sorceress
/
nix-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: sorceress:lappytappy
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes
...
pull from: sorceress:mistress
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes

109 Commits
lappytappy ... mistress

Author SHA1 Message Date
Agatha Lovelace efa8532935
ritual: Nix-darwin hackintosh init 2024-11-29 17:07:02 +01:00
Agatha Lovelace e60bbd7f41
car_video.mp4 2024-11-22 17:33:30 +01:00
Agatha Lovelace 957a138ef6
Set up Transmission + Jellyfin 2024-11-22 17:33:01 +01:00
Agatha Lovelace 6318113c76
Configure Windows VM 2024-11-22 17:31:21 +01:00
Agatha Lovelace b108f84b8b
Configure Headscale 2024-11-22 17:30:26 +01:00
Agatha Lovelace 9300a07f5b
Set up Nix build server 2024-11-22 17:28:12 +01:00
Agatha Lovelace d1d94f9c24
Configure EarlyOOM 2024-11-22 17:26:56 +01:00
Agatha Lovelace b30f9a4f46
Cleanup / reformat 2024-11-22 17:26:16 +01:00
Agatha Lovelace 0d1378aa0d
:c 2024-11-22 17:01:30 +01:00
Agatha Lovelace 518c89795b
Nix-darwin + Lix init 2024-09-05 19:55:42 +02:00
Agatha Lovelace 3ede14dc65
Init Watchtower 2024-09-05 19:31:28 +02:00
Agatha Lovelace 1a94f63496
The Mastodon Update Torment Nexus 2024-09-05 19:31:27 +02:00
Agatha Lovelace 63ec6c841c
Deploy Hedgedoc 2024-09-05 19:31:27 +02:00
Agatha Lovelace a1c618448b
NixOS 24.05 2024-09-05 19:31:27 +02:00
Agatha Lovelace 7c53de5379
Update Iosevka patches 2024-09-05 17:48:37 +02:00
Agatha Lovelace 6a83da0cc4
Update SSH hosts 2024-09-05 17:47:50 +02:00
Agatha Lovelace 92c94a283c
Spotify has been banished, never to be seen again 2024-06-21 14:15:32 +02:00
Agatha Lovelace 5d558c80f4
Update README 2024-05-22 02:11:27 +02:00
Agatha Lovelace 5c1a303d77
Add minecraft server status bot 2024-05-22 02:11:16 +02:00
Agatha Lovelace 9eca58e0a4
Migrate to Hurricane Electric DNS 2024-05-22 02:10:22 +02:00
Agatha Lovelace 735fe81b03
Misc tweaks 2024-05-22 02:08:36 +02:00
Agatha Lovelace f8db5d7e9a
XMPP setup 2024-05-22 02:06:22 +02:00
Agatha Lovelace 46b52f7aaf
Migrate to Protonmail 2024-05-22 02:03:39 +02:00
Agatha Lovelace efaa8c62a4
Remove unused homepage 2024-05-22 02:01:35 +02:00
Agatha Lovelace 01c61c7495
Properly add various tools from shell history 2024-03-12 22:27:36 +01:00
Agatha Lovelace dffabfdcaf
Configure SQLite 2024-02-26 19:09:33 +01:00
Agatha Lovelace 10f6f26629
Yet another mastodon security vulnerability 2024-02-26 19:08:26 +01:00
Agatha Lovelace 3e90c4f912
Update mastodon 2024-02-15 14:49:11 +01:00
Agatha Lovelace dae93e29c3
Change colorscheme on ritual 2024-02-15 14:48:39 +01:00
Agatha Lovelace ff11eaead4
Update mastodon to 4.3.0 
Yarn v2 hacks mostly stolen from d7eb0c761a
 2024-01-30 23:20:45 +01:00
Agatha Lovelace c0f6d1ea7e
Use zdiff3 in git 2024-01-30 23:17:16 +01:00
Agatha Lovelace 264896aba7
Update and cleanup 2024-01-30 23:16:56 +01:00
Agatha Lovelace c2a3667552
Use systemd initrd 2024-01-24 11:25:28 +01:00
Agatha Lovelace 4598d10b2e
Switch to new audio interface 2023-12-21 22:42:29 +01:00
Agatha Lovelace 3c4a6243a3
Configure clipcat; disable middle-click paste (ish) 2023-12-21 22:20:25 +01:00
Agatha Lovelace c60b412005
Shell config refactor 2023-12-17 21:08:04 +01:00
Agatha Lovelace 7cfb7d1f49
Remove font directory symlink (no longer needed) 2023-12-17 21:07:43 +01:00
Agatha Lovelace 75a127439e
Add various tools 2023-12-17 21:07:01 +01:00
Agatha Lovelace ace8da10b4
Refactor sshd config 2023-12-17 21:06:27 +01:00
Agatha Lovelace 8ece8f92e6
Update to NixOS 23.11 2023-12-17 21:05:44 +01:00
Agatha Lovelace 6e9f48d663
Add helvetica to installed fonts 2023-12-01 15:57:40 +01:00
Agatha Lovelace 3a3c58719e
Update ssh config 2023-12-01 15:56:09 +01:00
Agatha Lovelace aa40311313
Add git delta 2023-11-09 20:08:08 +01:00
Agatha Lovelace 5697a00b60
Update gtk theme 2023-11-09 20:07:58 +01:00
Agatha Lovelace 1cb1781b76
Remove restic package override 2023-11-09 20:07:44 +01:00
Agatha Lovelace 1babb57af0
Electron 24 is gone 🦀 2023-11-09 20:07:06 +01:00
Agatha Lovelace e08b57898a
Visual tweaks 2023-10-25 13:34:55 +02:00
Agatha Lovelace a9f551821f
Fix lockscreen 2023-10-22 16:07:34 +02:00
Agatha Lovelace c9a4e46f04
Paramount theme for pastebin 2023-10-22 13:15:24 +02:00
Agatha Lovelace 61c970c0bf
Enable syncthing on all graphical devices 2023-10-22 13:14:41 +02:00
Agatha Lovelace 5fc359128c
Fix lockscreen update script 2023-10-06 22:12:22 +02:00
Agatha Lovelace 883cc17050
Add restic 2023-10-04 14:58:29 +02:00
Agatha Lovelace abd6a31c90
Add syncthing 2023-10-04 14:57:52 +02:00
Agatha Lovelace 156ab1c904
Add per-host themes; Update lockscreen config; Refactor module structure 2023-10-04 14:56:46 +02:00
Agatha Lovelace 0d320cd733
Audio config refactor 2023-09-29 15:11:40 +02:00
Agatha Lovelace 6288e8414d
Add ccase and imagemagick 2023-09-29 15:04:31 +02:00
Agatha Lovelace 06bad193c3
Move text editor variable to editor config 2023-09-29 15:03:50 +02:00
Agatha Lovelace a95bfc857b
Update mastodon to v4.2.0 2023-09-25 16:24:06 +02:00
Agatha Lovelace 3d8effeb9d
Add rsync alias 2023-09-25 16:22:39 +02:00
Agatha Lovelace 58225b7574
Add desktop; various fixes 2023-09-17 18:57:46 +02:00
Agatha Lovelace 9ed706f2a1
Add desktop entry for work Element profile 2023-09-14 16:25:34 +02:00
Agatha Lovelace e253d5d0ac
Fix terminal build output for iosevka 2023-09-14 15:29:30 +02:00
Agatha Lovelace 818ae4fef1
Update bin 2023-09-14 15:29:08 +02:00
Agatha Lovelace 0734493273
Disable avahi daemon 2023-09-07 22:26:10 +02:00
Agatha Lovelace 4a520dfa0c
New uplink / ipv6 support 2023-08-14 14:05:13 +02:00
Agatha Lovelace c005b5b65c
Port fish config 2023-07-28 21:28:23 +02:00
Agatha Lovelace 276c08529a
Disable laptop sleep when lid closed and connected to power 2023-07-27 20:37:12 +02:00
Agatha Lovelace 6f1ac14852
Fix printer drivers; enable gpg agent forwarding 2023-07-27 20:15:18 +02:00
Agatha Lovelace 1c843a907f
Update mastodon 2023-07-27 20:14:07 +02:00
Agatha Lovelace d5e338e099
Configure brightness controls 2023-07-07 16:09:23 +02:00
Agatha Lovelace 4a66006d75
Add Matrix RIL100 Lookup Bot 2023-07-07 16:08:54 +02:00
Agatha Lovelace 29f4ff1d92
Add ssh client config; configure redshift; fix theme errors 2023-07-07 16:07:16 +02:00
Agatha Lovelace 164e7eb377
Package polybar-spotify 2023-07-07 16:07:13 +02:00
Agatha Lovelace b366ed8df4
Update mastodon 2023-06-28 19:30:44 +02:00
Agatha Lovelace f91944e302
Fix monocle layout transparency 2023-06-20 17:19:03 +02:00
Agatha Lovelace 9203bef1ba
Re-add output switcher 2023-06-19 20:25:08 +02:00
Agatha Lovelace a2185ada67
Colorscheme and wallpaper config improvements 2023-06-19 19:16:14 +02:00
Agatha Lovelace c3cdc74c8a
Add easyeffects config 2023-06-18 13:44:17 +02:00
Agatha Lovelace 958bf4adfd
Enable ntfs support on ritual 2023-06-18 12:35:17 +02:00
Agatha Lovelace 94a767c87b
Spotify config refactor 2023-06-18 12:34:55 +02:00
Agatha Lovelace 82ecf9854e
Fix element-desktop config 2023-06-18 12:32:16 +02:00
Agatha Lovelace c48a30d66a
Add process exporter 2023-06-11 22:28:27 +02:00
Agatha Lovelace 3e9811007b
NixOS 23.05 update 2023-06-01 19:07:54 +02:00
Agatha Lovelace 43187f6de9
Add git unstage alias 2023-05-21 12:23:14 +02:00
Agatha Lovelace 65ce9b6b49
Temporarily disable nginx-deny fail2ban jail 2023-05-19 17:10:34 +02:00
Agatha Lovelace 5299894bc7
Update mastodon & homepage 2023-05-19 17:10:06 +02:00
Agatha Lovelace 0dc71ad1cf
Add elasticsearch; update flake 2023-05-03 13:47:01 +02:00
Agatha Lovelace ffd84f6f2a
Add Enigmatica 8 2023-05-01 11:00:19 +02:00
Agatha Lovelace 987454430b
Add mastodon 2023-04-30 12:49:28 +02:00
Agatha Lovelace 1fb32cc4d3
Flakeify vampysite 2023-04-22 15:12:30 +02:00
Agatha Lovelace 8197987031
Add sha256 to vampysite tarball 2023-04-21 14:02:33 +02:00
Agatha Lovelace 13021eb2b1
Refactor colorscheme generation 2023-04-20 22:22:22 +02:00
Agatha Lovelace 4d6cca2a92
Add colmena devshell 2023-04-19 10:24:08 +02:00
Agatha Lovelace 4c2ac2539f
Use url-eater NixOS module 2023-04-15 14:09:45 +02:00
Agatha Lovelace 5f1b10119f
Configure noisetorch; enable direnv; configure firefox 2023-04-13 13:28:59 +02:00
Agatha Lovelace 83726b0897
Make bspwm monocle mode work with translucent windows 2023-04-13 13:27:55 +02:00
Agatha Lovelace b670a609e5
Add frq friend 2023-04-13 13:11:32 +02:00
Agatha Lovelace 3971fb85e3
Add polybar config change reloading 2023-04-11 19:50:28 +02:00
Agatha Lovelace 80c4b2247d
Let julia deploy as root 2023-04-11 19:50:02 +02:00
Agatha Lovelace 84191c1a37
Better colorscheme generation 2023-04-11 19:49:24 +02:00
Agatha Lovelace 161c096f49
BSPWM config tweaks 2023-04-07 18:21:43 +02:00
Agatha Lovelace da9a10cfbb
Add rofi configuration 2023-04-07 18:21:26 +02:00
Agatha Lovelace 04bc412d09
Add URL eater 2023-04-07 18:20:50 +02:00
Agatha Lovelace 545a83bd77
Add lockscreen; misc tweaks 2023-04-07 18:20:16 +02:00
Agatha Lovelace 073661cc7e
Update homepage 2023-04-05 17:38:53 +02:00
Agatha Lovelace 28c04556dd
Tweak colorscheme; add fonts 2023-04-02 12:53:12 +02:00
Agatha Lovelace e7355d37d6
Configure dunst 2023-04-02 12:52:39 +02:00
Agatha Lovelace fdb7f082d6
Polybar cleanup 2023-04-02 12:52:25 +02:00
Agatha Lovelace 9fd1ca4e5c
Fix sxhkd and polybar configs 2023-03-27 17:21:43 +02:00
63 changed files with 6642 additions and 1649 deletions
Show Stats Expand all files Collapse all files

1
.envrc Normal file
View File

@ -0,0 +1 @@
use flake

3
.gitignore vendored
View File

@ -1,2 +1,3 @@
secrets
ops/home/.gcroots
ops/home/.gcroots
.direnv

33
README.md
View File

@ -2,8 +2,10 @@
Using [colmena](https://github.com/zhaofengli/colmena)
## Hosts
- `bloodletting`: Main server
- `ritual`: NixOS laptop
- `Agathas-Mac-mini`: macOS/nix-darwin desktop
- `bloodletting`: Main server / technogothic.net
- `ritual`: macOS/nix-darwin laptop
- `watchtower`: Home server
### Manual setup on blank system/migrations
Bloodletting:
@ -15,27 +17,28 @@ Bloodletting:
- `bin_rs`
- `fail2ban`
- `grafana`
- `homepage`
- `headscale`
- `hedgedoc`
- `mastodon`
- dump and import Postgres and Redis DBs
- `matterbridge`
- `mc-e2e`
- `mc-enigmatica-8`
- `mstdn-ebooks`
- `nyandroid`
- `prometheus2`
- `prosody`
- `/home/ftp`
Ritual:
- `colmena apply[-local]` - deploy config
- `mkdir -p ~/.gnupg` - create directory for gnupg
- manual configuration/login:
- Firefox
- Copy extension data
- Element
- Telegram Desktop
- Geary
Agathas-Mac-mini/Ritual:
- `darwin-rebuild switch --flake .` - deploy config
[Last commit which includes BSPWM configs](https://git.lain.faith/sorceress/nix-infra/commit/e60bbd7f41bdb4456319637f38a25425b6f5fef7)
### Rsyncd Modules
Modded minecraft instance rsync modules can be accessed through `mc-[modpack]@bloodletting::mc-[modpack]` with `--rsh=ssh`
## Reference configs used
- https://github.com/Xe/nixos-configs
- https://git.nora.codes/nora/nixconfig
### Updating mastodon
```sh
cd common/pkgs/mastodon && ./update.sh --owner AgathaSorceress --rev <commit hash>
```

68
common/default.nix
View File

@ -1,78 +1,48 @@
{ pkgs, ... }: {
imports = [ ./users ];
{ pkgs, ... }:
{
## Optimizations
# Clean /tmp
boot.cleanTmpDir = true;
# Link identical files
nix.settings.auto-optimise-store = true;
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
nix.optimise.automatic = true;
# Garbage collection
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
## Other
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Enable fish (needed for nix completions)
programs.fish.enable = true;
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
# Set editor
environment.variables.EDITOR = "hx";
# Packages used on all systems
environment.systemPackages = with pkgs; [
ccase
comma
dogdns
du-dust
git
wget
xclip
headscale
imagemagick
jq
killall
mtr
nmap
openssl
rsync
sqlite-interactive
wget
xclip
];
# 🥺
# security.please.enable = true;
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
}

2
common/fragments/bin.nix
View File

@ -5,6 +5,6 @@
enable = true;
address = "0.0.0.0";
port = 6162;
textUploadLimit = 32;
textUploadLimit = 64;
};
}

