alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:06c9b628b6dfc4ced9960ae961f91ff11931286e
Branches Tags
alex:main
..
compare: alex:main
Branches Tags
alex:main

229 Commits
06c9b628b6 ... main

Author SHA1 Message Date
Alexander Heldt
d19dcae3b2 manatee: Set correct user on komga-reading-stats secrets 2026-03-22 19:10:46 +01:00
Alexander Heldt
07fe75775e manatee: Fix komga-reading-stats secret permissions 2026-03-22 19:01:49 +01:00
Alexander Heldt
8036a8d74a Update flake inputs 2026-03-22 18:51:59 +01:00
Alexander Heldt
c823e379b9 manatee: Add komga-reading-stats 2026-03-22 18:48:51 +01:00
Alexander Heldt
b3ae7e4c07 Add input komga-reading-stats 2026-03-22 18:45:30 +01:00
Alexander Heldt
adc6e4ed57 manatee: Add secrets for komga-reading-stats 2026-03-22 18:45:05 +01:00
Alexander Heldt
fd7fccd9ae pinwheel: Install slack for work 2026-03-22 18:36:07 +01:00
Alexander Heldt
d182b515d8 pinwheel: Ignore .direnv in intellij 2026-03-22 18:35:42 +01:00
Alexander Heldt
d8b61a42f3 Pin nh version 2026-03-19 13:05:51 +01:00
Alexander Heldt
6b054a238d pinwheel: Replace light with brightnessctl 2026-03-19 11:09:15 +01:00
Alexander Heldt
6e24a4557f Update flake inputs 2026-03-19 11:03:15 +01:00
Alexander Heldt
10feb73843 pinwheel: Add opencode and claude 2026-03-19 11:02:27 +01:00
Alexander Heldt
f42612e932 pinwheel: Fix cursor escape codes in tmux 2026-03-19 11:02:27 +01:00
Alexander Heldt
1e771c0d8d pinwheel: Ensure opencode has access to interactive bash 2026-03-19 11:02:27 +01:00
Alexander Heldt
e196ce3572 pinwheel: Use GUI key manager for ssh 2026-03-19 11:02:27 +01:00
Alexander Heldt
9e61c6cad3 pinwheel: Assign default workspaces to monitor(s) 2026-03-19 11:02:27 +01:00
Alexander Heldt
dee1aa02e6 pinwheel: Batch workspace monitor assignments atomically 
Use hyprctl --batch to send all workspace rules and moves in a
single IPC call, avoiding races that caused workspaces to end up
on the wrong monitor.
 2026-03-19 11:02:27 +01:00
Alexander Heldt
edafaf04de pinwheel: Start Hyprland with uwsm 2026-03-19 11:02:26 +01:00
Alexander Heldt
ed401a38d6 pinwheel: Always clean up swayidle after hyprlock exits 
Use ; instead of && so pkill swayidle runs regardless of hyprlock's
exit status, preventing leaked swayidle processes from blanking screens.
 2026-03-19 11:02:26 +01:00
Alexander Heldt
c628c816d8 pinwheel: Pause all players on screen lock 
Use playerctl -a to pause all active media players instead of only
targeting spotify.
 2026-03-19 11:02:26 +01:00
Alexander Heldt
7d2cf97ea6 pinwheel: Move workspaces to monitor on hotplug 
Workspace rules alone only affect future workspace creation. Add
moveworkspacetomonitor dispatches so existing workspaces are moved
to the correct monitor when an external display is connected.
 2026-03-19 11:02:26 +01:00
Alexander Heldt
ac1c5c372f pinwheel: Replace swaylock with hyprlock 
Fixes black internal screen after unlocking with external monitor
disconnected, and occasional Hyprland crashes on lock.
 2026-03-19 11:02:26 +01:00
Alexander Heldt
7d6785f27e manatee: Remove calibre-web module 2026-03-07 12:10:30 +00:00
Alexander Heldt
f446706a9c manatee: nixfmt 2026-03-07 12:08:01 +00:00
Alexander Heldt
6ea5db6d37 manatee: Add komga-bookmanager service 2026-03-07 12:07:05 +00:00
Alexander Heldt
e46b5689a2 Add komga-bookmanager input 2026-03-07 12:05:41 +00:00
Alexander Heldt
8fa60a1b06 Update komga-comictracker input 2026-03-07 12:05:07 +00:00
Alexander Heldt
4f5de3b4cc manatee: Expose komga publicly via komga.ppp.pm 2026-03-02 21:41:41 +01:00
Alexander Heldt
65569f6b57 manatee: Add services homepage with auto-discovery 
Add a homepage module that generates a static landing page served on
port 9999 via nginx. Each service module registers itself via the shared
mod.homepage.services option, so enabling a module automatically adds
it to the page.
 2026-02-28 22:03:12 +01:00
Alexander Heldt
f2130be7e4 backwards: Continued attempt to fix audio output 2026-02-17 21:35:51 +01:00
Alexander Heldt
efaa92d4a1 manatee: Add web based reader for komga 2026-02-17 20:25:11 +00:00
Alexander Heldt
5ab63a0880 manatee: Add bluetooth reset handling 2026-02-15 15:33:02 +01:00
Alexander Heldt
d614186ef9 backwards: Use NetworkManager for wifi 2026-02-15 15:10:48 +01:00
Alexander Heldt
aefe89f648 backwards: Try to fix audio output 2026-02-15 15:10:19 +01:00
Alexander Heldt
2a1c8038ba Update komga-comictracker input 2026-02-14 15:36:44 +01:00
Alexander Heldt
9fd7c65b44 manatee: Update komga-comictracker to not use notifications 2026-02-14 11:38:44 +01:00
Alexander Heldt
e78f603717 Update komga-comictracker input 2026-02-14 11:37:56 +01:00
Alexander Heldt
e5c9fcea33 manatee: Fix komga-comicbooktracker credentials file permissions 2026-02-14 11:18:51 +01:00
Alexander Heldt
1dbcb4439a pinwheel: Fix eglot code action indicator in emacs 2026-02-14 11:08:52 +01:00
Alexander Heldt
b26fb44824 pinwheel: Unpin nh from local nixpkgs to use cached builds 2026-02-14 11:08:44 +01:00
Alexander Heldt
48e352f015 pinwheel: Disable use of ssh defaults (as they're inlined) 2026-02-14 11:05:51 +01:00
Alexander Heldt
e575a147cd pinwheel: Fix pants use of system 2026-02-14 11:05:51 +01:00
Alexander Heldt
7653bfce22 manatee: Add komga-comicbooktracker 2026-02-14 10:54:01 +01:00
Alexander Heldt
78f0afe517 pinwheel: Fix window focus in hyprland 2026-02-14 10:38:48 +01:00
Alexander Heldt
c19b59f88e Use pkgs.nixfmt instead of pkgs.nixfmt-rfc-style 2026-02-14 10:38:48 +01:00
Alexander Heldt
53fad59691 pinwheel: Install copilot in intellij 2026-02-14 10:38:48 +01:00
Alexander Heldt
3ba141ce36 pinwheel: Remove trackpad from battery monitor 2026-02-14 10:12:15 +01:00
Alexander Heldt
29094de29e pinwheel: Use flat mouse acceleration profile 2026-02-14 10:12:15 +01:00
Alexander Heldt
44a7bb72ef pinwheel: Add dynamic hyprland monitor hotplug handler 2026-02-14 10:12:13 +01:00
Alexander Heldt
2537692f24 pinwheel: Simplify whib development 2026-02-14 10:10:34 +01:00
Alexander Heldt
f8c060a0cc pinwheel: Fix openvpn config 2026-02-14 10:10:10 +01:00
Alexander Heldt
cc6069e854 Update flake inputs 2026-02-14 10:06:39 +01:00
Alexander Heldt
1d180a623a manatee: Add OpenCL hardware support 
To improve jellyfin transcoding
 2026-02-08 19:12:51 +00:00
Alexander Heldt
a0bdcc0444 manatee: Add swapfile 2026-02-08 19:12:32 +00:00
Alexander Heldt
0ecef88132 Update flake inputs 2026-02-08 19:12:23 +00:00
Alexander Heldt
7839d2604c pinwheel/backwards/tadpole: Remove codeberg.org 2026-01-10 13:32:03 +01:00
Alexander Heldt
3839cee199 pinwheel: Fix hyprland "smart borders" 2026-01-09 16:15:57 +01:00
Alexander Heldt
f4870970d5 pinwheel: Use hyprland nixos module 2026-01-09 16:15:20 +01:00
Alexander Heldt
0ddc0c7fef manatee: Update machine IP for ha.ppp.pm 2026-01-07 14:24:39 +00:00
Alexander Heldt
7a510c5d14 pinwheel: Update idea after updated flake inputs 2026-01-07 14:33:17 +01:00
Alexander Heldt
55ab0f2f92 pinwheel: Update hyprland after updated inputs 2026-01-07 14:32:38 +01:00
Alexander Heldt
d5e159561d Update flake inputs 2026-01-07 14:31:49 +01:00
Alexander Heldt
cc96dc072f manatee: Open jellyfin port 2026-01-06 17:05:02 +00:00
Alexander Heldt
c064d277ca manatee: Ensure local traffic works next to VPN 2026-01-06 17:04:53 +00:00
Alexander Heldt
5f756ae514 backwards: Fix gnome settings 2026-01-05 18:00:57 +01:00
Alexander Heldt
b142891955 backwards: Adjust to updated nixpkgs 2026-01-05 17:47:16 +01:00
Alexander Heldt
61c73fcfaf manatee: Add home-assistant module 2026-01-05 17:44:30 +01:00
Alexander Heldt
209c2f7c81 manatee: Add secret for Hetzner DNS API key 2026-01-05 17:44:29 +01:00
Alexander Heldt
926fbcb169 manatee: Open port 443 for nginx 2026-01-05 17:44:28 +01:00
Alexander Heldt
4ba82c4648 manatee: Remove books.ppp.pm virtual host 2026-01-05 17:44:27 +01:00
Alexander Heldt
06f82d2778 manatee: Add komga module 2026-01-05 17:44:25 +01:00
Alexander Heldt
e8fcf8102c tadpole: Fix gitea oauth2 issuer URL 
To have a trailing slash, which is expected of pre gitea 1.25
`tailscale` integrations
 2026-01-04 19:31:28 +01:00
Alexander Heldt
1c985332e0 pinwheel: Clean up fzf module 2026-01-03 16:42:09 +01:00
Alexander Heldt
e788efc4ff pinwheel/manatee/backwards: Adjust for updated nixpkgs 2026-01-03 16:41:41 +01:00
Alexander Heldt
6a58eb660b Update flake inputs 2025-12-27 11:13:56 +01:00
Alexander Heldt
47115d9ee2 pinwheel: Fix screen flickering 2025-12-27 11:09:15 +01:00
Alexander Heldt
c2264973a6 pinwheel: Add unzip 2025-12-27 11:09:15 +01:00
Alexander Heldt
826bcb9a4f pinwheel: Use networkmanager instead of connman 
As it seems to work better with work vpn
 2025-12-27 11:09:15 +01:00
Alexander Heldt
3234d47059 Remove andromeda secrets 2025-12-27 11:09:15 +01:00
Alexander Heldt
6f6090e046 pinwheel: Update work-vpn script 2025-12-27 11:09:15 +01:00
Alexander Heldt
4d0e3681cb manatee: Add new vdev to zpool 2025-11-22 11:42:34 +01:00
Alexander Heldt
b246c9c1ec pinwheel: Fix GOPATH for go 2025-11-08 23:13:04 +01:00
Alexander Heldt
3cfc99ad2d pinwheel: Configure flycheck for emacs 2025-11-08 23:12:16 +01:00
Alexander Heldt
cbc4564289 pinwheel: Remove eldoc-box from emacs 2025-11-08 22:57:23 +01:00
Alexander Heldt
084387246a pinwheel: Remove knowledge of andromeda 2025-11-02 21:37:02 +01:00
Alexander Heldt
534752a1c3 test-vm: Increase disk size 2025-11-02 21:34:50 +01:00
Alexander Heldt
6c7a17035e pinwheel: Enable gleam in emacs 2025-10-29 20:15:21 +01:00
Alexander Heldt
7f86e790c2 pinwheel: Add gleam module 2025-10-29 20:14:08 +01:00
Alexander Heldt
88067e2f8c manatee: Add navidrome module 2025-10-26 20:34:52 +00:00
Alexander Heldt
b723becbba Update whib-frontend input 2025-10-26 21:21:28 +01:00
Alexander Heldt
200cb8b026 tadpole: Update whib backend host 2025-10-26 21:12:59 +01:00
Alexander Heldt
b7ad1d391f tadpole: Add whib-frontend service 2025-10-26 16:24:29 +01:00
Alexander Heldt
0e1b8581af test-vm: Add whib-frontend module 2025-10-26 15:24:21 +01:00
Alexander Heldt
21adf4a3dc Add whib-frontend input 2025-10-26 15:23:47 +01:00
Alexander Heldt
8349132d66 manatee: Set EDITOR to be vim 2025-10-26 12:56:53 +01:00
Alexander Heldt
91f78ba510 pinwheel: Set cursor theme 2025-10-20 18:48:34 +02:00
Alexander Heldt
9e45600e37 pinwheel: Update music and use naviterm 2025-10-20 18:47:46 +02:00
Alexander Heldt
87d1d96211 Add flake input for naviterm 2025-10-20 18:42:22 +02:00
Alexander Heldt
67134682d9 pinwheel: Disable resolved.dnssec 
As it breaks tailscale <-> openvpn

