sorceress
/
nix-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sorceress:5d558c80f4c69fe5f019df684e7141ccca7ca7a1
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes
...
compare: sorceress:3c29f101ab848b82c5bd5ca7721cb1c2cba1ed9a
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes

8 Commits
5d558c80f4 ... 3c29f101ab

Author SHA1 Message Date
Agatha Lovelace 3c29f101ab
WIP 2024-09-05 18:32:25 +02:00
Agatha Lovelace 1457e0e883
Init Watchtower 2024-09-05 18:32:25 +02:00
Agatha Lovelace 4111ad2afa
The Mastodon Update Torment Nexus 2024-09-05 18:32:25 +02:00
Agatha Lovelace cf01c7cfbe
Deploy Hedgedoc 2024-09-05 18:32:25 +02:00
Agatha Lovelace 260898d505
NixOS 24.05 2024-09-05 18:32:25 +02:00
Agatha Lovelace 7c53de5379
Update Iosevka patches 2024-09-05 17:48:37 +02:00
Agatha Lovelace 6a83da0cc4
Update SSH hosts 2024-09-05 17:47:50 +02:00
Agatha Lovelace 92c94a283c
Spotify has been banished, never to be seen again 2024-06-21 14:15:32 +02:00
28 changed files with 365 additions and 204 deletions
Show Stats Expand all files Collapse all files

6
README.md
View File

@ -39,8 +39,6 @@ Ritual/Tears:
- Telegram Desktop
- Geary
- Obsidian
- Spicetify
- Copy plugins/themes/patches
### Rsyncd Modules
Modded minecraft instance rsync modules can be accessed through `mc-[modpack]@bloodletting::mc-[modpack]` with `--rsh=ssh`
@ -49,7 +47,3 @@ Modded minecraft instance rsync modules can be accessed through `mc-[modpack]@bl
```sh
cd common/pkgs/mastodon && ./update.sh --owner AgathaSorceress --rev <commit hash>
```
## Reference configs used
- https://github.com/Xe/nixos-configs
- https://git.nora.codes/nora/nixconfig

3
common/default.nix
View File

@ -3,9 +3,6 @@
## Optimizations
# Clean /tmp
boot.tmp.cleanOnBoot = true;
# Link identical files
nix.settings.auto-optimise-store = true;

2
common/fragments/graphical/bspwm.nix
View File

@ -15,7 +15,7 @@
"element-desktop"
"dino"
"telegram-desktop"
"spotify"
"cider"
"geary"
"bspm -d"
];

13
common/fragments/graphical/default.nix
View File

@ -13,7 +13,6 @@
./picom.nix
./polybar.nix
./rofi.nix
./spotify.nix
./syncthing.nix
./theme.nix
./url-eater.nix
@ -23,8 +22,8 @@
(final: prev: {
pads = final.callPackage ../../../common/pkgs/pads.nix { };
bspm = final.callPackage ../../../common/pkgs/bspm.nix { };
polybar-spotify =
final.callPackage ../../../common/pkgs/polybar-spotify.nix { };
polybar-scripts =
final.callPackage ../../../common/pkgs/polybar-scripts.nix { };
})
];
@ -35,6 +34,7 @@
brightnessctl
broot
bspm
cider
colmena
darktable
dino
@ -64,7 +64,7 @@
obs-studio
obsidian
pfetch
polybar-spotify
polybar-scripts
pridefetch
prismlauncher
rink
@ -178,6 +178,11 @@
match = ''originalhost ritual exec "ip r | rg 10.21.0.0/16"'';
hostname = "10.21.221.60";
};
"watchtower" = {
match = ''originalhost watchtower exec "ip r | rg 10.21.0.0/16"'';
hostname = "10.21.220.205";
};
};
xdg.desktopEntries.element-work = {

