alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:1c985332e0845ab6ba4b2250434d08751d5b9113
Branches Tags
alex:main
..
compare: alex:main
Branches Tags
alex:main

17 Commits
1c985332e0 ... main

Author SHA1 Message Date
Alexander Heldt
7839d2604c pinwheel/backwards/tadpole: Remove codeberg.org 2026-01-10 13:32:03 +01:00
Alexander Heldt
3839cee199 pinwheel: Fix hyprland "smart borders" 2026-01-09 16:15:57 +01:00
Alexander Heldt
f4870970d5 pinwheel: Use hyprland nixos module 2026-01-09 16:15:20 +01:00
Alexander Heldt
0ddc0c7fef manatee: Update machine IP for ha.ppp.pm 2026-01-07 14:24:39 +00:00
Alexander Heldt
7a510c5d14 pinwheel: Update idea after updated flake inputs 2026-01-07 14:33:17 +01:00
Alexander Heldt
55ab0f2f92 pinwheel: Update hyprland after updated inputs 2026-01-07 14:32:38 +01:00
Alexander Heldt
d5e159561d Update flake inputs 2026-01-07 14:31:49 +01:00
Alexander Heldt
cc96dc072f manatee: Open jellyfin port 2026-01-06 17:05:02 +00:00
Alexander Heldt
c064d277ca manatee: Ensure local traffic works next to VPN 2026-01-06 17:04:53 +00:00
Alexander Heldt
5f756ae514 backwards: Fix gnome settings 2026-01-05 18:00:57 +01:00
Alexander Heldt
b142891955 backwards: Adjust to updated nixpkgs 2026-01-05 17:47:16 +01:00
Alexander Heldt
61c73fcfaf manatee: Add home-assistant module 2026-01-05 17:44:30 +01:00
Alexander Heldt
209c2f7c81 manatee: Add secret for Hetzner DNS API key 2026-01-05 17:44:29 +01:00
Alexander Heldt
926fbcb169 manatee: Open port 443 for nginx 2026-01-05 17:44:28 +01:00
Alexander Heldt
4ba82c4648 manatee: Remove books.ppp.pm virtual host 2026-01-05 17:44:27 +01:00
Alexander Heldt
06f82d2778 manatee: Add komga module 2026-01-05 17:44:25 +01:00
Alexander Heldt
e8fcf8102c tadpole: Fix gitea oauth2 issuer URL 
To have a trailing slash, which is expected of pre gitea 1.25
`tailscale` integrations
 2026-01-04 19:31:28 +01:00
27 changed files with 858 additions and 131 deletions
Expand all files Collapse all files

