sorceress
/
nix-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sorceress:mistress
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes
..
compare: sorceress:lappytappy
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes

No commits in common. "mistress" and "lappytappy" have entirely different histories.
mistress ... lappytappy

63 changed files with 1666 additions and 6659 deletions
Show Stats Expand all files Collapse all files

1
.envrc
View File

@ -1 +0,0 @@
use flake

3
.gitignore vendored
View File

@ -1,3 +1,2 @@
secrets
ops/home/.gcroots
.direnv
ops/home/.gcroots

33
README.md
View File

@ -2,10 +2,8 @@
Using [colmena](https://github.com/zhaofengli/colmena)
## Hosts
- `Agathas-Mac-mini`: macOS/nix-darwin desktop
- `bloodletting`: Main server / technogothic.net
- `ritual`: macOS/nix-darwin laptop
- `watchtower`: Home server
- `bloodletting`: Main server
- `ritual`: NixOS laptop
### Manual setup on blank system/migrations
Bloodletting:
@ -17,28 +15,27 @@ Bloodletting:
- `bin_rs`
- `fail2ban`
- `grafana`
- `headscale`
- `hedgedoc`
- `mastodon`
- dump and import Postgres and Redis DBs
- `homepage`
- `matterbridge`
- `mc-e2e`
- `mc-enigmatica-8`
- `mstdn-ebooks`
- `nyandroid`
- `prometheus2`
- `prosody`
- `/home/ftp`
Agathas-Mac-mini/Ritual:
- `darwin-rebuild switch --flake .` - deploy config
[Last commit which includes BSPWM configs](https://git.lain.faith/sorceress/nix-infra/commit/e60bbd7f41bdb4456319637f38a25425b6f5fef7)
Ritual:
- `colmena apply[-local]` - deploy config
- `mkdir -p ~/.gnupg` - create directory for gnupg
- manual configuration/login:
- Firefox
- Copy extension data
- Element
- Telegram Desktop
- Geary
### Rsyncd Modules
Modded minecraft instance rsync modules can be accessed through `mc-[modpack]@bloodletting::mc-[modpack]` with `--rsh=ssh`
### Updating mastodon
```sh
cd common/pkgs/mastodon && ./update.sh --owner AgathaSorceress --rev <commit hash>
```
## Reference configs used
- https://github.com/Xe/nixos-configs
- https://git.nora.codes/nora/nixconfig

70
common/default.nix
View File

@ -1,48 +1,78 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
imports = [ ./users ];
## Optimizations
# Clean /tmp
boot.cleanTmpDir = true;
# Link identical files
nix.optimise.automatic = true;
nix.settings.auto-optimise-store = true;
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
# Garbage collection
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
## Other
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Enable fish (needed for nix completions)
programs.fish.enable = true;
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
# Set editor
environment.variables.EDITOR = "hx";
# Packages used on all systems
environment.systemPackages = with pkgs; [
ccase
comma
dogdns
du-dust
git
headscale
imagemagick
jq
killall
mtr
nmap
openssl
rsync
sqlite-interactive
wget
xclip
killall
rsync
sqlite-interactive
];
# 🥺
# security.please.enable = true;
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
}

2
common/fragments/bin.nix
View File

@ -5,6 +5,6 @@
enable = true;
address = "0.0.0.0";
port = 6162;
textUploadLimit = 64;
textUploadLimit = 32;
};
}

118
common/fragments/bittorrent/default.nix
View File

@ -1,118 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
imports = [ ./netns.nix ];
system.fsPackages = with pkgs; [
gocryptfs
cifs-utils
];
systemd.mounts = [
{
after = [ "network.target" ];
what = "//library.technogothic.net/backup";
where = "/mnt/library-raw";
type = "cifs";
options = "gid=users,file_mode=0664,dir_mode=0775";
mountConfig.EnvironmentFile = "/var/lib/secrets/hetzner-env";
}
{
what = "/mnt/library-raw";
where = "/mnt/library";
type = "fuse.gocryptfs";
options = "allow_other,passfile=/var/lib/secrets/gocryptfs-pass";
wantedBy = [ "multi-user.target" ];
}
];
systemd.services."container@transmission" = {
bindsTo = [ "ve-transmission.service" ];
after = [
"ve-transmission.service"
"mnt-library.mount"
];
};
containers.transmission = {
autoStart = true;
extraFlags = [ "--network-namespace-path=/run/netns/transmission" ];
bindMounts = {
"/var/lib/transmission" = {
hostPath = "/var/lib/transmission";
isReadOnly = false;
};
"/mnt/library" = {
hostPath = "/mnt/library";
isReadOnly = false;
};
"/etc/resolv.conf" = {
hostPath = toString (pkgs.writeText "resolv.conf" "nameserver 74.82.42.42");
};
};
config = {
services.transmission = {
enable = true;
package = pkgs.transmission_4;
webHome = pkgs.flood-for-transmission;
settings = {
rpc-bind-address = "::";
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
download-dir = "/mnt/library/Downloads";
incomplete-dir = "/mnt/library/.incomplete";
watch-dir = "/mnt/library/watchdir";
};
openRPCPort = true;
openPeerPorts = true;
};
users.users.transmission.extraGroups = [ "users" ];
# https://github.com/NixOS/nixpkgs/issues/258793
systemd.services.transmission.serviceConfig = {
RootDirectoryStartOnly = lib.mkForce (lib.mkForce false);
RootDirectory = lib.mkForce (lib.mkForce "");
};
system.stateVersion = config.system.stateVersion;
};
};
# Jellyfin
services.jellyfin = {
enable = true;
openFirewall = true;
};
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
# SMB Share
services.samba = {
enable = true;
openFirewall = true;
extraConfig = ''
server string = Watchtower
guest account = nobody
map to guest = bad user
'';
shares.Library = {
path = "/mnt/library";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
};
};
}

96
common/fragments/bittorrent/netns.nix
View File

@ -1,96 +0,0 @@
{
config,
pkgs,
lib,
...
}:
# Collectivized from https://gist.github.com/c0deaddict/53aedbb69c8cbfebfec8f4428dc03102 ☭
let
veth = "ve-transmission";
hostIp = "10.0.0.1/24";
guestIp = "10.0.0.2/24";
in
{
# https://mth.st/blog/nixos-wireguard-netns/
systemd.services."netns@" = {
description = "%I network namespace";
before = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
PrivateNetwork = true;
ExecStart = "${pkgs.writers.writeDash "netns-up" ''
${pkgs.iproute}/bin/ip netns add $1
${pkgs.utillinux}/bin/umount /var/run/netns/$1
${pkgs.utillinux}/bin/mount --bind /proc/self/ns/net /var/run/netns/$1
''} %I";
ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
};
};
systemd.services."wireguard-ccvpn-fr" = {
bindsTo = [ "netns@transmission.service" ];
after = [ "netns@transmission.service" ];
};
networking.wireguard.interfaces.ccvpn-fr = {
ips = [
"10.128.4.199/32"
"fd64:e20:68a3::4c7/128"
];
privateKeyFile = "/var/lib/secrets/ccvpn-fr-key";
socketNamespace = "init";
interfaceNamespace = "transmission";
peers = [
{
publicKey = "QFbr19X11tqUZRerZgItb25FnBsNsd7NyJvAkWTRU1U=";
# Forward all traffic via VPN.
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "fr.204vpn.net:51820";
persistentKeepalive = 15;
}
];
};
# https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking#veth
systemd.services.${veth} =
let
ns = "transmission";
ipHost = "${pkgs.iproute}/bin/ip";
ipGuest = "${ipHost} netns exec ${ns} ${pkgs.iproute}/bin/ip";
in
{
description = "Veth interface for download";
bindsTo = [ "netns@${ns}.service" ];
after = [ "netns@${ns}.service" ];
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writers.writeDash "veth-up" ''
${ipHost} link add ${veth} type veth peer name veth1 netns ${ns}
${ipHost} addr add ${hostIp} dev ${veth}
${ipHost} link set dev ${veth} up
${ipGuest} addr add ${guestIp} dev veth1
${ipGuest} link set dev veth1 up
'';
ExecStop = pkgs.writers.writeDash "veth-down" ''
${ipHost} link del ${veth}
'';
};
};
networking.firewall.allowedTCPPorts = [ 9091 ];
services.nginx.enable = true;
# TODO: change when headscale updates
services.nginx.virtualHosts."watchtower.agatha.thorns.home.arpa" = {
locations."/transmission" = {
proxyPass = "http://10.0.0.2:9091/transmission";
proxyWebsockets = true;
};
};
}

2
common/fragments/fail2ban.nix
View File

@ -8,7 +8,7 @@
jails = {
nginx-deny = ''
enabled = false
enabled = true
backend = auto
logpath = /var/log/nginx/*access.log
'';

31
common/fragments/frq-friend.nix
View File

@ -1,31 +0,0 @@
{ pkgs, ... }:
let
config = pkgs.writeText "config.kdl" ''
status-text "hi there! i like to know people following me on here
- what's something you enjoy doing?
- what's your stance on the Hellfire AGM-114R9X Knife Missile?
- what's your opinion on the current \"AI revolution\"?
- have you read my bio?"
with-cw "automated follow request pm"
'';
path = "/var/lib/frq-friend";
in {
systemd.services.frq-friend = {
wantedBy = [ "multi-user.target" ];
description =
"just a friend that messages people who send you a follow request";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.frq-friend}/bin/f3";
WorkingDirectory = path;
Restart = "always";
RuntimeMaxSec = "1h";
};
preStart = ''
ln -sf ${config} ${path}/config.kdl
'';
};
}

10
common/fragments/grafana.nix
View File

@ -49,16 +49,6 @@
];
}];
}
{
job_name = "process";
static_configs = [{
targets = [
"localhost:${
toString config.services.prometheus.exporters.process.port
}"
];
}];
}
];
};
}

113
common/fragments/graphical/bspwm.nix Normal file
View File

@ -0,0 +1,113 @@
{ lib, pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
in {
home-manager.users.agatha = {
xsession.windowManager.bspwm = {
enable = true;
extraConfigEarly = lib.strings.concatStringsSep "\n" [
"xsetroot -cursor_name left_ptr"
"xinput set-prop 'SynPS/2 Synaptics TouchPad' 'Synaptics Scrolling Distance' 60 60"
];
extraConfig = lib.strings.concatStringsSep "\n"
[ "nitrogen --set-zoom-fill ${../../../external/6.png}" ];
monitors = { eDP-1 = [ "I" "II" "III" "IV" "V" "VI" "VII" "VIII" ]; };
settings = let color = n: colorscheme.colors."${builtins.toString n}";
in {
border_width = 3;
window_gap = 15;
top_padding = 45;
split_ratio = 0.5;
borderless_monocle = false;
gapless_monocle = false;
normal_border_color = color 0;
focused_border_color = color 1;
active_border_color = color 2;
urgent_border_color = color 2;
presel_feedback_color = color 2;
};
rules = {
"Gimp" = {
state = "tiled";
follow = true;
};
"Element".desktop = "II";
"TelegramDesktop".desktop = "III";
"Geary".desktop = "IV";
"firefox" = {
desktop = "I";
state = "tiled";
follow = false;
};
"Yubico Authenticator".state = "floating";
"firefox:Places".state = "floating";
};
};
services.sxhkd = {
enable = true;
keybindings = {
# Terminal
"super + Return" = "kitty";
"Caps_Lock" = "kitty";
# File explorer
"super + e" = "nautilus";
# Program launcher
"super + @space" = "rofi -show drun";
# Clipboard
"super + v" = ''
CM_LAUNCHER=rofi clipmenu \
-theme-str 'listview \{ spacing: 0; \}' \
-theme-str 'window \{ width: 30em; \}'
'';
# Calculator
"super + shift + c" = ''
rofi -show calc -modi calc -calc-command 'xdotool type --clearmodifiers "\{result\}"'';
# Media keys
"XF86Audio{Raise,Lower}Volume" = "pamixer {-i,-d} 5";
"XF86AudioMute" = "pamixer -t";
"XF86Audio{Prev,Next}" = "playerctl {previous,next}";
"XF86AudioPlay" = "playerctl play-pause";
# Screenshot
"Print" = "flameshot gui && bspc desktop --focus focused";
"shift + Print" =
"flameshot gui -d 3000 && bspc desktop --focus focused";
# Pause notifications
"super + n" = "dunstctl set-paused toggle";
# Reload WM
"super + shift + {q,r}" = ''
pkill -USR1 -x sxhkd \
; for p in picom polybar dunst; killall $p; end \
; bspc {quit,wm -r}
'';
# Close/kill window
"super + {_,shift + }w" = "bspc node -{c,k}";
# Monocle layout
"super + m" = "bspc desktop -l next";
# Toggle hide all windows
"super + d" =
"bspc query -N -n .window | xargs -I node_id bspc node node_id -g hidden";
# Change window state
"super + {t,shift + t,s,f}" =
"bspc node -t {tiled,pseudo_tiled,floating,fullscreen}";
# Focus/move window
"super + {_,shift + }{j,k,i,l}" =
"bspc node -{f,s} {west,south,north,east}";
# Focus the next window in the current desktop
"super + c" = "bspc node -f next.local.!hidden.window";
# Focus previous/next desktop on current monitor
"super + bracket{left,right}" = "bspc desktop -f {prev,next}.local";
# Switch desktops / Move window to desktop
"super + {_,shift + }{1-9,0}" = "bspc {desktop -f,node -d} '^{1-9,10}'";
# Window switcher
"alt + Tab" = "rofi -show window";
# Move floating window
"super + {Left,Down,Up,Right}" = "bspc node -v {-20 0,0 20,0 -20,20 0}";
# Lock screen
"super + x" =
"betterlockscreen --lock dimblur; systemctl --user restart gpg-agent";
};
};
};
}

13
common/fragments/graphical/colors.nix Normal file
View File

@ -0,0 +1,13 @@
{ lib, pkgs, ... }: {
colorscheme = name: image: rec {
generate = pkgs.callPackage ({ runCommand, colorz }:
runCommand name { nativeBuildInputs = [ colorz ]; } ''
colorz ${image} --no-preview -n 8 --bold 30 --minv 0 --maxv 255 | awk '{print $1} {print $2}' > $out
'') { };
colors = builtins.listToAttrs (lib.lists.imap0 (i: v: {
name = builtins.toString i;
value = v;
}) (lib.strings.splitString "\n" (builtins.readFile generate)));
};
}

45
common/fragments/graphical/darwin.nix
View File

@ -1,45 +0,0 @@
{ pkgs, lib, ... }:
{
imports = [
./default.nix
./iosevka.nix
../../home_manager/common.nix
../../remote-builds.nix
];
services.nix-daemon.enable = true;
nix.settings = {
extra-nix-path = "nixpkgs=flake:nixpkgs";
substituters = [
"https://cache.nixos.org"
"https://cache.lix.systems"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
];
trusted-users = [ "@admin" ];
};
# Needed for the nix-darwin environment even if zsh is not used.
programs.zsh.enable = true;
users.users.agatha = {
name = "agatha";
home = lib.mkForce "/Users/agatha";
};
fonts.packages = with pkgs; [
(nerdfonts.override {
fonts = [
"DaddyTimeMono"
"NerdFontsSymbolsOnly"
];
})
fira-code
fira-code-symbols
font-awesome_5
iosevka
siji
];
}

