sorceress
/
nix-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sorceress:lappytappy
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes
..
compare: sorceress:mistress
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes

115 Commits
lappytappy ... mistress

Author SHA1 Message Date
Agatha Lovelace edc2ca5e95
farewell, frq-friend. you will be missed 2025-05-21 02:00:17 +02:00
Agatha Lovelace be1707a654
The Macbookening 2025-05-21 00:52:13 +02:00
Agatha Lovelace 14ab1b18ee
Cleanup / updates 2025-05-21 00:42:56 +02:00
Agatha Lovelace 376144b298
mastodont 2025-05-21 00:42:38 +02:00
Agatha Lovelace 7034c44fdb
Clean up torrent config 2025-05-21 00:41:37 +02:00
Agatha Lovelace 5245af2bbe
last 24.05 2024-12-22 15:40:39 +01:00
Agatha Lovelace efa8532935
ritual: Nix-darwin hackintosh init 2024-11-29 17:07:02 +01:00
Agatha Lovelace e60bbd7f41
car_video.mp4 2024-11-22 17:33:30 +01:00
Agatha Lovelace 957a138ef6
Set up Transmission + Jellyfin 2024-11-22 17:33:01 +01:00
Agatha Lovelace 6318113c76
Configure Windows VM 2024-11-22 17:31:21 +01:00
Agatha Lovelace b108f84b8b
Configure Headscale 2024-11-22 17:30:26 +01:00
Agatha Lovelace 9300a07f5b
Set up Nix build server 2024-11-22 17:28:12 +01:00
Agatha Lovelace d1d94f9c24
Configure EarlyOOM 2024-11-22 17:26:56 +01:00
Agatha Lovelace b30f9a4f46
Cleanup / reformat 2024-11-22 17:26:16 +01:00
Agatha Lovelace 0d1378aa0d
:c 2024-11-22 17:01:30 +01:00
Agatha Lovelace 518c89795b
Nix-darwin + Lix init 2024-09-05 19:55:42 +02:00
Agatha Lovelace 3ede14dc65
Init Watchtower 2024-09-05 19:31:28 +02:00
Agatha Lovelace 1a94f63496
The Mastodon Update Torment Nexus 2024-09-05 19:31:27 +02:00
Agatha Lovelace 63ec6c841c
Deploy Hedgedoc 2024-09-05 19:31:27 +02:00
Agatha Lovelace a1c618448b
NixOS 24.05 2024-09-05 19:31:27 +02:00
Agatha Lovelace 7c53de5379
Update Iosevka patches 2024-09-05 17:48:37 +02:00
Agatha Lovelace 6a83da0cc4
Update SSH hosts 2024-09-05 17:47:50 +02:00
Agatha Lovelace 92c94a283c
Spotify has been banished, never to be seen again 2024-06-21 14:15:32 +02:00
Agatha Lovelace 5d558c80f4
Update README 2024-05-22 02:11:27 +02:00
Agatha Lovelace 5c1a303d77
Add minecraft server status bot 2024-05-22 02:11:16 +02:00
Agatha Lovelace 9eca58e0a4
Migrate to Hurricane Electric DNS 2024-05-22 02:10:22 +02:00
Agatha Lovelace 735fe81b03
Misc tweaks 2024-05-22 02:08:36 +02:00
Agatha Lovelace f8db5d7e9a
XMPP setup 2024-05-22 02:06:22 +02:00
Agatha Lovelace 46b52f7aaf
Migrate to Protonmail 2024-05-22 02:03:39 +02:00
Agatha Lovelace efaa8c62a4
Remove unused homepage 2024-05-22 02:01:35 +02:00
Agatha Lovelace 01c61c7495
Properly add various tools from shell history 2024-03-12 22:27:36 +01:00
Agatha Lovelace dffabfdcaf
Configure SQLite 2024-02-26 19:09:33 +01:00
Agatha Lovelace 10f6f26629
Yet another mastodon security vulnerability 2024-02-26 19:08:26 +01:00
Agatha Lovelace 3e90c4f912
Update mastodon 2024-02-15 14:49:11 +01:00
Agatha Lovelace dae93e29c3
Change colorscheme on ritual 2024-02-15 14:48:39 +01:00
Agatha Lovelace ff11eaead4
Update mastodon to 4.3.0 
Yarn v2 hacks mostly stolen from d7eb0c761a
 2024-01-30 23:20:45 +01:00
Agatha Lovelace c0f6d1ea7e
Use zdiff3 in git 2024-01-30 23:17:16 +01:00
Agatha Lovelace 264896aba7
Update and cleanup 2024-01-30 23:16:56 +01:00
Agatha Lovelace c2a3667552
Use systemd initrd 2024-01-24 11:25:28 +01:00
Agatha Lovelace 4598d10b2e
Switch to new audio interface 2023-12-21 22:42:29 +01:00
Agatha Lovelace 3c4a6243a3
Configure clipcat; disable middle-click paste (ish) 2023-12-21 22:20:25 +01:00
Agatha Lovelace c60b412005
Shell config refactor 2023-12-17 21:08:04 +01:00
Agatha Lovelace 7cfb7d1f49
Remove font directory symlink (no longer needed) 2023-12-17 21:07:43 +01:00
Agatha Lovelace 75a127439e
Add various tools 2023-12-17 21:07:01 +01:00
Agatha Lovelace ace8da10b4
Refactor sshd config 2023-12-17 21:06:27 +01:00
Agatha Lovelace 8ece8f92e6
Update to NixOS 23.11 2023-12-17 21:05:44 +01:00
Agatha Lovelace 6e9f48d663
Add helvetica to installed fonts 2023-12-01 15:57:40 +01:00
Agatha Lovelace 3a3c58719e
Update ssh config 2023-12-01 15:56:09 +01:00
Agatha Lovelace aa40311313
Add git delta 2023-11-09 20:08:08 +01:00
Agatha Lovelace 5697a00b60
Update gtk theme 2023-11-09 20:07:58 +01:00
Agatha Lovelace 1cb1781b76
Remove restic package override 2023-11-09 20:07:44 +01:00
Agatha Lovelace 1babb57af0
Electron 24 is gone 🦀 2023-11-09 20:07:06 +01:00
Agatha Lovelace e08b57898a
Visual tweaks 2023-10-25 13:34:55 +02:00
Agatha Lovelace a9f551821f
Fix lockscreen 2023-10-22 16:07:34 +02:00
Agatha Lovelace c9a4e46f04
Paramount theme for pastebin 2023-10-22 13:15:24 +02:00
Agatha Lovelace 61c970c0bf
Enable syncthing on all graphical devices 2023-10-22 13:14:41 +02:00
Agatha Lovelace 5fc359128c
Fix lockscreen update script 2023-10-06 22:12:22 +02:00
Agatha Lovelace 883cc17050
Add restic 2023-10-04 14:58:29 +02:00
Agatha Lovelace abd6a31c90
Add syncthing 2023-10-04 14:57:52 +02:00
Agatha Lovelace 156ab1c904
Add per-host themes; Update lockscreen config; Refactor module structure 2023-10-04 14:56:46 +02:00
Agatha Lovelace 0d320cd733
Audio config refactor 2023-09-29 15:11:40 +02:00
Agatha Lovelace 6288e8414d
Add ccase and imagemagick 2023-09-29 15:04:31 +02:00
Agatha Lovelace 06bad193c3
Move text editor variable to editor config 2023-09-29 15:03:50 +02:00
Agatha Lovelace a95bfc857b
Update mastodon to v4.2.0 2023-09-25 16:24:06 +02:00
Agatha Lovelace 3d8effeb9d
Add rsync alias 2023-09-25 16:22:39 +02:00
Agatha Lovelace 58225b7574
Add desktop; various fixes 2023-09-17 18:57:46 +02:00
Agatha Lovelace 9ed706f2a1
Add desktop entry for work Element profile 2023-09-14 16:25:34 +02:00
Agatha Lovelace e253d5d0ac
Fix terminal build output for iosevka 2023-09-14 15:29:30 +02:00
Agatha Lovelace 818ae4fef1
Update bin 2023-09-14 15:29:08 +02:00
Agatha Lovelace 0734493273
Disable avahi daemon 2023-09-07 22:26:10 +02:00
Agatha Lovelace 4a520dfa0c
New uplink / ipv6 support 2023-08-14 14:05:13 +02:00
Agatha Lovelace c005b5b65c
Port fish config 2023-07-28 21:28:23 +02:00
Agatha Lovelace 276c08529a
Disable laptop sleep when lid closed and connected to power 2023-07-27 20:37:12 +02:00
Agatha Lovelace 6f1ac14852
Fix printer drivers; enable gpg agent forwarding 2023-07-27 20:15:18 +02:00
Agatha Lovelace 1c843a907f
Update mastodon 2023-07-27 20:14:07 +02:00
Agatha Lovelace d5e338e099
Configure brightness controls 2023-07-07 16:09:23 +02:00
Agatha Lovelace 4a66006d75
Add Matrix RIL100 Lookup Bot 2023-07-07 16:08:54 +02:00
Agatha Lovelace 29f4ff1d92
Add ssh client config; configure redshift; fix theme errors 2023-07-07 16:07:16 +02:00
Agatha Lovelace 164e7eb377
Package polybar-spotify 2023-07-07 16:07:13 +02:00
Agatha Lovelace b366ed8df4
Update mastodon 2023-06-28 19:30:44 +02:00
Agatha Lovelace f91944e302
Fix monocle layout transparency 2023-06-20 17:19:03 +02:00
Agatha Lovelace 9203bef1ba
Re-add output switcher 2023-06-19 20:25:08 +02:00
Agatha Lovelace a2185ada67
Colorscheme and wallpaper config improvements 2023-06-19 19:16:14 +02:00
Agatha Lovelace c3cdc74c8a
Add easyeffects config 2023-06-18 13:44:17 +02:00
Agatha Lovelace 958bf4adfd
Enable ntfs support on ritual 2023-06-18 12:35:17 +02:00
Agatha Lovelace 94a767c87b
Spotify config refactor 2023-06-18 12:34:55 +02:00
Agatha Lovelace 82ecf9854e
Fix element-desktop config 2023-06-18 12:32:16 +02:00
Agatha Lovelace c48a30d66a
Add process exporter 2023-06-11 22:28:27 +02:00
Agatha Lovelace 3e9811007b
NixOS 23.05 update 2023-06-01 19:07:54 +02:00
Agatha Lovelace 43187f6de9
Add git unstage alias 2023-05-21 12:23:14 +02:00
Agatha Lovelace 65ce9b6b49
Temporarily disable nginx-deny fail2ban jail 2023-05-19 17:10:34 +02:00
Agatha Lovelace 5299894bc7
Update mastodon & homepage 2023-05-19 17:10:06 +02:00
Agatha Lovelace 0dc71ad1cf
Add elasticsearch; update flake 2023-05-03 13:47:01 +02:00
Agatha Lovelace ffd84f6f2a
Add Enigmatica 8 2023-05-01 11:00:19 +02:00
Agatha Lovelace 987454430b
Add mastodon 2023-04-30 12:49:28 +02:00
Agatha Lovelace 1fb32cc4d3
Flakeify vampysite 2023-04-22 15:12:30 +02:00
Agatha Lovelace 8197987031
Add sha256 to vampysite tarball 2023-04-21 14:02:33 +02:00
Agatha Lovelace 13021eb2b1
Refactor colorscheme generation 2023-04-20 22:22:22 +02:00
Agatha Lovelace 4d6cca2a92
Add colmena devshell 2023-04-19 10:24:08 +02:00
Agatha Lovelace 4c2ac2539f
Use url-eater NixOS module 2023-04-15 14:09:45 +02:00
Agatha Lovelace 5f1b10119f
Configure noisetorch; enable direnv; configure firefox 2023-04-13 13:28:59 +02:00
Agatha Lovelace 83726b0897
Make bspwm monocle mode work with translucent windows 2023-04-13 13:27:55 +02:00
Agatha Lovelace b670a609e5
Add frq friend 2023-04-13 13:11:32 +02:00
Agatha Lovelace 3971fb85e3
Add polybar config change reloading 2023-04-11 19:50:28 +02:00
Agatha Lovelace 80c4b2247d
Let julia deploy as root 2023-04-11 19:50:02 +02:00
Agatha Lovelace 84191c1a37
Better colorscheme generation 2023-04-11 19:49:24 +02:00
Agatha Lovelace 161c096f49
BSPWM config tweaks 2023-04-07 18:21:43 +02:00
Agatha Lovelace da9a10cfbb
Add rofi configuration 2023-04-07 18:21:26 +02:00
Agatha Lovelace 04bc412d09
Add URL eater 2023-04-07 18:20:50 +02:00
Agatha Lovelace 545a83bd77
Add lockscreen; misc tweaks 2023-04-07 18:20:16 +02:00
Agatha Lovelace 073661cc7e
Update homepage 2023-04-05 17:38:53 +02:00
Agatha Lovelace 28c04556dd
Tweak colorscheme; add fonts 2023-04-02 12:53:12 +02:00
Agatha Lovelace e7355d37d6
Configure dunst 2023-04-02 12:52:39 +02:00
Agatha Lovelace fdb7f082d6
Polybar cleanup 2023-04-02 12:52:25 +02:00
Agatha Lovelace 9fd1ca4e5c
Fix sxhkd and polybar configs 2023-03-27 17:21:43 +02:00
61 changed files with 6307 additions and 1724 deletions
Show Stats Expand all files Collapse all files

1
.envrc Normal file
View File

@ -0,0 +1 @@
use flake

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
secrets secrets
ops/home/.gcroots ops/home/.gcroots
.direnv

33
README.md
View File

@ -2,8 +2,10 @@
Using [colmena](https://github.com/zhaofengli/colmena) Using [colmena](https://github.com/zhaofengli/colmena)
## Hosts ## Hosts
- `bloodletting`: Main server - `Agathas-Mac-mini`: macOS/nix-darwin desktop
- `ritual`: NixOS laptop - `bloodletting`: Main server / technogothic.net
- `ritual`: macOS/nix-darwin laptop
- `watchtower`: Home server
### Manual setup on blank system/migrations ### Manual setup on blank system/migrations
Bloodletting: Bloodletting:
@ -15,27 +17,28 @@ Bloodletting:
- `bin_rs` - `bin_rs`
- `fail2ban` - `fail2ban`
- `grafana` - `grafana`
- `homepage` - `headscale`
- `hedgedoc`
- `mastodon`
- dump and import Postgres and Redis DBs
- `matterbridge` - `matterbridge`
- `mc-e2e` - `mc-e2e`
- `mc-enigmatica-8`
- `mstdn-ebooks` - `mstdn-ebooks`
- `nyandroid` - `nyandroid`
- `prometheus2` - `prometheus2`
- `prosody`
- `/home/ftp` - `/home/ftp`
Ritual: Agathas-Mac-mini/Ritual:
- `colmena apply[-local]` - deploy config - `darwin-rebuild switch --flake .` - deploy config
- `mkdir -p ~/.gnupg` - create directory for gnupg
- manual configuration/login: [Last commit which includes BSPWM configs](https://git.lain.faith/sorceress/nix-infra/commit/e60bbd7f41bdb4456319637f38a25425b6f5fef7)
- Firefox
- Copy extension data
- Element
- Telegram Desktop
- Geary
### Rsyncd Modules ### Rsyncd Modules
Modded minecraft instance rsync modules can be accessed through `mc-[modpack]@bloodletting::mc-[modpack]` with `--rsh=ssh` Modded minecraft instance rsync modules can be accessed through `mc-[modpack]@bloodletting::mc-[modpack]` with `--rsh=ssh`
## Reference configs used ### Updating mastodon
- https://github.com/Xe/nixos-configs ```sh
- https://git.nora.codes/nora/nixconfig cd common/pkgs/mastodon && ./update.sh --owner AgathaSorceress --rev <commit hash>
```

68
common/default.nix
View File

@ -1,78 +1,48 @@
{ pkgs, ... }: { { pkgs, ... }:
imports = [ ./users ]; {
## Optimizations ## Optimizations
# Clean /tmp
boot.cleanTmpDir = true;
# Link identical files # Link identical files
nix.settings.auto-optimise-store = true; nix.optimise.automatic = true;
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
# Garbage collection # Garbage collection
nix.gc = { nix.gc = {
automatic = true; automatic = true;
dates = "weekly";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
## Other ## Other
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Flakes # Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Enable fish (needed for nix completions) # Enable fish (needed for nix completions)
programs.fish.enable = true; programs.fish.enable = true;
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
# Set editor
environment.variables.EDITOR = "hx";
# Packages used on all systems # Packages used on all systems
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ccase
comma
dogdns
du-dust
git git
wget headscale
xclip imagemagick
jq
killall killall
mtr
nmap
openssl
rsync rsync
sqlite-interactive sqlite-interactive
wget
xclip
]; ];
# 🥺 # 🥺
# security.please.enable = true; # security.please.enable = true;
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
} }

2
common/fragments/bin.nix
View File

@ -5,6 +5,6 @@
enable = true; enable = true;
address = "0.0.0.0"; address = "0.0.0.0";
port = 6162; port = 6162;
textUploadLimit = 32; textUploadLimit = 64;
}; };
} }

98
common/fragments/bittorrent.nix Normal file
View File

@ -0,0 +1,98 @@
{ pkgs, ... }:
{
system.fsPackages = with pkgs; [
gocryptfs
cifs-utils
];
systemd.mounts = [
{
after = [ "network.target" ];
what = "//library.technogothic.net/backup";
where = "/mnt/library-raw";
type = "cifs";
options = "gid=users,file_mode=0664,dir_mode=0775";
mountConfig.EnvironmentFile = "/var/lib/secrets/hetzner-env";
}
{
what = "/mnt/library-raw";
where = "/mnt/library";
type = "fuse.gocryptfs";
options = "allow_other,passfile=/var/lib/secrets/gocryptfs-pass";
wantedBy = [ "multi-user.target" ];
}
];
virtualisation.oci-containers.containers = {
"qbittorrent" = {
image = "dyonr/qbittorrentvpn";
autoStart = true;
volumes = [
"/var/lib/qbittorrent:/config"
"/mnt/library:/downloads"
];
environment = {
VPN_TYPE = "wireguard";
LAN_NETWORK = "10.21.0.0/16,10.42.0.0/24,100.64.0.0/24";
};
ports = [ "8080:8080" ];