18
common/fragments/graphical/iosevka.nix
View File

@ -7,19 +7,19 @@
buildPhase = ''
export HOME=$TMPDIR
runHook preBuild
npm run build --no-update-notifier -- --jCmd=$NIX_BUILD_CORES --verbose=9 ttf::$pname 2>/dev/null
npm run build --no-update-notifier --targets ttf::$pname -- --jCmd=$NIX_BUILD_CORES --verbose=9 2>/dev/null
runHook postBuild
'';
})).override {
privateBuildPlan = ''
[buildPlans.iosevka-gothic]
[buildPlans.IosevkaGothic]
family = "Iosevka Gothic"
spacing = "normal"
serifs = "slab"
no-cv-ss = true
export-glyph-names = true
noCvSs = true
exportGlyphNames = true
[buildPlans.iosevka-gothic.variants.design]
[buildPlans.IosevkaGothic.variants.design]
capital-a = "straight-base-serifed"
capital-b = "standard-bilateral-serifed"
capital-h = "serifed"
@ -33,7 +33,7 @@
eszet = "sulzbacher-descending-serifless"
lower-mu = "tailed-serifed"
lower-xi = "flat-top"
three = "flat-top"
three = "flat-top-serifless"
six = "straight-bar"
asterisk = "turn-penta-high"
pilcrow = "high"
@ -47,13 +47,13 @@
ascii-single-quote = "raised-comma"
ascii-grave = "straight"
[buildPlans.iosevka-gothic.variants.italic]
[buildPlans.IosevkaGothic.variants.italic]
capital-z = "cursive-with-horizontal-crossbar"
[buildPlans.iosevka-gothic.ligations]
[buildPlans.IosevkaGothic.ligations]
inherits = "haskell"
'';
set = "gothic";
set = "Gothic";
};
})
];

2
common/fragments/graphical/mail.nix
View File

@ -9,5 +9,5 @@
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
};
users.users.agatha.packages = [ pkgs.unstable.protonmail-bridge-gui ];
users.users.agatha.packages = [ pkgs.protonmail-bridge-gui ];
}

12
common/fragments/graphical/polybar.nix
View File

@ -78,7 +78,7 @@
modules = {
left = "bspwm";
center = "date";
right = "spotify wireguard notification-status";
right = "mpris wireguard notification-status";
};
wm-restack = "bspwm";
@ -326,15 +326,13 @@
format-prefix = " ";
};
"module/spotify" = {
"module/mpris" = {
type = "custom/script";
interval = 1;
tail = true;
exec =
"${pkgs.polybar-spotify}/bin/polybar-spotify -f '{artist}: {song}'";
format-prefix = " ";
format = "<label>";
"${pkgs.polybar-scripts}/bin/player-mpris-tail/player-mpris-tail.py -f ' {artist}: {:t64:{title}:}' -w mpv -w cider";
click-left =
"${pkgs.playerctl}/bin/playerctl --player=spotify play-pause";
"${pkgs.playerctl}/bin/playerctl --player=cider play-pause";
};
};
};

9
common/fragments/graphical/spotify.nix
View File

@ -1,9 +0,0 @@
{ pkgs, ... }: {
programs.spicetify = with pkgs.spicetify-pkgs; {
enable = true;
spicetifyPackage = pkgs.unstable.spicetify-cli;
enabledExtensions = with extensions; [ shuffle ];
enabledCustomApps = with apps; [ marketplace lyrics-plus ];
};
}

11
common/fragments/hedgedoc.nix Normal file
View File

@ -0,0 +1,11 @@
{
services.hedgedoc = {
enable = true;
settings = {
domain = "hedgedoc.technogothic.net";
protocolUseSSL = true;
allowOrigin = [ "localhost" "hedgedoc.technogothic.net" ];
allowEmailRegister = false;
};
};
}