118
common/fragments/bittorrent/default.nix Normal file
View File

@ -0,0 +1,118 @@
{
config,
pkgs,
lib,
...
}:
{
imports = [ ./netns.nix ];
system.fsPackages = with pkgs; [
gocryptfs
cifs-utils
];
systemd.mounts = [
{
after = [ "network.target" ];
what = "//library.technogothic.net/backup";
where = "/mnt/library-raw";
type = "cifs";
options = "gid=users,file_mode=0664,dir_mode=0775";
mountConfig.EnvironmentFile = "/var/lib/secrets/hetzner-env";
}
{
what = "/mnt/library-raw";
where = "/mnt/library";
type = "fuse.gocryptfs";
options = "allow_other,passfile=/var/lib/secrets/gocryptfs-pass";
wantedBy = [ "multi-user.target" ];
}
];
systemd.services."container@transmission" = {
bindsTo = [ "ve-transmission.service" ];
after = [
"ve-transmission.service"
"mnt-library.mount"
];
};
containers.transmission = {
autoStart = true;
extraFlags = [ "--network-namespace-path=/run/netns/transmission" ];
bindMounts = {
"/var/lib/transmission" = {
hostPath = "/var/lib/transmission";
isReadOnly = false;
};
"/mnt/library" = {
hostPath = "/mnt/library";
isReadOnly = false;
};
"/etc/resolv.conf" = {
hostPath = toString (pkgs.writeText "resolv.conf" "nameserver 74.82.42.42");
};
};
config = {
services.transmission = {
enable = true;
package = pkgs.transmission_4;
webHome = pkgs.flood-for-transmission;
settings = {
rpc-bind-address = "::";
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
download-dir = "/mnt/library/Downloads";
incomplete-dir = "/mnt/library/.incomplete";
watch-dir = "/mnt/library/watchdir";
};
openRPCPort = true;
openPeerPorts = true;
};
users.users.transmission.extraGroups = [ "users" ];
# https://github.com/NixOS/nixpkgs/issues/258793
systemd.services.transmission.serviceConfig = {
RootDirectoryStartOnly = lib.mkForce (lib.mkForce false);
RootDirectory = lib.mkForce (lib.mkForce "");
};
system.stateVersion = config.system.stateVersion;
};
};
# Jellyfin
services.jellyfin = {
enable = true;
openFirewall = true;
};
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
# SMB Share
services.samba = {
enable = true;
openFirewall = true;
extraConfig = ''
server string = Watchtower
guest account = nobody
map to guest = bad user
'';
shares.Library = {
path = "/mnt/library";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
};
};
}

96
common/fragments/bittorrent/netns.nix Normal file
View File

@ -0,0 +1,96 @@
{
config,
pkgs,
lib,
...
}:
# Collectivized from https://gist.github.com/c0deaddict/53aedbb69c8cbfebfec8f4428dc03102 ☭
let
veth = "ve-transmission";
hostIp = "10.0.0.1/24";
guestIp = "10.0.0.2/24";
in
{
# https://mth.st/blog/nixos-wireguard-netns/
systemd.services."netns@" = {
description = "%I network namespace";
before = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
PrivateNetwork = true;
ExecStart = "${pkgs.writers.writeDash "netns-up" ''
${pkgs.iproute}/bin/ip netns add $1
${pkgs.utillinux}/bin/umount /var/run/netns/$1
${pkgs.utillinux}/bin/mount --bind /proc/self/ns/net /var/run/netns/$1
''} %I";
ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
};
};
systemd.services."wireguard-ccvpn-fr" = {
bindsTo = [ "netns@transmission.service" ];
after = [ "netns@transmission.service" ];
};
networking.wireguard.interfaces.ccvpn-fr = {
ips = [
"10.128.4.199/32"
"fd64:e20:68a3::4c7/128"
];
privateKeyFile = "/var/lib/secrets/ccvpn-fr-key";
socketNamespace = "init";
interfaceNamespace = "transmission";
peers = [
{
publicKey = "QFbr19X11tqUZRerZgItb25FnBsNsd7NyJvAkWTRU1U=";
# Forward all traffic via VPN.
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "fr.204vpn.net:51820";
persistentKeepalive = 15;
}
];
};
# https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking#veth
systemd.services.${veth} =
let
ns = "transmission";
ipHost = "${pkgs.iproute}/bin/ip";
ipGuest = "${ipHost} netns exec ${ns} ${pkgs.iproute}/bin/ip";
in
{
description = "Veth interface for download";
bindsTo = [ "netns@${ns}.service" ];
after = [ "netns@${ns}.service" ];
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writers.writeDash "veth-up" ''
${ipHost} link add ${veth} type veth peer name veth1 netns ${ns}
${ipHost} addr add ${hostIp} dev ${veth}
${ipHost} link set dev ${veth} up
${ipGuest} addr add ${guestIp} dev veth1
${ipGuest} link set dev veth1 up
'';
ExecStop = pkgs.writers.writeDash "veth-down" ''
${ipHost} link del ${veth}
'';
};
};
networking.firewall.allowedTCPPorts = [ 9091 ];
services.nginx.enable = true;
# TODO: change when headscale updates
services.nginx.virtualHosts."watchtower.agatha.thorns.home.arpa" = {
locations."/transmission" = {
proxyPass = "http://10.0.0.2:9091/transmission";
proxyWebsockets = true;
};
};
}

2
common/fragments/fail2ban.nix
View File

@ -8,7 +8,7 @@
jails = {
nginx-deny = ''
enabled = true
enabled = false
backend = auto
logpath = /var/log/nginx/*access.log
'';

31
common/fragments/frq-friend.nix Normal file
View File

@ -0,0 +1,31 @@
{ pkgs, ... }:
let
config = pkgs.writeText "config.kdl" ''
status-text "hi there! i like to know people following me on here
- what's something you enjoy doing?
- what's your stance on the Hellfire AGM-114R9X Knife Missile?
- what's your opinion on the current \"AI revolution\"?
- have you read my bio?"
with-cw "automated follow request pm"
'';
path = "/var/lib/frq-friend";
in {
systemd.services.frq-friend = {
wantedBy = [ "multi-user.target" ];
description =
"just a friend that messages people who send you a follow request";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.frq-friend}/bin/f3";
WorkingDirectory = path;
Restart = "always";
RuntimeMaxSec = "1h";
};
preStart = ''
ln -sf ${config} ${path}/config.kdl
'';
};
}

10
common/fragments/grafana.nix
View File

@ -49,6 +49,16 @@
];
}];
}
{
job_name = "process";
static_configs = [{
targets = [
"localhost:${
toString config.services.prometheus.exporters.process.port
}"
];
}];
}
];
};
}

113
common/fragments/graphical/bspwm.nix
View File

@ -1,113 +0,0 @@
{ lib, pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
in {
home-manager.users.agatha = {
xsession.windowManager.bspwm = {
enable = true;
extraConfigEarly = lib.strings.concatStringsSep "\n" [
"xsetroot -cursor_name left_ptr"
"xinput set-prop 'SynPS/2 Synaptics TouchPad' 'Synaptics Scrolling Distance' 60 60"
];
extraConfig = lib.strings.concatStringsSep "\n"
[ "nitrogen --set-zoom-fill ${../../../external/6.png}" ];
monitors = { eDP-1 = [ "I" "II" "III" "IV" "V" "VI" "VII" "VIII" ]; };
settings = let color = n: colorscheme.colors."${builtins.toString n}";
in {
border_width = 3;
window_gap = 15;
top_padding = 45;
split_ratio = 0.5;
borderless_monocle = false;
gapless_monocle = false;
normal_border_color = color 0;
focused_border_color = color 1;
active_border_color = color 2;
urgent_border_color = color 2;
presel_feedback_color = color 2;
};
rules = {
"Gimp" = {
state = "tiled";
follow = true;
};
"Element".desktop = "II";
"TelegramDesktop".desktop = "III";
"Geary".desktop = "IV";
"firefox" = {
desktop = "I";
state = "tiled";
follow = false;
};
"Yubico Authenticator".state = "floating";
"firefox:Places".state = "floating";
};
};
services.sxhkd = {
enable = true;
keybindings = {
# Terminal
"super + Return" = "kitty";
"Caps_Lock" = "kitty";
# File explorer
"super + e" = "nautilus";
# Program launcher
"super + @space" = "rofi -show drun";
# Clipboard
"super + v" = ''
CM_LAUNCHER=rofi clipmenu \
-theme-str 'listview \{ spacing: 0; \}' \
-theme-str 'window \{ width: 30em; \}'
'';
# Calculator
"super + shift + c" = ''
rofi -show calc -modi calc -calc-command 'xdotool type --clearmodifiers "\{result\}"'';
# Media keys
"XF86Audio{Raise,Lower}Volume" = "pamixer {-i,-d} 5";
"XF86AudioMute" = "pamixer -t";
"XF86Audio{Prev,Next}" = "playerctl {previous,next}";
"XF86AudioPlay" = "playerctl play-pause";
# Screenshot
"Print" = "flameshot gui && bspc desktop --focus focused";
"shift + Print" =
"flameshot gui -d 3000 && bspc desktop --focus focused";
# Pause notifications
"super + n" = "dunstctl set-paused toggle";
# Reload WM
"super + shift + {q,r}" = ''
pkill -USR1 -x sxhkd \
; for p in picom polybar dunst; killall $p; end \
; bspc {quit,wm -r}
'';
# Close/kill window
"super + {_,shift + }w" = "bspc node -{c,k}";
# Monocle layout
"super + m" = "bspc desktop -l next";
# Toggle hide all windows
"super + d" =
"bspc query -N -n .window | xargs -I node_id bspc node node_id -g hidden";
# Change window state
"super + {t,shift + t,s,f}" =
"bspc node -t {tiled,pseudo_tiled,floating,fullscreen}";
# Focus/move window
"super + {_,shift + }{j,k,i,l}" =
"bspc node -{f,s} {west,south,north,east}";
# Focus the next window in the current desktop
"super + c" = "bspc node -f next.local.!hidden.window";
# Focus previous/next desktop on current monitor
"super + bracket{left,right}" = "bspc desktop -f {prev,next}.local";
# Switch desktops / Move window to desktop
"super + {_,shift + }{1-9,0}" = "bspc {desktop -f,node -d} '^{1-9,10}'";
# Window switcher
"alt + Tab" = "rofi -show window";
# Move floating window
"super + {Left,Down,Up,Right}" = "bspc node -v {-20 0,0 20,0 -20,20 0}";
# Lock screen
"super + x" =
"betterlockscreen --lock dimblur; systemctl --user restart gpg-agent";
};
};
};
}

13
common/fragments/graphical/colors.nix
View File

@ -1,13 +0,0 @@
{ lib, pkgs, ... }: {
colorscheme = name: image: rec {
generate = pkgs.callPackage ({ runCommand, colorz }:
runCommand name { nativeBuildInputs = [ colorz ]; } ''
colorz ${image} --no-preview -n 8 --bold 30 --minv 0 --maxv 255 | awk '{print $1} {print $2}' > $out
'') { };
colors = builtins.listToAttrs (lib.lists.imap0 (i: v: {
name = builtins.toString i;
value = v;
}) (lib.strings.splitString "\n" (builtins.readFile generate)));
};
}

45
common/fragments/graphical/darwin.nix Normal file
View File

@ -0,0 +1,45 @@
{ pkgs, lib, ... }:
{
imports = [
./default.nix
./iosevka.nix
../../home_manager/common.nix
../../remote-builds.nix
];
services.nix-daemon.enable = true;
nix.settings = {
extra-nix-path = "nixpkgs=flake:nixpkgs";
substituters = [
"https://cache.nixos.org"
"https://cache.lix.systems"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
];
trusted-users = [ "@admin" ];
};
# Needed for the nix-darwin environment even if zsh is not used.
programs.zsh.enable = true;
users.users.agatha = {
name = "agatha";
home = lib.mkForce "/Users/agatha";
};
fonts.packages = with pkgs; [
(nerdfonts.override {
fonts = [
"DaddyTimeMono"
"NerdFontsSymbolsOnly"
];
})
fira-code
fira-code-symbols
font-awesome_5
iosevka
siji
];
}

166
common/fragments/graphical/default.nix
View File

@ -1,167 +1,35 @@
{ pkgs, config, lib, ... }: {
imports = [
./bspwm.nix
./picom.nix
./polybar.nix
./iosevka.nix
./kitty.nix
./element.nix
];
{ pkgs, ... }:
{
# Config for client devices, but not necessarily a full desktop environment.
# User packages
users.users.agatha.packages = with pkgs; [
brightnessctl
android-tools
broot
colmena
element-desktop
firefox
flameshot
gnome.eog
gnome.file-roller
gnome.geary
gnome.gnome-calendar
gnome.gnome-control-center
gnome.gnome-disk-utility
gnome.gnome-font-viewer
gnome.nautilus
gnome.totem
exiftool
ffmpeg
flac
hyperfine
lxappearance
just
magic-wormhole
neofetch
nitrogen
pamixer
pavucontrol
nil
pfetch
playerctl
pridefetch
rofi
rofi-calc
rofimoji
tdesktop
rink
sshfs
unstable.rustmission
whois
wireguard-tools
xdg-utils
yubioath-desktop
yt-dlp
];
# Brightness/volume keys
users.users.agatha.extraGroups = [ "video" ];
programs.light.enable = true;
services.xserver = {
enable = true;
displayManager = {
gdm.enable = true;
# gdm.wayland = true;
sessionPackages = [ pkgs.sway ];
session = [{
manage = "window";
name = "bspwm";
start = let cfg = config.home-manager.users.agatha;
in ''
${cfg.services.sxhkd.package}/bin/sxhkd ${
toString cfg.services.sxhkd.extraOptions
} &
${cfg.xsession.windowManager.bspwm.package}/bin/bspwm -c ${cfg.xdg.configHome}/bspwm/bspwmrc
'';
}];
};
# Layout overrides
layout = lib.mkForce "eu,de(qwerty),ua,ru";
xkbOptions = "ctrl:nocaps,compose:rctrl";
synaptics = {
enable = true;
tapButtons = true;
vertTwoFingerScroll = true;
vertEdgeScroll = true;
horizEdgeScroll = true;
horizTwoFingerScroll = true;
palmDetect = true;
palmMinWidth = 8;
palmMinZ = 100;
};
};
home-manager.users.agatha = {
# Compose key sequences
home.file.".XCompose".text = ''
include "%L"
<Multi_key> <l> <f> : "( ͡° ͜ʖ ͡°)"
<Multi_key> <s> <f> : "¯\\_()_/¯"
<Multi_key> <g> <f> : " _ "
<Multi_key> <B> <B> : "🅱"
<Multi_key> <o> <asterisk> : ""
<Multi_key> <h> <r> : ""
<Multi_key> <v> <v> : ""
<Multi_key> <v> <period> <v> : ""
<Multi_key> <space> <space> : ""
<Multi_key> <s> <0> : "§"
<Multi_key> <b><l> : ""
<Multi_key> <h><s> : ""
<Multi_key> <s><r> : ""
<Multi_key> <t><r> : " trans rights uwu"
<Multi_key> <w><apostrophe> : "òwó"
<Multi_key> <W><apostrophe> : "ÒwÓ"
<Multi_key> <p><t> : "👉👈"
<Multi_key> <p><l> : "🥺"
<Multi_key> <m><s> : "/html <span data-mx-spoiler=\"\"></span>"
'';
# Cursor theme
home.pointerCursor = {
name = "Adwaita";
package = pkgs.gnome.adwaita-icon-theme;
size = 24;
x11 = {
enable = true;
defaultCursor = "Adwaita";
};
programs.direnv.enable = true;
home.sessionVariables = {
"DIRENV_LOG_FORMAT" = "";
};
};
security.polkit.enable = true;
# Screenshare on wlroots
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
wlr.enable = true;
};
};
fonts.fontconfig.enable = true;
fonts.fonts = with pkgs; [
cantarell-fonts
crimson
dejavu_fonts
fira-code
fira-code-symbols
font-awesome_5
iosevka
noto-fonts-cjk
siji
twitter-color-emoji
(nerdfonts.override { fonts = [ "DaddyTimeMono" "NerdFontsSymbolsOnly" ]; })
];
services.printing.enable = true;
# Pipewire
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}

