alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:0c0c27361ce55eecc1c36b35dff620fdfb69f529
Branches Tags
alex:main
...
compare: alex:main
Branches Tags
alex:main

168 Commits
0c0c27361c ... main

Author SHA1 Message Date
Alexander Heldt
4d0e3681cb manatee: Add new vdev to zpool 2025-11-22 11:42:34 +01:00
Alexander Heldt
b246c9c1ec pinwheel: Fix GOPATH for go 2025-11-08 23:13:04 +01:00
Alexander Heldt
3cfc99ad2d pinwheel: Configure flycheck for emacs 2025-11-08 23:12:16 +01:00
Alexander Heldt
cbc4564289 pinwheel: Remove eldoc-box from emacs 2025-11-08 22:57:23 +01:00
Alexander Heldt
084387246a pinwheel: Remove knowledge of andromeda 2025-11-02 21:37:02 +01:00
Alexander Heldt
534752a1c3 test-vm: Increase disk size 2025-11-02 21:34:50 +01:00
Alexander Heldt
6c7a17035e pinwheel: Enable gleam in emacs 2025-10-29 20:15:21 +01:00
Alexander Heldt
7f86e790c2 pinwheel: Add gleam module 2025-10-29 20:14:08 +01:00
Alexander Heldt
88067e2f8c manatee: Add navidrome module 2025-10-26 20:34:52 +00:00
Alexander Heldt
b723becbba Update whib-frontend input 2025-10-26 21:21:28 +01:00
Alexander Heldt
200cb8b026 tadpole: Update whib backend host 2025-10-26 21:12:59 +01:00
Alexander Heldt
b7ad1d391f tadpole: Add whib-frontend service 2025-10-26 16:24:29 +01:00
Alexander Heldt
0e1b8581af test-vm: Add whib-frontend module 2025-10-26 15:24:21 +01:00
Alexander Heldt
21adf4a3dc Add whib-frontend input 2025-10-26 15:23:47 +01:00
Alexander Heldt
8349132d66 manatee: Set EDITOR to be vim 2025-10-26 12:56:53 +01:00
Alexander Heldt
91f78ba510 pinwheel: Set cursor theme 2025-10-20 18:48:34 +02:00
Alexander Heldt
9e45600e37 pinwheel: Update music and use naviterm 2025-10-20 18:47:46 +02:00
Alexander Heldt
87d1d96211 Add flake input for naviterm 2025-10-20 18:42:22 +02:00
Alexander Heldt
67134682d9 pinwheel: Disable resolved.dnssec 
As it breaks tailscale <-> openvpn

> At the time of September 2023, systemd upstream advise to disable DNSSEC
> by default as the current code is not robust enough to deal with
> “in the wild” non-compliant servers, which will usually give you a
> broken bad experience in addition of insecure.
 2025-10-19 14:39:05 +02:00
Alexander Heldt
cefd4a966c pinwheel: Remove unused update-systemd-resolved 2025-10-19 14:37:45 +02:00
Alexander Heldt
07a7d65f0d pinwheel: Re-enable systemd-resolved 
As `openvpn` is broken without it running (segfaults)
 2025-10-19 11:50:19 +02:00
Alexander Heldt
4e0144715c Update flake inputs 2025-10-19 11:50:06 +02:00
Alexander Heldt
7180d12bb8 pinwheel: Replace hyprland monitor script with auto-center-* 2025-10-15 16:25:56 +02:00
Alexander Heldt
4ae2967529 Update flake inputs 2025-10-15 15:25:49 +02:00
Alexander Heldt
54b3b0373d Update flake inputs 2025-10-13 14:44:49 +00:00
Alexander Heldt
d518832836 pinwheel: Fix go ENV variables 2025-10-07 14:35:37 +02:00
Alexander Heldt
5db42c1ca9 Update flake inputs 2025-10-06 21:08:48 +02:00
Alexander Heldt
b9d5cfd001 pinwheel: Use latest intellij for work 2025-10-06 20:29:38 +02:00
Alexander Heldt
bf54e4a9e1 pinwheel: Add vlc 2025-10-06 20:26:42 +02:00
Alexander Heldt
061a238037 backwards: Add nethack 2025-07-10 16:48:43 +02:00
Alexander Heldt
ce4536d340 backwards: Add sshfs 2025-07-10 16:48:27 +02:00
Alexander Heldt
edae2eb1d4 pinwheel/backwards: Remove ttrpg syncthing share 2025-07-10 16:33:44 +02:00
Alexander Heldt
50cabdcfc8 syncthing: Update phone ID 2025-07-10 16:21:03 +02:00
Alexander Heldt
f7dfd9dbdb manatee: Bump upload limit for calibre-web 2025-07-10 14:11:38 +00:00
Alexander Heldt
f27e42dc8f manatee: Add virtual host for calibre-web 2025-07-10 14:11:38 +00:00
Alexander Heldt
fd77d43d2e pinwheel: Remove unsafe beekeeper-studio 2025-07-10 16:09:40 +02:00
Alexander Heldt
8d81defb25 Update flake inputs 2025-07-10 16:07:42 +02:00
Alexander Heldt
c87c07ca3a manatee/backwards: Move calibre-web module to manatee 2025-05-18 20:13:10 +02:00
Alexander Heldt
5f5df49717 pinwheel/manatee: Share org via syncthing 2025-05-18 17:36:37 +02:00
Alexander Heldt
ba6c13725a manatee: Add syncthing ID to shared syncthing module 2025-05-18 15:12:52 +00:00
Alexander Heldt
62a9709ff5 manatee: Use secrets for syncthing cert/key 2025-05-18 17:09:39 +02:00
Alexander Heldt
173e7acec8 manatee: Add secrets for syncthing cert/key 2025-05-18 17:09:38 +02:00
Alexander Heldt
80089dbb49 manatee: Add syncthing module 2025-05-18 15:05:37 +00:00
Alexander Heldt
c7b7a4f1d9 manatee: Add public directory in sync ZFS dataset 2025-05-18 16:33:03 +02:00
Alexander Heldt
6db6c605a3 manatee: Add sync ZFS dataset 2025-05-18 16:32:46 +02:00
Alexander Heldt
aadd529260 manatee: Add nginx module 2025-05-18 16:08:22 +02:00
Alexander Heldt
99c1658a2e backwards: Enable hardware acceleration 2025-05-14 19:50:23 +02:00
Alexander Heldt
820d1a4372 manatee: Enable ZFS auto scrub 2025-05-09 21:55:47 +02:00
Alexander Heldt
a37e5da5b8 manatee: Enable smartd for harddrives 2025-05-09 21:54:32 +02:00
Alexander Heldt
0abb85a15e pinwheel: Fix ssh hostname for manatee 2025-05-09 21:40:14 +02:00
Alexander Heldt
94e2be1e11 backwards: Add ssh keys for manatee 2025-05-09 21:39:57 +02:00
Alexander Heldt
7f9e4fab1e manatee: Add backwards to authorized ssh keys 2025-05-09 21:33:49 +02:00
Alexander Heldt
7690235909 backwards/manatee: Add secrets for ssh keys 2025-05-09 21:31:49 +02:00
Alexander Heldt
3d5c00f741 manatee: Add enable option to jellyfin module 2025-05-09 21:26:22 +02:00
Alexander Heldt
9f37b19502 manatee: Add immich module 2025-05-09 21:26:21 +02:00
Alexander Heldt
7bca2c9135 manatee: Add public directory in cameras ZFS dataset 2025-05-06 16:48:46 +00:00
Alexander Heldt
eb191a911a manatee: Add cameras ZFS dataset 2025-05-06 16:32:48 +00:00
Alexander Heldt
a777f629ce backwards: Do not backup reading-material to the cloud 2025-05-04 14:35:44 +02:00
Alexander Heldt
8298eb4f3b backwards: Fix wrong secret name of restic-password 2025-05-04 14:29:39 +02:00
Alexander Heldt
3004725f7d pinwheel/backwards: Adjust reading-material sync through syncthing 
Move `books` and into `reading-material`
 2025-05-04 14:25:09 +02:00
Alexander Heldt
29104dc775 pinwheel: Adjust colors.background to match dracula themes 2025-05-04 12:24:34 +02:00
Alexander Heldt
a2afc6a205 pinwheel: Fix zsh.initContent attribute definition 2025-05-03 17:32:28 +02:00
Alexander Heldt
f12e35babf backwards: Fix pulseaudio attribute definition 2025-05-03 17:29:41 +02:00
Alexander Heldt
fa846cba4f Update flake input 2025-05-03 15:26:58 +00:00
Alexander Heldt
ecb67deed3 backwards: Remove audiobookshelf module 2025-05-03 16:50:15 +02:00
Alexander Heldt
72d2bb976f manatee: Add audiobookshelf module 2025-05-03 16:49:22 +02:00
Alexander Heldt
24c1731071 backwards: Remove transmission module 2025-05-03 16:29:16 +02:00
Alexander Heldt
ab94e2c1eb backwards: Remove jellyfin module 2025-05-03 16:28:25 +02:00
Alexander Heldt
50fd0cc57f manatee: Add jellyfin module 2025-05-03 16:26:43 +02:00
Alexander Heldt
4e14b6b379 manatee: Add transmission module 2025-05-03 12:50:35 +02:00
Alexander Heldt
338b8be3d9 manatee: Add storage group that owns /mnt/media/public 2025-05-03 12:45:14 +02:00
Alexander Heldt
99ebd8988d manatee: Add tailscale module 2025-05-02 16:03:46 +02:00
Alexander Heldt
3fb253038b manatee: Add host manatee 2025-05-02 12:07:28 +02:00
Alexander Heldt
7d9ac21c7d manatee: Add secrets for ssh machine (root) key 2025-05-02 12:07:26 +02:00
Alexander Heldt
8e3acc8a33 manatee: Add secrets for ssh key to git.ppp.pm 2025-05-02 12:04:45 +02:00
Alexander Heldt
ddd3b1c6e7 Add disco to inputs 2025-05-02 12:00:41 +02:00
Alexander Heldt
3952959a12 pinwheel: Add ssh key for manatee 2025-05-02 12:00:37 +02:00
Alexander Heldt
ef67c83808 manatee: Add manatee to secrets 2025-05-02 11:53:01 +02:00
Alexander Heldt
f1b6bb9ae0 pinwheel/backwards: Share reading-material through syncthing 2025-03-25 20:46:16 +01:00
Alexander Heldt
36744c4b60 backwards: Share reading-material with phone and tablet 2025-03-25 20:29:18 +01:00
Alexander Heldt
08d05ccae3 Add tablet to shared syncthing devices 2025-03-25 20:22:40 +01:00
Alexander Heldt
2411eeca80 pinwheel: Use updated attribute name for pulseaudio 2025-03-25 20:19:40 +01:00
Alexander Heldt
f9b5905c96 backwards: Fix firefox binary paths 2025-03-25 20:18:43 +01:00
Alexander Heldt
90c885d6cd pinwheel: Fix firefox binary paths 2025-03-02 11:31:43 +01:00
Alexander Heldt
393975767b Update flake inputs 2025-03-02 11:31:33 +01:00
Alexander Heldt
b177ce25c5 Update WHIB input 2025-02-08 12:00:19 +01:00
Alexander Heldt
f8eaab252d backwards: Fix retroarch 2025-02-02 12:02:54 +01:00
Alexander Heldt
2bbad27f23 Update flake inputs 2025-02-02 11:37:13 +01:00
Alexander Heldt
c478f795f1 tadpole/test-vm: Update WHIB service 
- Update `WHIB` input
- Update secrets to reflect changes in input
 2025-02-02 11:05:59 +01:00
Alexander Heldt
01cff093fd pinwheel: Fix style of notifications 2025-01-11 20:16:21 +01:00
Alexander Heldt
5b21268c54 tadpole: Use port 3001 for gitea 2025-01-03 12:39:41 +01:00
Alexander Heldt
e89a61c6c5 tadpole: Assert that nginx is running when using ppp.pm-site 2025-01-03 11:29:29 +01:00
Alexander Heldt
7ab5cc5b1c tadpole: Assert that nginx is running when using gitea 2025-01-03 11:29:29 +01:00
Alexander Heldt
6ca1c92a81 tadpole: Add WHIB backend 2025-01-03 11:29:29 +01:00
Alexander Heldt
349315ec47 tadpole: Add secrets for whib service 2025-01-03 11:29:29 +01:00
Alexander Heldt
4f15de53f3 test-vm: Add WHIB backend 2025-01-03 11:29:29 +01:00
Alexander Heldt
51d32e66c4 Update README with documentation about the test-vm 2024-12-20 13:05:45 +01:00
Alexander Heldt
12921700ab test-vm: Echo help message for shutdown alias 2024-12-20 13:05:23 +01:00
Alexander Heldt
94aef10d67 test-vm: Resize terminal to host terminal size 2024-12-20 12:12:16 +01:00
Alexander Heldt
fd31675cac test-vm: Add alias of shutting down the VM 2024-12-20 12:12:16 +01:00
Alexander Heldt
6b79aa8fca test-vm: Auto login a user and assume its sudo 2024-12-20 12:12:16 +01:00
Alexander Heldt
18c95d2f9c test-vm: Increase disk size 2024-12-20 12:12:16 +01:00
Alexander Heldt
00b2946d59 pinwheel: Don't override go version 2024-12-20 12:11:33 +01:00
Alexander Heldt
ea998d33a4 pinwheel: Fix fonts 2024-12-20 12:11:19 +01:00
Alexander Heldt
ea6a846139 Update flake inputs 2024-12-20 12:11:10 +01:00
Alexander Heldt
5ab0ac4828 pinwheel: Add volume sharing for vms 2024-11-28 18:26:28 +01:00
Alexander Heldt
a3133defeb config-manager: Fix --update 2024-11-28 18:25:55 +01:00
Alexander Heldt
94e35677a6 pinwheel: Fix hyprland "smart gaps" 2024-11-28 18:25:38 +01:00
Alexander Heldt
bdb8df947f Update flake inputs 2024-11-28 18:25:27 +01:00
Alexander Heldt
52567105ff pinwheel: Update work github token 2024-11-25 08:47:50 +01:00
Alexander Heldt
f8b39ee30c pinwheel: Set intellij version to 2024.2.4 in for work 2024-11-24 19:08:59 +01:00
Alexander Heldt
c80e053c1c pinwheel: Indent js code in emacs with spaces 2024-11-21 08:55:25 +01:00
Alexander Heldt
ebda6c57eb pinwheel: Add pants for work 2024-11-02 14:18:28 +01:00
Alexander Heldt
7009ee3c32 Update flake inputs 2024-11-02 14:11:33 +01:00
Alexander Heldt
3641a3185a backwards: Close transmission firewall ports 2024-10-25 08:57:27 +02:00
Alexander Heldt
148aeaeb8b pinhweel: Fix noto font 2024-10-25 08:55:56 +02:00
Alexander Heldt
6aa2525bd5 Update flake inputs 2024-10-25 08:55:42 +02:00
Alexander Heldt
a333821780 tadpole: Fix gitea reverse proxy host 2024-10-13 20:49:24 +02:00
Alexander Heldt
eba768ce3e Update flake inputs 2024-10-13 12:45:51 +02:00
Alexander Heldt
2480f5c14d backwards: Add moonlight 2024-10-02 17:05:22 +02:00
Alexander Heldt
d8419b01a2 pinwheel: Don't override graphite version 2024-09-30 08:08:56 +02:00
Alexander Heldt
3f849a3bb4 pinwheel: Increase swapfile size to 48GiB 2024-09-25 15:35:13 +02:00
Alexander Heldt
82b35d8646 Update flake inputs 2024-09-24 10:51:27 +02:00
Alexander Heldt
0ad5211923 backwards: Add bitwarden-desktop 2024-09-24 10:35:38 +02:00
Alexander Heldt
86edb834cb backwards: Add firefox 2024-09-22 19:02:40 +02:00
Alexander Heldt
32fae14d60 backwards: Add PCSX2 to games 2024-09-22 19:02:18 +02:00
Alexander Heldt
e7cf934176 pinwheel: Use eglot for python in emacs 2024-09-17 21:28:14 +02:00
Alexander Heldt
2f22d66628 backwards: Use secretsFile for networking.wireless 2024-09-17 21:17:42 +02:00
Alexander Heldt
6906fca9f9 backwards: Enable jellyseerr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
1f81b5a801 backwards: Enable radarr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
1446e7c592 backwards: Enable sonarr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
2a1fac11bf backwards: Enable prowlarr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
3a5a367a4a backwards: Add reverse proxy for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
3ca0a58a04 tadpole: Remove unneeded assertion of existing certs for gitea 2024-09-17 21:11:31 +02:00
Alexander Heldt
1f7433463a backwards: Add reverse proxy for transmission 2024-09-17 21:11:31 +02:00
Alexander Heldt
aaeea7d0b3 backwards: Add nginx module 2024-09-17 21:11:31 +02:00
Alexander Heldt
cbaba1db4c tadpole: Clean up nginx and certs modules 2024-09-17 21:11:31 +02:00
Alexander Heldt
3092241f0b tadpole: Change default email for certs 2024-09-17 21:11:31 +02:00
Alexander Heldt
dc944a0969 Update flake inputs 2024-09-17 21:11:31 +02:00
Alexander Heldt
119ef9fa60 pinwheel: Remove retroarch 2024-09-17 21:11:31 +02:00
Alexander Heldt
2edf3980f0 pinwheel: Remove mullvad 2024-09-17 21:11:31 +02:00
Alexander Heldt
e2d97c4f60 pinwheel: Increase waybar module intervals 2024-09-17 21:11:31 +02:00
Alexander Heldt
0626b06ecc pinwheel: Add tailscale module to waybar 2024-09-17 21:11:31 +02:00
Alexander Heldt
f072b35101 pinwheel: Add secret for preferred tailscale exit node 2024-09-17 21:11:31 +02:00
Alexander Heldt
aa9a049377 pinwheel: Add swapfile 2024-09-17 21:11:31 +02:00
Alexander Heldt
c67549a118 pinwheel: Remove URL preference for gitlab in git 2024-09-17 21:11:31 +02:00
Alexander Heldt
f9ed371d8c Update url for pppdotpm-site input 2024-09-17 21:11:31 +02:00
Alexander Heldt
c9c8939c8e tadpole: Add match block for git.ppp.pm in ssh 2024-09-17 21:11:31 +02:00
Alexander Heldt
8e135ef94b tadpole: Add secrets for git.ppp.pm 2024-09-17 21:11:31 +02:00
Alexander Heldt
f0b43a0cc4 backwards: Add match block for git.ppp.pm in ssh 2024-09-05 18:44:19 +02:00
Alexander Heldt
320f164b11 backwards: Add secrets for git.ppp.pm 2024-09-05 18:26:47 +02:00
Alexander Heldt
899b450f8c pinwheel: Don't format files named "secrets.nix" in emacs 2024-09-05 18:20:46 +02:00
Alexander Heldt
d2743436aa pinwheel: Add grpcurl to work module 2024-09-05 12:40:00 +02:00
Alexander Heldt
fb281612e8 pinwheel: Move postman to work module 2024-09-05 12:39:44 +02:00
Alexander Heldt
18bda50a13 Update flake inputs 2024-09-04 21:15:37 +02:00
Alexander Heldt
a49c49cc02 pinwheel: Add nixfmt to nix module 2024-09-02 22:36:16 +02:00
Alexander Heldt
15711a903e pinwheel: Format nix files on save in emacs 2024-09-02 21:59:10 +02:00
Alexander Heldt
fd4d1d13df pinwheel: Remove nil from nix module 2024-09-02 21:59:10 +02:00
Alexander Heldt
0dfbf16522 pinwheel: Use nixd in emacs 2024-09-02 21:59:10 +02:00
Alexander Heldt
f15701f426 Apply nixfmt 2024-09-02 21:55:41 +02:00
Alexander Heldt
bda8def5fe Add dev shell with nixfmt 2024-09-02 21:07:34 +02:00
Alexander Heldt
dd9be869d2 Remove unused self reference in flake.nix 2024-09-02 20:42:12 +02:00
Alexander Heldt
4afbe23915 pinwheel: Remove pants.nix from work module 2024-09-02 20:41:42 +02:00
Alexander Heldt
04f1bef188 sombrero: remove host sombrero 2024-09-02 20:29:48 +02:00
Alexander Heldt
395e4f8256 backwards: Enable calibre-web module 2024-09-01 17:53:36 +02:00
Alexander Heldt
1c654cc104 backwards: Add calibre-web module 2024-09-01 17:51:44 +02:00
Alexander Heldt
6142c30f4a backwards: Enable audiobookshelf module 2024-09-01 12:20:36 +02:00
Alexander Heldt
81d06fc019 backwards: Add audiobookshelf module 2024-09-01 12:20:36 +02:00
151 changed files with 2660 additions and 1624 deletions
Expand all files Collapse all files