44
common/fragments/home-assistant.nix Normal file
View File

@ -0,0 +1,44 @@
{
networking.firewall.allowedTCPPorts = [ 8123 1883 1884 ];
networking.firewall.allowedTCPPortRanges = [{
from = 21063;
to = 21070;
}];
networking.firewall.allowedUDPPorts = [ 53 67 5353 ];
virtualisation.oci-containers.containers = {
"home-assistant" = {
image = "ghcr.io/home-assistant/home-assistant:stable";
autoStart = true;
volumes = [
"/var/lib/hass:/config"
"/etc/localtime:/etc/localtime:ro"
"/run/dbus:/run/dbus:ro"
];
extraOptions = [ "--network=host" ];
};
};
services.mosquitto = {
enable = true;
listeners = [{
users.root = {
acl = [ "readwrite #" ];
hashedPassword =
"$7$101$GLzV4JTDU6Z9vHYl$GqkS+LOdufO3Znt/3M+4y0u8I3Yyv+3J/8SpsVTpKZMexNciPDhV3K67ZX6++yD75e4Eo4gJCYYhJ/JFt2o2nw==";
};
}];
};
services.create_ap = {
enable = true;
settings = {
WIFI_IFACE = "wlp2s0";
SHARE_METHOD = "none";
SSID = "Agatha-Isolated-Network";
# TODO: Replace placeholder password after switching to sops-nix
PASSPHRASE = "nCvKNgRH5L5DFBR4JULP3GHbDuk9XLfT";
};
};
networking.networkmanager.unmanaged = [ "wlp2s0" ];
}

10
common/fragments/sponsorblock.nix Normal file
View File

@ -0,0 +1,10 @@
{
virtualisation.oci-containers.containers = {
"isponsorblocktv" = {
image = "ghcr.io/dmunozv04/isponsorblocktv";
autoStart = true;
volumes = [ "/var/lib/sponsorblock:/app/data" ];
extraOptions = [ "--network=host" ];
};
};
}

2
common/fragments/yubikey.nix
View File

@ -4,7 +4,7 @@
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "gnome3";
pinentryPackage = pkgs.pinentry-gnome3;
enableExtraSocket = true;
};

4
common/linux-specific.nix Normal file
View File

@ -0,0 +1,4 @@
{
# Clean /tmp
boot.tmp.cleanOnBoot = true;
}

18
common/pkgs/mastodon/source.nix
View File

@ -1,5 +1,6 @@
# This file was generated by pkgs.mastodon.updateScript.
{ fetchFromGitHub, applyPatches, patches ? [ ] }:
{ lib, fetchFromGitHub, applyPatches, postPatch ? "", patches ? [ ], gawk
, gnused, yarn-berry }:
let version = "f571dbe35dbc4876f9ca76b3f6d459839c67a2ef";
in (applyPatches {
src = fetchFromGitHub {
@ -8,8 +9,19 @@ in (applyPatches {
rev = "${version}";
sha256 = "3ZJMiciV0muv5j468hEKJUZGDhKcNCJnDFn6ZqKM1F4=";
};
patches = patches ++ [ ./yarn-typescript.patch ];
inherit patches;
nativeBuildInputs = [ gawk gnused ];
postPatch = postPatch
+ lib.optionalString (lib.versionAtLeast yarn-berry.version "4.1.0") ''
# this is for yarn starting with 4.1.0 because fuck everything amirite
# see also https://github.com/yarnpkg/berry/pull/6083
echo "patching cachekey in yarn.lock"
cacheKey="$(awk -e '/cacheKey:/ {print $2}' yarn.lock)"
sed -i -Ee 's|^ checksum: ([^/]*)$| checksum: '$cacheKey'/\1|g;' yarn.lock
'';
}) // {
inherit version;
yarnHash = "sha256-qE1TBqa3BSEu1MC3Qw/k3h7QEicWd3AwJdA+U1v8924=";
yarnHash = "sha256-wdEunwUsV/IaJvNq+YIqRXNKLBrqPeeL5Ig+33dT/AY=";
}