extraOptions = [
"--cap-add=NET_ADMIN"
"--device=/dev/net/tun"
"--privileged"
];
};
};
services.flood = {
enable = true;
extraArgs = [ "--baseuri=/flood" ];
};
# Jellyfin
services.jellyfin = {
enable = true;
openFirewall = true;
};
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
# SMB Share
services.samba = {
enable = true;
openFirewall = true;
extraConfig = ''
server string = Watchtower
guest account = nobody
map to guest = bad user
'';
shares.Library = {
path = "/mnt/library";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
};
};
services.nginx.enable = true;
services.nginx.virtualHosts."watchtower.thorns.home.arpa" = {
locations."/flood/api" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = ''
proxy_buffering off;
proxy_cache off;
'';
};
locations."/flood/" = {
alias = "${pkgs.flood}/lib/node_modules/flood/dist/assets/";
tryFiles = "$uri /flood/index.html";
};
extraConfig = ''
rewrite ^/(flood)$ $1/ permanent;
'';
};
}

2
common/fragments/fail2ban.nix
View File

@ -8,7 +8,7 @@
jails = { jails = {
nginx-deny = '' nginx-deny = ''
enabled = true enabled = false
backend = auto backend = auto
logpath = /var/log/nginx/*access.log logpath = /var/log/nginx/*access.log
''; '';

36
common/fragments/grafana.nix
View File

@ -1,10 +1,11 @@
{ config, pkgs, ... }: { { config, ... }:
{
services.grafana = { services.grafana = {
enable = true; enable = true;
settings.server = { settings.server = {
domain = "grafana.technogothic.net"; domain = "grafana.technogothic.net";
http_port = 2342; http_port = 2342;
http_addr = "localhost"; http_addr = "127.0.0.1";
}; };
settings."auth.anonymous" = { settings."auth.anonymous" = {
enabled = true; enabled = true;
@ -13,8 +14,7 @@
}; };
}; };
networking.firewall.allowedTCPPorts = networking.firewall.allowedTCPPorts = [ config.services.grafana.settings.server.http_port ];
[ config.services.grafana.settings.server.http_port ];
services.prometheus = { services.prometheus = {
enable = true; enable = true;
@ -23,31 +23,27 @@
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "bloodletting"; job_name = "bloodletting";
static_configs = [{ static_configs = [
targets = [ { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
"localhost:${
toString config.services.prometheus.exporters.node.port
}"
]; ];
}];
} }
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [{ static_configs = [
targets = [ { targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ]; }
"localhost:${
toString config.services.prometheus.exporters.nginx.port
}"
]; ];
}];
} }
{ {
job_name = "telegraf"; job_name = "telegraf";
static_configs = [{ static_configs = [
targets = [ { targets = [ config.services.telegraf.extraConfig.outputs.prometheus_client.listen ]; }
config.services.telegraf.extraConfig.outputs.prometheus_client.listen ];
}
{
job_name = "process";
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.exporters.process.port}" ]; }
]; ];
}];
} }
]; ];
}; };

113
common/fragments/graphical/bspwm.nix
View File

@ -1,113 +0,0 @@
{ lib, pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
in {
home-manager.users.agatha = {
xsession.windowManager.bspwm = {
enable = true;
extraConfigEarly = lib.strings.concatStringsSep "\n" [
"xsetroot -cursor_name left_ptr"
"xinput set-prop 'SynPS/2 Synaptics TouchPad' 'Synaptics Scrolling Distance' 60 60"
];
extraConfig = lib.strings.concatStringsSep "\n"
[ "nitrogen --set-zoom-fill ${../../../external/6.png}" ];
monitors = { eDP-1 = [ "I" "II" "III" "IV" "V" "VI" "VII" "VIII" ]; };
settings = let color = n: colorscheme.colors."${builtins.toString n}";
in {
border_width = 3;
window_gap = 15;
top_padding = 45;
split_ratio = 0.5;
borderless_monocle = false;
gapless_monocle = false;
normal_border_color = color 0;
focused_border_color = color 1;
active_border_color = color 2;
urgent_border_color = color 2;
presel_feedback_color = color 2;
};
rules = {
"Gimp" = {
state = "tiled";
follow = true;
};
"Element".desktop = "II";
"TelegramDesktop".desktop = "III";
"Geary".desktop = "IV";
"firefox" = {
desktop = "I";
state = "tiled";
follow = false;
};
"Yubico Authenticator".state = "floating";
"firefox:Places".state = "floating";
};
};
services.sxhkd = {
enable = true;
keybindings = {
# Terminal
"super + Return" = "kitty";
"Caps_Lock" = "kitty";
# File explorer
"super + e" = "nautilus";
# Program launcher
"super + @space" = "rofi -show drun";
# Clipboard
"super + v" = ''
CM_LAUNCHER=rofi clipmenu \
-theme-str 'listview \{ spacing: 0; \}' \
-theme-str 'window \{ width: 30em; \}'
'';
# Calculator
"super + shift + c" = ''
rofi -show calc -modi calc -calc-command 'xdotool type --clearmodifiers "\{result\}"'';
# Media keys
"XF86Audio{Raise,Lower}Volume" = "pamixer {-i,-d} 5";
"XF86AudioMute" = "pamixer -t";
"XF86Audio{Prev,Next}" = "playerctl {previous,next}";
"XF86AudioPlay" = "playerctl play-pause";
# Screenshot
"Print" = "flameshot gui && bspc desktop --focus focused";
"shift + Print" =
"flameshot gui -d 3000 && bspc desktop --focus focused";
# Pause notifications
"super + n" = "dunstctl set-paused toggle";
# Reload WM
"super + shift + {q,r}" = ''
pkill -USR1 -x sxhkd \
; for p in picom polybar dunst; killall $p; end \
; bspc {quit,wm -r}
'';
# Close/kill window
"super + {_,shift + }w" = "bspc node -{c,k}";
# Monocle layout
"super + m" = "bspc desktop -l next";
# Toggle hide all windows
"super + d" =
"bspc query -N -n .window | xargs -I node_id bspc node node_id -g hidden";
# Change window state
"super + {t,shift + t,s,f}" =
"bspc node -t {tiled,pseudo_tiled,floating,fullscreen}";
# Focus/move window
"super + {_,shift + }{j,k,i,l}" =
"bspc node -{f,s} {west,south,north,east}";
# Focus the next window in the current desktop
"super + c" = "bspc node -f next.local.!hidden.window";
# Focus previous/next desktop on current monitor
"super + bracket{left,right}" = "bspc desktop -f {prev,next}.local";
# Switch desktops / Move window to desktop
"super + {_,shift + }{1-9,0}" = "bspc {desktop -f,node -d} '^{1-9,10}'";
# Window switcher
"alt + Tab" = "rofi -show window";
# Move floating window
"super + {Left,Down,Up,Right}" = "bspc node -v {-20 0,0 20,0 -20,20 0}";
# Lock screen
"super + x" =
"betterlockscreen --lock dimblur; systemctl --user restart gpg-agent";
};
};
};
}

13
common/fragments/graphical/colors.nix
View File

@ -1,13 +0,0 @@
{ lib, pkgs, ... }: {
colorscheme = name: image: rec {
generate = pkgs.callPackage ({ runCommand, colorz }:
runCommand name { nativeBuildInputs = [ colorz ]; } ''
colorz ${image} --no-preview -n 8 --bold 30 --minv 0 --maxv 255 | awk '{print $1} {print $2}' > $out
'') { };
colors = builtins.listToAttrs (lib.lists.imap0 (i: v: {
name = builtins.toString i;
value = v;
}) (lib.strings.splitString "\n" (builtins.readFile generate)));
};
}

45
common/fragments/graphical/darwin.nix Normal file
View File

@ -0,0 +1,45 @@
{ pkgs, lib, ... }:
{
imports = [
./default.nix
./iosevka.nix
../../home_manager/common.nix
../../remote-builds.nix
];
services.nix-daemon.enable = true;
nix.settings = {
extra-nix-path = "nixpkgs=flake:nixpkgs";
substituters = [
"https://cache.nixos.org"
"https://cache.lix.systems"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
];
trusted-users = [ "@admin" ];
};
# Needed for the nix-darwin environment even if zsh is not used.
programs.zsh.enable = true;
users.users.agatha = {
name = "agatha";
home = lib.mkForce "/Users/agatha";
};
fonts.packages = with pkgs; [
(nerdfonts.override {
fonts = [
"DaddyTimeMono"
"NerdFontsSymbolsOnly"
];
})
fira-code
fira-code-symbols
font-awesome_5
iosevka
siji
];
}

165
common/fragments/graphical/default.nix
View File

@ -1,167 +1,34 @@
{ pkgs, config, lib, ... }: { { pkgs, ... }:
imports = [ {
./bspwm.nix # Config for client devices, but not necessarily a full desktop environment.
./picom.nix
./polybar.nix
./iosevka.nix
./kitty.nix
./element.nix
];
# User packages # User packages
users.users.agatha.packages = with pkgs; [ users.users.agatha.packages = with pkgs; [
brightnessctl android-tools
broot broot
colmena colmena
element-desktop exiftool
firefox ffmpeg
flameshot flac
gnome.eog
gnome.file-roller
gnome.geary
gnome.gnome-calendar
gnome.gnome-control-center
gnome.gnome-disk-utility
gnome.gnome-font-viewer
gnome.nautilus
gnome.totem
hyperfine hyperfine
lxappearance just
magic-wormhole magic-wormhole
neofetch neofetch
nitrogen nil
pamixer
pavucontrol
pfetch pfetch
playerctl
pridefetch pridefetch
rofi rink
rofi-calc sshfs
rofimoji whois
tdesktop
wireguard-tools wireguard-tools
xdg-utils yt-dlp
yubioath-desktop
]; ];
# Brightness/volume keys
users.users.agatha.extraGroups = [ "video" ];
programs.light.enable = true;
services.xserver = {
enable = true;
displayManager = {
gdm.enable = true;
# gdm.wayland = true;
sessionPackages = [ pkgs.sway ];
session = [{
manage = "window";
name = "bspwm";
start = let cfg = config.home-manager.users.agatha;
in ''
${cfg.services.sxhkd.package}/bin/sxhkd ${
toString cfg.services.sxhkd.extraOptions
} &
${cfg.xsession.windowManager.bspwm.package}/bin/bspwm -c ${cfg.xdg.configHome}/bspwm/bspwmrc
'';
}];
};
# Layout overrides
layout = lib.mkForce "eu,de(qwerty),ua,ru";
xkbOptions = "ctrl:nocaps,compose:rctrl";
synaptics = {
enable = true;
tapButtons = true;
vertTwoFingerScroll = true;
vertEdgeScroll = true;
horizEdgeScroll = true;
horizTwoFingerScroll = true;
palmDetect = true;
palmMinWidth = 8;
palmMinZ = 100;
};
};
home-manager.users.agatha = { home-manager.users.agatha = {
# Compose key sequences programs.direnv.enable = true;
home.file.".XCompose".text = '' home.sessionVariables = {
include "%L" "DIRENV_LOG_FORMAT" = "";
<Multi_key> <l> <f> : "( ͡° ͜ʖ ͡°)"
<Multi_key> <s> <f> : "¯\\_()_/¯"
<Multi_key> <g> <f> : " _ "
<Multi_key> <B> <B> : "🅱"
<Multi_key> <o> <asterisk> : ""
<Multi_key> <h> <r> : ""
<Multi_key> <v> <v> : ""
<Multi_key> <v> <period> <v> : ""
<Multi_key> <space> <space> : ""
<Multi_key> <s> <0> : "§"
<Multi_key> <b><l> : ""
<Multi_key> <h><s> : ""
<Multi_key> <s><r> : ""
<Multi_key> <t><r> : " trans rights uwu"
<Multi_key> <w><apostrophe> : "òwó"
<Multi_key> <W><apostrophe> : "ÒwÓ"
<Multi_key> <p><t> : "👉👈"
<Multi_key> <p><l> : "🥺"
<Multi_key> <m><s> : "/html <span data-mx-spoiler=\"\"></span>"
'';
# Cursor theme
home.pointerCursor = {
name = "Adwaita";
package = pkgs.gnome.adwaita-icon-theme;
size = 24;
x11 = {
enable = true;
defaultCursor = "Adwaita";
};
};
}; };
security.polkit.enable = true;
# Screenshare on wlroots
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
wlr.enable = true;
};
};
fonts.fontconfig.enable = true;
fonts.fonts = with pkgs; [
cantarell-fonts
crimson
dejavu_fonts
fira-code
fira-code-symbols
font-awesome_5
iosevka
noto-fonts-cjk
siji
twitter-color-emoji
(nerdfonts.override { fonts = [ "DaddyTimeMono" "NerdFontsSymbolsOnly" ]; })
];
services.printing.enable = true;
# Pipewire
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
}; };
} }

109
common/fragments/graphical/element.nix
View File

@ -1,109 +0,0 @@
{ pkgs, config, lib, ... }: {
home-manager.users.agatha = {
xdg.configFile."Element/config.json".text = ''
{
"settingDefaults": {
"custom_themes": [
{
"name": "Sapphic Lavender",
"is_dark": true,
"fonts": {
"general": "Allust, Twemoji, Twitter Color Emoji, sans",
"monospace": "'Iosevka Medium Extended', 'Fira Code'"
},
"colors": {
"accent": "#D2ADC6",
"accent-color": "#D2ADC6",
"primary-color": "#D2ADC6",
"warning-color": "#BF80A6",
"alert": "#BF80A6",
"sidebar-color": "#231724",
"primary-content": "#180F19",
"secondary-content": "#E5D9E6",
"tertiary-content": "#D2ADC6",
"quaternary-content": "#E5D9E6",
"quinary-content": "#251926",
"system": "#180F19",
"background": "#00f",
"roomlist-background-color": "#231724",
"roomlist-text-color": "#E5D9E6",
"roomlist-text-secondary-color": "#ffd1dc",
"roomlist-highlights-color": "#180F19",
"roomlist-separator-color": "#180F19",
"timeline-background-color": "#180F19",
"timeline-text-color": "#E5D9E6",
"timeline-text-secondary-color": "#D2ADC6",
"timeline-highlights-color": "#231724",
"eventbubble-self-bg": "#231724",
"eventbubble-others-bg": "#231724",
"eventbubble-bg-hover": "#231724",
"eventbubble-reply-color": "#231724",
"username-colors": [
"#D8BFD8",
"#ffd1dc",
"#DDA0DD",
"#DA70D6",
"#BA55D3",
"#9932CC",
"#800060",
"#8B008B"
],
"avatar-background-colors": ["#896bad", "#b09cc8", "#bdacd1"],
"reaction-row-button-selected-bg-color": "#bd93f9"
}
},
{
"name": "Transgender Vampirism",
"is_dark": true,
"fonts": {
"general": "Crimson, Noto Color Emoji, Twemoji, Twitter Color Emoji, sans",
"monospace": "'Iosevka Gothic', 'Fira Code'"
},
"colors": {
"accent": "#747E9D",
"accent-color": "#747E9D",
"primary-color": "#747E9D",
"warning-color": "#110E18",
"sidebar-color": "#16121F",
"primary-content": "#110E18",
"secondary-content": "#D5D6E8",
"tertiary-content": "#747E9D",
"quaternary-content": "#D5D6E8",
"quinary-content": "#16121F",
"system": "#16121F",
"background": "#00f",
"roomlist-background-color": "#16121F",
"roomlist-text-color": "#D5D6E8",
"roomlist-text-secondary-color": "#747E9D",
"roomlist-highlights-color": "#110E18",
"roomlist-separator-color": "#110E18",
"timeline-background-color": "#110E18",
"timeline-text-color": "#D5D6E8",
"timeline-text-secondary-color": "#747E9D",
"timeline-highlights-color": "#16121F",
"eventbubble-self-bg": "#16121F",
"eventbubble-others-bg": "#16121F",
"eventbubble-bg-hover": "#16121F",
"eventbubble-reply-color": "#16121F",
"username-colors": [
"#D8BFD8",
"#AA9AB6",
"#DDA0DD",
"#DA70D6",
"#7A5286",
"#9932CC",
"#800060",
"#8B008B"
],
"avatar-background-colors": ["#896bad", "#b09cc8", "#bdacd1"],
"reaction-row-button-selected-bg-color": "#bd93f9"
}
}
]
},
"showLabsSettings": true,
"features": ["feature_latex_maths"]
}
'';
};
}

38
common/fragments/graphical/iosevka.nix
View File

@ -1,51 +1,59 @@
{ config, pkgs, ... }: { {
# Iosevka Gothic # Iosevka Gothic
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
iosevka = prev.iosevka.override { iosevka = (prev.iosevka.overrideAttrs (_: {
# Fixes broken terminal output
buildPhase = ''
export HOME=$TMPDIR
runHook preBuild
npm run build --no-update-notifier --targets ttf::$pname -- --jCmd=$NIX_BUILD_CORES --verbose=9 2>/dev/null
