alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex/nixos-configs:main
Branches Tags
alex/nixos-configs:main
..
compare: alex/nixos-configs:19a0c3d97d73dc86cd5c18d80b0d17a0ceb1a5c0
Branches Tags
alex/nixos-configs:main

8 Commits
main .. 19a0c3d97d

Author SHA1 Message Date
Alexander Heldt 19a0c3d97d wip 2024-12-01 13:39:11 +01:00
Alexander Heldt 189cd4fe35 wip 2024-12-01 10:22:45 +01:00
Alexander Heldt b19d28c442 test-vm: Add WHIB backend 2024-12-01 10:22:05 +01:00
Alexander Heldt 105aed70b4 Update README with documentation about the test-vm 2024-12-01 10:20:11 +01:00
Alexander Heldt 506f0574de test-vm: Resize terminal to host terminal size 2024-12-01 10:20:11 +01:00
Alexander Heldt 943db9b011 test-vm: Add alias of shutting down the VM 2024-12-01 10:20:11 +01:00
Alexander Heldt 045bfd269b test-vm: Auto login a user and assume its sudo 2024-12-01 10:20:11 +01:00
Alexander Heldt b922b286b4 test-vm: Increase disk size 2024-12-01 10:20:11 +01:00
129 changed files with 652 additions and 5350 deletions
Expand all files Collapse all files
config-manager/default.nix
+1 -1
View File
@@ -9,7 +9,7 @@ let
flakePath = config.config-manager.flakePath; flakePath = config.config-manager.flakePath;
nixosConfiguration = config.config-manager.nixosConfiguration; nixosConfiguration = config.config-manager.nixosConfiguration;
nh = inputs.nh.packages."${pkgs.stdenv.hostPlatform.system}".default; nh = inputs.nh.packages."${pkgs.system}".default;
config-manager = config-manager =
if flakePath == "" then if flakePath == "" then
flake.lock
Generated
+45 -788
View File
@@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1770165109, "lastModified": 1723293904,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -23,39 +23,6 @@
"type": "github" "type": "github"
} }
}, },
"aquamarine": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1778620495,
"narHash": "sha256-Gu7UhWjwKCgSiVC3Qz/Rc7cYi9DNuDTBxYzg3kfLvfM=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "be35f75ac305f430f5f9d89b5f5a4af59ca7567e",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "aquamarine",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -64,11 +31,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744478979, "lastModified": 1700795494,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b", "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -78,26 +45,6 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1779226674,
"narHash": "sha256-wuOkjI6pRiN4sEn/EPBRnNW5cmcpvd7xtIM8y5LooAs=",
"owner": "nix-community",
"repo": "disko",
"rev": "65fb947964bd44fc0008faf77d1fcb7a9f40bb32",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"emacs-overlay": { "emacs-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -106,11 +53,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1779250628, "lastModified": 1732784553,
"narHash": "sha256-QrHi1w+g7p58wMxcK9jOXr3oi2PRWQ+i4Sw38sL3dB4=", "narHash": "sha256-S3PiqgTS8ST07ihFDL2cPExoxHcd9I8ITecpgMz+s4M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "5f8f3a12b25e29c1dd0a6363b61eba7d2f9944fe", "rev": "fb81e75180369a888db920df8f6097fbf2f603e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -119,96 +66,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"hyprland",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -217,11 +74,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745494811, "lastModified": 1703113217,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -237,11 +94,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1779213149, "lastModified": 1732793095,
"narHash": "sha256-Cf+p/T4Z3n9Sw0TiR3kQaIwQI+/hfvLJcoTzeq6yS3E=", "narHash": "sha256-6TrknJ8CpvSSF4gviQSeD+wyj3siRcMvdBKhOXkEMKU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "bd868f769a69d3b6091a1da68a75cb83a181033c", "rev": "2f7739d01080feb4549524e8f6927669b61c6ee3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -250,96 +107,6 @@
"type": "github" "type": "github"
} }
}, },
"hyprcursor": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1776511930,
"narHash": "sha256-fCpwFiTW0rT7oKJqr3cqHMnkwypSwQKpbtUEtxdkgrM=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "39435900785d0c560c6ae8777d29f28617d031ef",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprcursor",
"type": "github"
}
},
"hyprgraphics": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1776426399,
"narHash": "sha256-RUESLKNikIeEq9ymGJ6nmcDXiSFQpUW1IhJ245nL3xM=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "68d064434787cf1ed4a2fe257c03c5f52f33cf84",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprgraphics",
"type": "github"
}
},
"hyprland": {
"inputs": {
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor",
"hyprgraphics": "hyprgraphics",
"hyprland-guiutils": "hyprland-guiutils",
"hyprland-protocols": "hyprland-protocols",
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"hyprwire": "hyprwire",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_2",
"xdph": "xdph"
},
"locked": {
"lastModified": 1779190425,
"narHash": "sha256-C0hPhLeo3ztBXYSnpYarYjw6HDvlgZRnNyFfG5PoaVI=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "203a121537d0868bd4d8258b58861ca970483157",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-contrib": { "hyprland-contrib": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -347,11 +114,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1778488488, "lastModified": 1730743354,
"narHash": "sha256-6Vvr0qMRdccvJqwzrXJkqoK6lWsdyC1nMrLjoHKqoGM=", "narHash": "sha256-gU4NySYyXeAzVaF5bI6BKmj2CdgiwGFnuPjXUId3Dx0=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "55b1393a23d6e4968ce6da704c8095f7e5e9fa3c", "rev": "792f6b83dc719214e0e2a0b380c34f147b28ece2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -360,338 +127,23 @@
"type": "github" "type": "github"
} }
}, },
"hyprland-guiutils": {
"inputs": {
"aquamarine": [
"hyprland",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprtoolkit": "hyprtoolkit",
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1776426575,
"narHash": "sha256-KI6nIfVihn/DPaeB5Et46Xg3dkNHrrEtUd5LBBVomB0=",
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"rev": "a968d211048e3ed538e47b84cb3649299578f19d",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772460177,
"narHash": "sha256-/6G/MsPvtn7bc4Y32pserBT/Z4SUUdBd4XYJpOEKVR4=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "1cb6db5fd6bb8aee419f4457402fa18293ace917",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1777320127,
"narHash": "sha256-Qu+Wf2Bp5qUjyn2YpZNq8a7JyzTGowhT1knrwE38a9U=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "090117506ddc3d7f26e650ff344d378c2ec329cc",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprtoolkit": {
"inputs": {
"aquamarine": [
"hyprland",
"hyprland-guiutils",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprland-guiutils",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprland-guiutils",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-guiutils",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprland-guiutils",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"hyprland-guiutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-guiutils",
"systems"
]
},
"locked": {
"lastModified": 1772462885,
"narHash": "sha256-5pHXrQK9zasMnIo6yME6EOXmWGFMSnCITcfKshhKJ9I=",
"owner": "hyprwm",
"repo": "hyprtoolkit",
"rev": "9af245a69fa6b286b88ddfc340afd288e00a6998",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprtoolkit",
"type": "github"
}
},
"hyprutils": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1778234770,
"narHash": "sha256-jAcsogZwWMfXT9MfXxZzkwliAqIuZUV0p71h6Ba9ReE=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "a2dbd8a4cc51f7cbe4224732668392bb1aa79df2",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprutils",
"type": "github"
}
},
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1777159683,
"narHash": "sha256-Jxixw6wZphUp+nHYxOKUYSckL17QMBx2d5Zp0rJHr1g=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "b8632713a6beaf28b56f2a7b0ab2fb7088dbb404",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"type": "github"
}
},
"hyprwire": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1778410714,
"narHash": "sha256-o6RzFj4nJXaPRY7EM01siuCQeT41RfwwmcmFQqwFJJg=",
"owner": "hyprwm",
"repo": "hyprwire",
"rev": "85148a8e612808cf5ddb25d0b3c5840f3498a7dc",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwire",
"type": "github"
}
},
"komga-bookmanager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1772988002,
"narHash": "sha256-42Arpp+ShJorA9uR1nNlKuMoDx3y+cHg2BxQUW1fo7U=",
"ref": "main",
"rev": "bd5ae71978bb60eda28a010956825983dd931e2a",
"revCount": 18,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git"
}
},
"komga-comictracker": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773858923,
"narHash": "sha256-JOm+qe+loPxpjpTn2fN5QuqeGLDqYc1QevNeZZuEkdE=",
"ref": "main",
"rev": "2ab63ae85af1e2009e4bce10940e8db56827d942",
"revCount": 67,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git"
}
},
"komga-reading-stats": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1774185820,
"narHash": "sha256-ASExCDbdujwneZ/tZeNXxzKPbUFLroBnmPBJ5jEniCI=",
"ref": "main",
"rev": "769bd540e8975050b2778025fdebc6fdd5c5e2b5",
"revCount": 42,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-reading-stats.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-reading-stats.git"
}
},
"naviterm": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773476909,
"narHash": "sha256-hSg/7xFO+3G3wWFq1480OecREqTY+fu06L06rM2UBmQ=",
"owner": "detoxify92",
"repo": "naviterm",
"rev": "f89dbde00222fb1e4f611419d05583d8edee4c25",
"type": "gitlab"
},
"original": {
"owner": "detoxify92",
"repo": "naviterm",
"type": "gitlab"
}
},
"nh": { "nh": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1773920367, "lastModified": 1732782112,
"narHash": "sha256-ADGQjlsFzT9POglBkBJZcFqg3go4d+J3E4GS4WlxENY=", "narHash": "sha256-8rxzWGOVyijmE2ojWJxPEWqtUQ7i/lA5TvLoklwI4qw=",
"owner": "viperML", "owner": "viperML",
"repo": "nh", "repo": "nh",
"rev": "b00a24b39944efd4ec7944f02e0bd9113d991767", "rev": "24293d624556d32bd502c440b352e4fef4eeab6d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "viperML", "owner": "viperML",
"repo": "nh", "repo": "nh",
"rev": "b00a24b39944efd4ec7944f02e0bd9113d991767",
"type": "github" "type": "github"
} }
}, },
@@ -710,35 +162,13 @@
"type": "github" "type": "github"
} }
}, },
"nix-jetbrains-plugins": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_5"
},
"locked": {
"lastModified": 1778951860,
"narHash": "sha256-aFjBC3AVLh/bsgcsoI6Z/yQmh/NABffwHJIqQOTj+Tg=",
"owner": "nix-community",
"repo": "nix-jetbrains-plugins",
"rev": "68930eefa5e77fc6bb7977635c83a003683c2f11",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-jetbrains-plugins",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1779099457, "lastModified": 1732483221,
"narHash": "sha256-u73aVD/lUmmT3JV+kPDztl7zPwQKd0eobD1AbJltaGs=", "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "8792fab9d4a6454a9201675f01326f827ce35ead", "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -750,48 +180,32 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1772822230, "lastModified": 1732521221,
"narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=", "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "71caefce12ba78d84fe618cf61644dce01cf3a96", "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-25.11", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1779102034, "lastModified": 1732632634,
"narHash": "sha256-vZJZjLo513IeI8hjzHFc6TDezUd4uCE2Eq4SNO3DNNg=", "narHash": "sha256-+G7n/ZD635aN0sEXQLynU7pWMd3PKDM7yBIXvYmjABQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "687f05a9184cad4eaf905c48b63649e3a86f5433", "rev": "6f6076c37180ea3a916f84928cf3a714c5207a30",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.11", "ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1778869304,
"narHash": "sha256-30sZNZoA1cqF5JNO9fVX+wgiQYjB7HJqqJ4ztCDeBZE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d233902339c02a9c334e7e593de68855ad26c4cb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -817,49 +231,18 @@
"url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git" "url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
} }
}, },
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1778507602,
"narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"disko": "disko",
"emacs-overlay": "emacs-overlay", "emacs-overlay": "emacs-overlay",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"hyprland": "hyprland",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"komga-bookmanager": "komga-bookmanager",
"komga-comictracker": "komga-comictracker",
"komga-reading-stats": "komga-reading-stats",
"naviterm": "naviterm",
"nh": "nh", "nh": "nh",
"nix-gc-env": "nix-gc-env", "nix-gc-env": "nix-gc-env",
"nix-jetbrains-plugins": "nix-jetbrains-plugins",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"pppdotpm-site": "pppdotpm-site", "pppdotpm-site": "pppdotpm-site",
"whib-backend": "whib-backend", "whib-backend": "whib-backend"
"whib-frontend": "whib-frontend"
} }
}, },
"systems": { "systems": {
@@ -877,66 +260,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"whib-backend": { "whib-backend": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -944,80 +267,14 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1780482259, "lastModified": 1733056232,
"narHash": "sha256-buOczAkw78U+g7DYcB7nMabTGzQoN15HtVE3y0kIt3I=", "narHash": "sha256-TlGxaIEzV+4dithjWT4xtl/yOgayHIqZqj7okKufF8E=",
"ref": "master", "path": "/home/alex/code/own/whib",
"rev": "b9ee418d14d6cb500506f9ef0cb9d54a8e78afa9", "type": "path"
"revCount": 373,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
}, },
"original": { "original": {
"ref": "master", "path": "/home/alex/code/own/whib",
"type": "git", "type": "path"
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
}
},
"whib-frontend": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1780483645,
"narHash": "sha256-Nr0WTh72uBCSO5jCcvHPE+4dqAPn07HZ5U1lAE4/3II=",
"ref": "master",
"rev": "14f98eced1ccf1e62493ad65eb38502b38db5cba",
"revCount": 224,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
},
"original": {
"ref": "master",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"hyprland",
"hyprland-protocols"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1778265244,
"narHash": "sha256-8jlPtGSsv/CQY6tVVyLF4Jjd0gnS+Zbn9yk/V13A9nM=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "813ea5ca9a1702a9a2d1f5836bc00172ef698968",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
} }
} }
}, },
flake.nix
+6 -67
View File
@@ -6,13 +6,9 @@
nixos-hardware.url = "github:nixos/nixos-hardware/master"; nixos-hardware.url = "github:nixos/nixos-hardware/master";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nh = { nh = {
url = "github:viperML/nh/b00a24b39944efd4ec7944f02e0bd9113d991767"; url = "github:viperML/nh";
inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-gc-env.url = "github:Julow/nix-gc-env"; nix-gc-env.url = "github:Julow/nix-gc-env";
@@ -32,58 +28,19 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hyprland = {
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland-contrib = { hyprland-contrib = {
url = "github:hyprwm/contrib"; url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-jetbrains-plugins = {
url = "github:nix-community/nix-jetbrains-plugins";
inputs.nixpkgs.follows = "nixpkgs";
};
naviterm = {
url = "gitlab:detoxify92/naviterm";
inputs.nixpkgs.follows = "nixpkgs";
};
pppdotpm-site = { pppdotpm-site = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main"; url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
whib-backend = { whib-backend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=master"; # url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=nix-flake";
# url = "path:/home/alex/code/own/whib"; url = "path:/home/alex/code/own/whib";
inputs.nixpkgs.follows = "nixpkgs";
};
whib-frontend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib-react.git?ref=master";
# url = "path:/home/alex/code/own/whib-react";
inputs.nixpkgs.follows = "nixpkgs";
};
komga-comictracker = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git?ref=main";
# url = "path:/home/alex/code/own/komga-comictracker";
inputs.nixpkgs.follows = "nixpkgs";
};
komga-bookmanager = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git?ref=main";
# url = "path:/home/alex/code/own/komga-bookmanager";
inputs.nixpkgs.follows = "nixpkgs";
};
komga-reading-stats = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/komga-reading-stats.git?ref=main";
# url = "path:/home/alex/code/own/komga-reading-stats";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@@ -104,17 +61,6 @@
]; ];
}; };
manatee = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/manatee/configuration.nix
./hosts/manatee/home.nix
];
};
backwards = inputs.nixpkgs.lib.nixosSystem { backwards = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
@@ -126,20 +72,14 @@
]; ];
}; };
tadpole = tadpole = inputs.nixpkgs.lib.nixosSystem {
let
system = "x86_64-linux"; system = "x86_64-linux";
in
inputs.nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
}; };
modules = [ modules = [
./hosts/tadpole/configuration.nix ./hosts/tadpole/configuration.nix
./hosts/tadpole/home.nix ./hosts/tadpole/home.nix
inputs.whib-backend.nixosModules.${system}.default
inputs.whib-frontend.nixosModules.${system}.default
]; ];
}; };
@@ -155,7 +95,6 @@
modules = [ modules = [
./hosts/test-vm/configuration.nix ./hosts/test-vm/configuration.nix
inputs.whib-backend.nixosModules.${system}.default inputs.whib-backend.nixosModules.${system}.default
inputs.whib-frontend.nixosModules.${system}.default
]; ];
}; };
}; };
@@ -167,7 +106,7 @@
in in
{ {
${system}.default = pkgs.mkShell { ${system}.default = pkgs.mkShell {
packages = [ pkgs.nixfmt ]; packages = [ pkgs.nixfmt-rfc-style ];
}; };
}; };
}; };
hosts/backwards/configuration.nix
+1 -20
View File
@@ -15,30 +15,13 @@
console.keyMap = "sv-latin1"; console.keyMap = "sv-latin1";
services.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
extraConfig.pipewire."90-hdmi-fix" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.allowed-rates" = [ 48000 ];
};
};
};
hardware = {
graphics = {
enable = true;
extraPackages = [
pkgs.intel-media-driver
pkgs.libvdpau-va-gl
];
};
}; };
users.users.alex = { users.users.alex = {
@@ -47,8 +30,6 @@
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"wheel" "wheel"
"video"
"render"
]; ];
packages = [ ]; packages = [ ];
}; };
hosts/backwards/modules/age/default.nix
+1 -1
View File
@@ -8,7 +8,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default inputs.agenix.packages."${pkgs.system}".default
]; ];
}; };
} }
hosts/manatee/modules/audiobookshelf/default.nix → hosts/backwards/modules/audiobookshelf/default.nix
+6 -14
View File
@@ -10,25 +10,17 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
mod.homepage.services = [ fileSystems."/home/alex/media" = {
{ device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
name = "Audiobookshelf"; fsType = "ext4";
port = 8000; options = [ "nofail" ];
description = "Audiobooks & podcasts";
}
];
users.users.audiobookshelf = {
isSystemUser = true;
description = "audiobookshelf";
group = "storage";
}; };
services.audiobookshelf = { services.audiobookshelf = {
enable = true; enable = true;
user = "audiobookshelf"; user = "alex";
group = "storage"; group = "users";
host = "0.0.0.0"; host = "0.0.0.0";
port = 8000; port = 8000;
hosts/backwards/modules/boot/default.nix
-5
View File
@@ -38,11 +38,6 @@ in
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
extraModprobeConfig = ''
options snd-intel-dspcfg dsp_driver=1
options snd_hda_intel power_save=0 power_save_controller=N
'';
}; };
}; };
} }
hosts/backwards/modules/calibre-web/default.nix
+32
View File
@@ -0,0 +1,32 @@
{ lib, config, ... }:
let
enabled = config.mod.calibre-web.enable;
in
{
options = {
mod.calibre-web = {
enable = lib.mkEnableOption "add calibre-web module";
};
};
config = lib.mkIf enabled {
services = {
calibre-web = {
enable = true;
user = "alex";
group = "users";
listen = {
ip = "0.0.0.0";
port = 8083;
};
options = {
calibreLibrary = "/home/alex/sync/books";
enableBookUploading = true;
};
};
};
};
}
hosts/backwards/modules/default.nix
+3
View File
@@ -15,6 +15,9 @@ in
nginx.enable = true; nginx.enable = true;
syncthing.enable = true; syncthing.enable = true;
restic.enable = true; restic.enable = true;
transmission.enable = true;
audiobookshelf.enable = true;
calibre-web.enable = true;
}; };
}; };
} }
hosts/backwards/modules/firefox/default.nix
+1 -1
View File
@@ -29,7 +29,7 @@ let
ff-alex = pkgs.writeShellApplication { ff-alex = pkgs.writeShellApplication {
name = "ff-alex"; name = "ff-alex";
text = '' text = ''
${wrapped}/bin/firefox-devedition -P alex --new-window "$@" ${wrapped}/bin/firefox -P alex --new-window "$@"
''; '';
}; };
hosts/backwards/modules/games/default.nix
+4 -4
View File
@@ -2,16 +2,16 @@
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.nethack
pkgs.moonlight-qt pkgs.moonlight-qt
pkgs.pcsx2 pkgs.pcsx2
(pkgs.retroarch.withCores (cores: [ (pkgs.retroarch.override {
cores = [
pkgs.libretro.snes9x pkgs.libretro.snes9x
pkgs.libretro.genesis-plus-gx pkgs.libretro.genesis-plus-gx
pkgs.libretro.swanstation pkgs.libretro.swanstation
])) ];
})
]; ];
}; };
} }
hosts/backwards/modules/git/gitconfig
+3
View File
@@ -4,3 +4,6 @@
[url "git@github.com:"] [url "git@github.com:"]
insteadOf = https://github.com/ insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/
hosts/backwards/modules/gnome/default.nix
+8 -8
View File
@@ -8,14 +8,6 @@
}; };
}; };
desktopManager = {
gnome.enable = true;
};
displayManager = {
gdm.enable = true;
};
xserver = { xserver = {
enable = true; enable = true;
@@ -23,6 +15,14 @@
layout = "se"; layout = "se";
variant = ""; variant = "";
}; };
desktopManager = {
gnome.enable = true;
};
displayManager = {
gdm.enable = true;
};
}; };
}; };
hosts/backwards/modules/jellyfin/default.nix
+87
View File
@@ -0,0 +1,87 @@
{
pkgs,
lib,
config,
...