1
.envrc Normal file
View File

@@ -0,0 +1 @@
use flake

1
.gitignore vendored
View File

@@ -1,2 +1,3 @@
.direnv/
*.qcow2
result

10
README.md
View File

@@ -25,3 +25,13 @@ EDITOR=vim agenix -d "some-secret.age" -i ~/.ssh/alex.pinwheel
Or use some other SSH key that is has been used to key the secret.
# Test VM
Build the test VM with the command:
```
cm --build-test-vm
```
and test it with:
```
cm --run-test-vm
```

82
config-manager/default.nix
View File

@@ -1,4 +1,10 @@
{ inputs, pkgs, lib, config, ... }:
{
inputs,
pkgs,
lib,
config,
...
}:
let
flakePath = config.config-manager.flakePath;
nixosConfiguration = config.config-manager.nixosConfiguration;
@@ -12,49 +18,49 @@ let
throw "'config-manager.nixosConfiguration' cannot be empty"
else
pkgs.writeShellScriptBin "cm" ''
help() {
cat << EOF
Usage:
cm [flag]
help() {
cat << EOF
Usage:
cm [flag]
Flags:
--update updates the flake
--switch rebuilds + switches configuration (using 'nh')
--build-test-vm, --btvm build test-vm
--run-test-vm, --rtvm run test-vm
EOF
}
Flags:
--update updates the flake
--switch rebuilds + switches configuration (using 'nh')
--build-test-vm, --btvm build test-vm
--run-test-vm, --rtvm run test-vm
EOF
}
update() {
echo -e "\033[0;31mUPDATING FLAKE\033[0m"
nix flake update ${flakePath}
}
update() {
echo -e "\033[0;31mUPDATING FLAKE\033[0m"
nix flake update --flake ${flakePath}
}
switch() {
nixos-rebuild dry-build --flake ${flakePath}#${nixosConfiguration}
${nh}/bin/nh os switch --hostname ${nixosConfiguration} ${flakePath}
}
switch() {
nixos-rebuild dry-build --flake ${flakePath}#${nixosConfiguration}
${nh}/bin/nh os switch --hostname ${nixosConfiguration} ${flakePath}
}
build-test-vm() {
nixos-rebuild build-vm --flake ${flakePath}#test-vm
}
build-test-vm() {
nixos-rebuild build-vm --flake ${flakePath}#test-vm
}
run-test-vm() {
${flakePath}/result/bin/run-test-vm-vm
}
run-test-vm() {
${flakePath}/result/bin/run-test-vm-vm
}
case $1 in
--update)
update ;;
--switch)
switch ;;
--build-test-vm | --btvm)
build-test-vm ;;
--run-test-vm | --rtvm)
run-test-vm ;;
--help | *)
help ;;
esac
case $1 in
--update)
update ;;
--switch)
switch ;;
--build-test-vm | --btvm)
build-test-vm ;;
--run-test-vm | --rtvm)
run-test-vm ;;
--help | *)
help ;;
esac
'';
in
{

162
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"lastModified": 1760836749,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a",
"type": "github"
},
"original": {
@@ -31,11 +31,11 @@
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
@@ -45,20 +45,39 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1760701190,
"narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=",
"owner": "nix-community",
"repo": "disko",
"rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"emacs-overlay": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1725037990,
"narHash": "sha256-7ZwhCJQ8/BvP5UDSOe9PUzrDlDePxfyDrkEYuuZZJJ8=",
"lastModified": 1760951609,
"narHash": "sha256-rWkUWKWcLin0+dKvinWC1IZVxJnIvXV3q/wlmmKkzo4=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "45405f34d10260753298ff244a9b9c36e04b2e11",
"rev": "41bee8f6a80b36b0348a8e750e5db88fea528171",
"type": "github"
},
"original": {
@@ -72,11 +91,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -93,11 +112,11 @@
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
@@ -113,11 +132,11 @@
]
},
"locked": {
"lastModified": 1724435763,
"narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
"lastModified": 1760969583,
"narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
"rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9",
"type": "github"
},
"original": {
@@ -133,11 +152,11 @@
]
},
"locked": {
"lastModified": 1722636442,
"narHash": "sha256-+7IS0n3/F0I5j6ZbrVlLcIIPHY3o+/vLAqg/G48sG+w=",
"lastModified": 1759613406,
"narHash": "sha256-PzgQJydp+RlKvwDi807pXPlURdIAVqLppZDga3DwPqg=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "9d67858b437d4a1299be496d371b66fc0d3e01f6",
"rev": "32e1a75b65553daefb419f0906ce19e04815aa3a",
"type": "github"
},
"original": {
@@ -146,6 +165,27 @@
"type": "github"
}
},
"naviterm": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1757496832,
"narHash": "sha256-R5EMcms24G6QGk62iNAMApeZmKsHwCDLj68UUdkhSLw=",
"owner": "detoxify92",
"repo": "naviterm",
"rev": "3b3bd2bace3676000f530b2f47fa28f431c56761",
"type": "gitlab"
},
"original": {
"owner": "detoxify92",
"repo": "naviterm",
"type": "gitlab"
}
},
"nh": {
"inputs": {
"nixpkgs": [
@@ -153,11 +193,11 @@
]
},
"locked": {
"lastModified": 1724689275,
"narHash": "sha256-wpxC7XiZ9maYZA4BSLKGXc+pn2fwaiq2Ybu5kNjl1ao=",
"lastModified": 1760961269,
"narHash": "sha256-Udg6DnM6scJj+imbttJR7GQpG2WWeDZ1JOtySTY99M0=",
"owner": "viperML",
"repo": "nh",
"rev": "a922eada049854019c5d1bbc82383f7095773e5c",
"rev": "e27508e06f74c7f03616150c1ac1431eaef7f443",
"type": "github"
},
"original": {
@@ -183,11 +223,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1724878143,
"narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=",
"lastModified": 1760958188,
"narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef",
"rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc",
"type": "github"
},
"original": {
@@ -199,11 +239,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1724819573,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
"lastModified": 1760878510,
"narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
"rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"type": "github"
},
"original": {
@@ -215,16 +255,16 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1724855419,
"narHash": "sha256-WXHSyOF4nBX0cvHN3DfmEMcLOVdKH6tnMk9FQ8wTNRc=",
"lastModified": 1760862643,
"narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ae2fc9e0e42caaf3f068c1bfdc11c71734125e06",
"rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
@@ -242,25 +282,29 @@
"rev": "662a254ea8065a0f104ccf5a46b59252e1e08b58",
"revCount": 54,
"type": "git",
"url": "ssh://git@codeberg.org/ppp/ppp.pm-site.git"
"url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://git@codeberg.org/ppp/ppp.pm-site.git"
"url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"emacs-overlay": "emacs-overlay",
"home-manager": "home-manager_2",
"hyprland-contrib": "hyprland-contrib",
"naviterm": "naviterm",
"nh": "nh",
"nix-gc-env": "nix-gc-env",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"pppdotpm-site": "pppdotpm-site"
"pppdotpm-site": "pppdotpm-site",
"whib-backend": "whib-backend",
"whib-frontend": "whib-frontend"
}
},
"systems": {
@@ -292,6 +336,48 @@
"repo": "default",
"type": "github"
}
},
"whib-backend": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739029248,
"narHash": "sha256-ux/Udy0Mhs66P/EQQ8S+xIuXRm9UHEYwSy12IZtlbnA=",
"ref": "master",
"rev": "222a8f6dde2e9270f6390b5e1e83c7ae1ea48290",
"revCount": 371,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
},
"original": {
"ref": "master",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
}
},
"whib-frontend": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1761508816,
"narHash": "sha256-adV/lyxcmuopyuzZ49v46Yt0gft+ioEL4yl1S+vUbus=",
"ref": "master",
"rev": "ab10bf50cb6b023a1b99f91c7e8d550231135eef",
"revCount": 223,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
},
"original": {
"ref": "master",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
}
}
},
"root": "root",