> At the time of September 2023, systemd upstream advise to disable DNSSEC
> by default as the current code is not robust enough to deal with
> “in the wild” non-compliant servers, which will usually give you a
> broken bad experience in addition of insecure.
 2025-10-19 14:39:05 +02:00
Alexander Heldt
cefd4a966c pinwheel: Remove unused update-systemd-resolved 2025-10-19 14:37:45 +02:00
Alexander Heldt
07a7d65f0d pinwheel: Re-enable systemd-resolved 
As `openvpn` is broken without it running (segfaults)
 2025-10-19 11:50:19 +02:00
Alexander Heldt
4e0144715c Update flake inputs 2025-10-19 11:50:06 +02:00
Alexander Heldt
7180d12bb8 pinwheel: Replace hyprland monitor script with auto-center-* 2025-10-15 16:25:56 +02:00
Alexander Heldt
4ae2967529 Update flake inputs 2025-10-15 15:25:49 +02:00
Alexander Heldt
54b3b0373d Update flake inputs 2025-10-13 14:44:49 +00:00
Alexander Heldt
d518832836 pinwheel: Fix go ENV variables 2025-10-07 14:35:37 +02:00
Alexander Heldt
5db42c1ca9 Update flake inputs 2025-10-06 21:08:48 +02:00
Alexander Heldt
b9d5cfd001 pinwheel: Use latest intellij for work 2025-10-06 20:29:38 +02:00
Alexander Heldt
bf54e4a9e1 pinwheel: Add vlc 2025-10-06 20:26:42 +02:00
Alexander Heldt
061a238037 backwards: Add nethack 2025-07-10 16:48:43 +02:00
Alexander Heldt
ce4536d340 backwards: Add sshfs 2025-07-10 16:48:27 +02:00
Alexander Heldt
edae2eb1d4 pinwheel/backwards: Remove ttrpg syncthing share 2025-07-10 16:33:44 +02:00
Alexander Heldt
50cabdcfc8 syncthing: Update phone ID 2025-07-10 16:21:03 +02:00
Alexander Heldt
f7dfd9dbdb manatee: Bump upload limit for calibre-web 2025-07-10 14:11:38 +00:00
Alexander Heldt
f27e42dc8f manatee: Add virtual host for calibre-web 2025-07-10 14:11:38 +00:00
Alexander Heldt
fd77d43d2e pinwheel: Remove unsafe beekeeper-studio 2025-07-10 16:09:40 +02:00
Alexander Heldt
8d81defb25 Update flake inputs 2025-07-10 16:07:42 +02:00
Alexander Heldt
c87c07ca3a manatee/backwards: Move calibre-web module to manatee 2025-05-18 20:13:10 +02:00
Alexander Heldt
5f5df49717 pinwheel/manatee: Share org via syncthing 2025-05-18 17:36:37 +02:00
Alexander Heldt
ba6c13725a manatee: Add syncthing ID to shared syncthing module 2025-05-18 15:12:52 +00:00
Alexander Heldt
62a9709ff5 manatee: Use secrets for syncthing cert/key 2025-05-18 17:09:39 +02:00
Alexander Heldt
173e7acec8 manatee: Add secrets for syncthing cert/key 2025-05-18 17:09:38 +02:00
Alexander Heldt
80089dbb49 manatee: Add syncthing module 2025-05-18 15:05:37 +00:00
Alexander Heldt
c7b7a4f1d9 manatee: Add public directory in sync ZFS dataset 2025-05-18 16:33:03 +02:00
Alexander Heldt
6db6c605a3 manatee: Add sync ZFS dataset 2025-05-18 16:32:46 +02:00
Alexander Heldt
aadd529260 manatee: Add nginx module 2025-05-18 16:08:22 +02:00
Alexander Heldt
99c1658a2e backwards: Enable hardware acceleration 2025-05-14 19:50:23 +02:00
Alexander Heldt
820d1a4372 manatee: Enable ZFS auto scrub 2025-05-09 21:55:47 +02:00
Alexander Heldt
a37e5da5b8 manatee: Enable smartd for harddrives 2025-05-09 21:54:32 +02:00
Alexander Heldt
0abb85a15e pinwheel: Fix ssh hostname for manatee 2025-05-09 21:40:14 +02:00
Alexander Heldt
94e2be1e11 backwards: Add ssh keys for manatee 2025-05-09 21:39:57 +02:00
Alexander Heldt
7f9e4fab1e manatee: Add backwards to authorized ssh keys 2025-05-09 21:33:49 +02:00
Alexander Heldt
7690235909 backwards/manatee: Add secrets for ssh keys 2025-05-09 21:31:49 +02:00
Alexander Heldt
3d5c00f741 manatee: Add enable option to jellyfin module 2025-05-09 21:26:22 +02:00
Alexander Heldt
9f37b19502 manatee: Add immich module 2025-05-09 21:26:21 +02:00
Alexander Heldt
7bca2c9135 manatee: Add public directory in cameras ZFS dataset 2025-05-06 16:48:46 +00:00
Alexander Heldt
eb191a911a manatee: Add cameras ZFS dataset 2025-05-06 16:32:48 +00:00
Alexander Heldt
a777f629ce backwards: Do not backup reading-material to the cloud 2025-05-04 14:35:44 +02:00
Alexander Heldt
8298eb4f3b backwards: Fix wrong secret name of restic-password 2025-05-04 14:29:39 +02:00
Alexander Heldt
3004725f7d pinwheel/backwards: Adjust reading-material sync through syncthing 
Move `books` and into `reading-material`
 2025-05-04 14:25:09 +02:00
Alexander Heldt
29104dc775 pinwheel: Adjust colors.background to match dracula themes 2025-05-04 12:24:34 +02:00
Alexander Heldt
a2afc6a205 pinwheel: Fix zsh.initContent attribute definition 2025-05-03 17:32:28 +02:00
Alexander Heldt
f12e35babf backwards: Fix pulseaudio attribute definition 2025-05-03 17:29:41 +02:00
Alexander Heldt
fa846cba4f Update flake input 2025-05-03 15:26:58 +00:00
Alexander Heldt
ecb67deed3 backwards: Remove audiobookshelf module 2025-05-03 16:50:15 +02:00
Alexander Heldt
72d2bb976f manatee: Add audiobookshelf module 2025-05-03 16:49:22 +02:00
Alexander Heldt
24c1731071 backwards: Remove transmission module 2025-05-03 16:29:16 +02:00
Alexander Heldt
ab94e2c1eb backwards: Remove jellyfin module 2025-05-03 16:28:25 +02:00
Alexander Heldt
50fd0cc57f manatee: Add jellyfin module 2025-05-03 16:26:43 +02:00
Alexander Heldt
4e14b6b379 manatee: Add transmission module 2025-05-03 12:50:35 +02:00
Alexander Heldt
338b8be3d9 manatee: Add storage group that owns /mnt/media/public 2025-05-03 12:45:14 +02:00
Alexander Heldt
99ebd8988d manatee: Add tailscale module 2025-05-02 16:03:46 +02:00
Alexander Heldt
3fb253038b manatee: Add host manatee 2025-05-02 12:07:28 +02:00
Alexander Heldt
7d9ac21c7d manatee: Add secrets for ssh machine (root) key 2025-05-02 12:07:26 +02:00
Alexander Heldt
8e3acc8a33 manatee: Add secrets for ssh key to git.ppp.pm 2025-05-02 12:04:45 +02:00
Alexander Heldt
ddd3b1c6e7 Add disco to inputs 2025-05-02 12:00:41 +02:00
Alexander Heldt
3952959a12 pinwheel: Add ssh key for manatee 2025-05-02 12:00:37 +02:00
Alexander Heldt
ef67c83808 manatee: Add manatee to secrets 2025-05-02 11:53:01 +02:00
Alexander Heldt
f1b6bb9ae0 pinwheel/backwards: Share reading-material through syncthing 2025-03-25 20:46:16 +01:00
Alexander Heldt
36744c4b60 backwards: Share reading-material with phone and tablet 2025-03-25 20:29:18 +01:00
Alexander Heldt
08d05ccae3 Add tablet to shared syncthing devices 2025-03-25 20:22:40 +01:00
Alexander Heldt
2411eeca80 pinwheel: Use updated attribute name for pulseaudio 2025-03-25 20:19:40 +01:00
Alexander Heldt
f9b5905c96 backwards: Fix firefox binary paths 2025-03-25 20:18:43 +01:00
Alexander Heldt
90c885d6cd pinwheel: Fix firefox binary paths 2025-03-02 11:31:43 +01:00
Alexander Heldt
393975767b Update flake inputs 2025-03-02 11:31:33 +01:00
Alexander Heldt
b177ce25c5 Update WHIB input 2025-02-08 12:00:19 +01:00
Alexander Heldt
f8eaab252d backwards: Fix retroarch 2025-02-02 12:02:54 +01:00
Alexander Heldt
2bbad27f23 Update flake inputs 2025-02-02 11:37:13 +01:00
Alexander Heldt
c478f795f1 tadpole/test-vm: Update WHIB service 
- Update `WHIB` input
- Update secrets to reflect changes in input
 2025-02-02 11:05:59 +01:00
Alexander Heldt
01cff093fd pinwheel: Fix style of notifications 2025-01-11 20:16:21 +01:00
Alexander Heldt
5b21268c54 tadpole: Use port 3001 for gitea 2025-01-03 12:39:41 +01:00
Alexander Heldt
e89a61c6c5 tadpole: Assert that nginx is running when using ppp.pm-site 2025-01-03 11:29:29 +01:00
Alexander Heldt
7ab5cc5b1c tadpole: Assert that nginx is running when using gitea 2025-01-03 11:29:29 +01:00
Alexander Heldt
6ca1c92a81 tadpole: Add WHIB backend 2025-01-03 11:29:29 +01:00
Alexander Heldt
349315ec47 tadpole: Add secrets for whib service 2025-01-03 11:29:29 +01:00
Alexander Heldt
4f15de53f3 test-vm: Add WHIB backend 2025-01-03 11:29:29 +01:00
Alexander Heldt
51d32e66c4 Update README with documentation about the test-vm 2024-12-20 13:05:45 +01:00
Alexander Heldt
12921700ab test-vm: Echo help message for shutdown alias 2024-12-20 13:05:23 +01:00
Alexander Heldt
94aef10d67 test-vm: Resize terminal to host terminal size 2024-12-20 12:12:16 +01:00
Alexander Heldt
fd31675cac test-vm: Add alias of shutting down the VM 2024-12-20 12:12:16 +01:00
Alexander Heldt
6b79aa8fca test-vm: Auto login a user and assume its sudo 2024-12-20 12:12:16 +01:00
Alexander Heldt
18c95d2f9c test-vm: Increase disk size 2024-12-20 12:12:16 +01:00
Alexander Heldt
00b2946d59 pinwheel: Don't override go version 2024-12-20 12:11:33 +01:00
Alexander Heldt
ea998d33a4 pinwheel: Fix fonts 2024-12-20 12:11:19 +01:00
Alexander Heldt
ea6a846139 Update flake inputs 2024-12-20 12:11:10 +01:00
Alexander Heldt
5ab0ac4828 pinwheel: Add volume sharing for vms 2024-11-28 18:26:28 +01:00
Alexander Heldt
a3133defeb config-manager: Fix --update 2024-11-28 18:25:55 +01:00
Alexander Heldt
94e35677a6 pinwheel: Fix hyprland "smart gaps" 2024-11-28 18:25:38 +01:00
Alexander Heldt
bdb8df947f Update flake inputs 2024-11-28 18:25:27 +01:00
Alexander Heldt
52567105ff pinwheel: Update work github token 2024-11-25 08:47:50 +01:00
Alexander Heldt
f8b39ee30c pinwheel: Set intellij version to 2024.2.4 in for work 2024-11-24 19:08:59 +01:00
Alexander Heldt
c80e053c1c pinwheel: Indent js code in emacs with spaces 2024-11-21 08:55:25 +01:00
Alexander Heldt
ebda6c57eb pinwheel: Add pants for work 2024-11-02 14:18:28 +01:00
Alexander Heldt
7009ee3c32 Update flake inputs 2024-11-02 14:11:33 +01:00
Alexander Heldt
3641a3185a backwards: Close transmission firewall ports 2024-10-25 08:57:27 +02:00
Alexander Heldt
148aeaeb8b pinhweel: Fix noto font 2024-10-25 08:55:56 +02:00
Alexander Heldt
6aa2525bd5 Update flake inputs 2024-10-25 08:55:42 +02:00
Alexander Heldt
a333821780 tadpole: Fix gitea reverse proxy host 2024-10-13 20:49:24 +02:00
Alexander Heldt
eba768ce3e Update flake inputs 2024-10-13 12:45:51 +02:00
Alexander Heldt
2480f5c14d backwards: Add moonlight 2024-10-02 17:05:22 +02:00
Alexander Heldt
d8419b01a2 pinwheel: Don't override graphite version 2024-09-30 08:08:56 +02:00
Alexander Heldt
3f849a3bb4 pinwheel: Increase swapfile size to 48GiB 2024-09-25 15:35:13 +02:00
Alexander Heldt
82b35d8646 Update flake inputs 2024-09-24 10:51:27 +02:00
Alexander Heldt
0ad5211923 backwards: Add bitwarden-desktop 2024-09-24 10:35:38 +02:00
Alexander Heldt
86edb834cb backwards: Add firefox 2024-09-22 19:02:40 +02:00
Alexander Heldt
32fae14d60 backwards: Add PCSX2 to games 2024-09-22 19:02:18 +02:00
Alexander Heldt
e7cf934176 pinwheel: Use eglot for python in emacs 2024-09-17 21:28:14 +02:00
Alexander Heldt
2f22d66628 backwards: Use secretsFile for networking.wireless 2024-09-17 21:17:42 +02:00
Alexander Heldt
6906fca9f9 backwards: Enable jellyseerr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
1f81b5a801 backwards: Enable radarr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
1446e7c592 backwards: Enable sonarr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
2a1fac11bf backwards: Enable prowlarr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
3a5a367a4a backwards: Add reverse proxy for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
3ca0a58a04 tadpole: Remove unneeded assertion of existing certs for gitea 2024-09-17 21:11:31 +02:00
Alexander Heldt
1f7433463a backwards: Add reverse proxy for transmission 2024-09-17 21:11:31 +02:00
Alexander Heldt
aaeea7d0b3 backwards: Add nginx module 2024-09-17 21:11:31 +02:00
Alexander Heldt
cbaba1db4c tadpole: Clean up nginx and certs modules 2024-09-17 21:11:31 +02:00
Alexander Heldt
3092241f0b tadpole: Change default email for certs 2024-09-17 21:11:31 +02:00
Alexander Heldt
dc944a0969 Update flake inputs 2024-09-17 21:11:31 +02:00
Alexander Heldt
119ef9fa60 pinwheel: Remove retroarch 2024-09-17 21:11:31 +02:00
Alexander Heldt
2edf3980f0 pinwheel: Remove mullvad 2024-09-17 21:11:31 +02:00
Alexander Heldt
e2d97c4f60 pinwheel: Increase waybar module intervals 2024-09-17 21:11:31 +02:00
Alexander Heldt
0626b06ecc pinwheel: Add tailscale module to waybar 2024-09-17 21:11:31 +02:00
Alexander Heldt
f072b35101 pinwheel: Add secret for preferred tailscale exit node 2024-09-17 21:11:31 +02:00
Alexander Heldt
aa9a049377 pinwheel: Add swapfile 2024-09-17 21:11:31 +02:00
Alexander Heldt
c67549a118 pinwheel: Remove URL preference for gitlab in git 2024-09-17 21:11:31 +02:00
Alexander Heldt
f9ed371d8c Update url for pppdotpm-site input 2024-09-17 21:11:31 +02:00
Alexander Heldt
c9c8939c8e tadpole: Add match block for git.ppp.pm in ssh 2024-09-17 21:11:31 +02:00
Alexander Heldt
8e135ef94b tadpole: Add secrets for git.ppp.pm 2024-09-17 21:11:31 +02:00
130 changed files with 5200 additions and 663 deletions
Expand all files Collapse all files

10
README.md
View File

@@ -25,3 +25,13 @@ EDITOR=vim agenix -d "some-secret.age" -i ~/.ssh/alex.pinwheel
Or use some other SSH key that is has been used to key the secret. Or use some other SSH key that is has been used to key the secret.
# Test VM
Build the test VM with the command:
```
cm --build-test-vm
```
and test it with:
```
cm --run-test-vm
```

8
alex.tadpole-git.ppp.pm
View File

@@ -1,8 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDJGnS+ne
CYQhwLNFuW0lORAAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIFoVMhke2g8n48Fa
nAdf8Q0K52iHn62D37Zq7MVDbAjEAAAAoLI0dbPITXAhkRXqAKJUh9IsWmviAJE8XMUAMQ
WPKr2GUxRwf9rVrIB3/VEhY2xfTFzFOiyPkMu4zFvBFoYyqlpXaojihfJv+obV+SgtxnPT
PxmUG5X0HMryYxswpY/kAG4c2Y7iDQZOuN504WSlDV8ZNkmEzr05Nc+JqaY8J70k7Kl1Wr
qqtbilUNtETsEGUgXaQ/msYWRmt2K8EwiyhdY=
-----END OPENSSH PRIVATE KEY-----

1
alex.tadpole-git.ppp.pm.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFoVMhke2g8n48FanAdf8Q0K52iHn62D37Zq7MVDbAjE alex.tadpole-git.ppp.pm

4
config-manager/default.nix
View File

@@ -9,7 +9,7 @@ let
flakePath = config.config-manager.flakePath; flakePath = config.config-manager.flakePath;
nixosConfiguration = config.config-manager.nixosConfiguration; nixosConfiguration = config.config-manager.nixosConfiguration;
nh = inputs.nh.packages."${pkgs.system}".default; nh = inputs.nh.packages."${pkgs.stdenv.hostPlatform.system}".default;
config-manager = config-manager =
if flakePath == "" then if flakePath == "" then
@@ -33,7 +33,7 @@ let
update() { update() {
echo -e "\033[0;31mUPDATING FLAKE\033[0m" echo -e "\033[0;31mUPDATING FLAKE\033[0m"
nix flake update ${flakePath} nix flake update --flake ${flakePath}
} }
switch() { switch() {