}:
let
nginxEnabled = config.mod.nginx.enable;
in
{
fileSystems."/home/alex/media" = {
device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
fsType = "ext4";
options = [ "nofail" ];
};
# 1. enable vaapi on OS-level
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware = {
graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver # previously vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
];
};
};
services = {
jellyfin = {
enable = true;
openFirewall = true;
user = "alex";
group = "users";
dataDir = "/home/alex/media/jellyfin";
};
prowlarr.enable = true;
sonarr = {
enable = true;
user = "alex";
group = "users";
};
radarr = {
enable = true;
user = "alex";
group = "users";
};
jellyseerr.enable = true;
nginx = lib.mkIf nginxEnabled {
virtualHosts."jelly.ppp.pm" = {
locations = {
"/" = {
proxyPass = "http://127.0.0.1:8096";
};
"/socket" = {
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
};
};
};
};
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
}
hosts/backwards/modules/network/default.nix
+21 -28
View File
@@ -3,40 +3,33 @@
networking = { networking = {
hostName = "backwards"; hostName = "backwards";
wireless.enable = false; networkmanager.enable = false;
networkmanager = { #wireless.networks are defined in the secret `wpa_supplicant.conf`
wireless = {
enable = true; enable = true;
wifi.backend = "iwd"; secretsFile = config.age.secrets.wireless-network-secrets.path;
ensureProfiles = { networks = {
environmentFiles = [ "w1-f1_5G" = {
config.age.secrets.wireless-network-secrets.path pskRaw = "ext:w1-f1_psk";
]; };
};
};
profiles = { defaultGateway = "192.168.50.1";
w1-f1_5G = { nameservers = [ "1.1.1.1" ];
connection = { interfaces = {
id = "w1-f1_5G"; wlp1s0 = {
type = "wifi"; useDHCP = false;
interface-name = "wlp1s0";
};
wifi = {
ssid = "w1-f1_5G";
mode = "infrastructure";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$w1_f1_psk";
};
ipv4 = { ipv4 = {
method = "manual"; addresses = [
addresses = "192.168.50.202/24"; {
gateway = "192.168.50.1"; address = "192.168.50.202";
dns = "1.1.1.1"; prefixLength = 24;
}; }
}; ];
}; };
}; };
}; };
hosts/backwards/modules/restic/default.nix
+1 -3
View File
@@ -46,7 +46,6 @@ in
repositoryFile = config.age.secrets.restic-cloud-sync-repository.path; repositoryFile = config.age.secrets.restic-cloud-sync-repository.path;
paths = [ "/home/alex/sync" ]; paths = [ "/home/alex/sync" ];
exclude = [ "/home/alex/sync/reading-material" ];
timerConfig = { timerConfig = {
OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day
@@ -66,8 +65,7 @@ in
secrets = { secrets = {
"restic-password".file = ../../../../secrets/backwards/restic-password.age; "restic-password".file = ../../../../secrets/backwards/restic-password.age;
"restic-cloud-sync-key".file = ../../../../secrets/backwards/restic-cloud-sync-key.age; "restic-cloud-sync-key".file = ../../../../secrets/backwards/restic-cloud-sync-key.age;
"restic-cloud-sync-repository".file = "restic-cloud-sync-repository".file = ../../../../secrets/backwards/restic-cloud-sync-repository.age;
../../../../secrets/backwards/restic-cloud-sync-repository.age;
}; };
}; };
}; };
hosts/backwards/modules/ssh/default.nix
+16 -33
View File
@@ -23,34 +23,17 @@ in
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"manatee" = {
hostname = "manatee";
user = "alex";
identityFile = "/home/alex/.ssh/alex.backwards-manatee";
port = 1122;
};
"git.ppp.pm" = { "git.ppp.pm" = {
hostname = "git.ppp.pm"; hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
}; };
"*" = { "codeberg.org" = {
forwardAgent = false; hostname = "codeberg.org";
addKeysToAgent = "no"; identityFile = "/home/alex/.ssh/alex.backwards-codeberg.org";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
}; };
}; };
}; };
home.packages = [ pkgs.sshfs ];
}; };
environment.etc."ssh/authorized_keys_command" = { environment.etc."ssh/authorized_keys_command" = {
@@ -101,19 +84,6 @@ in
path = "${rootSSHKeyPath}/root.backwards.pub"; path = "${rootSSHKeyPath}/root.backwards.pub";
}; };
"alex.backwards-manatee" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.age;
path = "/home/alex/.ssh/alex.backwards-manatee";
owner = "alex";
group = "users";
};
"alex.backwards-manatee.pub" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
path = "/home/alex/.ssh/alex.backwards-manatee.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-backwards.pub" = { "alex.pinwheel-backwards.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.pub.age; file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub"; path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub";
@@ -131,6 +101,19 @@ in
owner = "alex"; owner = "alex";
group = "users"; group = "users";
}; };
"alex.backwards-codeberg.org" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org";
owner = "alex";
group = "users";
};
"alex.backwards-codeberg.org.pub" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org.pub";
owner = "alex";
group = "users";
};
}; };
}; };
} }
hosts/backwards/modules/syncthing/default.nix
+1 -2
View File
@@ -34,7 +34,6 @@ in
devices = { devices = {
phone.id = config.lib.syncthing.phone; phone.id = config.lib.syncthing.phone;
pinwheel.id = config.lib.syncthing.pinwheel; pinwheel.id = config.lib.syncthing.pinwheel;
tablet.id = config.lib.syncthing.tablet;
}; };
folders = { folders = {
@@ -75,7 +74,7 @@ in
}; };
books = { books = {
path = "/home/alex/sync/reading-material/books"; path = "/home/alex/sync/books";
devices = [ "pinwheel" ]; devices = [ "pinwheel" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";
hosts/manatee/modules/transmission/default.nix → hosts/backwards/modules/transmission/default.nix
+19 -21
View File
@@ -6,6 +6,8 @@
}: }:
let let
enabled = config.mod.transmission.enable; enabled = config.mod.transmission.enable;
nginxEnabled = config.mod.nginx.enable;
in in
{ {
options = { options = {
@@ -15,40 +17,36 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Transmission";
port = 9091;
description = "Torrent client";
}
];
services = { services = {
transmission = { transmission = {
enable = true; enable = true;
package = pkgs.transmission_4; package = pkgs.transmission_4;
openFirewall = true; user = "alex";
group = "users";
user = "storage"; home = "/home/alex/media/ts-home";
group = "storage";
home = "/mnt/media/public/.ts-home";
downloadDirPermissions = "775"; downloadDirPermissions = "775";
settings = { settings = {
incomplete-dir-enabled = false;
download-dir = "/mnt/media/public/downloads";
rpc-bind-address = "0.0.0.0"; rpc-bind-address = "0.0.0.0";
rpc-port = 9191;
incomplete-dir-enabled = false;
download-dir = "/home/alex/media/downloads";
# Required to have empty user/pass to satisfy transmissionA
# https://github.com/transmission/transmission/discussions/1941#discussioncomment-1472352
rpc-whitelist-enabled = false;
rpc-authentication-required = true; rpc-authentication-required = true;
rpc-username = ""; rpc-whitelist-enabled = false;
rpc-password = ""; rpc-username = "transmission";
rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi";
};
};
nginx = lib.mkIf nginxEnabled {
virtualHosts."ts.ppp.pm" = {
locations."/" = {
proxyPass = "http://localhost:9191";
};
}; };
}; };
}; };
hosts/manatee/configuration.nix
-56
View File
@@ -1,56 +0,0 @@
{ pkgs, ... }:
{
imports = [
../../config-manager/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./disk-config.nix
./modules
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true;
users.users.alex = {
isNormalUser = true;
description = "alex";
extraGroups = [
"wheel"
"storage"
];
};
environment.variables.EDITOR = "vim";
environment.systemPackages = with pkgs; [
vim
git
];
config-manager = {
flakePath = "/home/alex/config";
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}
hosts/manatee/disk-config.nix
-248
View File
@@ -1,248 +0,0 @@
{
inputs,
pkgs,
config,
...
}:
{
imports = [ inputs.disko.nixosModules.disko ];
config = {
users.groups.storage = { };
users.users.storage = {
isSystemUser = true;
description = "storage";
group = "storage";
};
systemd.tmpfiles.settings = {
"10-media-public" = {
"/mnt/media/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
"10-cameras-public" = {
"/mnt/cameras/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
"10-sync-public" = {
"/mnt/sync/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
};
environment.systemPackages = [
pkgs.smartmontools
];
services.smartd = {
enable = true;
devices = [
{ device = config.disko.devices.disk.root.device; }
{ device = config.disko.devices.disk.disk1.device; }
{ device = config.disko.devices.disk.disk2.device; }
{ device = config.disko.devices.disk.disk3.device; }
{ device = config.disko.devices.disk.disk4.device; }
];
};
services.zfs.autoScrub.enable = true;
# Don't force-import the pool if it appears in use elsewhere; safer default in 26.11+.
boot.zfs.forceImportRoot = false;
networking.hostId = "0a9474e7"; # Required by ZFS
disko.devices = {
disk = {
root = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
disk1 = {
type = "disk";
device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QCG4";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk2 = {
type = "disk";
device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QDJ5";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk3 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0UCF4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk4 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0V6F4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
};
zpool = {
storage = {
type = "zpool";
mode = {
topology = {
type = "topology";
vdev = [
{
mode = "mirror";
members = [
"disk1"
"disk2"
];
}
{
mode = "mirror";
members = [
"disk3"
"disk4"
];
}
];
};
};
rootFsOptions = {
mountpoint = "none";
compression = "zstd";
xattr = "sa";
"com.sun:auto-snapshot" = "false";
};
datasets = {
media = {
type = "zfs_fs";
mountpoint = "/mnt/media";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
cameras = {
type = "zfs_fs";
mountpoint = "/mnt/cameras";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
sync = {
type = "zfs_fs";
mountpoint = "/mnt/sync";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
};
};
};
};
};
}
hosts/manatee/hardware-configuration.nix
-46
View File
@@ -1,46 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
swapDevices = [
{
device = "/swapfile";
size = 32 * 1024; # 32GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
hosts/manatee/home.nix
-24
View File
@@ -1,24 +0,0 @@
{ inputs, pkgs, ... }:
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
config = {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.alex = {
programs.home-manager.enable = true;
home.username = "alex";
home.homeDirectory = "/home/alex";
home.packages = [
pkgs.streamrip
];
home.stateVersion = "24.11";
};
};
};
}
hosts/manatee/modules/age/default.nix
-14
View File
@@ -1,14 +0,0 @@
{ inputs, pkgs, ... }:
{
imports = [ inputs.agenix.nixosModules.default ];
config = {
age = {
identityPaths = [ "/etc/ssh/manatee" ];
};
environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default
];
};
}
hosts/manatee/modules/boot/default.nix
-43
View File
@@ -1,43 +0,0 @@
{
inputs,
lib,
config,
...