13
common/pkgs/mastodon/update.sh
View File

@ -66,7 +66,7 @@ trap cleanup EXIT
echo "Fetching source code $REVISION"
JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
HASH=$(echo "$JSON" | jq -r .hash)
HASH=$(echo "$JSON" | jq -r .sha256)
cat > source.nix << EOF
# This file was generated by pkgs.mastodon.updateScript.
@ -80,7 +80,7 @@ in
owner = "$OWNER";
repo = "$REPO";
rev = "\${version}";
hash = "$HASH";
sha256 = "$HASH";
};
patches = patches ++ [$PATCHES];
}) // {
@ -94,7 +94,8 @@ echo "Creating gemset.nix"
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
echo "" >> gemset.nix # Create trailing newline to please EditorConfig checks
echo "Creating yarn-hash.nix"
YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")"
YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix
# echo "Creating yarn-hash.nix"
# YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")"
# YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
# sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix
sed -i -Ee "s|^( *yarnHash = )\".*\";|\\1\"\";|g;" ./source.nix

15
common/pkgs/mastodon/yarn-typescript.patch
View File

@ -1,15 +0,0 @@
--- a/yarn.lock
+++ b/yarn.lock
@@ -16483,11 +16483,11 @@
"typescript@patch:typescript@npm%3A5#optional!builtin<compat/typescript>, typescript@patch:typescript@npm%3A^5.0.4#optional!builtin<compat/typescript>":
version: 5.3.3
- resolution: "typescript@patch:typescript@npm%3A5.3.3#optional!builtin<compat/typescript>::version=5.3.3&hash=e012d7"
+ resolution: "typescript@patch:typescript@npm%3A5.3.3#optional!builtin<compat/typescript>::version=5.3.3&hash=29ae49"
bin:
tsc: bin/tsc
tsserver: bin/tsserver
- checksum: 1d0a5f4ce496c42caa9a30e659c467c5686eae15d54b027ee7866744952547f1be1262f2d40de911618c242b510029d51d43ff605dba8fb740ec85ca2d3f9500
+ checksum: e22df47df9b2b2f2617b8bf511a29aea3d177f9f7a0756818230a76b01cbd7da988bf55f9463aaa1a4c1ff90b80f8dc5676460d4e9dfc010572cbba59b822b0c
languageName: node
linkType: hard

9
common/pkgs/mastodon/yarn.nix
View File

@ -20,7 +20,14 @@ stdenvNoCC.mkDerivation {
export YARN_COMPRESSION_LEVEL=0
cache="$(yarn config get cacheFolder)"
yarn install --immutable --mode skip-build
if ! yarn install --immutable --mode skip-build; then
cp yarn.lock yarn.lock.bak
yarn install --mode skip-build
diff -u yarn.lock.bak yarn.lock
echo "yarn build failed! diff generated as yarn.lock.diff"
pwd
exit 1
fi
cp -r $cache/* $out/
'';

26
common/pkgs/polybar-scripts.nix Normal file
View File

@ -0,0 +1,26 @@
{ pkgs }:
pkgs.stdenv.mkDerivation rec {
pname = "polybar-scripts";
version = "8a6a2c7fc6beb281515f81ccf5b9fafc830a3230";
src = pkgs.fetchFromGitHub {
owner = "polybar";
repo = pname;
rev = version;
sha256 = "sha256-4f12SSidJGElPbHs94WyoKj9kJH4dWsZSqMGOyzSJII=";
};
nativeBuildInputs = with pkgs; [ gobject-introspection wrapGAppsHook3 ];
propagatedBuildInputs = with pkgs; [
(python39.withPackages (pyPkgs: with pyPkgs; [ dbus-python pygobject3 ]))
glib
];
installPhase = ''
mkdir -p $out/bin
find . -type f ! -name "*.py" ! -name "*.sh" -exec rm {} \;
cp -r polybar-scripts/* $out/bin/
chmod -R +x $out/bin
'';
}

19
common/pkgs/polybar-spotify.nix
View File

@ -1,19 +0,0 @@
{ pkgs }:
pkgs.stdenv.mkDerivation rec {
pname = "polybar-spotify";
version = "5edc2e598cf0ec5c54860c28db870af998271666";
src = pkgs.fetchFromGitHub {
owner = "Jvanrhijn";
repo = pname;
rev = version;
sha256 = "sha256-JPoigtxBYnFqi+8erhTcJlGN53VtS6z9mqNajQM0Xsk=";
};
propagatedBuildInputs = [
(pkgs.python39.withPackages (pyPkgs: [ pyPkgs.dbus-python ]))
pkgs.playerctl
];
installPhase = "install -Dm755 ./spotify_status.py $out/bin/polybar-spotify";
}