170
common/fragments/graphical/default.nix
View File

@ -1,35 +1,167 @@
{ pkgs, ... }:
{
# Config for client devices, but not necessarily a full desktop environment.
{ pkgs, config, lib, ... }: {
imports = [
./bspwm.nix
./picom.nix
./polybar.nix
./iosevka.nix
./kitty.nix
./element.nix
];
# User packages
users.users.agatha.packages = with pkgs; [
android-tools
brightnessctl
broot
colmena
exiftool
ffmpeg
flac
element-desktop
firefox
flameshot
gnome.eog
gnome.file-roller
gnome.geary
gnome.gnome-calendar
gnome.gnome-control-center
gnome.gnome-disk-utility
gnome.gnome-font-viewer
gnome.nautilus
gnome.totem
hyperfine
just
lxappearance
magic-wormhole
neofetch
nil
nitrogen
pamixer
pavucontrol
pfetch
playerctl
pridefetch
rink
sshfs
unstable.rustmission
whois
rofi
rofi-calc
rofimoji
tdesktop
wireguard-tools
yt-dlp
xdg-utils
yubioath-desktop
];
home-manager.users.agatha = {
programs.direnv.enable = true;
home.sessionVariables = {
"DIRENV_LOG_FORMAT" = "";
};
# Brightness/volume keys
users.users.agatha.extraGroups = [ "video" ];
programs.light.enable = true;
services.xserver = {
enable = true;
displayManager = {
gdm.enable = true;
# gdm.wayland = true;
sessionPackages = [ pkgs.sway ];
session = [{
manage = "window";
name = "bspwm";
start = let cfg = config.home-manager.users.agatha;
in ''
${cfg.services.sxhkd.package}/bin/sxhkd ${
toString cfg.services.sxhkd.extraOptions
} &
${cfg.xsession.windowManager.bspwm.package}/bin/bspwm -c ${cfg.xdg.configHome}/bspwm/bspwmrc
'';
}];
};
# Layout overrides
layout = lib.mkForce "eu,de(qwerty),ua,ru";
xkbOptions = "ctrl:nocaps,compose:rctrl";
synaptics = {
enable = true;
tapButtons = true;
vertTwoFingerScroll = true;
vertEdgeScroll = true;
horizEdgeScroll = true;
horizTwoFingerScroll = true;
palmDetect = true;
palmMinWidth = 8;
palmMinZ = 100;
};
};
home-manager.users.agatha = {
# Compose key sequences
home.file.".XCompose".text = ''
include "%L"
<Multi_key> <l> <f> : "( ͡° ͜ʖ ͡°)"
<Multi_key> <s> <f> : "¯\\_()_/¯"
<Multi_key> <g> <f> : " _ "
<Multi_key> <B> <B> : "🅱"
<Multi_key> <o> <asterisk> : ""
<Multi_key> <h> <r> : ""
<Multi_key> <v> <v> : ""
<Multi_key> <v> <period> <v> : ""
<Multi_key> <space> <space> : ""
<Multi_key> <s> <0> : "§"
<Multi_key> <b><l> : ""
<Multi_key> <h><s> : ""
<Multi_key> <s><r> : ""
<Multi_key> <t><r> : " trans rights uwu"
<Multi_key> <w><apostrophe> : "òwó"
<Multi_key> <W><apostrophe> : "ÒwÓ"
<Multi_key> <p><t> : "👉👈"
<Multi_key> <p><l> : "🥺"
<Multi_key> <m><s> : "/html <span data-mx-spoiler=\"\"></span>"
'';
# Cursor theme
home.pointerCursor = {
name = "Adwaita";
package = pkgs.gnome.adwaita-icon-theme;
size = 24;
x11 = {
enable = true;
defaultCursor = "Adwaita";
};
};
};
security.polkit.enable = true;
# Screenshare on wlroots
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
wlr.enable = true;
};
};
fonts.fontconfig.enable = true;
fonts.fonts = with pkgs; [
cantarell-fonts
crimson
dejavu_fonts
fira-code
fira-code-symbols
font-awesome_5
iosevka
noto-fonts-cjk
siji
twitter-color-emoji
(nerdfonts.override { fonts = [ "DaddyTimeMono" "NerdFontsSymbolsOnly" ]; })
];
services.printing.enable = true;
# Pipewire
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}

109
common/fragments/graphical/element.nix Normal file
View File

@ -0,0 +1,109 @@
{ pkgs, config, lib, ... }: {
home-manager.users.agatha = {
xdg.configFile."Element/config.json".text = ''
{
"settingDefaults": {
"custom_themes": [
{
"name": "Sapphic Lavender",
"is_dark": true,
"fonts": {
"general": "Allust, Twemoji, Twitter Color Emoji, sans",
"monospace": "'Iosevka Medium Extended', 'Fira Code'"
},
"colors": {
"accent": "#D2ADC6",
"accent-color": "#D2ADC6",
"primary-color": "#D2ADC6",
"warning-color": "#BF80A6",
"alert": "#BF80A6",
"sidebar-color": "#231724",
"primary-content": "#180F19",
"secondary-content": "#E5D9E6",
"tertiary-content": "#D2ADC6",
"quaternary-content": "#E5D9E6",
"quinary-content": "#251926",
"system": "#180F19",
"background": "#00f",
"roomlist-background-color": "#231724",
"roomlist-text-color": "#E5D9E6",
"roomlist-text-secondary-color": "#ffd1dc",
"roomlist-highlights-color": "#180F19",
"roomlist-separator-color": "#180F19",
"timeline-background-color": "#180F19",
"timeline-text-color": "#E5D9E6",
"timeline-text-secondary-color": "#D2ADC6",
"timeline-highlights-color": "#231724",
"eventbubble-self-bg": "#231724",
"eventbubble-others-bg": "#231724",
"eventbubble-bg-hover": "#231724",
"eventbubble-reply-color": "#231724",
"username-colors": [
"#D8BFD8",
"#ffd1dc",
"#DDA0DD",
"#DA70D6",
"#BA55D3",
"#9932CC",
"#800060",
"#8B008B"
],
"avatar-background-colors": ["#896bad", "#b09cc8", "#bdacd1"],
"reaction-row-button-selected-bg-color": "#bd93f9"
}
},
{
"name": "Transgender Vampirism",
"is_dark": true,
"fonts": {
"general": "Crimson, Noto Color Emoji, Twemoji, Twitter Color Emoji, sans",
"monospace": "'Iosevka Gothic', 'Fira Code'"
},
"colors": {
"accent": "#747E9D",
"accent-color": "#747E9D",
"primary-color": "#747E9D",
"warning-color": "#110E18",
"sidebar-color": "#16121F",
"primary-content": "#110E18",
"secondary-content": "#D5D6E8",
"tertiary-content": "#747E9D",
"quaternary-content": "#D5D6E8",
"quinary-content": "#16121F",
"system": "#16121F",
"background": "#00f",
"roomlist-background-color": "#16121F",
"roomlist-text-color": "#D5D6E8",
"roomlist-text-secondary-color": "#747E9D",
"roomlist-highlights-color": "#110E18",
"roomlist-separator-color": "#110E18",
"timeline-background-color": "#110E18",
"timeline-text-color": "#D5D6E8",
"timeline-text-secondary-color": "#747E9D",
"timeline-highlights-color": "#16121F",
"eventbubble-self-bg": "#16121F",
"eventbubble-others-bg": "#16121F",
"eventbubble-bg-hover": "#16121F",
"eventbubble-reply-color": "#16121F",
"username-colors": [
"#D8BFD8",
"#AA9AB6",
"#DDA0DD",
"#DA70D6",
"#7A5286",
"#9932CC",
"#800060",
"#8B008B"
],
"avatar-background-colors": ["#896bad", "#b09cc8", "#bdacd1"],
"reaction-row-button-selected-bg-color": "#bd93f9"
}
}
]
},
"showLabsSettings": true,
"features": ["feature_latex_maths"]
}
'';
};
}

38
common/fragments/graphical/iosevka.nix
View File

@ -1,59 +1,51 @@
{
{ config, pkgs, ... }: {
# Iosevka Gothic
nixpkgs.overlays = [
(final: prev: {
iosevka = (prev.iosevka.overrideAttrs (_: {
# Fixes broken terminal output
buildPhase = ''
export HOME=$TMPDIR
runHook preBuild
npm run build --no-update-notifier --targets ttf::$pname -- --jCmd=$NIX_BUILD_CORES --verbose=9 2>/dev/null
runHook postBuild
'';
})).override {
iosevka = prev.iosevka.override {
privateBuildPlan = ''
[buildPlans.IosevkaGothic]
[buildPlans.iosevka-gothic]
family = "Iosevka Gothic"
spacing = "normal"
serifs = "slab"
noCvSs = true
exportGlyphNames = true
no-cv-ss = true
export-glyph-names = true
[buildPlans.IosevkaGothic.variants.design]
[buildPlans.iosevka-gothic.variants.design]
capital-a = "straight-base-serifed"
capital-b = "standard-bilateral-serifed"
capital-h = "serifed"
capital-i = "serifed"
capital-q = "crossing"
capital-r = "standing-serifed"
capital-r = "standing"
f = "tailed"
l = "tailed-serifed"
z = "cursive"
long-s = "bent-hook-tailed"
eszet = "sulzbacher-descending-serifless"
lower-mu = "tailed-serifed"
eszet = "sulzbacher-descending"
lower-mu = "tailed"
lower-xi = "flat-top"
three = "flat-top-serifless"
three = "flat-top"
six = "straight-bar"
asterisk = "turn-penta-high"
asterisk = "flip-penta-high"
pilcrow = "high"
caret = "medium"
paren = "normal"
brace = "curly-flat-boundary"
number-sign = "upright"
ampersand = "closed"
at = "compact"
at = "short"
lig-ltgteq = "slanted"
ascii-single-quote = "raised-comma"
ascii-grave = "straight"
[buildPlans.IosevkaGothic.variants.italic]
[buildPlans.iosevka-gothic.variants.italic]
capital-z = "cursive-with-horizontal-crossbar"
[buildPlans.IosevkaGothic.ligations]
[buildPlans.iosevka-gothic.ligations]
inherits = "haskell"
'';
set = "Gothic";
set = "gothic";
};
})
];

79
common/fragments/graphical/kitty.nix Normal file
View File

@ -0,0 +1,79 @@
{ pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
color = n: colorscheme.colors."${builtins.toString n}";
in {
home-manager.users.agatha = {
programs.kitty = {
enable = true;
font = {
package = pkgs.iosevka;
name = "Iosevka Gothic";
size = 11.5;
};
keybindings = { "f5" = "load_config_file"; };
settings = {
disable_ligatures = "never";
draw_minimal_borders = false;
active_tab_font_style = "italic";
inactive_tab_font_style = "normal";
scrollback_lines = -10000;
url_style = "single";
strip_trailing_spaces = "smart";
enable_audio_bell = false;
window_margin_width = 10;
window_padding_width = 10;
inactive_text_alpha = "0.8";
enabled_layouts = "vertical, grid, stack";
tab_bar_edge = "top";
tab_bar_style = "fade";
tab_bar_margin_width = 5;
tab_separator = "";
tab_title_template = " {index}";
foreground = color 15;
background = color 0;
cursor = color 16;
color0 = color 0;
color8 = color 8;
color1 = color 1;
color9 = color 9;
color2 = color 2;
color10 = color 10;
color3 = color 3;
color11 = color 11;
color4 = color 4;
color12 = color 12;
color5 = color 5;
color13 = color 13;
color6 = color 6;
color14 = color 14;
color7 = color 7;
color15 = color 15;
selection_foreground = color 1;
selection_background = color 15;
url_color = color 1;
active_border_color = color 1;
inactive_border_color = color 2;
bell_border_color = color 6;
active_tab_foreground = color 15;
active_tab_background = color 1;
inactive_tab_foreground = color 8;
inactive_tab_background = color 2;
};
};
};
}

89
common/fragments/graphical/picom.nix Normal file
View File

@ -0,0 +1,89 @@
{ pkgs, config, lib, ... }: {
home-manager.users.agatha = {
services.picom = {
enable = true;
package = pkgs.picom-next;
# General
backend = "glx";
vSync = true;
settings = {
mark-wmwin-focused = true;
detect = {
rounded-corners = true;
client-opacity = true;
transient = true;
client-leader = true;
};
use-damage = true;
wintypes = {
tooltip = {
fade = true;
shadow = true;
opacity = 0.75;
focus = true;
full-shadow = false;
};
dock = { shadow = false; };
dnd = { shadow = false; };
popup_menu = { opacity = 0.8; };
dropdown_menu = { opacity = 0.8; };
};
};
# Shadows
shadow = true;
shadowOpacity = 1.0;
shadowOffsets = [ (-7) (-7) ];
shadowExclude = [
"name = 'Notification'"
"class_g ?= 'Notify-osd'"
"class_g = 'Cairo-clock'"
"class_g = 'firefox-nightly' && argb"
"class_g = 'firefox' && argb"
"_GTK_FRAME_EXTENTS@:c"
];
# Fade
fade = true;
fadeSteps = [ 5.0e-2 5.0e-2 ];
# Opacity
settings.frame-opacity = 0.7;
settings.inactive-opacity-override = false;
settings.inactive-dim = 0.2;
settings.focus-exclude = [
"class_g = 'firefox-nightly'"
"class_g = 'firefox'"
"class_g = 'Dunst'"
];
opacityRules = [
"100:_NET_WM_STATE@[0]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[1]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[2]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[3]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[4]:32a = '_NET_WM_STATE_FULLSCREEN'"
"0:_COMPTON_MONOCLE@:32c = 0"
"70:class_g = 'kitty'"
"80:class_g = 'Dunst'"
"20:class_g = 'Bspwm' && class_i = 'presel_feedback'"
];
# Blur
settings.blur = {
method = "dual_kawase";
strength = 3;
background = true;
kern = "3x3box";
background-exclude = [
"window_type = 'dock'"
"window_type = 'desktop'"
"_GTK_FRAME_EXTENTS@:c"
"class_g = 'firefox-nightly' && argb"
"class_g = 'firefox' && argb"
];
};
};
};
}