815
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1723293904, "lastModified": 1770165109,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -23,6 +23,39 @@
"type": "github" "type": "github"
} }
}, },
"aquamarine": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1773436376,
"narHash": "sha256-OUPRrprbgN27BXHuWkMAPSCfLLQ/uwpWghEfKYN2iAg=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "43f10d24391692bba3d762931ee35e7f17f8e8b8",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "aquamarine",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -31,11 +64,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1700795494, "lastModified": 1744478979,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -45,20 +78,39 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773889306,
"narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
"owner": "nix-community",
"repo": "disko",
"rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"emacs-overlay": { "emacs-overlay": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1725470024, "lastModified": 1774197122,
"narHash": "sha256-i2iWRFWaTCahFz9B2vKqIqpPimL/yn1zX3lZ2EkBzc0=", "narHash": "sha256-eidCp9jr4doBF6v2hPwqZkt8fUtW14w7fqHFVtstR94=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "8a94f9d557f3f8b372f03f18b2e1be3820d7da7f", "rev": "4f7b5653f8845eee7c41c9a029d7bc22aaca4e67",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -67,16 +119,48 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1731533236,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -85,6 +169,46 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"hyprland",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -93,11 +217,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703113217, "lastModified": 1745494811,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -113,11 +237,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1725180166, "lastModified": 1774201162,
"narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "narHash": "sha256-th4i3X3P3yikPk3qu1A5DQ40tIztZKvAKPaa9hjXF+U=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "rev": "932ca46013acabbedd13c27dc278e3d043707e46",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -126,6 +250,96 @@
"type": "github" "type": "github"
} }
}, },
"hyprcursor": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772461003,
"narHash": "sha256-pVICsV7FtcEeVwg5y/LFh3XFUkVJninm/P1j/JHzEbM=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "b62396457b9cfe2ebf24fe05404b09d2a40f8ed7",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprcursor",
"type": "github"
}
},
"hyprgraphics": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772461523,
"narHash": "sha256-mI6A51do+hEUzeJKk9YSWfVHdI/SEEIBi2tp5Whq5mI=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "7d63c04b4a2dd5e59ef943b4b143f46e713df804",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprgraphics",
"type": "github"
}
},
"hyprland": {
"inputs": {
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor",
"hyprgraphics": "hyprgraphics",
"hyprland-guiutils": "hyprland-guiutils",
"hyprland-protocols": "hyprland-protocols",
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"hyprwire": "hyprwire",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_2",
"xdph": "xdph"
},
"locked": {
"lastModified": 1774136452,
"narHash": "sha256-pSwj8WNWXMuZaDqCyhQwlngRD3JyNmZwldSe6UqWAos=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "bf31f642b08a8d8ca796a1b713285f2580805c2f",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-contrib": { "hyprland-contrib": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -133,11 +347,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1725276753, "lastModified": 1773993211,
"narHash": "sha256-kcV2M7xIoQvLRIrMndysM4E0d2zGSwIDejamT4LKnDg=", "narHash": "sha256-4J6vEtf7dIw3pZ/xM/dU7ECTmr8AsIIUQJba1B8wp5k=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "ae618eafa81b596db034c5df1d75d4eddf785824", "rev": "43c012d21d9314c585b97ac4f34752f6de93dc8f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -146,23 +360,338 @@
"type": "github" "type": "github"
} }
}, },
"nh": { "hyprland-guiutils": {
"inputs": {
"aquamarine": [
"hyprland",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprtoolkit": "hyprtoolkit",
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772467975,
"narHash": "sha256-kipyuDBxrZq+beYpZqWzGvFWm4QbayW9agAvi94vDXY=",
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"rev": "5e1c6b9025aaf4d578f3eff7c0eb1f0c197a9507",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772460177,
"narHash": "sha256-/6G/MsPvtn7bc4Y32pserBT/Z4SUUdBd4XYJpOEKVR4=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "1cb6db5fd6bb8aee419f4457402fa18293ace917",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772459629,
"narHash": "sha256-/iwvNUYShmmnwmz/czEUh6+0eF5vCMv0xtDW0STPIuM=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "7615ee388de18239a4ab1400946f3d0e498a8186",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprtoolkit": {
"inputs": {
"aquamarine": [
"hyprland",
"hyprland-guiutils",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprland-guiutils",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprland-guiutils",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-guiutils",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprland-guiutils",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"hyprland-guiutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-guiutils",
"systems"
]
},
"locked": {
"lastModified": 1772462885,
"narHash": "sha256-5pHXrQK9zasMnIo6yME6EOXmWGFMSnCITcfKshhKJ9I=",
"owner": "hyprwm",
"repo": "hyprtoolkit",
"rev": "9af245a69fa6b286b88ddfc340afd288e00a6998",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprtoolkit",
"type": "github"
}
},
"hyprutils": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1773948364,
"narHash": "sha256-S76omfIVQ1TpGiXFbqih6o6XcH3sA5+5QI+SXB4HvlY=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "b85b779e3e3a1adcd9b098e3447cf48f9e780b35",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprutils",
"type": "github"
}
},
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772459835,
"narHash": "sha256-978jRz/y/9TKmZb/qD4lEYHCQGHpEXGqy+8X2lFZsak=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "0a692d4a645165eebd65f109146b8861e3a925e7",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"type": "github"
}
},
"hyprwire": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1773074819,
"narHash": "sha256-qRqYnXiKoJLRTcfaRukn7EifmST2IVBUMZOeZMAc5UA=",
"owner": "hyprwm",
"repo": "hyprwire",
"rev": "f68afd0e73687598cc2774804fedad76693046f0",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwire",
"type": "github"
}
},
"komga-bookmanager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1725287741, "lastModified": 1772988002,
"narHash": "sha256-ZxyB7BwxQjoMz5lUnsb+KuTWfRyPtJVqEjnlOoABSUE=", "narHash": "sha256-42Arpp+ShJorA9uR1nNlKuMoDx3y+cHg2BxQUW1fo7U=",
"ref": "main",
"rev": "bd5ae71978bb60eda28a010956825983dd931e2a",
"revCount": 18,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git"
}
},
"komga-comictracker": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773858923,
"narHash": "sha256-JOm+qe+loPxpjpTn2fN5QuqeGLDqYc1QevNeZZuEkdE=",
"ref": "main",
"rev": "2ab63ae85af1e2009e4bce10940e8db56827d942",
"revCount": 67,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git"
}
},
"komga-reading-stats": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1774185820,
"narHash": "sha256-ASExCDbdujwneZ/tZeNXxzKPbUFLroBnmPBJ5jEniCI=",
"ref": "main",
"rev": "769bd540e8975050b2778025fdebc6fdd5c5e2b5",
"revCount": 42,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-reading-stats.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-reading-stats.git"
}
},
"naviterm": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773476909,
"narHash": "sha256-hSg/7xFO+3G3wWFq1480OecREqTY+fu06L06rM2UBmQ=",
"owner": "detoxify92",
"repo": "naviterm",
"rev": "f89dbde00222fb1e4f611419d05583d8edee4c25",
"type": "gitlab"
},
"original": {
"owner": "detoxify92",
"repo": "naviterm",
"type": "gitlab"
}
},
"nh": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1773920367,
"narHash": "sha256-ADGQjlsFzT9POglBkBJZcFqg3go4d+J3E4GS4WlxENY=",
"owner": "viperML", "owner": "viperML",
"repo": "nh", "repo": "nh",
"rev": "5dd64eb04fddeac2eb08c018212cc58978934920", "rev": "b00a24b39944efd4ec7944f02e0bd9113d991767",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "viperML", "owner": "viperML",
"repo": "nh", "repo": "nh",
"rev": "b00a24b39944efd4ec7944f02e0bd9113d991767",
"type": "github" "type": "github"
} }
}, },
@@ -181,13 +710,35 @@
"type": "github" "type": "github"
} }
}, },
"nix-jetbrains-plugins": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_5"
},
"locked": {
"lastModified": 1774078133,
"narHash": "sha256-8Z4VI0CzoQ528LjSpy7t8YRMVUU+50L+wzYxpRXHXBI=",
"owner": "nix-community",
"repo": "nix-jetbrains-plugins",
"rev": "df85a8aace815dec8d78683f9717b2958a8f1364",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-jetbrains-plugins",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1725470640, "lastModified": 1774018263,
"narHash": "sha256-xaIvCE8ZP65fj2HR7DlDX+iJMBxasfjEv+zc6Cuwf3I=", "narHash": "sha256-HHYEwK1A22aSaxv2ibhMMkKvrDGKGlA/qObG4smrSqc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "ace1cedf3ecfbac81b29522d71009878951a69eb", "rev": "2d4b4717b2534fad5c715968c1cece04a172b365",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -199,32 +750,48 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1725103162, "lastModified": 1772822230,
"narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "rev": "71caefce12ba78d84fe618cf61644dce01cf3a96",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-25.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1725001927, "lastModified": 1773964973,
"narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", "narHash": "sha256-NV/J+tTER0P5iJhUDL/8HO5MDjDceLQPRUYgdmy5wXw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", "rev": "812b3986fd1568f7a858f97fcf425ad996ba7d25",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.05", "ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1773821835,
"narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -242,25 +809,57 @@
"rev": "662a254ea8065a0f104ccf5a46b59252e1e08b58", "rev": "662a254ea8065a0f104ccf5a46b59252e1e08b58",
"revCount": 54, "revCount": 54,
"type": "git", "type": "git",
"url": "ssh://git@codeberg.org/ppp/ppp.pm-site.git" "url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
}, },
"original": { "original": {
"ref": "main", "ref": "main",
"type": "git", "type": "git",
"url": "ssh://git@codeberg.org/ppp/ppp.pm-site.git" "url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772893680,
"narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"disko": "disko",
"emacs-overlay": "emacs-overlay", "emacs-overlay": "emacs-overlay",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"hyprland": "hyprland",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"komga-bookmanager": "komga-bookmanager",
"komga-comictracker": "komga-comictracker",
"komga-reading-stats": "komga-reading-stats",
"naviterm": "naviterm",
"nh": "nh", "nh": "nh",
"nix-gc-env": "nix-gc-env", "nix-gc-env": "nix-gc-env",
"nix-jetbrains-plugins": "nix-jetbrains-plugins",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"pppdotpm-site": "pppdotpm-site" "pppdotpm-site": "pppdotpm-site",
"whib-backend": "whib-backend",
"whib-frontend": "whib-frontend"
} }
}, },
"systems": { "systems": {
@@ -279,6 +878,21 @@
} }
}, },
"systems_2": { "systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_3": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -292,6 +906,119 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"whib-backend": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739029248,
"narHash": "sha256-ux/Udy0Mhs66P/EQQ8S+xIuXRm9UHEYwSy12IZtlbnA=",
"ref": "master",
"rev": "222a8f6dde2e9270f6390b5e1e83c7ae1ea48290",
"revCount": 371,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
},
"original": {
"ref": "master",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
}
},
"whib-frontend": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1761508816,
"narHash": "sha256-adV/lyxcmuopyuzZ49v46Yt0gft+ioEL4yl1S+vUbus=",
"ref": "master",
"rev": "ab10bf50cb6b023a1b99f91c7e8d550231135eef",
"revCount": 223,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
},
"original": {
"ref": "master",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"hyprland",
"hyprland-protocols"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772669058,
"narHash": "sha256-XhnY0aRuDo5LT8pmJVPofPOgO2hAR7T+XRoaQxtNPzQ=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "906d0ac159803a7df2dc1f948df9327670380f69",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

88
flake.nix
View File

@@ -6,11 +6,15 @@
nixos-hardware.url = "github:nixos/nixos-hardware/master"; nixos-hardware.url = "github:nixos/nixos-hardware/master";
nh = { disko = {
url = "github:viperML/nh"; url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nh = {
url = "github:viperML/nh/b00a24b39944efd4ec7944f02e0bd9113d991767";
};
nix-gc-env.url = "github:Julow/nix-gc-env"; nix-gc-env.url = "github:Julow/nix-gc-env";
home-manager = { home-manager = {
@@ -28,13 +32,58 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hyprland = {
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland-contrib = { hyprland-contrib = {
url = "github:hyprwm/contrib"; url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-jetbrains-plugins = {
url = "github:nix-community/nix-jetbrains-plugins";
inputs.nixpkgs.follows = "nixpkgs";
};
naviterm = {
url = "gitlab:detoxify92/naviterm";
inputs.nixpkgs.follows = "nixpkgs";
};
pppdotpm-site = { pppdotpm-site = {
url = "git+ssh://git@codeberg.org/ppp/ppp.pm-site.git?ref=main"; url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
};
whib-backend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=master";
# url = "path:/home/alex/code/own/whib";
inputs.nixpkgs.follows = "nixpkgs";
};
whib-frontend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib-react.git?ref=master";
# url = "path:/home/alex/code/own/whib-react";
inputs.nixpkgs.follows = "nixpkgs";
};
komga-comictracker = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git?ref=main";
# url = "path:/home/alex/code/own/komga-comictracker";
inputs.nixpkgs.follows = "nixpkgs";
};
komga-bookmanager = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git?ref=main";
# url = "path:/home/alex/code/own/komga-bookmanager";
inputs.nixpkgs.follows = "nixpkgs";
};
komga-reading-stats = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/komga-reading-stats.git?ref=main";
# url = "path:/home/alex/code/own/komga-reading-stats";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@@ -55,6 +104,17 @@
]; ];
}; };
manatee = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/manatee/configuration.nix
./hosts/manatee/home.nix
];
};
backwards = inputs.nixpkgs.lib.nixosSystem { backwards = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
@@ -66,23 +126,37 @@
]; ];
}; };
tadpole = inputs.nixpkgs.lib.nixosSystem { tadpole =
let
system = "x86_64-linux"; system = "x86_64-linux";
in
inputs.nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
}; };
modules = [ modules = [
./hosts/tadpole/configuration.nix ./hosts/tadpole/configuration.nix
./hosts/tadpole/home.nix ./hosts/tadpole/home.nix
inputs.whib-backend.nixosModules.${system}.default
inputs.whib-frontend.nixosModules.${system}.default
]; ];
}; };
test-vm = inputs.nixpkgs.lib.nixosSystem { test-vm =
let
system = "x86_64-linux"; system = "x86_64-linux";
in
inputs.nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
}; };
modules = [ ./hosts/test-vm/configuration.nix ]; modules = [
./hosts/test-vm/configuration.nix
inputs.whib-backend.nixosModules.${system}.default
inputs.whib-frontend.nixosModules.${system}.default
];
}; };
}; };
@@ -93,7 +167,7 @@
in in
{ {
${system}.default = pkgs.mkShell { ${system}.default = pkgs.mkShell {
packages = [ pkgs.nixfmt-rfc-style ]; packages = [ pkgs.nixfmt ];
}; };
}; };
}; };

21
hosts/backwards/configuration.nix
View File

@@ -15,13 +15,30 @@
console.keyMap = "sv-latin1"; console.keyMap = "sv-latin1";
hardware.pulseaudio.enable = false; services.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
extraConfig.pipewire."90-hdmi-fix" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.allowed-rates" = [ 48000 ];
};
};
};
hardware = {
graphics = {
enable = true;
extraPackages = [
pkgs.intel-media-driver
pkgs.libvdpau-va-gl
];
};
}; };
users.users.alex = { users.users.alex = {
@@ -30,6 +47,8 @@
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"wheel" "wheel"
"video"
"render"
]; ];
packages = [ ]; packages = [ ];
}; };

2
hosts/backwards/modules/age/default.nix
View File

@@ -8,7 +8,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.system}".default inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default
]; ];
}; };
} }

5
hosts/backwards/modules/boot/default.nix
View File

@@ -38,6 +38,11 @@ in
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
extraModprobeConfig = ''
options snd-intel-dspcfg dsp_driver=1
options snd_hda_intel power_save=0 power_save_controller=N
'';
}; };
}; };
} }

32
hosts/backwards/modules/calibre-web/default.nix
View File

@@ -1,32 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.calibre-web.enable;
in
{
options = {
mod.calibre-web = {
enable = lib.mkEnableOption "add calibre-web module";
};
};
config = lib.mkIf enabled {
services = {
calibre-web = {
enable = true;
user = "alex";
group = "users";
listen = {
ip = "0.0.0.0";
port = 8083;
};
options = {
calibreLibrary = "/home/alex/sync/books";
enableBookUploading = true;
};
};
};
};
}

4
hosts/backwards/modules/default.nix
View File

@@ -12,11 +12,9 @@ in
ssh.enable = true; ssh.enable = true;
git.enable = true; git.enable = true;
nginx.enable = true;
syncthing.enable = true; syncthing.enable = true;
restic.enable = true; restic.enable = true;
transmission.enable = true;
audiobookshelf.enable = true;
calibre-web.enable = true;
}; };
}; };
} }

99
hosts/backwards/modules/firefox/default.nix Normal file
View File

@@ -0,0 +1,99 @@
{ pkgs, ... }:
let
wrapped = pkgs.wrapFirefox pkgs.firefox-devedition-unwrapped {
extraPolicies = {
DisableFirefoxAccounts = false;
CaptivePortal = false;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
OfferToSaveLogins = false;
OfferToSaveLoginsDefault = false;
PasswordManagerEnabled = false;
FirefoxHome = {
Search = false;
Pocket = false;
Snippets = false;
TopSites = false;
Highlights = false;
};
UserMessaging = {
ExtensionRecommendations = false;
SkipOnboarding = true;
};
};
};
ff-alex = pkgs.writeShellApplication {
name = "ff-alex";
text = ''
${wrapped}/bin/firefox-devedition -P alex --new-window "$@"
'';
};
sharedSettings = {
"general.smoothScroll" = true;
"apz.gtk.kinetic_scroll.enabled" = false;
"network.dns.force_waiting_https_rr" = false;
};
in
{
home-manager.users.alex = {
programs.firefox = {
enable = true;
package = wrapped;
profiles = {
alex = {
id = 0;
name = "alex";
isDefault = true;
settings = sharedSettings // { };
};
};
};
xdg = {
# /etc/profiles/per-user/alex/share/applications
desktopEntries = {
ff-alex = {
name = "ff-alex";
exec = "${ff-alex}/bin/ff-alex %U";
terminal = false;
};
};
mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "ff-alex.desktop";
"x-scheme-handler/http" = "ff-alex.desktop";
"x-scheme-handler/https" = "ff-alex.desktop";
"application/x-exension-htm" = "ff-alex.desktop";
"application/x-exension-html" = "ff-alex.desktop";
"application/x-exension-shtml" = "ff-alex.desktop";
"application/xhtml+xml" = "ff-alex.desktop";
"application/x-exension-xhtml" = "ff-alex.desktop";
"application/x-exension-xht" = "ff-alex.desktop";
};
};
# https://github.com/nix-community/home-manager/issues/1213
configFile."mimeapps.list".force = true;
};
home.packages = [
ff-alex
];
};
environment.variables = {
MOZ_ENABLE_WAYLAND = 1;
BROWSER = "${ff-alex}/bin/ff-alex $@";
};
}

11
hosts/backwards/modules/games/default.nix
View File

@@ -2,13 +2,16 @@
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
(pkgs.retroarch.override { pkgs.nethack
cores = [
pkgs.moonlight-qt
pkgs.pcsx2
(pkgs.retroarch.withCores (cores: [
pkgs.libretro.snes9x pkgs.libretro.snes9x
pkgs.libretro.genesis-plus-gx pkgs.libretro.genesis-plus-gx
pkgs.libretro.swanstation pkgs.libretro.swanstation
]; ]))
})
]; ];
}; };
} }

3
hosts/backwards/modules/git/gitconfig
View File

@@ -4,6 +4,3 @@
[url "git@github.com:"] [url "git@github.com:"]
insteadOf = https://github.com/ insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/

16
hosts/backwards/modules/gnome/default.nix
View File

@@ -8,14 +8,6 @@
}; };
}; };
xserver = {
enable = true;
xkb = {
layout = "se";
variant = "";
};
desktopManager = { desktopManager = {
gnome.enable = true; gnome.enable = true;
}; };
@@ -23,6 +15,14 @@
displayManager = { displayManager = {
gdm.enable = true; gdm.enable = true;
}; };
xserver = {
enable = true;
xkb = {
layout = "se";
variant = "";
};
}; };
}; };

44
hosts/backwards/modules/jellyfin/default.nix
View File

@@ -1,44 +0,0 @@
{ pkgs, ... }:
{
fileSystems."/home/alex/media" = {
device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
fsType = "ext4";
options = [ "nofail" ];
};
# 1. enable vaapi on OS-level
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware = {
graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver # previously vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
];
};
};
services.jellyfin = {
enable = true;
openFirewall = true;
user = "alex";
group = "users";
dataDir = "/home/alex/media/jellyfin";
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
}

52
hosts/backwards/modules/network/default.nix
View File

@@ -1,32 +1,48 @@
{ config, ... }:
{ {
networking = { networking = {
hostName = "backwards"; hostName = "backwards";
networkmanager.enable = false; wireless.enable = false;
wireless.enable = true;
#wireless.networks are defined in the secret `wpa_supplicant.conf`
defaultGateway = "192.168.50.1"; networkmanager = {
nameservers = [ "1.1.1.1" ]; enable = true;
interfaces = {
wlp1s0 = { wifi.backend = "iwd";
useDHCP = false;
ipv4 = { ensureProfiles = {
addresses = [ environmentFiles = [
{ config.age.secrets.wireless-network-secrets.path
address = "192.168.50.202";
prefixLength = 24;
}
]; ];
profiles = {
w1-f1_5G = {
connection = {
id = "w1-f1_5G";
type = "wifi";
interface-name = "wlp1s0";
};
wifi = {
ssid = "w1-f1_5G";
mode = "infrastructure";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$w1_f1_psk";
};
ipv4 = {
method = "manual";
addresses = "192.168.50.202/24";
gateway = "192.168.50.1";
dns = "1.1.1.1";
};
};
}; };
}; };
}; };
}; };
age.secrets = { age.secrets = {
"wpa_supplicant.conf" = { "wireless-network-secrets".file = ../../../../secrets/backwards/wireless-network-secrets.age;
file = ../../../../secrets/backwards/wpa_supplicant.conf.age;
path = "/etc/wpa_supplicant.conf";
};
}; };
} }

22
hosts/backwards/modules/nginx/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ lib, config, ... }:
let
enabled = config.mod.nginx.enable;
in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "Enable nginx module";
};
};
config = lib.mkIf enabled {
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
};
}

4
hosts/backwards/modules/restic/default.nix
View File

@@ -46,6 +46,7 @@ in
repositoryFile = config.age.secrets.restic-cloud-sync-repository.path; repositoryFile = config.age.secrets.restic-cloud-sync-repository.path;
paths = [ "/home/alex/sync" ]; paths = [ "/home/alex/sync" ];
exclude = [ "/home/alex/sync/reading-material" ];
timerConfig = { timerConfig = {
OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day
@@ -65,7 +66,8 @@ in
secrets = { secrets = {
"restic-password".file = ../../../../secrets/backwards/restic-password.age; "restic-password".file = ../../../../secrets/backwards/restic-password.age;
"restic-cloud-sync-key".file = ../../../../secrets/backwards/restic-cloud-sync-key.age; "restic-cloud-sync-key".file = ../../../../secrets/backwards/restic-cloud-sync-key.age;
"restic-cloud-sync-repository".file = ../../../../secrets/backwards/restic-cloud-sync-repository.age; "restic-cloud-sync-repository".file =
../../../../secrets/backwards/restic-cloud-sync-repository.age;
}; };
}; };
}; };