147
flake.nix
View File

@@ -6,12 +6,17 @@
nixos-hardware.url = "github:nixos/nixos-hardware/master";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nh = {
url = "github:viperML/nh";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-gc-env.url= "github:Julow/nix-gc-env";
nix-gc-env.url = "github:Julow/nix-gc-env";
home-manager = {
url = "github:nix-community/home-manager";
@@ -33,56 +38,108 @@
inputs.nixpkgs.follows = "nixpkgs";
};
naviterm = {
url = "gitlab:detoxify92/naviterm";
inputs.nixpkgs.follows = "nixpkgs";
};
pppdotpm-site = {
url = "git+ssh://git@codeberg.org/ppp/ppp.pm-site.git?ref=main";
url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
};
whib-backend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=master";
inputs.nixpkgs.follows = "nixpkgs";
};
whib-frontend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib-react.git?ref=master";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, ... }@inputs: {
nixosConfigurations = {
pinwheel = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/pinwheel/configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-10th-gen
./hosts/pinwheel/home.nix
];
outputs =
{ ... }@inputs:
{
nixosConfigurations = {
pinwheel = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/pinwheel/configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-10th-gen
./hosts/pinwheel/home.nix
];
};
manatee = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/manatee/configuration.nix
./hosts/manatee/home.nix
];
};
backwards = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/backwards/configuration.nix
./hosts/backwards/home.nix
];
};
tadpole =
let
system = "x86_64-linux";
in
inputs.nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs;
};
modules = [
./hosts/tadpole/configuration.nix
./hosts/tadpole/home.nix
inputs.whib-backend.nixosModules.${system}.default
inputs.whib-frontend.nixosModules.${system}.default
];
};
test-vm =
let
system = "x86_64-linux";
in
inputs.nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs;
};
modules = [
./hosts/test-vm/configuration.nix
inputs.whib-backend.nixosModules.${system}.default
inputs.whib-frontend.nixosModules.${system}.default
];
};
};
backwards = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/backwards/configuration.nix
./hosts/backwards/home.nix
];
};
sombrero = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/sombrero/configuration.nix
./hosts/sombrero/home.nix
];
};
tadpole = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/tadpole/configuration.nix
./hosts/tadpole/home.nix
];
};
test-vm = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./hosts/test-vm/configuration.nix ];
};
devShells =
let
system = "x86_64-linux";
pkgs = inputs.nixpkgs.legacyPackages.${system};
in
{
${system}.default = pkgs.mkShell {
packages = [ pkgs.nixfmt-rfc-style ];
};
};
};
};
}

39
hosts/backwards/configuration.nix
View File

@@ -1,19 +1,21 @@
{ pkgs, ... }:
{
imports =
[
../../config-manager/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./modules
];
imports = [
../../config-manager/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./modules
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true;
console.keyMap = "sv-latin1";
hardware.pulseaudio.enable = false;
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
@@ -22,11 +24,26 @@
pulse.enable = true;
};
hardware = {
graphics = {
enable = true;
extraPackages = [
pkgs.intel-media-driver
pkgs.libvdpau-va-gl
];
};
};
users.users.alex = {
isNormalUser = true;
description = "alex";
extraGroups = [ "networkmanager" "wheel" ];
packages = [];
extraGroups = [
"networkmanager"
"wheel"
"video"
"render"
];
packages = [ ];
};
environment.variables.EDITOR = "vim";

49
hosts/backwards/hardware-configuration.nix
View File

@@ -1,32 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/bad3d82a-7bb8-490f-bd01-a4b16fe6f33d";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/bad3d82a-7bb8-490f-bd01-a4b16fe6f33d";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D049-60DD";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/ff4de0e5-2c60-4ee7-a55c-450727efb921"; }
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D049-60DD";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/ff4de0e5-2c60-4ee7-a55c-450727efb921"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

7
hosts/backwards/modules/boot/default.nix
View File

@@ -1,4 +1,9 @@
{ inputs, lib, config, ... }:
{
inputs,
lib,
config,
...
}:
let
configurationLimit = config.mod.gc.configurationLimit;
in

2
hosts/backwards/modules/default.nix
View File

@@ -12,9 +12,9 @@ in
ssh.enable = true;
git.enable = true;
nginx.enable = true;
syncthing.enable = true;
restic.enable = true;
transmission.enable = true;
};
};
}

99
hosts/backwards/modules/firefox/default.nix Normal file
View File

@@ -0,0 +1,99 @@
{ pkgs, ... }:
let
wrapped = pkgs.wrapFirefox pkgs.firefox-devedition-unwrapped {
extraPolicies = {
DisableFirefoxAccounts = false;
CaptivePortal = false;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
OfferToSaveLogins = false;
OfferToSaveLoginsDefault = false;
PasswordManagerEnabled = false;
FirefoxHome = {
Search = false;
Pocket = false;
Snippets = false;
TopSites = false;
Highlights = false;
};
UserMessaging = {
ExtensionRecommendations = false;
SkipOnboarding = true;
};
};
};
ff-alex = pkgs.writeShellApplication {
name = "ff-alex";
text = ''
${wrapped}/bin/firefox-devedition -P alex --new-window "$@"
'';
};
sharedSettings = {
"general.smoothScroll" = true;
"apz.gtk.kinetic_scroll.enabled" = false;
"network.dns.force_waiting_https_rr" = false;
};
in
{
home-manager.users.alex = {
programs.firefox = {
enable = true;
package = wrapped;
profiles = {
alex = {
id = 0;
name = "alex";
isDefault = true;
settings = sharedSettings // { };
};
};
};
xdg = {
# /etc/profiles/per-user/alex/share/applications
desktopEntries = {
ff-alex = {
name = "ff-alex";
exec = "${ff-alex}/bin/ff-alex %U";
terminal = false;
};
};
mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "ff-alex.desktop";
"x-scheme-handler/http" = "ff-alex.desktop";
"x-scheme-handler/https" = "ff-alex.desktop";
"application/x-exension-htm" = "ff-alex.desktop";
"application/x-exension-html" = "ff-alex.desktop";
"application/x-exension-shtml" = "ff-alex.desktop";
"application/xhtml+xml" = "ff-alex.desktop";
"application/x-exension-xhtml" = "ff-alex.desktop";
"application/x-exension-xht" = "ff-alex.desktop";
};
};
# https://github.com/nix-community/home-manager/issues/1213
configFile."mimeapps.list".force = true;
};
home.packages = [
ff-alex
];
};
environment.variables = {
MOZ_ENABLE_WAYLAND = 1;
BROWSER = "${ff-alex}/bin/ff-alex $@";
};
}

17
hosts/backwards/modules/games/default.nix
View File

@@ -2,13 +2,16 @@
{
home-manager.users.alex = {
home.packages = [
(pkgs.retroarch.override {
cores = [
pkgs.libretro.snes9x
pkgs.libretro.genesis-plus-gx
pkgs.libretro.swanstation
];
})
pkgs.nethack
pkgs.moonlight-qt
pkgs.pcsx2
(pkgs.retroarch.withCores (cores: [
pkgs.libretro.snes9x
pkgs.libretro.genesis-plus-gx
pkgs.libretro.swanstation
]))
];
};
}

7
hosts/backwards/modules/git/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.git.enable;
in

44
hosts/backwards/modules/jellyfin/default.nix
View File

@@ -1,44 +0,0 @@
{ pkgs, ... }:
{
fileSystems."/home/alex/media" = {
device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
fsType = "ext4";
options = [ "nofail" ];
};
# 1. enable vaapi on OS-level
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware = {
graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver # previously vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
];
};
};
services.jellyfin = {
enable = true;
openFirewall = true;
user = "alex";
group = "users";
dataDir = "/home/alex/media/jellyfin";
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
}

29
hosts/backwards/modules/network/default.nix
View File

@@ -1,10 +1,22 @@
{ config, ... }:
{
networking = {
hostName = "backwards";
networkmanager.enable = false;
wireless.enable = true;
#wireless.networks are defined in the secret `wpa_supplicant.conf`
wireless = {
enable = true;
secretsFile = config.age.secrets.wireless-network-secrets.path;
networks = {
"w1-f1_5G" = {
pskRaw = "ext:w1-f1_psk";
};
};
};
defaultGateway = "192.168.50.1";
nameservers = [ "1.1.1.1" ];
@@ -12,19 +24,18 @@
wlp1s0 = {
useDHCP = false;
ipv4 = {
addresses = [{
address = "192.168.50.202";
prefixLength = 24;
}];
addresses = [
{
address = "192.168.50.202";
prefixLength = 24;
}
];
};
};
};
};
age.secrets = {
"wpa_supplicant.conf" = {
file = ../../../../secrets/backwards/wpa_supplicant.conf.age;
path = "/etc/wpa_supplicant.conf";
};
"wireless-network-secrets".file = ../../../../secrets/backwards/wireless-network-secrets.age;
};
}

18
hosts/sombrero/modules/nginx/default.nix → hosts/backwards/modules/nginx/default.nix
View File

@@ -5,21 +5,11 @@ in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "add nginx module";
enable = lib.mkEnableOption "Enable nginx module";
};
};
config = lib.mkIf enabled {
security = {
acme = {
acceptTerms = true;
defaults = {
email = "p@ppp.pm";
};
};
};
services = {
nginx = {
enable = true;
@@ -28,11 +18,5 @@ in
recommendedTlsSettings = true;
};
};
networking = {
firewall = {
allowedTCPPorts = [ 80 443 ];
};
};
};
}

7
hosts/backwards/modules/restic/default.nix
View File

@@ -45,7 +45,8 @@ in
environmentFile = config.age.secrets.restic-cloud-sync-key.path;
repositoryFile = config.age.secrets.restic-cloud-sync-repository.path;
paths = ["/home/alex/sync"];
paths = [ "/home/alex/sync" ];
exclude = [ "/home/alex/sync/reading-material" ];
timerConfig = {
OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day
@@ -65,9 +66,9 @@ in
secrets = {
"restic-password".file = ../../../../secrets/backwards/restic-password.age;
"restic-cloud-sync-key".file = ../../../../secrets/backwards/restic-cloud-sync-key.age;
"restic-cloud-sync-repository".file = ../../../../secrets/backwards/restic-cloud-sync-repository.age;
"restic-cloud-sync-repository".file =
../../../../secrets/backwards/restic-cloud-sync-repository.age;
};
};
};
}

57
hosts/backwards/modules/ssh/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.ssh.enable;
@@ -18,12 +23,26 @@ in
enable = true;
matchBlocks = {
"manatee" = {
hostname = "manatee";
user = "alex";
identityFile = "/home/alex/.ssh/alex.backwards-manatee";
port = 1122;
};
"git.ppp.pm" = {
hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
};
"codeberg.org" = {
hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.backwards-codeberg.org";
};
};
};
home.packages = [ pkgs.sshfs ];
};
environment.etc."ssh/authorized_keys_command" = {
@@ -41,10 +60,12 @@ in
enable = true;
ports = [ 1122 ];
hostKeys = [{
path = "${rootSSHKeyPath}/root.backwards";
type = "ed25519";
}];
hostKeys = [
{
path = "${rootSSHKeyPath}/root.backwards";
type = "ed25519";
}
];
settings = {
PasswordAuthentication = false;
@@ -72,11 +93,37 @@ in
path = "${rootSSHKeyPath}/root.backwards.pub";
};
"alex.backwards-manatee" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.age;
path = "/home/alex/.ssh/alex.backwards-manatee";
owner = "alex";
group = "users";
};
"alex.backwards-manatee.pub" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
path = "/home/alex/.ssh/alex.backwards-manatee.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-backwards.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub";
};
"alex.backwards-git.ppp.pm" = {
file = ../../../../secrets/backwards/alex.backwards-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
owner = "alex";
group = "users";
};
"alex.backwards-git.ppp.pm.pub" = {
file = ../../../../secrets/backwards/alex.backwards-git.ppp.pm.pub.age;
path = "/home/alex/.ssh/alex.backwards-git.ppp.pm.pub";
owner = "alex";
group = "users";
};
"alex.backwards-codeberg.org" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org";

8
hosts/backwards/modules/syncthing/default.nix
View File

@@ -34,12 +34,16 @@ in
devices = {
phone.id = config.lib.syncthing.phone;
pinwheel.id = config.lib.syncthing.pinwheel;
tablet.id = config.lib.syncthing.tablet;
};
folders = {
org = {
path = "/home/alex/sync/org";
devices = [ "phone" "pinwheel" ];
devices = [
"phone"
"pinwheel"
];
versioning = {
type = "staggered";
params = {
@@ -71,7 +75,7 @@ in
};
books = {
path = "/home/alex/sync/books";
path = "/home/alex/sync/reading-material/books";
devices = [ "pinwheel" ];
versioning = {
type = "staggered";