}:
let
configurationLimit = config.mod.gc.configurationLimit;
in
{
imports = [ inputs.nix-gc-env.nixosModules.default ];
options = {
mod.gc = {
configurationLimit = lib.mkOption {
type = lib.types.int;
default = 10;
description = "number of configuration generations to keep";
};
};
};
config = {
nix.gc = {
automatic = true;
dates = "weekly";
# `delete_generations` added by nix-gc-env
delete_generations = "+${builtins.toString configurationLimit}";
};
boot = {
loader = {
systemd-boot = {
enable = true;
inherit configurationLimit;
};
efi.canTouchEfiVariables = true;
};
};
};
}
hosts/manatee/modules/certs/default.nix
-57
View File
@@ -1,57 +0,0 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@ppp.pm";
};
certs = {
"ha.ppp.pm" = {
dnsProvider = "hetzner";
environmentFile = config.age.secrets.hetzner-dns.path;
group = "nginx";
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s" # Wait for 60 seconds for DNS propagation
"--dns-timeout=60"
"--http-timeout=60"
];
};
"komga.ppp.pm" = {
dnsProvider = "hetzner";
environmentFile = config.age.secrets.hetzner-dns.path;
group = "nginx";
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s"
"--dns-timeout=60"
"--http-timeout=60"
];
};
"romm.ppp.pm" = {
dnsProvider = "hetzner";
environmentFile = config.age.secrets.hetzner-dns.path;
group = "nginx";
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s"
"--dns-timeout=60"
"--http-timeout=60"
];
};
};
};
age = {
secrets = {
"hetzner-dns".file = ../../../../secrets/manatee/hetzner-dns.age;
};
};
}
hosts/manatee/modules/default.nix
-29
View File
@@ -1,29 +0,0 @@
{ lib, ... }:
let
toModulePath = dir: _: ./. + "/${dir}";
filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs;
in
{
imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.));
config = {
mod = {
gc.configurationLimit = 10;
ssh.enable = true;
git.enable = true;
nginx.enable = true;
syncthing.enable = true;
transmission.enable = true;
audiobookshelf.enable = true;
jellyfin.enable = true;
immich.enable = false;
navidrome.enable = true;
komga.enable = true;
romm.enable = true;
homepage.enable = true;
disk-smart.enable = true;
};
};
}
hosts/manatee/modules/disk-smart/default.nix
-159
View File
@@ -1,159 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.disk-smart.enable;
disks = [
{ path = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QCG4"; name = "seagate_8tb_1"; label = "Seagate 8TB #1"; }
{ path = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QDJ5"; name = "seagate_8tb_2"; label = "Seagate 8TB #2"; }
{ path = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0UCF4MJ"; name = "toshiba_20tb_1"; label = "Toshiba 20TB #1"; }
{ path = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0V6F4MJ"; name = "toshiba_20tb_2"; label = "Toshiba 20TB #2"; }
];
outputDir = "/var/lib/disk-smart";
collectScript = pkgs.writeShellScript "disk-smart-collect" ''
set -euo pipefail
export PATH="${lib.makeBinPath [ pkgs.smartmontools pkgs.jq pkgs.coreutils ]}"
mkdir -p ${outputDir}
result="{"
${lib.concatMapStringsSep "\n" (disk: ''
raw=$(smartctl -j -A -H ${disk.path} 2>/dev/null || true)
temp=$(echo "$raw" | jq -r '.temperature.current // empty')
power_on=$(echo "$raw" | jq -r '.power_on_time.hours // empty')
smart_status=$(echo "$raw" | jq -r '.smart_status.passed // empty')
reallocated=$(echo "$raw" | jq -r '[.ata_smart_attributes.table[] | select(.name == "Reallocated_Sector_Ct")][0].raw.value // empty')
pending=$(echo "$raw" | jq -r '[.ata_smart_attributes.table[] | select(.name == "Current_Pending_Sector")][0].raw.value // empty')
result="$result\"${disk.name}\":{\"temperature\":$temp,\"power_on_hours\":$power_on,\"smart_passed\":$smart_status,\"reallocated_sectors\":$reallocated,\"pending_sectors\":$pending},"
'') disks}
# Remove trailing comma, close object
result="''${result%,}}"
echo "$result" | jq . > ${outputDir}/smart.json.tmp
mv ${outputDir}/smart.json.tmp ${outputDir}/smart.json
'';
indent = prefix: s:
lib.concatMapStringsSep "\n"
(line: if line == "" then line else prefix + line)
(lib.splitString "\n" s);
mkSensor = disk: ''
- name: "${disk.label} Temperature"
value_template: "{{ value_json.${disk.name}.temperature }}"
unit_of_measurement: "°C"
device_class: temperature
state_class: measurement
- name: "${disk.label} Power On Hours"
value_template: "{{ value_json.${disk.name}.power_on_hours }}"
unit_of_measurement: "h"
state_class: total_increasing
- name: "${disk.label} SMART Passed"
value_template: "{{ value_json.${disk.name}.smart_passed }}"
- name: "${disk.label} Reallocated Sectors"
value_template: "{{ value_json.${disk.name}.reallocated_sectors }}"
state_class: measurement
- name: "${disk.label} Pending Sectors"
value_template: "{{ value_json.${disk.name}.pending_sectors }}"
state_class: measurement
'';
sensorYaml = indent " " (lib.concatMapStrings mkSensor disks);
sectorEntities = lib.concatMap (disk: [
"sensor.${disk.name}_reallocated_sectors"
"sensor.${disk.name}_pending_sectors"
]) disks;
sectorEntitiesYaml = lib.concatMapStringsSep "\n"
(id: " - ${id}") sectorEntities;
smartPassedEntities = map (disk: "sensor.${disk.name}_smart_passed") disks;
smartPassedEntitiesYaml = lib.concatMapStringsSep "\n"
(id: " - ${id}") smartPassedEntities;
in
{
options = {
mod.disk-smart = {
enable = lib.mkEnableOption "Enable disk SMART monitoring module";
};
};
config = lib.mkIf enabled {
mod.home-assistant.extraConfig = ''
rest:
- resource: http://127.0.0.1:9633/smart.json
scan_interval: 60
sensor:
${sensorYaml}
automation disk_smart:
- alias: "Disk sector count increased"
trigger:
- platform: state
entity_id:
${sectorEntitiesYaml}
condition:
- condition: template
value_template: "{{ trigger.from_state.state | int(-1) >= 0 and trigger.to_state.state | int(0) > trigger.from_state.state | int(0) }}"
action:
- service: notify.mobile_app_pixel_9_pro
data:
title: "Disk SMART warning"
message: "{{ trigger.to_state.attributes.friendly_name }} increased from {{ trigger.from_state.state }} to {{ trigger.to_state.state }}"
- alias: "Disk SMART check failed"
trigger:
- platform: state
entity_id:
${smartPassedEntitiesYaml}
condition:
- condition: template
value_template: "{{ trigger.to_state.state | lower == 'false' }}"
action:
- service: notify.mobile_app_pixel_9_pro
data:
title: "Disk SMART FAILURE"
message: "{{ trigger.to_state.attributes.friendly_name }} reports SMART failure drive is likely failing"
'';
systemd.services.disk-smart-collect = {
description = "Collect disk SMART data";
serviceConfig = {
Type = "oneshot";
ExecStart = collectScript;
};
};
systemd.timers.disk-smart-collect = {
description = "Periodically collect disk SMART data";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1min";
OnUnitActiveSec = "1min";
};
};
services.nginx.virtualHosts."127.0.0.1" = {
listen = [
{ addr = "127.0.0.1"; port = 9633; }
];
locations."= /smart.json" = {
alias = "${outputDir}/smart.json";
extraConfig = ''
default_type application/json;
'';
};
};
};
}
hosts/manatee/modules/git/default.nix
-39
View File
@@ -1,39 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.git.enable;
in
{
options = {
mod.git = {
enable = lib.mkEnableOption "enable git module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.git = {
enable = true;
includes = [
{ path = ./gitconfig; }
];
settings = {
rerere.enable = true;
};
};
home.packages = [ pkgs.tig ];
home.file.".tigrc".text = ''
set main-view-line-number = yes
set main-view-line-number-interval = 1
'';
};
};
}
hosts/manatee/modules/git/gitconfig
-9
View File
@@ -1,9 +0,0 @@
[user]
name = Alexander Heldt
email = me@alexanderheldt.se
[url "git@github.com:"]
insteadOf = https://github.com/
[url "gitea@git.ppp.pm:"]
insteadOf = https://git.ppp.pm/
hosts/manatee/modules/home-assistant/default.nix
-290
View File
@@ -1,290 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
nginxEnabled = config.mod.nginx.enable;
cfg = config.mod.home-assistant;
configFile = pkgs.writeText "ha-configuration.yaml" ''
# Loads default set of integrations. Do not remove.
default_config:
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.1
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
recorder:
purge_keep_days: 365
alert:
fridge_door:
name: Fridge is open
done_message: Fride is closed
entity_id: binary_sensor.kyldorr
state: "on"
repeat: 2
skip_first: true
notifiers:
- mobile_app_pixel_9_pro
${cfg.extraConfig}'';
btResetScript = pkgs.writeShellScript "bt-reset" ''
set -euo pipefail
export PATH="${
lib.makeBinPath [
pkgs.bluez
pkgs.util-linux
pkgs.kmod
pkgs.gnugrep
pkgs.coreutils
]
}"
logger -t bt-reset "Starting Bluetooth adapter reset..."
# Exit early if the adapter is already present and running
if hciconfig hci0 2>/dev/null | grep -q "UP RUNNING"; then
logger -t bt-reset "hci0 is already UP RUNNING nothing to do"
exit 0
fi
# If hci0 exists but isn't UP, try bringing it up
if hciconfig hci0 2>/dev/null; then
logger -t bt-reset "hci0 exists but not running bringing it up"
hciconfig hci0 up || true
sleep 2
if hciconfig hci0 2>/dev/null | grep -q "UP RUNNING"; then
logger -t bt-reset "hci0 is UP now"
systemctl restart bluetooth.service
logger -t bt-reset "bluetooth.service restarted done"
exit 0
fi
fi
# Hard reset: reload the btusb kernel module (works for USB adapters)
logger -t bt-reset "hci0 missing reloading btusb module..."
modprobe -r btusb 2>/dev/null || true
sleep 3
modprobe btusb
sleep 3
if hciconfig hci0 2>/dev/null; then
hciconfig hci0 up
logger -t bt-reset "hci0 restored after module reload"
else
logger -t bt-reset "ERROR: hci0 not found after module reload"
exit 1
fi
# Restart the bluetooth systemd service so bluetoothd picks up the adapter
systemctl restart bluetooth.service
logger -t bt-reset "bluetooth.service restarted done"
'';
in
{
options = {
mod.home-assistant = {
extraConfig = lib.mkOption {
type = lib.types.lines;
default = "";
description = "Extra YAML to append to Home Assistant's configuration.yaml";
};
};
};
config = {
mod.homepage.services = [
{
name = "Home Assistant";
port = 8123;
description = "Home automation";
}
];
hardware.bluetooth.enable = true;
virtualisation.oci-containers = {
backend = "podman";
containers.homeassistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
volumes = [
"/home/alex/.config/home-assistant:/config"
"${configFile}:/config/configuration.yaml:ro"
# Pass in bluetooth
"/run/dbus:/run/dbus:ro"
];
environment.TZ = "Europe/Stockholm";
extraOptions = [
"--network=host"
# Allows HA to perform low-level network operations (scan/reset adapter)
"--cap-add=NET_ADMIN"
"--cap-add=NET_RAW"
# Pass in Zigbee antenna
"--device=/dev/serial/by-id/usb-Nabu_Casa_ZBT-2_9C139EAAD464-if00:/dev/ttyACM0"
];
};
};
services = {
blueman.enable = true;
nginx = lib.mkIf nginxEnabled {
recommendedProxySettings = true;
virtualHosts."ha.ppp.pm" = {
forceSSL = true;
useACMEHost = "ha.ppp.pm";
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8123";
proxyWebsockets = true;
};
};
};
# Trigger reset via udev when hci0 disappears
udev.extraRules = ''
ACTION=="remove", SUBSYSTEM=="bluetooth", KERNEL=="hci0", \
TAG+="systemd", ENV{SYSTEMD_WANTS}+="bt-reset.service"
'';
};
systemd = {
services = {
# Trigger reset on bluetoothd failure
bluetooth = {
unitConfig.OnFailure = [ "bt-reset.service" ];
};
bt-reset = {
description = "Reset Bluetooth adapter";
after = [ "bluetooth.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = btResetScript;
Restart = "on-failure";
RestartSec = "10s";
StartLimitIntervalSec = "120";
StartLimitBurst = 3;
};
};
};
timers.bt-reset = {
description = "Periodically reset Bluetooth adapter";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5min"; # first run 5 min after boot
OnUnitActiveSec = "4h"; # then every 4 hours
RandomizedDelaySec = "5min";
};
};
user = {
timers = {
"update-hetzner-dns" = {
unitConfig = {
Description = "updates Hetzner DNS records";
};
timerConfig = {
Unit = "update-hetzner-dns.service";
OnCalendar = "*-*-* *:00/30:00";
Persistent = true;
};
wantedBy = [ "timers.target" ];
};
};
services = {
"update-hetzner-dns" = {
unitConfig = {
Description = "updates Hetzner DNS records";
};
serviceConfig = {
Type = "exec";
EnvironmentFile = config.age.secrets.hetzner-dns.path;
};
path = [
pkgs.curl
pkgs.coreutils
pkgs.jq
];
script = ''
SUBDOMAINS="ha komga romm"
INTERFACE="enp3s0"
CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me)
for SUBDOMAIN in $SUBDOMAINS; do
LAST_IP_FILE="/tmp/hetzner-dns-''${SUBDOMAIN}-ip"
LAST_IP=""
if [[ -f "$LAST_IP_FILE" ]]; then
LAST_IP=$(cat "$LAST_IP_FILE")
fi
if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then
echo "$SUBDOMAIN: IP unchanged, NOOP update."