runHook postBuild
'';
})).override {
privateBuildPlan = '' privateBuildPlan = ''
[buildPlans.iosevka-gothic] [buildPlans.IosevkaGothic]
family = "Iosevka Gothic" family = "Iosevka Gothic"
spacing = "normal" spacing = "normal"
serifs = "slab" serifs = "slab"
no-cv-ss = true noCvSs = true
export-glyph-names = true exportGlyphNames = true
[buildPlans.iosevka-gothic.variants.design] [buildPlans.IosevkaGothic.variants.design]
capital-a = "straight-base-serifed" capital-a = "straight-base-serifed"
capital-b = "standard-bilateral-serifed" capital-b = "standard-bilateral-serifed"
capital-h = "serifed" capital-h = "serifed"
capital-i = "serifed" capital-i = "serifed"
capital-q = "crossing" capital-q = "crossing"
capital-r = "standing" capital-r = "standing-serifed"
f = "tailed" f = "tailed"
l = "tailed-serifed" l = "tailed-serifed"
z = "cursive" z = "cursive"
long-s = "bent-hook-tailed" long-s = "bent-hook-tailed"
eszet = "sulzbacher-descending" eszet = "sulzbacher-descending-serifless"
lower-mu = "tailed" lower-mu = "tailed-serifed"
lower-xi = "flat-top" lower-xi = "flat-top"
three = "flat-top" three = "flat-top-serifless"
six = "straight-bar" six = "straight-bar"
asterisk = "flip-penta-high" asterisk = "turn-penta-high"
pilcrow = "high" pilcrow = "high"
caret = "medium" caret = "medium"
paren = "normal" paren = "normal"
brace = "curly-flat-boundary" brace = "curly-flat-boundary"
number-sign = "upright" number-sign = "upright"
ampersand = "closed" ampersand = "closed"
at = "short" at = "compact"
lig-ltgteq = "slanted" lig-ltgteq = "slanted"
ascii-single-quote = "raised-comma" ascii-single-quote = "raised-comma"
ascii-grave = "straight" ascii-grave = "straight"
[buildPlans.iosevka-gothic.variants.italic] [buildPlans.IosevkaGothic.variants.italic]
capital-z = "cursive-with-horizontal-crossbar" capital-z = "cursive-with-horizontal-crossbar"
[buildPlans.iosevka-gothic.ligations] [buildPlans.IosevkaGothic.ligations]
inherits = "haskell" inherits = "haskell"
''; '';
set = "gothic"; set = "Gothic";
}; };
}) })
]; ];

79
common/fragments/graphical/kitty.nix
View File

@ -1,79 +0,0 @@
{ pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
color = n: colorscheme.colors."${builtins.toString n}";
in {
home-manager.users.agatha = {
programs.kitty = {
enable = true;
font = {
package = pkgs.iosevka;
name = "Iosevka Gothic";
size = 11.5;
};
keybindings = { "f5" = "load_config_file"; };
settings = {
disable_ligatures = "never";
draw_minimal_borders = false;
active_tab_font_style = "italic";
inactive_tab_font_style = "normal";
scrollback_lines = -10000;
url_style = "single";
strip_trailing_spaces = "smart";
enable_audio_bell = false;
window_margin_width = 10;
window_padding_width = 10;
inactive_text_alpha = "0.8";
enabled_layouts = "vertical, grid, stack";
tab_bar_edge = "top";
tab_bar_style = "fade";
tab_bar_margin_width = 5;
tab_separator = "";
tab_title_template = " {index}";
foreground = color 15;
background = color 0;
cursor = color 16;
color0 = color 0;
color8 = color 8;
color1 = color 1;
color9 = color 9;
color2 = color 2;
color10 = color 10;
color3 = color 3;
color11 = color 11;
color4 = color 4;
color12 = color 12;
color5 = color 5;
color13 = color 13;
color6 = color 6;
color14 = color 14;
color7 = color 7;
color15 = color 15;
selection_foreground = color 1;
selection_background = color 15;
url_color = color 1;
active_border_color = color 1;
inactive_border_color = color 2;
bell_border_color = color 6;
active_tab_foreground = color 15;
active_tab_background = color 1;
inactive_tab_foreground = color 8;
inactive_tab_background = color 2;
};
};
};
}

89
common/fragments/graphical/picom.nix
View File

@ -1,89 +0,0 @@
{ pkgs, config, lib, ... }: {
home-manager.users.agatha = {
services.picom = {
enable = true;
package = pkgs.picom-next;
# General
backend = "glx";
vSync = true;
settings = {
mark-wmwin-focused = true;
detect = {
rounded-corners = true;
client-opacity = true;
transient = true;
client-leader = true;
};
use-damage = true;
wintypes = {
tooltip = {
fade = true;
shadow = true;
opacity = 0.75;
focus = true;
full-shadow = false;
};
dock = { shadow = false; };
dnd = { shadow = false; };
popup_menu = { opacity = 0.8; };
dropdown_menu = { opacity = 0.8; };
};
};
# Shadows
shadow = true;
shadowOpacity = 1.0;
shadowOffsets = [ (-7) (-7) ];
shadowExclude = [
"name = 'Notification'"
"class_g ?= 'Notify-osd'"
"class_g = 'Cairo-clock'"
"class_g = 'firefox-nightly' && argb"
"class_g = 'firefox' && argb"
"_GTK_FRAME_EXTENTS@:c"
];
# Fade
fade = true;
fadeSteps = [ 5.0e-2 5.0e-2 ];
# Opacity
settings.frame-opacity = 0.7;
settings.inactive-opacity-override = false;
settings.inactive-dim = 0.2;
settings.focus-exclude = [
"class_g = 'firefox-nightly'"
"class_g = 'firefox'"
"class_g = 'Dunst'"
];
opacityRules = [
"100:_NET_WM_STATE@[0]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[1]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[2]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[3]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[4]:32a = '_NET_WM_STATE_FULLSCREEN'"
"0:_COMPTON_MONOCLE@:32c = 0"
"70:class_g = 'kitty'"
"80:class_g = 'Dunst'"
"20:class_g = 'Bspwm' && class_i = 'presel_feedback'"
];
# Blur
settings.blur = {
method = "dual_kawase";
strength = 3;
background = true;
kern = "3x3box";
background-exclude = [
"window_type = 'dock'"
"window_type = 'desktop'"
"_GTK_FRAME_EXTENTS@:c"
"class_g = 'firefox-nightly' && argb"
"class_g = 'firefox' && argb"
];
};
};
};
}

258
common/fragments/graphical/polybar.nix
View File

@ -1,258 +0,0 @@
{ lib, pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
in {
home-manager.users.agatha = {
services.polybar = {
enable = true;
package = pkgs.polybarFull;
script = "polybar right &";
settings = let color = n: colorscheme.colors."${builtins.toString n}";
in {
"colors" = {
background = color 0;
foreground = color 7;
foreground-alt = color 7;
primary = color 1;
secondary = color 2;
alert = color 3;
red = color 4;
};
"bar/right" = {
monitor = "\${env:MONITOR:eDP-1}";
width = "100%:-30";
height = 30;
offset-x = 15;
offset-y = 12;
radius = 0;
fixed-center = true;
background = "\${colors.background}";
foreground = "\${colors.foreground}";
line = {
size = 0;
color = color 3;
};
border = {
size = 3;
color = color 1;
};
padding = {
left = 2;
right = 2;
};
module.margin = {
left = 1;
right = 1;
};
font = {
"0" = "Iosevka Gothic:pixelsize=10;3";
"1" = "DejaVuSans:fontformat=truetype:size=8:antialias=false;2";
"2" = "Siji:pixelsize=11;2";
"3" = "Symbols Nerd Font:pixelsize=10;2";
"4" = "DejaVuSans:fontformat=truetype:size=8:antialias=false;1";
};
modules = {
left = "bspwm";
center = "date";
right =
"filesystem battery pulseaudio xkeyboard memory cpu notication-status powermenu";
};
wm-restack = "bspwm";
cursor-click = "pointer";
locale = "de_DE.UTF-8";
};
"module/xkeyboard" = {
type = "internal/xkeyboard";
blacklist-0 = "num lock";
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = {
layout = "%layout%";
indicator = {
padding = 2;
margin = 1;
background = "\${colors.secondary}";
underline = "\${colors.secondary}";
};
};
};
"module/bspwm" = {
type = "internal/bspwm";
label = {
focused = "%name%";
focused-foreground = "\${colors.primary}";
focused-padding = 1;
occupied = "%name%";
occupied-padding = 1;
urgent = "%name%!";
urgent-background = "\${xrdb:color1:#222}";
urgent-padding = 1;
empty = "%name%";
empty-foreground = "\${colors.foreground-alt}";
empty-padding = 1;
};
};
"module/date" = {
type = "internal/date";
interval = 5;
date = "";
date-alt = " %a, %d %b %Y";
time = "%H:%M";
time-alt = "%H:%M:%S";
format-prefix = "";
format-prefix-foreground = "\${colors.foreground-alt}";
label = ''
%{A3:dunstify ' Calendar' "$(cal --color=always | sed "s#\\x1b\\[7m#<b>#;s#\\x1b\\[27m#</b>#g")":}%date%%{A} %time%'';
};
"module/filesystem" = {
type = "internal/fs";
interval = 25;
mount-0 = "/";
label-mounted = "%mountpoint%: %percentage_used%%";
label-unmounted = "%mountpoint% not mounted";
label-unmounted-foreground = "\${colors.foreground-alt}";
};
"module/cpu" = {
type = "internal/cpu";
interval = 2;
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = "%{A1:kitty btop:}%percentage:2%%%{A}";
};
"module/memory" = {
type = "internal/memory";
interval = 2;
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = "%{A1:kitty btop:}%percentage_used%%%{A}";
};
"module/pulseaudio" = {
type = "internal/pulseaudio";
format-volume = "%{A3:pavucontrol:}<label-volume> <bar-volume>%{A}";
label-volume = " %percentage%%";
label-volume-foreground = "\${root.foreground}";
label-muted = " muted";
label-muted-foreground = "#666";
bar.volume = {
width = 14;
foreground-0 = "\${colors.secondary}";
foreground-1 = "\${colors.secondary}";
foreground-2 = "\${colors.primary}";
foreground-3 = "\${colors.primary}";
foreground-4 = "\${colors.primary}";
foreground-5 = "\${colors.alert}";
foreground-6 = "\${colors.red}";
gradient = false;
indicator = "|";
indicator-font = 5;
fill = "";
fill-font = 2;
empty = "";
empty-font = 2;
empty-foreground = "\${colors.foreground-alt}";
};
};
"module/powermenu" = {
type = "custom/menu";
expand-right = true;
format-spacing = 1;
label = {
open = "";
open-foreground = "\${colors.secondary}";
close = " cancel";
close-foreground = "\${colors.secondary}";
separator = "|";
separator-foreground = "\${colors.foreground-alt}";
};
menu = {
"0-0" = "reboot";
"0-0-exec" = "reboot";
"0-1" = "power off";
"0-1-exec" = "sudo poweroff";
};
};
"module/battery" = {
type = "internal/battery";
full-at = 99;
low-at = 10;
battery = "BAT0";
adapter = "AC";
poll-interval = 3;
content-font = 3;
format-charging = "<animation-charging> <label-charging>";
format-discharging = "<ramp-capacity> <label-discharging>";
label = {
charging = "%percentage_raw%%";
discharging = "%percentage_raw%%";
full = "";
};
ramp = {
capacity-0 = "";
capacity-1 = "";
capacity-2 = "";
capacity-3 = "";
capacity-4 = "";
};
animation = {
charging-0 = "";
charging-1 = "";
charging-2 = "";
charging-3 = "";
charging-4 = "";
charging-framerate = 750;
};
};
"module/notification-status" = {
type = "custom/script";
exec = ''
if $(dunstctl is-paused); then; echo "Notifications paused"; else; echo ""; fi;'';
interval = 2;
format-prefix = " ";
};
};
};
};
}

103
common/fragments/graphical/sway.nix
View File

@ -1,103 +0,0 @@
{ pkgs, config, ... }: {
# User packages
users.users.agatha.packages = with pkgs; [ grim rofi-wayland waybar ydotool ];
home-manager.users.agatha = {
wayland.windowManager.sway = let
cfg = config.home-manager.users.agatha.wayland.windowManager.sway.config;
in {
enable = true;
config = {
up = "i";
left = "j";
down = "k";
right = "l";
modifier = "Mod4";
terminal = "kitty";
fonts = {
names = [ "Font Awesome 5 Free" "Iosevka Gothic" ];
size = 11.0;
};
workspaceAutoBackAndForth = true;
window = {
titlebar = true;
hideEdgeBorders = "both";
border = 0;
};
gaps.inner = 15;
output."*" = { bg = "/home/agatha/Pictures/wallpaper.png fill"; };
input."type:keyboard" = {
xkb_layout = config.services.xserver.layout;
xkb_options = config.services.xserver.xkbOptions;
};
input."type:touchpad" = { tap = "enabled"; };
keybindings = let mod = cfg.modifier;
in {
"${mod}+Return" = "exec ${cfg.terminal}";
"Caps_Lock" = "exec ${cfg.terminal}";
"${mod}+e" = "exec nautilus";
"${mod}+space" = "exec rofi -show drun";
"${mod}+shift+e" = "exec rofimoji --action clipboard";
"${mod}+c" = ''
exec rofi -show calc -modi calc -calc-command 'xdotool type --clearmodifiers "\{result\}"'
'';
XF86AudioRaiseVolume = "exec pamixer -i 5";
XF86AudioLowerVolume = "exec pamixer -d 5";
XF86AudioMute = "exec pamixer -t";
XF86AudioPrev = "exec playerctl previous";
XF86AudioNext = "exec playerctl next";
XF86AudioPlay = "exec playerctl play-pause";
Print = "exec flameshot gui";
"shift+Print" = "exec flameshot gui -d 3000";
"${mod}+n" = "exec dunstctl set-paused toggle";
# "${mod}+o" = "TODO: port audio switcher";
"${mod}+shift+r" =
"reload; exec 'for p in waybar dunst; do; killall $p; done'";
"${mod}+w" = "kill";
"${mod}+m" = "layout tabbed";
"${mod}+t" = "layout toggle split";
"${mod}+s" = "floating toggle";
"${mod}+f" = "fullscreen toggle";
"alt+Tab" = "exec rofi -show window";
# "${mod}+x" = "TODO: lockscreen";
"${mod}+Shift+${cfg.left}" = "move left";
"${mod}+Shift+${cfg.down}" = "move down";
"${mod}+Shift+${cfg.up}" = "move up";
"${mod}+Shift+${cfg.right}" = "move right";
"${mod}+1" = "workspace number 1";
"${mod}+2" = "workspace number 2";
"${mod}+3" = "workspace number 3";
"${mod}+4" = "workspace number 4";
"${mod}+5" = "workspace number 5";
"${mod}+6" = "workspace number 6";
"${mod}+7" = "workspace number 7";
"${mod}+8" = "workspace number 8";
"${mod}+9" = "workspace number 9";
"${mod}+Shift+1" = "move container to workspace number 1";
"${mod}+Shift+2" = "move container to workspace number 2";
"${mod}+Shift+3" = "move container to workspace number 3";
"${mod}+Shift+4" = "move container to workspace number 4";
"${mod}+Shift+5" = "move container to workspace number 5";
"${mod}+Shift+6" = "move container to workspace number 6";
"${mod}+Shift+7" = "move container to workspace number 7";
"${mod}+Shift+8" = "move container to workspace number 8";
"${mod}+Shift+9" = "move container to workspace number 9";
};
};
};
};
}

141
common/fragments/graphical/url-eater.nix Normal file
View File

@ -0,0 +1,141 @@
{ ... }:
let
filters = ''
category "Action Map" {
params "action_object_map" "action_ref_map" "action_type_map"
}
category "AliExpress.com" {
params "aff_platform" "aff_trace_key" \
"algo_expid@*.aliexpress.*" "*pvid@*.aliexpress.*" "btsid@*.aliexpress.*" \
"expid@*.aliexpress.*" "initiative_id@*.aliexpress.*" "scm_id@*.aliexpress.*" \
"spm@*.aliexpress.*" "ws_ab_test*.aliexpress.*" \
"_t@*.aliexpress.*" "pdp_npi@*.aliexpress.*" "gatewayAdapt@*.aliexpress.*"
}
category "Amazon" {
params "_encoding@amazon.*" "ascsubtag@amazon.*" "pd_rd_*@amazon.*" "pf@amazon.*" "pf_rd_*@amazon.*" "psc@amazon.*" "ref_@amazon.*" "tag@amazon.*"
}
category "Bing" {
params "cvid@bing.com" "form@bing.com" "pq@bing.com" "qs@bing.com" "sc@bing.com" "sk@bing.com" "sp@bing.com"