56
hosts/manatee/configuration.nix Normal file
View File

@@ -0,0 +1,56 @@
{ pkgs, ... }:
{
imports = [
../../config-manager/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./disk-config.nix
./modules
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true;
users.users.alex = {
isNormalUser = true;
description = "alex";
extraGroups = [
"wheel"
"storage"
];
};
environment.variables.EDITOR = "vim";
environment.systemPackages = with pkgs; [
vim
git
];
config-manager = {
flakePath = "/home/alex/config";
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

243
hosts/manatee/disk-config.nix Normal file
View File

@@ -0,0 +1,243 @@
{
inputs,
pkgs,
config,
...
}:
{
imports = [ inputs.disko.nixosModules.disko ];
config = {
users.groups.storage = { };
users.users.storage = {
isSystemUser = true;
description = "storage";
group = "storage";
};
systemd.tmpfiles.settings = {
"10-media-public" = {
"/mnt/media/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
"10-cameras-public" = {
"/mnt/cameras/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
"10-sync-public" = {
"/mnt/sync/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
};
environment.systemPackages = [
pkgs.smartmontools
];
services.smartd = {
enable = true;
devices = [
{ device = config.disko.devices.disk.root.device; }
{ device = config.disko.devices.disk.disk1.device; }
{ device = config.disko.devices.disk.disk2.device; }
];
};
services.zfs.autoScrub.enable = true;
networking.hostId = "0a9474e7"; # Required by ZFS
disko.devices = {
disk = {
root = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
disk1 = {
type = "disk";
device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QCG4";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk2 = {
type = "disk";
device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QDJ5";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk3 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0UCF4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk4 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0V6F4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
};
zpool = {
storage = {
type = "zpool";
mode = {
topology = {
type = "topology";
vdev = [
{
mode = "mirror";
members = [
"disk1"
"disk2"
];
}
{
mode = "mirror";
members = [
"disk3"
"disk4"
];
}
];
};
};
rootFsOptions = {
mountpoint = "none";
compression = "zstd";
xattr = "sa";
"com.sun:auto-snapshot" = "false";
};
datasets = {
media = {
type = "zfs_fs";
mountpoint = "/mnt/media";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
cameras = {
type = "zfs_fs";
mountpoint = "/mnt/cameras";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
sync = {
type = "zfs_fs";
mountpoint = "/mnt/sync";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
};
};
};
};
};
}

39
hosts/manatee/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

9
hosts/sombrero/home.nix → hosts/manatee/home.nix
View File

@@ -1,4 +1,4 @@
{ inputs, pkgs, ... }:
{ inputs, ... }:
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
@@ -13,13 +13,10 @@
home.username = "alex";
home.homeDirectory = "/home/alex";
home.packages = [
pkgs.unar
];
home.packages = [ ];
home.stateVersion = "22.11";
home.stateVersion = "24.11";
};
};
};
}

2
hosts/sombrero/modules/age/default.nix → hosts/manatee/modules/age/default.nix
View File

@@ -4,7 +4,7 @@
config = {
age = {
identityPaths = [ "/etc/ssh/sombrero" ];
identityPaths = [ "/etc/ssh/manatee" ];
};
environment.systemPackages = [

29
hosts/manatee/modules/audiobookshelf/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ lib, config, ... }:
let
enabled = config.mod.audiobookshelf.enable;
in
{
options = {
mod.audiobookshelf = {
enable = lib.mkEnableOption "Enable audiobookshelf module";
};
};
config = lib.mkIf enabled {
users.users.audiobookshelf = {
isSystemUser = true;
description = "audiobookshelf";
group = "storage";
};
services.audiobookshelf = {
enable = true;
user = "audiobookshelf";
group = "storage";
host = "0.0.0.0";
port = 8000;
};
};
}

43
hosts/manatee/modules/boot/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
inputs,
lib,
config,
...
}:
let
configurationLimit = config.mod.gc.configurationLimit;
in
{
imports = [ inputs.nix-gc-env.nixosModules.default ];
options = {
mod.gc = {
configurationLimit = lib.mkOption {
type = lib.types.int;
default = 10;
description = "number of configuration generations to keep";
};
};
};
config = {
nix.gc = {
automatic = true;
dates = "weekly";
# `delete_generations` added by nix-gc-env
delete_generations = "+${builtins.toString configurationLimit}";
};
boot = {
loader = {
systemd-boot = {
enable = true;
inherit configurationLimit;
};
efi.canTouchEfiVariables = true;
};
};
};
}

47
hosts/manatee/modules/calibre-web/default.nix Normal file
View File

@@ -0,0 +1,47 @@
{ lib, config, ... }:
let
enabled = config.mod.calibre-web.enable;
in
{
options = {
mod.calibre-web = {
enable = lib.mkEnableOption "add calibre-web module";
};
};
config = lib.mkIf enabled {
services = {
calibre-web = {
enable = true;
user = "storage";
group = "storage";
listen = {
ip = "0.0.0.0";
port = 8083;
};
dataDir = "/mnt/media/public/books";
options = {
calibreLibrary = "/mnt/media/public/books";
enableBookUploading = true;
};
};
nginx = {
virtualHosts."books.ppp.pm" = {
extraConfig = ''
client_max_body_size 1024M;
'';
locations."/" = {
proxyPass = "http://0.0.0.0:8083"; # TODO add option for port + host
};
};
};
};
};
}

26
hosts/manatee/modules/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ lib, ... }:
let
toModulePath = dir: _: ./. + "/${dir}";
filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs;
in
{
imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.));
config = {
mod = {
gc.configurationLimit = 10;
ssh.enable = true;
git.enable = true;
nginx.enable = true;
syncthing.enable = true;
transmission.enable = true;
calibre-web.enable = true;
audiobookshelf.enable = true;
jellyfin.enable = true;
immich.enable = true;
navidrome.enable = true;
};
};
}

11
hosts/sombrero/modules/git/default.nix → hosts/manatee/modules/git/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.git.enable;
in
@@ -17,6 +22,10 @@ in
includes = [
{ path = ./gitconfig; }
];
extraConfig = {
rerere.enable = true;
};
};
home.packages = [ pkgs.tig ];

5
hosts/sombrero/modules/git/gitconfig → hosts/manatee/modules/git/gitconfig
View File

@@ -5,6 +5,5 @@
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/
[url "gitea@git.ppp.pm:"]
insteadOf = https://git.ppp.pm/

35
hosts/manatee/modules/immich/default.nix Normal file
View File

@@ -0,0 +1,35 @@
{ lib, config, ... }:
let
enabled = config.mod.immich.enable;
in
{
options = {
mod.immich = {
enable = lib.mkEnableOption "Enable immich module";
};
};
config = lib.mkIf enabled {
users.users.immich = {
isSystemUser = true;
group = "storage";
extraGroups = [
"render"
"video"
];
};
services.immich = {
enable = true;
user = "immich";
group = "storage";
host = "0.0.0.0";
mediaLocation = "/mnt/cameras/public";
accelerationDevices = [ "/dev/dri/renderD128" ];
};
};
}

55
hosts/manatee/modules/jellyfin/default.nix Normal file
View File

@@ -0,0 +1,55 @@
{
lib,
pkgs,
config,
...
}:
let
enabled = config.mod.jellyfin.enable;
in
{
options = {
mod.jellyfin = {
enable = lib.mkEnableOption "Enable jellyfin module";
};
};
config = lib.mkIf enabled {
users.users.jellyfin = {
isSystemUser = true;
group = "storage";
extraGroups = [
"render"
"video"
];
};
hardware = {
graphics = {
enable = true;
extraPackages = [
pkgs.intel-media-driver # Modern Intel VA-API driver (needed for N305)
pkgs.libvdpau-va-gl # VDPAU backend for VA-API GLX interop
];
};
};
services = {
jellyfin = {
enable = true;
openFirewall = true;
user = "jellyfin";
group = "storage";
};
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
};
}

33
hosts/manatee/modules/navidrome/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{
lib,
pkgs,
config,
...
}:
let
navidromeEnabled = config.mod.navidrome.enable;
in
{
options = {
mod.navidrome = {
enable = lib.mkEnableOption "Enable navidrome module";
};
};
config = {
services = lib.mkIf navidromeEnabled {
navidrome = {
enable = true;
openFirewall = true;
user = "navidrome";
group = "storage";
settings = {
Port = 4533;
Address = "0.0.0.0";
MusicFolder = "/mnt/media/public/music";
};
};
};
};
}

22
hosts/manatee/modules/network/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ ... }:
{
networking = {
hostName = "manatee";
defaultGateway = "192.168.50.1";
nameservers = [ "1.1.1.1" ];
interfaces = {
enp3s0 = {
useDHCP = false;
ipv4 = {
addresses = [
{
address = "192.168.50.203";
prefixLength = 24;
}
];
};
};
};
};
}

22
hosts/manatee/modules/nginx/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ lib, config, ... }:
let
enabled = config.mod.nginx.enable;
in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "Enable nginx module";
};
};
config = lib.mkIf enabled {
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
};
}

106
hosts/manatee/modules/ssh/default.nix Normal file
View File

@@ -0,0 +1,106 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.ssh.enable;
authorizedKeysPath = "/home/alex/.ssh/authorized-keys";
rootSSHKeyPath = "/etc/ssh";
in
{
options = {
mod.ssh = {
enable = lib.mkEnableOption "enable ssh module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.ssh = {
enable = true;
matchBlocks = {
"git.ppp.pm" = {
hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
};
};
};
};
environment.etc."ssh/authorized_keys_command" = {
mode = "0755";
text = ''
#!${pkgs.bash}/bin/bash
for file in ${authorizedKeysPath}/*; do
${pkgs.coreutils}/bin/cat "$file"
done
'';
};
services = {
openssh = {
enable = true;
ports = [ 1122 ];
hostKeys = [
{
path = "${rootSSHKeyPath}/root.manatee";
type = "ed25519";
}
];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
authorizedKeysCommand = "/etc/ssh/authorized_keys_command";
authorizedKeysCommandUser = "root";
};
};
networking = {
firewall = {
allowedTCPPorts = [ 1122 ];
};
};
age.secrets = {
"root.manatee" = {
file = ../../../../secrets/manatee/root.manatee.age;
path = "${rootSSHKeyPath}/root.manatee";
};
"root.manatee.pub" = {
file = ../../../../secrets/manatee/root.manatee.pub.age;
path = "${rootSSHKeyPath}/root.manatee.pub";
};
"alex.pinwheel-manatee.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-manatee.pub";
};
"alex.backwards-manatee.pub" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
path = "${authorizedKeysPath}/alex.backwards-manatee.pub";
};
"alex.manatee-git.ppp.pm" = {
file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
owner = "alex";
group = "users";
};
"alex.manatee-git.ppp.pm.pub" = {
file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.pub.age;
path = "/home/alex/.ssh/alex.manatee-git.ppp.pm.pub";
owner = "alex";
group = "users";
};
};
};
}

61
hosts/manatee/modules/syncthing/default.nix Normal file
View File

@@ -0,0 +1,61 @@
{ lib, config, ... }:
let
enabled = config.mod.syncthing.enable;
in
{
options = {
mod.syncthing = {
enable = lib.mkEnableOption "Enable syncthing module";
};
};
config = lib.mkIf enabled {
services.syncthing = {
enable = true;
cert = config.age.secrets.syncthing-cert.path;
key = config.age.secrets.syncthing-key.path;
user = "storage";
group = "storage";
dataDir = "/mnt/sync/public";
guiAddress = "0.0.0.0:8384";
settings = {
gui = {
user = "syncthing";
password = "$2a$12$YBcqhl8AXpoLmIWikuMtkOQLcrPXKKj0xY/qy4hggWnfjeVLQ3Ct6";
insecureSkipHostcheck = false;
};
devices = {
pinwheel.id = config.lib.syncthing.pinwheel;
};
folders = {
org = {
path = "/mnt/sync/public/org";
devices = [
"pinwheel"
];
versioning = {
type = "staggered";
params = {
maxage = "2592000"; # 30 days
};
};
};
};
};
};
age = {
secrets = {
"syncthing-cert".file = ../../../../secrets/manatee/syncthing-cert.age;
"syncthing-key".file = ../../../../secrets/manatee/syncthing-key.age;
};
};
};
}

2
hosts/sombrero/modules/tailscale/default.nix → hosts/manatee/modules/tailscale/default.nix
View File

@@ -1,5 +1,7 @@
{ ... }:
{
# If an exit node is used, set:
# tailscale set --exit-node-allow-lan-access
services.tailscale.enable = true;
networking.firewall = {

30
hosts/backwards/modules/transmission/default.nix → hosts/manatee/modules/transmission/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.transmission.enable;
in
@@ -16,25 +21,26 @@ in
package = pkgs.transmission_4;
openFirewall = true;
openRPCPort = true;
user = "alex";
group = "users";
user = "storage";
group = "storage";
home = "/home/alex/media/ts-home";
home = "/mnt/media/public/.ts-home";
downloadDirPermissions = "775";
settings = {
rpc-bind-address = "0.0.0.0";
rpc-port = 9191;
incomplete-dir-enabled = false;
download-dir = "/home/alex/media/downloads";
download-dir = "/mnt/media/public/downloads";
rpc-authentication-required = true;
rpc-bind-address = "0.0.0.0";
# Required to have empty user/pass to satisfy transmissionA
# https://github.com/transmission/transmission/discussions/1941#discussioncomment-1472352
rpc-whitelist-enabled = false;
rpc-username = "transmission";
rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi";
rpc-authentication-required = true;
rpc-username = "";
rpc-password = "";
};
};
};

20
hosts/pinwheel/configuration.nix
View File

@@ -1,15 +1,17 @@
{ pkgs, ... }:
{
imports =
[
../../config-manager/default.nix
../../nix-wrapper/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./modules
];
imports = [
../../config-manager/default.nix
../../nix-wrapper/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./modules
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true;
users.users.alex = {