else
echo "$SUBDOMAIN: Updating IP"
JSON_BODY=$(jq -n --arg ip "$CURRENT_IP" '{records: [{value: $ip}]}')
curl \
--fail \
-X POST \
-H "Authorization: Bearer $HETZNER_API_TOKEN" \
-H "Content-Type: application/json" \
-d "$JSON_BODY" \
"https://api.hetzner.cloud/v1/zones/ppp.pm/rrsets/''${SUBDOMAIN}/A/actions/set_records" \
&& echo $CURRENT_IP > $LAST_IP_FILE
fi
done
'';
};
};
};
};
age = {
secrets = {
"hetzner-dns" = {
file = ../../../../secrets/manatee/hetzner-dns.age;
owner = "alex";
group = "users";
};
};
};
};
}
hosts/manatee/modules/homepage/default.nix
-111
View File
@@ -1,111 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.homepage.enable;
nginxEnabled = config.mod.nginx.enable;
services = config.mod.homepage.services;
serviceToCard = svc: ''
<a class="card" href="http://manatee:${toString svc.port}">
<div class="name">${svc.name}</div>
<div class="desc">${svc.description}</div>
<div class="port">:${toString svc.port}</div>
</a>
'';
page = pkgs.writeTextDir "index.html" ''
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>manatee</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
background: #1a1b26;
color: #c0caf5;
min-height: 100vh;
padding: 3rem 1.5rem;
}
h1 {
text-align: center;
font-size: 1.5rem;
font-weight: 400;
color: #7aa2f7;
margin-bottom: 2rem;
}
.grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(200px, 1fr));
gap: 1rem;
max-width: 900px;
margin: 0 auto;
}
.card {
display: block;
background: #24283b;
border: 1px solid #414868;
border-radius: 8px;
padding: 1.25rem;
text-decoration: none;
color: inherit;
transition: border-color 0.15s;
}
.card:hover { border-color: #7aa2f7; }
.name { font-size: 1.1rem; font-weight: 600; color: #c0caf5; }
.desc { font-size: 0.85rem; color: #565f89; margin-top: 0.35rem; }
.port { font-size: 0.8rem; color: #414868; margin-top: 0.5rem; font-family: monospace; }
</style>
</head>
<body>
<h1>manatee</h1>
<div class="grid">
${lib.concatMapStrings serviceToCard services}
</div>
</body>
</html>
'';
in
{
options = {
mod.homepage = {
enable = lib.mkEnableOption "Enable homepage module";
services = lib.mkOption {
type = lib.types.listOf (
lib.types.submodule {
options = {
name = lib.mkOption { type = lib.types.str; };
port = lib.mkOption { type = lib.types.port; };
description = lib.mkOption { type = lib.types.str; };
};
}
);
default = [ ];
description = "Services to display on the homepage";
};
};
};
config = lib.mkIf (enabled && nginxEnabled) {
services.nginx.virtualHosts."homepage" = {
listen = [
{
addr = "0.0.0.0";
port = 9999;
}
];
root = page;
locations."/" = {
index = "index.html";
};
};
networking.firewall.allowedTCPPorts = [ 9999 ];
};
}
hosts/manatee/modules/immich/default.nix
-43
View File
@@ -1,43 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.immich.enable;
in
{
options = {
mod.immich = {
enable = lib.mkEnableOption "Enable immich module";
};
};
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Immich";
port = 2283;
description = "Photo library";
}
];
users.users.immich = {
isSystemUser = true;
group = "storage";
extraGroups = [
"render"
"video"
];
};
services.immich = {
enable = true;
user = "immich";
group = "storage";
host = "0.0.0.0";
mediaLocation = "/mnt/cameras/public";
accelerationDevices = [ "/dev/dri/renderD128" ];
};
};
}
hosts/manatee/modules/jellyfin/default.nix
-68
View File
@@ -1,68 +0,0 @@
{
lib,
pkgs,
config,
...
}:
let
enabled = config.mod.jellyfin.enable;
in
{
options = {
mod.jellyfin = {
enable = lib.mkEnableOption "Enable jellyfin module";
};
};
config = lib.mkIf enabled {
users.users.jellyfin = {
isSystemUser = true;
group = "storage";
extraGroups = [
"render"
"video"
];
};
hardware = {
graphics = {
enable = true;
extraPackages = [
pkgs.intel-media-driver # Modern Intel VA-API driver (needed for N305)
pkgs.libvdpau-va-gl # VDPAU backend for VA-API GLX interop
pkgs.intel-compute-runtime # OpenCL support
];
};
};
services = {
jellyfin = {
enable = true;
openFirewall = true;
user = "jellyfin";
group = "storage";
};
};
mod.homepage.services = [
{
name = "Jellyfin";
port = 8096;
description = "Media streaming";
}
];
networking = {
firewall.allowedTCPPorts = [ 8096 ];
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
};
}
hosts/manatee/modules/komga/default.nix
-157
View File
@@ -1,157 +0,0 @@
{
inputs,
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.komga.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
options = {
mod.komga = {
enable = lib.mkEnableOption "Enable komga module";
};
};
imports = [
inputs.komga-comictracker.nixosModules.default
inputs.komga-bookmanager.nixosModules.default
inputs.komga-reading-stats.nixosModules.default
];
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Komga";
port = 8002;
description = "Comic library";
}
{
name = "Komga Reader";
port = 8888;
description = "Comic reader";
}
{
name = "Komga Book Manager";
port = 8686;
description = "Book manager";
}
{
name = "Komga Reading Stats";
port = 8787;
description = "Reading stats";
}
];
users.users.komga = {
isSystemUser = true;
group = "storage";
};
services.komga = {
enable = true;
user = "komga";
group = "storage";
settings = {
server.port = 8002;
komga."cors.allowed-origins" = [
"http://manatee:8888"
"https://komga.ppp.pm"
];
};
openFirewall = true;
};
services.nginx = lib.mkIf nginxEnabled {
virtualHosts."komga-reader" = {
listen = [
{
addr = "0.0.0.0";
port = 8888;
}
];
root = (pkgs.writeTextDir "komga-reader.html" (builtins.readFile ./komga-reader.html));
locations."/" = {
index = "komga-reader.html";
tryFiles = "$uri $uri/ /komga-reader.html";
};
};
virtualHosts."komga.ppp.pm" = {
forceSSL = true;
useACMEHost = "komga.ppp.pm";
locations."/" = {
proxyPass = "http://127.0.0.1:8002";
proxyWebsockets = true;
};
};
};
networking.firewall.allowedTCPPorts = [ 8888 ];
programs.comictracker = {
enable = true;
komgaUrl = "http://127.0.0.1:8002";
komgaLibraryId = "0NVZH5AK3RPE1";
secretsFile = config.age.secrets.komga-comicbooktracker-credentials.path;
};
services.komga-book-manager = {
enable = true;
port = 8686;
group = "storage";
komgaUrl = "http://127.0.0.1:8002";
credentialsFile = config.age.secrets.komga-bookmanager-credentials.path;
libraryRoot = "/mnt/media/public/books";
libraryId = "0PNE1NEPY6995";
};
services.komga-reading-stats = {
enable = true;
host = "0.0.0.0";
port = 8787;
origin = "http://manatee:8787";
anthropicApiKeyFile = config.age.secrets.komga-reading-stats-claude-api-key.path;
claudeModel = "claude-sonnet-4-6";
komga = {
url = "http://127.0.0.1:8002";
apiKeyFile = config.age.secrets.komga-reading-stats-komga-api-key.path;
};
};
age.secrets = {
"komga-comicbooktracker-credentials" = {
file = ../../../../secrets/manatee/komga-comicbooktracker-credentials.age;
owner = "alex";
group = "users";
};
"komga-bookmanager-credentials" = {
file = ../../../../secrets/manatee/komga-bookmanager-credentials.age;
owner = "alex";
group = "users";
};
"komga-reading-stats-claude-api-key" = {
file = ../../../../secrets/manatee/komga-reading-stats-claude-api-key.age;
mode = "0440";
group = "komga-reading-stats";
};
"komga-reading-stats-komga-api-key" = {
file = ../../../../secrets/manatee/komga-reading-stats-komga-api-key.age;
mode = "0440";
group = "komga-reading-stats";
};
};
};
}
hosts/manatee/modules/komga/komga-reader.html
-1553
View File
File diff suppressed because it is too large Load Diff
hosts/manatee/modules/navidrome/default.nix
-41
View File
@@ -1,41 +0,0 @@
{
lib,
pkgs,
config,
...
}:
let
navidromeEnabled = config.mod.navidrome.enable;
in
{
options = {
mod.navidrome = {
enable = lib.mkEnableOption "Enable navidrome module";
};
};
config = {
mod.homepage.services = lib.mkIf navidromeEnabled [
{
name = "Navidrome";
port = 4533;
description = "Music streaming";
}
];
services = lib.mkIf navidromeEnabled {
navidrome = {
enable = true;
openFirewall = true;
user = "navidrome";
group = "storage";
settings = {
Port = 4533;
Address = "0.0.0.0";
MusicFolder = "/mnt/media/public/music";
};
};
};
};
}
hosts/manatee/modules/network/default.nix
-50
View File
@@ -1,50 +0,0 @@
{ ... }:
let
hostAddress = "192.168.50.203";
in
{
networking = {
hostName = "manatee";