}
category "Campaign tracking (Adobe Analytics)" {
params "sc_cid"
}
category "Campaign tracking (Adobe Marketo)" {
params "mkt_tok"
}
category "Campaign tracking (Amazon Kendra)" {
params "trk" "trkCampaign"
}
category "Campaign tracking (at)" {
params "at_campaign" "at_custom*" "at_medium"
}
category "Campaign tracking (Change.org)" {
params "guest@change.org" "recruited_by_id@change.org" "recruiter@change.org" "short_display_name@change.org" "source_location@change.org"
}
category "Campaign tracking (DPG Media)" {
params "dpg_*"
}
category "Campaign tracking (Google Analytics ga)" {
params "ga_*" "gclid" "gclsrc"
}
category "Campaign tracking (Humble Bundle)" {
params "hmb_campaign" "hmb_medium" "hmb_source"
}
category "Campaign tracking (IBM Acoustic Campaign)" {
params "spJobID" "spMailingID" "spReportId" "spUserID"
}
category "Campaign tracking (itm)" {
params "itm_*"
}
category "Campaign tracking (Omniture)" {
params "s_cid"
}
category "Campaign tracking (Oracle Eloqua)" {
params "assetId" "assetType" "campaignId" "elqTrack" "elqTrackId" "recipientId" "siteId"
}
category "Campaign tracking (MailChimp)" {
params "mc_cid" "mc_eid"
}
category "Campaign tracking (Matomo/Piwik)" {
params "mtm_*" "pk_*"
}
category "Campaign tracking (ns)" {
params "ns_*"
}
category "Campaign tracking (sc)" {
params "sc_campaign" "sc_channel" "sc_content" "sc_country" "sc_geo" "sc_medium" "sc_outcome"
}
category "Campaign tracking (stm)" {
params "stm_*"
}
category "Campaign tracking (utm)" {
params "nr_email_referer" "utm_*"
}
category "Campaign tracking (Vero)" {
params "vero_conv" "vero_id"
}
category "Campaign tracking (Yandex)" {
params "_openstat" "yclid"
}
category "Campaign tracking (others)" {
params "c_id" "campaign_id" "Campaign" "cmpid" "mbid" "ncid"
}
category "Caseking.de" {
params "campaign@caseking.de" "sPartner@caseking.de"
}
category "Ebay" {
params "hash@ebay.*" "_trkparms@ebay.*" "_trksid@ebay.*" "amdata@ebay.*" "epid@ebay.*" "hash@ebay.*" "var@ebay.*"
}
category "Etsy" {
params "click_key@etsy.com" "click_sum@etsy.com" "organic_search_click@etsy.com" "ref@etsy.com"
}
category "Facebook" {
params "fb_action_ids" "fb_action_types" "fb_ref" "fb_source" "fbclid" "hrc@facebook.com" "refsrc@facebook.com"
}
category "Google" {
params "ei@google.*" "gs_gbg@google.*" "gs_l" "gs_lcp@google.*" "gs_mss@google.*" "gs_rn@google.*" "gws_rd@google.*" "sei@google.*" "ved@google.*"
}
category "Hubspot" {
params "_hsenc" "_hsmi" "__hssc" "__hstc" "hsCtaTracking"
}
category "IMDb" {
params "pf_rd_*@imdb.com" "ref_@imdb.com"
}
category "LinkedIn" {
params "eBP@linkedin.com" "lgCta@linkedin.com" "lgTemp@linkedin.com" "lipi@linkedin.com" "midSig@linkedin.com" "midToken@linkedin.com" "recommendedFlavor@linkedin.com" "refId@linkedin.com" "trackingId@linkedin.com" "trk@linkedin.com" "trkEmail@linkedin.com"
}
category "Medium" {
params "_branch_match_id@medium.com" "source@medium.com"
}
category "SourceForge.net" {
params "position@sourceforge.net" "source@sourceforge.net"
}
category "Spotify" {
params "context@open.spotify.com" "si@open.spotify.com"
}
category "TikTok" {
params "_d@tiktok.com" "checksum@tiktok.com" "is_copy_url@tiktok.com" "is_from_webapp@tiktok.com" "language@tiktok.com" "preview_pb@tiktok.com" "sec_user_id@tiktok.com" "sender_device@tiktok.com" "sender_web_id@tiktok.com" "share_app_id@tiktok.com" "share_link_id@tiktok.com" "share_item_id@tiktok.com" "source@tiktok.com" "timestamp@tiktok.com" "tt_from@tiktok.com" "u_code@tiktok.com" "user_id@tiktok.com"
}
category "Twitch.tv" {
params "tt_content" "tt_medium"
}
category "Twitter" {
params "cxt@*.twitter.com" "ref_*@*.twitter.com" "s@*.twitter.com" "t@*.twitter.com" "twclid"
}
category "Yandex" {
params "lr@yandex.*" "redircnt@yandex.*"
}
category "YouTube.com" {
params "feature@youtube.com" "kw@youtube.com"
}
category "Zeit.de" {
params "wt_mc" "wt_zmc"
}
'';
in
{
services.url-eater = {
enable = true;
inherit filters;
};
}

16
common/fragments/headscale.nix Normal file
View File

@ -0,0 +1,16 @@
{
services.headscale = {
enable = true;
port = 52812;
settings = {
server_url = "https://hs.technogothic.net";
dns = {
nameservers.global = [
"94.140.14.14"
"94.140.15.15"
]; # AdGuard Public DNS
base_domain = "thorns.home.arpa";
};
};
};
}

11
common/fragments/hedgedoc.nix Normal file
View File

@ -0,0 +1,11 @@
{
services.hedgedoc = {
enable = true;
settings = {
domain = "hedgedoc.technogothic.net";
protocolUseSSL = true;
allowOrigin = [ "localhost" "hedgedoc.technogothic.net" ];
allowEmailRegister = false;
};
};
}

55
common/fragments/home-assistant.nix Normal file
View File

@ -0,0 +1,55 @@
{
networking.firewall.allowedTCPPorts = [
8123
1883
1884
];
networking.firewall.allowedTCPPortRanges = [
{
from = 21063;
to = 21070;
}
];
networking.firewall.allowedUDPPorts = [
53
67
5353
];
virtualisation.oci-containers.containers = {
"home-assistant" = {
image = "ghcr.io/home-assistant/home-assistant:stable";
autoStart = true;
volumes = [
"/var/lib/hass:/config"
"/etc/localtime:/etc/localtime:ro"
"/run/dbus:/run/dbus:ro"
];
extraOptions = [ "--network=host" ];
};
};
services.mosquitto = {
enable = true;
listeners = [
{
users.root = {
acl = [ "readwrite #" ];
hashedPassword = "$7$101$GLzV4JTDU6Z9vHYl$GqkS+LOdufO3Znt/3M+4y0u8I3Yyv+3J/8SpsVTpKZMexNciPDhV3K67ZX6++yD75e4Eo4gJCYYhJ/JFt2o2nw==";
};
}
];
};
services.create_ap = {
enable = true;
settings = {
WIFI_IFACE = "wlp2s0";
SHARE_METHOD = "none";
SSID = "Agatha-Isolated-Network";
# TODO: Replace placeholder password after switching to sops-nix
PASSPHRASE = "nCvKNgRH5L5DFBR4JULP3GHbDuk9XLfT";
};
};
networking.networkmanager.unmanaged = [ "wlp2s0" ];
}

13
common/fragments/homepage.nix
View File

@ -1,13 +0,0 @@
{ pkgs, ... }: {
virtualisation.oci-containers.containers = {
"homepage" = {
image = "ghcr.io/benphelps/homepage:v0.6.10";
autoStart = true;
ports = [ "127.0.0.1:3000:3000" ];
volumes = [
"/var/lib/homepage:/app/config"
"/var/run/podman/podman.sock:/var/run/docker.sock"
];
};
};
}

39
common/fragments/mastodon.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, pkgs, ... }:
{
services.mastodon = {
enable = true;
package = pkgs.agatha-mastodon;
localDomain = "technogothic.net";
configureNginx = false;
smtp.fromAddress = "noreply@technogothic.net";
smtp.createLocally = false;
database.passwordFile = "/var/lib/mastodon/secrets/db-password";
streamingProcesses = 4;
elasticsearch = {
host = "127.0.0.1";
inherit (config.services.elasticsearch) port;
};
extraConfig = {
WEB_DOMAIN = "fv.technogothic.net";
GITHUB_REPOSITORY = "AgathaSorceress/mastodon";
AUTHORIZED_FETCH = "true";
MAX_TOOT_CHARS = "6666";
MAX_POLL_OPTIONS = "128";
MAX_POLL_OPTION_CHARS = "512";
EXTRA_DATA_HOSTS = "https://ftp.technogothic.net";
MASTODON_VERSION_METADATA = "AGATHA+AGATHA";
};
};
systemd.services.mastodon-web.path = [ pkgs.imagemagick ];
users.groups.mastodon.members = [ config.services.nginx.user ];
services.elasticsearch = {
enable = true;
cluster_name = "mastodon-es";
package = pkgs.elasticsearch7;
};
}

14
common/fragments/matrix-ril100.nix Normal file
View File

@ -0,0 +1,14 @@
{ pkgs, ... }: {
systemd.services.matrix-ril100 = {
wantedBy = [ "multi-user.target" ];
description = "A matrix bot that looks up RIL100 codes and station names";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.matrix-ril100}/bin/matrix-ril100";
WorkingDirectory = "/var/lib/matrix-ril100";
Restart = "always";
};
};
}

16
common/fragments/mc-status-bot.nix Normal file
View File

@ -0,0 +1,16 @@
{ pkgs, ... }: {
systemd.services.mc-status-bot = {
wantedBy = [ "multi-user.target" ];
description = "Minecraft server status bot for Matrix";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${
pkgs.callPackage ../pkgs/mc-status-bot.nix { }
}/bin/mc-status-bot.sh";
EnvironmentFile = "/var/lib/secrets/mc-status-bot-env";
Restart = "always";
};
};
}

37
common/fragments/minecraft.nix
View File

@ -1,7 +1,11 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
let let
rsyncSSHKeys = config.users.users.agatha.openssh.authorizedKeys.keys rsyncSSHKeys = config.users.users.agatha.openssh.authorizedKeys.keys;
++ config.users.users.julia.openssh.authorizedKeys.keys;
jre8 = pkgs.temurin-bin-8; jre8 = pkgs.temurin-bin-8;
jre17 = pkgs.temurin-bin-17; jre17 = pkgs.temurin-bin-17;
@ -33,17 +37,18 @@ let
allow-flight = true; allow-flight = true;
max-tick-time = 2 * 60 * 1000; max-tick-time = 2 * 60 * 1000;
}; };
in { in
{
services.modded-minecraft-servers = { services.modded-minecraft-servers = {
eula = true; eula = true;
instances = { instances = {
# End to End encrypted modded minecraft yay # End to End encrypted modded minecraft yay
e2e = { e2e = {
enable = true; enable = false;
inherit rsyncSSHKeys jvmOpts; inherit rsyncSSHKeys jvmOpts;
jvmInitialAllocation = "2G"; jvmInitialAllocation = "1G";
jvmMaxAllocation = "8G"; jvmMaxAllocation = "8G";
jvmPackage = jre8; jvmPackage = jre8;
@ -54,10 +59,28 @@ in {
extra-options.level-type = "BIOMESOP"; extra-options.level-type = "BIOMESOP";
}; };
}; };
enigmatica-8 = {
enable = false;
inherit rsyncSSHKeys jvmOpts;
jvmInitialAllocation = "1G";
jvmMaxAllocation = "8G";
jvmPackage = jre17;
serverConfig = serverDefaults // {
server-port = 25567;
rcon-port = 25568;
motd = "Enigmeowtica 8";
max-tick-time = 300000;
};
};
}; };
}; };
systemd.services.mc-e2e.path = with pkgs; [ getconf gawk ]; systemd.services.mc-e2e.path = with pkgs; [
getconf
gawk
];
users.users.agatha.packages = with pkgs; [ mcrcon ]; users.users.agatha.packages = with pkgs; [ mcrcon ];
} }

2
common/fragments/nyandroid.nix
View File

@ -1,4 +1,4 @@
_: { {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
"nyandroid" = { "nyandroid" = {
image = "registry.gitlab.com/xenua/nyandroid:latest"; image = "registry.gitlab.com/xenua/nyandroid:latest";

22
common/fragments/postgres.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, ... }: {
services.postgresql = {
settings = {
max_connections = 200;
shared_buffers = "4GB";
effective_cache_size = "12GB";
maintenance_work_mem = "1GB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 300;
work_mem = "10485kB";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 4;
max_parallel_workers_per_gather = 2;
max_parallel_workers = 4;
max_parallel_maintenance_workers = 2;
};
};
}

11
common/fragments/prometheus_exporters.nix
View File

@ -20,6 +20,17 @@
enable = true; enable = true;
port = 9003; port = 9003;
}; };
process = {
enable = true;
port = 9005;
settings.process_names = [
# Remove nix store path from process name
{
name = "{{.Matches.Wrapped}} {{ .Matches.Args }}";
cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ];
}
];
};
}; };
}; };

29
common/fragments/prosody.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, ... }:
let
ssl = {
cert = "${
config.security.acme.certs."technogothic.net".directory
}/fullchain.pem";
key = "${config.security.acme.certs."technogothic.net".directory}/key.pem";
};
in {
services.prosody = {
enable = true;
admins = [ "Agatha@argent.technogothic.net" ];
inherit ssl;
virtualHosts."argent.technogothic.net" = {
enabled = true;
domain = "argent.technogothic.net";
inherit ssl;
};
muc = [{ domain = "muc.argent.technogothic.net"; }];
uploadHttp.domain = "upload.argent.technogothic.net";
};
users.users."${config.services.prosody.user}".extraGroups =
[ "acme" "nginx" ];
networking.firewall.allowedTCPPorts = [ 5000 5222 5269 5281 ];
}

53
common/fragments/restic.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, ... }: {
services.restic.backups.${config.networking.hostName} = {
initialize = true;
repository = "rest:http://10.20.1.2:8000/${config.networking.hostName}/";
passwordFile = "/var/lib/secrets/restic-password";
environmentFile = "/var/lib/secrets/restic-env";
timerConfig = {
OnCalendar = "*-*-* 20:00"; # Daily at 20:00
Persistent = true;
};
paths = [ "/home/agatha" "/mnt/hdd" ];
exclude = [
".Trash*"
".gradle"
"/home/agatha/.XCompose"
"/home/agatha/.Xresources"
"/home/agatha/.cache"
"/home/agatha/.cargo"
"/home/agatha/.config"
"!/home/agatha/.config/gzdoom"
"/home/agatha/.gnupg"
"/home/agatha/.gtkrc-2.0"
"/home/agatha/.java"
"/home/agatha/.local"
"!/home/agatha/.local/share/PrismLauncher"
"/home/agatha/.manpath"
"/home/agatha/.minecraft"
"/home/agatha/.nix-defexpr"
"/home/agatha/.nix-profile"
"/home/agatha/.themes"
"/home/agatha/Desktop"
"/home/agatha/etc/deadname destruction"
"/home/agatha/go"
"/home/agatha/mount"
"/home/agatha/projects/java/**/build"
"/home/agatha/projects/mastodon"
"/home/agatha/projects/rust/**/target"
"/home/agatha/projects/rust/helix/runtime"
"/home/agatha/projects/snek/**/venv"
"__pycache__"
"lost+found"
];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 12" ];
};
systemd.timers."restic-backups-${config.networking.hostName}".after =
[ "network-online.target" ];
}

10
common/fragments/sponsorblock.nix Normal file
View File

@ -0,0 +1,10 @@
{
virtualisation.oci-containers.containers = {
"isponsorblocktv" = {
image = "ghcr.io/dmunozv04/isponsorblocktv";
autoStart = true;
volumes = [ "/var/lib/sponsorblock:/app/data" ];
extraOptions = [ "--network=host" ];
};
};
}

39
common/fragments/virt.nix Normal file
View File

@ -0,0 +1,39 @@
{ pkgs, lib, ... }:
{
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"amdgpu"
];
kernelParams =
let
gpuIDs = [
"1002:67df" # Graphics
"1002:aaf0" # Audio
];
in
[
# enable IOMMU
"amd_iommu=on"
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs)
];
};
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
services.openssh.settings.X11Forwarding = true;
# Virtualization
virtualisation.libvirtd = {
enable = true;
onBoot = "start";
onShutdown = "shutdown";
};
programs.virt-manager.enable = true;
users.users.agatha.extraGroups = [ "libvirtd" ];
}

3
common/fragments/yubikey.nix
View File

@ -4,7 +4,8 @@
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "gnome3"; pinentryPackage = pkgs.pinentry-gnome3;
enableExtraSocket = true;
}; };
services.pcscd.enable = true; services.pcscd.enable = true;

139
common/home_manager/common.nix
View File

@ -1,23 +1,28 @@
{ pkgs, config, lib, ... }: { {
pkgs,
config,
lib,
...
