.oci-containers.containers.satisfactory = {
image = "wolveix/satisfactory-server:v1.8.5"; image = "wolveix/satisfactory-server:v1.8.5";
ports = [ ports = ["7777:7777/udp" "7777:7777/tcp"];
"7777:7777/udp" volumes = ["/var/lib/satisfactory-server:/config"];
"7777:7777/tcp"
];
volumes = [ "/var/lib/satisfactory-server:/config" ];
environment = { environment = {
MAXPLAYERS = "4"; MAXPLAYERS = "4";
PGID = "1000"; PGID = "1000";
@ -25,7 +20,7 @@ in
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 7777 ]; allowedTCPPorts = [7777];
allowedUDPPorts = [ 7777 ]; allowedUDPPorts = [7777];
}; };
} }

4
systems/etna/shlink.nix
View file

@ -3,8 +3,8 @@
virtualisation.oci-containers.containers.shlink = { virtualisation.oci-containers.containers.shlink = {
image = "shlinkio/shlink:stable"; image = "shlinkio/shlink:stable";
ports = [ "8081:8080" ]; ports = ["8081:8080"];
volumes = [ "/data/shlink/database.sqlite:/etc/shlink/data/database.sqlite" ]; volumes = ["/data/shlink/database.sqlite:/etc/shlink/data/database.sqlite"];
environment = { environment = {
DEFAULT_DOMAIN = "uku.moe"; DEFAULT_DOMAIN = "uku.moe";
IS_HTTPS_ENABLED = "true"; IS_HTTPS_ENABLED = "true";

11
systems/etna/uku.nix
View file

@ -4,16 +4,11 @@
api-rs, api-rs,
ukubot-rs, ukubot-rs,
... ...
}: }: let
let
secrets = _utils.setupSecrets config { secrets = _utils.setupSecrets config {
secrets = [ secrets = ["apiRsEnv" "ukubotRsEnv"];
"apiRsEnv"
"ukubotRsEnv"
];
}; };
in in {
{
imports = [ imports = [
api-rs.nixosModules.default api-rs.nixosModules.default
ukubot-rs.nixosModules.default ukubot-rs.nixosModules.default

21
systems/etna/ups.nix
View file

@ -2,12 +2,10 @@
_utils, _utils,
config, config,
... ...
}: }: let
let upsdPass = _utils.setupSingleSecret config "upsdUserPass" {};
upsdPass = _utils.setupSingleSecret config "upsdUserPass" { }; in {
in imports = [upsdPass.generate];
{
imports = [ upsdPass.generate ];
power.ups = { power.ups = {
enable = true; enable = true;
@ -22,11 +20,8 @@ in
users.admin = { users.admin = {
passwordFile = upsdPass.path; passwordFile = upsdPass.path;
instcmds = [ "ALL" ]; instcmds = ["ALL"];
actions = [ actions = ["SET" "FSD"];
"SET"
"FSD"
];
}; };
ups.eaton-3s-850 = { ups.eaton-3s-850 = {
@ -62,10 +57,10 @@ in
{ {
job_name = "nut"; job_name = "nut";
metrics_path = "/ups_metrics"; metrics_path = "/ups_metrics";
params.ups = [ "eaton-3s-850" ]; params.ups = ["eaton-3s-850"];
static_configs = [ static_configs = [
{ {
targets = [ "localhost:${builtins.toString config.services.prometheus.exporters.nut.port}" ]; targets = ["localhost:${builtins.toString config.services.prometheus.exporters.nut.port}"];
labels.ups = "eaton-3s-850"; labels.ups = "eaton-3s-850";
} }
]; ];

10
systems/etna/vaultwarden.nix
View file

@ -2,12 +2,10 @@
config, config,
_utils, _utils,
... ...
}: }: let
let envFile = _utils.setupSingleSecret config "vaultwardenEnv" {};
envFile = _utils.setupSingleSecret config "vaultwardenEnv" { }; in {
in imports = [envFile.generate];
{
imports = [ envFile.generate ];
cfTunnels."bw.uku3lig.net" = "http://localhost:8222"; cfTunnels."bw.uku3lig.net" = "http://localhost:8222";