586
flake.lock generated
View File

@@ -23,6 +23,39 @@
"type": "github"
}
},
"aquamarine": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1767024902,
"narHash": "sha256-sMdk6QkMDhIOnvULXKUM8WW8iyi551SWw2i6KQHbrrU=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "b8a0c5ba5a9fbd2c660be7dd98bdde0ff3798556",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "aquamarine",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@@ -73,11 +106,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1766826803,
"narHash": "sha256-eX9nR+5eKip1ivAumMPnjG9DTVIREDaLqW3jhnvr8c0=",
"lastModified": 1767777451,
"narHash": "sha256-rWTDh+NZl2hTXmfHPaIpRwSRlhbLHY8UaXTCU5zwzDk=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "246eecc2b1dd66d4fcc2857d1a579d9452bd85ed",
"rev": "32dceb02d7b008d127988876a48c5d471179e8e6",
"type": "github"
},
"original": {
@@ -86,9 +119,41 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1765121682,
"narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
@@ -104,6 +169,49 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": [
"nix-jetbrains-plugins",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"hyprland",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -132,11 +240,11 @@
]
},
"locked": {
"lastModified": 1766682973,
"narHash": "sha256-GKO35onS711ThCxwWcfuvbIBKXwriahGqs+WZuJ3v9E=",
"lastModified": 1767792169,
"narHash": "sha256-WSAu+ZxF697u/OJDdBLO+YFhtqFsPowrXXOQbjDT/uA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "91cdb0e2d574c64fae80d221f4bf09d5592e9ec2",
"rev": "aea57993a89bfc2a66c0434e0f4383ebf164e2a3",
"type": "github"
},
"original": {
@@ -145,6 +253,96 @@
"type": "github"
}
},
"hyprcursor": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1753964049,
"narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprcursor",
"type": "github"
}
},
"hyprgraphics": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1766946335,
"narHash": "sha256-MRD+Jr2bY11MzNDfenENhiK6pvN+nHygxdHoHbZ1HtE=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "4af02a3925b454deb1c36603843da528b67ded6c",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprgraphics",
"type": "github"
}
},
"hyprland": {
"inputs": {
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor",
"hyprgraphics": "hyprgraphics",
"hyprland-guiutils": "hyprland-guiutils",
"hyprland-protocols": "hyprland-protocols",
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"hyprwire": "hyprwire",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_2",
"xdph": "xdph"
},
"locked": {
"lastModified": 1767907620,
"narHash": "sha256-zpQr4jkAoARBI22dFDnRekUagdRt6Mfc+ThpSSHm90s=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "5b1b79c29c5e0ea974b2a9da5d122dd0f3bedca6",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-contrib": {
"inputs": {
"nixpkgs": [
@@ -165,6 +363,237 @@
"type": "github"
}
},
"hyprland-guiutils": {
"inputs": {
"aquamarine": [
"hyprland",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprtoolkit": "hyprtoolkit",
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1767023960,
"narHash": "sha256-R2HgtVS1G3KSIKAQ77aOZ+Q0HituOmPgXW9nBNkpp3Q=",
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"rev": "c2e906261142f5dd1ee0bfc44abba23e2754c660",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1765214753,
"narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1764612430,
"narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "0d00dc118981531aa731150b6ea551ef037acddd",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprtoolkit": {
"inputs": {
"aquamarine": [
"hyprland",
"hyprland-guiutils",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprland-guiutils",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprland-guiutils",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-guiutils",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprland-guiutils",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"hyprland-guiutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-guiutils",
"systems"
]
},
"locked": {
"lastModified": 1764592794,
"narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=",
"owner": "hyprwm",
"repo": "hyprtoolkit",
"rev": "5cfe0743f0e608e1462972303778d8a0859ee63e",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprtoolkit",
"type": "github"
}
},
"hyprutils": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1766253372,
"narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprutils",
"type": "github"
}
},
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1763640274,
"narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"type": "github"
}
},
"hyprwire": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1767473322,
"narHash": "sha256-RGOeG+wQHeJ6BKcsSB8r0ZU77g9mDvoQzoTKj2dFHwA=",
"owner": "hyprwm",
"repo": "hyprwire",
"rev": "d5e7d6b49fe780353c1cf9a1cf39fa8970bd9d11",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwire",
"type": "github"
}
},
"naviterm": {
"inputs": {
"flake-utils": "flake-utils",
@@ -193,11 +622,11 @@
]
},
"locked": {
"lastModified": 1766234633,
"narHash": "sha256-0BES8Gas4ci6Q/TTPToOANZNbgznjnWpqpNxgJspLlM=",
"lastModified": 1767773550,
"narHash": "sha256-8VCfAbKKj+OHD5Mz5TBB7mE/zWe/5MyFTbXEayI0WG8=",
"owner": "viperML",
"repo": "nh",
"rev": "84785ab6f981ef6d0615a94e7f48ba572e8a884a",
"rev": "5f279c597e6e2af1757e0cd0b071aeb29d3e85a5",
"type": "github"
},
"original": {
@@ -221,13 +650,36 @@
"type": "github"
}
},
"nix-jetbrains-plugins": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_4"
},
"locked": {
"lastModified": 1767434185,
"narHash": "sha256-S289tJM4HQQStEF9QMCtS93duiYwfecWy/zhBoEb890=",
"owner": "nix-community",
"repo": "nix-jetbrains-plugins",
"rev": "d3b3c5d901ce5980dec75f54f2ca6446f51b3451",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-jetbrains-plugins",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1766568855,
"narHash": "sha256-UXVtN77D7pzKmzOotFTStgZBqpOcf8cO95FcupWp4Zo=",
"lastModified": 1767185284,
"narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "c5db9569ac9cc70929c268ac461f4003e3e5ca80",
"rev": "40b1a28dce561bea34858287fbb23052c3ee63fe",
"type": "github"
},
"original": {
@@ -239,11 +691,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1766651565,
"narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
"lastModified": 1767640445,
"narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
"rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5",
"type": "github"
},
"original": {
@@ -255,11 +707,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1766687554,
"narHash": "sha256-DegN7KD/EtFSKXf2jvqL6lvev6GlfAAatYBcRC8goEo=",
"lastModified": 1767313136,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd0ca39c92fdb4012ed8d60e1683c26fddadd136",
"rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d",
"type": "github"
},
"original": {
@@ -290,16 +742,41 @@
"url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1767281941,
"narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"emacs-overlay": "emacs-overlay",
"home-manager": "home-manager_2",
"hyprland": "hyprland",
"hyprland-contrib": "hyprland-contrib",
"naviterm": "naviterm",
"nh": "nh",
"nix-gc-env": "nix-gc-env",
"nix-jetbrains-plugins": "nix-jetbrains-plugins",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"pppdotpm-site": "pppdotpm-site",
@@ -323,6 +800,36 @@
}
},
"systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -378,6 +885,47 @@
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"hyprland",
"hyprland-protocols"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1761431178,
"narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "4b8801228ff958d028f588f0c2b911dbf32297f9",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
}
},
"root": "root",