}:
{
imports = [ ../../common/home_manager/helix.nix ]; imports = [ ../../common/home_manager/helix.nix ];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.users.agatha = { home-manager.users.agatha = {
home.username = "agatha"; home.username = "agatha";
home.homeDirectory = "/home/agatha"; home.homeDirectory = lib.mkDefault "/home/agatha";
home.stateVersion = config.system.stateVersion; # Fallback for nix-darwin
home.stateVersion = if pkgs.stdenv.isLinux then config.system.stateVersion else "24.11";
home.packages = with pkgs; [ home.packages = with pkgs; [
bat bat
btop btop
choose choose
exa eza
fd fd
fzf fzf
gnupg gnupg
ouch ouch
ripgrep ripgrep
tealdeer
zoxide
]; ];
programs = { programs = {
@ -30,18 +35,35 @@
signing.key = "33185E0D62AD7294379947D4C37ABADDB597BCA1"; signing.key = "33185E0D62AD7294379947D4C37ABADDB597BCA1";
signing.signByDefault = true; signing.signByDefault = true;
aliases = { aliases = {
plog = plog = "log --graph --pretty=format:'%h -%d %s -%an %n' --abbrev-commit --date=relative --branches";
"log --graph --pretty=format:'%h -%d %s -%an %n' --abbrev-commit --date=relative --branches";
pfusch = "push --force-with-lease"; pfusch = "push --force-with-lease";
stat = "diff --compact-summary"; stat = "diff --compact-summary";
undo = "reset --soft HEAD~"; undo = "reset --soft HEAD~";
unstage = "restore --staged";
}; };
extraConfig = { extraConfig = {
init = { defaultBranch = "mistress"; }; init = {
core = { editor = "hx"; }; defaultBranch = "mistress";
};
core = {
editor = "hx";
};
merge.conflictStyle = "zdiff3";
rebase.autosquash = true; rebase.autosquash = true;
pull.rebase = true; pull.rebase = true;
}; };
delta = {
enable = true;
options = {
blame-format = "{timestamp:<15} {author:<18.18} {commit:<8}";
file-modified-label = "modified:";
hunk-header-decoration-style = "blue ul ol";
line-numbers = true;
navigate = true;
navigate-regex = "^(commit|added:|removed:|renamed:|modified:)";
};
};
}; };
starship = { starship = {
@ -54,8 +76,11 @@
"$character" "$character"
"$directory" "$directory"
]; ];
right_format = right_format = lib.concatStrings [
lib.concatStrings [ "$git_branch" " " "$cmd_duration" ]; "$git_branch"
" "
"$cmd_duration"
];
character = { character = {
success_symbol = ""; success_symbol = "";
error_symbol = "[ ](purple)"; error_symbol = "[ ](purple)";
@ -67,10 +92,12 @@
style = "cyan"; style = "cyan";
read_only_style = "cyan"; read_only_style = "cyan";
}; };
cmd_duration = { min_time = 10000; }; cmd_duration = {
min_time = 10000;
};
git_branch = { git_branch = {
format = "$symbol $branch"; format = "$symbol $branch";
symbol = ""; symbol = "󰘬";
}; };
hostname = { hostname = {
ssh_only = false; ssh_only = false;
@ -81,11 +108,6 @@
fish = { fish = {
enable = true; enable = true;
interactiveShellInit = builtins.readFile (pkgs.fetchurl {
url =
"https://git.lain.faith/sorceress/dotfiles/raw/commit/80be649e9663e3db67041192c714329e20b10cc9/.config/fish/config.fish";
sha256 = "sha256-ZZCTXnRZfotksiJj7iVJnLz+XnWHTlIsZzv3gbbZoRQ=";
});
plugins = [ plugins = [
{ {
name = "fzf"; name = "fzf";
@ -106,6 +128,79 @@
}; };
} }
]; ];
shellAliases = {
ls = "eza -lhT --classify=always --group-directories-first --level 1";
cat = "bat";
ip = "ip -color=always";
youtube-dl-audio = ''yt-dlp --ignore-errors --output "%(title)s.%(ext)s" --extract-audio --audio-format best'';
# rsync = "rsync -az --partial --info=progress2";
};
shellAliases.tailscale = lib.mkIf (
!pkgs.stdenv.isLinux
) "/Applications/Tailscale.app/Contents/MacOS/Tailscale";
functions = {
expand-dot-to-parent-directory-path = ''
# expand ... to ../.. etc
# https://github.com/fish-shell/fish-shell/issues/1891#issuecomment-451961517
# Get commandline up to cursor
set -l cmd (commandline --cut-at-cursor)
# Match last line
switch $cmd[-1]
case '*..'
commandline --insert '/.'
case '*'
commandline --insert '.'
end
'';
impostor = ''
echo $argv[1] | string sub -s 13 | fold -w1 | shuf | tr -d '\n' | sed 's/^/cccccbeujtje/'
'';
};
shellInit = ''
set -Ux AWT_TOOLKIT MToolkit
set -Ux JDK_JAVA_OPTIONS "-Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Djdk.gtk.version=3 -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true"
# Zoxide
set -Ux _ZO_FZF_OPTS "--no-sort --height=30% --exit-0 --select-1 --bind=ctrl-z:ignore"
# Fix locale errors in Nix
set -Ux LOCALE_ARCHIVE /usr/lib/locale/locale-archive
# PATH
set -gx fish_user_paths $fish_user_paths \
/home/agatha/.local/bin \
/home/agatha/.cargo/bin \
/home/agatha/.cabal/bin
if type -q ruby
fish_add_path -a (ruby -e 'print Gem.user_dir')/bin
end
bind . 'expand-dot-to-parent-directory-path'
if test -d ~/.gnupg
set -e SSH_AGENT_PID
set -x SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket)
# so gpg-agent knows in what tty to prompt for key passwords
set -x GPG_TTY (tty)
gpg-connect-agent updatestartuptty /bye > /dev/null
end
'';
};
tealdeer = {
enable = true;
settings = {
updates.auto_update = true;
};
};
zoxide = {
enable = true;
enableFishIntegration = true;
options = [ "--cmd v" ];
}; };
command-not-found.enable = false; command-not-found.enable = false;
@ -114,6 +209,10 @@
enableFishIntegration = true; enableFishIntegration = true;
}; };
}; };
home.file.".sqliterc".text = ''
.headers on
.mode column
'';
}; };
} }

131
common/home_manager/helix.nix
View File

@ -1,27 +1,44 @@
{ pkgs, config, ... }: { { pkgs, lib, ... }:
{
# Set editor
environment.variables.EDITOR = "hx";
home-manager.users.agatha = { home-manager.users.agatha = {
# Formatters/Language Servers that Helix uses # Formatters/Language Servers that Helix uses
home.packages = with pkgs; [ nixfmt ]; home.packages = with pkgs; [ nixfmt-rfc-style ];
programs = { programs = {
helix = { helix = {
enable = true; enable = true;
package = pkgs.helix; package = pkgs.helix;
languages = [{ languages = {
language = [
{
name = "nix"; name = "nix";
auto-format = true; auto-format = true;
formatter = { command = "nixfmt"; }; formatter = {
}]; command = "nixfmt";
};
}
];
};
settings = { settings = {
theme = "paramount-dark"; theme = lib.mkDefault "paramount-dark";
editor = { editor = {
middle-click-paste = false; middle-click-paste = false;
scroll-lines = 4; scroll-lines = 4;
shell = [ "fish" "-c" ]; shell = [
"fish"
"-c"
];
bufferline = "multiple"; bufferline = "multiple";
statusline = { statusline = {
left = [ "mode" "spinner" "file-name" ]; left = [
"mode"
"spinner"
"file-name"
];
right = [ right = [
"workspace-diagnostics" "workspace-diagnostics"
"position" "position"
@ -34,7 +51,9 @@
separator = " "; separator = " ";
}; };
cursor-shape = { insert = "bar"; }; cursor-shape = {
insert = "bar";
};
whitespace.render = { whitespace.render = {
tab = "all"; tab = "all";
@ -56,13 +75,25 @@
keys = { keys = {
insert = { insert = {
"C-left" = [ "move_prev_word_start" "collapse_selection" ]; "C-left" = [
"C-right" = [ "move_next_word_start" "collapse_selection" ]; "move_prev_word_start"
"collapse_selection"
];
"C-right" = [
"move_next_word_start"
"collapse_selection"
];
}; };
normal = { normal = {
"C-left" = [ "move_prev_word_start" "collapse_selection" ]; "C-left" = [
"C-right" = [ "move_next_word_start" "collapse_selection" ]; "move_prev_word_start"
"collapse_selection"
];
"C-right" = [
"move_next_word_start"
"collapse_selection"
];
"A-d" = "delete_selection"; "A-d" = "delete_selection";
"d" = "delete_selection_noyank"; "d" = "delete_selection_noyank";
}; };
@ -70,7 +101,8 @@
}; };
themes = { themes = {
paramount-dark = let paramount-dark =
let
medium_gray = "#767676"; medium_gray = "#767676";
lighter_black = "#4E4E4E"; lighter_black = "#4E4E4E";
lighter_gray = "#C6C6C6"; lighter_gray = "#C6C6C6";
@ -80,11 +112,14 @@
dark_purple = "#af5fd7"; dark_purple = "#af5fd7";
light_purple = "#a790d5"; light_purple = "#a790d5";
dark_yellow = "#A89C14"; dark_yellow = "#A89C14";
in { in
inherits = "hex_lavender"; {
"ui.background" = {
"ui.background" = { bg = "black"; }; bg = "black";
"ui.gutter" = { bg = "black"; }; };
"ui.gutter" = {
bg = "black";
};
"ui.menu.selected" = { "ui.menu.selected" = {
fg = lighter_gray; fg = lighter_gray;
bg = light_purple; bg = light_purple;
@ -110,9 +145,17 @@
fg = medium_gray; fg = medium_gray;
modifiers = [ "italic" ]; modifiers = [ "italic" ];
}; };
"punctuation" = { fg = medium_gray; }; "punctuation" = {
fg = medium_gray;
};
"ui.linenr" = medium_gray; "ui.linenr" = medium_gray;
"ui.linenr.selected" = { fg = light_purple; }; "ui.linenr.selected" = {
fg = light_purple;
};
"ui.window" = medium_gray;
"ui.text" = lighter_gray;
"ui.text.focus" = light_purple;
"ui.virtual.whitespace" = lighter_black;
"string.special.url" = { "string.special.url" = {
fg = lighter_gray; fg = lighter_gray;
underline = { underline = {
@ -161,16 +204,23 @@
"diff.plus" = light_green; "diff.plus" = light_green;
"diff.minus" = light_red; "diff.minus" = light_red;
"diff.delta" = dark_yellow; "diff.delta" = dark_yellow;
"ui.cursor" = { bg = lighter_gray; }; "ui.cursor" = {
"ui.cursor.insert" = { bg = light_purple; }; bg = lighter_gray;
"ui.cursor.select" = { bg = dark_purple; }; };
"ui.cursor.insert" = {
bg = light_purple;
};
"ui.cursor.select" = {
bg = dark_purple;
};
"ui.cursor.match" = { "ui.cursor.match" = {
fg = lighter_gray; fg = lighter_gray;
bg = medium_gray; bg = medium_gray;
}; };
"namespace" = medium_gray; "namespace" = medium_gray;
}; };
paramount-light = let paramount-light =
let
medium_gray = "#767676"; medium_gray = "#767676";
actual_white = "#FFFFFF"; actual_white = "#FFFFFF";
light_black = "#262626"; light_black = "#262626";
@ -179,11 +229,16 @@
dark_green = "#10A778"; dark_green = "#10A778";
dark_purple = "#af5fd7"; dark_purple = "#af5fd7";
dark_yellow = "#A89C14"; dark_yellow = "#A89C14";
in { in
{
inherits = "spacebones_light"; inherits = "spacebones_light";
"ui.background" = { bg = actual_white; }; "ui.background" = {
"ui.gutter" = { bg = actual_white; }; bg = actual_white;
};
"ui.gutter" = {
bg = actual_white;
};
"ui.menu.selected" = { "ui.menu.selected" = {
fg = light_black; fg = light_black;
bg = dark_purple; bg = dark_purple;
@ -213,9 +268,13 @@
fg = medium_gray; fg = medium_gray;
modifiers = [ "italic" ]; modifiers = [ "italic" ];
}; };
"punctuation" = { fg = medium_gray; }; "punctuation" = {
fg = medium_gray;
};
"ui.linenr" = medium_gray; "ui.linenr" = medium_gray;
"ui.linenr.selected" = { fg = dark_purple; }; "ui.linenr.selected" = {
fg = dark_purple;
};
"string.special.url" = { "string.special.url" = {
fg = light_black; fg = light_black;
underline = { underline = {
@ -264,9 +323,15 @@
"diff.plus" = dark_green; "diff.plus" = dark_green;
"diff.minus" = dark_red; "diff.minus" = dark_red;
"diff.delta" = dark_yellow; "diff.delta" = dark_yellow;
"ui.cursor" = { bg = light_black; }; "ui.cursor" = {
"ui.cursor.insert" = { bg = dark_purple; }; bg = light_black;
"ui.cursor.select" = { bg = dark_purple; }; };
"ui.cursor.insert" = {
bg = dark_purple;
};
"ui.cursor.select" = {
bg = dark_purple;
};
"ui.cursor.match" = { "ui.cursor.match" = {
fg = light_black; fg = light_black;
bg = medium_gray; bg = medium_gray;

71
common/linux-specific.nix Normal file
View File

@ -0,0 +1,71 @@
{ config, ... }:
{
imports = [ ./users ];
## Optimizations
# Clean /tmp
boot.tmp.cleanOnBoot = true;
# Garbage collection
nix.gc.dates = "weekly";
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
settings.PasswordAuthentication = false;
};
services.earlyoom = {
enable = true;
freeSwapThreshold = 5;
freeMemThreshold = 5;
extraArgs = [
"-g"
"--avoid '^(sshd|systemd.*|tailscale.*|)$'"
];
};
# Fix Wireguard and Tailscale with NetworkManager
networking.firewall = {
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
services.tailscale.enable = true;
}

32
common/pkgs/bin.nix
View File

@ -1,18 +1,36 @@
{ rustPlatform, fetchFromGitHub }: { pkgs }:
rustPlatform.buildRustPackage rec { pkgs.rustPlatform.buildRustPackage rec {
name = "bin"; pname = "bin";
version = "3bbd64611f2a5dee91528976f6db17ff9844315a"; version = "e8fac0f0c8c9b48e3933c6f4a9e607a99cc97cf8";
src = fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "WantGuns"; owner = "WantGuns";
repo = name; repo = pname;
rev = version; rev = version;
sha256 = "0lyx8n4rpnyd7c6yjx8aa3zwxlfwj3db0ykrxdvlsaw4wrqlfk7i"; sha256 = "sha256-c5iuk1T3x17iEbLAno716pkQkRtVsB0UJzgIrR64Uec=";