258
common/fragments/graphical/polybar.nix Normal file
View File

@ -0,0 +1,258 @@
{ lib, pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
in {
home-manager.users.agatha = {
services.polybar = {
enable = true;
package = pkgs.polybarFull;
script = "polybar right &";
settings = let color = n: colorscheme.colors."${builtins.toString n}";
in {
"colors" = {
background = color 0;
foreground = color 7;
foreground-alt = color 7;
primary = color 1;
secondary = color 2;
alert = color 3;
red = color 4;
};
"bar/right" = {
monitor = "\${env:MONITOR:eDP-1}";
width = "100%:-30";
height = 30;
offset-x = 15;
offset-y = 12;
radius = 0;
fixed-center = true;
background = "\${colors.background}";
foreground = "\${colors.foreground}";
line = {
size = 0;
color = color 3;
};
border = {
size = 3;
color = color 1;
};
padding = {
left = 2;
right = 2;
};
module.margin = {
left = 1;
right = 1;
};
font = {
"0" = "Iosevka Gothic:pixelsize=10;3";
"1" = "DejaVuSans:fontformat=truetype:size=8:antialias=false;2";
"2" = "Siji:pixelsize=11;2";
"3" = "Symbols Nerd Font:pixelsize=10;2";
"4" = "DejaVuSans:fontformat=truetype:size=8:antialias=false;1";
};
modules = {
left = "bspwm";
center = "date";
right =
"filesystem battery pulseaudio xkeyboard memory cpu notication-status powermenu";
};
wm-restack = "bspwm";
cursor-click = "pointer";
locale = "de_DE.UTF-8";
};
"module/xkeyboard" = {
type = "internal/xkeyboard";
blacklist-0 = "num lock";
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = {
layout = "%layout%";
indicator = {
padding = 2;
margin = 1;
background = "\${colors.secondary}";
underline = "\${colors.secondary}";
};
};
};
"module/bspwm" = {
type = "internal/bspwm";
label = {
focused = "%name%";
focused-foreground = "\${colors.primary}";
focused-padding = 1;
occupied = "%name%";
occupied-padding = 1;
urgent = "%name%!";
urgent-background = "\${xrdb:color1:#222}";
urgent-padding = 1;
empty = "%name%";
empty-foreground = "\${colors.foreground-alt}";
empty-padding = 1;
};
};
"module/date" = {
type = "internal/date";
interval = 5;
date = "";
date-alt = " %a, %d %b %Y";
time = "%H:%M";
time-alt = "%H:%M:%S";
format-prefix = "";
format-prefix-foreground = "\${colors.foreground-alt}";
label = ''
%{A3:dunstify ' Calendar' "$(cal --color=always | sed "s#\\x1b\\[7m#<b>#;s#\\x1b\\[27m#</b>#g")":}%date%%{A} %time%'';
};
"module/filesystem" = {
type = "internal/fs";
interval = 25;
mount-0 = "/";
label-mounted = "%mountpoint%: %percentage_used%%";
label-unmounted = "%mountpoint% not mounted";
label-unmounted-foreground = "\${colors.foreground-alt}";
};
"module/cpu" = {
type = "internal/cpu";
interval = 2;
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = "%{A1:kitty btop:}%percentage:2%%%{A}";
};
"module/memory" = {
type = "internal/memory";
interval = 2;
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = "%{A1:kitty btop:}%percentage_used%%%{A}";
};
"module/pulseaudio" = {
type = "internal/pulseaudio";
format-volume = "%{A3:pavucontrol:}<label-volume> <bar-volume>%{A}";
label-volume = " %percentage%%";
label-volume-foreground = "\${root.foreground}";
label-muted = " muted";
label-muted-foreground = "#666";
bar.volume = {
width = 14;
foreground-0 = "\${colors.secondary}";
foreground-1 = "\${colors.secondary}";
foreground-2 = "\${colors.primary}";
foreground-3 = "\${colors.primary}";
foreground-4 = "\${colors.primary}";
foreground-5 = "\${colors.alert}";
foreground-6 = "\${colors.red}";
gradient = false;
indicator = "|";
indicator-font = 5;
fill = "";
fill-font = 2;
empty = "";
empty-font = 2;
empty-foreground = "\${colors.foreground-alt}";
};
};
"module/powermenu" = {
type = "custom/menu";
expand-right = true;
format-spacing = 1;
label = {
open = "";
open-foreground = "\${colors.secondary}";
close = " cancel";
close-foreground = "\${colors.secondary}";
separator = "|";
separator-foreground = "\${colors.foreground-alt}";
};
menu = {
"0-0" = "reboot";
"0-0-exec" = "reboot";
"0-1" = "power off";
"0-1-exec" = "sudo poweroff";
};
};
"module/battery" = {
type = "internal/battery";
full-at = 99;
low-at = 10;
battery = "BAT0";
adapter = "AC";
poll-interval = 3;
content-font = 3;
format-charging = "<animation-charging> <label-charging>";
format-discharging = "<ramp-capacity> <label-discharging>";
label = {
charging = "%percentage_raw%%";
discharging = "%percentage_raw%%";
full = "";
};
ramp = {
capacity-0 = "";
capacity-1 = "";
capacity-2 = "";
capacity-3 = "";
capacity-4 = "";
};
animation = {
charging-0 = "";
charging-1 = "";
charging-2 = "";
charging-3 = "";
charging-4 = "";
charging-framerate = 750;
};
};
"module/notification-status" = {
type = "custom/script";
exec = ''
if $(dunstctl is-paused); then; echo "Notifications paused"; else; echo ""; fi;'';
interval = 2;
format-prefix = " ";
};
};
};
};
}

103
common/fragments/graphical/sway.nix Normal file
View File

@ -0,0 +1,103 @@
{ pkgs, config, ... }: {
# User packages
users.users.agatha.packages = with pkgs; [ grim rofi-wayland waybar ydotool ];
home-manager.users.agatha = {
wayland.windowManager.sway = let
cfg = config.home-manager.users.agatha.wayland.windowManager.sway.config;
in {
enable = true;
config = {
up = "i";
left = "j";
down = "k";
right = "l";
modifier = "Mod4";
terminal = "kitty";
fonts = {
names = [ "Font Awesome 5 Free" "Iosevka Gothic" ];
size = 11.0;
};
workspaceAutoBackAndForth = true;
window = {
titlebar = true;
hideEdgeBorders = "both";
border = 0;
};
gaps.inner = 15;
output."*" = { bg = "/home/agatha/Pictures/wallpaper.png fill"; };
input."type:keyboard" = {
xkb_layout = config.services.xserver.layout;
xkb_options = config.services.xserver.xkbOptions;
};
input."type:touchpad" = { tap = "enabled"; };
keybindings = let mod = cfg.modifier;
in {
"${mod}+Return" = "exec ${cfg.terminal}";
"Caps_Lock" = "exec ${cfg.terminal}";
"${mod}+e" = "exec nautilus";
"${mod}+space" = "exec rofi -show drun";
"${mod}+shift+e" = "exec rofimoji --action clipboard";
"${mod}+c" = ''
exec rofi -show calc -modi calc -calc-command 'xdotool type --clearmodifiers "\{result\}"'
'';
XF86AudioRaiseVolume = "exec pamixer -i 5";
XF86AudioLowerVolume = "exec pamixer -d 5";
XF86AudioMute = "exec pamixer -t";
XF86AudioPrev = "exec playerctl previous";
XF86AudioNext = "exec playerctl next";
XF86AudioPlay = "exec playerctl play-pause";
Print = "exec flameshot gui";
"shift+Print" = "exec flameshot gui -d 3000";
"${mod}+n" = "exec dunstctl set-paused toggle";
# "${mod}+o" = "TODO: port audio switcher";
"${mod}+shift+r" =
"reload; exec 'for p in waybar dunst; do; killall $p; done'";
"${mod}+w" = "kill";
"${mod}+m" = "layout tabbed";
"${mod}+t" = "layout toggle split";
"${mod}+s" = "floating toggle";
"${mod}+f" = "fullscreen toggle";
"alt+Tab" = "exec rofi -show window";
# "${mod}+x" = "TODO: lockscreen";
"${mod}+Shift+${cfg.left}" = "move left";
"${mod}+Shift+${cfg.down}" = "move down";
"${mod}+Shift+${cfg.up}" = "move up";
"${mod}+Shift+${cfg.right}" = "move right";
"${mod}+1" = "workspace number 1";
"${mod}+2" = "workspace number 2";
"${mod}+3" = "workspace number 3";
"${mod}+4" = "workspace number 4";
"${mod}+5" = "workspace number 5";
"${mod}+6" = "workspace number 6";
"${mod}+7" = "workspace number 7";
"${mod}+8" = "workspace number 8";
"${mod}+9" = "workspace number 9";
"${mod}+Shift+1" = "move container to workspace number 1";
"${mod}+Shift+2" = "move container to workspace number 2";
"${mod}+Shift+3" = "move container to workspace number 3";
"${mod}+Shift+4" = "move container to workspace number 4";
"${mod}+Shift+5" = "move container to workspace number 5";
"${mod}+Shift+6" = "move container to workspace number 6";
"${mod}+Shift+7" = "move container to workspace number 7";
"${mod}+Shift+8" = "move container to workspace number 8";
"${mod}+Shift+9" = "move container to workspace number 9";
};
};
};
};
}

141
common/fragments/graphical/url-eater.nix
View File

@ -1,141 +0,0 @@
{ ... }:
let
filters = ''
category "Action Map" {
params "action_object_map" "action_ref_map" "action_type_map"
}
category "AliExpress.com" {
params "aff_platform" "aff_trace_key" \
"algo_expid@*.aliexpress.*" "*pvid@*.aliexpress.*" "btsid@*.aliexpress.*" \
"expid@*.aliexpress.*" "initiative_id@*.aliexpress.*" "scm_id@*.aliexpress.*" \
"spm@*.aliexpress.*" "ws_ab_test*.aliexpress.*" \
"_t@*.aliexpress.*" "pdp_npi@*.aliexpress.*" "gatewayAdapt@*.aliexpress.*"
}
category "Amazon" {
params "_encoding@amazon.*" "ascsubtag@amazon.*" "pd_rd_*@amazon.*" "pf@amazon.*" "pf_rd_*@amazon.*" "psc@amazon.*" "ref_@amazon.*" "tag@amazon.*"
}
category "Bing" {
params "cvid@bing.com" "form@bing.com" "pq@bing.com" "qs@bing.com" "sc@bing.com" "sk@bing.com" "sp@bing.com"
}
category "Campaign tracking (Adobe Analytics)" {
params "sc_cid"
}
category "Campaign tracking (Adobe Marketo)" {
params "mkt_tok"
}
category "Campaign tracking (Amazon Kendra)" {
params "trk" "trkCampaign"
}
category "Campaign tracking (at)" {
params "at_campaign" "at_custom*" "at_medium"
}
category "Campaign tracking (Change.org)" {
params "guest@change.org" "recruited_by_id@change.org" "recruiter@change.org" "short_display_name@change.org" "source_location@change.org"
}
category "Campaign tracking (DPG Media)" {
params "dpg_*"
}
category "Campaign tracking (Google Analytics ga)" {
params "ga_*" "gclid" "gclsrc"
}
category "Campaign tracking (Humble Bundle)" {
params "hmb_campaign" "hmb_medium" "hmb_source"
}
category "Campaign tracking (IBM Acoustic Campaign)" {
params "spJobID" "spMailingID" "spReportId" "spUserID"
}
category "Campaign tracking (itm)" {
params "itm_*"
}
category "Campaign tracking (Omniture)" {
params "s_cid"
}
category "Campaign tracking (Oracle Eloqua)" {
params "assetId" "assetType" "campaignId" "elqTrack" "elqTrackId" "recipientId" "siteId"
}
category "Campaign tracking (MailChimp)" {
params "mc_cid" "mc_eid"
}
category "Campaign tracking (Matomo/Piwik)" {
params "mtm_*" "pk_*"
}
category "Campaign tracking (ns)" {
params "ns_*"
}
category "Campaign tracking (sc)" {
params "sc_campaign" "sc_channel" "sc_content" "sc_country" "sc_geo" "sc_medium" "sc_outcome"
}
category "Campaign tracking (stm)" {
params "stm_*"
}
category "Campaign tracking (utm)" {
params "nr_email_referer" "utm_*"
}
category "Campaign tracking (Vero)" {
params "vero_conv" "vero_id"
}
category "Campaign tracking (Yandex)" {
params "_openstat" "yclid"
}
category "Campaign tracking (others)" {
params "c_id" "campaign_id" "Campaign" "cmpid" "mbid" "ncid"
}
category "Caseking.de" {
params "campaign@caseking.de" "sPartner@caseking.de"
}
category "Ebay" {
params "hash@ebay.*" "_trkparms@ebay.*" "_trksid@ebay.*" "amdata@ebay.*" "epid@ebay.*" "hash@ebay.*" "var@ebay.*"
}
category "Etsy" {
params "click_key@etsy.com" "click_sum@etsy.com" "organic_search_click@etsy.com" "ref@etsy.com"
}
category "Facebook" {
params "fb_action_ids" "fb_action_types" "fb_ref" "fb_source" "fbclid" "hrc@facebook.com" "refsrc@facebook.com"
}
category "Google" {
params "ei@google.*" "gs_gbg@google.*" "gs_l" "gs_lcp@google.*" "gs_mss@google.*" "gs_rn@google.*" "gws_rd@google.*" "sei@google.*" "ved@google.*"
}
category "Hubspot" {
params "_hsenc" "_hsmi" "__hssc" "__hstc" "hsCtaTracking"
}
category "IMDb" {
params "pf_rd_*@imdb.com" "ref_@imdb.com"
}
category "LinkedIn" {
params "eBP@linkedin.com" "lgCta@linkedin.com" "lgTemp@linkedin.com" "lipi@linkedin.com" "midSig@linkedin.com" "midToken@linkedin.com" "recommendedFlavor@linkedin.com" "refId@linkedin.com" "trackingId@linkedin.com" "trk@linkedin.com" "trkEmail@linkedin.com"
}
category "Medium" {
params "_branch_match_id@medium.com" "source@medium.com"
}
category "SourceForge.net" {
params "position@sourceforge.net" "source@sourceforge.net"
}
category "Spotify" {
params "context@open.spotify.com" "si@open.spotify.com"
}
category "TikTok" {
params "_d@tiktok.com" "checksum@tiktok.com" "is_copy_url@tiktok.com" "is_from_webapp@tiktok.com" "language@tiktok.com" "preview_pb@tiktok.com" "sec_user_id@tiktok.com" "sender_device@tiktok.com" "sender_web_id@tiktok.com" "share_app_id@tiktok.com" "share_link_id@tiktok.com" "share_item_id@tiktok.com" "source@tiktok.com" "timestamp@tiktok.com" "tt_from@tiktok.com" "u_code@tiktok.com" "user_id@tiktok.com"
}
category "Twitch.tv" {
params "tt_content" "tt_medium"
}
category "Twitter" {
params "cxt@*.twitter.com" "ref_*@*.twitter.com" "s@*.twitter.com" "t@*.twitter.com" "twclid"
}
category "Yandex" {
params "lr@yandex.*" "redircnt@yandex.*"
}
category "YouTube.com" {
params "feature@youtube.com" "kw@youtube.com"
}
category "Zeit.de" {
params "wt_mc" "wt_zmc"
}
'';
in
{
services.url-eater = {
enable = true;
inherit filters;
};
}

15
common/fragments/headscale.nix
View File

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
services.headscale = {
enable = true;
port = 52812;
settings.server_url = "https://hs.technogothic.net";
settings.dns_config = {
nameservers = [
"94.140.14.14"
"94.140.15.15"
]; # AdGuard Public DNS
base_domain = "thorns.home.arpa";
};
};
}

11
common/fragments/hedgedoc.nix
View File

@ -1,11 +0,0 @@
{
services.hedgedoc = {
enable = true;
settings = {
domain = "hedgedoc.technogothic.net";
protocolUseSSL = true;
allowOrigin = [ "localhost" "hedgedoc.technogothic.net" ];
allowEmailRegister = false;
};
};
}