49
hosts/backwards/modules/ssh/default.nix
View File

@@ -23,17 +23,34 @@ in
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"manatee" = {
hostname = "manatee";
user = "alex";
identityFile = "/home/alex/.ssh/alex.backwards-manatee";
port = 1122;
};
"git.ppp.pm" = { "git.ppp.pm" = {
hostname = "git.ppp.pm"; hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
}; };
"codeberg.org" = { "*" = {
hostname = "codeberg.org"; forwardAgent = false;
identityFile = "/home/alex/.ssh/alex.backwards-codeberg.org"; addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
}; };
}; };
}; };
home.packages = [ pkgs.sshfs ];
}; };
environment.etc."ssh/authorized_keys_command" = { environment.etc."ssh/authorized_keys_command" = {
@@ -84,6 +101,19 @@ in
path = "${rootSSHKeyPath}/root.backwards.pub"; path = "${rootSSHKeyPath}/root.backwards.pub";
}; };
"alex.backwards-manatee" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.age;
path = "/home/alex/.ssh/alex.backwards-manatee";
owner = "alex";
group = "users";
};
"alex.backwards-manatee.pub" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
path = "/home/alex/.ssh/alex.backwards-manatee.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-backwards.pub" = { "alex.pinwheel-backwards.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.pub.age; file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub"; path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub";
@@ -101,19 +131,6 @@ in
owner = "alex"; owner = "alex";
group = "users"; group = "users";
}; };
"alex.backwards-codeberg.org" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org";
owner = "alex";
group = "users";
};
"alex.backwards-codeberg.org.pub" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org.pub";
owner = "alex";
group = "users";
};
}; };
}; };
} }

3
hosts/backwards/modules/syncthing/default.nix
View File

@@ -34,6 +34,7 @@ in
devices = { devices = {
phone.id = config.lib.syncthing.phone; phone.id = config.lib.syncthing.phone;
pinwheel.id = config.lib.syncthing.pinwheel; pinwheel.id = config.lib.syncthing.pinwheel;
tablet.id = config.lib.syncthing.tablet;
}; };
folders = { folders = {
@@ -74,7 +75,7 @@ in
}; };
books = { books = {
path = "/home/alex/sync/books"; path = "/home/alex/sync/reading-material/books";
devices = [ "pinwheel" ]; devices = [ "pinwheel" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";

56
hosts/manatee/configuration.nix Normal file
View File

@@ -0,0 +1,56 @@
{ pkgs, ... }:
{
imports = [
../../config-manager/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./disk-config.nix
./modules
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true;
users.users.alex = {
isNormalUser = true;
description = "alex";
extraGroups = [
"wheel"
"storage"
];
};
environment.variables.EDITOR = "vim";
environment.systemPackages = with pkgs; [
vim
git
];
config-manager = {
flakePath = "/home/alex/config";
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

243
hosts/manatee/disk-config.nix Normal file
View File

@@ -0,0 +1,243 @@
{
inputs,
pkgs,
config,
...
}:
{
imports = [ inputs.disko.nixosModules.disko ];
config = {
users.groups.storage = { };
users.users.storage = {
isSystemUser = true;
description = "storage";
group = "storage";
};
systemd.tmpfiles.settings = {
"10-media-public" = {
"/mnt/media/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
"10-cameras-public" = {
"/mnt/cameras/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
"10-sync-public" = {
"/mnt/sync/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
};
environment.systemPackages = [
pkgs.smartmontools
];
services.smartd = {
enable = true;
devices = [
{ device = config.disko.devices.disk.root.device; }
{ device = config.disko.devices.disk.disk1.device; }
{ device = config.disko.devices.disk.disk2.device; }
];
};
services.zfs.autoScrub.enable = true;
networking.hostId = "0a9474e7"; # Required by ZFS
disko.devices = {
disk = {
root = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
disk1 = {
type = "disk";
device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QCG4";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk2 = {
type = "disk";
device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QDJ5";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk3 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0UCF4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk4 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0V6F4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
};
zpool = {
storage = {
type = "zpool";
mode = {
topology = {
type = "topology";
vdev = [
{
mode = "mirror";
members = [
"disk1"
"disk2"
];
}
{
mode = "mirror";
members = [
"disk3"
"disk4"
];
}
];
};
};
rootFsOptions = {
mountpoint = "none";
compression = "zstd";
xattr = "sa";
"com.sun:auto-snapshot" = "false";
};
datasets = {
media = {
type = "zfs_fs";
mountpoint = "/mnt/media";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
cameras = {
type = "zfs_fs";
mountpoint = "/mnt/cameras";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
sync = {
type = "zfs_fs";
mountpoint = "/mnt/sync";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
};
};
};
};
};
}

46
hosts/manatee/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,46 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
swapDevices = [
{
device = "/swapfile";
size = 32 * 1024; # 32GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

24
hosts/manatee/home.nix Normal file
View File

@@ -0,0 +1,24 @@
{ inputs, pkgs, ... }:
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
config = {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.alex = {
programs.home-manager.enable = true;
home.username = "alex";
home.homeDirectory = "/home/alex";
home.packages = [
pkgs.streamrip
];
home.stateVersion = "24.11";
};
};
};
}

14
hosts/manatee/modules/age/default.nix Normal file
View File

@@ -0,0 +1,14 @@
{ inputs, pkgs, ... }:
{
imports = [ inputs.agenix.nixosModules.default ];
config = {
age = {
identityPaths = [ "/etc/ssh/manatee" ];
};
environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default
];
};
}

20
hosts/backwards/modules/audiobookshelf/default.nix → hosts/manatee/modules/audiobookshelf/default.nix
View File

@@ -10,17 +10,25 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
fileSystems."/home/alex/media" = { mod.homepage.services = [
device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764"; {
fsType = "ext4"; name = "Audiobookshelf";
options = [ "nofail" ]; port = 8000;
description = "Audiobooks & podcasts";
}
];
users.users.audiobookshelf = {
isSystemUser = true;
description = "audiobookshelf";
group = "storage";
}; };
services.audiobookshelf = { services.audiobookshelf = {
enable = true; enable = true;
user = "alex"; user = "audiobookshelf";
group = "users"; group = "storage";
host = "0.0.0.0"; host = "0.0.0.0";
port = 8000; port = 8000;

43
hosts/manatee/modules/boot/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
inputs,
lib,
config,
...
}:
let
configurationLimit = config.mod.gc.configurationLimit;
in
{
imports = [ inputs.nix-gc-env.nixosModules.default ];
options = {
mod.gc = {
configurationLimit = lib.mkOption {
type = lib.types.int;
default = 10;
description = "number of configuration generations to keep";
};
};
};
config = {
nix.gc = {
automatic = true;
dates = "weekly";
# `delete_generations` added by nix-gc-env
delete_generations = "+${builtins.toString configurationLimit}";
};
boot = {
loader = {
systemd-boot = {
enable = true;
inherit configurationLimit;
};
efi.canTouchEfiVariables = true;
};
};
};
}

44
hosts/manatee/modules/certs/default.nix Normal file
View File

@@ -0,0 +1,44 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@ppp.pm";
};
certs = {
"ha.ppp.pm" = {
dnsProvider = "hetzner";
environmentFile = config.age.secrets.hetzner-dns.path;
group = "nginx";
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s" # Wait for 60 seconds for DNS propagation
"--dns-timeout=60"
"--http-timeout=60"
];
};
"komga.ppp.pm" = {
dnsProvider = "hetzner";
environmentFile = config.age.secrets.hetzner-dns.path;
group = "nginx";
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s"
"--dns-timeout=60"
"--http-timeout=60"
];
};
};
};
age = {
secrets = {
"hetzner-dns".file = ../../../../secrets/manatee/hetzner-dns.age;
};
};
}

27
hosts/manatee/modules/default.nix Normal file
View File

@@ -0,0 +1,27 @@
{ lib, ... }:
let
toModulePath = dir: _: ./. + "/${dir}";
filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs;
in
{
imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.));
config = {
mod = {
gc.configurationLimit = 10;
ssh.enable = true;
git.enable = true;
nginx.enable = true;
syncthing.enable = true;
transmission.enable = true;
audiobookshelf.enable = true;
jellyfin.enable = true;
immich.enable = true;
navidrome.enable = true;
komga.enable = true;
homepage.enable = true;
};
};
}

39
hosts/manatee/modules/git/default.nix Normal file
View File

@@ -0,0 +1,39 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.git.enable;
in
{
options = {
mod.git = {
enable = lib.mkEnableOption "enable git module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.git = {
enable = true;
includes = [
{ path = ./gitconfig; }
];
settings = {
rerere.enable = true;
};
};
home.packages = [ pkgs.tig ];
home.file.".tigrc".text = ''
set main-view-line-number = yes
set main-view-line-number-interval = 1
'';
};
};
}

9
hosts/manatee/modules/git/gitconfig Normal file
View File

@@ -0,0 +1,9 @@
[user]
name = Alexander Heldt
email = me@alexanderheldt.se
[url "git@github.com:"]
insteadOf = https://github.com/
[url "gitea@git.ppp.pm:"]
insteadOf = https://git.ppp.pm/

243
hosts/manatee/modules/home-assistant/default.nix Normal file
View File

@@ -0,0 +1,243 @@
{
pkgs,
lib,
config,
...
}:
let
nginxEnabled = config.mod.nginx.enable;
script = pkgs.writeShellScript "bt-reset" ''
set -euo pipefail
export PATH="${
lib.makeBinPath [
pkgs.bluez
pkgs.util-linux
pkgs.kmod
pkgs.gnugrep
pkgs.coreutils
]
}"
logger -t bt-reset "Starting Bluetooth adapter reset..."
# Exit early if the adapter is already present and running
if hciconfig hci0 2>/dev/null | grep -q "UP RUNNING"; then
logger -t bt-reset "hci0 is already UP RUNNING nothing to do"
exit 0
fi
# If hci0 exists but isn't UP, try bringing it up
if hciconfig hci0 2>/dev/null; then
logger -t bt-reset "hci0 exists but not running bringing it up"
hciconfig hci0 up || true
sleep 2
if hciconfig hci0 2>/dev/null | grep -q "UP RUNNING"; then
logger -t bt-reset "hci0 is UP now"
systemctl restart bluetooth.service
logger -t bt-reset "bluetooth.service restarted done"
exit 0
fi
fi
# Hard reset: reload the btusb kernel module (works for USB adapters)
logger -t bt-reset "hci0 missing reloading btusb module..."
modprobe -r btusb 2>/dev/null || true
sleep 3
modprobe btusb
sleep 3
if hciconfig hci0 2>/dev/null; then
hciconfig hci0 up
logger -t bt-reset "hci0 restored after module reload"
else
logger -t bt-reset "ERROR: hci0 not found after module reload"
exit 1
fi
# Restart the bluetooth systemd service so bluetoothd picks up the adapter
systemctl restart bluetooth.service
logger -t bt-reset "bluetooth.service restarted done"
'';
in
{
mod.homepage.services = [
{
name = "Home Assistant";
port = 8123;
description = "Home automation";
}
];
hardware.bluetooth.enable = true;
virtualisation.oci-containers = {
backend = "podman";
containers.homeassistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
volumes = [
"/home/alex/.config/home-assistant:/config"
# Pass in bluetooth
"/run/dbus:/run/dbus:ro"
];
environment.TZ = "Europe/Stockholm";
extraOptions = [
"--network=host"
# Allows HA to perform low-level network operations (scan/reset adapter)
"--cap-add=NET_ADMIN"
"--cap-add=NET_RAW"
# Pass in Zigbee antenna
"--device=/dev/serial/by-id/usb-Nabu_Casa_ZBT-2_9C139EAAD464-if00:/dev/ttyACM0"
];
};
};
services = {
blueman.enable = true;
nginx = lib.mkIf nginxEnabled {
recommendedProxySettings = true;
virtualHosts."ha.ppp.pm" = {
forceSSL = true;
useACMEHost = "ha.ppp.pm";
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8123";
proxyWebsockets = true;
};
};
};
# Trigger reset via udev when hci0 disappears
udev.extraRules = ''
ACTION=="remove", SUBSYSTEM=="bluetooth", KERNEL=="hci0", \
TAG+="systemd", ENV{SYSTEMD_WANTS}+="bt-reset.service"
'';
};
systemd = {
services = {
# Trigger reset on bluetoothd failure
bluetooth = {
unitConfig.OnFailure = [ "bt-reset.service" ];
};
bt-reset = {
description = "Reset Bluetooth adapter";
after = [ "bluetooth.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = script;
Restart = "on-failure";
RestartSec = "10s";
StartLimitIntervalSec = "120";
StartLimitBurst = 3;
};
};
};
timers.bt-reset = {
description = "Periodically reset Bluetooth adapter";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5min"; # first run 5 min after boot
OnUnitActiveSec = "4h"; # then every 4 hours
RandomizedDelaySec = "5min";
};
};
user = {
timers = {
"update-hetzner-dns" = {
unitConfig = {
Description = "updates Hetzner DNS records";
};
timerConfig = {
Unit = "update-hetzner-dns.service";
OnCalendar = "*-*-* *:00/30:00";
Persistent = true;
};
wantedBy = [ "timers.target" ];
};
};
services = {
"update-hetzner-dns" = {
unitConfig = {
Description = "updates Hetzner DNS records";
};
serviceConfig = {
Type = "exec";
EnvironmentFile = config.age.secrets.hetzner-dns.path;
};
path = [
pkgs.curl
pkgs.coreutils
pkgs.jq
];
script = ''
SUBDOMAINS="ha komga"
INTERFACE="enp3s0"
CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me)
for SUBDOMAIN in $SUBDOMAINS; do
LAST_IP_FILE="/tmp/hetzner-dns-''${SUBDOMAIN}-ip"
LAST_IP=""
if [[ -f "$LAST_IP_FILE" ]]; then
LAST_IP=$(cat "$LAST_IP_FILE")
fi
if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then
echo "$SUBDOMAIN: IP unchanged, NOOP update."
else
echo "$SUBDOMAIN: Updating IP"
JSON_BODY=$(jq -n --arg ip "$CURRENT_IP" '{records: [{value: $ip}]}')
curl \
--fail \
-X POST \
-H "Authorization: Bearer $HETZNER_API_TOKEN" \
-H "Content-Type: application/json" \
-d "$JSON_BODY" \
"https://api.hetzner.cloud/v1/zones/ppp.pm/rrsets/''${SUBDOMAIN}/A/actions/set_records" \
&& echo $CURRENT_IP > $LAST_IP_FILE
fi
done
'';
};
};
};
};
age = {
secrets = {
"hetzner-dns" = {
file = ../../../../secrets/manatee/hetzner-dns.age;
owner = "alex";
group = "users";
};
};
};
}

111
hosts/manatee/modules/homepage/default.nix Normal file
View File

@@ -0,0 +1,111 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.homepage.enable;
nginxEnabled = config.mod.nginx.enable;
services = config.mod.homepage.services;
serviceToCard = svc: ''
<a class="card" href="http://manatee:${toString svc.port}">
<div class="name">${svc.name}</div>
<div class="desc">${svc.description}</div>
<div class="port">:${toString svc.port}</div>
</a>
'';
page = pkgs.writeTextDir "index.html" ''
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>manatee</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
background: #1a1b26;
color: #c0caf5;
min-height: 100vh;
padding: 3rem 1.5rem;
}
h1 {
text-align: center;
font-size: 1.5rem;
font-weight: 400;
color: #7aa2f7;
margin-bottom: 2rem;
}
.grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(200px, 1fr));
gap: 1rem;
max-width: 900px;
margin: 0 auto;
}
.card {
display: block;
background: #24283b;
border: 1px solid #414868;
border-radius: 8px;
padding: 1.25rem;
text-decoration: none;
color: inherit;
transition: border-color 0.15s;
}
.card:hover { border-color: #7aa2f7; }
.name { font-size: 1.1rem; font-weight: 600; color: #c0caf5; }
.desc { font-size: 0.85rem; color: #565f89; margin-top: 0.35rem; }
.port { font-size: 0.8rem; color: #414868; margin-top: 0.5rem; font-family: monospace; }
</style>
</head>
<body>
<h1>manatee</h1>
<div class="grid">
${lib.concatMapStrings serviceToCard services}
</div>
</body>
</html>
'';
in
{
options = {
mod.homepage = {
enable = lib.mkEnableOption "Enable homepage module";
services = lib.mkOption {
type = lib.types.listOf (
lib.types.submodule {
options = {
name = lib.mkOption { type = lib.types.str; };
port = lib.mkOption { type = lib.types.port; };
description = lib.mkOption { type = lib.types.str; };
};
}
);
default = [ ];
description = "Services to display on the homepage";
};
};
};
config = lib.mkIf (enabled && nginxEnabled) {
services.nginx.virtualHosts."homepage" = {
listen = [
{
addr = "0.0.0.0";
port = 9999;
}
];
root = page;
locations."/" = {
index = "index.html";
};
};
networking.firewall.allowedTCPPorts = [ 9999 ];
};
}

43
hosts/manatee/modules/immich/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{ lib, config, ... }:
let
enabled = config.mod.immich.enable;
in
{
options = {
mod.immich = {
enable = lib.mkEnableOption "Enable immich module";
};
};
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Immich";
port = 2283;
description = "Photo library";
}
];
users.users.immich = {
isSystemUser = true;
group = "storage";
extraGroups = [
"render"
"video"
];
};
services.immich = {
enable = true;
user = "immich";
group = "storage";
host = "0.0.0.0";
mediaLocation = "/mnt/cameras/public";
accelerationDevices = [ "/dev/dri/renderD128" ];
};
};
}

68
hosts/manatee/modules/jellyfin/default.nix Normal file
View File

@@ -0,0 +1,68 @@
{
lib,
pkgs,
config,
...
}:
let
enabled = config.mod.jellyfin.enable;
in
{
options = {
mod.jellyfin = {
enable = lib.mkEnableOption "Enable jellyfin module";
};
};
config = lib.mkIf enabled {
users.users.jellyfin = {
isSystemUser = true;
group = "storage";
extraGroups = [
"render"
"video"
];
};
hardware = {
graphics = {
enable = true;
extraPackages = [
pkgs.intel-media-driver # Modern Intel VA-API driver (needed for N305)
pkgs.libvdpau-va-gl # VDPAU backend for VA-API GLX interop
pkgs.intel-compute-runtime # OpenCL support
];
};
};
services = {
jellyfin = {
enable = true;
openFirewall = true;
user = "jellyfin";
group = "storage";
};
};
mod.homepage.services = [
{
name = "Jellyfin";
port = 8096;
description = "Media streaming";
}
];
networking = {
firewall.allowedTCPPorts = [ 8096 ];
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
};
}