10
flake.nix
View File

@@ -33,11 +33,21 @@
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland = {
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland-contrib = {
url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-jetbrains-plugins = {
url = "github:nix-community/nix-jetbrains-plugins";
inputs.nixpkgs.follows = "nixpkgs";
};
naviterm = {
url = "gitlab:detoxify92/naviterm";
inputs.nixpkgs.follows = "nixpkgs";

3
hosts/backwards/modules/git/gitconfig
View File

@@ -4,6 +4,3 @@
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/

16
hosts/backwards/modules/gnome/default.nix
View File

@@ -8,14 +8,6 @@
};
};
xserver = {
enable = true;
xkb = {
layout = "se";
variant = "";
};
desktopManager = {
gnome.enable = true;
};
@@ -23,6 +15,14 @@
displayManager = {
gdm.enable = true;
};
xserver = {
enable = true;
xkb = {
layout = "se";
variant = "";
};
};
};

18
hosts/backwards/modules/ssh/default.nix
View File

@@ -35,11 +35,6 @@ in
identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
};
"codeberg.org" = {
hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.backwards-codeberg.org";
};
"*" = {
forwardAgent = false;
addKeysToAgent = "no";
@@ -136,19 +131,6 @@ in
owner = "alex";
group = "users";
};
"alex.backwards-codeberg.org" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org";
owner = "alex";
group = "users";
};
"alex.backwards-codeberg.org.pub" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org.pub";
owner = "alex";
group = "users";
};
};
};
}

13
hosts/manatee/modules/calibre-web/default.nix
View File

@@ -29,19 +29,6 @@ in
enableBookUploading = true;
};
};
nginx = {
virtualHosts."books.ppp.pm" = {
extraConfig = ''
client_max_body_size 1024M;
'';
locations."/" = {
proxyPass = "http://0.0.0.0:8083"; # TODO add option for port + host
};
};
};
};
};
}

31
hosts/manatee/modules/certs/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@ppp.pm";
};
certs = {
"ha.ppp.pm" = {
dnsProvider = "hetzner";
environmentFile = config.age.secrets.hetzner-dns.path;
group = "nginx";
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s" # Wait for 60 seconds for DNS propagation
"--dns-timeout=60"
"--http-timeout=60"
];
};
};
};
age = {
secrets = {
"hetzner-dns".file = ../../../../secrets/manatee/hetzner-dns.age;
};
};
}

1
hosts/manatee/modules/default.nix
View File

@@ -21,6 +21,7 @@ in
jellyfin.enable = true;
immich.enable = true;
navidrome.enable = true;
komga.enable = true;
};
};
}