44
hosts/pinwheel/hardware-configuration.nix
View File

@@ -1,31 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9c3ef2ad-0244-4310-9984-2e548ced3e22";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/9c3ef2ad-0244-4310-9984-2e548ced3e22";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-f569d036-e500-4839-bc78-ce4b032840d8".device = "/dev/disk/by-uuid/f569d036-e500-4839-bc78-ce4b032840d8";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/FCAE-6849";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/FCAE-6849";
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [
{
device = "/swapfile";
size = 48 * 1024; # 48GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

5
hosts/pinwheel/home.nix
View File

@@ -14,6 +14,9 @@
home.homeDirectory = "/home/alex";
home.packages = [
inputs.whib-backend.packages.${pkgs.system}.whib-import
# pkgs.beekeeper-studio
pkgs.bitwarden-desktop
pkgs.gimp
pkgs.zip
pkgs.unar
@@ -22,7 +25,7 @@
pkgs.htop
pkgs.onlyoffice-bin
pkgs.wdisplays
pkgs.postman
pkgs.vlc
];
home.stateVersion = "23.05";

7
hosts/pinwheel/modules/bemenu/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
hyprlandEnabled = config.mod.hyprland.enable;

131
hosts/pinwheel/modules/bluetooth/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.bluetooth.enable;
in
@@ -37,77 +42,87 @@ in
threshold = "30";
};
in
{
timers =
let
mkTimer = device: {
name = "notify-low-battery-for-${device.name}";
{
timers =
let
mkTimer = device: {
name = "notify-low-battery-for-${device.name}";
value = {
unitConfig = {
Description = "notify-battery-low timer for '${device.name}'";
};
value = {
unitConfig = {
Description = "notify-battery-low timer for '${device.name}'";
};
wantedBy = [ "timers.target" ];
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "notify-low-battery-for-${device.name}.service";
OnCalendar = "*-*-* *:00:00"; # Every hour
Persistent = true;
};
timerConfig = {
Unit = "notify-low-battery-for-${device.name}.service";
OnCalendar = "*-*-* *:00:00"; # Every hour
Persistent = true;
};
};
in
builtins.listToAttrs (builtins.map mkTimer [ trackpad headphones ]);
};
in
builtins.listToAttrs (
builtins.map mkTimer [
trackpad
headphones
]
);
services =
let
mkService = device: {
name = "notify-low-battery-for-${device.name}";
services =
let
mkService = device: {
name = "notify-low-battery-for-${device.name}";
value = {
unitConfig = {
Description = "check battery level of '${device.name}'";
};
value = {
unitConfig = {
Description = "check battery level of '${device.name}'";
};
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "exec";
};
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "exec";
};
path = [
pkgs.upower
pkgs.gawk
pkgs.bc
pkgs.libnotify
];
path = [
pkgs.upower
pkgs.gawk
pkgs.bc
pkgs.libnotify
];
script = ''
CONNECTED=$(upower --show-info /org/freedesktop/UPower/devices/${device.id} | grep native-path | awk '{print $2}')
[ "$CONNECTED" == "(null)" ] && exit 0
script = ''
CONNECTED=$(upower --show-info /org/freedesktop/UPower/devices/${device.id} | grep native-path | awk '{print $2}')
[ "$CONNECTED" == "(null)" ] && exit 0
CHECKING="/tmp/checking-dismiss-low-battery-${device.id}"
[ ! -f "$CHECKING" ] && touch $CHECKING || exit 0
CHECKING="/tmp/checking-dismiss-low-battery-${device.id}"
[ ! -f "$CHECKING" ] && touch $CHECKING || exit 0
DISMISSED="/tmp/dismiss-low-battery-${device.id}"
PERCENT=$(upower --show-info /org/freedesktop/UPower/devices/${device.id} | grep percentage | grep -o '[0-9]*')
if (( $(echo "$PERCENT < ${device.threshold}" | bc) )); then
echo "'${device.name}' is under threshold. battery = $PERCENT% - threshold = ${device.threshold}%"
if [ ! -f "$DISMISSED" ]; then
DISMISS=$(notify-send --expire-time 0 "Low battery" "${device.name} has $PERCENT% battery" --action=dismiss=Dismiss)
[ "$DISMISS" == "dismiss" ] && touch $DISMISSED && echo "'${device.name}' dismissed"
fi
else
echo "'${device.name}' is over threshold. battery = $PERCENT% - threshold = ${device.threshold}%"
[ -f "$DISMISSED" ] && rm $DISMISSED && echo "'${device.name}' undismissed"
DISMISSED="/tmp/dismiss-low-battery-${device.id}"
PERCENT=$(upower --show-info /org/freedesktop/UPower/devices/${device.id} | grep percentage | grep -o '[0-9]*')
if (( $(echo "$PERCENT < ${device.threshold}" | bc) )); then
echo "'${device.name}' is under threshold. battery = $PERCENT% - threshold = ${device.threshold}%"
if [ ! -f "$DISMISSED" ]; then
DISMISS=$(notify-send --expire-time 0 "Low battery" "${device.name} has $PERCENT% battery" --action=dismiss=Dismiss)
[ "$DISMISS" == "dismiss" ] && touch $DISMISSED && echo "'${device.name}' dismissed"
fi
else
echo "'${device.name}' is over threshold. battery = $PERCENT% - threshold = ${device.threshold}%"
[ -f "$DISMISSED" ] && rm $DISMISSED && echo "'${device.name}' undismissed"
fi
rm $CHECKING
'';
};
rm $CHECKING
'';
};
in
builtins.listToAttrs (builtins.map mkService [ trackpad headphones ]);
};
};
in
builtins.listToAttrs (
builtins.map mkService [
trackpad
headphones
]
);
};
};
}

8
hosts/pinwheel/modules/boot/default.nix
View File

@@ -1,4 +1,10 @@
{ inputs, pkgs, lib, config, ... }:
{
inputs,
pkgs,
lib,
config,
...
}:
let
configurationLimit = config.mod.gc.configurationLimit;
in

7
hosts/pinwheel/modules/c/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.c.enable;
in

2
hosts/pinwheel/modules/chromium/default.nix
View File

@@ -1,6 +1,6 @@
{ pkgs, ... }:
{
home-manager.users.alex= {
home-manager.users.alex = {
home.packages = [ pkgs.ungoogled-chromium ];
};

2
hosts/pinwheel/modules/colors/default.nix
View File

@@ -3,7 +3,7 @@
colors = {
foreground = "bd93f9";
foreground-dim = "644294";
background = "1E2029";
background = "1E1E2F";
gray = "3a3a3a";
warning = "ff6969";

7
hosts/pinwheel/modules/containers/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
dockerEnabled = config.mod.containers.docker.enable;
podmanEnabled = config.mod.containers.podman.enable;

2
hosts/pinwheel/modules/default.nix
View File

@@ -27,13 +27,13 @@ in
zsh.enable = true;
openvpn.enable = true;
mullvad.enable = true;
c.enable = true;
go.enable = true;
rust.enable = true;
scala.enable = true;
python.enable = true;
gleam.enable = true;
keyboard.enable = true;
containers = {

1
hosts/pinwheel/modules/direnv/default.nix
View File

@@ -9,7 +9,6 @@ in
nix-direnv.enable = true;
};
programs.direnv.enableZshIntegration = lib.mkIf zshEnabled true;
};
}

2
hosts/pinwheel/modules/dunst/default.nix
View File

@@ -7,8 +7,6 @@
settings = {
global = {
monitor = 1;
width = 300;
height = 300;
offset = "10x10";
origin = "top-right";
transparency = 10;

6
hosts/pinwheel/modules/emacs/config.nix
View File

@@ -1,5 +1,5 @@
{ emacs, runCommand, ... }:
runCommand "default.el" {} ''
{ emacs, runCommand, ... }:
runCommand "default.el" { } ''
cp ${./config.org} $TMPDIR/config.org
cd $TMPDIR
${emacs}/bin/emacs --batch -Q \
@@ -7,4 +7,4 @@ runCommand "default.el" {} ''
-f org-babel-tangle
mv config.el $out
''
''

70
hosts/pinwheel/modules/emacs/config.org
View File

@@ -479,7 +479,34 @@ Setup prefix for keybindings.
* Flycheck
#+BEGIN_SRC emacs-lisp
(use-package flycheck)
(use-package flycheck
:preface
(defun mp-flycheck-eldoc (callback &rest _ignored)
"Print flycheck messages at point by calling CALLBACK."
(when-let ((flycheck-errors (and flycheck-mode (flycheck-overlay-errors-at (point)))))
(mapc
(lambda (err)
(funcall callback
(format "%s: %s"
(let ((level (flycheck-error-level err)))
(pcase level
('info (propertize "I" 'face 'flycheck-error-list-info))
('error (propertize "E" 'face 'flycheck-error-list-error))
('warning (propertize "W" 'face 'flycheck-error-list-warning))
(_ level)))
(flycheck-error-message err))
:thing (or (flycheck-error-id err)
(flycheck-error-group err))
:face 'font-lock-doc-face))
flycheck-errors)))
(defun mp-flycheck-prefer-eldoc ()
(add-hook 'eldoc-documentation-functions #'mp-flycheck-eldoc nil t)
(setq eldoc-documentation-strategy 'eldoc-documentation-compose-eagerly)
(setq flycheck-display-errors-function nil)
(setq flycheck-help-echo-function nil))
:hook ((flycheck-mode . mp-flycheck-prefer-eldoc)))
(use-package flycheck-eglot
:after (flycheck eglot)
@@ -498,15 +525,28 @@ Setup prefix for keybindings.
)
(defun alex/format-on-save ()
(add-hook 'before-save-hook #'eglot-format-buffer -10 t)
)
(let ((excluded-files '("secrets.nix")))
(unless (member (file-name-nondirectory buffer-file-name) excluded-files)
(add-hook 'before-save-hook #'eglot-format-buffer -10 t))))
(use-package eglot
:preface
(defun mp-eglot-eldoc ()
(setq eldoc-echo-area-use-multiline-p nil)
(setq eldoc-documentation-strategy
'eldoc-documentation-compose-eagerly))
:config
(add-to-list 'eglot-server-programs
'(scala-mode .
("metals" :initializationOptions (:isHttpEnabled t))))
(add-to-list 'eglot-server-programs
'(nix-mode . ("nixd")))
(add-to-list 'eglot-server-programs
'(gleam-ts-mode . ("gleam" "lsp")))
(setq-default eglot-workspace-configuration
'(
:metals (
@@ -516,12 +556,20 @@ Setup prefix for keybindings.
)
:hook (
(eglot-managed-mode . mp-eglot-eldoc)
(go-mode . eglot-ensure)
(go-mode . alex/organize-imports-on-save)
(go-mode . alex/format-on-save)
(c-mode . eglot-ensure)
(nix-mode . eglot-ensure)
(nix-mode . alex/format-on-save)
(gleam-ts-mode . eglot-ensure)
(gleam-ts-mode . alex/format-on-save)
(python-mode . eglot-ensure)
(javascript-mode . eglot-ensure)
(js-mode . eglot-ensure)
(js-jsx-mode . eglot-ensure)
@@ -541,13 +589,6 @@ Setup prefix for keybindings.
:after eglot
:config (eglot-booster-mode))
#+END_SRC
** Eldoc-box
#+BEGIN_SRC emacs-lisp
(use-package eldoc-box
:after eglot
:bind (:map eglot-mode-map
("M-h" . eldoc-box-help-at-point)))
#+END_SRC
** Go
#+BEGIN_SRC emacs-lisp
(use-package go-mode
@@ -565,6 +606,12 @@ Setup prefix for keybindings.
)
)
#+END_SRC
** Gleam
#+BEGIN_SRC emacs-lisp
(use-package gleam-ts-mode
:mode "\\.gleam\\'"
)
#+END_SRC
** YAML
#+BEGIN_SRC emacs-lisp
(use-package yaml-mode
@@ -596,7 +643,8 @@ Setup prefix for keybindings.
#+BEGIN_SRC emacs-lisp
(setq
js-indent-level 2
js2-basic-offset 2)
js2-basic-offset 2
indent-tabs-mode nil)
(add-to-list 'auto-mode-alist '("\\.ts\\'" . typescript-ts-mode))
#+END_SRC

9
hosts/pinwheel/modules/emacs/default.nix
View File

@@ -3,7 +3,7 @@ let
emacs = pkgs.emacsWithPackagesFromUsePackage {
package = pkgs.emacs-unstable;
config = ./config.org;
defaultInitFile = pkgs.callPackage ./config.nix {};
defaultInitFile = pkgs.callPackage ./config.nix { };
alwaysEnsure = true;
alwaysTangle = true;
@@ -40,9 +40,9 @@ in
home-manager.users.alex = {
home.sessionVariables = {
EDITOR = "${e}/bin/e $@";
VISUAL = "${e}/bin/e $@";
TIG_EDITOR = "${e}/bin/e $@";
EDITOR = "${e}/bin/e $@";
VISUAL = "${e}/bin/e $@";
TIG_EDITOR = "${e}/bin/e $@";
};
home.packages = [
@@ -51,6 +51,7 @@ in
emacs
pkgs.wl-clipboard
pkgs.emacs-lsp-booster
pkgs.nixd
];
};

14
hosts/pinwheel/modules/firefox/default.nix
View File

@@ -29,14 +29,14 @@ let
ff = pkgs.writeShellApplication {
name = "ff";
text = ''
${wrapped}/bin/firefox --ProfileManager
${wrapped}/bin/firefox-devedition --ProfileManager
'';
};
ff-alex = pkgs.writeShellApplication {
name = "ff-alex";
text = ''
${wrapped}/bin/firefox -P alex --new-window "$@"
${wrapped}/bin/firefox-devedition -P alex --new-window "$@"
'';
};
@@ -59,7 +59,7 @@ in
name = "alex";
isDefault = true;
settings = sharedSettings // {};
settings = sharedSettings // { };
};
work = {
@@ -109,12 +109,14 @@ in
configFile."mimeapps.list".force = true;
};
home.packages = [ ff ff-alex ];
home.packages = [
ff
ff-alex
];
};
environment.variables = {
MOZ_ENABLE_WAYLAND=1;
MOZ_ENABLE_WAYLAND = 1;
BROWSER = "${ff-alex}/bin/ff-alex $@";
};
}