157
hosts/manatee/modules/komga/default.nix Normal file
View File

@@ -0,0 +1,157 @@
{
inputs,
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.komga.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
options = {
mod.komga = {
enable = lib.mkEnableOption "Enable komga module";
};
};
imports = [
inputs.komga-comictracker.nixosModules.default
inputs.komga-bookmanager.nixosModules.default
inputs.komga-reading-stats.nixosModules.default
];
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Komga";
port = 8002;
description = "Comic library";
}
{
name = "Komga Reader";
port = 8888;
description = "Comic reader";
}
{
name = "Komga Book Manager";
port = 8686;
description = "Book manager";
}
{
name = "Komga Reading Stats";
port = 8787;
description = "Reading stats";
}
];
users.users.komga = {
isSystemUser = true;
group = "storage";
};
services.komga = {
enable = true;
user = "komga";
group = "storage";
settings = {
server.port = 8002;
komga."cors.allowed-origins" = [
"http://manatee:8888"
"https://komga.ppp.pm"
];
};
openFirewall = true;
};
services.nginx = lib.mkIf nginxEnabled {
virtualHosts."komga-reader" = {
listen = [
{
addr = "0.0.0.0";
port = 8888;
}
];
root = (pkgs.writeTextDir "komga-reader.html" (builtins.readFile ./komga-reader.html));
locations."/" = {
index = "komga-reader.html";
tryFiles = "$uri $uri/ /komga-reader.html";
};
};
virtualHosts."komga.ppp.pm" = {
forceSSL = true;
useACMEHost = "komga.ppp.pm";
locations."/" = {
proxyPass = "http://127.0.0.1:8002";
proxyWebsockets = true;
};
};
};
networking.firewall.allowedTCPPorts = [ 8888 ];
programs.comictracker = {
enable = true;
komgaUrl = "http://127.0.0.1:8002";
komgaLibraryId = "0NVZH5AK3RPE1";
secretsFile = config.age.secrets.komga-comicbooktracker-credentials.path;
};
services.komga-book-manager = {
enable = true;
port = 8686;
group = "storage";
komgaUrl = "http://127.0.0.1:8002";
credentialsFile = config.age.secrets.komga-bookmanager-credentials.path;
libraryRoot = "/mnt/media/public/books";
libraryId = "0PNE1NEPY6995";
};
services.komga-reading-stats = {
enable = true;
host = "0.0.0.0";
port = 8787;
origin = "http://manatee:8787";
anthropicApiKeyFile = config.age.secrets.komga-reading-stats-claude-api-key.path;
claudeModel = "claude-sonnet-4-6";
komga = {
url = "http://127.0.0.1:8002";
apiKeyFile = config.age.secrets.komga-reading-stats-komga-api-key.path;
};
};
age.secrets = {
"komga-comicbooktracker-credentials" = {
file = ../../../../secrets/manatee/komga-comicbooktracker-credentials.age;
owner = "alex";
group = "users";
};
"komga-bookmanager-credentials" = {
file = ../../../../secrets/manatee/komga-bookmanager-credentials.age;
owner = "alex";
group = "users";
};
"komga-reading-stats-claude-api-key" = {
file = ../../../../secrets/manatee/komga-reading-stats-claude-api-key.age;
owner = "komga-reading-stats";
group = "komga-reading-stats";
};
"komga-reading-stats-komga-api-key" = {
file = ../../../../secrets/manatee/komga-reading-stats-komga-api-key.age;
owner = "komga-reading-stats";
group = "komga-reading-stats";
};
};
};
}

1553
hosts/manatee/modules/komga/komga-reader.html Normal file
View File

File diff suppressed because it is too large Load Diff

41
hosts/manatee/modules/navidrome/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
lib,
pkgs,
config,
...
}:
let
navidromeEnabled = config.mod.navidrome.enable;
in
{
options = {
mod.navidrome = {
enable = lib.mkEnableOption "Enable navidrome module";
};
};
config = {
mod.homepage.services = lib.mkIf navidromeEnabled [
{
name = "Navidrome";
port = 4533;
description = "Music streaming";
}
];
services = lib.mkIf navidromeEnabled {
navidrome = {
enable = true;
openFirewall = true;
user = "navidrome";
group = "storage";
settings = {
Port = 4533;
Address = "0.0.0.0";
MusicFolder = "/mnt/media/public/music";
};
};
};
};
}

50
hosts/manatee/modules/network/default.nix Normal file
View File

@@ -0,0 +1,50 @@
{ ... }:
let
hostAddress = "192.168.50.203";
in
{
networking = {
hostName = "manatee";
# Required for asymmetric routing (sending replies out a different interface
# than the default route). Without this, the kernel drops the return traffic.
firewall.checkReversePath = "loose";
defaultGateway = "192.168.50.1";
nameservers = [ "1.1.1.1" ];
interfaces = {
enp3s0 = {
useDHCP = false;
ipv4 = {
addresses = [
{
address = hostAddress;
prefixLength = 24;
}
];
};
ipv4.routes = [
{
address = "0.0.0.0";
prefixLength = 0;
via = "192.168.50.1"; # Router
options = {
table = "100";
};
}
];
};
};
localCommands = ''
# Ensure local LAN traffic uses the main table, e.g. responds to the local machine
ip rule list | grep -q "192.168.50.0/24 lookup main" || \
ip rule add to 192.168.50.0/24 lookup main priority 4999
# All other traffic from this IP uses Table 100 (e.g. responds to router and back out)
ip rule list | grep -q "from ${hostAddress} lookup 100" || \
ip rule add from ${hostAddress} lookup 100 priority 5000
'';
};
}

28
hosts/manatee/modules/nginx/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{ lib, config, ... }:
let
enabled = config.mod.nginx.enable;
in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "Enable nginx module";
};
};
config = lib.mkIf enabled {
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
networking = {
firewall = {
allowedTCPPorts = [ 443 ];
};
};
};
}

119
hosts/manatee/modules/ssh/default.nix Normal file
View File

@@ -0,0 +1,119 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.ssh.enable;
authorizedKeysPath = "/home/alex/.ssh/authorized-keys";
rootSSHKeyPath = "/etc/ssh";
in
{
options = {
mod.ssh = {
enable = lib.mkEnableOption "enable ssh module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.ssh = {
enable = true;
matchBlocks = {
"git.ppp.pm" = {
hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
};
"*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
};
};
};
environment.etc."ssh/authorized_keys_command" = {
mode = "0755";
text = ''
#!${pkgs.bash}/bin/bash
for file in ${authorizedKeysPath}/*; do
${pkgs.coreutils}/bin/cat "$file"
done
'';
};
services = {
openssh = {
enable = true;
ports = [ 1122 ];
hostKeys = [
{
path = "${rootSSHKeyPath}/root.manatee";
type = "ed25519";
}
];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
authorizedKeysCommand = "/etc/ssh/authorized_keys_command";
authorizedKeysCommandUser = "root";
};
};
networking = {
firewall = {
allowedTCPPorts = [ 1122 ];
};
};
age.secrets = {
"root.manatee" = {
file = ../../../../secrets/manatee/root.manatee.age;
path = "${rootSSHKeyPath}/root.manatee";
};
"root.manatee.pub" = {
file = ../../../../secrets/manatee/root.manatee.pub.age;
path = "${rootSSHKeyPath}/root.manatee.pub";
};
"alex.pinwheel-manatee.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-manatee.pub";
};
"alex.backwards-manatee.pub" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
path = "${authorizedKeysPath}/alex.backwards-manatee.pub";
};
"alex.manatee-git.ppp.pm" = {
file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
owner = "alex";
group = "users";
};
"alex.manatee-git.ppp.pm.pub" = {
file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.pub.age;
path = "/home/alex/.ssh/alex.manatee-git.ppp.pm.pub";
owner = "alex";
group = "users";
};
};
};
}

69
hosts/manatee/modules/syncthing/default.nix Normal file
View File

@@ -0,0 +1,69 @@
{ lib, config, ... }:
let
enabled = config.mod.syncthing.enable;
in
{
options = {
mod.syncthing = {
enable = lib.mkEnableOption "Enable syncthing module";
};
};
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Syncthing";
port = 8384;
description = "File sync";
}
];
services.syncthing = {
enable = true;
cert = config.age.secrets.syncthing-cert.path;
key = config.age.secrets.syncthing-key.path;
user = "storage";
group = "storage";
dataDir = "/mnt/sync/public";
guiAddress = "0.0.0.0:8384";
settings = {
gui = {
user = "syncthing";
password = "$2a$12$YBcqhl8AXpoLmIWikuMtkOQLcrPXKKj0xY/qy4hggWnfjeVLQ3Ct6";
insecureSkipHostcheck = false;
};
devices = {
pinwheel.id = config.lib.syncthing.pinwheel;
};
folders = {
org = {
path = "/mnt/sync/public/org";
devices = [
"pinwheel"
];
versioning = {
type = "staggered";
params = {
maxage = "2592000"; # 30 days
};
};
};
};
};
};
age = {
secrets = {
"syncthing-cert".file = ../../../../secrets/manatee/syncthing-cert.age;
"syncthing-key".file = ../../../../secrets/manatee/syncthing-key.age;
};
};
};
}

11
hosts/manatee/modules/tailscale/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{ ... }:
{
# If an exit node is used, set:
# tailscale set --exit-node-allow-lan-access
services.tailscale.enable = true;
networking.firewall = {
checkReversePath = "loose";
allowedUDPPorts = [ 41641 ];
};
}

31
hosts/backwards/modules/transmission/default.nix → hosts/manatee/modules/transmission/default.nix
View File

@@ -15,31 +15,40 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Transmission";
port = 9091;
description = "Torrent client";
}
];
services = { services = {
transmission = { transmission = {
enable = true; enable = true;
package = pkgs.transmission_4; package = pkgs.transmission_4;
openFirewall = true; openFirewall = true;
openRPCPort = true;
user = "alex"; user = "storage";
group = "users"; group = "storage";
home = "/home/alex/media/ts-home"; home = "/mnt/media/public/.ts-home";
downloadDirPermissions = "775"; downloadDirPermissions = "775";
settings = { settings = {
rpc-bind-address = "0.0.0.0";
rpc-port = 9191;
incomplete-dir-enabled = false; incomplete-dir-enabled = false;
download-dir = "/home/alex/media/downloads"; download-dir = "/mnt/media/public/downloads";
rpc-authentication-required = true; rpc-bind-address = "0.0.0.0";
# Required to have empty user/pass to satisfy transmissionA
# https://github.com/transmission/transmission/discussions/1941#discussioncomment-1472352
rpc-whitelist-enabled = false; rpc-whitelist-enabled = false;
rpc-username = "transmission"; rpc-authentication-required = true;
rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi"; rpc-username = "";
rpc-password = "";
}; };
}; };
}; };

5
hosts/pinwheel/configuration.nix
View File

@@ -17,7 +17,10 @@
users.users.alex = { users.users.alex = {
isNormalUser = true; isNormalUser = true;
description = "alex"; description = "alex";
extraGroups = [ "wheel" ]; extraGroups = [
"wheel"
"networkmanager"
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

7
hosts/pinwheel/hardware-configuration.nix
View File

@@ -36,7 +36,12 @@
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [
{
device = "/swapfile";
size = 48 * 1024; # 48GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

9
hosts/pinwheel/home.nix
View File

@@ -14,14 +14,21 @@
home.homeDirectory = "/home/alex"; home.homeDirectory = "/home/alex";
home.packages = [ home.packages = [
inputs.whib-backend.packages.${pkgs.stdenv.hostPlatform.system}.whib-import
# pkgs.beekeeper-studio
pkgs.bitwarden-desktop
pkgs.gimp pkgs.gimp
pkgs.zip pkgs.zip
pkgs.unzip
pkgs.unar pkgs.unar
pkgs.jq pkgs.jq
pkgs.dbeaver-bin pkgs.dbeaver-bin
pkgs.htop pkgs.htop
pkgs.onlyoffice-bin pkgs.onlyoffice-desktopeditors
pkgs.wdisplays pkgs.wdisplays
pkgs.vlc
pkgs.claude-code
pkgs.opencode
]; ];
home.stateVersion = "23.05"; home.stateVersion = "23.05";

2
hosts/pinwheel/modules/age/default.nix
View File

@@ -11,7 +11,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.system}".default inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default
]; ];
}; };
} }

8
hosts/pinwheel/modules/bluetooth/default.nix
View File

@@ -30,12 +30,6 @@ in
# Low battery notification for bluetooth devices # Low battery notification for bluetooth devices
systemd.user = systemd.user =
let let
trackpad = {
id = "battery_hid_a8o91o3doe5ofeo38_battery";
name = "trackpad";
threshold = "20";
};
headphones = { headphones = {
id = "headset_dev_38_18_4C_18_A4_6E"; id = "headset_dev_38_18_4C_18_A4_6E";
name = "headphones"; name = "headphones";
@@ -65,7 +59,6 @@ in
in in
builtins.listToAttrs ( builtins.listToAttrs (
builtins.map mkTimer [ builtins.map mkTimer [
trackpad
headphones headphones
] ]
); );
@@ -119,7 +112,6 @@ in
in in
builtins.listToAttrs ( builtins.listToAttrs (
builtins.map mkService [ builtins.map mkService [
trackpad
headphones headphones
] ]
); );

2
hosts/pinwheel/modules/colors/default.nix
View File

@@ -3,7 +3,7 @@
colors = { colors = {
foreground = "bd93f9"; foreground = "bd93f9";
foreground-dim = "644294"; foreground-dim = "644294";
background = "1E2029"; background = "1E1E2F";
gray = "3a3a3a"; gray = "3a3a3a";
warning = "ff6969"; warning = "ff6969";

4
hosts/pinwheel/modules/default.nix
View File

@@ -14,7 +14,7 @@ in
nix-index.enable = false; nix-index.enable = false;
greetd.enable = true; greetd.enable = true;
hyprland.enable = true; hyprland.enable = true;
swaylock.enable = true; hyprlock.enable = true;
physlock.enable = false; physlock.enable = false;
power.enable = true; power.enable = true;
@@ -27,13 +27,13 @@ in
zsh.enable = true; zsh.enable = true;
openvpn.enable = true; openvpn.enable = true;
mullvad.enable = true;
c.enable = true; c.enable = true;
go.enable = true; go.enable = true;
rust.enable = true; rust.enable = true;
scala.enable = true; scala.enable = true;
python.enable = true; python.enable = true;
gleam.enable = true;
keyboard.enable = true; keyboard.enable = true;
containers = { containers = {

2
hosts/pinwheel/modules/dunst/default.nix
View File

@@ -7,8 +7,6 @@
settings = { settings = {
global = { global = {
monitor = 1; monitor = 1;
width = 300;
height = 300;
offset = "10x10"; offset = "10x10";
origin = "top-right"; origin = "top-right";
transparency = 10; transparency = 10;

62
hosts/pinwheel/modules/emacs/config.org
View File

@@ -479,7 +479,34 @@ Setup prefix for keybindings.
* Flycheck * Flycheck
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package flycheck) (use-package flycheck
:preface
(defun mp-flycheck-eldoc (callback &rest _ignored)
"Print flycheck messages at point by calling CALLBACK."
(when-let ((flycheck-errors (and flycheck-mode (flycheck-overlay-errors-at (point)))))
(mapc
(lambda (err)
(funcall callback
(format "%s: %s"
(let ((level (flycheck-error-level err)))
(pcase level
('info (propertize "I" 'face 'flycheck-error-list-info))
('error (propertize "E" 'face 'flycheck-error-list-error))
('warning (propertize "W" 'face 'flycheck-error-list-warning))
(_ level)))
(flycheck-error-message err))
:thing (or (flycheck-error-id err)
(flycheck-error-group err))
:face 'font-lock-doc-face))
flycheck-errors)))
(defun mp-flycheck-prefer-eldoc ()
(add-hook 'eldoc-documentation-functions #'mp-flycheck-eldoc nil t)
(setq eldoc-documentation-strategy 'eldoc-documentation-compose-eagerly)
(setq flycheck-display-errors-function nil)
(setq flycheck-help-echo-function nil))
:hook ((flycheck-mode . mp-flycheck-prefer-eldoc)))
(use-package flycheck-eglot (use-package flycheck-eglot
:after (flycheck eglot) :after (flycheck eglot)
@@ -503,6 +530,12 @@ Setup prefix for keybindings.
(add-hook 'before-save-hook #'eglot-format-buffer -10 t)))) (add-hook 'before-save-hook #'eglot-format-buffer -10 t))))
(use-package eglot (use-package eglot
:preface
(defun mp-eglot-eldoc ()
(setq eldoc-echo-area-use-multiline-p nil)
(setq eldoc-documentation-strategy
'eldoc-documentation-compose-eagerly))
:config :config
(add-to-list 'eglot-server-programs (add-to-list 'eglot-server-programs
'(scala-mode . '(scala-mode .
@@ -511,6 +544,9 @@ Setup prefix for keybindings.
(add-to-list 'eglot-server-programs (add-to-list 'eglot-server-programs
'(nix-mode . ("nixd"))) '(nix-mode . ("nixd")))
(add-to-list 'eglot-server-programs
'(gleam-ts-mode . ("gleam" "lsp")))
(setq-default eglot-workspace-configuration (setq-default eglot-workspace-configuration
'( '(
:metals ( :metals (
@@ -519,7 +555,11 @@ Setup prefix for keybindings.
) )
) )
:custom
(eglot-code-action-indications nil)
:hook ( :hook (
(eglot-managed-mode . mp-eglot-eldoc)
(go-mode . eglot-ensure) (go-mode . eglot-ensure)
(go-mode . alex/organize-imports-on-save) (go-mode . alex/organize-imports-on-save)
(go-mode . alex/format-on-save) (go-mode . alex/format-on-save)
@@ -529,6 +569,10 @@ Setup prefix for keybindings.
(nix-mode . eglot-ensure) (nix-mode . eglot-ensure)
(nix-mode . alex/format-on-save) (nix-mode . alex/format-on-save)
(gleam-ts-mode . eglot-ensure)
(gleam-ts-mode . alex/format-on-save)
(python-mode . eglot-ensure)
(javascript-mode . eglot-ensure) (javascript-mode . eglot-ensure)
(js-mode . eglot-ensure) (js-mode . eglot-ensure)
(js-jsx-mode . eglot-ensure) (js-jsx-mode . eglot-ensure)
@@ -548,13 +592,6 @@ Setup prefix for keybindings.
:after eglot :after eglot
:config (eglot-booster-mode)) :config (eglot-booster-mode))
#+END_SRC #+END_SRC
** Eldoc-box
#+BEGIN_SRC emacs-lisp
(use-package eldoc-box
:after eglot
:bind (:map eglot-mode-map
("M-h" . eldoc-box-help-at-point)))
#+END_SRC
** Go ** Go
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package go-mode (use-package go-mode
@@ -572,6 +609,12 @@ Setup prefix for keybindings.
) )
) )
#+END_SRC #+END_SRC
** Gleam
#+BEGIN_SRC emacs-lisp
(use-package gleam-ts-mode
:mode "\\.gleam\\'"
)
#+END_SRC
** YAML ** YAML
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package yaml-mode (use-package yaml-mode
@@ -603,7 +646,8 @@ Setup prefix for keybindings.
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(setq (setq
js-indent-level 2 js-indent-level 2
js2-basic-offset 2) js2-basic-offset 2
indent-tabs-mode nil)
(add-to-list 'auto-mode-alist '("\\.ts\\'" . typescript-ts-mode)) (add-to-list 'auto-mode-alist '("\\.ts\\'" . typescript-ts-mode))
#+END_SRC #+END_SRC