138
hosts/manatee/modules/home-assistant/default.nix Normal file
View File

@@ -0,0 +1,138 @@
{
pkgs,
lib,
config,
...
}:
let
nginxEnabled = config.mod.nginx.enable;
in
{
hardware.bluetooth.enable = true;
virtualisation.oci-containers = {
backend = "podman";
containers.homeassistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
volumes = [
"/home/alex/.config/home-assistant:/config"
# Pass in bluetooth
"/run/dbus:/run/dbus:ro"
];
environment.TZ = "Europe/Stockholm";
extraOptions = [
"--network=host"
# Allows HA to perform low-level network operations (scan/reset adapter)
"--cap-add=NET_ADMIN"
"--cap-add=NET_RAW"
# Pass in Zigbee antenna
"--device=/dev/serial/by-id/usb-Nabu_Casa_ZBT-2_9C139EAAD464-if00:/dev/ttyACM0"
];
};
};
services = {
blueman.enable = true;
nginx = lib.mkIf nginxEnabled {
recommendedProxySettings = true;
virtualHosts."ha.ppp.pm" = {
forceSSL = true;
useACMEHost = "ha.ppp.pm";
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8123";
proxyWebsockets = true;
};
};
};
};
systemd.user = {
timers = {
"update-hetzner-ha-dns" = {
unitConfig = {
Description = "updates Hetzner DNS for home-assistant";
};
timerConfig = {
Unit = "update-hetzner-ha-dns.service";
OnCalendar = "*-*-* *:00/30:00";
Persistent = true;
};
wantedBy = [ "timers.target" ];
};
};
services = {
"update-hetzner-ha-dns" = {
unitConfig = {
Description = "updates Hetzner DNS for home-assistant";
};
serviceConfig = {
Type = "exec";
EnvironmentFile = config.age.secrets.hetzner-dns.path;
};
path = [
pkgs.curl
pkgs.coreutils # For `cat`
pkgs.jq
];
script = ''
LAST_IP_FILE="/tmp/hetzner-dns-ha-ip"
INTERFACE="enp3s0"
CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me)
LAST_IP=""
if [[ -f "$LAST_IP_FILE" ]]; then
LAST_IP=$(cat "$LAST_IP_FILE")
fi
if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then
echo "IP unchanged, NOOP update."
exit 0
else
echo "Updating IP"
JSON_BODY=$(jq -n --arg ip "$CURRENT_IP" '{records: [{value: $ip}]}')
curl \
--fail \
-X POST \
-H "Authorization: Bearer $HETZNER_API_TOKEN" \
-H "Content-Type: application/json" \
-d "$JSON_BODY" \
"https://api.hetzner.cloud/v1/zones/ppp.pm/rrsets/ha/A/actions/set_records" \
&& echo $CURRENT_IP > $LAST_IP_FILE
fi
'';
};
};
};
age = {
secrets = {
"hetzner-dns" = {
file = ../../../../secrets/manatee/hetzner-dns.age;
owner = "alex";
group = "users";
};
};
};
}

4
hosts/manatee/modules/jellyfin/default.nix
View File

@@ -46,6 +46,10 @@ in
};
};
networking = {
firewall.allowedTCPPorts = [ 8096 ];
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web

28
hosts/manatee/modules/komga/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{ lib, config, ... }:
let
enabled = config.mod.komga.enable;
in
{
options = {
mod.komga = {
enable = lib.mkEnableOption "Enable komga module";
};
};
config = lib.mkIf enabled {
users.users.komga = {
isSystemUser = true;
group = "storage";
};
services.komga = {
enable = true;
user = "komga";
group = "storage";
settings.server.port = 8002;
openFirewall = true;
};
};
}

30
hosts/manatee/modules/network/default.nix
View File

@@ -1,8 +1,15 @@
{ ... }:
let
hostAddress = "192.168.50.203";
in
{
networking = {
hostName = "manatee";
# Required for asymmetric routing (sending replies out a different interface
# than the default route). Without this, the kernel drops the return traffic.
firewall.checkReversePath = "loose";
defaultGateway = "192.168.50.1";
nameservers = [ "1.1.1.1" ];
interfaces = {
@@ -11,12 +18,33 @@
ipv4 = {
addresses = [
{
address = "192.168.50.203";
address = hostAddress;
prefixLength = 24;
}
];
};
ipv4.routes = [
{
address = "0.0.0.0";
prefixLength = 0;
via = "192.168.50.1"; # Router
options = {
table = "100";
};
}
];
};
};
localCommands = ''
# Ensure local LAN traffic uses the main table, e.g. responds to the local machine
ip rule list | grep -q "192.168.50.0/24 lookup main" || \
ip rule add to 192.168.50.0/24 lookup main priority 4999
# All other traffic from this IP uses Table 100 (e.g. responds to router and back out)
ip rule list | grep -q "from ${hostAddress} lookup 100" || \
ip rule add from ${hostAddress} lookup 100 priority 5000
'';
};
}