55
common/fragments/home-assistant.nix
View File

@ -1,55 +0,0 @@
{
networking.firewall.allowedTCPPorts = [
8123
1883
1884
];
networking.firewall.allowedTCPPortRanges = [
{
from = 21063;
to = 21070;
}
];
networking.firewall.allowedUDPPorts = [
53
67
5353
];
virtualisation.oci-containers.containers = {
"home-assistant" = {
image = "ghcr.io/home-assistant/home-assistant:stable";
autoStart = true;
volumes = [
"/var/lib/hass:/config"
"/etc/localtime:/etc/localtime:ro"
"/run/dbus:/run/dbus:ro"
];
extraOptions = [ "--network=host" ];
};
};
services.mosquitto = {
enable = true;
listeners = [
{
users.root = {
acl = [ "readwrite #" ];
hashedPassword = "$7$101$GLzV4JTDU6Z9vHYl$GqkS+LOdufO3Znt/3M+4y0u8I3Yyv+3J/8SpsVTpKZMexNciPDhV3K67ZX6++yD75e4Eo4gJCYYhJ/JFt2o2nw==";
};
}
];
};
services.create_ap = {
enable = true;
settings = {
WIFI_IFACE = "wlp2s0";
SHARE_METHOD = "none";
SSID = "Agatha-Isolated-Network";
# TODO: Replace placeholder password after switching to sops-nix
PASSPHRASE = "nCvKNgRH5L5DFBR4JULP3GHbDuk9XLfT";
};
};
networking.networkmanager.unmanaged = [ "wlp2s0" ];
}

13
common/fragments/homepage.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, ... }: {
virtualisation.oci-containers.containers = {
"homepage" = {
image = "ghcr.io/benphelps/homepage:v0.6.10";
autoStart = true;
ports = [ "127.0.0.1:3000:3000" ];
volumes = [
"/var/lib/homepage:/app/config"
"/var/run/podman/podman.sock:/var/run/docker.sock"
];
};
};
}

36
common/fragments/mastodon.nix
View File

@ -1,36 +0,0 @@
{ config, pkgs, ... }: {
services.mastodon = {
enable = true;
package = pkgs.agatha-mastodon;
localDomain = "technogothic.net";
configureNginx = false;
smtp.fromAddress = "noreply@technogothic.net";
smtp.createLocally = false;
database.passwordFile = "/var/lib/mastodon/secrets/db-password";
streamingProcesses = 4;
elasticsearch = {
host = "127.0.0.1";
inherit (config.services.elasticsearch) port;
};
extraConfig = {
WEB_DOMAIN = "fv.technogothic.net";
GITHUB_REPOSITORY = "AgathaSorceress/mastodon";
AUTHORIZED_FETCH = "true";
MAX_TOOT_CHARS = "6666";
MAX_POLL_OPTIONS = "128";
MAX_POLL_OPTION_CHARS = "512";
EXTRA_DATA_HOSTS = "https://ftp.technogothic.net";
MASTODON_VERSION_METADATA = "AGATHA+AGATHA";
};
};
users.groups.mastodon.members = [ config.services.nginx.user ];
services.elasticsearch = {
enable = true;
cluster_name = "mastodon-es";
package = pkgs.elasticsearch7;
};
}

14
common/fragments/matrix-ril100.nix
View File

@ -1,14 +0,0 @@
{ pkgs, ... }: {
systemd.services.matrix-ril100 = {
wantedBy = [ "multi-user.target" ];
description = "A matrix bot that looks up RIL100 codes and station names";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.matrix-ril100}/bin/matrix-ril100";
WorkingDirectory = "/var/lib/matrix-ril100";
Restart = "always";
};
};
}

16
common/fragments/mc-status-bot.nix
View File

@ -1,16 +0,0 @@
{ pkgs, ... }: {
systemd.services.mc-status-bot = {
wantedBy = [ "multi-user.target" ];
description = "Minecraft server status bot for Matrix";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${
pkgs.callPackage ../pkgs/mc-status-bot.nix { }
}/bin/mc-status-bot.sh";
EnvironmentFile = "/var/lib/secrets/mc-status-bot-env";
Restart = "always";
};
};
}

37
common/fragments/minecraft.nix
View File

@ -1,11 +1,7 @@
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
let
rsyncSSHKeys = config.users.users.agatha.openssh.authorizedKeys.keys;
rsyncSSHKeys = config.users.users.agatha.openssh.authorizedKeys.keys
++ config.users.users.julia.openssh.authorizedKeys.keys;
jre8 = pkgs.temurin-bin-8;
jre17 = pkgs.temurin-bin-17;
@ -37,18 +33,17 @@ let
allow-flight = true;
max-tick-time = 2 * 60 * 1000;
};
in
{
in {
services.modded-minecraft-servers = {
eula = true;
instances = {
# End to End encrypted modded minecraft yay
e2e = {
enable = false;
enable = true;
inherit rsyncSSHKeys jvmOpts;
jvmInitialAllocation = "1G";
jvmInitialAllocation = "2G";
jvmMaxAllocation = "8G";
jvmPackage = jre8;
@ -59,28 +54,10 @@ in
extra-options.level-type = "BIOMESOP";
};
};
enigmatica-8 = {
enable = false;
inherit rsyncSSHKeys jvmOpts;
jvmInitialAllocation = "1G";
jvmMaxAllocation = "8G";
jvmPackage = jre17;
serverConfig = serverDefaults // {
server-port = 25567;
rcon-port = 25568;
motd = "Enigmeowtica 8";
max-tick-time = 300000;
};
};
};
};
systemd.services.mc-e2e.path = with pkgs; [
getconf
gawk
];
systemd.services.mc-e2e.path = with pkgs; [ getconf gawk ];
users.users.agatha.packages = with pkgs; [ mcrcon ];
}

2
common/fragments/nyandroid.nix
View File

@ -1,4 +1,4 @@
{
_: {
virtualisation.oci-containers.containers = {
"nyandroid" = {
image = "registry.gitlab.com/xenua/nyandroid:latest";

22
common/fragments/postgres.nix
View File

@ -1,22 +0,0 @@
{ config, ... }: {
services.postgresql = {
settings = {
max_connections = 200;
shared_buffers = "4GB";
effective_cache_size = "12GB";
maintenance_work_mem = "1GB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 300;
work_mem = "10485kB";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 4;
max_parallel_workers_per_gather = 2;
max_parallel_workers = 4;
max_parallel_maintenance_workers = 2;
};
};
}

11
common/fragments/prometheus_exporters.nix
View File

@ -20,17 +20,6 @@
enable = true;
port = 9003;
};
process = {
enable = true;
port = 9005;
settings.process_names = [
# Remove nix store path from process name
{
name = "{{.Matches.Wrapped}} {{ .Matches.Args }}";
cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ];
}
];
};
};
};

29
common/fragments/prosody.nix
View File

@ -1,29 +0,0 @@
{ config, ... }:
let
ssl = {
cert = "${
config.security.acme.certs."technogothic.net".directory
}/fullchain.pem";
key = "${config.security.acme.certs."technogothic.net".directory}/key.pem";
};
in {
services.prosody = {
enable = true;
admins = [ "Agatha@argent.technogothic.net" ];
inherit ssl;
virtualHosts."argent.technogothic.net" = {
enabled = true;
domain = "argent.technogothic.net";
inherit ssl;
};
muc = [{ domain = "muc.argent.technogothic.net"; }];
uploadHttp.domain = "upload.argent.technogothic.net";
};
users.users."${config.services.prosody.user}".extraGroups =
[ "acme" "nginx" ];
networking.firewall.allowedTCPPorts = [ 5000 5222 5269 5281 ];
}

53
common/fragments/restic.nix
View File

@ -1,53 +0,0 @@
{ config, ... }: {
services.restic.backups.${config.networking.hostName} = {
initialize = true;
repository = "rest:http://10.20.1.2:8000/${config.networking.hostName}/";
passwordFile = "/var/lib/secrets/restic-password";
environmentFile = "/var/lib/secrets/restic-env";
timerConfig = {
OnCalendar = "*-*-* 20:00"; # Daily at 20:00
Persistent = true;
};
paths = [ "/home/agatha" "/mnt/hdd" ];
exclude = [
".Trash*"
".gradle"
"/home/agatha/.XCompose"
"/home/agatha/.Xresources"
"/home/agatha/.cache"
"/home/agatha/.cargo"
"/home/agatha/.config"
"!/home/agatha/.config/gzdoom"
"/home/agatha/.gnupg"
"/home/agatha/.gtkrc-2.0"
"/home/agatha/.java"
"/home/agatha/.local"
"!/home/agatha/.local/share/PrismLauncher"
"/home/agatha/.manpath"
"/home/agatha/.minecraft"
"/home/agatha/.nix-defexpr"
"/home/agatha/.nix-profile"
"/home/agatha/.themes"
"/home/agatha/Desktop"
"/home/agatha/etc/deadname destruction"
"/home/agatha/go"
"/home/agatha/mount"
"/home/agatha/projects/java/**/build"
"/home/agatha/projects/mastodon"
"/home/agatha/projects/rust/**/target"
"/home/agatha/projects/rust/helix/runtime"
"/home/agatha/projects/snek/**/venv"
"__pycache__"
"lost+found"
];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 12" ];
};
systemd.timers."restic-backups-${config.networking.hostName}".after =
[ "network-online.target" ];
}

10
common/fragments/sponsorblock.nix
View File

@ -1,10 +0,0 @@
{
virtualisation.oci-containers.containers = {
"isponsorblocktv" = {
image = "ghcr.io/dmunozv04/isponsorblocktv";
autoStart = true;
volumes = [ "/var/lib/sponsorblock:/app/data" ];
extraOptions = [ "--network=host" ];
};
};
}

39
common/fragments/virt.nix
View File

@ -1,39 +0,0 @@
{ pkgs, lib, ... }:
{
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"amdgpu"
];
kernelParams =
let
gpuIDs = [
"1002:67df" # Graphics
"1002:aaf0" # Audio
];
in
[
# enable IOMMU
"amd_iommu=on"
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs)
];
};
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
services.openssh.settings.X11Forwarding = true;
# Virtualization
virtualisation.libvirtd = {
enable = true;
onBoot = "start";
onShutdown = "shutdown";
};
programs.virt-manager.enable = true;
users.users.agatha.extraGroups = [ "libvirtd" ];
}

3
common/fragments/yubikey.nix
View File

@ -4,8 +4,7 @@
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
enableExtraSocket = true;
pinentryFlavor = "gnome3";
};
services.pcscd.enable = true;

139
common/home_manager/common.nix
View File

@ -1,28 +1,23 @@
{
pkgs,
config,
lib,
...
}:
{
{ pkgs, config, lib, ... }: {
imports = [ ../../common/home_manager/helix.nix ];
home-manager.useGlobalPkgs = true;
home-manager.users.agatha = {
home.username = "agatha";
home.homeDirectory = lib.mkDefault "/home/agatha";
# Fallback for nix-darwin
home.stateVersion = if pkgs.stdenv.isLinux then config.system.stateVersion else "24.05";
home.homeDirectory = "/home/agatha";
home.stateVersion = config.system.stateVersion;
home.packages = with pkgs; [
bat
btop
choose
eza
exa
fd
fzf
gnupg
ouch
ripgrep
tealdeer
zoxide
];
programs = {
@ -35,35 +30,18 @@
signing.key = "33185E0D62AD7294379947D4C37ABADDB597BCA1";
signing.signByDefault = true;
aliases = {
plog = "log --graph --pretty=format:'%h -%d %s -%an %n' --abbrev-commit --date=relative --branches";
plog =
"log --graph --pretty=format:'%h -%d %s -%an %n' --abbrev-commit --date=relative --branches";
pfusch = "push --force-with-lease";
stat = "diff --compact-summary";
undo = "reset --soft HEAD~";
unstage = "restore --staged";
};
extraConfig = {
init = {
defaultBranch = "mistress";
};
core = {
editor = "hx";
};
merge.conflictStyle = "zdiff3";
init = { defaultBranch = "mistress"; };
core = { editor = "hx"; };
rebase.autosquash = true;
pull.rebase = true;
};
delta = {
enable = true;
options = {
blame-format = "{timestamp:<15} {author:<18.18} {commit:<8}";
file-modified-label = "modified:";
hunk-header-decoration-style = "blue ul ol";
line-numbers = true;
navigate = true;
navigate-regex = "^(commit|added:|removed:|renamed:|modified:)";
};
};
};
starship = {
@ -76,11 +54,8 @@
"$character"
"$directory"
];
right_format = lib.concatStrings [
"$git_branch"
" "
"$cmd_duration"
];
right_format =
lib.concatStrings [ "$git_branch" " " "$cmd_duration" ];
character = {
success_symbol = "";
error_symbol = "[ ](purple)";
@ -92,12 +67,10 @@
style = "cyan";
read_only_style = "cyan";
};
cmd_duration = {
min_time = 10000;
};
cmd_duration = { min_time = 10000; };
git_branch = {
format = "$symbol $branch";
symbol = "󰘬";
symbol = "";
};
hostname = {
ssh_only = false;
@ -108,6 +81,11 @@
fish = {
enable = true;
interactiveShellInit = builtins.readFile (pkgs.fetchurl {
url =
"https://git.lain.faith/sorceress/dotfiles/raw/commit/80be649e9663e3db67041192c714329e20b10cc9/.config/fish/config.fish";
sha256 = "sha256-ZZCTXnRZfotksiJj7iVJnLz+XnWHTlIsZzv3gbbZoRQ=";
});
plugins = [
{
name = "fzf";
@ -128,79 +106,6 @@
};
}
];
shellAliases = {
ls = "eza -lhT --classify=always --group-directories-first --level 1";
cat = "bat";
ip = "ip -color=always";
youtube-dl-audio = ''yt-dlp --ignore-errors --output "%(title)s.%(ext)s" --extract-audio --audio-format best'';
rsync = "rsync -az --partial --info=progress2";
};
shellAliases.tailscale = lib.mkIf (
!pkgs.stdenv.isLinux
) "/Applications/Tailscale.app/Contents/MacOS/Tailscale";
functions = {
expand-dot-to-parent-directory-path = ''
# expand ... to ../.. etc
# https://github.com/fish-shell/fish-shell/issues/1891#issuecomment-451961517
# Get commandline up to cursor
set -l cmd (commandline --cut-at-cursor)
# Match last line
switch $cmd[-1]
case '*..'
commandline --insert '/.'
case '*'
commandline --insert '.'
end
'';
impostor = ''
echo $argv[1] | string sub -s 13 | fold -w1 | shuf | tr -d '\n' | sed 's/^/cccccbeujtje/'
'';
};
shellInit = ''
set -Ux AWT_TOOLKIT MToolkit
set -Ux JDK_JAVA_OPTIONS "-Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Djdk.gtk.version=3 -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true"
# Zoxide
set -Ux _ZO_FZF_OPTS "--no-sort --height=30% --exit-0 --select-1 --bind=ctrl-z:ignore"
# Fix locale errors in Nix
set -Ux LOCALE_ARCHIVE /usr/lib/locale/locale-archive
# PATH
set -gx fish_user_paths $fish_user_paths \
/home/agatha/.local/bin \
/home/agatha/.cargo/bin \
/home/agatha/.cabal/bin
if type -q ruby
fish_add_path -a (ruby -e 'print Gem.user_dir')/bin
end
bind . 'expand-dot-to-parent-directory-path'
if test -d ~/.gnupg
set -e SSH_AGENT_PID
set -x SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket)
# so gpg-agent knows in what tty to prompt for key passwords
set -x GPG_TTY (tty)
gpg-connect-agent updatestartuptty /bye > /dev/null
end
'';
};
tealdeer = {
enable = true;
settings = {
updates.auto_update = true;
};
};
zoxide = {
enable = true;
enableFishIntegration = true;
options = [ "--cmd v" ];
};
command-not-found.enable = false;
@ -209,10 +114,6 @@
enableFishIntegration = true;
};
};
home.file.".sqliterc".text = ''
.headers on
.mode column
'';
};
}