4
hosts/pinwheel/modules/fonts/default.nix
View File

@@ -2,9 +2,9 @@
{
fonts.packages = [
pkgs.noto-fonts
pkgs.noto-fonts-cjk
pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-emoji
pkgs.nerdfonts
pkgs.nerd-fonts.jetbrains-mono
pkgs.liberation_ttf
];
}

7
hosts/pinwheel/modules/foot/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.foot.enable;

12
hosts/pinwheel/modules/games/default.nix
View File

@@ -1,16 +1,6 @@
{ pkgs, ... }:
{
home-manager.users.alex = {
home.packages = [
pkgs.brogue-ce
(pkgs.retroarch.override {
cores = [
pkgs.libretro.genesis-plus-gx
pkgs.libretro.snes9x
pkgs.libretro.dolphin
];
})
];
home.packages = [ pkgs.brogue-ce ];
};
}

7
hosts/pinwheel/modules/git/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.git.enable;
in

3
hosts/pinwheel/modules/git/gitconfig
View File

@@ -5,9 +5,6 @@
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@gitlab.com:"]
insteadOf = https://gitlab.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/

25
hosts/pinwheel/modules/gleam/default.nix Normal file
View File

@@ -0,0 +1,25 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.gleam.enable;
in
{
options = {
mod.gleam = {
enable = lib.mkEnableOption "enable gleam module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
home.packages = [
pkgs.gleam
pkgs.erlang
];
};
};
}

25
hosts/pinwheel/modules/go/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.go.enable;
in
@@ -10,26 +15,14 @@ in
};
config = lib.mkIf enabled {
nixpkgs.overlays = let
buildGo122 = pkgs: pkg:
pkg.override { buildGoModule = pkgs.buildGo122Module; };
in
[
(final: prev: {
go = prev.go_1_22;
gopls = buildGo122 prev prev.gopls;
go-tools = buildGo122 prev prev.go-tools;
govulncheck = buildGo122 prev prev.govulncheck;
gotestsum = buildGo122 prev prev.gotestsum;
})
];
home-manager.users.alex = {
programs.go = {
enable = true;
package = pkgs.go;
goPath = "code/go";
env = {
GOPATH = "/home/alex/code/go";
};
};
home.packages = [

22
hosts/pinwheel/modules/greetd/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.greetd.enable;
in
@@ -13,16 +18,17 @@ in
services.greetd = {
enable = true;
settings = let
session = {
user = "alex";
command = "${pkgs.hyprland}/bin/Hyprland";
};
in
settings =
let
session = {
user = "alex";
command = "${pkgs.hyprland}/bin/Hyprland";
};
in
{
initial_session = session;
default_session = session;
};
};
};
};
}

184
hosts/pinwheel/modules/hyprland/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.hyprland.enable;
in
@@ -20,11 +25,14 @@ in
extraConfig = ''
exec-once=waybar
exec-once=hyprctl setcursor Adwaita 24
env = GDK_DPI_SCALE,1.5
env = XCURSOR_SIZE,64
env = HYPRCURSOR_THEME,Adwaita
env = HYPRCURSOR_SIZE,24
monitor=eDP-1, 1920x1200, 0x0, 1
monitor=eDP-1, 1920x1200, auto-center-down, 1
monitor=HDMI-A-1, 2560x1440@100, auto-center-up, 1
workspace = 1, monitor:HDMI-A-1
workspace = 2, monitor:HDMI-A-1
@@ -37,6 +45,13 @@ in
workspace = 9, monitor:eDP-1
workspace = 10, monitor:eDP-1
workspace = w[tv1], gapsout:0, gapsin:0
workspace = f[1], gapsout:0, gapsin:0
windowrulev2 = bordersize 0, floating:0, onworkspace:w[tv1]
windowrulev2 = rounding 0, floating:0, onworkspace:w[tv1]
windowrulev2 = bordersize 0, floating:0, onworkspace:f[1]
windowrulev2 = rounding 0, floating:0, onworkspace:f[1]
exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
'';
@@ -55,7 +70,7 @@ in
# 2 - Cursor focus will be detached from keyboard focus. Clicking on a window will move keyboard focus to that window.
follow_mouse = 2;
sensitivity = 0.30;
sensitivity = 0.3;
touchpad = {
natural_scroll = false;
tap-and-drag = false;
@@ -70,7 +85,7 @@ in
general = {
layout = "dwindle";
gaps_in = 0; # gaps between windows
gaps_in = 0; # gaps between windows
gaps_out = 0; # gaps between windows and monitor edges
"col.active_border" = "rgba(${config.lib.colors.foreground}ff)";
@@ -79,57 +94,61 @@ in
dwindle = {
force_split = 2;
no_gaps_when_only = 1;
};
bind = let
ws = x:
let n = if (x + 1) < 10
then (x + 1)
else 0;
in
bind =
let
ws =
x:
let
n = if (x + 1) < 10 then (x + 1) else 0;
in
builtins.toString n;
select = builtins.genList (x: "$mod, ${ws x}, workspace, ${builtins.toString (x + 1)}") 10;
move = builtins.genList (x: "$mod SHIFT, ${ws x}, movetoworkspacesilent, ${builtins.toString (x + 1)}") 10;
select = builtins.genList (x: "$mod, ${ws x}, workspace, ${builtins.toString (x + 1)}") 10;
move = builtins.genList (
x: "$mod SHIFT, ${ws x}, movetoworkspacesilent, ${builtins.toString (x + 1)}"
) 10;
magnifier = pkgs.writeShellScript "magnifier" ''
CURRENT=$(${pkgs.hyprland}/bin/hyprctl getoption cursor:zoom_factor -j | ${pkgs.jq}/bin/jq .float)
DELTA=0.1
magnifier = pkgs.writeShellScript "magnifier" ''
CURRENT=$(${pkgs.hyprland}/bin/hyprctl getoption cursor:zoom_factor -j | ${pkgs.jq}/bin/jq .float)
DELTA=0.1
UPDATED=1
case $1 in
--increase)
UPDATED=$(echo $CURRENT + $DELTA | ${pkgs.bc}/bin/bc) ;;
--decrease)
UPDATED=$(echo $CURRENT - $DELTA | ${pkgs.bc}/bin/bc) ;;
--reset)
UPDATED=1
esac
UPDATED=1
case $1 in
--increase)
UPDATED=$(echo $CURRENT + $DELTA | ${pkgs.bc}/bin/bc) ;;
--decrease)
UPDATED=$(echo $CURRENT - $DELTA | ${pkgs.bc}/bin/bc) ;;
--reset)
UPDATED=1
esac
if (( $(echo "$UPDATED < 1" | bc) )); then UPDATED=1; fi
${pkgs.hyprland}/bin/hyprctl keyword cursor:zoom_factor $UPDATED
'';
in
select ++ move ++ [
"$mod, ESCAPE, killactive"
if (( $(echo "$UPDATED < 1" | bc) )); then UPDATED=1; fi
${pkgs.hyprland}/bin/hyprctl keyword cursor:zoom_factor $UPDATED
'';
in
select
++ move
++ [
"$mod, ESCAPE, killactive"
"$mod, f, fullscreen, 1"
"$mod SHIFT, f, togglefloating, active"
"$mod, f, fullscreen, 1"
"$mod SHIFT, f, togglefloating, active"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod CONTROL, 1, exec, ${magnifier} --increase"
"$mod CONTROL, 2, exec, ${magnifier} --decrease"
"$mod CONTROL, 3, exec, ${magnifier} --reset"
];
"$mod CONTROL, 1, exec, ${magnifier} --increase"
"$mod CONTROL, 2, exec, ${magnifier} --decrease"
"$mod CONTROL, 3, exec, ${magnifier} --reset"
];
bindm = [
# mouse movements
"$mod, mouse:272, movewindow" # left click
"$mod, mouse:272, movewindow" # left click
"$mod, mouse:273, resizewindow" # right click
];
@@ -161,84 +180,5 @@ in
# openGL is needed for wayland/hyprland
hardware.graphics.enable = true;
systemd.user.services.hyprland-monitors = {
# systemctl --user restart hyprland-monitors.service
# journalctl --user -u hyprland-monitors.service -e -f
unitConfig = {
Description = "handles hyprland monitor connect/disconnect";
};
wantedBy = [ "graphical-session.target" ];
requires = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
path = [
pkgs.coreutils # to include `cat`
pkgs.waybar
pkgs.hyprland
pkgs.socat
pkgs.jq
pkgs.bc
pkgs.libnotify
];
script = let
moveWSToMonitor = monitor: first: last:
if last < first
then throw "'first' has to be less than or equal to 'last'"
else
builtins.genList (n: "dispatch moveworkspacetomonitor ${builtins.toString (first + n)} ${monitor}") (last - first + 1);
external = moveWSToMonitor "HDMI-A-1" 1 5;
internal = moveWSToMonitor "eDPI-1" 6 10;
onlyInternal = moveWSToMonitor "eDPI-1" 1 10;
in
''
update() {
HDMI_STATUS=$(cat /sys/class/drm/card1-HDMI-A-1/status)
INTERNAL_WIDTH=1920
INTERNAL_HEIGHT=1200
if [ $HDMI_STATUS = "connected" ]; then
notify-send "Using external and laptop monitor"
hyprctl keyword monitor HDMI-A-1,preferred,0x0,1
HDMI=$(hyprctl monitors -j | jq '.[] | select(.name=="HDMI-A-1")')
HDMI_WIDTH=$(echo $HDMI | jq .width)
HDMI_HEIGHT=$(echo $HDMI | jq .height)
INTERNAL_POS_X=$(echo "($HDMI_WIDTH - $INTERNAL_WIDTH) / 2" | bc)
if (( $(echo "$INTERNAL_POS_X < 0" | bc) )); then INTERNAL_POS_X=0; fi
INTERNAL_POS_Y=$HDMI_HEIGHT
hyprctl keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,$INTERNAL_POS_X"x"$INTERNAL_POS_Y,1
hyprctl --batch "${lib.strings.concatStringsSep ";" (external ++ internal)}"
else
notify-send "Using only laptop monitor"
hyprctl --batch "keyword monitor HDMI-A,disable; keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,0x0,1"
hyprctl --batch "${lib.strings.concatStringsSep ";" onlyInternal}"
fi
}
handle() {
case $1 in
monitoradded\>\>*|monitorremoved\>\>*)
echo "handling event: \"$1\""
update ;;
esac
}
echo "Starting service with instance \"$HYPRLAND_INSTANCE_SIGNATURE\""
# Do initial configuration
update
socat -U - UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock | while read -r line; do handle "$line"; done
'';
};
};
}

2
hosts/pinwheel/modules/javascript/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}:
{ pkgs, ... }:
{
home-manager.users.alex = {
home.packages = [ pkgs.nodePackages.typescript-language-server ];

7
hosts/pinwheel/modules/keyboard/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.keyboard.enable;
in

7
hosts/pinwheel/modules/light/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
hyprlandEnabled = config.mod.hyprland.enable;
in

30
hosts/pinwheel/modules/mullvad/default.nix
View File

@@ -1,30 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.mullvad.enable;
in
{
options = {
mod.mullvad = {
enable = lib.mkEnableOption "enable mullvad module";
};
};
config = lib.mkIf enabled {
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
age.secrets = {
"mullvad-device" = {
file = ../../../../secrets/pinwheel/mullvad-device.age;
path = "/etc/mullvad-vpn/device.json";
};
"mullvad-account-history" = {
file = ../../../../secrets/pinwheel/mullvad-account-history.age;
path = "/etc/mullvad-vpn/account-history.json";
};
};
};
}

50
hosts/pinwheel/modules/music/default.nix Normal file
View File

@@ -0,0 +1,50 @@
{
inputs,
pkgs,
lib,
config,
...
}:
let
hyprlandEnabled = config.mod.hyprland.enable;
in
{
home-manager.users.alex = {
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = {
bind =
let
prev = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify previous";
next = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify next";
in
[
", XF86AudioPrev, exec, ${prev}"
", XF86AudioNext, exec, ${next}"
", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause"
", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spoitfy play-pause"
"$mod ALT, LEFT, exec, ${prev}"
"$mod ALT, RIGHT, exec, ${next}"
"$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause"
];
};
};
home.packages = [
pkgs.playerctl
pkgs.spotify
inputs.naviterm.packages.${pkgs.system}.default
];
};
systemd.user.services.playerctld = {
unitConfig = {
Description = "starts playerctld daemon";
};
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${pkgs.playerctl}/bin/playerctld";
};
};
}

2
hosts/pinwheel/modules/nix/default.nix
View File

@@ -2,7 +2,7 @@
{
home-manager.users.alex = {
home.packages = [
pkgs.nil
pkgs.nixfmt-rfc-style
pkgs.nix-tree
];
};

12
hosts/pinwheel/modules/openvpn/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.openvpn.enable;
in
@@ -13,13 +18,12 @@ in
home-manager.users.alex = {
home.packages = [
pkgs.openvpn
pkgs.update-systemd-resolved
];
};
services.resolved = {
enable = false;
dnssec = "true";
enable = true;
dnssec = "false";
domains = [ "~." ];
fallbackDns = [
"1.1.1.1#one.one.one.one"