# Required for asymmetric routing (sending replies out a different interface
# than the default route). Without this, the kernel drops the return traffic.
firewall.checkReversePath = "loose";
defaultGateway = "192.168.50.1";
nameservers = [ "1.1.1.1" ];
interfaces = {
enp3s0 = {
useDHCP = false;
ipv4 = {
addresses = [
{
address = hostAddress;
prefixLength = 24;
}
];
};
ipv4.routes = [
{
address = "0.0.0.0";
prefixLength = 0;
via = "192.168.50.1"; # Router
options = {
table = "100";
};
}
];
};
};
localCommands = ''
# Ensure local LAN traffic uses the main table, e.g. responds to the local machine
ip rule list | grep -q "192.168.50.0/24 lookup main" || \
ip rule add to 192.168.50.0/24 lookup main priority 4999
# All other traffic from this IP uses Table 100 (e.g. responds to router and back out)
ip rule list | grep -q "from ${hostAddress} lookup 100" || \
ip rule add from ${hostAddress} lookup 100 priority 5000
'';
};
}
hosts/manatee/modules/nginx/default.nix
-28
View File
@@ -1,28 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.nginx.enable;
in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "Enable nginx module";
};
};
config = lib.mkIf enabled {
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
networking = {
firewall = {
allowedTCPPorts = [ 443 ];
};
};
};
}
hosts/manatee/modules/romm/default.nix
-216
View File
@@ -1,216 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.romm.enable;
nginxEnabled = config.mod.nginx.enable;
configFile = pkgs.writeText "romm-config.yml" ''
filesystem:
skip_hash_calculation: false
exclude:
roms:
single_file:
extensions:
- xml
- txt
- nfo
- dat
- jpg
- png
names:
- '._*'
- 'Thumbs.db'
- '.DS_Store'
'';
in
{
options = {
mod.romm = {
enable = lib.mkEnableOption "Enable romm module";
};
};
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "RomM";
port = 8085;
description = "ROM library manager";
}
];
systemd.tmpfiles.rules = [
"d /var/lib/romm 0755 root root -"
"d /var/lib/romm/db 0755 root root -"
"d /var/lib/romm/redis 0755 999 1000 -"
"d /var/lib/romm/resources 0755 root root -"
"d /var/lib/romm/assets 0755 root root -"
];
systemd.services.romm-net = {
description = "Create Podman network for RomM";
after = [ "podman.service" ];
requires = [ "podman.service" ];
before = [
"podman-romm.service"
"podman-romm-db.service"
"podman-romm-redis.service"
];
requiredBy = [
"podman-romm.service"
"podman-romm-db.service"
"podman-romm-redis.service"
];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writeShellScript "romm-net-create" ''
${pkgs.podman}/bin/podman network exists romm-net \
|| ${pkgs.podman}/bin/podman network create romm-net
'';
ExecStop = "${pkgs.podman}/bin/podman network rm -f romm-net";
};
};
virtualisation.oci-containers = {
backend = "podman";
containers.romm-db = {
image = "mariadb:latest";
environment = {
MARIADB_DATABASE = "romm";
MARIADB_USER = "romm";
};
environmentFiles = [
config.age.secrets.romm-db-password.path
];
volumes = [
"/var/lib/romm/db:/var/lib/mysql"
];
extraOptions = [
"--network=romm-net"
];
};
containers.romm-redis = {
image = "redis:alpine";
volumes = [
"/var/lib/romm/redis:/data"
];
extraOptions = [
"--network=romm-net"
"--user=root"
];
};
containers.romm = {
image = "rommapp/romm:latest";
dependsOn = [
"romm-db"
"romm-redis"
];
environment = {
DB_HOST = "romm-db";
DB_PORT = "3306";
DB_NAME = "romm";
DB_USER = "romm";
REDIS_HOST = "romm-redis";
REDIS_PORT = "6379";
ROMM_AUTH_ENABLED = "true";
};
environmentFiles = [
config.age.secrets.romm-auth-secret-key.path
config.age.secrets.romm-db-password.path
config.age.secrets.romm-metadata-api-keys.path
];
ports = [
"127.0.0.1:8086:8080"
];
volumes = [
"${configFile}:/romm/config/config.yml:ro"
"/mnt/media/public/games:/romm/library"
"/var/lib/romm/resources:/romm/resources"
"/var/lib/romm/assets:/romm/assets"
];
extraOptions = [
"--network=romm-net"
];
};
};
services.nginx = lib.mkIf nginxEnabled {
virtualHosts."romm-local" = {
listen = [
{
addr = "0.0.0.0";
port = 8085;
}
];
extraConfig = ''
client_max_body_size 0;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8086";
proxyWebsockets = true;
};
};
virtualHosts."romm.ppp.pm" = {
forceSSL = true;
useACMEHost = "romm.ppp.pm";
extraConfig = ''
client_max_body_size 0;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8086";
proxyWebsockets = true;
};
};
};
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.firewall.allowedTCPPorts = [ 8085 ];
age.secrets = {
"romm-auth-secret-key" = {
file = ../../../../secrets/manatee/romm-auth-secret-key.age;
owner = "root";
group = "root";
};
"romm-db-password" = {
file = ../../../../secrets/manatee/romm-db-password.age;
owner = "root";
group = "root";
};
"romm-metadata-api-keys" = {
file = ../../../../secrets/manatee/romm-metadata-api-keys.age;
owner = "root";
group = "root";
};
};
};
}
hosts/manatee/modules/ssh/default.nix
-120
View File
@@ -1,120 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.ssh.enable;
authorizedKeysPath = "/home/alex/.ssh/authorized-keys";
rootSSHKeyPath = "/etc/ssh";
in
{
options = {
mod.ssh = {
enable = lib.mkEnableOption "enable ssh module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.ssh = {
enable = true;
enableDefaultConfig = false;
settings = {
"git.ppp.pm" = {
hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
};
"*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
};
};
};
environment.etc."ssh/authorized_keys_command" = {
mode = "0755";
text = ''
#!${pkgs.bash}/bin/bash
for file in ${authorizedKeysPath}/*; do
${pkgs.coreutils}/bin/cat "$file"
done
'';
};
services = {
openssh = {
enable = true;
ports = [ 1122 ];
hostKeys = [
{
path = "${rootSSHKeyPath}/root.manatee";
type = "ed25519";
}
];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
authorizedKeysCommand = "/etc/ssh/authorized_keys_command";
authorizedKeysCommandUser = "root";
};
};
networking = {
firewall = {
allowedTCPPorts = [ 1122 ];
};
};
age.secrets = {
"root.manatee" = {
file = ../../../../secrets/manatee/root.manatee.age;
path = "${rootSSHKeyPath}/root.manatee";
};
"root.manatee.pub" = {
file = ../../../../secrets/manatee/root.manatee.pub.age;
path = "${rootSSHKeyPath}/root.manatee.pub";
};
"alex.pinwheel-manatee.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-manatee.pub";
};
"alex.backwards-manatee.pub" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
path = "${authorizedKeysPath}/alex.backwards-manatee.pub";
};
"alex.manatee-git.ppp.pm" = {
file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
owner = "alex";
group = "users";
};
"alex.manatee-git.ppp.pm.pub" = {
file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.pub.age;
path = "/home/alex/.ssh/alex.manatee-git.ppp.pm.pub";
owner = "alex";
group = "users";
};
};
};
}
hosts/manatee/modules/syncthing/default.nix
-69
View File
@@ -1,69 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.syncthing.enable;
in
{
options = {
mod.syncthing = {
enable = lib.mkEnableOption "Enable syncthing module";
};
};
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Syncthing";
port = 8384;
description = "File sync";
}
];
services.syncthing = {
enable = true;
cert = config.age.secrets.syncthing-cert.path;
key = config.age.secrets.syncthing-key.path;
user = "storage";
group = "storage";
dataDir = "/mnt/sync/public";
guiAddress = "0.0.0.0:8384";
settings = {
gui = {
user = "syncthing";
password = "$2a$12$YBcqhl8AXpoLmIWikuMtkOQLcrPXKKj0xY/qy4hggWnfjeVLQ3Ct6";
insecureSkipHostcheck = false;
};
devices = {
pinwheel.id = config.lib.syncthing.pinwheel;
};
folders = {
org = {
path = "/mnt/sync/public/org";
devices = [
"pinwheel"
];
versioning = {
type = "staggered";
params = {
maxage = "2592000"; # 30 days
};
};
};
};
};
};
age = {
secrets = {
"syncthing-cert".file = ../../../../secrets/manatee/syncthing-cert.age;
"syncthing-key".file = ../../../../secrets/manatee/syncthing-key.age;
};
};
};
}
hosts/manatee/modules/tailscale/default.nix
-11
View File
@@ -1,11 +0,0 @@
{ ... }:
{
# If an exit node is used, set:
# tailscale set --exit-node-allow-lan-access
services.tailscale.enable = true;
networking.firewall = {
checkReversePath = "loose";
allowedUDPPorts = [ 41641 ];
};
}
hosts/pinwheel/configuration.nix
+1 -4
View File
@@ -17,10 +17,7 @@
users.users.alex = { users.users.alex = {
isNormalUser = true; isNormalUser = true;
description = "alex"; description = "alex";
extraGroups = [ extraGroups = [ "wheel" ];
"wheel"
"networkmanager"
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
hosts/pinwheel/home.nix
+3 -7
View File
@@ -14,21 +14,17 @@
home.homeDirectory = "/home/alex"; home.homeDirectory = "/home/alex";
home.packages = [ home.packages = [
inputs.whib-backend.packages.${pkgs.stdenv.hostPlatform.system}.whib-import inputs.whib-backend.packages.${pkgs.system}.whib-import
# pkgs.beekeeper-studio pkgs.beekeeper-studio
pkgs.bitwarden-desktop pkgs.bitwarden-desktop
pkgs.gimp pkgs.gimp
pkgs.zip pkgs.zip
pkgs.unzip
pkgs.unar pkgs.unar
pkgs.jq pkgs.jq
pkgs.dbeaver-bin pkgs.dbeaver-bin
pkgs.htop pkgs.htop
pkgs.onlyoffice-desktopeditors pkgs.onlyoffice-bin
pkgs.wdisplays pkgs.wdisplays
pkgs.vlc
pkgs.claude-code
pkgs.opencode
]; ];
home.stateVersion = "23.05"; home.stateVersion = "23.05";
hosts/pinwheel/modules/age/default.nix
+1 -1
View File
@@ -11,7 +11,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default inputs.agenix.packages."${pkgs.system}".default
]; ];
}; };
} }
hosts/pinwheel/modules/bluetooth/default.nix
+8
View File
@@ -30,6 +30,12 @@ in
# Low battery notification for bluetooth devices # Low battery notification for bluetooth devices
systemd.user = systemd.user =
let let
trackpad = {
id = "battery_hid_a8o91o3doe5ofeo38_battery";
name = "trackpad";
threshold = "20";
};
headphones = { headphones = {
id = "headset_dev_38_18_4C_18_A4_6E"; id = "headset_dev_38_18_4C_18_A4_6E";
name = "headphones"; name = "headphones";
@@ -59,6 +65,7 @@ in
in in
builtins.listToAttrs ( builtins.listToAttrs (
builtins.map mkTimer [ builtins.map mkTimer [
trackpad
headphones headphones
] ]
); );
@@ -112,6 +119,7 @@ in
in in
builtins.listToAttrs ( builtins.listToAttrs (
builtins.map mkService [ builtins.map mkService [
trackpad
headphones headphones
] ]
); );
hosts/pinwheel/modules/colors/default.nix
+1 -1
View File
@@ -3,7 +3,7 @@
colors = { colors = {
foreground = "bd93f9"; foreground = "bd93f9";
foreground-dim = "644294"; foreground-dim = "644294";
background = "1E1E2F"; background = "1E2029";
gray = "3a3a3a"; gray = "3a3a3a";
warning = "ff6969"; warning = "ff6969";
hosts/pinwheel/modules/default.nix
+1 -2
View File
@@ -14,7 +14,7 @@ in
nix-index.enable = false; nix-index.enable = false;
greetd.enable = true; greetd.enable = true;
hyprland.enable = true; hyprland.enable = true;
hyprlock.enable = true; swaylock.enable = true;
physlock.enable = false; physlock.enable = false;
power.enable = true; power.enable = true;
@@ -33,7 +33,6 @@ in
rust.enable = true; rust.enable = true;
scala.enable = true; scala.enable = true;
python.enable = true; python.enable = true;
gleam.enable = true;
keyboard.enable = true; keyboard.enable = true;
containers = { containers = {
hosts/pinwheel/modules/dunst/default.nix
+2
View File
@@ -7,6 +7,8 @@
settings = { settings = {
global = { global = {
monitor = 1; monitor = 1;
width = 300;
height = 300;
offset = "10x10"; offset = "10x10";
origin = "top-right"; origin = "top-right";
transparency = 10; transparency = 10;
hosts/pinwheel/modules/emacs/config.org
+11 -50
View File
@@ -479,34 +479,7 @@ Setup prefix for keybindings.
* Flycheck * Flycheck
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package flycheck (use-package flycheck)
:preface
(defun mp-flycheck-eldoc (callback &rest _ignored)
"Print flycheck messages at point by calling CALLBACK."
(when-let ((flycheck-errors (and flycheck-mode (flycheck-overlay-errors-at (point)))))
(mapc
(lambda (err)
(funcall callback
(format "%s: %s"
(let ((level (flycheck-error-level err)))
(pcase level
('info (propertize "I" 'face 'flycheck-error-list-info))
('error (propertize "E" 'face 'flycheck-error-list-error))
('warning (propertize "W" 'face 'flycheck-error-list-warning))
(_ level)))
(flycheck-error-message err))
:thing (or (flycheck-error-id err)
(flycheck-error-group err))
:face 'font-lock-doc-face))
flycheck-errors)))
(defun mp-flycheck-prefer-eldoc ()
(add-hook 'eldoc-documentation-functions #'mp-flycheck-eldoc nil t)
(setq eldoc-documentation-strategy 'eldoc-documentation-compose-eagerly)
(setq flycheck-display-errors-function nil)
(setq flycheck-help-echo-function nil))
:hook ((flycheck-mode . mp-flycheck-prefer-eldoc)))
(use-package flycheck-eglot (use-package flycheck-eglot
:after (flycheck eglot) :after (flycheck eglot)
@@ -530,12 +503,6 @@ Setup prefix for keybindings.