499
common/home_manager/helix.nix
View File

@ -1,44 +1,27 @@
{ pkgs, lib, ... }:
{
# Set editor
environment.variables.EDITOR = "hx";
{ pkgs, config, ... }: {
home-manager.users.agatha = {
# Formatters/Language Servers that Helix uses
home.packages = with pkgs; [ nixfmt-rfc-style ];
home.packages = with pkgs; [ nixfmt ];
programs = {
helix = {
enable = true;
package = pkgs.helix;
languages = {
language = [
{
name = "nix";
auto-format = true;
formatter = {
command = "nixfmt";
};
}
];
};
languages = [{
name = "nix";
auto-format = true;
formatter = { command = "nixfmt"; };
}];
settings = {
theme = lib.mkDefault "paramount-dark";
theme = "paramount-dark";
editor = {
middle-click-paste = false;
scroll-lines = 4;
shell = [
"fish"
"-c"
];
shell = [ "fish" "-c" ];
bufferline = "multiple";
statusline = {
left = [
"mode"
"spinner"
"file-name"
];
left = [ "mode" "spinner" "file-name" ];
right = [
"workspace-diagnostics"
"position"
@ -51,9 +34,7 @@
separator = " ";
};
cursor-shape = {
insert = "bar";
};
cursor-shape = { insert = "bar"; };
whitespace.render = {
tab = "all";
@ -75,25 +56,13 @@
keys = {
insert = {
"C-left" = [
"move_prev_word_start"
"collapse_selection"
];
"C-right" = [
"move_next_word_start"
"collapse_selection"
];
"C-left" = [ "move_prev_word_start" "collapse_selection" ];
"C-right" = [ "move_next_word_start" "collapse_selection" ];
};
normal = {
"C-left" = [
"move_prev_word_start"
"collapse_selection"
];
"C-right" = [
"move_next_word_start"
"collapse_selection"
];
"C-left" = [ "move_prev_word_start" "collapse_selection" ];
"C-right" = [ "move_next_word_start" "collapse_selection" ];
"A-d" = "delete_selection";
"d" = "delete_selection_noyank";
};
@ -101,244 +70,210 @@
};
themes = {
paramount-dark =
let
medium_gray = "#767676";
lighter_black = "#4E4E4E";
lighter_gray = "#C6C6C6";
light_red = "#E32791";
orange = "#D75F5F";
light_green = "#5FD7A7";
dark_purple = "#af5fd7";
light_purple = "#a790d5";
dark_yellow = "#A89C14";
in
{
"ui.background" = {
bg = "black";
};
"ui.gutter" = {
bg = "black";
};
"ui.menu.selected" = {
fg = lighter_gray;
bg = light_purple;
};
"comment" = {
fg = lighter_black;
modifiers = [ "italic" ];
};
"constant" = light_purple;
"string" = light_purple;
"variable" = lighter_gray;
"function" = lighter_gray;
"keyword.function" = lighter_gray;
"keyword.control" = medium_gray;
"keyword.control.import" = medium_gray;
"operator" = {
fg = lighter_gray;
modifiers = [ "bold" ];
};
"function.special" = medium_gray;
"type" = lighter_gray;
"tag" = {
fg = medium_gray;
modifiers = [ "italic" ];
};
"punctuation" = {
fg = medium_gray;
};
"ui.linenr" = medium_gray;
"ui.linenr.selected" = {
fg = light_purple;
};
"ui.window" = medium_gray;
"ui.text" = lighter_gray;
"ui.text.focus" = light_purple;
"ui.virtual.whitespace" = lighter_black;
"string.special.url" = {
fg = lighter_gray;
underline = {
color = lighter_gray;
style = "line";
};
modifiers = [ "underlined" ];
};
"markup.link" = {
fg = lighter_gray;
underline = {
color = lighter_gray;
style = "line";
};
modifiers = [ "underlined" ];
};
"diagnostic.error" = {
underline = {
color = light_red;
style = "curl";
};
};
"error" = light_red;
"diagnostic.hint" = {
underline = {
color = lighter_gray;
style = "curl";
};
};
"hint" = lighter_gray;
"ui.selection" = {
fg = lighter_gray;
bg = light_purple;
};
"ui.selection.primary" = {
fg = lighter_gray;
bg = light_purple;
};
"warning" = orange;
"diagnostic.warning" = {
underline = {
color = orange;
style = "curl";
};
};
"diff.plus" = light_green;
"diff.minus" = light_red;
"diff.delta" = dark_yellow;
"ui.cursor" = {
bg = lighter_gray;
};
"ui.cursor.insert" = {
bg = light_purple;
};
"ui.cursor.select" = {
bg = dark_purple;
};
"ui.cursor.match" = {
fg = lighter_gray;
bg = medium_gray;
};
"namespace" = medium_gray;
};
paramount-light =
let
medium_gray = "#767676";
actual_white = "#FFFFFF";
light_black = "#262626";
dark_red = "#C30771";
orange = "#D75F5F";
dark_green = "#10A778";
dark_purple = "#af5fd7";
dark_yellow = "#A89C14";
in
{
inherits = "spacebones_light";
paramount-dark = let
medium_gray = "#767676";
lighter_black = "#4E4E4E";
lighter_gray = "#C6C6C6";
light_red = "#E32791";
orange = "#D75F5F";
light_green = "#5FD7A7";
dark_purple = "#af5fd7";
light_purple = "#a790d5";
dark_yellow = "#A89C14";
in {
inherits = "hex_lavender";
"ui.background" = {
bg = actual_white;
};
"ui.gutter" = {
bg = actual_white;
};
"ui.menu.selected" = {
fg = light_black;
bg = dark_purple;
};
"comment" = {
fg = "dark_gray";
modifiers = [ "italic" ];
};
"constant" = dark_purple;
"string" = dark_purple;
"variable" = light_black;
"variable.parameter" = light_black;
"function" = light_black;
"keyword" = medium_gray;
"keyword.function" = light_black;
"keyword.control" = medium_gray;
"keyword.control.import" = medium_gray;
"operator" = {
fg = light_black;
modifiers = [ "bold" ];
};
"function.special" = medium_gray;
"function.macro" = medium_gray;
"type" = light_black;
"type.builtin" = light_black;
"tag" = {
fg = medium_gray;
modifiers = [ "italic" ];
};
"punctuation" = {
fg = medium_gray;
};
"ui.linenr" = medium_gray;
"ui.linenr.selected" = {
fg = dark_purple;
};
"string.special.url" = {
fg = light_black;
underline = {
color = light_black;
style = "line";
};
modifiers = [ "underlined" ];
};
"markup.link" = {
fg = light_black;
underline = {
color = light_black;
style = "line";
};
modifiers = [ "underlined" ];
};
"diagnostic.error" = {
underline = {
color = dark_red;
style = "curl";
};
};
"error" = dark_red;
"diagnostic.hint" = {
underline = {
color = light_black;
style = "curl";
};
};
"hint" = light_black;
"ui.selection" = {
fg = light_black;
bg = dark_purple;
};
"ui.selection.primary" = {
fg = light_black;
bg = dark_purple;
};
"warning" = orange;
"diagnostic.warning" = {
underline = {
color = orange;
style = "curl";
};
};
"diff.plus" = dark_green;
"diff.minus" = dark_red;
"diff.delta" = dark_yellow;
"ui.cursor" = {
bg = light_black;
};
"ui.cursor.insert" = {
bg = dark_purple;
};
"ui.cursor.select" = {
bg = dark_purple;
};
"ui.cursor.match" = {
fg = light_black;
bg = medium_gray;
};
"namespace" = medium_gray;
"special" = medium_gray;
"ui.background" = { bg = "black"; };
"ui.gutter" = { bg = "black"; };
"ui.menu.selected" = {
fg = lighter_gray;
bg = light_purple;
};
"comment" = {
fg = lighter_black;
modifiers = [ "italic" ];
};
"constant" = light_purple;
"string" = light_purple;
"variable" = lighter_gray;
"function" = lighter_gray;
"keyword.function" = lighter_gray;
"keyword.control" = medium_gray;
"keyword.control.import" = medium_gray;
"operator" = {
fg = lighter_gray;
modifiers = [ "bold" ];
};
"function.special" = medium_gray;
"type" = lighter_gray;
"tag" = {
fg = medium_gray;
modifiers = [ "italic" ];
};
"punctuation" = { fg = medium_gray; };
"ui.linenr" = medium_gray;
"ui.linenr.selected" = { fg = light_purple; };
"string.special.url" = {
fg = lighter_gray;
underline = {
color = lighter_gray;
style = "line";
};
modifiers = [ "underlined" ];
};
"markup.link" = {
fg = lighter_gray;
underline = {
color = lighter_gray;
style = "line";
};
modifiers = [ "underlined" ];
};
"diagnostic.error" = {
underline = {
color = light_red;
style = "curl";
};
};
"error" = light_red;
"diagnostic.hint" = {
underline = {
color = lighter_gray;
style = "curl";
};
};
"hint" = lighter_gray;
"ui.selection" = {
fg = lighter_gray;
bg = light_purple;
};
"ui.selection.primary" = {
fg = lighter_gray;
bg = light_purple;
};
"warning" = orange;
"diagnostic.warning" = {
underline = {
color = orange;
style = "curl";
};
};
"diff.plus" = light_green;
"diff.minus" = light_red;
"diff.delta" = dark_yellow;
"ui.cursor" = { bg = lighter_gray; };
"ui.cursor.insert" = { bg = light_purple; };
"ui.cursor.select" = { bg = dark_purple; };
"ui.cursor.match" = {
fg = lighter_gray;
bg = medium_gray;
};
"namespace" = medium_gray;
};
paramount-light = let
medium_gray = "#767676";
actual_white = "#FFFFFF";
light_black = "#262626";
dark_red = "#C30771";
orange = "#D75F5F";
dark_green = "#10A778";
dark_purple = "#af5fd7";
dark_yellow = "#A89C14";
in {
inherits = "spacebones_light";
"ui.background" = { bg = actual_white; };
"ui.gutter" = { bg = actual_white; };
"ui.menu.selected" = {
fg = light_black;
bg = dark_purple;
};
"comment" = {
fg = "dark_gray";
modifiers = [ "italic" ];
};
"constant" = dark_purple;
"string" = dark_purple;
"variable" = light_black;
"variable.parameter" = light_black;
"function" = light_black;
"keyword" = medium_gray;
"keyword.function" = light_black;
"keyword.control" = medium_gray;
"keyword.control.import" = medium_gray;
"operator" = {
fg = light_black;
modifiers = [ "bold" ];
};
"function.special" = medium_gray;
"function.macro" = medium_gray;
"type" = light_black;
"type.builtin" = light_black;
"tag" = {
fg = medium_gray;
modifiers = [ "italic" ];
};
"punctuation" = { fg = medium_gray; };
"ui.linenr" = medium_gray;
"ui.linenr.selected" = { fg = dark_purple; };
"string.special.url" = {
fg = light_black;
underline = {
color = light_black;
style = "line";
};
modifiers = [ "underlined" ];
};
"markup.link" = {
fg = light_black;
underline = {
color = light_black;
style = "line";
};
modifiers = [ "underlined" ];
};
"diagnostic.error" = {
underline = {
color = dark_red;
style = "curl";
};
};
"error" = dark_red;
"diagnostic.hint" = {
underline = {
color = light_black;
style = "curl";
};
};
"hint" = light_black;
"ui.selection" = {
fg = light_black;
bg = dark_purple;
};
"ui.selection.primary" = {
fg = light_black;
bg = dark_purple;
};
"warning" = orange;
"diagnostic.warning" = {
underline = {
color = orange;
style = "curl";
};
};
"diff.plus" = dark_green;
"diff.minus" = dark_red;
"diff.delta" = dark_yellow;
"ui.cursor" = { bg = light_black; };
"ui.cursor.insert" = { bg = dark_purple; };
"ui.cursor.select" = { bg = dark_purple; };
"ui.cursor.match" = {
fg = light_black;
bg = medium_gray;
};
"namespace" = medium_gray;
"special" = medium_gray;
};
};
};
};

71
common/linux-specific.nix
View File

@ -1,71 +0,0 @@
{ config, ... }:
{
imports = [ ./users ];
## Optimizations
# Clean /tmp
boot.tmp.cleanOnBoot = true;
# Garbage collection
nix.gc.dates = "weekly";
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
settings.PasswordAuthentication = false;
};
services.earlyoom = {
enable = true;
freeSwapThreshold = 5;
freeMemThreshold = 5;
extraArgs = [
"-g"
"--avoid '^(sshd|systemd.*|tailscale.*|)$'"
];
};
# Fix Wireguard and Tailscale with NetworkManager
networking.firewall = {
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
services.tailscale.enable = true;
}

32
common/pkgs/bin.nix
View File

@ -1,36 +1,18 @@
{ pkgs }:
{ rustPlatform, fetchFromGitHub }:
pkgs.rustPlatform.buildRustPackage rec {
pname = "bin";
version = "e8fac0f0c8c9b48e3933c6f4a9e607a99cc97cf8";
rustPlatform.buildRustPackage rec {
name = "bin";
version = "3bbd64611f2a5dee91528976f6db17ff9844315a";
src = pkgs.fetchFromGitHub {
src = fetchFromGitHub {
owner = "WantGuns";
repo = pname;
repo = name;
rev = version;
sha256 = "sha256-c5iuk1T3x17iEbLAno716pkQkRtVsB0UJzgIrR64Uec=";
sha256 = "0lyx8n4rpnyd7c6yjx8aa3zwxlfwj3db0ykrxdvlsaw4wrqlfk7i";
};
# Use custom syntax highlighting theme
preBuild = ''
cp ${
../../external/paramount-dark.tmTheme
} resources/themes/paramount-dark.tmTheme
substituteInPlace src/models/pretty.rs \
--replace "ayu_dark.tmTheme" "paramount-dark.tmTheme" \
substituteInPlace static/css/index.css static/css/pretty.css templates/* \
--replace "#0f1419" "#000000" \
--replace "#f29718" "#a790d5" \
--replace "#F29718" "#a790d5" \
--replace "#be7611" "#8673aa"
'';
cargoLock = { lockFile = "${src}/Cargo.lock"; };
nativeBuildInputs = [ pkgs.git ];
meta = {
description = "highly opinionated, minimal pastebin";
homepage = "https://github.com/WantGuns/bin";