109
common/fragments/graphical/element.nix
View File

@ -1,109 +0,0 @@
{ pkgs, config, lib, ... }: {
home-manager.users.agatha = {
xdg.configFile."Element/config.json".text = ''
{
"settingDefaults": {
"custom_themes": [
{
"name": "Sapphic Lavender",
"is_dark": true,
"fonts": {
"general": "Allust, Twemoji, Twitter Color Emoji, sans",
"monospace": "'Iosevka Medium Extended', 'Fira Code'"
},
"colors": {
"accent": "#D2ADC6",
"accent-color": "#D2ADC6",
"primary-color": "#D2ADC6",
"warning-color": "#BF80A6",
"alert": "#BF80A6",
"sidebar-color": "#231724",
"primary-content": "#180F19",
"secondary-content": "#E5D9E6",
"tertiary-content": "#D2ADC6",
"quaternary-content": "#E5D9E6",
"quinary-content": "#251926",
"system": "#180F19",
"background": "#00f",
"roomlist-background-color": "#231724",
"roomlist-text-color": "#E5D9E6",
"roomlist-text-secondary-color": "#ffd1dc",
"roomlist-highlights-color": "#180F19",
"roomlist-separator-color": "#180F19",
"timeline-background-color": "#180F19",
"timeline-text-color": "#E5D9E6",
"timeline-text-secondary-color": "#D2ADC6",
"timeline-highlights-color": "#231724",
"eventbubble-self-bg": "#231724",
"eventbubble-others-bg": "#231724",
"eventbubble-bg-hover": "#231724",
"eventbubble-reply-color": "#231724",
"username-colors": [
"#D8BFD8",
"#ffd1dc",
"#DDA0DD",
"#DA70D6",
"#BA55D3",
"#9932CC",
"#800060",
"#8B008B"
],
"avatar-background-colors": ["#896bad", "#b09cc8", "#bdacd1"],
"reaction-row-button-selected-bg-color": "#bd93f9"
}
},
{
"name": "Transgender Vampirism",
"is_dark": true,
"fonts": {
"general": "Crimson, Noto Color Emoji, Twemoji, Twitter Color Emoji, sans",
"monospace": "'Iosevka Gothic', 'Fira Code'"
},
"colors": {
"accent": "#747E9D",
"accent-color": "#747E9D",
"primary-color": "#747E9D",
"warning-color": "#110E18",
"sidebar-color": "#16121F",
"primary-content": "#110E18",
"secondary-content": "#D5D6E8",
"tertiary-content": "#747E9D",
"quaternary-content": "#D5D6E8",
"quinary-content": "#16121F",
"system": "#16121F",
"background": "#00f",
"roomlist-background-color": "#16121F",
"roomlist-text-color": "#D5D6E8",
"roomlist-text-secondary-color": "#747E9D",
"roomlist-highlights-color": "#110E18",
"roomlist-separator-color": "#110E18",
"timeline-background-color": "#110E18",
"timeline-text-color": "#D5D6E8",
"timeline-text-secondary-color": "#747E9D",
"timeline-highlights-color": "#16121F",
"eventbubble-self-bg": "#16121F",
"eventbubble-others-bg": "#16121F",
"eventbubble-bg-hover": "#16121F",
"eventbubble-reply-color": "#16121F",
"username-colors": [
"#D8BFD8",
"#AA9AB6",
"#DDA0DD",
"#DA70D6",
"#7A5286",
"#9932CC",
"#800060",
"#8B008B"
],
"avatar-background-colors": ["#896bad", "#b09cc8", "#bdacd1"],
"reaction-row-button-selected-bg-color": "#bd93f9"
}
}
]
},
"showLabsSettings": true,
"features": ["feature_latex_maths"]
}
'';
};
}

38
common/fragments/graphical/iosevka.nix
View File

@ -1,51 +1,59 @@
{ config, pkgs, ... }: {
{
# Iosevka Gothic
nixpkgs.overlays = [
(final: prev: {
iosevka = prev.iosevka.override {
iosevka = (prev.iosevka.overrideAttrs (_: {
# Fixes broken terminal output
buildPhase = ''
export HOME=$TMPDIR
runHook preBuild
npm run build --no-update-notifier --targets ttf::$pname -- --jCmd=$NIX_BUILD_CORES --verbose=9 2>/dev/null
runHook postBuild
'';
})).override {
privateBuildPlan = ''
[buildPlans.iosevka-gothic]
[buildPlans.IosevkaGothic]
family = "Iosevka Gothic"
spacing = "normal"
serifs = "slab"
no-cv-ss = true
export-glyph-names = true
noCvSs = true
exportGlyphNames = true
[buildPlans.iosevka-gothic.variants.design]
[buildPlans.IosevkaGothic.variants.design]
capital-a = "straight-base-serifed"
capital-b = "standard-bilateral-serifed"
capital-h = "serifed"
capital-i = "serifed"
capital-q = "crossing"
capital-r = "standing"
capital-r = "standing-serifed"
f = "tailed"
l = "tailed-serifed"
z = "cursive"
long-s = "bent-hook-tailed"
eszet = "sulzbacher-descending"
lower-mu = "tailed"
eszet = "sulzbacher-descending-serifless"
lower-mu = "tailed-serifed"
lower-xi = "flat-top"
three = "flat-top"
three = "flat-top-serifless"
six = "straight-bar"
asterisk = "flip-penta-high"
asterisk = "turn-penta-high"
pilcrow = "high"
caret = "medium"
paren = "normal"
brace = "curly-flat-boundary"
number-sign = "upright"
ampersand = "closed"
at = "short"
at = "compact"
lig-ltgteq = "slanted"
ascii-single-quote = "raised-comma"
ascii-grave = "straight"
[buildPlans.iosevka-gothic.variants.italic]
[buildPlans.IosevkaGothic.variants.italic]
capital-z = "cursive-with-horizontal-crossbar"
[buildPlans.iosevka-gothic.ligations]
[buildPlans.IosevkaGothic.ligations]
inherits = "haskell"
'';
set = "gothic";
set = "Gothic";
};
})
];

79
common/fragments/graphical/kitty.nix
View File

@ -1,79 +0,0 @@
{ pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
color = n: colorscheme.colors."${builtins.toString n}";
in {
home-manager.users.agatha = {
programs.kitty = {
enable = true;
font = {
package = pkgs.iosevka;
name = "Iosevka Gothic";
size = 11.5;
};
keybindings = { "f5" = "load_config_file"; };
settings = {
disable_ligatures = "never";
draw_minimal_borders = false;
active_tab_font_style = "italic";
inactive_tab_font_style = "normal";
scrollback_lines = -10000;
url_style = "single";
strip_trailing_spaces = "smart";
enable_audio_bell = false;
window_margin_width = 10;
window_padding_width = 10;
inactive_text_alpha = "0.8";
enabled_layouts = "vertical, grid, stack";
tab_bar_edge = "top";
tab_bar_style = "fade";
tab_bar_margin_width = 5;
tab_separator = "";
tab_title_template = " {index}";
foreground = color 15;
background = color 0;
cursor = color 16;
color0 = color 0;
color8 = color 8;
color1 = color 1;
color9 = color 9;
color2 = color 2;
color10 = color 10;
color3 = color 3;
color11 = color 11;
color4 = color 4;
color12 = color 12;
color5 = color 5;
color13 = color 13;
color6 = color 6;
color14 = color 14;
color7 = color 7;
color15 = color 15;
selection_foreground = color 1;
selection_background = color 15;
url_color = color 1;
active_border_color = color 1;
inactive_border_color = color 2;
bell_border_color = color 6;
active_tab_foreground = color 15;
active_tab_background = color 1;
inactive_tab_foreground = color 8;
inactive_tab_background = color 2;
};
};
};
}

89
common/fragments/graphical/picom.nix
View File

@ -1,89 +0,0 @@
{ pkgs, config, lib, ... }: {
home-manager.users.agatha = {
services.picom = {
enable = true;
package = pkgs.picom-next;
# General
backend = "glx";
vSync = true;
settings = {
mark-wmwin-focused = true;
detect = {
rounded-corners = true;
client-opacity = true;
transient = true;
client-leader = true;
};
use-damage = true;
wintypes = {
tooltip = {
fade = true;
shadow = true;
opacity = 0.75;
focus = true;
full-shadow = false;
};
dock = { shadow = false; };
dnd = { shadow = false; };
popup_menu = { opacity = 0.8; };
dropdown_menu = { opacity = 0.8; };
};
};
# Shadows
shadow = true;
shadowOpacity = 1.0;
shadowOffsets = [ (-7) (-7) ];
shadowExclude = [
"name = 'Notification'"
"class_g ?= 'Notify-osd'"
"class_g = 'Cairo-clock'"
"class_g = 'firefox-nightly' && argb"
"class_g = 'firefox' && argb"
"_GTK_FRAME_EXTENTS@:c"
];
# Fade
fade = true;
fadeSteps = [ 5.0e-2 5.0e-2 ];
# Opacity
settings.frame-opacity = 0.7;
settings.inactive-opacity-override = false;
settings.inactive-dim = 0.2;
settings.focus-exclude = [
"class_g = 'firefox-nightly'"
"class_g = 'firefox'"
"class_g = 'Dunst'"
];
opacityRules = [
"100:_NET_WM_STATE@[0]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[1]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[2]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[3]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[4]:32a = '_NET_WM_STATE_FULLSCREEN'"
"0:_COMPTON_MONOCLE@:32c = 0"
"70:class_g = 'kitty'"
"80:class_g = 'Dunst'"
"20:class_g = 'Bspwm' && class_i = 'presel_feedback'"
];
# Blur
settings.blur = {
method = "dual_kawase";
strength = 3;
background = true;
kern = "3x3box";
background-exclude = [
"window_type = 'dock'"
"window_type = 'desktop'"
"_GTK_FRAME_EXTENTS@:c"
"class_g = 'firefox-nightly' && argb"
"class_g = 'firefox' && argb"
];
};
};
};
}

258
common/fragments/graphical/polybar.nix
View File

@ -1,258 +0,0 @@
{ lib, pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
in {
home-manager.users.agatha = {
services.polybar = {
enable = true;
package = pkgs.polybarFull;
script = "polybar right &";
settings = let color = n: colorscheme.colors."${builtins.toString n}";
in {
"colors" = {
background = color 0;
foreground = color 7;
foreground-alt = color 7;
primary = color 1;
secondary = color 2;
alert = color 3;
red = color 4;
};
"bar/right" = {
monitor = "\${env:MONITOR:eDP-1}";
width = "100%:-30";
height = 30;
offset-x = 15;
offset-y = 12;
radius = 0;
fixed-center = true;
background = "\${colors.background}";
foreground = "\${colors.foreground}";
line = {
size = 0;
color = color 3;
};
border = {
size = 3;
color = color 1;
};
padding = {
left = 2;
right = 2;
};
module.margin = {
left = 1;
right = 1;
};
font = {
"0" = "Iosevka Gothic:pixelsize=10;3";
"1" = "DejaVuSans:fontformat=truetype:size=8:antialias=false;2";
"2" = "Siji:pixelsize=11;2";
"3" = "Symbols Nerd Font:pixelsize=10;2";
"4" = "DejaVuSans:fontformat=truetype:size=8:antialias=false;1";
};
modules = {
left = "bspwm";
center = "date";
right =
"filesystem battery pulseaudio xkeyboard memory cpu notication-status powermenu";
};
wm-restack = "bspwm";
cursor-click = "pointer";
locale = "de_DE.UTF-8";
};
"module/xkeyboard" = {
type = "internal/xkeyboard";
blacklist-0 = "num lock";
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = {
layout = "%layout%";
indicator = {
padding = 2;
margin = 1;
background = "\${colors.secondary}";
underline = "\${colors.secondary}";
};
};
};
"module/bspwm" = {
type = "internal/bspwm";
label = {
focused = "%name%";
focused-foreground = "\${colors.primary}";
focused-padding = 1;
occupied = "%name%";
occupied-padding = 1;
urgent = "%name%!";
urgent-background = "\${xrdb:color1:#222}";
urgent-padding = 1;
empty = "%name%";
empty-foreground = "\${colors.foreground-alt}";
empty-padding = 1;
};
};
"module/date" = {
type = "internal/date";
interval = 5;
date = "";
date-alt = " %a, %d %b %Y";
time = "%H:%M";
time-alt = "%H:%M:%S";
format-prefix = "";
format-prefix-foreground = "\${colors.foreground-alt}";
label = ''
%{A3:dunstify ' Calendar' "$(cal --color=always | sed "s#\\x1b\\[7m#<b>#;s#\\x1b\\[27m#</b>#g")":}%date%%{A} %time%'';
};
"module/filesystem" = {
type = "internal/fs";
interval = 25;
mount-0 = "/";
label-mounted = "%mountpoint%: %percentage_used%%";
label-unmounted = "%mountpoint% not mounted";
label-unmounted-foreground = "\${colors.foreground-alt}";
};
"module/cpu" = {
type = "internal/cpu";
interval = 2;
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = "%{A1:kitty btop:}%percentage:2%%%{A}";
};
"module/memory" = {
type = "internal/memory";
interval = 2;
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = "%{A1:kitty btop:}%percentage_used%%%{A}";
};
"module/pulseaudio" = {
type = "internal/pulseaudio";
format-volume = "%{A3:pavucontrol:}<label-volume> <bar-volume>%{A}";
label-volume = " %percentage%%";
label-volume-foreground = "\${root.foreground}";
label-muted = " muted";
label-muted-foreground = "#666";
bar.volume = {
width = 14;
foreground-0 = "\${colors.secondary}";
foreground-1 = "\${colors.secondary}";
foreground-2 = "\${colors.primary}";
foreground-3 = "\${colors.primary}";
foreground-4 = "\${colors.primary}";
foreground-5 = "\${colors.alert}";
foreground-6 = "\${colors.red}";
gradient = false;
indicator = "|";
indicator-font = 5;
fill = "";
fill-font = 2;
empty = "";
empty-font = 2;
empty-foreground = "\${colors.foreground-alt}";
};
};
"module/powermenu" = {
type = "custom/menu";
expand-right = true;
format-spacing = 1;
label = {
open = "";
open-foreground = "\${colors.secondary}";
close = " cancel";
close-foreground = "\${colors.secondary}";
separator = "|";
separator-foreground = "\${colors.foreground-alt}";
};
menu = {
"0-0" = "reboot";
"0-0-exec" = "reboot";
"0-1" = "power off";
"0-1-exec" = "sudo poweroff";
};
};
"module/battery" = {
type = "internal/battery";
full-at = 99;
low-at = 10;
battery = "BAT0";
adapter = "AC";
poll-interval = 3;
content-font = 3;
format-charging = "<animation-charging> <label-charging>";
format-discharging = "<ramp-capacity> <label-discharging>";
label = {
charging = "%percentage_raw%%";
discharging = "%percentage_raw%%";
full = "";
};
ramp = {
capacity-0 = "";
capacity-1 = "";
capacity-2 = "";
capacity-3 = "";
capacity-4 = "";
};
animation = {
charging-0 = "";
charging-1 = "";
charging-2 = "";
charging-3 = "";
charging-4 = "";
charging-framerate = 750;
};
};
"module/notification-status" = {
type = "custom/script";
exec = ''
if $(dunstctl is-paused); then; echo "Notifications paused"; else; echo ""; fi;'';
interval = 2;
format-prefix = " ";
};
};
};
};
}

103
common/fragments/graphical/sway.nix
View File

@ -1,103 +0,0 @@
{ pkgs, config, ... }: {
# User packages
users.users.agatha.packages = with pkgs; [ grim rofi-wayland waybar ydotool ];
home-manager.users.agatha = {
wayland.windowManager.sway = let
cfg = config.home-manager.users.agatha.wayland.windowManager.sway.config;
in {
enable = true;
config = {
up = "i";
left = "j";
down = "k";
right = "l";
modifier = "Mod4";
terminal = "kitty";
fonts = {
names = [ "Font Awesome 5 Free" "Iosevka Gothic" ];
size = 11.0;
};
workspaceAutoBackAndForth = true;
window = {
titlebar = true;
hideEdgeBorders = "both";
border = 0;
};
gaps.inner = 15;
output."*" = { bg = "/home/agatha/Pictures/wallpaper.png fill"; };
input."type:keyboard" = {
xkb_layout = config.services.xserver.layout;
xkb_options = config.services.xserver.xkbOptions;
};
input."type:touchpad" = { tap = "enabled"; };
keybindings = let mod = cfg.modifier;
in {
"${mod}+Return" = "exec ${cfg.terminal}";
"Caps_Lock" = "exec ${cfg.terminal}";
"${mod}+e" = "exec nautilus";
"${mod}+space" = "exec rofi -show drun";
"${mod}+shift+e" = "exec rofimoji --action clipboard";
"${mod}+c" = ''
exec rofi -show calc -modi calc -calc-command 'xdotool type --clearmodifiers "\{result\}"'
'';
XF86AudioRaiseVolume = "exec pamixer -i 5";
XF86AudioLowerVolume = "exec pamixer -d 5";
XF86AudioMute = "exec pamixer -t";
XF86AudioPrev = "exec playerctl previous";
XF86AudioNext = "exec playerctl next";
XF86AudioPlay = "exec playerctl play-pause";
Print = "exec flameshot gui";
"shift+Print" = "exec flameshot gui -d 3000";
"${mod}+n" = "exec dunstctl set-paused toggle";
# "${mod}+o" = "TODO: port audio switcher";
"${mod}+shift+r" =
"reload; exec 'for p in waybar dunst; do; killall $p; done'";
"${mod}+w" = "kill";
"${mod}+m" = "layout tabbed";
"${mod}+t" = "layout toggle split";
"${mod}+s" = "floating toggle";
"${mod}+f" = "fullscreen toggle";
"alt+Tab" = "exec rofi -show window";
# "${mod}+x" = "TODO: lockscreen";
"${mod}+Shift+${cfg.left}" = "move left";
"${mod}+Shift+${cfg.down}" = "move down";
"${mod}+Shift+${cfg.up}" = "move up";
"${mod}+Shift+${cfg.right}" = "move right";
"${mod}+1" = "workspace number 1";
"${mod}+2" = "workspace number 2";
"${mod}+3" = "workspace number 3";
"${mod}+4" = "workspace number 4";
"${mod}+5" = "workspace number 5";
"${mod}+6" = "workspace number 6";
"${mod}+7" = "workspace number 7";
"${mod}+8" = "workspace number 8";
"${mod}+9" = "workspace number 9";
"${mod}+Shift+1" = "move container to workspace number 1";
"${mod}+Shift+2" = "move container to workspace number 2";
"${mod}+Shift+3" = "move container to workspace number 3";
"${mod}+Shift+4" = "move container to workspace number 4";
"${mod}+Shift+5" = "move container to workspace number 5";
"${mod}+Shift+6" = "move container to workspace number 6";
"${mod}+Shift+7" = "move container to workspace number 7";
"${mod}+Shift+8" = "move container to workspace number 8";
"${mod}+Shift+9" = "move container to workspace number 9";
};
};
};
};
}