4
hosts/pinwheel/modules/firefox/default.nix
View File

@@ -29,14 +29,14 @@ let
ff = pkgs.writeShellApplication { ff = pkgs.writeShellApplication {
name = "ff"; name = "ff";
text = '' text = ''
${wrapped}/bin/firefox --ProfileManager ${wrapped}/bin/firefox-devedition --ProfileManager
''; '';
}; };
ff-alex = pkgs.writeShellApplication { ff-alex = pkgs.writeShellApplication {
name = "ff-alex"; name = "ff-alex";
text = '' text = ''
${wrapped}/bin/firefox -P alex --new-window "$@" ${wrapped}/bin/firefox-devedition -P alex --new-window "$@"
''; '';
}; };

6
hosts/pinwheel/modules/fonts/default.nix
View File

@@ -2,9 +2,9 @@
{ {
fonts.packages = [ fonts.packages = [
pkgs.noto-fonts pkgs.noto-fonts
pkgs.noto-fonts-cjk pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-emoji pkgs.noto-fonts-color-emoji
pkgs.nerdfonts pkgs.nerd-fonts.jetbrains-mono
pkgs.liberation_ttf pkgs.liberation_ttf
]; ];
} }

2
hosts/pinwheel/modules/fzf/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }: { ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
programs.fzf = { programs.fzf = {

12
hosts/pinwheel/modules/games/default.nix
View File

@@ -1,16 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [ pkgs.brogue-ce ];
pkgs.brogue-ce
(pkgs.retroarch.override {
cores = [
pkgs.libretro.genesis-plus-gx
pkgs.libretro.snes9x
pkgs.libretro.dolphin
];
})
];
}; };
} }

25
hosts/pinwheel/modules/git/default.nix
View File

@@ -23,8 +23,16 @@ in
{ path = ./gitconfig; } { path = ./gitconfig; }
]; ];
extraConfig = { signing = {
key = config.age.secrets."alex.pinwheel-github.com-signing.pub".path;
signByDefault = true;
};
settings = {
rerere.enable = true; rerere.enable = true;
# Tells Git to use SSH instead of the default GPG
gpg.format = "ssh";
}; };
}; };
@@ -35,5 +43,20 @@ in
set main-view-line-number-interval = 1 set main-view-line-number-interval = 1
''; '';
}; };
age.secrets = {
"alex.pinwheel-github.com-signing" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-github.com-signing.age;
path = "/home/alex/.ssh/alex.pinwheel-github.com-signing";
owner = "alex";
group = "users";
};
"alex.pinwheel-github.com-signing.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-github.com-signing.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-github.com-signing.pub";
owner = "alex";
group = "users";
};
};
}; };
} }

6
hosts/pinwheel/modules/git/gitconfig
View File

@@ -5,11 +5,5 @@
[url "git@github.com:"] [url "git@github.com:"]
insteadOf = https://github.com/ insteadOf = https://github.com/
[url "git@gitlab.com:"]
insteadOf = https://gitlab.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/
[url "gitea@git.ppp.pm:"] [url "gitea@git.ppp.pm:"]
insteadOf = https://git.ppp.pm/ insteadOf = https://git.ppp.pm/

25
hosts/pinwheel/modules/gleam/default.nix Normal file
View File

@@ -0,0 +1,25 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.gleam.enable;
in
{
options = {
mod.gleam = {
enable = lib.mkEnableOption "enable gleam module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
home.packages = [
pkgs.gleam
pkgs.erlang
];
};
};
}

18
hosts/pinwheel/modules/go/default.nix
View File

@@ -15,26 +15,14 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
nixpkgs.overlays =
let
buildGo122 = pkgs: pkg: pkg.override { buildGoModule = pkgs.buildGo122Module; };
in
[
(final: prev: {
go = prev.go_1_22;
gopls = buildGo122 prev prev.gopls;
go-tools = buildGo122 prev prev.go-tools;
govulncheck = buildGo122 prev prev.govulncheck;
gotestsum = buildGo122 prev prev.gotestsum;
})
];
home-manager.users.alex = { home-manager.users.alex = {
programs.go = { programs.go = {
enable = true; enable = true;
package = pkgs.go; package = pkgs.go;
goPath = "code/go"; env = {
GOPATH = "/home/alex/code/go";
};
}; };
home.packages = [ home.packages = [

2
hosts/pinwheel/modules/greetd/default.nix
View File

@@ -22,7 +22,7 @@ in
let let
session = { session = {
user = "alex"; user = "alex";
command = "${pkgs.hyprland}/bin/Hyprland"; command = "uwsm start hyprland-uwsm.desktop";
}; };
in in
{ {

204
hosts/pinwheel/modules/hyprland/default.nix
View File

@@ -1,4 +1,5 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
config, config,
@@ -6,6 +7,61 @@
}: }:
let let
enabled = config.mod.hyprland.enable; enabled = config.mod.hyprland.enable;
monitorScript = pkgs.writeShellScript "hyprland-monitor-handler" ''
INTERNAL="eDP-1"
EXTERNAL_MONITORS="HDMI-A-1 DP-3"
HYPRCTL="${pkgs.hyprland}/bin/hyprctl"
JQ="${pkgs.jq}/bin/jq"
get_active_external() {
# Return the first connected external monitor
for mon in $EXTERNAL_MONITORS; do
if $HYPRCTL monitors -j | $JQ -e ".[] | select(.name == \"$mon\")" > /dev/null 2>&1; then
echo "$mon"
return 0
fi
done
return 1
}
bind_workspaces() {
local external batch=""
if external=$(get_active_external); then
# External monitor connected: move workspaces 1-5 to external, 6-10 to internal
for ws in 1 2 3 4 5; do
batch="$batch dispatch moveworkspacetomonitor $ws $external;"
done
for ws in 6 7 8 9 10; do
batch="$batch dispatch moveworkspacetomonitor $ws $INTERNAL;"
done
else
# No external monitor: move all workspaces to internal
for ws in 1 2 3 4 5 6 7 8 9 10; do
batch="$batch dispatch moveworkspacetomonitor $ws $INTERNAL;"
done
fi
$HYPRCTL --batch "$batch"
}
handle_event() {
case $1 in
monitoradded*|monitorremoved*)
sleep 0.5
bind_workspaces
;;
esac
}
# Bind workspaces on startup
bind_workspaces
${pkgs.socat}/bin/socat -U - UNIX-CONNECT:"$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock" | while read -r line; do
handle_event "$line"
done
'';
in in
{ {
options = { options = {
@@ -15,34 +71,64 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
home-manager.users.alex = { programs.hyprland = {
wayland.windowManager.hyprland = {
enable = true; enable = true;
withUWSM = true;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage =
inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
xwayland = { xwayland = {
enable = true; enable = true;
}; };
};
home-manager.users.alex = {
wayland.windowManager.hyprland = {
enable = true;
systemd.enable = false;
extraConfig = '' extraConfig = ''
exec-once=waybar exec-once = uwsm app -- waybar
exec-once = uwsm app -- hyprctl setcursor Adwaita 24
env = GDK_DPI_SCALE,1.5 env = GDK_DPI_SCALE,1.5
env = XCURSOR_SIZE,64 env = HYPRCURSOR_THEME,Adwaita
env = HYPRCURSOR_SIZE,24
monitor=eDP-1, 1920x1200, 0x0, 1 monitor=eDP-1, 1920x1200, auto-center-down, 1
monitor=HDMI-A-1, 2560x1440@100, auto-center-up, 1
monitor=DP-3, 2560x1440@60, auto-center-up, 1
workspace = 1, monitor:HDMI-A-1 # Workspaces 1-5 on external monitors (HDMI-A-1 or DP-3)
workspace = 1, monitor:HDMI-A-1, default:true
workspace = 2, monitor:HDMI-A-1 workspace = 2, monitor:HDMI-A-1
workspace = 3, monitor:HDMI-A-1 workspace = 3, monitor:HDMI-A-1
workspace = 4, monitor:HDMI-A-1 workspace = 4, monitor:HDMI-A-1
workspace = 5, monitor:HDMI-A-1 workspace = 5, monitor:HDMI-A-1
workspace = 6, monitor:eDP-1 workspace = 1, monitor:DP-3, default:true
workspace = 2, monitor:DP-3
workspace = 3, monitor:DP-3
workspace = 4, monitor:DP-3
workspace = 5, monitor:DP-3
# Workspaces 6-10 on internal monitor
workspace = 6, monitor:eDP-1, default:true
workspace = 7, monitor:eDP-1 workspace = 7, monitor:eDP-1
workspace = 8, monitor:eDP-1 workspace = 8, monitor:eDP-1
workspace = 9, monitor:eDP-1 workspace = 9, monitor:eDP-1
workspace = 10, monitor:eDP-1 workspace = 10, monitor:eDP-1
exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP workspace = w[tv1], gapsout:0, gapsin:0
workspace = f[1], gapsout:0, gapsin:0
windowrule = border_size 0, match:float 0, match:workspace w[tv1]
windowrule = rounding 0, match:float 0, match:workspace w[tv1]
windowrule = border_size 0, match:float 0, match:workspace f[1]
windowrule = rounding 0, match:float 0, match:workspace f[1]
# https://wiki.archlinux.org/title/Hyprland#Jetbrains_apps_focus_issues
windowrule = match:xwayland true, no_initial_focus on
''; '';
settings = { settings = {
@@ -61,6 +147,7 @@ in
follow_mouse = 2; follow_mouse = 2;
sensitivity = 0.3; sensitivity = 0.3;
accel_profile = "flat";
touchpad = { touchpad = {
natural_scroll = false; natural_scroll = false;
tap-and-drag = false; tap-and-drag = false;
@@ -84,7 +171,6 @@ in
dwindle = { dwindle = {
force_split = 2; force_split = 2;
no_gaps_when_only = 1;
}; };
bind = bind =
@@ -154,6 +240,23 @@ in
pkgs.wdisplays pkgs.wdisplays
pkgs.bc pkgs.bc
]; ];
systemd.user.services.hyprland-monitors = {
Unit = {
Description = "Hyprland monitor hotplug handler";
PartOf = [ "graphical-session.target" ];
After = [ "graphical-session.target" ];
};
Service = {
Type = "simple";
ExecStart = "${monitorScript}";
Restart = "on-failure";
RestartSec = 5;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
};
}; };
# To start electron apps like `chromium` with wayland support # To start electron apps like `chromium` with wayland support
@@ -172,87 +275,6 @@ in
# openGL is needed for wayland/hyprland # openGL is needed for wayland/hyprland
hardware.graphics.enable = true; hardware.graphics.enable = true;
systemd.user.services.hyprland-monitors = { boot.kernelParams = [ "i915.enable_psr=0" ];
# systemctl --user restart hyprland-monitors.service
# journalctl --user -u hyprland-monitors.service -e -f
unitConfig = {
Description = "handles hyprland monitor connect/disconnect";
};
wantedBy = [ "graphical-session.target" ];
requires = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
path = [
pkgs.coreutils # to include `cat`
pkgs.waybar
pkgs.hyprland
pkgs.socat
pkgs.jq
pkgs.bc
pkgs.libnotify
];
script =
let
moveWSToMonitor =
monitor: first: last:
if last < first then
throw "'first' has to be less than or equal to 'last'"
else
builtins.genList (
n: "dispatch moveworkspacetomonitor ${builtins.toString (first + n)} ${monitor}"
) (last - first + 1);
external = moveWSToMonitor "HDMI-A-1" 1 5;
internal = moveWSToMonitor "eDPI-1" 6 10;
onlyInternal = moveWSToMonitor "eDPI-1" 1 10;
in
''
update() {
HDMI_STATUS=$(cat /sys/class/drm/card1-HDMI-A-1/status)
INTERNAL_WIDTH=1920
INTERNAL_HEIGHT=1200
if [ $HDMI_STATUS = "connected" ]; then
notify-send "Using external and laptop monitor"
hyprctl keyword monitor HDMI-A-1,preferred,0x0,1
HDMI=$(hyprctl monitors -j | jq '.[] | select(.name=="HDMI-A-1")')
HDMI_WIDTH=$(echo $HDMI | jq .width)
HDMI_HEIGHT=$(echo $HDMI | jq .height)
INTERNAL_POS_X=$(echo "($HDMI_WIDTH - $INTERNAL_WIDTH) / 2" | bc)
if (( $(echo "$INTERNAL_POS_X < 0" | bc) )); then INTERNAL_POS_X=0; fi
INTERNAL_POS_Y=$HDMI_HEIGHT
hyprctl keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,$INTERNAL_POS_X"x"$INTERNAL_POS_Y,1
hyprctl --batch "${lib.strings.concatStringsSep ";" (external ++ internal)}"
else
notify-send "Using only laptop monitor"
hyprctl --batch "keyword monitor HDMI-A,disable; keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,0x0,1"
hyprctl --batch "${lib.strings.concatStringsSep ";" onlyInternal}"
fi
}
handle() {
case $1 in
monitoradded\>\>*|monitorremoved\>\>*)
echo "handling event: \"$1\""
update ;;
esac
}
echo "Starting service with instance \"$HYPRLAND_INSTANCE_SIGNATURE\""
# Do initial configuration
update
socat -U - UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock | while read -r line; do handle "$line"; done
'';
};
}; };
} }

47
hosts/pinwheel/modules/swaylock/default.nix → hosts/pinwheel/modules/hyprlock/default.nix
View File

@@ -5,13 +5,13 @@
... ...
}: }:
let let
enabled = config.mod.swaylock.enable; enabled = config.mod.hyprlock.enable;
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
in in
{ {
options = { options = {
mod.swaylock = { mod.hyprlock = {
enable = lib.mkEnableOption "enable swaylock module"; enable = lib.mkEnableOption "enable hyprlock module";
dpmsTimeout = lib.mkOption { dpmsTimeout = lib.mkOption {
description = "timeout in seconds before DPMS is turned on"; description = "timeout in seconds before DPMS is turned on";
@@ -23,13 +23,32 @@ in
config = lib.mkIf enabled { config = lib.mkIf enabled {
home-manager.users.alex = { home-manager.users.alex = {
programs.swaylock = { programs.hyprlock = {
enable = true; enable = true;
settings = { settings = {
color = "000000"; general = {
indicator-idle-visible = false; hide_cursor = true;
show-failed-attempts = true; };
background = [
{
color = "rgb(000000)";
}
];
input-field = [
{
size = "250, 50";
position = "0, 0";
halign = "center";
valign = "center";
outline_thickness = 2;
dots_center = true;
fade_on_empty = true;
placeholder_text = "";
}
];
}; };
}; };
@@ -37,20 +56,20 @@ in
settings = { settings = {
bind = bind =
let let
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause"; pause-music = "${pkgs.playerctl}/bin/playerctl -a pause";
dpmsTimeout = config.mod.swaylock.dpmsTimeout; dpmsTimeout = config.mod.hyprlock.dpmsTimeout;
dpms-lock = pkgs.writeShellScript "dpms-lock" '' dpms-lock = pkgs.writeShellScript "dpms-lock" ''
${pkgs.swayidle}/bin/swayidle \ ${pkgs.swayidle}/bin/swayidle \
timeout ${dpmsTimeout} "${pkgs.hyprland}/bin/hyprctl dispatch dpms off" \ timeout ${dpmsTimeout} "${pkgs.hyprland}/bin/hyprctl dispatch dpms off" \
resume "${pkgs.hyprland}/bin/hyprctl dispatch dpms on" & resume "${pkgs.hyprland}/bin/hyprctl dispatch dpms on" &
${pkgs.swaylock}/bin/swaylock && ${pkgs.procps}/bin/pkill swayidle ${pkgs.hyprlock}/bin/hyprlock; ${pkgs.procps}/bin/pkill swayidle
''; '';
in in
[ [
"$mod, x, exec, ${pause-music}; ${dpms-lock}" "$mod, x, exec, ${pause-music}; ${dpms-lock}"
"$mod SHIFT, x, exec, ${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend" "$mod SHIFT, x, exec, ${pause-music}; ${pkgs.hyprlock}/bin/hyprlock & sleep 0.5; systemctl suspend"
]; ];
}; };
}; };
@@ -59,11 +78,7 @@ in
security = { security = {
polkit.enable = true; polkit.enable = true;
pam.services.swaylock.text = '' pam.services.hyprlock = {};
# PAM configuration file for the swaylock screen locker. By default, it includes
# the 'login' configuration file (see /etc/pam.d/login)
auth include login
'';
}; };
}; };
} }

5
hosts/pinwheel/modules/light/default.nix
View File

@@ -9,14 +9,13 @@ let
in in
{ {
users.users.alex.extraGroups = [ "video" ]; users.users.alex.extraGroups = [ "video" ];
programs.light.enable = true;
home-manager.users.alex = { home-manager.users.alex = {
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled { wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = { settings = {
bind = [ bind = [
", XF86MonBrightnessUp, exec, ${pkgs.light}/bin/light -A 5" ", XF86MonBrightnessUp, exec, ${pkgs.brightnessctl}/bin/brightnessctl set +5%"
", XF86MonBrightnessDown, exec, ${pkgs.light}/bin/light -U 5" ", XF86MonBrightnessDown, exec, ${pkgs.brightnessctl}/bin/brightnessctl set 5%-"
]; ];
}; };
}; };

35
hosts/pinwheel/modules/mullvad/default.nix
View File

@@ -1,35 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.mullvad.enable;
in
{
options = {
mod.mullvad = {
enable = lib.mkEnableOption "enable mullvad module";
};
};
config = lib.mkIf enabled {
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
age.secrets = {
"mullvad-device" = {
file = ../../../../secrets/pinwheel/mullvad-device.age;
path = "/etc/mullvad-vpn/device.json";
};
"mullvad-account-history" = {
file = ../../../../secrets/pinwheel/mullvad-account-history.age;
path = "/etc/mullvad-vpn/account-history.json";
};
};
};
}

12
hosts/pinwheel/modules/spotify/default.nix → hosts/pinwheel/modules/music/default.nix
View File

@@ -1,4 +1,5 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
config, config,
@@ -13,18 +14,18 @@ in
settings = { settings = {
bind = bind =
let let
prev = "${pkgs.playerctl}/bin/playerctl -p spotify previous"; prev = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify previous";
next = "${pkgs.playerctl}/bin/playerctl -p spotify next"; next = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify next";
in in
[ [
", XF86AudioPrev, exec, ${prev}" ", XF86AudioPrev, exec, ${prev}"
", XF86AudioNext, exec, ${next}" ", XF86AudioNext, exec, ${next}"
", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause" ", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause"
", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p spoitfy play-pause" ", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spoitfy play-pause"
"$mod ALT, LEFT, exec, ${prev}" "$mod ALT, LEFT, exec, ${prev}"
"$mod ALT, RIGHT, exec, ${next}" "$mod ALT, RIGHT, exec, ${next}"
"$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause" "$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause"
]; ];
}; };
}; };
@@ -32,6 +33,7 @@ in
home.packages = [ home.packages = [
pkgs.playerctl pkgs.playerctl
pkgs.spotify pkgs.spotify
inputs.naviterm.packages.${pkgs.stdenv.hostPlatform.system}.default
]; ];
}; };