167
common/pkgs/mastodon/default.nix
View File

@ -1,167 +0,0 @@
{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests, yarn-berry, callPackage
, imagemagick, ffmpeg, file, ruby, writeShellScript, brotli
# Allow building a fork or custom version of Mastodon:
, pname ? "mastodon", version ? srcOverride.version, patches ? [ ]
# src is a package
, srcOverride ? callPackage ./source.nix { inherit patches; }
, gemset ? ./. + "/gemset.nix", yarnHash ? srcOverride.yarnHash }:
stdenv.mkDerivation rec {
inherit pname version;
src = srcOverride;
mastodonGems = bundlerEnv {
name = "${pname}-gems-${version}";
inherit version gemset ruby;
gemdir = src;
# This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem
# symlinks with directories, resolving this error when running rake:
# /nix/store/451rhxkggw53h7253izpbq55nrhs7iv0-mastodon-gems-3.0.1/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:6:in `<module:Bundler>': uninitialized constant Bundler::Settings (NameError)
postBuild = ''
for gem in "$out"/lib/ruby/gems/*/gems/*; do
cp -a "$gem/" "$gem.new"
rm "$gem"
# needed on macOS, otherwise the mv yields permission denied
chmod +w "$gem.new"
mv "$gem.new" "$gem"
done
'';
};
mastodonModules = stdenv.mkDerivation {
pname = "${pname}-modules";
inherit src version;
yarnOfflineCache = callPackage ./yarn.nix {
src = srcOverride;
hash = yarnHash;
};
nativeBuildInputs =
[ nodejs-slim yarn-berry mastodonGems mastodonGems.wrappedRuby brotli ];
RAILS_ENV = "production";
NODE_ENV = "production";
buildPhase = ''
runHook preBuild
export HOME=$PWD
# This option is needed for openssl-3 compatibility
# Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
export NODE_OPTIONS=--openssl-legacy-provider
export YARN_ENABLE_TELEMETRY=0
mkdir -p ~/.yarn/berry
ln -sf $yarnOfflineCache ~/.yarn/berry/cache
yarn install --immutable --immutable-cache
patchShebangs ~/bin
patchShebangs ~/node_modules
# skip running yarn install
rm -rf ~/bin/yarn
OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
rails assets:precompile
yarn cache clean
rm -rf ~/node_modules/.cache
# Create missing static gzip and brotli files
gzip --best --keep ~/public/assets/500.html
gzip --best --keep ~/public/packs/report.html
find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
-exec gzip --best --keep --force {} ';'
brotli --best --keep ~/public/packs/report.html
find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
-exec brotli --best --keep {} ';'
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/public
cp -r node_modules $out/node_modules
cp -r public/assets $out/public
cp -r public/packs $out/public
runHook postInstall
'';
};
propagatedBuildInputs = [ imagemagick ffmpeg file mastodonGems.wrappedRuby ];
buildInputs = [ mastodonGems nodejs-slim ];
buildPhase = ''
runHook preBuild
ln -s $mastodonModules/node_modules node_modules
ln -s $mastodonModules/public/assets public/assets
ln -s $mastodonModules/public/packs public/packs
patchShebangs bin/
for b in $(ls $mastodonGems/bin/)
do
if [ ! -f bin/$b ]; then
ln -s $mastodonGems/bin/$b bin/$b
fi
done
# Remove execute permissions
chmod 0444 public/emoji/*.svg
# Create missing static gzip and brotli files
find public -maxdepth 1 -type f -regextype posix-extended -iregex '.*\.(css|js|svg|txt|xml)' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
find public/emoji -type f -name '.*.svg' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
ln -s assets/500.html.gz public/500.html.gz
ln -s assets/500.html.br public/500.html.br
ln -s packs/sw.js.gz public/sw.js.gz
ln -s packs/sw.js.br public/sw.js.br
ln -s packs/sw.js.map.gz public/sw.js.map.gz
ln -s packs/sw.js.map.br public/sw.js.map.br
rm -rf log
ln -s /var/log/mastodon log
ln -s /tmp tmp
runHook postBuild
'';
installPhase = let
run-streaming = writeShellScript "run-streaming.sh" ''
# NixOS helper script to consistently use the same NodeJS version the package was built with.
${nodejs-slim}/bin/node ./streaming
'';
in ''
runHook preInstall
mkdir -p $out
cp -r * $out/
ln -s ${run-streaming} $out/run-streaming.sh
runHook postInstall
'';
passthru = {
tests.mastodon = nixosTests.mastodon;
# run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon
updateScript = ./update.sh;
};
meta = with lib; {
description =
"Self-hosted, globally interconnected microblogging software based on ActivityPub";
homepage = "https://joinmastodon.org";
license = licenses.agpl3Plus;
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
maintainers = with maintainers; [ happy-river erictapen izorkin ghuntley ];
};
}

3383
common/pkgs/mastodon/gemset.nix
View File

File diff suppressed because it is too large Load Diff

27
common/pkgs/mastodon/source.nix
View File

@ -1,27 +0,0 @@
# This file was generated by pkgs.mastodon.updateScript.
{ lib, fetchFromGitHub, applyPatches, postPatch ? "", patches ? [ ], gawk
, gnused, yarn-berry }:
let version = "f571dbe35dbc4876f9ca76b3f6d459839c67a2ef";
in (applyPatches {
src = fetchFromGitHub {
owner = "AgathaSorceress";
repo = "mastodon";
rev = "${version}";
sha256 = "3ZJMiciV0muv5j468hEKJUZGDhKcNCJnDFn6ZqKM1F4=";
};
inherit patches;
nativeBuildInputs = [ gawk gnused ];
postPatch = postPatch
+ lib.optionalString (lib.versionAtLeast yarn-berry.version "4.1.0") ''
# this is for yarn starting with 4.1.0 because fuck everything amirite
# see also https://github.com/yarnpkg/berry/pull/6083
echo "patching cachekey in yarn.lock"
cacheKey="$(awk -e '/cacheKey:/ {print $2}' yarn.lock)"
sed -i -Ee 's|^ checksum: ([^/]*)$| checksum: '$cacheKey'/\1|g;' yarn.lock
'';
}) // {
inherit version;
yarnHash = "sha256-wdEunwUsV/IaJvNq+YIqRXNKLBrqPeeL5Ig+33dT/AY=";
}

101
common/pkgs/mastodon/update.sh
View File

@ -1,101 +0,0 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-github gnused jq prefetch-yarn-deps
set -e
OWNER=mastodon
REPO=mastodon
POSITIONAL=()
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
--owner)
OWNER="$2"
shift # past argument
shift # past value
;;
--repo)
REPO="$2"
shift # past argument
shift # past value
;;
--rev)
REVISION="$2"
shift # past argument
shift # past value
;;
--patches)
PATCHES="$2"
shift # past argument
shift # past value
;;
*) # unknown option
POSITIONAL+=("$1")
shift # past argument
;;
esac
done
if [[ -n "$POSITIONAL" ]]; then
echo "Usage: update.sh [--owner OWNER] [--repo REPO] [--rev REVISION] [--patches PATCHES]"
echo "OWNER and REPO must be paths on github."
echo "If OWNER and REPO are not provided, it defaults they default to mastodon and mastodon."
echo "PATCHES, if provided, should be one or more Nix expressions separated by spaces."
exit 1
fi
rm -f gemset.nix source.nix
cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1
WORK_DIR=$(mktemp -d)
# Check that working directory was created.
if [[ -z "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
echo "Could not create temporary directory"
exit 1
fi
# Delete the working directory on exit.
function cleanup {
# Report errors, if any, from nix-prefetch-git
grep "fatal" $WORK_DIR/nix-prefetch-git.out >/dev/stderr || true
rm -rf "$WORK_DIR"
}
trap cleanup EXIT
echo "Fetching source code $REVISION"
JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
HASH=$(echo "$JSON" | jq -r .sha256)
cat > source.nix << EOF
# This file was generated by pkgs.mastodon.updateScript.
{ fetchFromGitHub, applyPatches, patches ? [] }:
let
version = "$REVISION";
in
(
applyPatches {
src = fetchFromGitHub {
owner = "$OWNER";
repo = "$REPO";
rev = "\${version}";
sha256 = "$HASH";
};
patches = patches ++ [$PATCHES];
}) // {
inherit version;
yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
}
EOF
SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
echo "Creating gemset.nix"
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
echo "" >> gemset.nix # Create trailing newline to please EditorConfig checks
# echo "Creating yarn-hash.nix"
# YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")"
# YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
# sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix
sed -i -Ee "s|^( *yarnHash = )\".*\";|\\1\"\";|g;" ./source.nix

39
common/pkgs/mastodon/yarn.nix
View File

@ -1,39 +0,0 @@
{ stdenvNoCC, yarn-berry, cacert, src, hash }:
stdenvNoCC.mkDerivation {
pname = "yarn-deps";
version = hash;
nativeBuildInputs = [ yarn-berry cacert ];
inherit src;
dontInstall = true;
NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
mkdir -p $out
export HOME=$(mktemp -d)
echo $HOME
export YARN_ENABLE_TELEMETRY=0
export YARN_COMPRESSION_LEVEL=0
cache="$(yarn config get cacheFolder)"
if ! yarn install --immutable --mode skip-build; then
cp yarn.lock yarn.lock.bak
yarn install --mode skip-build
diff -u yarn.lock.bak yarn.lock
echo "yarn build failed! diff generated as yarn.lock.diff"
pwd
exit 1
fi
cp -r $cache/* $out/
'';
outputHashAlgo = "sha256";
outputHash = hash;
outputHashMode = "recursive";
}

21
common/pkgs/mc-status-bot.nix
View File

@ -1,21 +0,0 @@
{ pkgs }:
with pkgs;
stdenv.mkDerivation rec {
pname = "mc-status-bot";
version = "0.1.0";
src = fetchgit {
url = "https://git.lain.faith/sorceress/e8-status-bot.git";
rev = "c35abf0aba0ca524bc1d3dab9576b41e2b319138";
hash = "sha256-sK0Azd/3ymk5Jsj/GYmNJvYh9fMXFozTuWZhKnYTGbs=";
};
buildInputs = [ curl jq ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp run.sh $out/bin/mc-status-bot.sh
wrapProgram $out/bin/mc-status-bot.sh \
--prefix PATH : ${lib.makeBinPath buildInputs}
'';
}

58
common/pkgs/vampysite.nix Normal file
View File

@ -0,0 +1,58 @@
{ pkgs, lib, ... }:
let
version = "10768ce069f5c08e8e4393c494f0c6900922170c";
repo = pkgs.fetchgit {
url = "https://git.lain.faith/sorceress/vampysite.git";
rev = version;
sha256 = "1lniwqyhj6r3pwwd4qp01yhfxjbwclw5dn58dgf4kk45f9qgniy3";
};
patched_pkgs = import (builtins.fetchTarball
"https://github.com/AgathaSorceress/nixpkgs/tarball/image-optim-pack-cleanup") {
inherit (pkgs) config;
};
jekyll_env = patched_pkgs.bundlerEnv {
name = "jekyll_env";
inherit (pkgs) ruby;
gemdir = "${repo}/.";
};
image_optim_deps = with pkgs; [
pngout
advancecomp
optipng
pngquant
jhead
jpegoptim
jpeg-archive
libjpeg
];
in pkgs.stdenv.mkDerivation {
inherit version;
name = "vampysite";
src = repo;
buildInputs = with pkgs; [
jekyll_env
# nokogiri dependencies
zlib
libiconv
libxml2
libxslt
# jekyll wants a JS runtime
nodejs-slim
];
buildPhase = ''
export PATH="${lib.escapeShellArg (lib.makeBinPath image_optim_deps)}":$PATH
bundle exec jekyll build
'';
installPhase = ''
mkdir -p $out
cp -r _site/* $out/
'';
}

17
common/remote-builds.nix
View File

@ -1,17 +0,0 @@
{
nix.distributedBuilds = true;
nix.buildMachines = [
{
hostName = "tears";
systems = [
"x86_64-linux"
"i686-linux"
];
supportedFeatures = [ "big-parallel" ];
maxJobs = 4;
sshUser = "root";
sshKey = "/Users/agatha/Projects/nix-infra/secrets/id_ed25519-nix-builder";
}
];
}

9
common/users/default.nix
View File

@ -1,14 +1,9 @@
{ config, pkgs, ... }:
{
{ config, pkgs, ... }: {
users.users = {
agatha = {
isNormalUser = true;
description = "Agatha Valentine Lovelace";
extraGroups = [
"networkmanager"
"wheel"
"docker"
];
extraGroups = [ "networkmanager" "wheel" "docker" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [

13
common/users/julia.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, ... }: {
users.users = {
julia = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIa/G3M13aVJpOIX8U/5duiGiNNGmM88/0k0+o0EUGRI cardno:20 876 680"
];
};
};
}

BIN
external/6.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.7 MiB

247
external/paramount-dark.tmTheme vendored
View File

@ -1,247 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- Color Theme paramount-dark, created by Oskar Wickström .
Created with ThemeCreator, https://github.com/mswift42/themecreator -->
<plist version="1.0">
<dict>
<key>author</key>
<string> Oskar Wickström</string>
<key>name</key>
<string>paramount-dark</string>
<key>settings</key>
<array>
<dict>
<key>settings</key>
<dict>
<key>background</key>
<string>#000000</string>
<key>caret</key>
<string>#292929</string>
<key>foreground</key>
<string>#C6C6C6</string>
<key>invisibles</key>
<string>#292929</string>
<key>lineHighlight</key>
<string>#141414</string>
<key>selection</key>
<string>#292929</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Comment</string>
<key>scope</key>
<string>comment</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#4E4E4E</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Foreground</string>
<key>scope</key>
<string>keyword.operator.class, constant.other, source.php.embedded.line</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a6a6a6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Variable, String Link, Regular Expression, Tag Name, GitGutter deleted</string>
<key>scope</key>
<string>variable, support.other.variable, string.other.link, string.regexp, entity.name.tag, entity.other.attribute-name, meta.tag, declaration.tag, markup.deleted.git_gutter</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Number, Constant, Function Argument, Tag Attribute, Embedded</string>
<key>scope</key>
<string>constant.numeric, constant.language, support.constant, constant.character, variable.parameter, punctuation.section.embedded, keyword.other.unit</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a790d5</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Class, Support</string>
<key>scope</key>
<string>entity.name.class, entity.name.type.class, support.type, support.class</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>String, Symbols, Inherited Class, Markup Heading, GitGutter inserted</string>
<key>scope</key>
<string>string, constant.other.symbol, entity.other.inherited-class, entity.name.filename, markup.heading, markup.inserted.git_gutter</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a790d5</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Operator, Misc</string>
<key>scope</key>
<string>keyword.operator, constant.other.color</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Function, Special Method, Block Level, GitGutter changed</string>
<key>scope</key>
<string>entity.name.function, meta.function-call, support.function, keyword.other.special-method, meta.block-level, markup.changed.git_gutter</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Keyword, Storage</string>
<key>scope</key>
<string>keyword, storage, storage.type</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string>bold</string>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Invalid</string>
<key>scope</key>
<string>invalid</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#E32791</string>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Separator</string>
<key>scope</key>
<string>meta.separator</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Deprecated</string>
<key>scope</key>
<string>invalid.deprecated</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#a790d5</string>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#000000</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff foreground</string>
<key>scope</key>
<string>markup.inserted.diff, markup.deleted.diff, meta.diff.header.to-file, meta.diff.header.from-file</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#fafafa</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff insertion</string>
<key>scope</key>
<string>markup.inserted.diff, meta.diff.header.to-file</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#123d0f</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff deletion</string>
<key>scope</key>
<string>markup.deleted.diff, meta.diff.header.from-file</string>
<key>settings</key>
<dict>
<key>background</key>
<string></string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff header</string>
<key>scope</key>
<string>meta.diff.header.from-file, meta.diff.header.to-file</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string></string>
<key>background</key>
<string></string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff range</string>
<key>scope</key>
<string>meta.diff.range</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string>italic</string>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
</array>
<key>uuid</key>
<string></string>
<key>colorSpaceName</key>
<string>sRGB</string>
</dict>
</plist>