141
common/fragments/graphical/url-eater.nix Normal file
View File

@ -0,0 +1,141 @@
{ ... }:
let
filters = ''
category "Action Map" {
params "action_object_map" "action_ref_map" "action_type_map"
}
category "AliExpress.com" {
params "aff_platform" "aff_trace_key" \
"algo_expid@*.aliexpress.*" "*pvid@*.aliexpress.*" "btsid@*.aliexpress.*" \
"expid@*.aliexpress.*" "initiative_id@*.aliexpress.*" "scm_id@*.aliexpress.*" \
"spm@*.aliexpress.*" "ws_ab_test*.aliexpress.*" \
"_t@*.aliexpress.*" "pdp_npi@*.aliexpress.*" "gatewayAdapt@*.aliexpress.*"
}
category "Amazon" {
params "_encoding@amazon.*" "ascsubtag@amazon.*" "pd_rd_*@amazon.*" "pf@amazon.*" "pf_rd_*@amazon.*" "psc@amazon.*" "ref_@amazon.*" "tag@amazon.*"
}
category "Bing" {
params "cvid@bing.com" "form@bing.com" "pq@bing.com" "qs@bing.com" "sc@bing.com" "sk@bing.com" "sp@bing.com"
}
category "Campaign tracking (Adobe Analytics)" {
params "sc_cid"
}
category "Campaign tracking (Adobe Marketo)" {
params "mkt_tok"
}
category "Campaign tracking (Amazon Kendra)" {
params "trk" "trkCampaign"
}
category "Campaign tracking (at)" {
params "at_campaign" "at_custom*" "at_medium"
}
category "Campaign tracking (Change.org)" {
params "guest@change.org" "recruited_by_id@change.org" "recruiter@change.org" "short_display_name@change.org" "source_location@change.org"
}
category "Campaign tracking (DPG Media)" {
params "dpg_*"
}
category "Campaign tracking (Google Analytics ga)" {
params "ga_*" "gclid" "gclsrc"
}
category "Campaign tracking (Humble Bundle)" {
params "hmb_campaign" "hmb_medium" "hmb_source"
}
category "Campaign tracking (IBM Acoustic Campaign)" {
params "spJobID" "spMailingID" "spReportId" "spUserID"
}
category "Campaign tracking (itm)" {
params "itm_*"
}
category "Campaign tracking (Omniture)" {
params "s_cid"
}
category "Campaign tracking (Oracle Eloqua)" {
params "assetId" "assetType" "campaignId" "elqTrack" "elqTrackId" "recipientId" "siteId"
}
category "Campaign tracking (MailChimp)" {
params "mc_cid" "mc_eid"
}
category "Campaign tracking (Matomo/Piwik)" {
params "mtm_*" "pk_*"
}
category "Campaign tracking (ns)" {
params "ns_*"
}
category "Campaign tracking (sc)" {
params "sc_campaign" "sc_channel" "sc_content" "sc_country" "sc_geo" "sc_medium" "sc_outcome"
}
category "Campaign tracking (stm)" {
params "stm_*"
}
category "Campaign tracking (utm)" {
params "nr_email_referer" "utm_*"
}
category "Campaign tracking (Vero)" {
params "vero_conv" "vero_id"
}
category "Campaign tracking (Yandex)" {
params "_openstat" "yclid"
}
category "Campaign tracking (others)" {
params "c_id" "campaign_id" "Campaign" "cmpid" "mbid" "ncid"
}
category "Caseking.de" {
params "campaign@caseking.de" "sPartner@caseking.de"
}
category "Ebay" {
params "hash@ebay.*" "_trkparms@ebay.*" "_trksid@ebay.*" "amdata@ebay.*" "epid@ebay.*" "hash@ebay.*" "var@ebay.*"
}
category "Etsy" {
params "click_key@etsy.com" "click_sum@etsy.com" "organic_search_click@etsy.com" "ref@etsy.com"
}
category "Facebook" {
params "fb_action_ids" "fb_action_types" "fb_ref" "fb_source" "fbclid" "hrc@facebook.com" "refsrc@facebook.com"
}
category "Google" {
params "ei@google.*" "gs_gbg@google.*" "gs_l" "gs_lcp@google.*" "gs_mss@google.*" "gs_rn@google.*" "gws_rd@google.*" "sei@google.*" "ved@google.*"
}
category "Hubspot" {
params "_hsenc" "_hsmi" "__hssc" "__hstc" "hsCtaTracking"
}
category "IMDb" {
params "pf_rd_*@imdb.com" "ref_@imdb.com"
}
category "LinkedIn" {
params "eBP@linkedin.com" "lgCta@linkedin.com" "lgTemp@linkedin.com" "lipi@linkedin.com" "midSig@linkedin.com" "midToken@linkedin.com" "recommendedFlavor@linkedin.com" "refId@linkedin.com" "trackingId@linkedin.com" "trk@linkedin.com" "trkEmail@linkedin.com"
}
category "Medium" {
params "_branch_match_id@medium.com" "source@medium.com"
}
category "SourceForge.net" {
params "position@sourceforge.net" "source@sourceforge.net"
}
category "Spotify" {
params "context@open.spotify.com" "si@open.spotify.com"
}
category "TikTok" {
params "_d@tiktok.com" "checksum@tiktok.com" "is_copy_url@tiktok.com" "is_from_webapp@tiktok.com" "language@tiktok.com" "preview_pb@tiktok.com" "sec_user_id@tiktok.com" "sender_device@tiktok.com" "sender_web_id@tiktok.com" "share_app_id@tiktok.com" "share_link_id@tiktok.com" "share_item_id@tiktok.com" "source@tiktok.com" "timestamp@tiktok.com" "tt_from@tiktok.com" "u_code@tiktok.com" "user_id@tiktok.com"
}
category "Twitch.tv" {
params "tt_content" "tt_medium"
}
category "Twitter" {
params "cxt@*.twitter.com" "ref_*@*.twitter.com" "s@*.twitter.com" "t@*.twitter.com" "twclid"
}
category "Yandex" {
params "lr@yandex.*" "redircnt@yandex.*"
}
category "YouTube.com" {
params "feature@youtube.com" "kw@youtube.com"
}
category "Zeit.de" {
params "wt_mc" "wt_zmc"
}
'';
in
{
services.url-eater = {
enable = true;
inherit filters;
};
}

15
common/fragments/headscale.nix Normal file
View File

@ -0,0 +1,15 @@
{ pkgs, ... }:
{
services.headscale = {
enable = true;
port = 52812;
settings.server_url = "https://hs.technogothic.net";
settings.dns_config = {
nameservers = [
"94.140.14.14"
"94.140.15.15"
]; # AdGuard Public DNS
base_domain = "thorns.home.arpa";
};
};
}

11
common/fragments/hedgedoc.nix Normal file
View File

@ -0,0 +1,11 @@
{
services.hedgedoc = {
enable = true;
settings = {
domain = "hedgedoc.technogothic.net";
protocolUseSSL = true;
allowOrigin = [ "localhost" "hedgedoc.technogothic.net" ];
allowEmailRegister = false;
};
};
}

55
common/fragments/home-assistant.nix Normal file
View File

@ -0,0 +1,55 @@
{
networking.firewall.allowedTCPPorts = [
8123
1883
1884
];
networking.firewall.allowedTCPPortRanges = [
{
from = 21063;
to = 21070;
}
];
networking.firewall.allowedUDPPorts = [
53
67
5353
];
virtualisation.oci-containers.containers = {
"home-assistant" = {
image = "ghcr.io/home-assistant/home-assistant:stable";
autoStart = true;
volumes = [
"/var/lib/hass:/config"
"/etc/localtime:/etc/localtime:ro"
"/run/dbus:/run/dbus:ro"
];
extraOptions = [ "--network=host" ];
};
};
services.mosquitto = {
enable = true;
listeners = [
{
users.root = {
acl = [ "readwrite #" ];
hashedPassword = "$7$101$GLzV4JTDU6Z9vHYl$GqkS+LOdufO3Znt/3M+4y0u8I3Yyv+3J/8SpsVTpKZMexNciPDhV3K67ZX6++yD75e4Eo4gJCYYhJ/JFt2o2nw==";
};
}
];
};
services.create_ap = {
enable = true;
settings = {
WIFI_IFACE = "wlp2s0";
SHARE_METHOD = "none";
SSID = "Agatha-Isolated-Network";
# TODO: Replace placeholder password after switching to sops-nix
PASSPHRASE = "nCvKNgRH5L5DFBR4JULP3GHbDuk9XLfT";
};
};
networking.networkmanager.unmanaged = [ "wlp2s0" ];
}

13
common/fragments/homepage.nix
View File

@ -1,13 +0,0 @@
{ pkgs, ... }: {
virtualisation.oci-containers.containers = {
"homepage" = {
image = "ghcr.io/benphelps/homepage:v0.6.10";
autoStart = true;
ports = [ "127.0.0.1:3000:3000" ];
volumes = [
"/var/lib/homepage:/app/config"
"/var/run/podman/podman.sock:/var/run/docker.sock"
];
};
};
}

36
common/fragments/mastodon.nix Normal file
View File

@ -0,0 +1,36 @@
{ config, pkgs, ... }: {
services.mastodon = {
enable = true;
package = pkgs.agatha-mastodon;
localDomain = "technogothic.net";
configureNginx = false;
smtp.fromAddress = "noreply@technogothic.net";
smtp.createLocally = false;
database.passwordFile = "/var/lib/mastodon/secrets/db-password";
streamingProcesses = 4;
elasticsearch = {
host = "127.0.0.1";
inherit (config.services.elasticsearch) port;
};
extraConfig = {
WEB_DOMAIN = "fv.technogothic.net";
GITHUB_REPOSITORY = "AgathaSorceress/mastodon";
AUTHORIZED_FETCH = "true";
MAX_TOOT_CHARS = "6666";
MAX_POLL_OPTIONS = "128";
MAX_POLL_OPTION_CHARS = "512";
EXTRA_DATA_HOSTS = "https://ftp.technogothic.net";
MASTODON_VERSION_METADATA = "AGATHA+AGATHA";
};
};
users.groups.mastodon.members = [ config.services.nginx.user ];
services.elasticsearch = {
enable = true;
cluster_name = "mastodon-es";
package = pkgs.elasticsearch7;
};
}

14
common/fragments/matrix-ril100.nix Normal file
View File

@ -0,0 +1,14 @@
{ pkgs, ... }: {
systemd.services.matrix-ril100 = {
wantedBy = [ "multi-user.target" ];
description = "A matrix bot that looks up RIL100 codes and station names";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.matrix-ril100}/bin/matrix-ril100";
WorkingDirectory = "/var/lib/matrix-ril100";
Restart = "always";
};
};
}

16
common/fragments/mc-status-bot.nix Normal file
View File

@ -0,0 +1,16 @@
{ pkgs, ... }: {
systemd.services.mc-status-bot = {
wantedBy = [ "multi-user.target" ];
description = "Minecraft server status bot for Matrix";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${
pkgs.callPackage ../pkgs/mc-status-bot.nix { }
}/bin/mc-status-bot.sh";
EnvironmentFile = "/var/lib/secrets/mc-status-bot-env";
Restart = "always";
};
};
}

37
common/fragments/minecraft.nix
View File

@ -1,7 +1,11 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
rsyncSSHKeys = config.users.users.agatha.openssh.authorizedKeys.keys
++ config.users.users.julia.openssh.authorizedKeys.keys;
rsyncSSHKeys = config.users.users.agatha.openssh.authorizedKeys.keys;
jre8 = pkgs.temurin-bin-8;
jre17 = pkgs.temurin-bin-17;
@ -33,17 +37,18 @@ let
allow-flight = true;
max-tick-time = 2 * 60 * 1000;
};
in {
in
{
services.modded-minecraft-servers = {
eula = true;
instances = {
# End to End encrypted modded minecraft yay
e2e = {
enable = true;
enable = false;
inherit rsyncSSHKeys jvmOpts;
jvmInitialAllocation = "2G";
jvmInitialAllocation = "1G";
jvmMaxAllocation = "8G";
jvmPackage = jre8;
@ -54,10 +59,28 @@ in {
extra-options.level-type = "BIOMESOP";
};
};
enigmatica-8 = {
enable = false;
inherit rsyncSSHKeys jvmOpts;
jvmInitialAllocation = "1G";
jvmMaxAllocation = "8G";
jvmPackage = jre17;
serverConfig = serverDefaults // {
server-port = 25567;
rcon-port = 25568;
motd = "Enigmeowtica 8";
max-tick-time = 300000;
};
};
};
};
systemd.services.mc-e2e.path = with pkgs; [ getconf gawk ];
systemd.services.mc-e2e.path = with pkgs; [
getconf
gawk
];
users.users.agatha.packages = with pkgs; [ mcrcon ];
}

2
common/fragments/nyandroid.nix
View File

@ -1,4 +1,4 @@
_: {
{
virtualisation.oci-containers.containers = {
"nyandroid" = {
image = "registry.gitlab.com/xenua/nyandroid:latest";

22
common/fragments/postgres.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, ... }: {
services.postgresql = {
settings = {
max_connections = 200;
shared_buffers = "4GB";
effective_cache_size = "12GB";
maintenance_work_mem = "1GB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 300;
work_mem = "10485kB";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 4;
max_parallel_workers_per_gather = 2;
max_parallel_workers = 4;
max_parallel_maintenance_workers = 2;
};
};
}

11
common/fragments/prometheus_exporters.nix
View File

@ -20,6 +20,17 @@
enable = true;
port = 9003;
};
process = {
enable = true;
port = 9005;
settings.process_names = [
# Remove nix store path from process name
{
name = "{{.Matches.Wrapped}} {{ .Matches.Args }}";
cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ];
}
];
};
};
};

29
common/fragments/prosody.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, ... }:
let
ssl = {
cert = "${
config.security.acme.certs."technogothic.net".directory
}/fullchain.pem";
key = "${config.security.acme.certs."technogothic.net".directory}/key.pem";
};
in {
services.prosody = {
enable = true;
admins = [ "Agatha@argent.technogothic.net" ];
inherit ssl;
virtualHosts."argent.technogothic.net" = {
enabled = true;
domain = "argent.technogothic.net";
inherit ssl;
};
muc = [{ domain = "muc.argent.technogothic.net"; }];
uploadHttp.domain = "upload.argent.technogothic.net";
};
users.users."${config.services.prosody.user}".extraGroups =
[ "acme" "nginx" ];
networking.firewall.allowedTCPPorts = [ 5000 5222 5269 5281 ];
}

53
common/fragments/restic.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, ... }: {
services.restic.backups.${config.networking.hostName} = {
initialize = true;
repository = "rest:http://10.20.1.2:8000/${config.networking.hostName}/";
passwordFile = "/var/lib/secrets/restic-password";
environmentFile = "/var/lib/secrets/restic-env";
timerConfig = {
OnCalendar = "*-*-* 20:00"; # Daily at 20:00
Persistent = true;
};
paths = [ "/home/agatha" "/mnt/hdd" ];
exclude = [
".Trash*"
".gradle"
"/home/agatha/.XCompose"
"/home/agatha/.Xresources"
"/home/agatha/.cache"
"/home/agatha/.cargo"
"/home/agatha/.config"
"!/home/agatha/.config/gzdoom"
"/home/agatha/.gnupg"
"/home/agatha/.gtkrc-2.0"
"/home/agatha/.java"
"/home/agatha/.local"
"!/home/agatha/.local/share/PrismLauncher"
"/home/agatha/.manpath"
"/home/agatha/.minecraft"
"/home/agatha/.nix-defexpr"
"/home/agatha/.nix-profile"
"/home/agatha/.themes"
"/home/agatha/Desktop"
"/home/agatha/etc/deadname destruction"
"/home/agatha/go"
"/home/agatha/mount"
"/home/agatha/projects/java/**/build"
"/home/agatha/projects/mastodon"
"/home/agatha/projects/rust/**/target"
"/home/agatha/projects/rust/helix/runtime"
"/home/agatha/projects/snek/**/venv"
"__pycache__"
"lost+found"
];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 12" ];
};
systemd.timers."restic-backups-${config.networking.hostName}".after =
[ "network-online.target" ];
}

10
common/fragments/sponsorblock.nix Normal file
View File

@ -0,0 +1,10 @@
{
virtualisation.oci-containers.containers = {
"isponsorblocktv" = {
image = "ghcr.io/dmunozv04/isponsorblocktv";
autoStart = true;
volumes = [ "/var/lib/sponsorblock:/app/data" ];
extraOptions = [ "--network=host" ];
};
};
}