5
systems/fuji-wsl/default.nix
View file

@ -3,13 +3,12 @@
pkgs, pkgs,
nixos-wsl, nixos-wsl,
... ...
}: }: {
{
imports = [ imports = [
nixos-wsl.nixosModules.default nixos-wsl.nixosModules.default
]; ];
environment.sessionVariables.LD_LIBRARY_PATH = [ "/run/opengl-driver/lib" ]; environment.sessionVariables.LD_LIBRARY_PATH = ["/run/opengl-driver/lib"];
wsl = { wsl = {
enable = true; enable = true;

5
systems/fuji/default.nix
View file

@ -1,11 +1,10 @@
{ pkgs, ... }: {pkgs, ...}: {
{
imports = [ imports = [
./nvidia.nix ./nvidia.nix
../../programs/games.nix ../../programs/games.nix
]; ];
services.xserver.videoDrivers = [ "amdgpu" ]; services.xserver.videoDrivers = ["amdgpu"];
hm = { hm = {
home.packages = with pkgs; [ home.packages = with pkgs; [

21
systems/fuji/hardware-configuration.nix
View file

@ -7,27 +7,20 @@
pkgs, pkgs,
modulesPath, modulesPath,
... ...
}: }: {
{
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"];
"xhci_pci" boot.initrd.kernelModules = [];
"ahci" boot.kernelModules = ["kvm-intel"];
"nvme" boot.extraModulePackages = [];
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/660ff32b-308f-411a-815e-959706ec1bcb"; device = "/dev/disk/by-uuid/660ff32b-308f-411a-815e-959706ec1bcb";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" ]; options = ["subvol=@"];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
@ -46,7 +39,7 @@
}; };
swapDevices = [ swapDevices = [
{ device = "/dev/disk/by-uuid/6ee8ec3d-3b26-4d6d-b43d-174f908fd8fe"; } {device = "/dev/disk/by-uuid/6ee8ec3d-3b26-4d6d-b43d-174f908fd8fe";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

7
systems/fuji/nvidia.nix
View file

@ -2,9 +2,8 @@
lib, lib,
pkgs, pkgs,
... ...
}: }: {
{ services.xserver.videoDrivers = lib.mkForce ["nvidia"];
services.xserver.videoDrivers = lib.mkForce [ "nvidia" ];
boot.kernelParams = [ boot.kernelParams = [
"nvidia.NVreg_EnableGpuFirmware=0" "nvidia.NVreg_EnableGpuFirmware=0"
@ -17,7 +16,7 @@
}; };
hardware = { hardware = {
graphics.extraPackages = [ pkgs.vaapiVdpau ]; graphics.extraPackages = [pkgs.vaapiVdpau];
nvidia = { nvidia = {
# package = config.boot.kernelPackages.nvidiaPackages.production; # package = config.boot.kernelPackages.nvidiaPackages.production;
open = true; open = true;

5
systems/kilimandjaro/default.nix
View file

@ -1,11 +1,10 @@
{ camasca, ... }: {camasca, ...}: {
{
imports = [ imports = [
camasca.nixosModules.asus-numpad camasca.nixosModules.asus-numpad
../../programs/games.nix ../../programs/games.nix
]; ];
hm.imports = [ ../../programs/dotnet.nix ]; hm.imports = [../../programs/dotnet.nix];
services.asus-numpad = { services.asus-numpad = {
enable = true; enable = true;

21
systems/kilimandjaro/hardware-configuration.nix
View file

@ -7,24 +7,15 @@
pkgs, pkgs,
modulesPath, modulesPath,
... ...
}: }: {
{
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc"];
"xhci_pci" boot.initrd.kernelModules = [];
"thunderbolt" boot.kernelModules = ["kvm-intel"];
"vmd" boot.extraModulePackages = [];
"nvme"
"usb_storage"
"sd_mod"
"rtsx_usb_sdmmc"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/e082a535-4b7c-4b24-af1c-0373eefd3c05"; device = "/dev/disk/by-uuid/e082a535-4b7c-4b24-af1c-0373eefd3c05";
@ -42,7 +33,7 @@
}; };
swapDevices = [ swapDevices = [
{ device = "/dev/disk/by-uuid/2a5ce834-4a58-45ab-955f-5b620d503f7b"; } {device = "/dev/disk/by-uuid/2a5ce834-4a58-45ab-955f-5b620d503f7b";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