17
hosts/pinwheel/modules/physlock/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.physlock.enable;
hyprlandEnabled = config.mod.hyprland.enable;
@@ -31,11 +36,11 @@ in
let
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
in
[
# will lock the screen with `physlock`, see `lockOn.suspend
"$mod SHIFT, x, exec, ${pause-music}; systemctl suspend"
"$mod, x, exec, ${pause-music}; ${config.security.wrapperDir}/physlock -d -s -m"
];
[
# will lock the screen with `physlock`, see `lockOn.suspend
"$mod SHIFT, x, exec, ${pause-music}; systemctl suspend"
"$mod, x, exec, ${pause-music}; ${config.security.wrapperDir}/physlock -d -s -m"
];
};
};
};

55
hosts/pinwheel/modules/power/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.power.enable;
lowbat = config.mod.lowbat;
@@ -39,8 +44,8 @@ in
enable = true;
settings = {
START_CHARGE_THRESH_BAT0=75;
STOP_CHARGE_THRESH_BAT0=80;
START_CHARGE_THRESH_BAT0 = 75;
STOP_CHARGE_THRESH_BAT0 = 80;
};
};
};
@@ -58,7 +63,7 @@ in
Persistent = true;
};
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
};
};
@@ -78,28 +83,30 @@ in
pkgs.swaylock
];
script = let
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
in ''
BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity)
BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status)
echo "Battery capacity: $BATTERY_CAPACITY"
echo "Battery status: $BATTERY_STATUS"
if [[ $BATTERY_CAPACITY -le ${builtins.toString lowbat.notifyCapacity} && $BATTERY_STATUS = "Discharging" ]]; then
notify-send --expire-time=0 --urgency=critical "Battery Low"
fi
if [[ $BATTERY_CAPACITY -le ${builtins.toString lowbat.suspendCapacity} && $BATTERY_STATUS = "Discharging" ]]; then
notify-send --expire-time=0 --urgency=critical "Battery Critically Low" "Suspending in 60 seconds if power is not plugged in"
sleep 60s
script =
let
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
in
''
BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity)
BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status)
if [[ $BATTERY_STATUS = "Discharging" ]]; then
${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend
echo "Battery capacity: $BATTERY_CAPACITY"
echo "Battery status: $BATTERY_STATUS"
if [[ $BATTERY_CAPACITY -le ${builtins.toString lowbat.notifyCapacity} && $BATTERY_STATUS = "Discharging" ]]; then
notify-send --expire-time=0 --urgency=critical "Battery Low"
fi
fi
'';
if [[ $BATTERY_CAPACITY -le ${builtins.toString lowbat.suspendCapacity} && $BATTERY_STATUS = "Discharging" ]]; then
notify-send --expire-time=0 --urgency=critical "Battery Critically Low" "Suspending in 60 seconds if power is not plugged in"
sleep 60s
BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status)
if [[ $BATTERY_STATUS = "Discharging" ]]; then
${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend
fi
fi
'';
};
};
};

7
hosts/pinwheel/modules/python/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.python.enable;
in

7
hosts/pinwheel/modules/rust/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.rust.enable;
in

7
hosts/pinwheel/modules/scala/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.scala.enable;

8
hosts/pinwheel/modules/screenshot/default.nix
View File

@@ -1,4 +1,10 @@
{ inputs, pkgs, lib, config, ...}:
{
inputs,
pkgs,
lib,
config,
...
}:
let
hyprlandEnabled = config.mod.hyprland.enable;

7
hosts/pinwheel/modules/scripts/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.scripts.enable;

45
hosts/pinwheel/modules/sound/default.nix
View File

@@ -1,11 +1,16 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
hyprlandEnabled = config.mod.hyprland.enable;
in
{
users.users.alex.extraGroups = [ "audio" ];
hardware.pulseaudio.enable = false;
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
@@ -20,24 +25,26 @@ in
home-manager.users.alex = {
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = {
bind = let
toggle-output-mute = pkgs.writeShellScript "toggle-output-mute" ''
${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SINK@ | grep MUTED | wc -l)
echo $MUTED > /sys/class/leds/platform::mute/brightness
'';
bind =
let
toggle-output-mute = pkgs.writeShellScript "toggle-output-mute" ''
${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SINK@ | grep MUTED | wc -l)
echo $MUTED > /sys/class/leds/platform::mute/brightness
'';
toggle-input-mute = pkgs.writeShellScript "toggle-input-mute" ''
${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle
MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SOURCE@ | grep MUTED | wc -l)
echo $MUTED > /sys/class/leds/platform::micmute/brightness
'';
in [
", XF86AudioRaiseVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 2%+"
", XF86AudioLowerVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%-"
", XF86AudioMute, exec, ${toggle-output-mute}"
", XF86AudioMicMute, exec, ${toggle-input-mute}"
];
toggle-input-mute = pkgs.writeShellScript "toggle-input-mute" ''
${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle
MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SOURCE@ | grep MUTED | wc -l)
echo $MUTED > /sys/class/leds/platform::micmute/brightness
'';
in
[
", XF86AudioRaiseVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 2%+"
", XF86AudioLowerVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%-"
", XF86AudioMute, exec, ${toggle-output-mute}"
", XF86AudioMicMute, exec, ${toggle-input-mute}"
];
};
};

41
hosts/pinwheel/modules/spotify/default.nix
View File

@@ -1,41 +0,0 @@
{ pkgs, lib, config, ... }:
let
hyprlandEnabled = config.mod.hyprland.enable;
in
{
home-manager.users.alex = {
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = {
bind = let
prev = "${pkgs.playerctl}/bin/playerctl -p spotify previous";
next = "${pkgs.playerctl}/bin/playerctl -p spotify next";
in [
", XF86AudioPrev, exec, ${prev}"
", XF86AudioNext, exec, ${next}"
", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p spoitfy play-pause"
"$mod ALT, LEFT, exec, ${prev}"
"$mod ALT, RIGHT, exec, ${next}"
"$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
];
};
};
home.packages = [
pkgs.playerctl
pkgs.spotify
];
};
systemd.user.services.playerctld = {
unitConfig = {
Description = "starts playerctld daemon";
};
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${pkgs.playerctl}/bin/playerctld";
};
};
}

75
hosts/pinwheel/modules/ssh/default.nix
View File

@@ -5,6 +5,13 @@
enable = true;
matchBlocks = {
"manatee" = {
hostname = "manatee";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-manatee";
port = 1122;
};
"backwards" = {
hostname = "backwards";
user = "alex";
@@ -12,26 +19,6 @@
port = 1122;
};
"sombrero.local" = {
hostname = "192.168.50.200";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero";
port = 1122;
};
"sombrero" = {
hostname = "sombrero.a2x.se";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero";
port = 1122;
};
"andromeda" = {
hostname = "andromeda.a2x.se";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-andromeda";
};
"tadpole" = {
hostname = "65.21.106.222";
user = "alex";
@@ -60,6 +47,19 @@
};
age.secrets = {
"alex.pinwheel-manatee" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.age;
path = "/home/alex/.ssh/alex.pinwheel-manatee";
owner = "alex";
group = "users";
};
"alex.pinwheel-manatee.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-manatee.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-backwards" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.age;
path = "/home/alex/.ssh/alex.pinwheel-backwards";
@@ -72,18 +72,6 @@
owner = "alex";
group = "users";
};
"alex.pinwheel-sombrero" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.age;
path = "/home/alex/.ssh/alex.pinwheel-sombrero";
owner = "alex";
group = "users";
};
"alex.pinwheel-sombrero.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-sombrero.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-github.com" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-github.com.age;
@@ -124,19 +112,6 @@
group = "users";
};
"alex.pinwheel-andromeda" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda";
owner = "alex";
group = "users";
};
"alex.pinwheel-andromeda.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-tadpole" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age;
path = "/home/alex/.ssh/alex.pinwheel-tadpole";
@@ -155,9 +130,11 @@
enable = true;
ports = [ 1122 ];
hostKeys = [{
path = "/etc/ssh/pinwheel";
type = "ed25519";
}];
hostKeys = [
{
path = "/etc/ssh/pinwheel";
type = "ed25519";
}
];
};
}

28
hosts/pinwheel/modules/swaylock/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.swaylock.enable;
hyprlandEnabled = config.mod.hyprland.enable;
@@ -30,18 +35,19 @@ in
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = {
bind = let
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
bind =
let
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
dpmsTimeout = config.mod.swaylock.dpmsTimeout;
dpms-lock = pkgs.writeShellScript "dpms-lock" ''
${pkgs.swayidle}/bin/swayidle \
timeout ${dpmsTimeout} "${pkgs.hyprland}/bin/hyprctl dispatch dpms off" \
resume "${pkgs.hyprland}/bin/hyprctl dispatch dpms on" &
dpmsTimeout = config.mod.swaylock.dpmsTimeout;
dpms-lock = pkgs.writeShellScript "dpms-lock" ''
${pkgs.swayidle}/bin/swayidle \
timeout ${dpmsTimeout} "${pkgs.hyprland}/bin/hyprctl dispatch dpms off" \
resume "${pkgs.hyprland}/bin/hyprctl dispatch dpms on" &
${pkgs.swaylock}/bin/swaylock && ${pkgs.procps}/bin/pkill swayidle
'';
in
${pkgs.swaylock}/bin/swaylock && ${pkgs.procps}/bin/pkill swayidle
'';
in
[
"$mod, x, exec, ${pause-music}; ${dpms-lock}"
"$mod SHIFT, x, exec, ${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend"

16
hosts/pinwheel/modules/syncthing/default.nix
View File

@@ -16,13 +16,17 @@
devices = {
phone.id = config.lib.syncthing.phone;
backwards.id = config.lib.syncthing.backwards;
sombrero.id = config.lib.syncthing.sombrero;
manatee.id = config.lib.syncthing.manatee;
};
folders = {
org = {
path = "/home/alex/sync/org";
devices = [ "sombrero" "phone" "backwards" ];
devices = [
"phone"
"backwards"
"manatee"
];
versioning = {
type = "staggered";
params = {
@@ -33,7 +37,7 @@
personal = {
path = "/home/alex/sync/personal";
devices = [ "sombrero" "backwards" ];
devices = [ "backwards" ];
versioning = {
type = "staggered";
params = {
@@ -44,7 +48,7 @@
work = {
path = "/home/alex/sync/work";
devices = [ "sombrero" "backwards" ];
devices = [ "backwards" ];
versioning = {
type = "staggered";
params = {
@@ -54,8 +58,8 @@
};
books = {
path = "/home/alex/sync/books";
devices = [ "sombrero" "backwards" ];
path = "/home/alex/sync/reading-material/books";
devices = [ "backwards" ];
versioning = {
type = "staggered";
params = {

2
hosts/pinwheel/modules/terraform/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}:
{ pkgs, ... }:
{
home-manager.users.alex = {
home.packages = [

16
hosts/pinwheel/modules/vm/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.vm.enable;
in
@@ -12,7 +17,10 @@ in
config = lib.mkIf enabled {
virtualisation = {
spiceUSBRedirection.enable = true; # Allow redirecting USB to the VM
libvirtd.enable = true;
libvirtd = {
enable = true;
qemu.vhostUserPackages = [ pkgs.virtiofsd ];
};
};
users.users.alex = {
@@ -26,8 +34,8 @@ in
home-manager.users.alex = {
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
autoconnect = [ "qemu:///system" ];
uris = [ "qemu:///system" ];
};
};
};