}; };
# Use custom syntax highlighting theme
preBuild = ''
cp ${
../../external/paramount-dark.tmTheme
} resources/themes/paramount-dark.tmTheme
substituteInPlace src/models/pretty.rs \
--replace "ayu_dark.tmTheme" "paramount-dark.tmTheme" \
substituteInPlace static/css/index.css static/css/pretty.css templates/* \
--replace "#0f1419" "#000000" \
--replace "#f29718" "#a790d5" \
--replace "#F29718" "#a790d5" \
--replace "#be7611" "#8673aa"
'';
cargoLock = { lockFile = "${src}/Cargo.lock"; }; cargoLock = { lockFile = "${src}/Cargo.lock"; };
nativeBuildInputs = [ pkgs.git ];
meta = { meta = {
description = "highly opinionated, minimal pastebin"; description = "highly opinionated, minimal pastebin";
homepage = "https://github.com/WantGuns/bin"; homepage = "https://github.com/WantGuns/bin";

167
common/pkgs/mastodon/default.nix Normal file
View File

@ -0,0 +1,167 @@
{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests, yarn-berry, callPackage
, imagemagick, ffmpeg, file, ruby, writeShellScript, brotli
# Allow building a fork or custom version of Mastodon:
, pname ? "mastodon", version ? srcOverride.version, patches ? [ ]
# src is a package
, srcOverride ? callPackage ./source.nix { inherit patches; }
, gemset ? ./. + "/gemset.nix", yarnHash ? srcOverride.yarnHash }:
stdenv.mkDerivation rec {
inherit pname version;
src = srcOverride;
mastodonGems = bundlerEnv {
name = "${pname}-gems-${version}";
inherit version gemset ruby;
gemdir = src;
# This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem
# symlinks with directories, resolving this error when running rake:
# /nix/store/451rhxkggw53h7253izpbq55nrhs7iv0-mastodon-gems-3.0.1/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:6:in `<module:Bundler>': uninitialized constant Bundler::Settings (NameError)
postBuild = ''
for gem in "$out"/lib/ruby/gems/*/gems/*; do
cp -a "$gem/" "$gem.new"
rm "$gem"
# needed on macOS, otherwise the mv yields permission denied
chmod +w "$gem.new"
mv "$gem.new" "$gem"
done
'';
};
mastodonModules = stdenv.mkDerivation {
pname = "${pname}-modules";
inherit src version;
yarnOfflineCache = callPackage ./yarn.nix {
src = srcOverride;
hash = yarnHash;
};
nativeBuildInputs =
[ nodejs-slim yarn-berry mastodonGems mastodonGems.wrappedRuby brotli ];
RAILS_ENV = "production";
NODE_ENV = "production";
buildPhase = ''
runHook preBuild
export HOME=$PWD
# This option is needed for openssl-3 compatibility
# Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
export NODE_OPTIONS=--openssl-legacy-provider
export YARN_ENABLE_TELEMETRY=0
mkdir -p ~/.yarn/berry
ln -sf $yarnOfflineCache ~/.yarn/berry/cache
yarn install --immutable --immutable-cache
patchShebangs ~/bin
patchShebangs ~/node_modules
# skip running yarn install
rm -rf ~/bin/yarn
OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
rails assets:precompile
yarn cache clean
rm -rf ~/node_modules/.cache
# Create missing static gzip and brotli files
gzip --best --keep ~/public/assets/500.html
gzip --best --keep ~/public/packs/report.html
find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
-exec gzip --best --keep --force {} ';'
brotli --best --keep ~/public/packs/report.html
find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
-exec brotli --best --keep {} ';'
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/public
cp -r node_modules $out/node_modules
cp -r public/assets $out/public
cp -r public/packs $out/public
runHook postInstall
'';
};
propagatedBuildInputs = [ imagemagick ffmpeg file mastodonGems.wrappedRuby ];
buildInputs = [ mastodonGems nodejs-slim ];
buildPhase = ''
runHook preBuild
ln -s $mastodonModules/node_modules node_modules
ln -s $mastodonModules/public/assets public/assets
ln -s $mastodonModules/public/packs public/packs
patchShebangs bin/
for b in $(ls $mastodonGems/bin/)
do
if [ ! -f bin/$b ]; then
ln -s $mastodonGems/bin/$b bin/$b
fi
done
# Remove execute permissions
chmod 0444 public/emoji/*.svg
# Create missing static gzip and brotli files
find public -maxdepth 1 -type f -regextype posix-extended -iregex '.*\.(css|js|svg|txt|xml)' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
find public/emoji -type f -name '.*.svg' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
ln -s assets/500.html.gz public/500.html.gz
ln -s assets/500.html.br public/500.html.br
ln -s packs/sw.js.gz public/sw.js.gz
ln -s packs/sw.js.br public/sw.js.br
ln -s packs/sw.js.map.gz public/sw.js.map.gz
ln -s packs/sw.js.map.br public/sw.js.map.br
rm -rf log
ln -s /var/log/mastodon log
ln -s /tmp tmp
runHook postBuild
'';
installPhase = let
run-streaming = writeShellScript "run-streaming.sh" ''
# NixOS helper script to consistently use the same NodeJS version the package was built with.
${nodejs-slim}/bin/node ./streaming
'';
in ''
runHook preInstall
mkdir -p $out
cp -r * $out/
ln -s ${run-streaming} $out/run-streaming.sh
runHook postInstall
'';
passthru = {
tests.mastodon = nixosTests.mastodon;
# run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon
updateScript = ./update.sh;
};
meta = with lib; {
description =
"Self-hosted, globally interconnected microblogging software based on ActivityPub";
homepage = "https://joinmastodon.org";
license = licenses.agpl3Plus;
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
maintainers = with maintainers; [ happy-river erictapen izorkin ghuntley ];
};
}

3393
common/pkgs/mastodon/gemset.nix Normal file
View File

File diff suppressed because it is too large Load Diff

22
common/pkgs/mastodon/source.nix Normal file
View File

@ -0,0 +1,22 @@
# This file was generated by pkgs.mastodon.updateScript.
{
fetchFromGitHub,
applyPatches,
patches ? [ ],
}:
let
version = "0529f742ecbcf902ffa4ab9283579f72eae78361";
in
(applyPatches {
src = fetchFromGitHub {
owner = "AgathaSorceress";
repo = "mastodon";
rev = "${version}";
hash = "sha256-rAHCQHVv4tZqbRhx43T3YEnsR/THR6gzzjv5yUO4GIU=";
};
patches = patches ++ [ ];
})
// {
inherit version;
yarnHash = "sha256-wdEunwUsV/IaJvNq+YIqRXNKLBrqPeeL5Ig+33dT/AY=";
}

101
common/pkgs/mastodon/update.sh Executable file
View File

@ -0,0 +1,101 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-github gnused jq prefetch-yarn-deps
set -e
OWNER=mastodon
REPO=mastodon
POSITIONAL=()
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
--owner)
OWNER="$2"
shift # past argument
shift # past value
;;
--repo)
REPO="$2"
shift # past argument
shift # past value
;;
--rev)
REVISION="$2"
shift # past argument
shift # past value
;;
--patches)
PATCHES="$2"
shift # past argument
shift # past value
;;
*) # unknown option
POSITIONAL+=("$1")
shift # past argument
;;
esac
done
if [[ -n "$POSITIONAL" ]]; then
echo "Usage: update.sh [--owner OWNER] [--repo REPO] [--rev REVISION] [--patches PATCHES]"
echo "OWNER and REPO must be paths on github."
echo "If OWNER and REPO are not provided, it defaults they default to mastodon and mastodon."
echo "PATCHES, if provided, should be one or more Nix expressions separated by spaces."
exit 1
fi
rm -f gemset.nix source.nix
cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1
WORK_DIR=$(mktemp -d)
# Check that working directory was created.
if [[ -z "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
echo "Could not create temporary directory"
exit 1
fi
# Delete the working directory on exit.
function cleanup {
# Report errors, if any, from nix-prefetch-git
grep "fatal" $WORK_DIR/nix-prefetch-git.out >/dev/stderr || true
rm -rf "$WORK_DIR"
}
trap cleanup EXIT
echo "Fetching source code $REVISION"
JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
HASH=$(echo "$JSON" | jq -r .hash)
cat > source.nix << EOF
# This file was generated by pkgs.mastodon.updateScript.
{ fetchFromGitHub, applyPatches, patches ? [] }:
let
version = "$REVISION";
in
(
applyPatches {
src = fetchFromGitHub {
owner = "$OWNER";
repo = "$REPO";
rev = "\${version}";
hash = "$HASH";
};
patches = patches ++ [$PATCHES];
}) // {
inherit version;
yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
}
EOF
SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
echo "Creating gemset.nix"
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
echo "" >> gemset.nix # Create trailing newline to please EditorConfig checks
# echo "Creating yarn-hash.nix"
# YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")"
# YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
# sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix
sed -i -Ee "s|^( *yarnHash = )\".*\";|\\1\"\";|g;" ./source.nix

39
common/pkgs/mastodon/yarn.nix Normal file
View File

@ -0,0 +1,39 @@
{ stdenvNoCC, yarn-berry, cacert, src, hash }:
stdenvNoCC.mkDerivation {
pname = "yarn-deps";
version = hash;
nativeBuildInputs = [ yarn-berry cacert ];
inherit src;
dontInstall = true;
NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
mkdir -p $out
export HOME=$(mktemp -d)
echo $HOME
export YARN_ENABLE_TELEMETRY=0
export YARN_COMPRESSION_LEVEL=0
cache="$(yarn config get cacheFolder)"
if ! yarn install --immutable --mode skip-build; then
cp yarn.lock yarn.lock.bak
yarn install --mode skip-build
diff -u yarn.lock.bak yarn.lock
echo "yarn build failed! diff generated as yarn.lock.diff"
pwd
exit 1
fi
cp -r $cache/* $out/
'';
outputHashAlgo = "sha256";
outputHash = hash;
outputHashMode = "recursive";
}

21
common/pkgs/mc-status-bot.nix Normal file
View File

@ -0,0 +1,21 @@
{ pkgs }:
with pkgs;
stdenv.mkDerivation rec {
pname = "mc-status-bot";
version = "0.1.0";
src = fetchgit {
url = "https://git.lain.faith/sorceress/e8-status-bot.git";
rev = "c35abf0aba0ca524bc1d3dab9576b41e2b319138";
hash = "sha256-sK0Azd/3ymk5Jsj/GYmNJvYh9fMXFozTuWZhKnYTGbs=";
};
buildInputs = [ curl jq ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp run.sh $out/bin/mc-status-bot.sh
wrapProgram $out/bin/mc-status-bot.sh \
--prefix PATH : ${lib.makeBinPath buildInputs}
'';
}

58
common/pkgs/vampysite.nix
View File

@ -1,58 +0,0 @@
{ pkgs, lib, ... }:
let
version = "10768ce069f5c08e8e4393c494f0c6900922170c";
repo = pkgs.fetchgit {
url = "https://git.lain.faith/sorceress/vampysite.git";
rev = version;
sha256 = "1lniwqyhj6r3pwwd4qp01yhfxjbwclw5dn58dgf4kk45f9qgniy3";
};
patched_pkgs = import (builtins.fetchTarball
"https://github.com/AgathaSorceress/nixpkgs/tarball/image-optim-pack-cleanup") {
inherit (pkgs) config;
};
jekyll_env = patched_pkgs.bundlerEnv {
name = "jekyll_env";
inherit (pkgs) ruby;
gemdir = "${repo}/.";
};
image_optim_deps = with pkgs; [
pngout
advancecomp
optipng
pngquant
jhead
jpegoptim
jpeg-archive
libjpeg
];
in pkgs.stdenv.mkDerivation {
inherit version;
name = "vampysite";
src = repo;
buildInputs = with pkgs; [
jekyll_env
# nokogiri dependencies
zlib
libiconv
libxml2
libxslt
# jekyll wants a JS runtime
nodejs-slim
];
buildPhase = ''
export PATH="${lib.escapeShellArg (lib.makeBinPath image_optim_deps)}":$PATH
bundle exec jekyll build
'';
installPhase = ''
mkdir -p $out
cp -r _site/* $out/
'';
}

17
common/remote-builds.nix Normal file
View File

@ -0,0 +1,17 @@
{
nix.distributedBuilds = true;
nix.buildMachines = [
{
hostName = "tears";
systems = [
"x86_64-linux"
"i686-linux"
];
supportedFeatures = [ "big-parallel" ];
maxJobs = 4;
sshUser = "root";
sshKey = "/Users/agatha/Projects/nix-infra/secrets/id_ed25519-nix-builder";
}
];
}

9
common/users/default.nix
View File

@ -1,9 +1,14 @@
{ config, pkgs, ... }: { { config, pkgs, ... }:
{
users.users = { users.users = {
agatha = { agatha = {
isNormalUser = true; isNormalUser = true;
description = "Agatha Valentine Lovelace"; description = "Agatha Valentine Lovelace";
extraGroups = [ "networkmanager" "wheel" "docker" ]; extraGroups = [
"networkmanager"
"wheel"
"docker"
];
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [

13
common/users/julia.nix
View File

@ -1,13 +0,0 @@
{ config, pkgs, ... }: {
users.users = {
julia = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIa/G3M13aVJpOIX8U/5duiGiNNGmM88/0k0+o0EUGRI cardno:20 876 680"
];
};
};
}

BIN
external/6.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.7 MiB

247
external/paramount-dark.tmTheme vendored Normal file
View File

@ -0,0 +1,247 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- Color Theme paramount-dark, created by Oskar Wickström .