6
systems/mottarone/default.nix
View file

@ -3,11 +3,9 @@
pkgs, pkgs,
camasca, camasca,
... ...
}: }: let
let
inherit (pkgs.stdenv.hostPlatform) system; inherit (pkgs.stdenv.hostPlatform) system;
in in {
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gtkterm gtkterm
remmina remmina

25
systems/mottarone/hardware-configuration.nix
View file

@ -7,23 +7,15 @@
pkgs, pkgs,
modulesPath, modulesPath,
... ...
}: }: {
{
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod"];
"xhci_pci" boot.initrd.kernelModules = [];
"thunderbolt" boot.kernelModules = ["kvm-intel"];
"nvme" boot.extraModulePackages = [];
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/e36f709d-a4ea-4310-8c0d-8752afacba3c"; device = "/dev/disk/by-uuid/e36f709d-a4ea-4310-8c0d-8752afacba3c";
@ -33,14 +25,11 @@
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D4AA-EE25"; device = "/dev/disk/by-uuid/D4AA-EE25";
fsType = "vfat"; fsType = "vfat";
options = [ options = ["fmask=0022" "dmask=0022"];
"fmask=0022"
"dmask=0022"
];
}; };
swapDevices = [ swapDevices = [
{ device = "/dev/disk/by-uuid/316ddc44-0359-40ac-9dce-2d78817fbb29"; } {device = "/dev/disk/by-uuid/316ddc44-0359-40ac-9dce-2d78817fbb29";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

21
systems/vesuvio/default.nix
View file

@ -3,22 +3,17 @@
config, config,
_utils, _utils,
... ...
}: }: let
let secrets = _utils.setupSharedSecrets config {secrets = ["frpToken"];};
secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; }; in {
in imports = [secrets.generate];
{
imports = [ secrets.generate ];
zramSwap.enable = true; zramSwap.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [dig traceroute];
dig
traceroute
];
services = { services = {
openssh.ports = [ 4269 ]; openssh.ports = [4269];
# Needed by the Hetzner Cloud password reset feature. # Needed by the Hetzner Cloud password reset feature.
qemuGuest.enable = true; qemuGuest.enable = true;
@ -45,11 +40,11 @@ in
frp.serviceConfig.EnvironmentFile = secrets.get "frpToken"; frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";
# https://discourse.nixos.org/t/qemu-guest-agent-on-hetzner-cloud-doesnt-work/8864/2 # https://discourse.nixos.org/t/qemu-guest-agent-on-hetzner-cloud-doesnt-work/8864/2
qemu-guest-agent.path = [ pkgs.shadow ]; qemu-guest-agent.path = [pkgs.shadow];
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 22 ]; # forgejo-ssh allowedTCPPorts = [22]; # forgejo-ssh
allowedTCPPortRanges = [ allowedTCPPortRanges = [
{ {
from = 6000; from = 6000;

18
systems/vesuvio/hardware-configuration.nix
View file

@ -1,6 +1,5 @@
{ modulesPath, ... }: {modulesPath, ...}: {
{ imports = ["${modulesPath}/profiles/qemu-guest.nix"];
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
boot = { boot = {
# arm so we can use systemd-boot # arm so we can use systemd-boot
@ -12,18 +11,11 @@
# set console because the console defaults to serial and # set console because the console defaults to serial and
# initialize the display early to get a complete log. # initialize the display early to get a complete log.
# this is required for typing in LUKS passwords on boot too. # this is required for typing in LUKS passwords on boot too.
kernelParams = [ "console=tty" ]; kernelParams = ["console=tty"];
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
"ata_piix" kernelModules = ["nvme" "virtio_gpu"];
"uhci_hcd"
"xen_blkfront"
];
kernelModules = [
"nvme"
"virtio_gpu"
];
}; };
}; };