39
common/fragments/virt.nix Normal file
View File

@ -0,0 +1,39 @@
{ pkgs, lib, ... }:
{
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"amdgpu"
];
kernelParams =
let
gpuIDs = [
"1002:67df" # Graphics
"1002:aaf0" # Audio
];
in
[
# enable IOMMU
"amd_iommu=on"
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs)
];
};
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
services.openssh.settings.X11Forwarding = true;
# Virtualization
virtualisation.libvirtd = {
enable = true;
onBoot = "start";
onShutdown = "shutdown";
};
programs.virt-manager.enable = true;
users.users.agatha.extraGroups = [ "libvirtd" ];
}

3
common/fragments/yubikey.nix
View File

@ -4,7 +4,8 @@
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "gnome3";
pinentryPackage = pkgs.pinentry-gnome3;
enableExtraSocket = true;
};
services.pcscd.enable = true;

139
common/home_manager/common.nix
View File

@ -1,23 +1,28 @@
{ pkgs, config, lib, ... }: {
{
pkgs,
config,
lib,
...
}:
{
imports = [ ../../common/home_manager/helix.nix ];
home-manager.useGlobalPkgs = true;
home-manager.users.agatha = {
home.username = "agatha";
home.homeDirectory = "/home/agatha";
home.stateVersion = config.system.stateVersion;
home.homeDirectory = lib.mkDefault "/home/agatha";
# Fallback for nix-darwin
home.stateVersion = if pkgs.stdenv.isLinux then config.system.stateVersion else "24.05";
home.packages = with pkgs; [
bat
btop
choose
exa
eza
fd
fzf
gnupg
ouch
ripgrep
tealdeer
zoxide
];
programs = {
@ -30,18 +35,35 @@
signing.key = "33185E0D62AD7294379947D4C37ABADDB597BCA1";
signing.signByDefault = true;
aliases = {
plog =
"log --graph --pretty=format:'%h -%d %s -%an %n' --abbrev-commit --date=relative --branches";
plog = "log --graph --pretty=format:'%h -%d %s -%an %n' --abbrev-commit --date=relative --branches";
pfusch = "push --force-with-lease";
stat = "diff --compact-summary";
undo = "reset --soft HEAD~";
unstage = "restore --staged";
};
extraConfig = {
init = { defaultBranch = "mistress"; };
core = { editor = "hx"; };
init = {
defaultBranch = "mistress";
};
core = {
editor = "hx";
};
merge.conflictStyle = "zdiff3";
rebase.autosquash = true;
pull.rebase = true;
};
delta = {
enable = true;
options = {
blame-format = "{timestamp:<15} {author:<18.18} {commit:<8}";
file-modified-label = "modified:";
hunk-header-decoration-style = "blue ul ol";
line-numbers = true;
navigate = true;
navigate-regex = "^(commit|added:|removed:|renamed:|modified:)";
};
};
};
starship = {
@ -54,8 +76,11 @@
"$character"
"$directory"
];
right_format =
lib.concatStrings [ "$git_branch" " " "$cmd_duration" ];
right_format = lib.concatStrings [
"$git_branch"
" "
"$cmd_duration"
];
character = {
success_symbol = "";
error_symbol = "[ ](purple)";
@ -67,10 +92,12 @@
style = "cyan";
read_only_style = "cyan";
};
cmd_duration = { min_time = 10000; };
cmd_duration = {
min_time = 10000;
};
git_branch = {
format = "$symbol $branch";
symbol = "";
symbol = "󰘬";
};
hostname = {
ssh_only = false;
@ -81,11 +108,6 @@
fish = {
enable = true;
interactiveShellInit = builtins.readFile (pkgs.fetchurl {
url =
"https://git.lain.faith/sorceress/dotfiles/raw/commit/80be649e9663e3db67041192c714329e20b10cc9/.config/fish/config.fish";
sha256 = "sha256-ZZCTXnRZfotksiJj7iVJnLz+XnWHTlIsZzv3gbbZoRQ=";
});
plugins = [
{
name = "fzf";
@ -106,6 +128,79 @@
};
}
];
shellAliases = {
ls = "eza -lhT --classify=always --group-directories-first --level 1";
cat = "bat";
ip = "ip -color=always";
youtube-dl-audio = ''yt-dlp --ignore-errors --output "%(title)s.%(ext)s" --extract-audio --audio-format best'';
rsync = "rsync -az --partial --info=progress2";
};
shellAliases.tailscale = lib.mkIf (
!pkgs.stdenv.isLinux
) "/Applications/Tailscale.app/Contents/MacOS/Tailscale";
functions = {
expand-dot-to-parent-directory-path = ''
# expand ... to ../.. etc
# https://github.com/fish-shell/fish-shell/issues/1891#issuecomment-451961517
# Get commandline up to cursor
set -l cmd (commandline --cut-at-cursor)
# Match last line
switch $cmd[-1]
case '*..'
commandline --insert '/.'
case '*'
commandline --insert '.'
end
'';
impostor = ''
echo $argv[1] | string sub -s 13 | fold -w1 | shuf | tr -d '\n' | sed 's/^/cccccbeujtje/'
'';
};
shellInit = ''
set -Ux AWT_TOOLKIT MToolkit
set -Ux JDK_JAVA_OPTIONS "-Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Djdk.gtk.version=3 -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true"
# Zoxide
set -Ux _ZO_FZF_OPTS "--no-sort --height=30% --exit-0 --select-1 --bind=ctrl-z:ignore"
# Fix locale errors in Nix
set -Ux LOCALE_ARCHIVE /usr/lib/locale/locale-archive
# PATH
set -gx fish_user_paths $fish_user_paths \
/home/agatha/.local/bin \
/home/agatha/.cargo/bin \
/home/agatha/.cabal/bin
if type -q ruby
fish_add_path -a (ruby -e 'print Gem.user_dir')/bin
end
bind . 'expand-dot-to-parent-directory-path'
if test -d ~/.gnupg
set -e SSH_AGENT_PID
set -x SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket)
# so gpg-agent knows in what tty to prompt for key passwords
set -x GPG_TTY (tty)
gpg-connect-agent updatestartuptty /bye > /dev/null
end
'';
};
tealdeer = {
enable = true;
settings = {
updates.auto_update = true;
};
};
zoxide = {
enable = true;
enableFishIntegration = true;
options = [ "--cmd v" ];
};
command-not-found.enable = false;
@ -114,6 +209,10 @@
enableFishIntegration = true;
};
};
home.file.".sqliterc".text = ''
.headers on
.mode column
'';
};
}

479
common/home_manager/helix.nix
View File

@ -1,27 +1,44 @@
{ pkgs, config, ... }: {
{ pkgs, lib, ... }:
{
# Set editor
environment.variables.EDITOR = "hx";
home-manager.users.agatha = {
# Formatters/Language Servers that Helix uses
home.packages = with pkgs; [ nixfmt ];
home.packages = with pkgs; [ nixfmt-rfc-style ];
programs = {
helix = {
enable = true;
package = pkgs.helix;
languages = [{
name = "nix";
auto-format = true;
formatter = { command = "nixfmt"; };
}];
languages = {
language = [
{
name = "nix";
auto-format = true;
formatter = {
command = "nixfmt";
};
}
];
};
settings = {
theme = "paramount-dark";
theme = lib.mkDefault "paramount-dark";
editor = {
middle-click-paste = false;
scroll-lines = 4;
shell = [ "fish" "-c" ];
shell = [
"fish"
"-c"
];
bufferline = "multiple";
statusline = {
left = [ "mode" "spinner" "file-name" ];
left = [
"mode"
"spinner"
"file-name"
];
right = [
"workspace-diagnostics"
"position"
@ -34,7 +51,9 @@
separator = " ";
};
cursor-shape = { insert = "bar"; };
cursor-shape = {
insert = "bar";
};
whitespace.render = {
tab = "all";
@ -56,13 +75,25 @@
keys = {
insert = {
"C-left" = [ "move_prev_word_start" "collapse_selection" ];
"C-right" = [ "move_next_word_start" "collapse_selection" ];
"C-left" = [
"move_prev_word_start"
"collapse_selection"
];
"C-right" = [
"move_next_word_start"
"collapse_selection"
];
};
normal = {
"C-left" = [ "move_prev_word_start" "collapse_selection" ];
"C-right" = [ "move_next_word_start" "collapse_selection" ];
"C-left" = [
"move_prev_word_start"
"collapse_selection"
];
"C-right" = [
"move_next_word_start"
"collapse_selection"
];
"A-d" = "delete_selection";
"d" = "delete_selection_noyank";
};
@ -70,210 +101,244 @@
};
themes = {
paramount-dark = let
medium_gray = "#767676";
lighter_black = "#4E4E4E";
lighter_gray = "#C6C6C6";
light_red = "#E32791";
orange = "#D75F5F";
light_green = "#5FD7A7";
dark_purple = "#af5fd7";
light_purple = "#a790d5";
dark_yellow = "#A89C14";
in {
inherits = "hex_lavender";
paramount-dark =
let
medium_gray = "#767676";
lighter_black = "#4E4E4E";
lighter_gray = "#C6C6C6";
light_red = "#E32791";
orange = "#D75F5F";
light_green = "#5FD7A7";
dark_purple = "#af5fd7";
light_purple = "#a790d5";
dark_yellow = "#A89C14";
in
{
"ui.background" = {
bg = "black";
};
"ui.gutter" = {
bg = "black";
};
"ui.menu.selected" = {
fg = lighter_gray;
bg = light_purple;
};
"comment" = {
fg = lighter_black;
modifiers = [ "italic" ];
};
"constant" = light_purple;
"string" = light_purple;
"variable" = lighter_gray;
"function" = lighter_gray;
"keyword.function" = lighter_gray;
"keyword.control" = medium_gray;
"keyword.control.import" = medium_gray;
"operator" = {
fg = lighter_gray;
modifiers = [ "bold" ];
};
"function.special" = medium_gray;
"type" = lighter_gray;
"tag" = {
fg = medium_gray;
modifiers = [ "italic" ];
};
"punctuation" = {
fg = medium_gray;
};
"ui.linenr" = medium_gray;
"ui.linenr.selected" = {
fg = light_purple;
};
"ui.window" = medium_gray;
"ui.text" = lighter_gray;
"ui.text.focus" = light_purple;
"ui.virtual.whitespace" = lighter_black;
"string.special.url" = {
fg = lighter_gray;
underline = {
color = lighter_gray;
style = "line";
};
modifiers = [ "underlined" ];
};
"markup.link" = {
fg = lighter_gray;
underline = {
color = lighter_gray;
style = "line";
};
modifiers = [ "underlined" ];
};
"diagnostic.error" = {
underline = {
color = light_red;
style = "curl";
};
};
"error" = light_red;
"diagnostic.hint" = {
underline = {
color = lighter_gray;
style = "curl";
};
};
"hint" = lighter_gray;
"ui.selection" = {
fg = lighter_gray;
bg = light_purple;
};
"ui.selection.primary" = {
fg = lighter_gray;
bg = light_purple;
};
"warning" = orange;
"diagnostic.warning" = {
underline = {
color = orange;
style = "curl";
};
};
"diff.plus" = light_green;
"diff.minus" = light_red;
"diff.delta" = dark_yellow;
"ui.cursor" = {
bg = lighter_gray;
};
"ui.cursor.insert" = {
bg = light_purple;
};
"ui.cursor.select" = {
bg = dark_purple;
};
"ui.cursor.match" = {
fg = lighter_gray;
bg = medium_gray;
};
"namespace" = medium_gray;
};
paramount-light =
let
medium_gray = "#767676";
actual_white = "#FFFFFF";
light_black = "#262626";
dark_red = "#C30771";
orange = "#D75F5F";
dark_green = "#10A778";
dark_purple = "#af5fd7";
dark_yellow = "#A89C14";
in
{
inherits = "spacebones_light";
"ui.background" = { bg = "black"; };
"ui.gutter" = { bg = "black"; };
"ui.menu.selected" = {
fg = lighter_gray;
bg = light_purple;
};
"comment" = {
fg = lighter_black;
modifiers = [ "italic" ];
};
"constant" = light_purple;
"string" = light_purple;
"variable" = lighter_gray;
"function" = lighter_gray;
"keyword.function" = lighter_gray;
"keyword.control" = medium_gray;
"keyword.control.import" = medium_gray;
"operator" = {
fg = lighter_gray;
modifiers = [ "bold" ];
};
"function.special" = medium_gray;
"type" = lighter_gray;
"tag" = {
fg = medium_gray;
modifiers = [ "italic" ];
};
"punctuation" = { fg = medium_gray; };
"ui.linenr" = medium_gray;
"ui.linenr.selected" = { fg = light_purple; };
"string.special.url" = {
fg = lighter_gray;
underline = {
color = lighter_gray;
style = "line";
"ui.background" = {
bg = actual_white;
};
modifiers = [ "underlined" ];
};
"markup.link" = {
fg = lighter_gray;
underline = {
color = lighter_gray;
style = "line";
"ui.gutter" = {
bg = actual_white;
};
modifiers = [ "underlined" ];
};
"diagnostic.error" = {
underline = {
color = light_red;
style = "curl";
"ui.menu.selected" = {
fg = light_black;
bg = dark_purple;
};
};
"error" = light_red;
"diagnostic.hint" = {
underline = {
color = lighter_gray;
style = "curl";
"comment" = {
fg = "dark_gray";
modifiers = [ "italic" ];
};
};
"hint" = lighter_gray;
"ui.selection" = {
fg = lighter_gray;
bg = light_purple;
};
"ui.selection.primary" = {
fg = lighter_gray;
bg = light_purple;
};
"warning" = orange;
"diagnostic.warning" = {
underline = {
color = orange;
style = "curl";
"constant" = dark_purple;
"string" = dark_purple;
"variable" = light_black;
"variable.parameter" = light_black;
"function" = light_black;
"keyword" = medium_gray;
"keyword.function" = light_black;
"keyword.control" = medium_gray;
"keyword.control.import" = medium_gray;
"operator" = {
fg = light_black;
modifiers = [ "bold" ];
};
};
"diff.plus" = light_green;
"diff.minus" = light_red;
"diff.delta" = dark_yellow;
"ui.cursor" = { bg = lighter_gray; };
"ui.cursor.insert" = { bg = light_purple; };
"ui.cursor.select" = { bg = dark_purple; };
"ui.cursor.match" = {
fg = lighter_gray;
bg = medium_gray;
};
"namespace" = medium_gray;
};
paramount-light = let
medium_gray = "#767676";
actual_white = "#FFFFFF";
light_black = "#262626";
dark_red = "#C30771";
orange = "#D75F5F";
dark_green = "#10A778";
dark_purple = "#af5fd7";
dark_yellow = "#A89C14";
in {
inherits = "spacebones_light";
"ui.background" = { bg = actual_white; };
"ui.gutter" = { bg = actual_white; };
"ui.menu.selected" = {
fg = light_black;
bg = dark_purple;
};
"comment" = {
fg = "dark_gray";
modifiers = [ "italic" ];
};
"constant" = dark_purple;
"string" = dark_purple;
"variable" = light_black;
"variable.parameter" = light_black;
"function" = light_black;
"keyword" = medium_gray;
"keyword.function" = light_black;
"keyword.control" = medium_gray;
"keyword.control.import" = medium_gray;
"operator" = {
fg = light_black;
modifiers = [ "bold" ];
};
"function.special" = medium_gray;
"function.macro" = medium_gray;
"type" = light_black;
"type.builtin" = light_black;
"tag" = {
fg = medium_gray;
modifiers = [ "italic" ];
};
"punctuation" = { fg = medium_gray; };
"ui.linenr" = medium_gray;
"ui.linenr.selected" = { fg = dark_purple; };
"string.special.url" = {
fg = light_black;
underline = {
color = light_black;
style = "line";
"function.special" = medium_gray;
"function.macro" = medium_gray;
"type" = light_black;
"type.builtin" = light_black;
"tag" = {
fg = medium_gray;
modifiers = [ "italic" ];
};
modifiers = [ "underlined" ];
};
"markup.link" = {
fg = light_black;
underline = {
color = light_black;
style = "line";
"punctuation" = {
fg = medium_gray;
};
modifiers = [ "underlined" ];
};
"diagnostic.error" = {
underline = {
color = dark_red;
style = "curl";
"ui.linenr" = medium_gray;
"ui.linenr.selected" = {
fg = dark_purple;
};
};
"error" = dark_red;
"diagnostic.hint" = {
underline = {
color = light_black;
style = "curl";
"string.special.url" = {
fg = light_black;
underline = {
color = light_black;
style = "line";
};
modifiers = [ "underlined" ];
};
};
"hint" = light_black;
"ui.selection" = {
fg = light_black;
bg = dark_purple;
};
"ui.selection.primary" = {
fg = light_black;
bg = dark_purple;
};
"warning" = orange;
"diagnostic.warning" = {
underline = {
color = orange;
style = "curl";
"markup.link" = {
fg = light_black;
underline = {
color = light_black;
style = "line";
};
modifiers = [ "underlined" ];
};
"diagnostic.error" = {
underline = {
color = dark_red;
style = "curl";
};
};
"error" = dark_red;
"diagnostic.hint" = {
underline = {
color = light_black;
style = "curl";
};
};
"hint" = light_black;
"ui.selection" = {
fg = light_black;
bg = dark_purple;
};
"ui.selection.primary" = {
fg = light_black;
bg = dark_purple;
};
"warning" = orange;
"diagnostic.warning" = {
underline = {
color = orange;
style = "curl";
};
};
"diff.plus" = dark_green;
"diff.minus" = dark_red;
"diff.delta" = dark_yellow;
"ui.cursor" = {
bg = light_black;
};
"ui.cursor.insert" = {
bg = dark_purple;
};
"ui.cursor.select" = {
bg = dark_purple;
};
"ui.cursor.match" = {
fg = light_black;
bg = medium_gray;
};
"namespace" = medium_gray;
"special" = medium_gray;
};
"diff.plus" = dark_green;
"diff.minus" = dark_red;
"diff.delta" = dark_yellow;
"ui.cursor" = { bg = light_black; };
"ui.cursor.insert" = { bg = dark_purple; };
"ui.cursor.select" = { bg = dark_purple; };
"ui.cursor.match" = {
fg = light_black;
bg = medium_gray;
};
"namespace" = medium_gray;
"special" = medium_gray;
};
};
};
};