(add-hook 'before-save-hook #'eglot-format-buffer -10 t)))) (add-hook 'before-save-hook #'eglot-format-buffer -10 t))))
(use-package eglot (use-package eglot
:preface
(defun mp-eglot-eldoc ()
(setq eldoc-echo-area-use-multiline-p nil)
(setq eldoc-documentation-strategy
'eldoc-documentation-compose-eagerly))
:config :config
(add-to-list 'eglot-server-programs (add-to-list 'eglot-server-programs
'(scala-mode . '(scala-mode .
@@ -544,9 +511,6 @@ Setup prefix for keybindings.
(add-to-list 'eglot-server-programs (add-to-list 'eglot-server-programs
'(nix-mode . ("nixd"))) '(nix-mode . ("nixd")))
(add-to-list 'eglot-server-programs
'(gleam-ts-mode . ("gleam" "lsp")))
(setq-default eglot-workspace-configuration (setq-default eglot-workspace-configuration
'( '(
:metals ( :metals (
@@ -555,11 +519,7 @@ Setup prefix for keybindings.
) )
) )
:custom
(eglot-code-action-indications nil)
:hook ( :hook (
(eglot-managed-mode . mp-eglot-eldoc)
(go-mode . eglot-ensure) (go-mode . eglot-ensure)
(go-mode . alex/organize-imports-on-save) (go-mode . alex/organize-imports-on-save)
(go-mode . alex/format-on-save) (go-mode . alex/format-on-save)
@@ -569,9 +529,6 @@ Setup prefix for keybindings.
(nix-mode . eglot-ensure) (nix-mode . eglot-ensure)
(nix-mode . alex/format-on-save) (nix-mode . alex/format-on-save)
(gleam-ts-mode . eglot-ensure)
(gleam-ts-mode . alex/format-on-save)
(python-mode . eglot-ensure) (python-mode . eglot-ensure)
(javascript-mode . eglot-ensure) (javascript-mode . eglot-ensure)
(js-mode . eglot-ensure) (js-mode . eglot-ensure)
@@ -588,6 +545,16 @@ Setup prefix for keybindings.
) )
) )
(use-package eglot-booster
:after eglot
:config (eglot-booster-mode))
#+END_SRC
** Eldoc-box
#+BEGIN_SRC emacs-lisp
(use-package eldoc-box
:after eglot
:bind (:map eglot-mode-map
("M-h" . eldoc-box-help-at-point)))
#+END_SRC #+END_SRC
** Go ** Go
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
@@ -606,12 +573,6 @@ Setup prefix for keybindings.
) )
) )
#+END_SRC #+END_SRC
** Gleam
#+BEGIN_SRC emacs-lisp
(use-package gleam-ts-mode
:mode "\\.gleam\\'"
)
#+END_SRC
** YAML ** YAML
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package yaml-mode (use-package yaml-mode
hosts/pinwheel/modules/emacs/default.nix
+13
View File
@@ -12,6 +12,18 @@ let
epkgs.flymake-go-staticcheck epkgs.flymake-go-staticcheck
epkgs.tree-sitter-langs epkgs.tree-sitter-langs
epkgs.treesit-grammars.with-all-grammars epkgs.treesit-grammars.with-all-grammars
(epkgs.trivialBuild {
pname = "eglot-booster";
version = "main-2024-04-11";
src = pkgs.fetchFromGitHub {
owner = "jdtsmith";
repo = "eglot-booster";
rev = "e19dd7ea81bada84c66e8bdd121408d9c0761fe6";
hash = "sha256-vF34ZoUUj8RENyH9OeKGSPk34G6KXZhEZozQKEcRNhs=";
};
})
]; ];
}; };
@@ -38,6 +50,7 @@ in
ec ec
emacs emacs
pkgs.wl-clipboard pkgs.wl-clipboard
pkgs.emacs-lsp-booster
pkgs.nixd pkgs.nixd
]; ];
}; };
hosts/pinwheel/modules/firefox/default.nix
+2 -2
View File
@@ -29,14 +29,14 @@ let
ff = pkgs.writeShellApplication { ff = pkgs.writeShellApplication {
name = "ff"; name = "ff";
text = '' text = ''
${wrapped}/bin/firefox-devedition --ProfileManager ${wrapped}/bin/firefox --ProfileManager
''; '';
}; };
ff-alex = pkgs.writeShellApplication { ff-alex = pkgs.writeShellApplication {
name = "ff-alex"; name = "ff-alex";
text = '' text = ''
${wrapped}/bin/firefox-devedition -P alex --new-window "$@" ${wrapped}/bin/firefox -P alex --new-window "$@"
''; '';
}; };
hosts/pinwheel/modules/fonts/default.nix
+2 -2
View File
@@ -3,8 +3,8 @@
fonts.packages = [ fonts.packages = [
pkgs.noto-fonts pkgs.noto-fonts
pkgs.noto-fonts-cjk-sans pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-color-emoji pkgs.noto-fonts-emoji
pkgs.nerd-fonts.jetbrains-mono pkgs.nerdfonts
pkgs.liberation_ttf pkgs.liberation_ttf
]; ];
} }
hosts/pinwheel/modules/fzf/default.nix
+1 -1
View File
@@ -1,4 +1,4 @@
{ ... }: { pkgs, ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
programs.fzf = { programs.fzf = {
hosts/pinwheel/modules/git/default.nix
+2 -32
View File
@@ -15,7 +15,7 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
home-manager.users.alex = { lib, ... }: { home-manager.users.alex = {
programs.git = { programs.git = {
enable = true; enable = true;
@@ -23,26 +23,11 @@ in
{ path = ./gitconfig; } { path = ./gitconfig; }
]; ];
signing = { extraConfig = {
key = config.age.secrets."alex.pinwheel-github.com-signing.pub".path;
signByDefault = true;
};
settings = {
rerere.enable = true; rerere.enable = true;
# Tells Git to use SSH instead of the default GPG
gpg.format = "ssh";
}; };
}; };
home.file.".ssh/config".target = ".ssh/config_source";
home.activation.sshConfig = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
run cat ~/.ssh/config_source > ~/.ssh/config
run chmod 600 ~/.ssh/config
'';
home.packages = [ pkgs.tig ]; home.packages = [ pkgs.tig ];
home.file.".tigrc".text = '' home.file.".tigrc".text = ''
@@ -50,20 +35,5 @@ in
set main-view-line-number-interval = 1 set main-view-line-number-interval = 1
''; '';
}; };
age.secrets = {
"alex.pinwheel-github.com-signing" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-github.com-signing.age;
path = "/home/alex/.ssh/alex.pinwheel-github.com-signing";
owner = "alex";
group = "users";
};
"alex.pinwheel-github.com-signing.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-github.com-signing.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-github.com-signing.pub";
owner = "alex";
group = "users";
};
};
}; };
} }
hosts/pinwheel/modules/git/gitconfig
+3
View File
@@ -5,5 +5,8 @@
[url "git@github.com:"] [url "git@github.com:"]
insteadOf = https://github.com/ insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/
[url "gitea@git.ppp.pm:"] [url "gitea@git.ppp.pm:"]
insteadOf = https://git.ppp.pm/ insteadOf = https://git.ppp.pm/
hosts/pinwheel/modules/gleam/default.nix
-25
View File
@@ -1,25 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.gleam.enable;
in
{
options = {
mod.gleam = {
enable = lib.mkEnableOption "enable gleam module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
home.packages = [
pkgs.gleam
pkgs.erlang
];
};
};
}
hosts/pinwheel/modules/go/default.nix
+15 -3
View File
@@ -15,14 +15,26 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
nixpkgs.overlays =
let
buildGo122 = pkgs: pkg: pkg.override { buildGoModule = pkgs.buildGo122Module; };
in
[
(final: prev: {
go = prev.go_1_22;
gopls = buildGo122 prev prev.gopls;
go-tools = buildGo122 prev prev.go-tools;
govulncheck = buildGo122 prev prev.govulncheck;
gotestsum = buildGo122 prev prev.gotestsum;
})
];
home-manager.users.alex = { home-manager.users.alex = {
programs.go = { programs.go = {
enable = true; enable = true;
package = pkgs.go; package = pkgs.go;
env = { goPath = "code/go";
GOPATH = "/home/alex/code/go";
};
}; };
home.packages = [ home.packages = [
hosts/pinwheel/modules/greetd/default.nix
+1 -1
View File
@@ -22,7 +22,7 @@ in
let let
session = { session = {
user = "alex"; user = "alex";
command = "uwsm start hyprland-uwsm.desktop"; command = "${pkgs.hyprland}/bin/Hyprland";
}; };
in in
{ {
hosts/pinwheel/modules/hyprland/default.nix
+94 -110
View File
@@ -1,5 +1,4 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
config, config,
@@ -7,61 +6,6 @@
}: }:
let let
enabled = config.mod.hyprland.enable; enabled = config.mod.hyprland.enable;
monitorScript = pkgs.writeShellScript "hyprland-monitor-handler" ''
INTERNAL="eDP-1"
EXTERNAL_MONITORS="HDMI-A-1 DP-3"
HYPRCTL="${pkgs.hyprland}/bin/hyprctl"
JQ="${pkgs.jq}/bin/jq"
get_active_external() {
# Return the first connected external monitor
for mon in $EXTERNAL_MONITORS; do
if $HYPRCTL monitors -j | $JQ -e ".[] | select(.name == \"$mon\")" > /dev/null 2>&1; then
echo "$mon"
return 0
fi
done
return 1
}
bind_workspaces() {
local external batch=""
if external=$(get_active_external); then
# External monitor connected: move workspaces 1-5 to external, 6-10 to internal
for ws in 1 2 3 4 5; do
batch="$batch dispatch moveworkspacetomonitor $ws $external;"
done
for ws in 6 7 8 9 10; do
batch="$batch dispatch moveworkspacetomonitor $ws $INTERNAL;"
done
else
# No external monitor: move all workspaces to internal
for ws in 1 2 3 4 5 6 7 8 9 10; do
batch="$batch dispatch moveworkspacetomonitor $ws $INTERNAL;"
done
fi
$HYPRCTL --batch "$batch"
}
handle_event() {
case $1 in
monitoradded*|monitorremoved*)
sleep 0.5
bind_workspaces
;;
esac
}
# Bind workspaces on startup
bind_workspaces
${pkgs.socat}/bin/socat -U - UNIX-CONNECT:"$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock" | while read -r line; do
handle_event "$line"
done
'';
in in
{ {
options = { options = {
@@ -71,49 +15,28 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
programs.hyprland = { home-manager.users.alex = {
wayland.windowManager.hyprland = {
enable = true; enable = true;
withUWSM = true;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage =
inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
xwayland = { xwayland = {
enable = true; enable = true;
}; };
};
home-manager.users.alex = {
wayland.windowManager.hyprland = {
enable = true;
systemd.enable = false;
extraConfig = '' extraConfig = ''
exec-once = uwsm app -- waybar exec-once=waybar
exec-once = uwsm app -- hyprctl setcursor Adwaita 24
env = GDK_DPI_SCALE,1.5 env = GDK_DPI_SCALE,1.5
env = HYPRCURSOR_THEME,Adwaita env = XCURSOR_SIZE,64
env = HYPRCURSOR_SIZE,24
monitor=eDP-1, 1920x1200, auto-center-down, 1 monitor=eDP-1, 1920x1200, 0x0, 1
monitor=HDMI-A-1, 2560x1440@100, auto-center-up, 1
monitor=DP-3, 2560x1440@60, auto-center-up, 1
# Workspaces 1-5 on external monitors (HDMI-A-1 or DP-3) workspace = 1, monitor:HDMI-A-1
workspace = 1, monitor:HDMI-A-1, default:true
workspace = 2, monitor:HDMI-A-1 workspace = 2, monitor:HDMI-A-1
workspace = 3, monitor:HDMI-A-1 workspace = 3, monitor:HDMI-A-1
workspace = 4, monitor:HDMI-A-1 workspace = 4, monitor:HDMI-A-1
workspace = 5, monitor:HDMI-A-1 workspace = 5, monitor:HDMI-A-1
workspace = 1, monitor:DP-3, default:true workspace = 6, monitor:eDP-1