23
hosts/pinwheel/modules/network/default.nix
View File

@@ -1,21 +1,22 @@
{ pkgs, ... }:
{ {
services.connman = { home-manager = {
users.alex = {
home.packages = [ pkgs.networkmanager ];
};
};
networking = {
wireless.enable = false; # Wireless is managed by networkmanager
networkmanager = {
enable = true; enable = true;
wifi = { wifi = {
backend = "iwd"; backend = "iwd";
}; };
};
networkInterfaceBlacklist = [
"vmnet"
"vboxnet"
"virbr"
"ifb"
"ve"
"docker"
"br-"
"wg-"
];
}; };
networking = { networking = {

2
hosts/pinwheel/modules/nix/default.nix
View File

@@ -2,7 +2,7 @@
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.nixfmt-rfc-style pkgs.nixfmt
pkgs.nix-tree pkgs.nix-tree
]; ];
}; };

20
hosts/pinwheel/modules/openvpn/default.nix
View File

@@ -18,21 +18,19 @@ in
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.openvpn pkgs.openvpn
pkgs.update-systemd-resolved
]; ];
}; };
services.resolved = { services.resolved = {
enable = false; enable = true;
dnssec = "true"; settings = {
domains = [ "~." ]; Resolve = {
fallbackDns = [ Domains = [ "~." ];
"1.1.1.1#one.one.one.one" DNSSEC = false;
"1.0.0.1#one.one.one.one" DNSOverTLS = true;
]; };
extraConfig = '' };
DNSOverTLS=yes
'';
}; };
}; };
} }

6
hosts/pinwheel/modules/power/default.nix
View File

@@ -80,12 +80,12 @@ in
path = [ path = [
pkgs.coreutils # For `cat` pkgs.coreutils # For `cat`
pkgs.libnotify pkgs.libnotify
pkgs.swaylock pkgs.hyprlock
]; ];
script = script =
let let
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause"; pause-music = "${pkgs.playerctl}/bin/playerctl -a pause";
in in
'' ''
BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity) BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity)
@@ -103,7 +103,7 @@ in
BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status) BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status)
if [[ $BATTERY_STATUS = "Discharging" ]]; then if [[ $BATTERY_STATUS = "Discharging" ]]; then
${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend ${pause-music}; ${pkgs.hyprlock}/bin/hyprlock & sleep 0.5; systemctl suspend
fi fi
fi fi
''; '';

2
hosts/pinwheel/modules/screenshot/default.nix
View File

@@ -8,7 +8,7 @@
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
grimblast = inputs.hyprland-contrib.packages.${pkgs.system}.grimblast; grimblast = inputs.hyprland-contrib.packages.${pkgs.stdenv.hostPlatform.system}.grimblast;
area = "${pkgs.libnotify}/bin/notify-send 'ps: selected area' && ${grimblast}/bin/grimblast copy area"; area = "${pkgs.libnotify}/bin/notify-send 'ps: selected area' && ${grimblast}/bin/grimblast copy area";
screen = "${pkgs.libnotify}/bin/notify-send 'ps: selected screen' &&${grimblast}/bin/grimblast copy output"; screen = "${pkgs.libnotify}/bin/notify-send 'ps: selected screen' &&${grimblast}/bin/grimblast copy output";
in in

2
hosts/pinwheel/modules/sound/default.nix
View File

@@ -10,7 +10,7 @@ in
{ {
users.users.alex.extraGroups = [ "audio" ]; users.users.alex.extraGroups = [ "audio" ];
hardware.pulseaudio.enable = false; services.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {

84
hosts/pinwheel/modules/ssh/default.nix
View File

@@ -1,10 +1,26 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
# Enable gnome-keyring at system level for PAM integration
services.gnome.gnome-keyring.enable = true;
home-manager.users.alex = { home-manager.users.alex = {
services.gnome-keyring = {
enable = true;
components = [ "secrets" "ssh" ];
};
programs.ssh = { programs.ssh = {
enable = true; enable = true;
enableDefaultConfig = false;
matchBlocks = { matchBlocks = {
"manatee" = {
hostname = "manatee";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-manatee";
port = 1122;
};
"backwards" = { "backwards" = {
hostname = "backwards"; hostname = "backwards";
user = "alex"; user = "alex";
@@ -12,12 +28,6 @@
port = 1122; port = 1122;
}; };
"andromeda" = {
hostname = "andromeda.a2x.se";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-andromeda";
};
"tadpole" = { "tadpole" = {
hostname = "65.21.106.222"; hostname = "65.21.106.222";
user = "alex"; user = "alex";
@@ -30,22 +40,46 @@
identityFile = "/home/alex/.ssh/alex.pinwheel-github.com"; identityFile = "/home/alex/.ssh/alex.pinwheel-github.com";
}; };
"codeberg.org" = {
hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
};
"git.ppp.pm" = { "git.ppp.pm" = {
hostname = "git.ppp.pm"; hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
}; };
"*" = {
forwardAgent = false;
addKeysToAgent = "yes";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
}; };
}; };
home.packages = [ pkgs.sshfs ]; home.packages = [
pkgs.sshfs
pkgs.seahorse # GUI for managing gnome-keyring
];
}; };
age.secrets = { age.secrets = {
"alex.pinwheel-manatee" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.age;
path = "/home/alex/.ssh/alex.pinwheel-manatee";
owner = "alex";
group = "users";
};
"alex.pinwheel-manatee.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-manatee.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-backwards" = { "alex.pinwheel-backwards" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.age; file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.age;
path = "/home/alex/.ssh/alex.pinwheel-backwards"; path = "/home/alex/.ssh/alex.pinwheel-backwards";
@@ -72,19 +106,6 @@
group = "users"; group = "users";
}; };
"alex.pinwheel-codeberg.org" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.age;
path = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
owner = "alex";
group = "users";
};
"alex.pinwheel-codeberg.org.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-codeberg.org.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-git.ppp.pm" = { "alex.pinwheel-git.ppp.pm" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age; file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm"; path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
@@ -98,19 +119,6 @@
group = "users"; group = "users";
}; };
"alex.pinwheel-andromeda" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda";
owner = "alex";
group = "users";
};
"alex.pinwheel-andromeda.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-tadpole" = { "alex.pinwheel-tadpole" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age; file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age;
path = "/home/alex/.ssh/alex.pinwheel-tadpole"; path = "/home/alex/.ssh/alex.pinwheel-tadpole";

4
hosts/pinwheel/modules/syncthing/default.nix
View File

@@ -16,6 +16,7 @@
devices = { devices = {
phone.id = config.lib.syncthing.phone; phone.id = config.lib.syncthing.phone;
backwards.id = config.lib.syncthing.backwards; backwards.id = config.lib.syncthing.backwards;
manatee.id = config.lib.syncthing.manatee;
}; };
folders = { folders = {
@@ -24,6 +25,7 @@
devices = [ devices = [
"phone" "phone"
"backwards" "backwards"
"manatee"
]; ];
versioning = { versioning = {
type = "staggered"; type = "staggered";
@@ -56,7 +58,7 @@
}; };
books = { books = {
path = "/home/alex/sync/books"; path = "/home/alex/sync/reading-material/books";
devices = [ "backwards" ]; devices = [ "backwards" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";

2
hosts/pinwheel/modules/tmux/default.nix
View File

@@ -18,7 +18,7 @@
# https://old.reddit.com/r/tmux/comments/mesrci/tmux_2_doesnt_seem_to_use_256_colors/ # https://old.reddit.com/r/tmux/comments/mesrci/tmux_2_doesnt_seem_to_use_256_colors/
set -g default-terminal "xterm-256color" set -g default-terminal "xterm-256color"
set -ga terminal-overrides ",*256col*:Tc" set -ga terminal-overrides ",*256col*:Tc"
set -ga terminal-overrides "*:Ss=\E[%p1%d q:Se=\E[ q" set -ga terminal-overrides ',*:Ss=\E[%p1%d q:Se=\E[ q'
set-environment -g COLORTERM "truecolor" set-environment -g COLORTERM "truecolor"
set-option -g allow-rename off set-option -g allow-rename off

2
hosts/pinwheel/modules/vim/default.nix
View File

@@ -18,7 +18,7 @@ in
}; };
programs.git = lib.mkIf gitEnabled { programs.git = lib.mkIf gitEnabled {
extraConfig = { settings = {
core = { core = {
editor = "vim"; editor = "vim";
}; };

5
hosts/pinwheel/modules/vm/default.nix
View File

@@ -17,7 +17,10 @@ in
config = lib.mkIf enabled { config = lib.mkIf enabled {
virtualisation = { virtualisation = {
spiceUSBRedirection.enable = true; # Allow redirecting USB to the VM spiceUSBRedirection.enable = true; # Allow redirecting USB to the VM
libvirtd.enable = true; libvirtd = {
enable = true;
qemu.vhostUserPackages = [ pkgs.virtiofsd ];
};
}; };
users.users.alex = { users.users.alex = {

133
hosts/pinwheel/modules/waybar/default.nix
View File

@@ -7,14 +7,14 @@
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
spotify-status = pkgs.writeShellScript "spotify-status" '' music-status = pkgs.writeShellScript "music-status" ''
STATUS=$(${pkgs.playerctl}/bin/playerctl -p spotify status 2>&1) STATUS=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify status 2>&1)
if [ "$STATUS" = "No players found" ]; then if [ "$STATUS" = "No players found" ]; then
echo "" echo ""
else else
FORMAT="{{markup_escape(xesam:title)}} - {{markup_escape(xesam:artist)}}" FORMAT="{{markup_escape(xesam:title)}} - {{markup_escape(xesam:artist)}}"
OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p spotify metadata --format "$FORMAT") OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify metadata --format "$FORMAT")
case "$STATUS" in case "$STATUS" in
"Playing") "Playing")
echo "<span font='14' rise='-3000'></span> $OUTPUT" echo "<span font='14' rise='-3000'></span> $OUTPUT"
@@ -40,58 +40,70 @@ let
fi fi
''; '';
mullvad = pkgs.writeShellScript "mullvad" '' tailscale = pkgs.writeShellScript "tailscale" ''
STATUS_DISCONNECTING="Disconnecting" STATUS_STOPPED="Tailscale is stopped."
STATUS_DISCONNECTED="Disconnected"
STATUS_CONNECTING="Connecting"
STATUS_CONNECTED="Connected"
status() {
STATUS=$(${pkgs.mullvad}/bin/mullvad status | ${pkgs.gawk}/bin/awk 'NR==1{print $1}')
echo $STATUS
}
output() { output() {
case $(status) in STATUS=$(tailscale status)
$STATUS_DISCONNECTED)
echo '{ "text": "", "class": "disconnected" }' ;; case $STATUS in
$STATUS_CONNECTING) $STATUS_STOPPED)
echo '{ "text": "", "tooltip": "Connecting", "class": "disconnected" }' ;; echo '{ "text": "", "class": "disconnected" }' ;;
$STATUS_CONNECTED)
TOOLTIP=$(${pkgs.mullvad}/bin/mullvad status | ${pkgs.gawk}/bin/awk 'NR==1')
echo "{ \"text\": \"\", \"tooltip\":\"$TOOLTIP\" }" ;;
$STATUS_DISCONNECTING)
echo '{ "text": "", "tooltip": "Disconnecting", "class": "disconnected" }' ;;
*) *)
echo '{ "text": "", "tooltip": "Status unknown", "class": "disconnected" }' ;; EXIT_NODE=$(tailscale status --json | ${pkgs.jq}/bin/jq .ExitNodeStatus)
EXIT_NODE_ONLINE=$(echo $EXIT_NODE | ${pkgs.jq}/bin/jq .Online)
if [ "$EXIT_NODE_ONLINE" == "null" ]; then
echo '{ "text": "", "class": "disconnected" }'
exit 0
fi
EXIT_NODE_ID=$(echo $EXIT_NODE | ${pkgs.jq}/bin/jq .ID)
EXIT_NODE_NAME=$(tailscale status --json | ${pkgs.jq}/bin/jq ".Peer.[] | select(.ID == $EXIT_NODE_ID) | .HostName")
echo "{ \"text\": \"\", \"tooltip\": $EXIT_NODE_NAME }"
;;
esac esac
} }
toggle() { toggle-exit-node() {
CURRENT_STATUS=$(status) PREFERRED_EXIT_NODE=$(${pkgs.coreutils}/bin/cat ${config.age.secrets.tailscale-preferred-exit-node.path})
case "$CURRENT_STATUS" in EXIT_NODE_ONLINE=$(tailscale status --json | ${pkgs.jq}/bin/jq .ExitNodeStatus.Online)
$STATUS_DISCONNECTED) if [ "$EXIT_NODE_ONLINE" == "true" ]; then
${pkgs.mullvad}/bin/mullvad connect --wait > /dev/null && ${pkgs.libnotify}/bin/notify-send "Connected to VPN";; tailscale set --exit-node="" && ${pkgs.libnotify}/bin/notify-send "Disconnected from Exit Node"
$STATUS_CONNECTED) else
${pkgs.mullvad}/bin/mullvad disconnect --wait > /dev/null && ${pkgs.libnotify}/bin/notify-send "Disconnected from VPN";; tailscale set --exit-node=$PREFERRED_EXIT_NODE && ${pkgs.libnotify}/bin/notify-send "Connected to Exit Node"
esac fi
} }
case $1 in case $1 in
--toggle) --toggle-exit-node)
toggle ;; toggle-exit-node ;;
--output) --output)
output ;; output ;;
esac esac
''; '';
work-vpn-status = pkgs.writeShellScript "work-vpn-status" '' work-vpn-status = pkgs.writeShellScript "work-vpn-status" ''
STAGING=$(systemctl is-active openvpn-work-staging.service) ACTIVE_ENVS=""
[ "$STAGING" == "active" ] && echo "WORK-VPN STAGING ON" && exit 0
PRODUCTION=$(systemctl is-active openvpn-work-production.service) STAGING_STATUS=$(systemctl is-active openvpn-work-staging.service)
[ "$PRODUCTION" == "active" ] && echo "WORK-VPN PRODUCTION ON" && exit 0 if [ "$STAGING_STATUS" == "active" ]; then
ACTIVE_ENVS="S"
fi
PRODUCTION_STATUS=$(systemctl is-active openvpn-work-production.service)
if [ "$PRODUCTION_STATUS" == "active" ]; then
if [ -n "$ACTIVE_ENVS" ]; then
ACTIVE_ENVS="$ACTIVE_ENVS&amp;P"
else
ACTIVE_ENVS="P"
fi
fi
if [ -n "$ACTIVE_ENVS" ]; then
echo "WORK-VPN $ACTIVE_ENVS ON"
fi
''; '';
toggle-bt-power = pkgs.writeShellScript "toggle-bt-power" '' toggle-bt-power = pkgs.writeShellScript "toggle-bt-power" ''
@@ -128,12 +140,12 @@ in
modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ]; modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
modules-right = [ modules-right = [
"custom/work-vpn-status" "custom/work-vpn-status"
"custom/spotify" "custom/music"
"custom/container-status" "custom/container-status"
"custom/dunst" "custom/dunst"
"custom/mullvad"
"bluetooth" "bluetooth"
"wireplumber" "wireplumber"
"custom/tailscale"
"network" "network"
"battery" "battery"
"clock" "clock"
@@ -141,12 +153,12 @@ in
"custom/work-vpn-status" = { "custom/work-vpn-status" = {
exec = "${work-vpn-status}"; exec = "${work-vpn-status}";
interval = 1; interval = 2;
}; };
"custom/spotify" = { "custom/music" = {
exec = spotify-status; exec = music-status;
interval = 1; interval = 2;
max-length = 70; max-length = 70;
tooltip = false; tooltip = false;
}; };
@@ -154,21 +166,21 @@ in
"custom/container-status" = { "custom/container-status" = {
exec = "${container-status}"; exec = "${container-status}";
return-type = "json"; return-type = "json";
interval = 1; interval = 2;
}; };
"custom/dunst" = { "custom/dunst" = {
exec = notifications-status; exec = notifications-status;
on-click-right = "${pkgs.dunst}/bin/dunstctl set-paused toggle"; on-click-right = "${pkgs.dunst}/bin/dunstctl set-paused toggle";
interval = 1; interval = 2;
tooltip = false; tooltip = false;
}; };
"custom/mullvad" = { "custom/tailscale" = {
exec = "${mullvad} --output"; exec = "${tailscale} --output";
return-type = "json"; return-type = "json";
on-click-right = "${mullvad} --toggle"; on-click-right = "${tailscale} --toggle-exit-node";
interval = 1; interval = 2;
}; };
bluetooth = { bluetooth = {
@@ -224,7 +236,10 @@ in
height = 30; height = 30;
spacing = 20; spacing = 20;
fixed-center = false; fixed-center = false;
output = [ "HDMI-A-1" ]; output = [
"HDMI-A-1"
"DP-3"
];
modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ]; modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
modules-right = [ modules-right = [
@@ -234,7 +249,7 @@ in
"custom/work-vpn-status" = { "custom/work-vpn-status" = {
exec = "${work-vpn-status}"; exec = "${work-vpn-status}";
interval = 1; interval = 2;
}; };
"clock" = { "clock" = {
@@ -279,7 +294,11 @@ in
color: #${config.lib.colors.warning}; color: #${config.lib.colors.warning};
} }
#custom-mullvad.disconnected { #custom-tailscale {
font-size: 30px;
}
#custom-tailscale.disconnected {
color: #${config.lib.colors.warning}; color: #${config.lib.colors.warning};
} }
@@ -298,4 +317,12 @@ in
''; '';
}; };
}; };
age.secrets = {
"tailscale-preferred-exit-node" = {
file = ../../../../secrets/pinwheel/tailscale-preferred-exit-node.age;
owner = "alex";
group = "users";
};
};
} }