762
flake.lock
View File

@ -1,56 +1,13 @@
{
"nodes": {
"ccase": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils"
},
"locked": {
"lastModified": 1692717252,
"narHash": "sha256-TQJkvANms/5Mzh1J4qsEYOrlML17dVv7MYEoN4Z/gm0=",
"owner": "rutrum",
"repo": "ccase",
"rev": "7ca56557d0cc69641e0d0c5ae9370c48f4cce09d",
"type": "github"
},
"original": {
"owner": "rutrum",
"repo": "ccase",
"type": "github"
}
},
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs-unstable"
],
"stable": "stable"
},
"locked": {
"lastModified": 1685370160,
"narHash": "sha256-7EAZtvHZBN4CFbUWznQicGL/g2+A/9w5JUl88xWmxkI=",
"owner": "AgathaSorceress",
"repo": "colmena",
"rev": "f279530ba0ca33f30fc3ae386ae5487e8d926460",
"type": "github"
},
"original": {
"owner": "AgathaSorceress",
"repo": "colmena",
"type": "github"
}
},
"crane": {
"flake": false,
"locked": {
"lastModified": 1727974419,
"narHash": "sha256-WD0//20h+2/yPGkO88d2nYbb23WMWYvnRyDQ9Dx4UHg=",
"lastModified": 1670900067,
"narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=",
"owner": "ipetkov",
"repo": "crane",
"rev": "37e4f9f0976cb9281cd3f0c70081e5e0ecaee93f",
"rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b",
"type": "github"
},
"original": {
@ -59,23 +16,79 @@
"type": "github"
}
},
"dream2nix": {
"inputs": {
"alejandra": [
"helix",
"nci"
],
"all-cabal-json": [
"helix",
"nci"
],
"crane": "crane",
"devshell": [
"helix",
"nci"
],
"flake-parts": [
"helix",
"nci",
"parts"
],
"flake-utils-pre-commit": [
"helix",
"nci"
],
"ghc-utils": [
"helix",
"nci"
],
"gomod2nix": [
"helix",
"nci"
],
"mach-nix": [
"helix",
"nci"
],
"nix-pypi-fetcher": [
"helix",
"nci"
],
"nixpkgs": [
"helix",
"nci",
"nixpkgs"
],
"poetry2nix": [
"helix",
"nci"
],
"pre-commit-hooks": [
"helix",
"nci"
],
"pruned-racket-catalog": [
"helix",
"nci"
]
},
"locked": {
"lastModified": 1677289985,
"narHash": "sha256-lUp06cTTlWubeBGMZqPl9jODM99LpWMcwxRiscFAUJg=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "28b973a8d4c30cc1cbb3377ea2023a76bc3fb889",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "dream2nix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@ -107,42 +120,6 @@
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -157,58 +134,19 @@
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"frq-friend": {
"inputs": {
"naersk": "naersk",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_2"
},
"locked": {
"lastModified": 1704635792,
"narHash": "sha256-18cwml0k6g7wWkPlFtORFt/eVf6vxu/g2fEr8LrEQIE=",
"ref": "refs/heads/main",
"rev": "fa324fbf2651f33f1d3557c058f5fbf8e985e624",
"revCount": 6,
"type": "git",
"url": "https://git.xenua.me/xenua/fedi-frq-friend"
},
"original": {
"type": "git",
"url": "https://git.xenua.me/xenua/fedi-frq-friend"
}
},
"helix": {
"inputs": {
"crane": "crane",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs-unstable"
],
"nci": "nci",
"nixpkgs": "nixpkgs",
"parts": "parts_2",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1732579614,
"narHash": "sha256-LREXerN4a4DHG38a2KZPum7E/OKNhYgrBtU6AsD5SnQ=",
"lastModified": 1678284394,
"narHash": "sha256-oEXCoNxfEmxqGuYxW7cLwINW70jeRrYqgOC40G1WBr8=",
"owner": "helix-editor",
"repo": "helix",
"rev": "80709cee610f1758af1e62d53bde2eb8aa706a0c",
"rev": "34be71fb50738a7e9d9e5ee5090680a0d84a321c",
"type": "github"
},
"original": {
@ -221,58 +159,23 @@
"inputs": {
"nixpkgs": [
"nixpkgs"
]
],
"utils": "utils"
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"lastModified": 1678271387,
"narHash": "sha256-H2dv/i1LRlunRtrESirELzfPWdlG/6ElDB1ksO529H4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"rev": "36999b8d19eb6eebb41983ef017d7e0095316af2",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1723503926,
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_3",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1723510904,
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
}
},
"lowdown-src": {
"flake": false,
"locked": {
@ -289,32 +192,26 @@
"type": "github"
}
},
"matrix-ril100": {
"inputs": {
"naersk": "naersk_2",
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils_3"
},
"mk-naked-shell": {
"flake": false,
"locked": {
"lastModified": 1688054487,
"narHash": "sha256-KHNG+9lWqsWVA1Xqkb2BJDKuRlrNV8q2CmQLk7vzuH8=",
"ref": "refs/heads/mistress",
"rev": "fd949bede48ee1283e6917018090b2a3fb50db79",
"revCount": 2,
"type": "git",
"url": "https://git.lain.faith/sorceress/matrix-ril100"
"lastModified": 1676572903,
"narHash": "sha256-oQoDHHUTxNVSURfkFcYLuAK+btjs30T4rbEUtCUyKy8=",
"owner": "yusdacra",
"repo": "mk-naked-shell",
"rev": "aeca9f8aa592f5e8f71f407d081cb26fd30c5a57",
"type": "github"
},
"original": {
"type": "git",
"url": "https://git.lain.faith/sorceress/matrix-ril100"
"owner": "yusdacra",
"repo": "mk-naked-shell",
"type": "github"
}
},
"mms": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_4",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"nix": "nix",
"nixpkgs": [
"nixpkgs"
@ -334,70 +231,38 @@
"type": "github"
}
},
"naersk": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1679567394,
"narHash": "sha256-ZvLuzPeARDLiQUt6zSZFGOs+HZmE+3g4QURc8mkBsfM=",
"owner": "nix-community",
"repo": "naersk",
"rev": "88cd22380154a2c36799fe8098888f0f59861a15",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"naersk_2": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1687852486,
"narHash": "sha256-2rXkhKUVQxbVaC+TITPpILiy/dSbordOLs87eoWHYxA=",
"owner": "nix-community",
"repo": "naersk",
"rev": "df10963b956962913b693a638746a95d6c506404",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"naersk_3": {
"nci": {
"inputs": {
"dream2nix": "dream2nix",
"mk-naked-shell": "mk-naked-shell",
"nixpkgs": [
"url-eater",
"helix",
"nixpkgs"
],
"parts": "parts",
"rust-overlay": [
"helix",
"rust-overlay"
]
},
"locked": {
"lastModified": 1698420672,
"narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=",
"owner": "nix-community",
"repo": "naersk",
"rev": "aeb58d5e8faead8980a807c840232697982d47b9",
"lastModified": 1677297103,
"narHash": "sha256-ArlJIbp9NGV9yvhZdV0SOUFfRlI/kHeKoCk30NbSiLc=",
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"rev": "a79272a2cb0942392bb3a5bf9a3ec6bc568795b2",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "naersk",
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_2",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
@ -414,52 +279,36 @@
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
]
},
"locked": {
"lastModified": 1732420287,
"narHash": "sha256-CzvYF4x6jUh/+NEEIFrIY5t1W/N3IA2bNZJiMXu9GTo=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "3c52583b99666a349a6219dc1f0dd07d75c82d6a",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1681272286,
"narHash": "sha256-9X5p+gwYrowgbsRgkf14HFI0fkr6UikuwRIQAMlF1yI=",
"owner": "NixOS",
"lastModified": 1677063315,
"narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6b70761ea8c896aff8994eb367d9526686501860",
"rev": "988cc958c57ce4350ec248d2d53087777f9e1949",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-darwin": {
"nixpkgs-lib": {
"locked": {
"lastModified": 1730891215,
"narHash": "sha256-i85DPrhDuvzgvIWCpJlbfM2UFtNYbapo20MtQXsvay4=",
"dir": "lib",
"lastModified": 1675183161,
"narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c128e44a249d6180740d0a979b6480d5b795c013",
"rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixpkgs-24.05-darwin",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -480,37 +329,7 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1732238832,
"narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1687946342,
"narHash": "sha256-vRxti8pOuXS0rJmqjbD8ueEEFXWSK22ISHoCWkhgzzg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1c851e8c92b76a00ce84167984a7ec7ba2b1f29c",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1657693803,
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
@ -526,69 +345,83 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_3": {
"locked": {
"lastModified": 1731797254,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"lastModified": 1678137616,
"narHash": "sha256-T+lWTRdcYaOnZQW+Ehdlg+YldC2l9cq2GXJFPq22Nxc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"rev": "7edcdf7b169c33cd3eef9aba50521ce93ee666b8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"parts": {
"inputs": {
"nixpkgs-lib": [
"helix",
"nci",
"nixpkgs"
]
},
"locked": {
"lastModified": 1675933616,
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"nixpkgs_5": {
"parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1682092588,
"narHash": "sha256-NjKBPnScpbGiH/YOx74DIFOVkr5AKJOVZoy0l7J58gk=",
"owner": "AgathaSorceress",
"repo": "nixpkgs",
"rev": "bdd3dc5aa8435b66f14636550223a9b3a50e534d",
"lastModified": 1675933616,
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
"type": "github"
},
"original": {
"owner": "AgathaSorceress",
"ref": "image-optim-pack-cleanup",
"repo": "nixpkgs",
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"root": {
"inputs": {
"ccase": "ccase",
"colmena": "colmena",
"frq-friend": "frq-friend",
"helix": "helix",
"home-manager": "home-manager",
"lix-module": "lix-module",
"matrix-ril100": "matrix-ril100",
"mms": "mms",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_4",
"nixpkgs-darwin": "nixpkgs-darwin",
"nixpkgs-unstable": "nixpkgs-unstable",
"url-eater": "url-eater",
"vampysite": "vampysite"
"nixpkgs": "nixpkgs_3"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"helix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728268235,
"narHash": "sha256-lJMFnMO4maJuNO6PQ5fZesrTmglze3UFTTBuKGwR1Nw=",
"lastModified": 1677292251,
"narHash": "sha256-D+6q5Z2MQn3UFJtqsM5/AvVHi3NXKZTIMZt1JGq/spA=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "25685cc2c7054efc31351c172ae77b21814f2d42",
"rev": "34cdbf6ad480ce13a6a526f57d8b9e609f3d65dc",
"type": "github"
},
"original": {
@ -597,159 +430,13 @@
"type": "github"
}
},
"stable": {
"locked": {
"lastModified": 1669735802,
"narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "731cc710aeebecbf45a258e977e8b68350549522",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"url-eater": {
"inputs": {
"naersk": "naersk_3",
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils_4"
},
"locked": {
"lastModified": 1710529176,
"narHash": "sha256-TuDrnw1USxWsGQMQuX50D69A3Z555vC0Q0knYcd/qGE=",
"owner": "AgathaSorceress",
"repo": "url-eater",
"rev": "21be820dcd6fa5c91e9a46fb8c72f13db631ed54",
"type": "github"
},
"original": {
"owner": "AgathaSorceress",
"repo": "url-eater",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
@ -757,97 +444,6 @@
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_3": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_4": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_5": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"vampysite": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"utils": "utils_5"
},
"locked": {
"lastModified": 1717180338,
"narHash": "sha256-g2ZNMpqJ4IARjXY8FX4UUfF4p9Unc01w8RzFYEONXlE=",
"ref": "refs/heads/mistress",
"rev": "1adcc3630a6c626f61dac989fffd661dbb4946ef",
"revCount": 21,
"type": "git",
"url": "https://git.lain.faith/sorceress/vampysite"
},
"original": {
"type": "git",
"url": "https://git.lain.faith/sorceress/vampysite"
}
}
},
"root": "root",

310
flake.nix
View File

@ -1,289 +1,73 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-24.05-darwin";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
vampysite.url = "git+https://git.lain.faith/sorceress/vampysite";
nixpkgs.url = "nixpkgs/nixos-22.11";
home-manager = {
url = "github:nix-community/home-manager/release-24.05";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-darwin = {
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
mms = {
url = "github:mkaito/nixos-modded-minecraft-servers";
inputs.nixpkgs.follows = "nixpkgs";
};
url-eater = {
url = "github:AgathaSorceress/url-eater";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
matrix-ril100 = {
url = "git+https://git.lain.faith/sorceress/matrix-ril100";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# Latest colmena + prettier loading icons
colmena = {
url = "github:AgathaSorceress/colmena";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
frq-friend = {
url = "git+https://git.xenua.me/xenua/fedi-frq-friend";
inputs.nixpkgs.follows = "nixpkgs";
};
helix = {
url = "github:helix-editor/helix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
ccase = {
url = "github:rutrum/ccase";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
helix.url = "github:helix-editor/helix";
};
outputs =
{
nixpkgs,
nixpkgs-unstable,
nixpkgs-darwin,
lix-module,
home-manager,
nix-darwin,
mms,
helix,
url-eater,
matrix-ril100,
frq-friend,
colmena,
vampysite,
ccase,
...
}:
let
mkOverlays = system: config: [
(final: prev: {
helix =
let
helix-pkgs = helix.packages.${final.system};
in
helix-pkgs.helix.passthru.wrapper (
helix-pkgs.helix-unwrapped.overrideAttrs {
preInstall = ''
substituteInPlace contrib/Helix.desktop \
--replace "Exec=hx %F" "Exec=kitty hx %F" \
--replace "Terminal=true" "Terminal=false"
'';
}
);
frq-friend = frq-friend.packages.${final.system}.default;
vampysite = vampysite.packages.${final.system}.default;
matrix-ril100 = matrix-ril100.packages.${final.system}.default;
ccase = ccase.packages.${final.system}.default;
outputs = { nixpkgs, home-manager, mms, helix, ... }: {
colmena = {
network = {
description = "Agatha's Nix Infra";
# Unstable packages
unstable = import nixpkgs-unstable { inherit system config; };
})
colmena.overlay
lix-module.overlays.default
];
in
{
colmena = {
network = {
description = "Agatha's Nix Infra";
nixpkgs = import nixpkgs rec {
system = "x86_64-linux";
config.allowUnfree = true;
overlays = mkOverlays system config;
};
};
bloodletting = {
imports = [
./common
./common/linux-specific.nix
./hosts/bloodletting/configuration.nix
(import "${home-manager}/nixos")
mms.module
nixpkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [
(final: prev: { helix = helix.packages.${final.system}.default; })
];
deployment = {
targetUser = "root";
targetHost = "technogothic.net";
tags = [ "prod" ];
keys = {
"nyandroid-token" = {
keyCommand = [
"cat"
"./secrets/nyandroid-token"
];
destDir = "/var/lib/secrets/";
};
"hurricane-tokens" = {
keyCommand = [
"cat"
"./secrets/hurricane-tokens"
];
destDir = "/var/lib/secrets/";
};
"mc-status-bot-env" = {
keyCommand = [
"cat"
"./secrets/mc-status-bot-env"
];
destDir = "/var/lib/secrets";
};
"fedi-data.toml" = {
keyCommand = [
"cat"
"./secrets/frq-friend-fedi-data.toml"
];
destDir = "/var/lib/frq-friend";
};
"ril100-bot-secrets" = {
keyCommand = [
"cat"
"./secrets/ril100-bot-secrets"
];
destDir = "/var/lib/matrix-ril100";
name = ".env";
};
};
};
};
watchtower = {
imports = [
./common
./common/linux-specific.nix
./hosts/watchtower/configuration.nix
(import "${home-manager}/nixos")
];
deployment = {
targetUser = "root";
targetHost = "watchtower";
tags = [ "prod" ];
keys = {
"hetzner-env" = {
keyCommand = [
"cat"
"./secrets/hetzner-env"
];
destDir = "/var/lib/secrets/";
};
"gocryptfs-pass" = {
keyCommand = [
"cat"
"./secrets/gocryptfs-pass"
];
destDir = "/var/lib/secrets/";
};
};
};
};
tears = {
imports = [
./common
./common/linux-specific.nix
./hosts/tears/configuration.nix
./common/options.nix
(import "${home-manager}/nixos")
url-eater.nixosModules.default
];
deployment = {
targetUser = "root";
targetHost = "tears";
tags = [ "home" ];
allowLocalDeployment = true;
keys = {
"restic-password" = {
keyCommand = [
"cat"
"./secrets/restic-password"
];
destDir = "/var/lib/secrets/";
};
"restic-env" = {
keyCommand = [
"cat"
"./secrets/restic-env"
];
destDir = "/var/lib/secrets/";
};
};
};
};
};
darwinConfigurations."Agathas-Mac-mini" = nix-darwin.lib.darwinSystem {
pkgs = import nixpkgs-darwin rec {
system = "aarch64-darwin";
config.allowUnfree = true;
overlays = mkOverlays system config;
};
modules = [
bloodletting = {
imports = [
./common
./hosts/Agathas-Mac-mini/configuration.nix
(import "${home-manager}/nix-darwin")
./hosts/bloodletting/configuration.nix
(import "${home-manager}/nixos")
mms.module
];
};
darwinConfigurations."ritual" = nix-darwin.lib.darwinSystem {
pkgs = import nixpkgs-darwin rec {
system = "x86_64-darwin";
config.allowUnfree = true;
overlays = mkOverlays system config;
deployment = {
targetUser = "root";
targetHost = "bloodletting";
tags = [ "prod" ];
keys = {
"nyandroid-token" = {
keyCommand = [ "cat" "./secrets/nyandroid-token" ];
destDir = "/var/lib/secrets/";
};
"rfc2136-technogothic-net" = {
keyCommand = [ "cat" "./secrets/rfc2136-technogothic-net" ];
destDir = "/var/lib/secrets/";
};
};
};
modules = [
};
ritual = {
imports = [
./common
./hosts/ritual/configuration.nix
(import "${home-manager}/nix-darwin")
(import "${home-manager}/nixos")
];
};
devShells =
let
patchedColmena =
system:
let
pkgs = import nixpkgs { inherit system; };
in
pkgs.mkShell {
buildInputs = [
(pkgs.writeShellScriptBin "colmena" ''
${colmena.defaultPackage.${pkgs.system}}/bin/colmena --disable-emoji $@
'')
];
};
in
{
"x86_64-linux".default = patchedColmena "x86_64-linux";
"aarch64-darwin".default = patchedColmena "aarch64-darwin";
"x86_64-darwin".default = patchedColmena "x86_64-darwin";
deployment = {
targetUser = "root";
targetHost = "ritual";
allowLocalDeployment = true;
};
};
};
};
}