133
hosts/pinwheel/modules/waybar/default.nix
View File

@@ -1,15 +1,20 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
hyprlandEnabled = config.mod.hyprland.enable;
spotify-status = pkgs.writeShellScript "spotify-status" ''
STATUS=$(${pkgs.playerctl}/bin/playerctl -p spotify status 2>&1)
music-status = pkgs.writeShellScript "music-status" ''
STATUS=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify status 2>&1)
if [ "$STATUS" = "No players found" ]; then
echo ""
else
FORMAT="{{markup_escape(xesam:title)}} - {{markup_escape(xesam:artist)}}"
OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p spotify metadata --format "$FORMAT")
OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify metadata --format "$FORMAT")
case "$STATUS" in
"Playing")
echo "<span font='14' rise='-3000'></span> $OUTPUT"
@@ -35,49 +40,47 @@ let
fi
'';
mullvad = pkgs.writeShellScript "mullvad" ''
STATUS_DISCONNECTING="Disconnecting"
STATUS_DISCONNECTED="Disconnected"
STATUS_CONNECTING="Connecting"
STATUS_CONNECTED="Connected"
status() {
STATUS=$(${pkgs.mullvad}/bin/mullvad status | ${pkgs.gawk}/bin/awk 'NR==1{print $1}')
echo $STATUS
}
tailscale = pkgs.writeShellScript "tailscale" ''
STATUS_STOPPED="Tailscale is stopped."
output() {
case $(status) in
$STATUS_DISCONNECTED)
echo '{ "text": "", "class": "disconnected" }' ;;
$STATUS_CONNECTING)
echo '{ "text": "", "tooltip": "Connecting", "class": "disconnected" }' ;;
$STATUS_CONNECTED)
TOOLTIP=$(${pkgs.mullvad}/bin/mullvad status | ${pkgs.gawk}/bin/awk 'NR==1')
echo "{ \"text\": \"\", \"tooltip\":\"$TOOLTIP\" }" ;;
$STATUS_DISCONNECTING)
echo '{ "text": "", "tooltip": "Disconnecting", "class": "disconnected" }' ;;
STATUS=$(tailscale status)
case $STATUS in
$STATUS_STOPPED)
echo '{ "text": "", "class": "disconnected" }' ;;
*)
echo '{ "text": "", "tooltip": "Status unknown", "class": "disconnected" }' ;;
esac
}
EXIT_NODE=$(tailscale status --json | ${pkgs.jq}/bin/jq .ExitNodeStatus)
toggle() {
CURRENT_STATUS=$(status)
EXIT_NODE_ONLINE=$(echo $EXIT_NODE | ${pkgs.jq}/bin/jq .Online)
if [ "$EXIT_NODE_ONLINE" == "null" ]; then
echo '{ "text": "", "class": "disconnected" }'
exit 0
fi
case "$CURRENT_STATUS" in
$STATUS_DISCONNECTED)
${pkgs.mullvad}/bin/mullvad connect --wait > /dev/null && ${pkgs.libnotify}/bin/notify-send "Connected to VPN";;
$STATUS_CONNECTED)
${pkgs.mullvad}/bin/mullvad disconnect --wait > /dev/null && ${pkgs.libnotify}/bin/notify-send "Disconnected from VPN";;
EXIT_NODE_ID=$(echo $EXIT_NODE | ${pkgs.jq}/bin/jq .ID)
EXIT_NODE_NAME=$(tailscale status --json | ${pkgs.jq}/bin/jq ".Peer.[] | select(.ID == $EXIT_NODE_ID) | .HostName")
echo "{ \"text\": \"\", \"tooltip\": $EXIT_NODE_NAME }"
;;
esac
}
toggle-exit-node() {
PREFERRED_EXIT_NODE=$(${pkgs.coreutils}/bin/cat ${config.age.secrets.tailscale-preferred-exit-node.path})
EXIT_NODE_ONLINE=$(tailscale status --json | ${pkgs.jq}/bin/jq .ExitNodeStatus.Online)
if [ "$EXIT_NODE_ONLINE" == "true" ]; then
tailscale set --exit-node="" && ${pkgs.libnotify}/bin/notify-send "Disconnected from Exit Node"
else
tailscale set --exit-node=$PREFERRED_EXIT_NODE && ${pkgs.libnotify}/bin/notify-send "Connected to Exit Node"
fi
}
case $1 in
--toggle)
toggle ;;
--toggle-exit-node)
toggle-exit-node ;;
--output)
output ;;
output ;;
esac
'';
@@ -123,12 +126,12 @@ in
modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
modules-right = [
"custom/work-vpn-status"
"custom/spotify"
"custom/music"
"custom/container-status"
"custom/dunst"
"custom/mullvad"
"bluetooth"
"wireplumber"
"custom/tailscale"
"network"
"battery"
"clock"
@@ -136,12 +139,12 @@ in
"custom/work-vpn-status" = {
exec = "${work-vpn-status}";
interval = 1;
interval = 2;
};
"custom/spotify" = {
exec = spotify-status;
interval = 1;
"custom/music" = {
exec = music-status;
interval = 2;
max-length = 70;
tooltip = false;
};
@@ -149,21 +152,21 @@ in
"custom/container-status" = {
exec = "${container-status}";
return-type = "json";
interval = 1;
interval = 2;
};
"custom/dunst" = {
exec = notifications-status;
on-click-right = "${pkgs.dunst}/bin/dunstctl set-paused toggle";
interval = 1;
interval = 2;
tooltip = false;
};
"custom/mullvad" = {
exec = "${mullvad} --output";
"custom/tailscale" = {
exec = "${tailscale} --output";
return-type = "json";
on-click-right = "${mullvad} --toggle";
interval = 1;
on-click-right = "${tailscale} --toggle-exit-node";
interval = 2;
};
bluetooth = {
@@ -194,8 +197,15 @@ in
"interval" = 60;
"format" = "<span font='10' rise='1000'>{icon}</span> {capacity}%";
"format-time" = "{H}h {M}min";
"format-charging" ="󰂄 {capacity}%";
"format-icons" = ["󰁺" "󰁻" "󰁽" "󰁿" "󰂁" "󰁹" ];
"format-charging" = "󰂄 {capacity}%";
"format-icons" = [
"󰁺"
"󰁻"
"󰁽"
"󰁿"
"󰂁"
"󰁹"
];
};
"clock" = {
@@ -212,7 +222,10 @@ in
height = 30;
spacing = 20;
fixed-center = false;
output = [ "HDMI-A-1" ];
output = [
"HDMI-A-1"
"DP-3"
];
modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
modules-right = [
@@ -222,7 +235,7 @@ in
"custom/work-vpn-status" = {
exec = "${work-vpn-status}";
interval = 1;
interval = 2;
};
"clock" = {
@@ -267,7 +280,11 @@ in
color: #${config.lib.colors.warning};
}
#custom-mullvad.disconnected {
#custom-tailscale {
font-size: 30px;
}
#custom-tailscale.disconnected {
color: #${config.lib.colors.warning};
}
@@ -286,4 +303,12 @@ in
'';
};
};
age.secrets = {
"tailscale-preferred-exit-node" = {
file = ../../../../secrets/pinwheel/tailscale-preferred-exit-node.age;
owner = "alex";
group = "users";
};
};
}

7
hosts/pinwheel/modules/wezterm/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.wezterm.enable;

33
hosts/pinwheel/modules/work/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
gitEnabled = config.mod.git.enable;
goEnabled = config.mod.go.enable;
@@ -7,20 +12,24 @@ in
{
home-manager.users.alex = {
home.sessionVariables = {
GITHUB_ACTOR="Alexander Heldt";
GITHUB_TOKEN="$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})";
GITHUB_ACTOR = "Alexander Heldt";
GITHUB_TOKEN = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})";
};
home.packages = [
(pkgs.callPackage ./syb-cli.nix {})
(pkgs.callPackage ./pants.nix {})
# (pkgs.callPackage ./pants.nix { inherit (pkgs) system; })
# (pkgs.callPackage ./syb-cli.nix { })
(pkgs.jetbrains.plugins.addPlugins pkgs.jetbrains.idea-ultimate [ "ideavim" ])
(pkgs.google-cloud-sdk.withExtraComponents [ pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin ])
(pkgs.graphite-cli.overrideAttrs(_: {
version = "1.4.3";
}))
pkgs.xdg-utils # needed by graphite-cli
(pkgs.google-cloud-sdk.withExtraComponents [
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
])
pkgs.graphite-cli
pkgs.postman
pkgs.grpcurl
# for `radio`
pkgs.go-mockery
@@ -28,7 +37,9 @@ in
];
programs.go = lib.mkIf goEnabled {
goPrivate = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ];
env = {
GOPRIVATE = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ];
};
};
programs.git = lib.mkIf gitEnabled {

84
hosts/pinwheel/modules/work/pants.nix
View File

@@ -1,47 +1,69 @@
{
fetchurl,
system,
pkgs,
lib,
...
}:
let
pname = "pants";
version = "0.12.0";
scie-pants = pkgs.stdenv.mkDerivation {
inherit pname version;
if_let = v: p: if lib.attrsets.matchAttrs p v then v else null;
match =
v: l: builtins.elemAt (lib.lists.findFirst (x: (if_let v (builtins.elemAt x 0)) != null) null l) 1;
src = fetchurl {
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-${pname}-linux-x86_64";
hash = "sha256-9PjgobndxVqDTYGtw1HESrtzwzH2qE9zFwR26xtwZrM=";
};
package = match { platform = system; } [
[
{ platform = "aarch64-linux"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-linux-aarch64";
hash = lib.fakeSha256;
}
]
[
{ platform = "x86_64-linux"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-linux-x86_64";
hash = "sha256-9PjgobndxVqDTYGtw1HESrtzwzH2qE9zFwR26xtwZrM=";
}
]
[
{ platform = "aarch64-darwin"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-macos-aarch64";
hash = "sha256-1Ha8GAOl7mWVunGKf7INMjar+jnLXaDEPStqE+kK3D4=";
}
]
];
phases = ["installPhase" "patchPhase"];
unpatched = pkgs.stdenv.mkDerivation {
name = "scie-pants";
version = version;
sourceRoot = ".";
phases = [
"installPhase"
"patchPhase"
];
src = pkgs.fetchurl package;
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp $src $out/bin/pants
chmod +x $out/bin/pants
runHook postInstall
'';
};
patched = pkgs.buildFHSEnv {
name = "pants";
targetPackages = [ pkgs.python39 ];
runScript = "${unpatched}/bin/pants";
profile = ''
export NIX_SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"
export SSL_CERT_FILE="/etc/ssl/certs/ca-bundle.crt"
'';
};
in
pkgs.buildFHSUserEnv {
name = "pants";
targetPackages = with pkgs; [
python39
];
runScript = "${scie-pants}/bin/pants";
profile = ''
export NIX_SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"
export SSL_CERT_FILE="/etc/ssl/certs/ca-bundle.crt"
'';
meta = with lib; {
description = "Protects your Pants from the elements";
homepage = "https://github.com/pantsbuild/scie-pants";
license = licenses.asl20;
maintainers = [];
platforms = [ "x86_64-linux" ];
mainProgram = "pants";
};
}
if pkgs.stdenv.isDarwin then unpatched else patched

9
hosts/pinwheel/modules/zsh/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.zsh.enable;
in
@@ -49,7 +54,7 @@ in
}
];
initExtra = lib.strings.concatStringsSep "\n" [
initContent = lib.strings.concatStringsSep "\n" [
"export KEYTIMEOUT=1"
"bindkey -v '^?' backward-delete-char"
"bindkey '^a' beginning-of-line"

79
hosts/sombrero/configuration.nix
View File

@@ -1,79 +0,0 @@
{ pkgs, ... }:
{
imports =
[
../../config-manager/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./modules
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
environment.variables.EDITOR = "vim";
hardware.enableRedistributableFirmware = true;
# Set your time zone.
time.timeZone = "Europe/Stockholm";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
users = {
mutableUsers = false;
users.root = {
hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/";
};
users."alex" = {
isNormalUser = true;
hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/";
extraGroups = [ "wheel" ];
};
};
environment.systemPackages = with pkgs; [
gnumake
mkpasswd
vim
];
config-manager = {
flakePath = "/home/alex/config";
};
mod = {
git.enable = true;
ssh.enable = true;
docker.enable = true;
nginx.enable = true;
syncthing.enable = true;
plex.enable = true;
calibre-web.enable = true;
transmission.enable = true;
restic.enable = true;
pppdotpm-site.enable = false;
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

52
hosts/sombrero/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/15329cb1-655e-475d-96f0-bfb8ccd05167";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AD29-0697";
fsType = "vfat";
};
fileSystems."/home/alex/media" =
{ device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
fsType = "ext4";
options = [ "nofail" ];
};
fileSystems."/home/alex/backup" =
{ device = "/dev/disk/by-uuid/34601701-65e6-4b2c-ac4d-8bef3dfd743f";
fsType = "ext4";
options = [ "nofail" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/98c46b15-7efe-43fd-8812-7e2c01f5a40a"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

25
hosts/sombrero/modules/boot/default.nix
View File

@@ -1,25 +0,0 @@
{ pkgs, ... }: {
boot = {
loader = {
grub.enable = false;
efi.canTouchEfiVariables = true;
raspberryPi = {
enable = true;
version = 4;
};
};
tmp = {
useTmpfs = true;
};
kernelPackages = pkgs.linuxPackages_rpi4;
kernelParams = [
"8250.nr_uarts=1"
"console=ttyAMA0,115200"
"console=tty1"
"cma=128M"
];
};
}

52
hosts/sombrero/modules/calibre-web/default.nix
View File

@@ -1,52 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.calibre-web.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
options = {
mod.calibre-web = {
enable = lib.mkEnableOption "add calibre-web module";
};
};
config = lib.mkIf (enabled && nginxEnabled) {
services = {
calibre-web = {
enable = true;
user = "alex";
group = "users";
listen = {
ip = "127.0.0.1";
port = 8083;
};
options = {
calibreLibrary = "/home/alex/backup/books";
enableBookUploading = true;
};
};
};
networking = {
firewall = {
allowedTCPPorts = [ 8083 ];
};
};
services = {
nginx = {
virtualHosts."books.sombrero.a2x.se" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8083";
};
};
};
};
};
}

8
hosts/sombrero/modules/default.nix
View File

@@ -1,8 +0,0 @@
{ lib, ... }:
let
toModulePath = dir: _: ./. + "/${dir}";
filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs;
in
{
imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.));
}

29
hosts/sombrero/modules/docker/default.nix
View File

@@ -1,29 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.docker.enable;
in
{
options = {
mod.docker = {
enable = lib.mkEnableOption "enable docker module";
};
};
config = lib.mkIf enabled {
virtualisation = {
docker = {
enable = true;
};
oci-containers = {
backend = "docker";
};
};
users.users.alex.extraGroups = [ "docker" ];
home-manager.users.alex = {
home.packages = [ pkgs.docker-compose ];
};
};
}

6
hosts/sombrero/modules/mullvad/default.nix
View File

@@ -1,6 +0,0 @@
{ ... }:
{
services.mullvad-vpn = {
enable = true;
};
}

18
hosts/sombrero/modules/network/default.nix
View File

@@ -1,18 +0,0 @@
{
networking = {
hostName = "sombrero";
defaultGateway = "192.168.50.1";
nameservers = [ "8.8.8.8" ];
interfaces = {
eth0 = {
ipv4 = {
addresses = [{
address = "192.168.50.200";
prefixLength = 24;
}];
};
};
};
};
}

42
hosts/sombrero/modules/plex/default.nix
View File

@@ -1,42 +0,0 @@
{ lib, config, ... }:
let
enable = config.mod.plex.enable;
dockerEnabled = config.mod.docker.enable;
in
{
options = {
mod.plex = {
enable = lib.mkEnableOption "enable plex module";
};
};
config = lib.mkIf (enable && dockerEnabled) {
virtualisation = {
oci-containers.containers = {
plex = {
image = "linuxserver/plex";
autoStart = true;
environment = {
TZ = "Europe/Stockholm";
VERSION = "latest";
};
extraOptions = [ "--network=host" ];
volumes = [
"/home/alex/media/plex/db:/config"
"/home/alex/media/movies:/movies"
"/home/alex/media/tv:/tv"
];
};
};
};
networking = {
firewall = {
allowedTCPPorts = [ 32400 ];
};
};
};
}

Some files were not shown because too many files have changed in this diff Show More