69
hosts/pinwheel/modules/work/default.nix
View File

@@ -1,4 +1,5 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
config, config,
@@ -11,33 +12,80 @@ let
in in
{ {
home-manager.users.alex = { home-manager.users.alex = {
# Ensure bashInteractive is first in PATH inside nix devshells.
# stdenv provides a non-interactive bash that breaks Copilot shell commands.
# Adding bashInteractive to home.packages alone isn't enough because devshell
# packages are prepended to PATH. This precmd hook runs after direnv's hook
# and re-prepends bashInteractive so it takes priority.
programs.zsh.initContent = ''
_ensure_bash_interactive() {
[[ "$PATH" == "${pkgs.bashInteractive}/bin:"* ]] || export PATH="${pkgs.bashInteractive}/bin:$PATH"
}
precmd_functions+=(_ensure_bash_interactive)
'';
# Configure IntelliJ to exclude .direnv from indexing
home.activation.intellijIgnoreDirenv = ''
for idea_config in $HOME/.config/JetBrains/IntelliJIdea*; do
if [ -d "$idea_config" ]; then
$DRY_RUN_CMD mkdir -p "$idea_config/options"
$DRY_RUN_CMD tee "$idea_config/options/filetypes.xml" > /dev/null <<'EOF'
<application>
<component name="FileTypeManager" version="18">
<ignoreFiles list="*.pyc;*.pyo;*.rbc;*.yarb;*~;.DS_Store;.git;.hg;.svn;CVS;__pycache__;_svn;vssver.scc;vssver2.scc;.direnv" />
</component>
</application>
EOF
fi
done
'';
home.sessionVariables = { home.sessionVariables = {
GITHUB_ACTOR = "Alexander Heldt"; GITHUB_ACTOR = "Alexander Heldt";
GITHUB_TOKEN = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})"; GITHUB_TOKEN = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})";
}; };
home.packages = [ home.packages = [
(pkgs.callPackage ./syb-cli.nix { }) # (pkgs.callPackage ./pants.nix { inherit (pkgs) stdenv.hostPlatform.system; })
# (pkgs.callPackage ./syb-cli.nix { })
(inputs.nix-jetbrains-plugins.lib.buildIdeWithPlugins pkgs "idea" [
"IdeaVIM"
"com.github.copilot"
])
pkgs.bashInteractive
(pkgs.jetbrains.plugins.addPlugins pkgs.jetbrains.idea-ultimate [ "ideavim" ])
(pkgs.google-cloud-sdk.withExtraComponents [ (pkgs.google-cloud-sdk.withExtraComponents [
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
]) ])
(pkgs.graphite-cli.overrideAttrs (_: {
version = "1.4.3"; pkgs.graphite-cli
}))
pkgs.xdg-utils # needed by graphite-cli
pkgs.postman pkgs.postman
pkgs.grpcurl pkgs.grpcurl
pkgs.slack
# for `radio` # for `radio`
pkgs.go-mockery pkgs.go-mockery
pkgs.golangci-lint pkgs.golangci-lint
(pkgs.writeShellScriptBin "work-vpn" ''
case $1 in
up)
sudo sh -c "systemctl start openvpn-work-staging.service; systemctl start openvpn-work-production.service"
;;
down)
sudo sh -c "systemctl stop openvpn-work-staging.service; systemctl stop openvpn-work-production.service"
;;
esac
'')
]; ];
programs.go = lib.mkIf goEnabled { programs.go = lib.mkIf goEnabled {
goPrivate = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ]; env = {
GOPRIVATE = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ];
};
}; };
programs.git = lib.mkIf gitEnabled { programs.git = lib.mkIf gitEnabled {
@@ -50,6 +98,13 @@ in
}; };
}; };
# Needed for `copilot`
programs.nix-ld.enable = true;
programs.nix-ld.libraries = [
pkgs.stdenv.cc.cc.lib
pkgs.zlib
];
services.openvpn.servers = lib.mkIf openvpnEnabled { services.openvpn.servers = lib.mkIf openvpnEnabled {
work-staging = { work-staging = {
config = "config ${config.age.secrets.work-staging-ovpn.path}"; config = "config ${config.age.secrets.work-staging-ovpn.path}";

68
hosts/pinwheel/modules/work/pants.nix Normal file
View File

@@ -0,0 +1,68 @@
{
pkgs,
lib,
...
}:
let
version = "0.12.0";
if_let = v: p: if lib.attrsets.matchAttrs p v then v else null;
match =
v: l: builtins.elemAt (lib.lists.findFirst (x: (if_let v (builtins.elemAt x 0)) != null) null l) 1;
package = match { platform = pkgs.stdenv.hostPlatform.system; } [
[
{ platform = "aarch64-linux"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-linux-aarch64";
hash = lib.fakeSha256;
}
]
[
{ platform = "x86_64-linux"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-linux-x86_64";
hash = "sha256-9PjgobndxVqDTYGtw1HESrtzwzH2qE9zFwR26xtwZrM=";
}
]
[
{ platform = "aarch64-darwin"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-macos-aarch64";
hash = "sha256-1Ha8GAOl7mWVunGKf7INMjar+jnLXaDEPStqE+kK3D4=";
}
]
];
unpatched = pkgs.stdenv.mkDerivation {
name = "scie-pants";
version = version;
sourceRoot = ".";
phases = [
"installPhase"
"patchPhase"
];
src = pkgs.fetchurl package;
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp $src $out/bin/pants
chmod +x $out/bin/pants
runHook postInstall
'';
};
patched = pkgs.buildFHSEnv {
name = "pants";
targetPackages = [ pkgs.python39 ];
runScript = "${unpatched}/bin/pants";
profile = ''
export NIX_SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"
export SSL_CERT_FILE="/etc/ssl/certs/ca-bundle.crt"
'';
};
in
if pkgs.stdenv.isDarwin then unpatched else patched

2
hosts/pinwheel/modules/zsh/default.nix
View File

@@ -54,7 +54,7 @@ in
} }
]; ];
initExtra = lib.strings.concatStringsSep "\n" [ initContent = lib.strings.concatStringsSep "\n" [
"export KEYTIMEOUT=1" "export KEYTIMEOUT=1"
"bindkey -v '^?' backward-delete-char" "bindkey -v '^?' backward-delete-char"
"bindkey '^a' beginning-of-line" "bindkey '^a' beginning-of-line"

2
hosts/tadpole/modules/age/default.nix
View File

@@ -8,7 +8,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.system}".default inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default
]; ];
}; };
} }

23
hosts/tadpole/modules/certs/default.nix
View File

@@ -1,16 +1,35 @@
{ ... }: { ... }:
{ {
security.acme = { security.acme = {
acceptTerms = true;
defaults = {
email = "acme@ppp.pm";
};
certs = { certs = {
"ppp.pm" = { "ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/"; webroot = "/var/lib/acme/acme-challenge/";
email = "p@ppp.pm";
group = "nginx"; group = "nginx";
}; };
"git.ppp.pm" = { "git.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/"; webroot = "/var/lib/acme/acme-challenge/";
email = "p@ppp.pm"; group = "nginx";
};
"whib.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
group = "nginx";
};
"api.whib.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
group = "nginx";
};
"grafana.whib.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
group = "nginx"; group = "nginx";
}; };
}; };

2
hosts/tadpole/modules/default.nix
View File

@@ -22,6 +22,8 @@ in
}; };
pppdotpm-site.enable = true; pppdotpm-site.enable = true;
whib-backend.enable = true;
whib-frontend.enable = true;
}; };
}; };
} }

23
hosts/tadpole/modules/gitea/default.nix
View File

@@ -7,8 +7,6 @@
let let
conf = config.mod.gitea; conf = config.mod.gitea;
gitDomain = "git.${conf.baseDomain}"; gitDomain = "git.${conf.baseDomain}";
nginxEnable = config.mod.nginx.enable;
in in
{ {
options = { options = {
@@ -37,20 +35,16 @@ in
}; };
}; };
config = lib.mkIf (conf.enable && nginxEnable) { config = lib.mkIf conf.enable {
assertions = [ assertions = [
{
assertion = config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
{ {
assertion = conf.baseDomain != ""; assertion = conf.baseDomain != "";
message = "Option 'mod.gitea.baseDomain' cannot be empty"; message = "Option 'mod.gitea.baseDomain' cannot be empty";
} }
{
assertion = builtins.hasAttr gitDomain config.security.acme.certs;
message = "There is no cert configured for ${gitDomain} used by gitea";
}
{
assertion = conf.webfingerEnable && builtins.hasAttr conf.baseDomain config.security.acme.certs;
message = "There is no cert configured for ${conf.baseDomain} used by webfinger";
}
{ {
assertion = conf.webfingerEnable && conf.webfingerAccounts != [ ]; assertion = conf.webfingerEnable && conf.webfingerAccounts != [ ];
message = "Option 'mod.gitea.webfingerAccounts' cannot be empty"; message = "Option 'mod.gitea.webfingerAccounts' cannot be empty";
@@ -70,6 +64,11 @@ in
ROOT_URL = "https://${gitDomain}"; ROOT_URL = "https://${gitDomain}";
SSH_PORT = 1122; # see `ssh` module SSH_PORT = 1122; # see `ssh` module
HTTP_PORT = 3001;
};
oauth2 = {
JWT_CLAIM_ISSUER = "https://${gitDomain}/";
}; };
database = { database = {
@@ -129,7 +128,7 @@ in
useACMEHost = gitDomain; useACMEHost = gitDomain;
locations."/" = { locations."/" = {
proxyPass = "http://0.0.0:3000"; proxyPass = "http://0.0.0.0:3001";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

10
hosts/tadpole/modules/nginx/default.nix
View File

@@ -10,16 +10,6 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
security = {
acme = {
acceptTerms = true;
defaults = {
email = "p@ppp.pm";
};
};
};
services = { services = {
nginx = { nginx = {
enable = true; enable = true;

11
hosts/tadpole/modules/ppp.pm-site/default.nix
View File

@@ -6,8 +6,6 @@
}: }:
let let
enabled = config.mod.pppdotpm-site.enable; enabled = config.mod.pppdotpm-site.enable;
nginxEnabled = config.mod.nginx.enable;
in in
{ {
imports = [ inputs.pppdotpm-site.nixosModules.default ]; imports = [ inputs.pppdotpm-site.nixosModules.default ];
@@ -18,7 +16,14 @@ in
}; };
}; };
config = lib.mkIf (enabled && nginxEnabled) { config = lib.mkIf enabled {
assertions = [
{
assertion = config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
];
services.pppdotpm-site = { services.pppdotpm-site = {
enable = true; enable = true;
domain = "ppp.pm"; domain = "ppp.pm";

27
hosts/tadpole/modules/ssh/default.nix
View File

@@ -28,9 +28,17 @@ in
identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm";
}; };
"codeberg.org" = { "*" = {
hostname = "codeberg.org"; forwardAgent = false;
identityFile = "/home/alex/.ssh/alex.tadpole-codeberg.org"; addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
}; };
}; };
}; };
@@ -101,19 +109,6 @@ in
owner = "alex"; owner = "alex";
group = "users"; group = "users";
}; };
"alex.tadpole-codeberg.org" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org";
owner = "alex";
group = "users";
};
"alex.tadpole-codeberg.org.pub" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org.pub";
owner = "alex";
group = "users";
};
}; };
}; };
} }

79
hosts/tadpole/modules/whib/default.nix Normal file
View File

@@ -0,0 +1,79 @@
{
lib,
config,
...
}:
let
backendEnabled = config.mod.whib-backend.enable;
frontendEnabled = config.mod.whib-frontend.enable;
in
{
options = {
mod.whib-backend = {
enable = lib.mkEnableOption "enable WHIB backend";
};
mod.whib-frontend = {
enable = lib.mkEnableOption "enable WHIB frontend";
};
};
config = {
assertions = [
{
assertion = backendEnabled && config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
];
services = {
whib-backend = lib.mkIf backendEnabled {
enable = true;
backend = {
domain = "api.whib.ppp.pm";
useACMEHost = "api.whib.ppp.pm";
environmentFile = config.age.secrets.whib-backend-env-vars.path;
};
postgres = {
environmentFile = config.age.secrets.whib-postgres-env-vars.path;
backup = {
interval = "*-*-* 00:00:00 UTC";
environmentFile = config.age.secrets.whib-postgres-backup-env-vars.path;
gpgPassphraseFile = config.age.secrets.whib-gpg-key.path;
};
};
grafana = {
domain = "grafana.whib.ppp.pm";
useACMEHost = "grafana.whib.ppp.pm";
environmentFile = config.age.secrets.whib-grafana-env-vars.path;
};
};
whib-frontend = lib.mkIf frontendEnabled {
enable = true;
domain = "whib.ppp.pm";
useACMEHost = "whib.ppp.pm";
backendHost = "https://api.whib.ppp.pm";
};
};
age.secrets = {
"whib-backend-env-vars".file = ../../../../secrets/tadpole/whib-backend-env-vars.age;
"whib-postgres-env-vars".file = ../../../../secrets/tadpole/whib-postgres-env-vars.age;
"whib-postgres-backup-env-vars".file =
../../../../secrets/tadpole/whib-postgres-backup-env-vars.age;
"whib-gpg-key".file = ../../../../secrets/tadpole/whib-gpg-key.age;
"whib-grafana-env-vars".file = ../../../../secrets/tadpole/whib-grafana-env-vars.age;
};
};
}

22
hosts/test-vm/configuration.nix
View File

@@ -2,6 +2,8 @@
{ {
imports = [ imports = [
./ppp.pm-site.nix ./ppp.pm-site.nix
./whib-backend.nix
./whib-frontend.nix
]; ];
config = { config = {
@@ -10,7 +12,9 @@
networking.hostName = "test-vm"; networking.hostName = "test-vm";
mod = { mod = {
pppdotpm-site.enable = true; pppdotpm-site.enable = false;
whib-backend.enable = true;
whib-frontend.enable = true;
}; };
users.users.a = { users.users.a = {
@@ -18,16 +22,30 @@
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
password = "a"; password = "a";
}; };
services.getty.autologinUser = "a";
security.sudo.wheelNeedsPassword = false;
virtualisation.vmVariant = { virtualisation.vmVariant = {
# following configuration is added only when building VM with build-vm # following configuration is added only when building VM the *first* time with `build-vm`
virtualisation = { virtualisation = {
diskSize = 8192;
memorySize = 2048; memorySize = 2048;
cores = 3; cores = 3;
graphics = false; graphics = false;
}; };
}; };
# Resize terminal to host terminal size
environment.loginShellInit = ''
${pkgs.xterm}/bin/resize
echo alias 'sd' can be used to shutdown the VM
'';
environment.interactiveShellInit = ''
alias sd='sudo shutdown now'
'';
environment.systemPackages = [ ]; environment.systemPackages = [ ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";

124
hosts/test-vm/whib-backend.nix Normal file
View File

@@ -0,0 +1,124 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.whib-backend.enable;
in
{
options = {
mod.whib-backend = {
enable = lib.mkEnableOption "enable WHIB backend";
};
};
config = lib.mkIf enabled {
services.whib-backend =
let
backendEnvVars = pkgs.writeText "backend-env-vars" ''
SIGNING_KEY=signingkey
POSTGRES_DB=whib
POSTGRES_USER=whib
POSTGRES_PASSWORD=pgpassword
'';
postgresEnvVars = pkgs.writeText "postgres-env-vars" ''
POSTGRES_DB=whib
POSTGRES_USER=whib
POSTGRES_PASSWORD=pgpassword
'';
postgresBackupEnvVars = pkgs.writeText "postgres-backup-env-vars" ''
PGDATABASE=whib
PGUSER=whib
PGPASSWORD=pgpassword
B2_BUCKET=a
B2_APPLICATION_KEY_ID=b
B2_APPLICATION_KEY=c
'';
gpgPassphraseFile = pkgs.writeText "gpg-passphrase" ''
foobar
'';
grafanaEnvVars = pkgs.writeText "grafana-env-vars" ''
GF_SECURITY_ADMIN_PASSWORD=grafanapassword
GF_USERS_ALLOW_SIGN_UP=false
'';
in
{
enable = true;
backend = {
domain = "whib-backend.local";
environmentFile = backendEnvVars;
};
postgres = {
environmentFile = postgresEnvVars;
backup = {
interval = "*-*-* *:*:00 UTC"; # Every minute, for testing
environmentFile = postgresBackupEnvVars;
gpgPassphraseFile = gpgPassphraseFile;
};
};
grafana = {
domain = "grafana.local";
environmentFile = grafanaEnvVars;
};
};
virtualisation.vmVariant = {
virtualisation = {
sharedDirectories = {
my-shared = {
source = "/home/alex/whib-backup";
target = "/mnt/shared";
};
};
forwardPorts = [
{
# Service API
from = "host";
host.port = 8080;
guest.port = 8080;
}
{
# Service Metrics
from = "host";
host.port = 8181;
guest.port = 8181;
}
{
# Postgres
from = "host";
host.port = 5432;
guest.port = 5432;
}
{
# Grafana
from = "host";
host.port = 3000;
guest.port = 3000;
}
{
# Prometheus
from = "host";
host.port = 9090;
guest.port = 9090;
}
];
};
};
};
}

35
hosts/test-vm/whib-frontend.nix Normal file
View File

@@ -0,0 +1,35 @@
{ lib, config, ... }:
let
enabled = config.mod.whib-frontend.enable;
in
{
options = {
mod.whib-frontend = {
enable = lib.mkEnableOption "enable WHIB backend";
};
};
config = lib.mkIf enabled {
services.whib-frontend = {
enable = true;
domain = "whib-frontend.local";
port = "8081";
# backendHost = "https://api.whib.ppp.pm/";
backendHost = "http://localhost:8080";
};
virtualisation.vmVariant = {
virtualisation = {
forwardPorts = [
{
# Service API
from = "host";
host.port = 8081;
guest.port = 8081;
}
];
};
};
};
}

BIN
secrets/backwards/alex.backwards-codeberg.org.age
View File

Binary file not shown.

7
secrets/backwards/alex.backwards-codeberg.org.pub.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 Pu0HWg eK/pdhmsF334C7rSuYsRnXCtenmlT2hOXpfW5CQEARY
odooTLu8ZQUZjCeVPZYOA6Vgb470cosE1Q1iBkE9Kc0
-> ssh-ed25519 +oNaHQ nJU52SSZ9v3+8NuXR6coSHosEYrs7T8GeZYzV/quOU4
IV5YduRGdJLy93gVwfYmwvldRXoXXX3QvAsH3ljBadw
--- 3gJg9NFmqHCrgcvgnYOeSY1H4klPEyzI+07IlKCOItc
 ¦Ì\5çܤ‰}õyñÐáAý_J§

BIN
secrets/backwards/alex.backwards-manatee.age Normal file
View File

Binary file not shown.

BIN
secrets/backwards/alex.backwards-manatee.pub.age Normal file
View File

Binary file not shown.

BIN
secrets/backwards/wireless-network-secrets.age Normal file
View File

Binary file not shown.

BIN
secrets/backwards/wpa_supplicant.conf.age
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More