6
hosts/manatee/modules/nginx/default.nix
View File

@@ -18,5 +18,11 @@ in
recommendedTlsSettings = true;
};
};
networking = {
firewall = {
allowedTCPPorts = [ 443 ];
};
};
};
}

3
hosts/pinwheel/modules/git/gitconfig
View File

@@ -5,8 +5,5 @@
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/
[url "gitea@git.ppp.pm:"]
insteadOf = https://git.ppp.pm/

20
hosts/pinwheel/modules/hyprland/default.nix
View File

@@ -1,4 +1,5 @@
{
inputs,
pkgs,
lib,
config,
@@ -15,13 +16,20 @@ in
};
config = lib.mkIf enabled {
home-manager.users.alex = {
wayland.windowManager.hyprland = {
programs.hyprland = {
enable = true;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage =
inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
xwayland = {
enable = true;
};
};
home-manager.users.alex = {
wayland.windowManager.hyprland = {
enable = true;
extraConfig = ''
exec-once=waybar
@@ -47,10 +55,10 @@ in
workspace = w[tv1], gapsout:0, gapsin:0
workspace = f[1], gapsout:0, gapsin:0
windowrulev2 = bordersize 0, floating:0, onworkspace:w[tv1]
windowrulev2 = rounding 0, floating:0, onworkspace:w[tv1]
windowrulev2 = bordersize 0, floating:0, onworkspace:f[1]
windowrulev2 = rounding 0, floating:0, onworkspace:f[1]
windowrule = border_size 0, match:float 0, match:workspace w[tv1]
windowrule = rounding 0, match:float 0, match:workspace w[tv1]
windowrule = border_size 0, match:float 0, match:workspace f[1]
windowrule = rounding 0, match:float 0, match:workspace f[1]
exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
'';

18
hosts/pinwheel/modules/ssh/default.nix
View File

@@ -31,11 +31,6 @@
identityFile = "/home/alex/.ssh/alex.pinwheel-github.com";
};
"codeberg.org" = {
hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
};
"git.ppp.pm" = {
hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
@@ -99,19 +94,6 @@
group = "users";
};
"alex.pinwheel-codeberg.org" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.age;
path = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
owner = "alex";
group = "users";
};
"alex.pinwheel-codeberg.org.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-codeberg.org.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-git.ppp.pm" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";

7
hosts/pinwheel/modules/work/default.nix
View File

@@ -1,4 +1,5 @@
{
inputs,
pkgs,
lib,
config,
@@ -20,7 +21,11 @@ in
# (pkgs.callPackage ./pants.nix { inherit (pkgs) stdenv.hostPlatform.system; })
# (pkgs.callPackage ./syb-cli.nix { })
(pkgs.jetbrains.plugins.addPlugins pkgs.jetbrains.idea [ "ideavim" ])
(inputs.nix-jetbrains-plugins.lib."${pkgs.stdenv.hostPlatform.system}".buildIdeWithPlugins
pkgs.jetbrains
"idea"
[ "IdeaVIM" ]
)
(pkgs.google-cloud-sdk.withExtraComponents [
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin

4
hosts/tadpole/modules/gitea/default.nix
View File

@@ -67,6 +67,10 @@ in
HTTP_PORT = 3001;
};
oauth2 = {
JWT_CLAIM_ISSUER = "https://${gitDomain}/";
};
database = {
type = "sqlite3";
passwordFile = config.age.secrets.gitea-dbpassword.path;

18
hosts/tadpole/modules/ssh/default.nix
View File

@@ -28,11 +28,6 @@ in
identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm";
};
"codeberg.org" = {
hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.tadpole-codeberg.org";
};
"*" = {
forwardAgent = false;
addKeysToAgent = "no";
@@ -114,19 +109,6 @@ in
owner = "alex";
group = "users";
};
"alex.tadpole-codeberg.org" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org";
owner = "alex";
group = "users";
};
"alex.tadpole-codeberg.org.pub" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org.pub";
owner = "alex";
group = "users";
};
};
};
}

BIN
secrets/backwards/alex.backwards-codeberg.org.age
View File

Binary file not shown.