71
common/linux-specific.nix Normal file
View File

@ -0,0 +1,71 @@
{ config, ... }:
{
imports = [ ./users ];
## Optimizations
# Clean /tmp
boot.tmp.cleanOnBoot = true;
# Garbage collection
nix.gc.dates = "weekly";
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
settings.PasswordAuthentication = false;
};
services.earlyoom = {
enable = true;
freeSwapThreshold = 5;
freeMemThreshold = 5;
extraArgs = [
"-g"
"--avoid '^(sshd|systemd.*|tailscale.*|)$'"
];
};
# Fix Wireguard and Tailscale with NetworkManager
networking.firewall = {
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
services.tailscale.enable = true;
}

32
common/pkgs/bin.nix
View File

@ -1,18 +1,36 @@
{ rustPlatform, fetchFromGitHub }:
{ pkgs }:
rustPlatform.buildRustPackage rec {
name = "bin";
version = "3bbd64611f2a5dee91528976f6db17ff9844315a";
pkgs.rustPlatform.buildRustPackage rec {
pname = "bin";
version = "e8fac0f0c8c9b48e3933c6f4a9e607a99cc97cf8";
src = fetchFromGitHub {
src = pkgs.fetchFromGitHub {
owner = "WantGuns";
repo = name;
repo = pname;
rev = version;
sha256 = "0lyx8n4rpnyd7c6yjx8aa3zwxlfwj3db0ykrxdvlsaw4wrqlfk7i";
sha256 = "sha256-c5iuk1T3x17iEbLAno716pkQkRtVsB0UJzgIrR64Uec=";
};
# Use custom syntax highlighting theme
preBuild = ''
cp ${
../../external/paramount-dark.tmTheme
} resources/themes/paramount-dark.tmTheme
substituteInPlace src/models/pretty.rs \
--replace "ayu_dark.tmTheme" "paramount-dark.tmTheme" \
substituteInPlace static/css/index.css static/css/pretty.css templates/* \
--replace "#0f1419" "#000000" \
--replace "#f29718" "#a790d5" \
--replace "#F29718" "#a790d5" \
--replace "#be7611" "#8673aa"
'';
cargoLock = { lockFile = "${src}/Cargo.lock"; };
nativeBuildInputs = [ pkgs.git ];
meta = {
description = "highly opinionated, minimal pastebin";
homepage = "https://github.com/WantGuns/bin";

167
common/pkgs/mastodon/default.nix Normal file
View File

@ -0,0 +1,167 @@
{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests, yarn-berry, callPackage
, imagemagick, ffmpeg, file, ruby, writeShellScript, brotli
# Allow building a fork or custom version of Mastodon:
, pname ? "mastodon", version ? srcOverride.version, patches ? [ ]
# src is a package
, srcOverride ? callPackage ./source.nix { inherit patches; }
, gemset ? ./. + "/gemset.nix", yarnHash ? srcOverride.yarnHash }:
stdenv.mkDerivation rec {
inherit pname version;
src = srcOverride;
mastodonGems = bundlerEnv {
name = "${pname}-gems-${version}";
inherit version gemset ruby;
gemdir = src;
# This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem
# symlinks with directories, resolving this error when running rake:
# /nix/store/451rhxkggw53h7253izpbq55nrhs7iv0-mastodon-gems-3.0.1/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:6:in `<module:Bundler>': uninitialized constant Bundler::Settings (NameError)
postBuild = ''
for gem in "$out"/lib/ruby/gems/*/gems/*; do
cp -a "$gem/" "$gem.new"
rm "$gem"
# needed on macOS, otherwise the mv yields permission denied
chmod +w "$gem.new"
mv "$gem.new" "$gem"
done
'';
};
mastodonModules = stdenv.mkDerivation {
pname = "${pname}-modules";
inherit src version;
yarnOfflineCache = callPackage ./yarn.nix {
src = srcOverride;
hash = yarnHash;
};
nativeBuildInputs =
[ nodejs-slim yarn-berry mastodonGems mastodonGems.wrappedRuby brotli ];
RAILS_ENV = "production";
NODE_ENV = "production";
buildPhase = ''
runHook preBuild
export HOME=$PWD
# This option is needed for openssl-3 compatibility
# Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
export NODE_OPTIONS=--openssl-legacy-provider
export YARN_ENABLE_TELEMETRY=0
mkdir -p ~/.yarn/berry
ln -sf $yarnOfflineCache ~/.yarn/berry/cache
yarn install --immutable --immutable-cache
patchShebangs ~/bin
patchShebangs ~/node_modules
# skip running yarn install
rm -rf ~/bin/yarn
OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
rails assets:precompile
yarn cache clean
rm -rf ~/node_modules/.cache
# Create missing static gzip and brotli files
gzip --best --keep ~/public/assets/500.html
gzip --best --keep ~/public/packs/report.html
find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
-exec gzip --best --keep --force {} ';'
brotli --best --keep ~/public/packs/report.html
find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
-exec brotli --best --keep {} ';'
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/public
cp -r node_modules $out/node_modules
cp -r public/assets $out/public
cp -r public/packs $out/public
runHook postInstall
'';
};
propagatedBuildInputs = [ imagemagick ffmpeg file mastodonGems.wrappedRuby ];
buildInputs = [ mastodonGems nodejs-slim ];
buildPhase = ''
runHook preBuild
ln -s $mastodonModules/node_modules node_modules
ln -s $mastodonModules/public/assets public/assets
ln -s $mastodonModules/public/packs public/packs
patchShebangs bin/
for b in $(ls $mastodonGems/bin/)
do
if [ ! -f bin/$b ]; then
ln -s $mastodonGems/bin/$b bin/$b
fi
done
# Remove execute permissions
chmod 0444 public/emoji/*.svg
# Create missing static gzip and brotli files
find public -maxdepth 1 -type f -regextype posix-extended -iregex '.*\.(css|js|svg|txt|xml)' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
find public/emoji -type f -name '.*.svg' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
ln -s assets/500.html.gz public/500.html.gz
ln -s assets/500.html.br public/500.html.br
ln -s packs/sw.js.gz public/sw.js.gz
ln -s packs/sw.js.br public/sw.js.br
ln -s packs/sw.js.map.gz public/sw.js.map.gz
ln -s packs/sw.js.map.br public/sw.js.map.br
rm -rf log
ln -s /var/log/mastodon log
ln -s /tmp tmp
runHook postBuild
'';
installPhase = let
run-streaming = writeShellScript "run-streaming.sh" ''
# NixOS helper script to consistently use the same NodeJS version the package was built with.
${nodejs-slim}/bin/node ./streaming
'';
in ''
runHook preInstall
mkdir -p $out
cp -r * $out/
ln -s ${run-streaming} $out/run-streaming.sh
runHook postInstall
'';
passthru = {
tests.mastodon = nixosTests.mastodon;
# run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon
updateScript = ./update.sh;
};
meta = with lib; {
description =
"Self-hosted, globally interconnected microblogging software based on ActivityPub";
homepage = "https://joinmastodon.org";
license = licenses.agpl3Plus;
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
maintainers = with maintainers; [ happy-river erictapen izorkin ghuntley ];
};
}

3383
common/pkgs/mastodon/gemset.nix Normal file
View File

File diff suppressed because it is too large Load Diff

27
common/pkgs/mastodon/source.nix Normal file
View File

@ -0,0 +1,27 @@
# This file was generated by pkgs.mastodon.updateScript.
{ lib, fetchFromGitHub, applyPatches, postPatch ? "", patches ? [ ], gawk
, gnused, yarn-berry }:
let version = "f571dbe35dbc4876f9ca76b3f6d459839c67a2ef";
in (applyPatches {
src = fetchFromGitHub {
owner = "AgathaSorceress";
repo = "mastodon";
rev = "${version}";
sha256 = "3ZJMiciV0muv5j468hEKJUZGDhKcNCJnDFn6ZqKM1F4=";
};
inherit patches;
nativeBuildInputs = [ gawk gnused ];
postPatch = postPatch
+ lib.optionalString (lib.versionAtLeast yarn-berry.version "4.1.0") ''
# this is for yarn starting with 4.1.0 because fuck everything amirite
# see also https://github.com/yarnpkg/berry/pull/6083
echo "patching cachekey in yarn.lock"
cacheKey="$(awk -e '/cacheKey:/ {print $2}' yarn.lock)"
sed -i -Ee 's|^ checksum: ([^/]*)$| checksum: '$cacheKey'/\1|g;' yarn.lock
'';
}) // {
inherit version;
yarnHash = "sha256-wdEunwUsV/IaJvNq+YIqRXNKLBrqPeeL5Ig+33dT/AY=";
}

101
common/pkgs/mastodon/update.sh Executable file
View File

@ -0,0 +1,101 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-github gnused jq prefetch-yarn-deps
set -e
OWNER=mastodon
REPO=mastodon
POSITIONAL=()
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
--owner)
OWNER="$2"
shift # past argument
shift # past value
;;
--repo)
REPO="$2"
shift # past argument
shift # past value
;;
--rev)
REVISION="$2"
shift # past argument
shift # past value
;;
--patches)
PATCHES="$2"
shift # past argument
shift # past value
;;
*) # unknown option
POSITIONAL+=("$1")
shift # past argument
;;
esac
done
if [[ -n "$POSITIONAL" ]]; then
echo "Usage: update.sh [--owner OWNER] [--repo REPO] [--rev REVISION] [--patches PATCHES]"
echo "OWNER and REPO must be paths on github."
echo "If OWNER and REPO are not provided, it defaults they default to mastodon and mastodon."
echo "PATCHES, if provided, should be one or more Nix expressions separated by spaces."
exit 1
fi
rm -f gemset.nix source.nix
cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1
WORK_DIR=$(mktemp -d)
# Check that working directory was created.
if [[ -z "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
echo "Could not create temporary directory"
exit 1
fi
# Delete the working directory on exit.
function cleanup {
# Report errors, if any, from nix-prefetch-git
grep "fatal" $WORK_DIR/nix-prefetch-git.out >/dev/stderr || true
rm -rf "$WORK_DIR"
}
trap cleanup EXIT
echo "Fetching source code $REVISION"
JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
HASH=$(echo "$JSON" | jq -r .sha256)
cat > source.nix << EOF
# This file was generated by pkgs.mastodon.updateScript.
{ fetchFromGitHub, applyPatches, patches ? [] }:
let
version = "$REVISION";
in
(
applyPatches {
src = fetchFromGitHub {
owner = "$OWNER";
repo = "$REPO";
rev = "\${version}";
sha256 = "$HASH";
};
patches = patches ++ [$PATCHES];
}) // {
inherit version;
yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
}
EOF
SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
echo "Creating gemset.nix"
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
echo "" >> gemset.nix # Create trailing newline to please EditorConfig checks
# echo "Creating yarn-hash.nix"
# YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")"
# YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
# sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix
sed -i -Ee "s|^( *yarnHash = )\".*\";|\\1\"\";|g;" ./source.nix

39
common/pkgs/mastodon/yarn.nix Normal file
View File

@ -0,0 +1,39 @@
{ stdenvNoCC, yarn-berry, cacert, src, hash }:
stdenvNoCC.mkDerivation {
pname = "yarn-deps";
version = hash;
nativeBuildInputs = [ yarn-berry cacert ];
inherit src;
dontInstall = true;
NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
mkdir -p $out
export HOME=$(mktemp -d)
echo $HOME
export YARN_ENABLE_TELEMETRY=0
export YARN_COMPRESSION_LEVEL=0
cache="$(yarn config get cacheFolder)"
if ! yarn install --immutable --mode skip-build; then
cp yarn.lock yarn.lock.bak
yarn install --mode skip-build
diff -u yarn.lock.bak yarn.lock
echo "yarn build failed! diff generated as yarn.lock.diff"
pwd
exit 1
fi
cp -r $cache/* $out/
'';
outputHashAlgo = "sha256";
outputHash = hash;
outputHashMode = "recursive";
}

21
common/pkgs/mc-status-bot.nix Normal file
View File

@ -0,0 +1,21 @@
{ pkgs }:
with pkgs;
stdenv.mkDerivation rec {
pname = "mc-status-bot";
version = "0.1.0";
src = fetchgit {
url = "https://git.lain.faith/sorceress/e8-status-bot.git";
rev = "c35abf0aba0ca524bc1d3dab9576b41e2b319138";
hash = "sha256-sK0Azd/3ymk5Jsj/GYmNJvYh9fMXFozTuWZhKnYTGbs=";
};
buildInputs = [ curl jq ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp run.sh $out/bin/mc-status-bot.sh
wrapProgram $out/bin/mc-status-bot.sh \
--prefix PATH : ${lib.makeBinPath buildInputs}
'';
}

58
common/pkgs/vampysite.nix
View File

@ -1,58 +0,0 @@
{ pkgs, lib, ... }:
let
version = "10768ce069f5c08e8e4393c494f0c6900922170c";
repo = pkgs.fetchgit {
url = "https://git.lain.faith/sorceress/vampysite.git";
rev = version;
sha256 = "1lniwqyhj6r3pwwd4qp01yhfxjbwclw5dn58dgf4kk45f9qgniy3";
};
patched_pkgs = import (builtins.fetchTarball
"https://github.com/AgathaSorceress/nixpkgs/tarball/image-optim-pack-cleanup") {
inherit (pkgs) config;
};
jekyll_env = patched_pkgs.bundlerEnv {
name = "jekyll_env";
inherit (pkgs) ruby;
gemdir = "${repo}/.";
};
image_optim_deps = with pkgs; [
pngout
advancecomp
optipng
pngquant
jhead
jpegoptim
jpeg-archive
libjpeg
];
in pkgs.stdenv.mkDerivation {
inherit version;
name = "vampysite";
src = repo;
buildInputs = with pkgs; [
jekyll_env
# nokogiri dependencies
zlib
libiconv
libxml2
libxslt
# jekyll wants a JS runtime
nodejs-slim
];
buildPhase = ''
export PATH="${lib.escapeShellArg (lib.makeBinPath image_optim_deps)}":$PATH
bundle exec jekyll build
'';
installPhase = ''
mkdir -p $out
cp -r _site/* $out/
'';
}

17
common/remote-builds.nix Normal file
View File

@ -0,0 +1,17 @@
{
nix.distributedBuilds = true;
nix.buildMachines = [
{
hostName = "tears";
systems = [
"x86_64-linux"
"i686-linux"
];
supportedFeatures = [ "big-parallel" ];
maxJobs = 4;
sshUser = "root";
sshKey = "/Users/agatha/Projects/nix-infra/secrets/id_ed25519-nix-builder";
}
];
}

9
common/users/default.nix
View File

@ -1,9 +1,14 @@
{ config, pkgs, ... }: {
{ config, pkgs, ... }:
{
users.users = {
agatha = {
isNormalUser = true;
description = "Agatha Valentine Lovelace";
extraGroups = [ "networkmanager" "wheel" "docker" ];
extraGroups = [
"networkmanager"
"wheel"
"docker"
];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [

13
common/users/julia.nix
View File

@ -1,13 +0,0 @@
{ config, pkgs, ... }: {
users.users = {
julia = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIa/G3M13aVJpOIX8U/5duiGiNNGmM88/0k0+o0EUGRI cardno:20 876 680"
];
};
};
}