133
flake.lock
View File

@ -167,24 +167,6 @@
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"frq-friend": {
"inputs": {
"naersk": "naersk_2",
@ -217,11 +199,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1714732742,
"narHash": "sha256-tvZiMfL0TEiZGe5lOAk0Qrmsigc5UNRDootbEGUV58o=",
"lastModified": 1719881815,
"narHash": "sha256-+Vh7r/dOlEphIV5zOIKKYTNMc083lLbQcUVsiyuiiws=",
"owner": "helix-editor",
"repo": "helix",
"rev": "7e13213e7430c95cbad210994cecbfadc52c0714",
"rev": "3524060ee83b23c2b741a41f57d6ecc06e3fd871",
"type": "github"
},
"original": {
@ -237,16 +219,16 @@
]
},
"locked": {
"lastModified": 1714043624,
"narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=",
"lastModified": 1719827385,
"narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411",
"rev": "391ca6e950c2525b4f853cbe29922452c14eda82",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
@ -411,6 +393,26 @@
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
]
},
"locked": {
"lastModified": 1724219898,
"narHash": "sha256-7PwlnEQDIbww8+nk0CHLeYTYMA23F/CkynHsX7Mxk+s=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "d6703b988728b89456b32bac242c8689902e5a5b",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1696234590,
@ -425,6 +427,22 @@
"type": "indirect"
}
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1724196396,
"narHash": "sha256-4GoGPErR0RM5r5x+LMnzZvxTdn11lCRO+z8wP3K3PyU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1c5f849214c6c03c47e684622306aad181c107a4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-24.05-darwin",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
@ -443,11 +461,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1714656196,
"narHash": "sha256-kjQkA98lMcsom6Gbhw8SYzmwrSo+2nruiTcTZp5jK7o=",
"lastModified": 1719826879,
"narHash": "sha256-xs7PlULe8O1SAcs/9e/HOjeUjBrU5FNtkAF/bSEcFto=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "94035b482d181af0a0f8f77823a790b256b7c3cc",
"rev": "b9014df496d5b68bf7c0145d0e9b0f529ce4f2a8",
"type": "github"
},
"original": {
@ -502,16 +520,16 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1714531828,
"narHash": "sha256-ILsf3bdY/hNNI/Hu5bSt2/KbmHaAVhBbNUOdGztTHEg=",
"lastModified": 1719838683,
"narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0638fe2715d998fa81d173aad264eb671ce2ebc1",
"rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.11",
"ref": "nixos-24.05",
"type": "indirect"
}
},
@ -541,9 +559,10 @@
"home-manager": "home-manager",
"matrix-ril100": "matrix-ril100",
"mms": "mms",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_5",
"nixpkgs-darwin": "nixpkgs-darwin",
"nixpkgs-unstable": "nixpkgs-unstable",
"spicetify-nix": "spicetify-nix",
"url-eater": "url-eater",
"vampysite": "vampysite"
}
@ -573,27 +592,6 @@
"type": "github"
}
},
"spicetify-nix": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1704167711,
"narHash": "sha256-kFDq+kf/Di/P8bq5sUP8pVwRkrSVrABksBjMPmLic3s=",
"owner": "the-argus",
"repo": "spicetify-nix",
"rev": "1325416f951d6a82cfddb1289864ad782e2b87c4",
"type": "github"
},
"original": {
"owner": "the-argus",
"repo": "spicetify-nix",
"type": "github"
}
},
"stable": {
"locked": {
"lastModified": 1669735802,
@ -715,21 +713,6 @@
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"url-eater": {
"inputs": {
"naersk": "naersk_4",
@ -826,7 +809,7 @@
},
"utils_5": {
"inputs": {
"systems": "systems_7"
"systems": "systems_6"
},
"locked": {
"lastModified": 1701680307,
@ -844,7 +827,7 @@
},
"utils_6": {
"inputs": {
"systems": "systems_8"
"systems": "systems_7"
},
"locked": {
"lastModified": 1681202837,
@ -866,11 +849,11 @@
"utils": "utils_6"
},
"locked": {
"lastModified": 1704387018,
"narHash": "sha256-ng+S3lDHgAu0FApVV74omIkYOQft1Vgh2rHpYxnhV6A=",
"lastModified": 1717180338,
"narHash": "sha256-g2ZNMpqJ4IARjXY8FX4UUfF4p9Unc01w8RzFYEONXlE=",
"ref": "refs/heads/mistress",
"rev": "bd6a6777ad2faf3779caaeb359354dff047066a4",
"revCount": 20,
"rev": "1adcc3630a6c626f61dac989fffd661dbb4946ef",
"revCount": 21,
"type": "git",
"url": "https://git.lain.faith/sorceress/vampysite"
},