Created with ThemeCreator, https://github.com/mswift42/themecreator -->
<plist version="1.0">
<dict>
<key>author</key>
<string> Oskar Wickström</string>
<key>name</key>
<string>paramount-dark</string>
<key>settings</key>
<array>
<dict>
<key>settings</key>
<dict>
<key>background</key>
<string>#000000</string>
<key>caret</key>
<string>#292929</string>
<key>foreground</key>
<string>#C6C6C6</string>
<key>invisibles</key>
<string>#292929</string>
<key>lineHighlight</key>
<string>#141414</string>
<key>selection</key>
<string>#292929</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Comment</string>
<key>scope</key>
<string>comment</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#4E4E4E</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Foreground</string>
<key>scope</key>
<string>keyword.operator.class, constant.other, source.php.embedded.line</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a6a6a6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Variable, String Link, Regular Expression, Tag Name, GitGutter deleted</string>
<key>scope</key>
<string>variable, support.other.variable, string.other.link, string.regexp, entity.name.tag, entity.other.attribute-name, meta.tag, declaration.tag, markup.deleted.git_gutter</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Number, Constant, Function Argument, Tag Attribute, Embedded</string>
<key>scope</key>
<string>constant.numeric, constant.language, support.constant, constant.character, variable.parameter, punctuation.section.embedded, keyword.other.unit</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a790d5</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Class, Support</string>
<key>scope</key>
<string>entity.name.class, entity.name.type.class, support.type, support.class</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>String, Symbols, Inherited Class, Markup Heading, GitGutter inserted</string>
<key>scope</key>
<string>string, constant.other.symbol, entity.other.inherited-class, entity.name.filename, markup.heading, markup.inserted.git_gutter</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a790d5</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Operator, Misc</string>
<key>scope</key>
<string>keyword.operator, constant.other.color</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Function, Special Method, Block Level, GitGutter changed</string>
<key>scope</key>
<string>entity.name.function, meta.function-call, support.function, keyword.other.special-method, meta.block-level, markup.changed.git_gutter</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Keyword, Storage</string>
<key>scope</key>
<string>keyword, storage, storage.type</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string>bold</string>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Invalid</string>
<key>scope</key>
<string>invalid</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#E32791</string>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Separator</string>
<key>scope</key>
<string>meta.separator</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Deprecated</string>
<key>scope</key>
<string>invalid.deprecated</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#a790d5</string>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#000000</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff foreground</string>
<key>scope</key>
<string>markup.inserted.diff, markup.deleted.diff, meta.diff.header.to-file, meta.diff.header.from-file</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#fafafa</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff insertion</string>
<key>scope</key>
<string>markup.inserted.diff, meta.diff.header.to-file</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#123d0f</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff deletion</string>
<key>scope</key>
<string>markup.deleted.diff, meta.diff.header.from-file</string>
<key>settings</key>
<dict>
<key>background</key>
<string></string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff header</string>
<key>scope</key>
<string>meta.diff.header.from-file, meta.diff.header.to-file</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string></string>
<key>background</key>
<string></string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff range</string>
<key>scope</key>
<string>meta.diff.range</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string>italic</string>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
</array>
<key>uuid</key>
<string></string>
<key>colorSpaceName</key>
<string>sRGB</string>
</dict>
</plist>

613
flake.lock
View File

@ -1,94 +1,66 @@
{ {
"nodes": { "nodes": {
"crane": { "ccase": {
"flake": false, "inputs": {
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils"
},
"locked": { "locked": {
"lastModified": 1670900067, "lastModified": 1692717252,
"narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=", "narHash": "sha256-TQJkvANms/5Mzh1J4qsEYOrlML17dVv7MYEoN4Z/gm0=",
"owner": "ipetkov", "owner": "rutrum",
"repo": "crane", "repo": "ccase",
"rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b", "rev": "7ca56557d0cc69641e0d0c5ae9370c48f4cce09d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "ipetkov", "owner": "rutrum",
"repo": "crane", "repo": "ccase",
"type": "github" "type": "github"
} }
}, },
"dream2nix": { "colmena": {
"inputs": { "inputs": {
"alejandra": [ "flake-compat": "flake-compat",
"helix", "flake-utils": "flake-utils",
"nci"
],
"all-cabal-json": [
"helix",
"nci"
],
"crane": "crane",
"devshell": [
"helix",
"nci"
],
"flake-parts": [
"helix",
"nci",
"parts"
],
"flake-utils-pre-commit": [
"helix",
"nci"
],
"ghc-utils": [
"helix",
"nci"
],
"gomod2nix": [
"helix",
"nci"
],
"mach-nix": [
"helix",
"nci"
],
"nix-pypi-fetcher": [
"helix",
"nci"
],
"nixpkgs": [ "nixpkgs": [
"helix", "nixpkgs-unstable"
"nci",
"nixpkgs"
], ],
"poetry2nix": [ "stable": "stable"
"helix",
"nci"
],
"pre-commit-hooks": [
"helix",
"nci"
],
"pruned-racket-catalog": [
"helix",
"nci"
]
}, },
"locked": { "locked": {
"lastModified": 1677289985, "lastModified": 1685370160,
"narHash": "sha256-lUp06cTTlWubeBGMZqPl9jODM99LpWMcwxRiscFAUJg=", "narHash": "sha256-7EAZtvHZBN4CFbUWznQicGL/g2+A/9w5JUl88xWmxkI=",
"owner": "nix-community", "owner": "AgathaSorceress",
"repo": "dream2nix", "repo": "colmena",
"rev": "28b973a8d4c30cc1cbb3377ea2023a76bc3fb889", "rev": "f279530ba0ca33f30fc3ae386ae5487e8d926460",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "AgathaSorceress",
"repo": "dream2nix", "repo": "colmena",
"type": "github" "type": "github"
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1668681692, "lastModified": 1668681692,
@ -120,6 +92,24 @@
} }
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -134,24 +124,18 @@
"type": "github" "type": "github"
} }
}, },
"helix": { "flakey-profile": {
"inputs": {
"nci": "nci",
"nixpkgs": "nixpkgs",
"parts": "parts_2",
"rust-overlay": "rust-overlay"
},
"locked": { "locked": {
"lastModified": 1678284394, "lastModified": 1712898590,
"narHash": "sha256-oEXCoNxfEmxqGuYxW7cLwINW70jeRrYqgOC40G1WBr8=", "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "helix-editor", "owner": "lf-",
"repo": "helix", "repo": "flakey-profile",
"rev": "34be71fb50738a7e9d9e5ee5090680a0d84a321c", "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "helix-editor", "owner": "lf-",
"repo": "helix", "repo": "flakey-profile",
"type": "github" "type": "github"
} }
}, },
@ -159,23 +143,58 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1678271387, "lastModified": 1747688870,
"narHash": "sha256-H2dv/i1LRlunRtrESirELzfPWdlG/6ElDB1ksO529H4=", "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "36999b8d19eb6eebb41983ef017d7e0095316af2", "rev": "d5f1f641b289553927b3801580598d200a501863",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"lix": {
"flake": false,
"locked": {
"lastModified": 1737234286,
"narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=",
"rev": "079528098f5998ba13c88821a2eca1005c1695de",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1742943028,
"narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=",
"rev": "868d97695bab9d21f6070b03957bcace249fbe3c",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/868d97695bab9d21f6070b03957bcace249fbe3c.tar.gz?rev=868d97695bab9d21f6070b03957bcace249fbe3c"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz"
}
},
"lowdown-src": { "lowdown-src": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -192,26 +211,32 @@
"type": "github" "type": "github"
} }
}, },
"mk-naked-shell": { "matrix-ril100": {
"flake": false, "inputs": {
"naersk": "naersk",
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils_2"
},
"locked": { "locked": {
"lastModified": 1676572903, "lastModified": 1688054487,
"narHash": "sha256-oQoDHHUTxNVSURfkFcYLuAK+btjs30T4rbEUtCUyKy8=", "narHash": "sha256-KHNG+9lWqsWVA1Xqkb2BJDKuRlrNV8q2CmQLk7vzuH8=",
"owner": "yusdacra", "ref": "refs/heads/mistress",
"repo": "mk-naked-shell", "rev": "fd949bede48ee1283e6917018090b2a3fb50db79",
"rev": "aeca9f8aa592f5e8f71f407d081cb26fd30c5a57", "revCount": 2,
"type": "github" "type": "git",
"url": "https://git.lain.faith/sorceress/matrix-ril100"
}, },
"original": { "original": {
"owner": "yusdacra", "type": "git",
"repo": "mk-naked-shell", "url": "https://git.lain.faith/sorceress/matrix-ril100"
"type": "github"
} }
}, },
"mms": { "mms": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nix": "nix", "nix": "nix",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -231,31 +256,44 @@
"type": "github" "type": "github"
} }
}, },
"nci": { "naersk": {
"inputs": { "inputs": {
"dream2nix": "dream2nix", "nixpkgs": "nixpkgs"
"mk-naked-shell": "mk-naked-shell",
"nixpkgs": [
"helix",
"nixpkgs"
],
"parts": "parts",
"rust-overlay": [
"helix",
"rust-overlay"
]
}, },
"locked": { "locked": {
"lastModified": 1677297103, "lastModified": 1687852486,
"narHash": "sha256-ArlJIbp9NGV9yvhZdV0SOUFfRlI/kHeKoCk30NbSiLc=", "narHash": "sha256-2rXkhKUVQxbVaC+TITPpILiy/dSbordOLs87eoWHYxA=",
"owner": "yusdacra", "owner": "nix-community",
"repo": "nix-cargo-integration", "repo": "naersk",
"rev": "a79272a2cb0942392bb3a5bf9a3ec6bc568795b2", "rev": "df10963b956962913b693a638746a95d6c506404",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "yusdacra", "owner": "nix-community",
"repo": "nix-cargo-integration", "ref": "master",
"repo": "naersk",
"type": "github"
}
},
"naersk_2": {
"inputs": {
"nixpkgs": [
"url-eater",
"nixpkgs"
]
},
"locked": {
"lastModified": 1721727458,
"narHash": "sha256-r/xppY958gmZ4oTfLiHN0ZGuQ+RSTijDblVgVLFi1mw=",
"owner": "nix-community",
"repo": "naersk",
"rev": "3fb418eaf352498f6b6c30592e3beb63df42ef11",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "naersk",
"type": "github" "type": "github"
} }
}, },
@ -279,36 +317,53 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
]
},
"locked": { "locked": {
"lastModified": 1677063315, "lastModified": 1743127615,
"narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", "narHash": "sha256-+sMGqywrSr50BGMLMeY789mSrzjkoxZiu61eWjYS/8o=",
"owner": "nixos", "owner": "LnL7",
"repo": "nixpkgs", "repo": "nix-darwin",
"rev": "988cc958c57ce4350ec248d2d53087777f9e1949", "rev": "fc843893cecc1838a59713ee3e50e9e7edc6207c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "LnL7",
"ref": "nixos-unstable", "ref": "nix-darwin-24.11",
"repo": "nixpkgs", "repo": "nix-darwin",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs": {
"locked": { "locked": {
"dir": "lib", "lastModified": 1687946342,
"lastModified": 1675183161, "narHash": "sha256-vRxti8pOuXS0rJmqjbD8ueEEFXWSK22ISHoCWkhgzzg=",
"narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e", "rev": "1c851e8c92b76a00ce84167984a7ec7ba2b1f29c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"dir": "lib", "id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1747514354,
"narHash": "sha256-ohO4Uox8WzonwEtxNvr1SsDbvnZLilxrqco1u0bEWHU=",
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable", "repo": "nixpkgs",
"rev": "a3552bafe05e3c2f24e6bc6482135837984f7073",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-24.11-darwin",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -329,6 +384,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1747728033,
"narHash": "sha256-NnXFQu7g4LnvPIPfJmBuZF7LFy/fey2g2+LCzjQhTUk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2f9173bde1d3fbf1ad26ff6d52f952f9e9da52ea",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1657693803, "lastModified": 1657693803,
@ -347,96 +418,175 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1678137616, "lastModified": 1747676747,
"narHash": "sha256-T+lWTRdcYaOnZQW+Ehdlg+YldC2l9cq2GXJFPq22Nxc=", "narHash": "sha256-LXkWBVqilgx7Pohwqu/ABxDVw+Cmi5/Mj2S2mpUH0Fw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7edcdf7b169c33cd3eef9aba50521ce93ee666b8", "rev": "72841a4a8761d1aed92ef6169a636872c986c76d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "owner": "NixOS",
"ref": "nixos-22.11", "ref": "nixos-24.11",
"type": "indirect" "repo": "nixpkgs",
}
},
"parts": {
"inputs": {
"nixpkgs-lib": [
"helix",
"nci",
"nixpkgs"
]
},
"locked": {
"lastModified": 1675933616,
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github" "type": "github"
} }
}, },
"parts_2": { "nixpkgs_4": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": { "locked": {
"lastModified": 1675933616, "lastModified": 1682092588,
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", "narHash": "sha256-NjKBPnScpbGiH/YOx74DIFOVkr5AKJOVZoy0l7J58gk=",
"owner": "hercules-ci", "owner": "AgathaSorceress",
"repo": "flake-parts", "repo": "nixpkgs",
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7", "rev": "bdd3dc5aa8435b66f14636550223a9b3a50e534d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "hercules-ci", "owner": "AgathaSorceress",
"repo": "flake-parts", "ref": "image-optim-pack-cleanup",
"repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"helix": "helix", "ccase": "ccase",
"colmena": "colmena",
"home-manager": "home-manager", "home-manager": "home-manager",
"lix-module": "lix-module",
"matrix-ril100": "matrix-ril100",
"mms": "mms", "mms": "mms",
"nixpkgs": "nixpkgs_3" "nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_3",
"nixpkgs-darwin": "nixpkgs-darwin",
"nixpkgs-unstable": "nixpkgs-unstable",
"url-eater": "url-eater",
"vampysite": "vampysite"
} }
}, },
"rust-overlay": { "stable": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"helix",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1677292251, "lastModified": 1669735802,
"narHash": "sha256-D+6q5Z2MQn3UFJtqsM5/AvVHi3NXKZTIMZt1JGq/spA=", "narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=",
"owner": "oxalica", "owner": "NixOS",
"repo": "rust-overlay", "repo": "nixpkgs",
"rev": "34cdbf6ad480ce13a6a526f57d8b9e609f3d65dc", "rev": "731cc710aeebecbf45a258e977e8b68350549522",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "oxalica", "owner": "NixOS",
"repo": "rust-overlay", "ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"url-eater": {
"inputs": {
"naersk": "naersk_2",
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils_3"
},
"locked": {
"lastModified": 1734618283,
"narHash": "sha256-QFYFxw58d3WOU6SYDiazyaSz+mSJwgABsMEf1joM2FE=",
"owner": "AgathaSorceress",
"repo": "url-eater",
"rev": "96af6b75a3605043141db6bf80ad60866c10c827",
"type": "github"
},
"original": {
"owner": "AgathaSorceress",
"repo": "url-eater",
"type": "github" "type": "github"
} }
}, },
"utils": { "utils": {
"inputs": {
"systems": "systems"
},
"locked": { "locked": {
"lastModified": 1676283394, "lastModified": 1689068808,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -444,6 +594,79 @@
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
},
"utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_4": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"vampysite": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"utils": "utils_4"
},
"locked": {
"lastModified": 1717180338,
"narHash": "sha256-g2ZNMpqJ4IARjXY8FX4UUfF4p9Unc01w8RzFYEONXlE=",
"ref": "refs/heads/mistress",
"rev": "1adcc3630a6c626f61dac989fffd661dbb4946ef",
"revCount": 21,
"type": "git",
"url": "https://git.lain.faith/sorceress/vampysite"
},
"original": {
"type": "git",
"url": "https://git.lain.faith/sorceress/vampysite"
}
} }
}, },
"root": "root", "root": "root",

215
flake.nix
View File

@ -1,35 +1,101 @@
{ {
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-22.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-24.11-darwin";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
vampysite.url = "git+https://git.lain.faith/sorceress/vampysite";
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-darwin = {
url = "github:LnL7/nix-darwin/nix-darwin-24.11";
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
mms = { mms = {
url = "github:mkaito/nixos-modded-minecraft-servers"; url = "github:mkaito/nixos-modded-minecraft-servers";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
helix.url = "github:helix-editor/helix"; url-eater = {
url = "github:AgathaSorceress/url-eater";
inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
outputs = { nixpkgs, home-manager, mms, helix, ... }: {
matrix-ril100 = {
url = "git+https://git.lain.faith/sorceress/matrix-ril100";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# Latest colmena + prettier loading icons
colmena = {
url = "github:AgathaSorceress/colmena";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
ccase = {
url = "github:rutrum/ccase";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
outputs =
{
nixpkgs,
nixpkgs-unstable,
nixpkgs-darwin,
lix-module,
home-manager,
nix-darwin,
mms,
url-eater,
matrix-ril100,
colmena,
vampysite,
ccase,
...