7
secrets/backwards/alex.backwards-codeberg.org.pub.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 Pu0HWg eK/pdhmsF334C7rSuYsRnXCtenmlT2hOXpfW5CQEARY
odooTLu8ZQUZjCeVPZYOA6Vgb470cosE1Q1iBkE9Kc0
-> ssh-ed25519 +oNaHQ nJU52SSZ9v3+8NuXR6coSHosEYrs7T8GeZYzV/quOU4
IV5YduRGdJLy93gVwfYmwvldRXoXXX3QvAsH3ljBadw
--- 3gJg9NFmqHCrgcvgnYOeSY1H4klPEyzI+07IlKCOItc
 ¦Ì\5çܤ‰}õyñÐáAý_J§

9
secrets/manatee/hetzner-dns.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA mr8aDxrNmdcxT5BEXJ32Q4DckYKidh3zblrSm8GV3hg
JngH+sfId8Z6SuXnQo9EQR0nw+y7LfdgYgI7SYisPL4
-> ssh-ed25519 +oNaHQ QI1+VLIa1sN8HSzBXoAGio7TcfxpGERw30uNlMCmejw
m3+nrTwsAb/Fg1p9JCYnc7jS9uteMO3AbUtDbKP60Dk
--- etDNlalBL2SdgfFxIhDCAWXpXcSZr+BlCoTt6yIUiBQ
èZw œ»ØÁëkáÂÎó4=UÉÜ:J
ã½p#"ˆà^pŠî!KÚÔ
¯cŽC÷ô´cd¾·"g.óÒ¦ó¥_(ÄA% ¶Ýp<C39D>ÇÏGA2`CqÖPš¢<C5A1>P¾Ç$j åMººŒþ¾ƒ™_â

BIN
secrets/pinwheel/alex.pinwheel-codeberg.org.age
View File

Binary file not shown.

8
secrets/pinwheel/alex.pinwheel-codeberg.org.pub.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 vxPbZg IKvbUY2e3wCrphoiFOKJYxyWvj4DjMlW1yv1VrZ/kBk
8sS9cNUsb8NtPHD5iKx8dfcgKxLObcZDfWJohduWEl4
-> ssh-ed25519 +oNaHQ nIY6nLvP+HIUlCumO/MxGoBGfutwfwv4zlvsLCuu2C8
eFqY9TaVsYoKulu5e++WI1zYzoBinEVUJt/lDan+ttQ
--- 67CbghCaK4yhjqH6vHEUzfeFth9PmX8h+qTKHocKGzk
iFÞ0ƒV•5œ1²·7¡~w&Õ´>¨Žƒ1¶bƒ…ÅåŒÆgŽ«cì6Fb<46>s5àhk6¥W?0Ô@­
ûÞó³|CÑ ¼Äm<C384>ðGÍ1

7
secrets/secrets.nix
View File

@@ -17,8 +17,6 @@ in {
"pinwheel/alex.pinwheel-tadpole.pub.age".publicKeys = [ pinwheel tadpole alex ];
"pinwheel/alex.pinwheel-github.com.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-github.com.pub.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-codeberg.org.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-codeberg.org.pub.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-git.ppp.pm.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-git.ppp.pm.pub.age".publicKeys = [ pinwheel alex ];
@@ -34,6 +32,7 @@ in {
"manatee/alex.manatee-git.ppp.pm.pub.age".publicKeys = [ manatee alex ];
"manatee/syncthing-cert.age".publicKeys = [ manatee alex ];
"manatee/syncthing-key.age".publicKeys = [ manatee alex ];
"manatee/hetzner-dns.age".publicKeys = [ manatee alex ];
"backwards/root.backwards.age".publicKeys = [ backwards alex ];
"backwards/root.backwards.pub.age".publicKeys = [ backwards alex ];
@@ -44,16 +43,12 @@ in {
"backwards/restic-password.age".publicKeys = [ backwards alex ];
"backwards/restic-cloud-sync-key.age".publicKeys = [ backwards alex ];
"backwards/restic-cloud-sync-repository.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-codeberg.org.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-codeberg.org.pub.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-git.ppp.pm.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-git.ppp.pm.pub.age".publicKeys = [ backwards alex ];
"backwards/wireless-network-secrets.age".publicKeys = [ backwards alex ];
"tadpole/root.tadpole.age".publicKeys = [ tadpole alex ];
"tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-codeberg.org.pub.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-git.ppp.pm.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ];
"tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ];

BIN
secrets/tadpole/alex.tadpole-codeberg.org.age
View File

Binary file not shown.

BIN
secrets/tadpole/alex.tadpole-codeberg.org.pub.age
View File

Binary file not shown.