BIN
external/6.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.7 MiB

247
external/paramount-dark.tmTheme vendored Normal file
View File

@ -0,0 +1,247 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- Color Theme paramount-dark, created by Oskar Wickström .
Created with ThemeCreator, https://github.com/mswift42/themecreator -->
<plist version="1.0">
<dict>
<key>author</key>
<string> Oskar Wickström</string>
<key>name</key>
<string>paramount-dark</string>
<key>settings</key>
<array>
<dict>
<key>settings</key>
<dict>
<key>background</key>
<string>#000000</string>
<key>caret</key>
<string>#292929</string>
<key>foreground</key>
<string>#C6C6C6</string>
<key>invisibles</key>
<string>#292929</string>
<key>lineHighlight</key>
<string>#141414</string>
<key>selection</key>
<string>#292929</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Comment</string>
<key>scope</key>
<string>comment</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#4E4E4E</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Foreground</string>
<key>scope</key>
<string>keyword.operator.class, constant.other, source.php.embedded.line</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a6a6a6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Variable, String Link, Regular Expression, Tag Name, GitGutter deleted</string>
<key>scope</key>
<string>variable, support.other.variable, string.other.link, string.regexp, entity.name.tag, entity.other.attribute-name, meta.tag, declaration.tag, markup.deleted.git_gutter</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Number, Constant, Function Argument, Tag Attribute, Embedded</string>
<key>scope</key>
<string>constant.numeric, constant.language, support.constant, constant.character, variable.parameter, punctuation.section.embedded, keyword.other.unit</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a790d5</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Class, Support</string>
<key>scope</key>
<string>entity.name.class, entity.name.type.class, support.type, support.class</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>String, Symbols, Inherited Class, Markup Heading, GitGutter inserted</string>
<key>scope</key>
<string>string, constant.other.symbol, entity.other.inherited-class, entity.name.filename, markup.heading, markup.inserted.git_gutter</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a790d5</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Operator, Misc</string>
<key>scope</key>
<string>keyword.operator, constant.other.color</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Function, Special Method, Block Level, GitGutter changed</string>
<key>scope</key>
<string>entity.name.function, meta.function-call, support.function, keyword.other.special-method, meta.block-level, markup.changed.git_gutter</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Keyword, Storage</string>
<key>scope</key>
<string>keyword, storage, storage.type</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string>bold</string>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Invalid</string>
<key>scope</key>
<string>invalid</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#E32791</string>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Separator</string>
<key>scope</key>
<string>meta.separator</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Deprecated</string>
<key>scope</key>
<string>invalid.deprecated</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#a790d5</string>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#000000</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff foreground</string>
<key>scope</key>
<string>markup.inserted.diff, markup.deleted.diff, meta.diff.header.to-file, meta.diff.header.from-file</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#fafafa</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff insertion</string>
<key>scope</key>
<string>markup.inserted.diff, meta.diff.header.to-file</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#123d0f</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff deletion</string>
<key>scope</key>
<string>markup.deleted.diff, meta.diff.header.from-file</string>
<key>settings</key>
<dict>
<key>background</key>
<string></string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff header</string>
<key>scope</key>
<string>meta.diff.header.from-file, meta.diff.header.to-file</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string></string>
<key>background</key>
<string></string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff range</string>
<key>scope</key>
<string>meta.diff.range</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string>italic</string>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
</array>
<key>uuid</key>
<string></string>
<key>colorSpaceName</key>
<string>sRGB</string>
</dict>
</plist>

760
flake.lock
View File

@ -1,94 +1,81 @@
{
"nodes": {
"crane": {
"flake": false,
"ccase": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils"
},
"locked": {
"lastModified": 1670900067,
"narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=",
"owner": "ipetkov",
"repo": "crane",
"rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b",
"lastModified": 1692717252,
"narHash": "sha256-TQJkvANms/5Mzh1J4qsEYOrlML17dVv7MYEoN4Z/gm0=",
"owner": "rutrum",
"repo": "ccase",
"rev": "7ca56557d0cc69641e0d0c5ae9370c48f4cce09d",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"owner": "rutrum",
"repo": "ccase",
"type": "github"
}
},
"dream2nix": {
"colmena": {
"inputs": {
"alejandra": [
"helix",
"nci"
],
"all-cabal-json": [
"helix",
"nci"
],
"crane": "crane",
"devshell": [
"helix",
"nci"
],
"flake-parts": [
"helix",
"nci",
"parts"
],
"flake-utils-pre-commit": [
"helix",
"nci"
],
"ghc-utils": [
"helix",
"nci"
],
"gomod2nix": [
"helix",
"nci"
],
"mach-nix": [
"helix",
"nci"
],
"nix-pypi-fetcher": [
"helix",
"nci"
],
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"helix",
"nci",
"nixpkgs"
"nixpkgs-unstable"
],
"poetry2nix": [
"helix",
"nci"
],
"pre-commit-hooks": [
"helix",
"nci"
],
"pruned-racket-catalog": [
"helix",
"nci"
]
"stable": "stable"
},
"locked": {
"lastModified": 1677289985,
"narHash": "sha256-lUp06cTTlWubeBGMZqPl9jODM99LpWMcwxRiscFAUJg=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "28b973a8d4c30cc1cbb3377ea2023a76bc3fb889",
"lastModified": 1685370160,
"narHash": "sha256-7EAZtvHZBN4CFbUWznQicGL/g2+A/9w5JUl88xWmxkI=",
"owner": "AgathaSorceress",
"repo": "colmena",
"rev": "f279530ba0ca33f30fc3ae386ae5487e8d926460",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "dream2nix",
"owner": "AgathaSorceress",
"repo": "colmena",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1727974419,
"narHash": "sha256-WD0//20h+2/yPGkO88d2nYbb23WMWYvnRyDQ9Dx4UHg=",
"owner": "ipetkov",
"repo": "crane",
"rev": "37e4f9f0976cb9281cd3f0c70081e5e0ecaee93f",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@ -120,6 +107,42 @@
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -134,19 +157,58 @@
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"frq-friend": {
"inputs": {
"naersk": "naersk",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_2"
},
"locked": {
"lastModified": 1704635792,
"narHash": "sha256-18cwml0k6g7wWkPlFtORFt/eVf6vxu/g2fEr8LrEQIE=",
"ref": "refs/heads/main",
"rev": "fa324fbf2651f33f1d3557c058f5fbf8e985e624",
"revCount": 6,
"type": "git",
"url": "https://git.xenua.me/xenua/fedi-frq-friend"
},
"original": {
"type": "git",
"url": "https://git.xenua.me/xenua/fedi-frq-friend"
}
},
"helix": {
"inputs": {
"nci": "nci",
"nixpkgs": "nixpkgs",
"parts": "parts_2",
"crane": "crane",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs-unstable"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1678284394,
"narHash": "sha256-oEXCoNxfEmxqGuYxW7cLwINW70jeRrYqgOC40G1WBr8=",
"lastModified": 1732579614,
"narHash": "sha256-LREXerN4a4DHG38a2KZPum7E/OKNhYgrBtU6AsD5SnQ=",
"owner": "helix-editor",
"repo": "helix",
"rev": "34be71fb50738a7e9d9e5ee5090680a0d84a321c",
"rev": "80709cee610f1758af1e62d53bde2eb8aa706a0c",
"type": "github"
},
"original": {
@ -159,23 +221,58 @@
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
]
},
"locked": {
"lastModified": 1678271387,
"narHash": "sha256-H2dv/i1LRlunRtrESirELzfPWdlG/6ElDB1ksO529H4=",
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "36999b8d19eb6eebb41983ef017d7e0095316af2",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1723503926,
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_3",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1723510904,
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
}
},
"lowdown-src": {
"flake": false,
"locked": {
@ -192,26 +289,32 @@
"type": "github"
}
},
"mk-naked-shell": {
"flake": false,
"matrix-ril100": {
"inputs": {
"naersk": "naersk_2",
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils_3"
},
"locked": {
"lastModified": 1676572903,
"narHash": "sha256-oQoDHHUTxNVSURfkFcYLuAK+btjs30T4rbEUtCUyKy8=",
"owner": "yusdacra",
"repo": "mk-naked-shell",
"rev": "aeca9f8aa592f5e8f71f407d081cb26fd30c5a57",
"type": "github"
"lastModified": 1688054487,
"narHash": "sha256-KHNG+9lWqsWVA1Xqkb2BJDKuRlrNV8q2CmQLk7vzuH8=",
"ref": "refs/heads/mistress",
"rev": "fd949bede48ee1283e6917018090b2a3fb50db79",
"revCount": 2,
"type": "git",
"url": "https://git.lain.faith/sorceress/matrix-ril100"
},
"original": {
"owner": "yusdacra",
"repo": "mk-naked-shell",
"type": "github"
"type": "git",
"url": "https://git.lain.faith/sorceress/matrix-ril100"
}
},
"mms": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_4",
"nix": "nix",
"nixpkgs": [
"nixpkgs"
@ -231,38 +334,70 @@
"type": "github"
}
},
"nci": {
"naersk": {
"inputs": {
"dream2nix": "dream2nix",
"mk-naked-shell": "mk-naked-shell",
"nixpkgs": [
"helix",
"nixpkgs"
],
"parts": "parts",
"rust-overlay": [
"helix",
"rust-overlay"
]
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1677297103,
"narHash": "sha256-ArlJIbp9NGV9yvhZdV0SOUFfRlI/kHeKoCk30NbSiLc=",
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"rev": "a79272a2cb0942392bb3a5bf9a3ec6bc568795b2",
"lastModified": 1679567394,
"narHash": "sha256-ZvLuzPeARDLiQUt6zSZFGOs+HZmE+3g4QURc8mkBsfM=",
"owner": "nix-community",
"repo": "naersk",
"rev": "88cd22380154a2c36799fe8098888f0f59861a15",
"type": "github"
},
"original": {
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"owner": "nix-community",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"naersk_2": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1687852486,
"narHash": "sha256-2rXkhKUVQxbVaC+TITPpILiy/dSbordOLs87eoWHYxA=",
"owner": "nix-community",
"repo": "naersk",
"rev": "df10963b956962913b693a638746a95d6c506404",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"naersk_3": {
"inputs": {
"nixpkgs": [
"url-eater",
"nixpkgs"
]
},
"locked": {
"lastModified": 1698420672,
"narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=",
"owner": "nix-community",
"repo": "naersk",
"rev": "aeb58d5e8faead8980a807c840232697982d47b9",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
@ -279,36 +414,52 @@
"type": "github"
}
},
"nixpkgs": {
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
]
},
"locked": {
"lastModified": 1677063315,
"narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "988cc958c57ce4350ec248d2d53087777f9e1949",
"lastModified": 1732420287,
"narHash": "sha256-CzvYF4x6jUh/+NEEIFrIY5t1W/N3IA2bNZJiMXu9GTo=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "3c52583b99666a349a6219dc1f0dd07d75c82d6a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixpkgs-lib": {
"nixpkgs": {
"locked": {
"dir": "lib",
"lastModified": 1675183161,
"narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
"lastModified": 1681272286,
"narHash": "sha256-9X5p+gwYrowgbsRgkf14HFI0fkr6UikuwRIQAMlF1yI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
"rev": "6b70761ea8c896aff8994eb367d9526686501860",
"type": "github"
},
"original": {
"dir": "lib",
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1730891215,
"narHash": "sha256-i85DPrhDuvzgvIWCpJlbfM2UFtNYbapo20MtQXsvay4=",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"rev": "c128e44a249d6180740d0a979b6480d5b795c013",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-24.05-darwin",
"repo": "nixpkgs",
"type": "github"
}
@ -329,7 +480,37 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1732238832,
"narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1687946342,
"narHash": "sha256-vRxti8pOuXS0rJmqjbD8ueEEFXWSK22ISHoCWkhgzzg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1c851e8c92b76a00ce84167984a7ec7ba2b1f29c",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1657693803,
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
@ -345,83 +526,69 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1678137616,
"narHash": "sha256-T+lWTRdcYaOnZQW+Ehdlg+YldC2l9cq2GXJFPq22Nxc=",
"lastModified": 1731797254,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7edcdf7b169c33cd3eef9aba50521ce93ee666b8",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"parts": {
"inputs": {
"nixpkgs-lib": [
"helix",
"nci",
"nixpkgs"
]
},
"locked": {
"lastModified": 1675933616,
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"nixpkgs_5": {
"locked": {
"lastModified": 1675933616,
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
"lastModified": 1682092588,
"narHash": "sha256-NjKBPnScpbGiH/YOx74DIFOVkr5AKJOVZoy0l7J58gk=",
"owner": "AgathaSorceress",
"repo": "nixpkgs",
"rev": "bdd3dc5aa8435b66f14636550223a9b3a50e534d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"owner": "AgathaSorceress",
"ref": "image-optim-pack-cleanup",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"ccase": "ccase",
"colmena": "colmena",
"frq-friend": "frq-friend",
"helix": "helix",
"home-manager": "home-manager",
"lix-module": "lix-module",
"matrix-ril100": "matrix-ril100",
"mms": "mms",
"nixpkgs": "nixpkgs_3"
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_4",
"nixpkgs-darwin": "nixpkgs-darwin",
"nixpkgs-unstable": "nixpkgs-unstable",
"url-eater": "url-eater",
"vampysite": "vampysite"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"helix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1677292251,
"narHash": "sha256-D+6q5Z2MQn3UFJtqsM5/AvVHi3NXKZTIMZt1JGq/spA=",
"lastModified": 1728268235,
"narHash": "sha256-lJMFnMO4maJuNO6PQ5fZesrTmglze3UFTTBuKGwR1Nw=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "34cdbf6ad480ce13a6a526f57d8b9e609f3d65dc",
"rev": "25685cc2c7054efc31351c172ae77b21814f2d42",
"type": "github"
},
"original": {
@ -430,13 +597,159 @@
"type": "github"
}
},
"utils": {
"stable": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"lastModified": 1669735802,
"narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "731cc710aeebecbf45a258e977e8b68350549522",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"url-eater": {
"inputs": {
"naersk": "naersk_3",
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils_4"
},
"locked": {
"lastModified": 1710529176,
"narHash": "sha256-TuDrnw1USxWsGQMQuX50D69A3Z555vC0Q0knYcd/qGE=",
"owner": "AgathaSorceress",
"repo": "url-eater",
"rev": "21be820dcd6fa5c91e9a46fb8c72f13db631ed54",
"type": "github"
},
"original": {
"owner": "AgathaSorceress",
"repo": "url-eater",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
@ -444,6 +757,97 @@
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_3": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_4": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_5": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"vampysite": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"utils": "utils_5"
},
"locked": {
"lastModified": 1717180338,
"narHash": "sha256-g2ZNMpqJ4IARjXY8FX4UUfF4p9Unc01w8RzFYEONXlE=",
"ref": "refs/heads/mistress",
"rev": "1adcc3630a6c626f61dac989fffd661dbb4946ef",
"revCount": 21,
"type": "git",
"url": "https://git.lain.faith/sorceress/vampysite"
},
"original": {
"type": "git",
"url": "https://git.lain.faith/sorceress/vampysite"
}
}
},
"root": "root",