}:
let
mkOverlays = system: config: [
(final: prev: {
vampysite = vampysite.packages.${final.system}.default;
matrix-ril100 = matrix-ril100.packages.${final.system}.default;
ccase = ccase.packages.${final.system}.default;
# TODO: remove once https://github.com/NixOS/nixpkgs/issues/402079 is closed
nodejs = prev.nodejs_22;
# Unstable packages
unstable = import nixpkgs-unstable { inherit system config; };
})
colmena.overlay
lix-module.overlays.default
];
in
{
colmena = { colmena = {
network = { network = {
description = "Agatha's Nix Infra"; description = "Agatha's Nix Infra";
nixpkgs = import nixpkgs { nixpkgs = import nixpkgs rec {
system = "x86_64-linux"; system = "x86_64-linux";
overlays = [ config.allowUnfree = true;
(final: prev: { helix = helix.packages.${final.system}.default; }) overlays = mkOverlays system config;
];
}; };
}; };
bloodletting = { bloodletting = {
imports = [ imports = [
./common ./common
./common/linux-specific.nix
./hosts/bloodletting/configuration.nix ./hosts/bloodletting/configuration.nix
(import "${home-manager}/nixos") (import "${home-manager}/nixos")
mms.module mms.module
@ -37,37 +103,156 @@
deployment = { deployment = {
targetUser = "root"; targetUser = "root";
targetHost = "bloodletting"; targetHost = "technogothic.net";
tags = [ "prod" ]; tags = [ "prod" ];
keys = { keys = {
"nyandroid-token" = { "nyandroid-token" = {
keyCommand = [ "cat" "./secrets/nyandroid-token" ]; keyCommand = [
"cat"
"./secrets/nyandroid-token"
];
destDir = "/var/lib/secrets/"; destDir = "/var/lib/secrets/";
}; };
"rfc2136-technogothic-net" = { "hurricane-tokens" = {
keyCommand = [ "cat" "./secrets/rfc2136-technogothic-net" ]; keyCommand = [
"cat"
"./secrets/hurricane-tokens"
];
destDir = "/var/lib/secrets/"; destDir = "/var/lib/secrets/";
}; };
"mc-status-bot-env" = {
keyCommand = [
"cat"
"./secrets/mc-status-bot-env"
];
destDir = "/var/lib/secrets";
};
"ril100-bot-secrets" = {
keyCommand = [
"cat"
"./secrets/ril100-bot-secrets"
];
destDir = "/var/lib/matrix-ril100";
name = ".env";
};
}; };
}; };
}; };
ritual = { watchtower = {
imports = [ imports = [
./common ./common
./hosts/ritual/configuration.nix ./common/linux-specific.nix
./hosts/watchtower/configuration.nix
(import "${home-manager}/nixos") (import "${home-manager}/nixos")
]; ];
deployment = { deployment = {
targetUser = "root"; targetUser = "root";
targetHost = "ritual"; targetHost = "watchtower";
tags = [ "prod" ];
keys = {
"hetzner-env" = {
keyCommand = [
"cat"
"./secrets/hetzner-env"
];
destDir = "/var/lib/secrets/";
};
"gocryptfs-pass" = {
keyCommand = [
"cat"
"./secrets/gocryptfs-pass"
];
destDir = "/var/lib/secrets/";
};
};
};
};
tears = {
imports = [
./common
./common/linux-specific.nix
./hosts/tears/configuration.nix
(import "${home-manager}/nixos")
url-eater.nixosModules.default
];
deployment = {
targetUser = "root";
targetHost = "tears";
tags = [ "home" ];
allowLocalDeployment = true; allowLocalDeployment = true;
keys = {
"restic-password" = {
keyCommand = [
"cat"
"./secrets/restic-password"
];
destDir = "/var/lib/secrets/";
};
"restic-env" = {
keyCommand = [
"cat"
"./secrets/restic-env"
];
destDir = "/var/lib/secrets/";
}; };
}; };
}; };
}; };
};
darwinConfigurations."Agathas-Mac-mini" = nix-darwin.lib.darwinSystem {
pkgs = import nixpkgs-darwin rec {
system = "aarch64-darwin";
config.allowUnfree = true;
overlays = mkOverlays system config;
};
modules = [
./common
./hosts/Agathas-Mac-mini/configuration.nix
(import "${home-manager}/nix-darwin")
];
};
darwinConfigurations."MacBook-Air" = nix-darwin.lib.darwinSystem {
pkgs = import nixpkgs-darwin rec {
system = "aarch64-darwin";
config.allowUnfree = true;
overlays = mkOverlays system config;
};
modules = [
./common
./hosts/ritual/configuration.nix
(import "${home-manager}/nix-darwin")
];
};
devShells =
let
patchedColmena =
system:
let
pkgs = import nixpkgs { inherit system; };
in
pkgs.mkShell {
buildInputs = [
(pkgs.writeShellScriptBin "colmena" ''
${colmena.defaultPackage.${pkgs.system}}/bin/colmena --disable-emoji $@
'')
];
};
in
{
"x86_64-linux".default = patchedColmena "x86_64-linux";
"aarch64-darwin".default = patchedColmena "aarch64-darwin";
"x86_64-darwin".default = patchedColmena "x86_64-darwin";
};
};
} }

7
hosts/Agathas-Mac-mini/configuration.nix Normal file
View File

@ -0,0 +1,7 @@
{
imports = [ ../../common/fragments/graphical/darwin.nix ];
nixpkgs.hostPlatform = "aarch64-darwin";
system.stateVersion = 1;
}

213
hosts/bloodletting/configuration.nix
View File

@ -1,16 +1,27 @@
{ config, pkgs, ... }: { {
config,
pkgs,
lib,
...
}:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../common/users/julia.nix
../../common/fragments/bin.nix ../../common/fragments/bin.nix
../../common/fragments/fail2ban.nix ../../common/fragments/fail2ban.nix
../../common/fragments/grafana.nix ../../common/fragments/grafana.nix
../../common/fragments/homepage.nix ../../common/fragments/headscale.nix
../../common/fragments/hedgedoc.nix
../../common/fragments/mastodon-ebooks.nix ../../common/fragments/mastodon-ebooks.nix
../../common/fragments/mastodon.nix
../../common/fragments/matrix-ril100.nix
../../common/fragments/matterbridge.nix ../../common/fragments/matterbridge.nix
../../common/fragments/mc-status-bot.nix
../../common/fragments/minecraft.nix ../../common/fragments/minecraft.nix
../../common/fragments/nyandroid.nix ../../common/fragments/nyandroid.nix
../../common/fragments/postgres.nix
../../common/fragments/prometheus_exporters.nix ../../common/fragments/prometheus_exporters.nix
../../common/fragments/prosody.nix
../../common/fragments/vsftpd.nix ../../common/fragments/vsftpd.nix
../../common/home_manager/common.nix ../../common/home_manager/common.nix
]; ];
@ -18,7 +29,7 @@
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
bin = final.callPackage ../../common/pkgs/bin.nix { }; bin = final.callPackage ../../common/pkgs/bin.nix { };
vampysite = final.callPackage ../../common/pkgs/vampysite.nix { }; agatha-mastodon = final.callPackage ../../common/pkgs/mastodon/default.nix { };
}) })
]; ];
@ -32,41 +43,58 @@
# Enable networking # Enable networking
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.interfaces.ens19.ipv4.addresses = [{ networking.interfaces.ens20 = {
address = "185.138.143.227"; ipv4.addresses = [
prefixLength = 29; {
}]; address = "91.198.192.199";
prefixLength = 27;
}
];
networking.defaultGateway = { ipv6.addresses = [
address = "185.138.143.225"; {
interface = "ens19"; address = "2001:67c:b54:1::6";
prefixLength = 64;
}
];
}; };
# Enable the OpenSSH daemon. networking.defaultGateway = {
services.openssh = { address = "91.198.192.193";
enable = true; interface = "ens20";
banner = '' };
Hello mistress ^,,^
''; networking.defaultGateway6 = {
passwordAuthentication = false; address = "2001:67c:b54:1::1";
interface = "ens20";
}; };
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 20 21 22 80 443 990 ]; allowedTCPPorts = [
allowedTCPPortRanges = [{ 20
21
22
80
443
990
];
allowedTCPPortRanges = [
{
from = 40000; from = 40000;
to = 40200; to = 40200;
}]; }
];
trustedInterfaces = [ "podman0" ];
}; };
virtualisation = { virtualisation = {
podman = { podman = {
enable = true; enable = true;
dockerCompat = true; dockerCompat = true;
defaultNetwork.dnsname.enable = true; defaultNetwork.settings.dns_enabled = true;
}; };
oci-containers = { backend = "podman"; }; oci-containers.backend = "podman";
}; };
# SSL/TLS Certificates # SSL/TLS Certificates
@ -75,13 +103,20 @@
security.acme.certs."technogothic.net" = { security.acme.certs."technogothic.net" = {
domain = "*.technogothic.net"; domain = "*.technogothic.net";
extraDomainNames = [ "technogothic.net" ]; extraDomainNames = [
dnsProvider = "rfc2136"; "technogothic.net"
credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net"; "*.argent.technogothic.net"
];
dnsProvider = "hurricane";
credentialsFile = "/var/lib/secrets/hurricane-tokens";
group = "nginx"; group = "nginx";
}; };
security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ]; security.acme.defaults.reloadServices = [
"nginx"
"vsftpd"
"prosody"
];
systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
# Nginx # Nginx
@ -96,6 +131,22 @@
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
upstreams = {
"backend-mastodon-streaming" = {
servers = builtins.listToAttrs (
map (i: {
name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
value = {
fail_timeout = "0";
};
}) (lib.range 1 config.services.mastodon.streamingProcesses)
);
extraConfig = ''
least_conn;
'';
};
};
virtualHosts."technogothic.net" = { virtualHosts."technogothic.net" = {
useACMEHost = "technogothic.net"; useACMEHost = "technogothic.net";
forceSSL = true; forceSSL = true;
@ -103,7 +154,22 @@
serverAliases = [ "agatha.technogothic.net" ]; serverAliases = [ "agatha.technogothic.net" ];
locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; }; locations."=/cv.pdf" = {
alias = "/home/ftp/cv.pdf";
};
locations."=/.well-known/host-meta" = {
return = "301 https://fv.technogothic.net$request_uri";
};
locations."=/.well-known/webfinger" = {
return = "301 https://fv.technogothic.net$request_uri";
extraConfig = ''
add_header Access-Control-Allow-Origin '*';
'';
};
locations."=/5idbsp9q8d.txt".return = "200 uwu";
extraConfig = '' extraConfig = ''
error_page 404 /404.html; error_page 404 /404.html;
@ -126,16 +192,6 @@
}; };
}; };
virtualHosts."home.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
};
};
virtualHosts."thermalpaste.technogothic.net" = { virtualHosts."thermalpaste.technogothic.net" = {
useACMEHost = "technogothic.net"; useACMEHost = "technogothic.net";
forceSSL = true; forceSSL = true;
@ -143,6 +199,7 @@
locations."/" = { locations."/" = {
proxyPass = "http://localhost:6162"; proxyPass = "http://localhost:6162";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = "client_max_body_size ${toString config.services.bin.textUploadLimit}M;";
}; };
}; };
@ -152,7 +209,84 @@
root = "/home/ftp"; root = "/home/ftp";
locations."/" = { extraConfig = "autoindex on;"; }; locations."/" = {
extraConfig = "autoindex on;";
};
};
virtualHosts."fv.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
root = "${config.services.mastodon.package}/public/";
locations."/system/".alias = "/var/lib/mastodon/public-system/";
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."@proxy" = {
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
};
locations."^~ /api/v1/streaming/" = {
proxyPass = "http://backend-mastodon-streaming/";
proxyWebsockets = true;
priority = 2300;
extraConfig = ''
proxy_buffering off;
proxy_redirect off;
tcp_nodelay on;
'';
};
extraConfig = "client_max_body_size 64M;";
};
virtualHosts."hedgedoc.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/".proxyPass = "http://localhost:3000";
locations."/socket.io/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
};
virtualHosts."hs.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
virtualHosts."jellyfin.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://watchtower.thorns.home.arpa:8096";
proxyWebsockets = true;
};
};
virtualHosts."carvideo.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
serverAliases = [ "agatha.technogothic.net" ];
locations."/" = {
return = "301 https://ftp.technogothic.net/car_video.mp4";
};
}; };
}; };
@ -164,4 +298,3 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
} }

51
hosts/ritual/configuration.nix
View File

@ -1,50 +1,7 @@
{ config, pkgs, ... }: { {
imports = [ imports = [ ../../common/fragments/graphical/darwin.nix ];
./hardware-configuration.nix
../../common/fragments/graphical
../../common/fragments/yubikey.nix
../../common/home_manager/common.nix
];
# Bootloader. nixpkgs.hostPlatform = "aarch64-darwin";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.systemd-boot.configurationLimit = 5; system.stateVersion = 1;
# Setup keyfile
boot.initrd.secrets = { "/crypto_keyfile.bin" = null; };
networking.hostName = "ritual";
# Enable networking
networking.networkmanager.enable = true;
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
passwordAuthentication = false;
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.dnsname.enable = true;
};
oci-containers = { backend = "podman"; };
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
} }

50
hosts/ritual/hardware-configuration.nix
View File

@ -1,50 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/6d51e9df-99f3-4eb3-b2da-a1c9b7e405df";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."luks-8807caf4-ae17-4b39-93bd-ddfa1f994a47".device =
"/dev/disk/by-uuid/8807caf4-ae17-4b39-93bd-ddfa1f994a47";
# Enable swap on luks
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".device =
"/dev/disk/by-uuid/c503653d-47de-4914-9e41-d13d14a6cc22";
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".keyFile =
"/crypto_keyfile.bin";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/9A5C-CE17";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/e20a4e05-44a6-4895-84ef-e3d176931b25"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

48
hosts/tears/configuration.nix Normal file
View File

@ -0,0 +1,48 @@
{
imports = [
./hardware-configuration.nix
../../common/fragments/graphical
../../common/fragments/virt.nix
../../common/home_manager/common.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.consoleMode = "max";
boot.loader.systemd-boot.configurationLimit = 3;
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
networking.hostName = "tears";
# Enable networking
networking.networkmanager.enable = true;
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers.backend = "podman";
};
# Needed for remote builds
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGCsAQfMx1X+8HEa88x+l3KdJPFAzXg0vL0l/pm56/ZR nix-builder"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

93
hosts/tears/hardware-configuration.nix Normal file
View File

@ -0,0 +1,93 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "thunderbolt" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.systemd = {
enable = true;
emergencyAccess =
"$2b$05$eOIXFST5/9G6vAFIZDLGfuJV7CV1B26YmRMAFRstyRHwvBNFSN6Im";
};
boot.supportedFilesystems = [ "ntfs" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eb110ab2-7883-4e24-84f8-2a3983059cf3";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."luks-d79d75f3-5560-427a-b79d-78a6cabbcb88".device =
"/dev/disk/by-uuid/d79d75f3-5560-427a-b79d-78a6cabbcb88";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B520-5020";
fsType = "vfat";
};
boot.initrd.luks.devices.awoobackups.device =
"/dev/disk/by-uuid/08fb0554-9599-4085-bd13-285b634c5de5";
fileSystems."/mnt/hdd" = {
device = "/dev/mapper/awoobackups";
fsType = "btrfs";
};
swapDevices = [{
device = "/var/lib/swapfile";
size = 8 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = {
enable = true;
driSupport32Bit = true;
};
# Creating separate mono sources for Tascam US-4x4HR
services.pipewire.extraConfig.pipewire."91-us-4x4hr" = {
"context.modules" = let
name = "US-4x4HR";
target = "alsa_input.usb-TASCAM_US-4x4HR_no_serial_number-00.pro-input-0";
input = ch: {
"name" = "libpipewire-module-loopback";
"args" = {
"node.description" = "${name} Input ${toString ch} Mono";
"capture.props" = {
"node.name" = "capture.${name}_ch${toString ch}";
"audio.position" = [ "AUX${toString ch}" ];
"stream.dont-remix" = true;
"target.object" = target;
"node.passive" = true;
};
"playback.props" = {
"node.name" = "${name}_ch${toString ch}";
"media.class" = "Audio/Source";
"audio.position" = [ "MONO" ];
};
};
};
in [ (input 0) (input 1) (input 2) (input 3) ];
};
}

48
hosts/watchtower/configuration.nix Normal file
View File

@ -0,0 +1,48 @@
{
imports = [
./hardware-configuration.nix
../../common/home_manager/common.nix
../../common/fragments/bittorrent.nix
../../common/fragments/home-assistant.nix
../../common/fragments/sponsorblock.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices."luks-081780bd-f005-4394-bbf2-3e5d9aab3c7d".device = "/dev/disk/by-uuid/081780bd-f005-4394-bbf2-3e5d9aab3c7d";
networking.hostName = "watchtower";
# Enable networking
networking.networkmanager.enable = true;
systemd.services.NetworkManager-wait-online.enable = false;
# Open ports in the firewall.
networking.firewall = {
allowedTCPPorts = [
22
80
443
];
trustedInterfaces = [ "podman0" ];
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers.backend = "podman";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}

53
hosts/watchtower/hardware-configuration.nix Normal file
View File

@ -0,0 +1,53 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "amd_pstate=guided" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eba0bc60-b96f-4b28-9447-f36209410ba3";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d".device = "/dev/disk/by-uuid/9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D95C-66EE";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ { device = "/dev/disk/by-uuid/8a64d656-8ba2-4c11-87bf-858e1ca3ec7e"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}