42
flake.nix
View File

@ -1,15 +1,21 @@
{
inputs = {
nixpkgs.url = "nixpkgs/nixos-23.11";
nixpkgs.url = "nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-24.05-darwin";
vampysite.url = "git+https://git.lain.faith/sorceress/vampysite";
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-darwin = {
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
mms = {
url = "github:mkaito/nixos-modded-minecraft-servers";
inputs.nixpkgs.follows = "nixpkgs";
@ -41,11 +47,6 @@
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
spicetify-nix = {
url = "github:the-argus/spicetify-nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
helix = {
url = "github:helix-editor/helix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
@ -56,19 +57,19 @@
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
outputs = { nixpkgs, nixpkgs-unstable, home-manager, mms, helix, url-eater
, colorpickle, matrix-ril100, frq-friend, colmena, vampysite, spicetify-nix
outputs = { nixpkgs, nixpkgs-unstable, home-manager, nix-darwin, mms, helix
, url-eater, colorpickle, matrix-ril100, frq-friend, colmena, vampysite
, ccase, ... }: {
colmena = let
mkDesktop = hostname: {
imports = [
./common
./common/linux-specific.nix
./hosts/${hostname}/configuration.nix
./common/options.nix
(import "${home-manager}/nixos")
url-eater.nixosModules.default
colorpickle.nixosModules.default
spicetify-nix.nixosModule
];
deployment = {
@ -112,7 +113,6 @@
colorpickle = colorpickle.packages.${final.system}.default;
frq-friend = frq-friend.packages.${final.system}.default;
vampysite = vampysite.packages.${final.system}.default;
spicetify-pkgs = spicetify-nix.packages.${final.system}.default;
matrix-ril100 = matrix-ril100.packages.${final.system}.default;
ccase = ccase.packages.${final.system}.default;
@ -127,6 +127,7 @@
bloodletting = {
imports = [
./common
./common/linux-specific.nix
./hosts/bloodletting/configuration.nix
(import "${home-manager}/nixos")
mms.module
@ -164,9 +165,28 @@
};
};
watchtower = {
imports = [
./common
./common/linux-specific.nix
./hosts/watchtower/configuration.nix
(import "${home-manager}/nixos")
];
deployment = {
targetUser = "root";
targetHost = "watchtower";
tags = [ "prod" ];
};
};
ritual = mkDesktop "ritual";
tears = mkDesktop "tears";
};
darwinConfigurations."Agathas-Mac-mini" = nix-darwin.lib.darwinSystem {
modules = [ ./common ./hosts/Agathas-Mac-mini/configuration.nix ];
};
devShells."x86_64-linux".default =
let pkgs = import nixpkgs { system = "x86_64-linux"; };
in pkgs.mkShell {