7
hosts/Agathas-Mac-mini/configuration.nix
View File

@ -1,7 +0,0 @@
{
imports = [ ../../common/fragments/graphical/darwin.nix ];
nixpkgs.hostPlatform = "aarch64-darwin";
system.stateVersion = 1;
}

206
hosts/bloodletting/configuration.nix
View File

@ -1,28 +1,16 @@
{
config,
pkgs,
lib,
...
}:
{
{ config, pkgs, ... }: {
imports = [
./hardware-configuration.nix
../../common/users/julia.nix
../../common/fragments/bin.nix
../../common/fragments/fail2ban.nix
../../common/fragments/frq-friend.nix
../../common/fragments/grafana.nix
../../common/fragments/headscale.nix
../../common/fragments/hedgedoc.nix
../../common/fragments/homepage.nix
../../common/fragments/mastodon-ebooks.nix
../../common/fragments/mastodon.nix
../../common/fragments/matrix-ril100.nix
../../common/fragments/matterbridge.nix
../../common/fragments/mc-status-bot.nix
../../common/fragments/minecraft.nix
../../common/fragments/nyandroid.nix
../../common/fragments/postgres.nix
../../common/fragments/prometheus_exporters.nix
../../common/fragments/prosody.nix
../../common/fragments/vsftpd.nix
../../common/home_manager/common.nix
];
@ -30,7 +18,7 @@
nixpkgs.overlays = [
(final: prev: {
bin = final.callPackage ../../common/pkgs/bin.nix { };
agatha-mastodon = final.callPackage ../../common/pkgs/mastodon/default.nix { };
vampysite = final.callPackage ../../common/pkgs/vampysite.nix { };
})
];
@ -44,58 +32,41 @@
# Enable networking
networking.networkmanager.enable = true;
networking.interfaces.ens20 = {
ipv4.addresses = [
{
address = "91.198.192.199";
prefixLength = 27;
}
];
ipv6.addresses = [
{
address = "2001:67c:b54:1::6";
prefixLength = 64;
}
];
};
networking.interfaces.ens19.ipv4.addresses = [{
address = "185.138.143.227";
prefixLength = 29;
}];
networking.defaultGateway = {
address = "91.198.192.193";
interface = "ens20";
address = "185.138.143.225";
interface = "ens19";
};
networking.defaultGateway6 = {
address = "2001:67c:b54:1::1";
interface = "ens20";
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
passwordAuthentication = false;
};
# Open ports in the firewall.
networking.firewall = {
allowedTCPPorts = [
20
21
22
80
443
990
];
allowedTCPPortRanges = [
{
from = 40000;
to = 40200;
}
];
trustedInterfaces = [ "podman0" ];
allowedTCPPorts = [ 20 21 22 80 443 990 ];
allowedTCPPortRanges = [{
from = 40000;
to = 40200;
}];
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
defaultNetwork.dnsname.enable = true;
};
oci-containers.backend = "podman";
oci-containers = { backend = "podman"; };
};
# SSL/TLS Certificates
@ -104,20 +75,13 @@
security.acme.certs."technogothic.net" = {
domain = "*.technogothic.net";
extraDomainNames = [
"technogothic.net"
"*.argent.technogothic.net"
];
dnsProvider = "hurricane";
credentialsFile = "/var/lib/secrets/hurricane-tokens";
extraDomainNames = [ "technogothic.net" ];
dnsProvider = "rfc2136";
credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net";
group = "nginx";
};
security.acme.defaults.reloadServices = [
"nginx"
"vsftpd"
"prosody"
];
security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ];
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
# Nginx
@ -132,22 +96,6 @@
recommendedProxySettings = true;
recommendedTlsSettings = true;
upstreams = {
"backend-mastodon-streaming" = {
servers = builtins.listToAttrs (
map (i: {
name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
value = {
fail_timeout = "0";
};
}) (lib.range 1 config.services.mastodon.streamingProcesses)
);
extraConfig = ''
least_conn;
'';
};
};
virtualHosts."technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
@ -155,22 +103,7 @@
serverAliases = [ "agatha.technogothic.net" ];
locations."=/cv.pdf" = {
alias = "/home/ftp/cv.pdf";
};
locations."=/.well-known/host-meta" = {
return = "301 https://fv.technogothic.net$request_uri";
};
locations."=/.well-known/webfinger" = {
return = "301 https://fv.technogothic.net$request_uri";
extraConfig = ''
add_header Access-Control-Allow-Origin '*';
'';
};
locations."=/5idbsp9q8d.txt".return = "200 uwu";
locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; };
extraConfig = ''
error_page 404 /404.html;
@ -193,6 +126,16 @@
};
};
virtualHosts."home.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
};
};
virtualHosts."thermalpaste.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
@ -200,7 +143,6 @@
locations."/" = {
proxyPass = "http://localhost:6162";
proxyWebsockets = true;
extraConfig = "client_max_body_size ${toString config.services.bin.textUploadLimit}M;";
};
};
@ -210,74 +152,7 @@
root = "/home/ftp";
locations."/" = {
extraConfig = "autoindex on;";
};
};
virtualHosts."fv.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
root = "${config.services.mastodon.package}/public/";
locations."/system/".alias = "/var/lib/mastodon/public-system/";
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."@proxy" = {
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
};
locations."^~ /api/v1/streaming/" = {
proxyPass = "http://backend-mastodon-streaming/";
proxyWebsockets = true;
priority = 2300;
extraConfig = ''
proxy_buffering off;
proxy_redirect off;
tcp_nodelay on;
'';
};
extraConfig = "client_max_body_size 64M;";
};
virtualHosts."hedgedoc.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/".proxyPass = "http://localhost:3000";
locations."/socket.io/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
};
virtualHosts."hs.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
virtualHosts."carvideo.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
serverAliases = [ "agatha.technogothic.net" ];
locations."/" = {
return = "301 https://ftp.technogothic.net/car_video.mp4";
};
locations."/" = { extraConfig = "autoindex on;"; };
};
};
@ -289,3 +164,4 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

51
hosts/ritual/configuration.nix
View File

@ -1,7 +1,50 @@
{
imports = [ ../../common/fragments/graphical/darwin.nix ];
{ config, pkgs, ... }: {
imports = [
./hardware-configuration.nix
../../common/fragments/graphical
../../common/fragments/yubikey.nix
../../common/home_manager/common.nix
];
nixpkgs.hostPlatform = "x86_64-darwin";
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
system.stateVersion = 1;
boot.loader.systemd-boot.configurationLimit = 5;
# Setup keyfile
boot.initrd.secrets = { "/crypto_keyfile.bin" = null; };
networking.hostName = "ritual";
# Enable networking
networking.networkmanager.enable = true;
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
passwordAuthentication = false;
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.dnsname.enable = true;
};
oci-containers = { backend = "podman"; };
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

47
hosts/ritual/hardware-configuration.nix
View File

@ -1,36 +1,16 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-intel"
"wl"
];
boot.extraModulePackages = with config.boot.kernelPackages; [ broadcom_sta ];
boot.initrd.systemd = {
enable = true;
emergencyAccess = "$2b$05$eOIXFST5/9G6vAFIZDLGfuJV7CV1B26YmRMAFRstyRHwvBNFSN6Im";
};
boot.supportedFilesystems = [ "ntfs" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/6d51e9df-99f3-4eb3-b2da-a1c9b7e405df";
@ -38,18 +18,22 @@
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."luks-8807caf4-ae17-4b39-93bd-ddfa1f994a47".device = "/dev/disk/by-uuid/8807caf4-ae17-4b39-93bd-ddfa1f994a47";
boot.initrd.luks.devices."luks-8807caf4-ae17-4b39-93bd-ddfa1f994a47".device =
"/dev/disk/by-uuid/8807caf4-ae17-4b39-93bd-ddfa1f994a47";
# Enable swap on luks
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".device = "/dev/disk/by-uuid/c503653d-47de-4914-9e41-d13d14a6cc22";
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".keyFile = "/crypto_keyfile.bin";
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".device =
"/dev/disk/by-uuid/c503653d-47de-4914-9e41-d13d14a6cc22";
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".keyFile =
"/crypto_keyfile.bin";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/9A5C-CE17";
fsType = "vfat";
};
swapDevices = [ { device = "/dev/disk/by-uuid/e20a4e05-44a6-4895-84ef-e3d176931b25"; } ];
swapDevices =
[{ device = "/dev/disk/by-uuid/e20a4e05-44a6-4895-84ef-e3d176931b25"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -59,9 +43,8 @@
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
# environment.systemPackages = with pkgs; [ b43Firmware_5_1_138 ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

48
hosts/tears/configuration.nix
View File

@ -1,48 +0,0 @@
{
imports = [
./hardware-configuration.nix
../../common/fragments/graphical
../../common/fragments/virt.nix
../../common/home_manager/common.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.consoleMode = "max";
boot.loader.systemd-boot.configurationLimit = 3;
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
networking.hostName = "tears";
# Enable networking
networking.networkmanager.enable = true;
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers.backend = "podman";
};
# Needed for remote builds
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGCsAQfMx1X+8HEa88x+l3KdJPFAzXg0vL0l/pm56/ZR nix-builder"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

93
hosts/tears/hardware-configuration.nix
View File

@ -1,93 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "thunderbolt" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.systemd = {
enable = true;
emergencyAccess =
"$2b$05$eOIXFST5/9G6vAFIZDLGfuJV7CV1B26YmRMAFRstyRHwvBNFSN6Im";
};
boot.supportedFilesystems = [ "ntfs" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eb110ab2-7883-4e24-84f8-2a3983059cf3";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."luks-d79d75f3-5560-427a-b79d-78a6cabbcb88".device =
"/dev/disk/by-uuid/d79d75f3-5560-427a-b79d-78a6cabbcb88";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B520-5020";
fsType = "vfat";
};
boot.initrd.luks.devices.awoobackups.device =
"/dev/disk/by-uuid/08fb0554-9599-4085-bd13-285b634c5de5";
fileSystems."/mnt/hdd" = {
device = "/dev/mapper/awoobackups";
fsType = "btrfs";
};
swapDevices = [{
device = "/var/lib/swapfile";
size = 8 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = {
enable = true;
driSupport32Bit = true;
};
# Creating separate mono sources for Tascam US-4x4HR
services.pipewire.extraConfig.pipewire."91-us-4x4hr" = {
"context.modules" = let
name = "US-4x4HR";
target = "alsa_input.usb-TASCAM_US-4x4HR_no_serial_number-00.pro-input-0";
input = ch: {
"name" = "libpipewire-module-loopback";
"args" = {
"node.description" = "${name} Input ${toString ch} Mono";
"capture.props" = {
"node.name" = "capture.${name}_ch${toString ch}";
"audio.position" = [ "AUX${toString ch}" ];
"stream.dont-remix" = true;
"target.object" = target;
"node.passive" = true;
};
"playback.props" = {
"node.name" = "${name}_ch${toString ch}";
"media.class" = "Audio/Source";
"audio.position" = [ "MONO" ];
};
};
};
in [ (input 0) (input 1) (input 2) (input 3) ];
};
}

48
hosts/watchtower/configuration.nix
View File

@ -1,48 +0,0 @@
{
imports = [
./hardware-configuration.nix
../../common/home_manager/common.nix
../../common/fragments/bittorrent
../../common/fragments/home-assistant.nix
../../common/fragments/sponsorblock.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices."luks-081780bd-f005-4394-bbf2-3e5d9aab3c7d".device = "/dev/disk/by-uuid/081780bd-f005-4394-bbf2-3e5d9aab3c7d";
networking.hostName = "watchtower";
# Enable networking
networking.networkmanager.enable = true;
systemd.services.NetworkManager-wait-online.enable = false;
# Open ports in the firewall.
networking.firewall = {
allowedTCPPorts = [
22
80
443
];
trustedInterfaces = [ "podman0" ];
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers.backend = "podman";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}

40
hosts/watchtower/hardware-configuration.nix
View File

@ -1,40 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eba0bc60-b96f-4b28-9447-f36209410ba3";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d".device =
"/dev/disk/by-uuid/9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D95C-66EE";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/8a64d656-8ba2-4c11-87bf-858e1ca3ec7e"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}