302
flake.nix
View File

@ -1,73 +1,289 @@
{
inputs = {
nixpkgs.url = "nixpkgs/nixos-22.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-24.05-darwin";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
vampysite.url = "git+https://git.lain.faith/sorceress/vampysite";
home-manager = {
url = "github:nix-community/home-manager";
url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-darwin = {
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
mms = {
url = "github:mkaito/nixos-modded-minecraft-servers";
inputs.nixpkgs.follows = "nixpkgs";
};
helix.url = "github:helix-editor/helix";
};
outputs = { nixpkgs, home-manager, mms, helix, ... }: {
url-eater = {
url = "github:AgathaSorceress/url-eater";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
matrix-ril100 = {
url = "git+https://git.lain.faith/sorceress/matrix-ril100";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# Latest colmena + prettier loading icons
colmena = {
network = {
description = "Agatha's Nix Infra";
url = "github:AgathaSorceress/colmena";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nixpkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [
(final: prev: { helix = helix.packages.${final.system}.default; })
];
frq-friend = {
url = "git+https://git.xenua.me/xenua/fedi-frq-friend";
inputs.nixpkgs.follows = "nixpkgs";
};
helix = {
url = "github:helix-editor/helix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
ccase = {
url = "github:rutrum/ccase";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
outputs =
{
nixpkgs,
nixpkgs-unstable,
nixpkgs-darwin,
lix-module,
home-manager,
nix-darwin,
mms,
helix,
url-eater,
matrix-ril100,
frq-friend,
colmena,
vampysite,
ccase,
...
}:
let
mkOverlays = system: config: [
(final: prev: {
helix =
let
helix-pkgs = helix.packages.${final.system};
in
helix-pkgs.helix.passthru.wrapper (
helix-pkgs.helix-unwrapped.overrideAttrs {
preInstall = ''
substituteInPlace contrib/Helix.desktop \
--replace "Exec=hx %F" "Exec=kitty hx %F" \
--replace "Terminal=true" "Terminal=false"
'';
}
);
frq-friend = frq-friend.packages.${final.system}.default;
vampysite = vampysite.packages.${final.system}.default;
matrix-ril100 = matrix-ril100.packages.${final.system}.default;
ccase = ccase.packages.${final.system}.default;
# Unstable packages
unstable = import nixpkgs-unstable { inherit system config; };
})
colmena.overlay
lix-module.overlays.default
];
in
{
colmena = {
network = {
description = "Agatha's Nix Infra";
nixpkgs = import nixpkgs rec {
system = "x86_64-linux";
config.allowUnfree = true;
overlays = mkOverlays system config;
};
};
};
bloodletting = {
imports = [
./common
./hosts/bloodletting/configuration.nix
(import "${home-manager}/nixos")
mms.module
];
bloodletting = {
imports = [
./common
./common/linux-specific.nix
./hosts/bloodletting/configuration.nix
(import "${home-manager}/nixos")
mms.module
];
deployment = {
targetUser = "root";
targetHost = "bloodletting";
deployment = {
targetUser = "root";
targetHost = "technogothic.net";
tags = [ "prod" ];
tags = [ "prod" ];
keys = {
"nyandroid-token" = {
keyCommand = [ "cat" "./secrets/nyandroid-token" ];
destDir = "/var/lib/secrets/";
keys = {
"nyandroid-token" = {
keyCommand = [
"cat"
"./secrets/nyandroid-token"
];
destDir = "/var/lib/secrets/";
};
"hurricane-tokens" = {
keyCommand = [
"cat"
"./secrets/hurricane-tokens"
];
destDir = "/var/lib/secrets/";
};
"mc-status-bot-env" = {
keyCommand = [
"cat"
"./secrets/mc-status-bot-env"
];
destDir = "/var/lib/secrets";
};
"fedi-data.toml" = {
keyCommand = [
"cat"
"./secrets/frq-friend-fedi-data.toml"
];
destDir = "/var/lib/frq-friend";
};
"ril100-bot-secrets" = {
keyCommand = [
"cat"
"./secrets/ril100-bot-secrets"
];
destDir = "/var/lib/matrix-ril100";
name = ".env";
};
};
"rfc2136-technogothic-net" = {
keyCommand = [ "cat" "./secrets/rfc2136-technogothic-net" ];
destDir = "/var/lib/secrets/";
};
};
watchtower = {
imports = [
./common
./common/linux-specific.nix
./hosts/watchtower/configuration.nix
(import "${home-manager}/nixos")
];
deployment = {
targetUser = "root";
targetHost = "watchtower";
tags = [ "prod" ];
keys = {
"hetzner-env" = {
keyCommand = [
"cat"
"./secrets/hetzner-env"
];
destDir = "/var/lib/secrets/";
};
"gocryptfs-pass" = {
keyCommand = [
"cat"
"./secrets/gocryptfs-pass"
];
destDir = "/var/lib/secrets/";
};
};
};
};
tears = {
imports = [
./common
./common/linux-specific.nix
./hosts/tears/configuration.nix
./common/options.nix
(import "${home-manager}/nixos")
url-eater.nixosModules.default
];
deployment = {
targetUser = "root";
targetHost = "tears";
tags = [ "home" ];
allowLocalDeployment = true;
keys = {
"restic-password" = {
keyCommand = [
"cat"
"./secrets/restic-password"
];
destDir = "/var/lib/secrets/";
};
"restic-env" = {
keyCommand = [
"cat"
"./secrets/restic-env"
];
destDir = "/var/lib/secrets/";
};
};
};
};
};
ritual = {
imports = [
darwinConfigurations."Agathas-Mac-mini" = nix-darwin.lib.darwinSystem {
pkgs = import nixpkgs-darwin rec {
system = "aarch64-darwin";
config.allowUnfree = true;
overlays = mkOverlays system config;
};
modules = [
./common
./hosts/Agathas-Mac-mini/configuration.nix
(import "${home-manager}/nix-darwin")
];
};
darwinConfigurations."ritual" = nix-darwin.lib.darwinSystem {
pkgs = import nixpkgs-darwin rec {
system = "x86_64-darwin";
config.allowUnfree = true;
overlays = mkOverlays system config;
};
modules = [
./common
./hosts/ritual/configuration.nix
(import "${home-manager}/nixos")
(import "${home-manager}/nix-darwin")
];
deployment = {
targetUser = "root";
targetHost = "ritual";
allowLocalDeployment = true;
};
};
devShells =
let
patchedColmena =
system:
let
pkgs = import nixpkgs { inherit system; };
in
pkgs.mkShell {
buildInputs = [
(pkgs.writeShellScriptBin "colmena" ''
${colmena.defaultPackage.${pkgs.system}}/bin/colmena --disable-emoji $@
'')
];
};
in
{
"x86_64-linux".default = patchedColmena "x86_64-linux";
"aarch64-darwin".default = patchedColmena "aarch64-darwin";
"x86_64-darwin".default = patchedColmena "x86_64-darwin";
};
};
};
}

7
hosts/Agathas-Mac-mini/configuration.nix Normal file
View File

@ -0,0 +1,7 @@
{
imports = [ ../../common/fragments/graphical/darwin.nix ];
nixpkgs.hostPlatform = "aarch64-darwin";
system.stateVersion = 1;
}

208
hosts/bloodletting/configuration.nix
View File

@ -1,16 +1,28 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
lib,
...
}:
{
imports = [
./hardware-configuration.nix
../../common/users/julia.nix
../../common/fragments/bin.nix
../../common/fragments/fail2ban.nix
../../common/fragments/frq-friend.nix
../../common/fragments/grafana.nix
../../common/fragments/homepage.nix
../../common/fragments/headscale.nix
../../common/fragments/hedgedoc.nix
../../common/fragments/mastodon-ebooks.nix
../../common/fragments/mastodon.nix
../../common/fragments/matrix-ril100.nix
../../common/fragments/matterbridge.nix
../../common/fragments/mc-status-bot.nix
../../common/fragments/minecraft.nix
../../common/fragments/nyandroid.nix
../../common/fragments/postgres.nix
../../common/fragments/prometheus_exporters.nix
../../common/fragments/prosody.nix
../../common/fragments/vsftpd.nix
../../common/home_manager/common.nix
];
@ -18,7 +30,7 @@
nixpkgs.overlays = [
(final: prev: {
bin = final.callPackage ../../common/pkgs/bin.nix { };
vampysite = final.callPackage ../../common/pkgs/vampysite.nix { };
agatha-mastodon = final.callPackage ../../common/pkgs/mastodon/default.nix { };
})
];
@ -32,41 +44,58 @@
# Enable networking
networking.networkmanager.enable = true;
networking.interfaces.ens19.ipv4.addresses = [{
address = "185.138.143.227";
prefixLength = 29;
}];
networking.interfaces.ens20 = {
ipv4.addresses = [
{
address = "91.198.192.199";
prefixLength = 27;
}
];
networking.defaultGateway = {
address = "185.138.143.225";
interface = "ens19";
ipv6.addresses = [
{
address = "2001:67c:b54:1::6";
prefixLength = 64;
}
];
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
passwordAuthentication = false;
networking.defaultGateway = {
address = "91.198.192.193";
interface = "ens20";
};
networking.defaultGateway6 = {
address = "2001:67c:b54:1::1";
interface = "ens20";
};
# Open ports in the firewall.
networking.firewall = {
allowedTCPPorts = [ 20 21 22 80 443 990 ];
allowedTCPPortRanges = [{
from = 40000;
to = 40200;
}];
allowedTCPPorts = [
20
21
22
80
443
990
];
allowedTCPPortRanges = [
{
from = 40000;
to = 40200;
}
];
trustedInterfaces = [ "podman0" ];
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.dnsname.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = { backend = "podman"; };
oci-containers.backend = "podman";
};
# SSL/TLS Certificates
@ -75,13 +104,20 @@
security.acme.certs."technogothic.net" = {
domain = "*.technogothic.net";
extraDomainNames = [ "technogothic.net" ];
dnsProvider = "rfc2136";
credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net";
extraDomainNames = [
"technogothic.net"
"*.argent.technogothic.net"
];
dnsProvider = "hurricane";
credentialsFile = "/var/lib/secrets/hurricane-tokens";
group = "nginx";
};
security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ];
security.acme.defaults.reloadServices = [
"nginx"
"vsftpd"
"prosody"
];
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
# Nginx
@ -96,6 +132,22 @@
recommendedProxySettings = true;
recommendedTlsSettings = true;
upstreams = {
"backend-mastodon-streaming" = {
servers = builtins.listToAttrs (
map (i: {
name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
value = {
fail_timeout = "0";
};
}) (lib.range 1 config.services.mastodon.streamingProcesses)
);
extraConfig = ''
least_conn;
'';
};
};
virtualHosts."technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
@ -103,7 +155,22 @@
serverAliases = [ "agatha.technogothic.net" ];
locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; };
locations."=/cv.pdf" = {
alias = "/home/ftp/cv.pdf";
};
locations."=/.well-known/host-meta" = {
return = "301 https://fv.technogothic.net$request_uri";
};
locations."=/.well-known/webfinger" = {
return = "301 https://fv.technogothic.net$request_uri";
extraConfig = ''
add_header Access-Control-Allow-Origin '*';
'';
};
locations."=/5idbsp9q8d.txt".return = "200 uwu";
extraConfig = ''
error_page 404 /404.html;
@ -126,16 +193,6 @@
};
};
virtualHosts."home.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
};
};
virtualHosts."thermalpaste.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
@ -143,6 +200,7 @@
locations."/" = {
proxyPass = "http://localhost:6162";
proxyWebsockets = true;
extraConfig = "client_max_body_size ${toString config.services.bin.textUploadLimit}M;";
};
};
@ -152,7 +210,74 @@
root = "/home/ftp";
locations."/" = { extraConfig = "autoindex on;"; };
locations."/" = {
extraConfig = "autoindex on;";
};
};
virtualHosts."fv.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
root = "${config.services.mastodon.package}/public/";
locations."/system/".alias = "/var/lib/mastodon/public-system/";
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."@proxy" = {
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
};
locations."^~ /api/v1/streaming/" = {
proxyPass = "http://backend-mastodon-streaming/";
proxyWebsockets = true;
priority = 2300;
extraConfig = ''
proxy_buffering off;
proxy_redirect off;
tcp_nodelay on;
'';
};
extraConfig = "client_max_body_size 64M;";
};
virtualHosts."hedgedoc.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/".proxyPass = "http://localhost:3000";
locations."/socket.io/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
};
virtualHosts."hs.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
virtualHosts."carvideo.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
serverAliases = [ "agatha.technogothic.net" ];
locations."/" = {
return = "301 https://ftp.technogothic.net/car_video.mp4";
};
};
};
@ -164,4 +289,3 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

51
hosts/ritual/configuration.nix
View File

@ -1,50 +1,7 @@
{ config, pkgs, ... }: {
imports = [
./hardware-configuration.nix
../../common/fragments/graphical
../../common/fragments/yubikey.nix
../../common/home_manager/common.nix
];
{
imports = [ ../../common/fragments/graphical/darwin.nix ];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
nixpkgs.hostPlatform = "x86_64-darwin";
boot.loader.systemd-boot.configurationLimit = 5;
# Setup keyfile
boot.initrd.secrets = { "/crypto_keyfile.bin" = null; };
networking.hostName = "ritual";
# Enable networking
networking.networkmanager.enable = true;
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
passwordAuthentication = false;
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.dnsname.enable = true;
};
oci-containers = { backend = "podman"; };
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
system.stateVersion = 1;
}

47
hosts/ritual/hardware-configuration.nix
View File

@ -1,16 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelModules = [
"kvm-intel"
"wl"
];
boot.extraModulePackages = with config.boot.kernelPackages; [ broadcom_sta ];
boot.initrd.systemd = {
enable = true;
emergencyAccess = "$2b$05$eOIXFST5/9G6vAFIZDLGfuJV7CV1B26YmRMAFRstyRHwvBNFSN6Im";
};
boot.supportedFilesystems = [ "ntfs" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/6d51e9df-99f3-4eb3-b2da-a1c9b7e405df";
@ -18,22 +38,18 @@
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."luks-8807caf4-ae17-4b39-93bd-ddfa1f994a47".device =
"/dev/disk/by-uuid/8807caf4-ae17-4b39-93bd-ddfa1f994a47";
boot.initrd.luks.devices."luks-8807caf4-ae17-4b39-93bd-ddfa1f994a47".device = "/dev/disk/by-uuid/8807caf4-ae17-4b39-93bd-ddfa1f994a47";
# Enable swap on luks
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".device =
"/dev/disk/by-uuid/c503653d-47de-4914-9e41-d13d14a6cc22";
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".keyFile =
"/crypto_keyfile.bin";
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".device = "/dev/disk/by-uuid/c503653d-47de-4914-9e41-d13d14a6cc22";
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".keyFile = "/crypto_keyfile.bin";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/9A5C-CE17";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/e20a4e05-44a6-4895-84ef-e3d176931b25"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/e20a4e05-44a6-4895-84ef-e3d176931b25"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -43,8 +59,9 @@
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
# environment.systemPackages = with pkgs; [ b43Firmware_5_1_138 ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

48
hosts/tears/configuration.nix Normal file
View File

@ -0,0 +1,48 @@
{
imports = [
./hardware-configuration.nix
../../common/fragments/graphical
../../common/fragments/virt.nix
../../common/home_manager/common.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.consoleMode = "max";
boot.loader.systemd-boot.configurationLimit = 3;
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
networking.hostName = "tears";
# Enable networking
networking.networkmanager.enable = true;
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers.backend = "podman";
};
# Needed for remote builds
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGCsAQfMx1X+8HEa88x+l3KdJPFAzXg0vL0l/pm56/ZR nix-builder"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

93
hosts/tears/hardware-configuration.nix Normal file
View File

@ -0,0 +1,93 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "thunderbolt" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.systemd = {
enable = true;
emergencyAccess =
"$2b$05$eOIXFST5/9G6vAFIZDLGfuJV7CV1B26YmRMAFRstyRHwvBNFSN6Im";
};
boot.supportedFilesystems = [ "ntfs" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eb110ab2-7883-4e24-84f8-2a3983059cf3";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."luks-d79d75f3-5560-427a-b79d-78a6cabbcb88".device =
"/dev/disk/by-uuid/d79d75f3-5560-427a-b79d-78a6cabbcb88";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B520-5020";
fsType = "vfat";
};
boot.initrd.luks.devices.awoobackups.device =
"/dev/disk/by-uuid/08fb0554-9599-4085-bd13-285b634c5de5";
fileSystems."/mnt/hdd" = {
device = "/dev/mapper/awoobackups";
fsType = "btrfs";
};
swapDevices = [{
device = "/var/lib/swapfile";
size = 8 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = {
enable = true;
driSupport32Bit = true;
};
# Creating separate mono sources for Tascam US-4x4HR
services.pipewire.extraConfig.pipewire."91-us-4x4hr" = {
"context.modules" = let
name = "US-4x4HR";
target = "alsa_input.usb-TASCAM_US-4x4HR_no_serial_number-00.pro-input-0";
input = ch: {
"name" = "libpipewire-module-loopback";
"args" = {
"node.description" = "${name} Input ${toString ch} Mono";
"capture.props" = {
"node.name" = "capture.${name}_ch${toString ch}";
"audio.position" = [ "AUX${toString ch}" ];
"stream.dont-remix" = true;
"target.object" = target;
"node.passive" = true;
};
"playback.props" = {
"node.name" = "${name}_ch${toString ch}";
"media.class" = "Audio/Source";
"audio.position" = [ "MONO" ];
};
};
};
in [ (input 0) (input 1) (input 2) (input 3) ];
};
}

48
hosts/watchtower/configuration.nix Normal file
View File

@ -0,0 +1,48 @@
{
imports = [
./hardware-configuration.nix
../../common/home_manager/common.nix
../../common/fragments/bittorrent
../../common/fragments/home-assistant.nix
../../common/fragments/sponsorblock.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices."luks-081780bd-f005-4394-bbf2-3e5d9aab3c7d".device = "/dev/disk/by-uuid/081780bd-f005-4394-bbf2-3e5d9aab3c7d";
networking.hostName = "watchtower";
# Enable networking
networking.networkmanager.enable = true;
systemd.services.NetworkManager-wait-online.enable = false;
# Open ports in the firewall.
networking.firewall = {
allowedTCPPorts = [
22
80
443
];
trustedInterfaces = [ "podman0" ];
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers.backend = "podman";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}

40
hosts/watchtower/hardware-configuration.nix Normal file
View File

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eba0bc60-b96f-4b28-9447-f36209410ba3";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d".device =
"/dev/disk/by-uuid/9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D95C-66EE";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/8a64d656-8ba2-4c11-87bf-858e1ca3ec7e"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}