1
hosts/Agathas-Mac-mini/configuration.nix Normal file
View File

@ -0,0 +1 @@
{ nixpkgs.hostPlatform = "aarch64-darwin"; }

13
hosts/bloodletting/configuration.nix
View File

@ -6,6 +6,7 @@
../../common/fragments/fail2ban.nix
../../common/fragments/frq-friend.nix
../../common/fragments/grafana.nix
../../common/fragments/hedgedoc.nix
../../common/fragments/mastodon-ebooks.nix
../../common/fragments/mastodon.nix
../../common/fragments/matrix-ril100.nix
@ -212,6 +213,18 @@
extraConfig = "client_max_body_size 64M;";
};
virtualHosts."hedgedoc.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/".proxyPass = "http://localhost:3000";
locations."/socket.io/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
};
};
# This value determines the NixOS release from which the default

2
hosts/ritual/configuration.nix
View File

@ -40,7 +40,7 @@
"Element".desktop = "II";
"TelegramDesktop".desktop = "III";
"dino".desktop = "III";
"Spotify".desktop = "IV";
"Cider".desktop = "IV";
"Geary".desktop = "V";
"firefox" = {
desktop = "I";

2
hosts/tears/configuration.nix
View File

@ -42,7 +42,7 @@
"Element".desktop = "I";
"TelegramDesktop".desktop = "II";
"dino".desktop = "II";
"Spotify".desktop = "III";
"Cider".desktop = "III";
"Geary".desktop = "IV";
"firefox" = {
desktop = "VI";

55
hosts/tears/hardware-configuration.nix
View File

@ -66,35 +66,28 @@
};
# Creating separate mono sources for Tascam US-4x4HR
environment.etc."pipewire/pipewire.conf.d/91-us-4x4hr.conf".text = let
name = "US-4x4HR";
target = "alsa_input.usb-TASCAM_US-4x4HR_no_serial_number-00.pro-input-0";
input = ch: ''
{
name = libpipewire-module-loopback
args = {
node.description = "${name} Input ${toString ch} Mono"
capture.props = {
node.name = "capture.${name}_ch${toString ch}"
audio.position = [ AUX${toString ch} ]
stream.dont-remix = true
target.object = "${target}"
node.passive = true
}
playback.props = {
node.name = "${name}_ch${toString ch}"
media.class = "Audio/Source"
audio.position = [ MONO ]
}
}
}
'';
in ''
context.modules = [
${input 0}
${input 1}
${input 2}
${input 3}
]
'';
services.pipewire.extraConfig.pipewire."91-us-4x4hr" = {
"context.modules" = let
name = "US-4x4HR";
target = "alsa_input.usb-TASCAM_US-4x4HR_no_serial_number-00.pro-input-0";
input = ch: {
"name" = "libpipewire-module-loopback";
"args" = {
"node.description" = "${name} Input ${toString ch} Mono";
"capture.props" = {
"node.name" = "capture.${name}_ch${toString ch}";
"audio.position" = [ "AUX${toString ch}" ];
"stream.dont-remix" = true;
"target.object" = target;
"node.passive" = true;
};
"playback.props" = {
"node.name" = "${name}_ch${toString ch}";
"media.class" = "Audio/Source";
"audio.position" = [ "MONO" ];
};
};
};
in [ (input 0) (input 1) (input 2) (input 3) ];
};
}

45
hosts/watchtower/configuration.nix Normal file
View File

@ -0,0 +1,45 @@
{
imports = [
./hardware-configuration.nix
../../common/users/julia.nix
../../common/home_manager/common.nix
../../common/fragments/home-assistant.nix
../../common/fragments/sponsorblock.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices."luks-081780bd-f005-4394-bbf2-3e5d9aab3c7d".device =
"/dev/disk/by-uuid/081780bd-f005-4394-bbf2-3e5d9aab3c7d";
networking.hostName = "watchtower";
# Enable networking
networking.networkmanager.enable = true;
# Open ports in the firewall.
networking.firewall = {
allowedTCPPorts = [ 22 80 443 ];
trustedInterfaces = [ "podman0" ];
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = { backend = "podman"; };
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}

40
hosts/watchtower/hardware-configuration.nix Normal file
View File

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eba0bc60-b96f-4b28-9447-f36209410ba3";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d".device =
"/dev/disk/by-uuid/9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D95C-66EE";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/8a64d656-8ba2-4c11-87bf-858e1ca3ec7e"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}