workspace = 2, monitor:DP-3
workspace = 3, monitor:DP-3
workspace = 4, monitor:DP-3
workspace = 5, monitor:DP-3
# Workspaces 6-10 on internal monitor
workspace = 6, monitor:eDP-1, default:true
workspace = 7, monitor:eDP-1 workspace = 7, monitor:eDP-1
workspace = 8, monitor:eDP-1 workspace = 8, monitor:eDP-1
workspace = 9, monitor:eDP-1 workspace = 9, monitor:eDP-1
@@ -121,14 +44,12 @@ in
workspace = w[tv1], gapsout:0, gapsin:0 workspace = w[tv1], gapsout:0, gapsin:0
workspace = f[1], gapsout:0, gapsin:0 workspace = f[1], gapsout:0, gapsin:0
windowrule = border_size 0, match:float 0, match:workspace w[tv1] windowrulev2 = bordersize 0, floating:0, onworkspace:w[tv1]
windowrule = rounding 0, match:float 0, match:workspace w[tv1] windowrulev2 = rounding 0, floating:0, onworkspace:w[tv1]
windowrule = border_size 0, match:float 0, match:workspace f[1] windowrulev2 = bordersize 0, floating:0, onworkspace:f[1]
windowrule = rounding 0, match:float 0, match:workspace f[1] windowrulev2 = rounding 0, floating:0, onworkspace:f[1]
# https://wiki.archlinux.org/title/Hyprland#Jetbrains_apps_focus_issues
windowrule = match:xwayland true, no_initial_focus on
exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
''; '';
settings = { settings = {
@@ -147,7 +68,6 @@ in
follow_mouse = 2; follow_mouse = 2;
sensitivity = 0.3; sensitivity = 0.3;
accel_profile = "flat";
touchpad = { touchpad = {
natural_scroll = false; natural_scroll = false;
tap-and-drag = false; tap-and-drag = false;
@@ -240,23 +160,6 @@ in
pkgs.wdisplays pkgs.wdisplays
pkgs.bc pkgs.bc
]; ];
systemd.user.services.hyprland-monitors = {
Unit = {
Description = "Hyprland monitor hotplug handler";
PartOf = [ "graphical-session.target" ];
After = [ "graphical-session.target" ];
};
Service = {
Type = "simple";
ExecStart = "${monitorScript}";
Restart = "on-failure";
RestartSec = 5;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
};
}; };
# To start electron apps like `chromium` with wayland support # To start electron apps like `chromium` with wayland support
@@ -275,6 +178,87 @@ in
# openGL is needed for wayland/hyprland # openGL is needed for wayland/hyprland
hardware.graphics.enable = true; hardware.graphics.enable = true;
boot.kernelParams = [ "i915.enable_psr=0" ]; systemd.user.services.hyprland-monitors = {
# systemctl --user restart hyprland-monitors.service
# journalctl --user -u hyprland-monitors.service -e -f
unitConfig = {
Description = "handles hyprland monitor connect/disconnect";
};
wantedBy = [ "graphical-session.target" ];
requires = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
path = [
pkgs.coreutils # to include `cat`
pkgs.waybar
pkgs.hyprland
pkgs.socat
pkgs.jq
pkgs.bc
pkgs.libnotify
];
script =
let
moveWSToMonitor =
monitor: first: last:
if last < first then
throw "'first' has to be less than or equal to 'last'"
else
builtins.genList (
n: "dispatch moveworkspacetomonitor ${builtins.toString (first + n)} ${monitor}"
) (last - first + 1);
external = moveWSToMonitor "HDMI-A-1" 1 5;
internal = moveWSToMonitor "eDPI-1" 6 10;
onlyInternal = moveWSToMonitor "eDPI-1" 1 10;
in
''
update() {
HDMI_STATUS=$(cat /sys/class/drm/card1-HDMI-A-1/status)
INTERNAL_WIDTH=1920
INTERNAL_HEIGHT=1200
if [ $HDMI_STATUS = "connected" ]; then
notify-send "Using external and laptop monitor"
hyprctl keyword monitor HDMI-A-1,preferred,0x0,1
HDMI=$(hyprctl monitors -j | jq '.[] | select(.name=="HDMI-A-1")')
HDMI_WIDTH=$(echo $HDMI | jq .width)
HDMI_HEIGHT=$(echo $HDMI | jq .height)
INTERNAL_POS_X=$(echo "($HDMI_WIDTH - $INTERNAL_WIDTH) / 2" | bc)
if (( $(echo "$INTERNAL_POS_X < 0" | bc) )); then INTERNAL_POS_X=0; fi
INTERNAL_POS_Y=$HDMI_HEIGHT
hyprctl keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,$INTERNAL_POS_X"x"$INTERNAL_POS_Y,1
hyprctl --batch "${lib.strings.concatStringsSep ";" (external ++ internal)}"
else
notify-send "Using only laptop monitor"
hyprctl --batch "keyword monitor HDMI-A,disable; keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,0x0,1"
hyprctl --batch "${lib.strings.concatStringsSep ";" onlyInternal}"
fi
}
handle() {
case $1 in
monitoradded\>\>*|monitorremoved\>\>*)
echo "handling event: \"$1\""
update ;;
esac
}
echo "Starting service with instance \"$HYPRLAND_INSTANCE_SIGNATURE\""
# Do initial configuration
update
socat -U - UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock | while read -r line; do handle "$line"; done
'';
};
}; };
} }
hosts/pinwheel/modules/javascript/default.nix
+1 -1
View File
@@ -1,6 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ pkgs.typescript-language-server ]; home.packages = [ pkgs.nodePackages.typescript-language-server ];
}; };
} }
hosts/pinwheel/modules/light/default.nix
+3 -2
View File
@@ -9,13 +9,14 @@ let
in in
{ {
users.users.alex.extraGroups = [ "video" ]; users.users.alex.extraGroups = [ "video" ];
programs.light.enable = true;
home-manager.users.alex = { home-manager.users.alex = {
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled { wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = { settings = {
bind = [ bind = [
", XF86MonBrightnessUp, exec, ${pkgs.brightnessctl}/bin/brightnessctl set +5%" ", XF86MonBrightnessUp, exec, ${pkgs.light}/bin/light -A 5"
", XF86MonBrightnessDown, exec, ${pkgs.brightnessctl}/bin/brightnessctl set 5%-" ", XF86MonBrightnessDown, exec, ${pkgs.light}/bin/light -U 5"
]; ];
}; };
}; };
hosts/pinwheel/modules/network/default.nix
+11 -12
View File
@@ -1,22 +1,21 @@
{ pkgs, ... }:
{ {
home-manager = { services.connman = {
users.alex = {
home.packages = [ pkgs.networkmanager ];
};
};
networking = {
wireless.enable = false; # Wireless is managed by networkmanager
networkmanager = {
enable = true; enable = true;
wifi = { wifi = {
backend = "iwd"; backend = "iwd";
}; };
};
networkInterfaceBlacklist = [
"vmnet"
"vboxnet"
"virbr"
"ifb"
"ve"
"docker"
"br-"
"wg-"
];
}; };
networking = { networking = {
hosts/pinwheel/modules/nix/default.nix
+1 -1
View File
@@ -2,7 +2,7 @@
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.nixfmt pkgs.nixfmt-rfc-style
pkgs.nix-tree pkgs.nix-tree
]; ];
}; };
hosts/pinwheel/modules/openvpn/default.nix
+11 -9
View File
@@ -18,19 +18,21 @@ in
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.openvpn pkgs.openvpn
pkgs.update-systemd-resolved
]; ];
}; };
services.resolved = { services.resolved = {
enable = true; enable = false;
settings = { dnssec = "true";
Resolve = { domains = [ "~." ];
Domains = [ "~." ]; fallbackDns = [
DNSSEC = false; "1.1.1.1#one.one.one.one"
DNSOverTLS = true; "1.0.0.1#one.one.one.one"
}; ];
}; extraConfig = ''
DNSOverTLS=yes
'';
}; };
}; };
} }
hosts/pinwheel/modules/power/default.nix
+3 -3
View File
@@ -80,12 +80,12 @@ in
path = [ path = [
pkgs.coreutils # For `cat` pkgs.coreutils # For `cat`
pkgs.libnotify pkgs.libnotify
pkgs.hyprlock pkgs.swaylock
]; ];
script = script =
let let
pause-music = "${pkgs.playerctl}/bin/playerctl -a pause"; pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
in in
'' ''
BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity) BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity)
@@ -103,7 +103,7 @@ in
BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status) BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status)
if [[ $BATTERY_STATUS = "Discharging" ]]; then if [[ $BATTERY_STATUS = "Discharging" ]]; then
${pause-music}; ${pkgs.hyprlock}/bin/hyprlock & sleep 0.5; systemctl suspend ${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend
fi fi
fi fi
''; '';
hosts/pinwheel/modules/screenshot/default.nix
+1 -1
View File
@@ -8,7 +8,7 @@
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
grimblast = inputs.hyprland-contrib.packages.${pkgs.stdenv.hostPlatform.system}.grimblast; grimblast = inputs.hyprland-contrib.packages.${pkgs.system}.grimblast;
area = "${pkgs.libnotify}/bin/notify-send 'ps: selected area' && ${grimblast}/bin/grimblast copy area"; area = "${pkgs.libnotify}/bin/notify-send 'ps: selected area' && ${grimblast}/bin/grimblast copy area";
screen = "${pkgs.libnotify}/bin/notify-send 'ps: selected screen' &&${grimblast}/bin/grimblast copy output"; screen = "${pkgs.libnotify}/bin/notify-send 'ps: selected screen' &&${grimblast}/bin/grimblast copy output";
in in
hosts/pinwheel/modules/sound/default.nix
+1 -1
View File
@@ -10,7 +10,7 @@ in
{ {
users.users.alex.extraGroups = [ "audio" ]; users.users.alex.extraGroups = [ "audio" ];
services.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
hosts/pinwheel/modules/music/default.nix → hosts/pinwheel/modules/spotify/default.nix
+5 -7
View File
@@ -1,5 +1,4 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
config, config,
@@ -14,18 +13,18 @@ in
settings = { settings = {
bind = bind =
let let
prev = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify previous"; prev = "${pkgs.playerctl}/bin/playerctl -p spotify previous";
next = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify next"; next = "${pkgs.playerctl}/bin/playerctl -p spotify next";
in in
[ [
", XF86AudioPrev, exec, ${prev}" ", XF86AudioPrev, exec, ${prev}"
", XF86AudioNext, exec, ${next}" ", XF86AudioNext, exec, ${next}"
", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause" ", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spoitfy play-pause" ", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p spoitfy play-pause"
"$mod ALT, LEFT, exec, ${prev}" "$mod ALT, LEFT, exec, ${prev}"
"$mod ALT, RIGHT, exec, ${next}" "$mod ALT, RIGHT, exec, ${next}"
"$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause" "$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
]; ];
}; };
}; };
@@ -33,7 +32,6 @@ in
home.packages = [ home.packages = [
pkgs.playerctl pkgs.playerctl
pkgs.spotify pkgs.spotify
inputs.naviterm.packages.${pkgs.stdenv.hostPlatform.system}.default
]; ];
}; };
hosts/pinwheel/modules/ssh/default.nix
+38 -63
View File
@@ -1,30 +1,10 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
# Enable gnome-keyring at system level for PAM integration
services.gnome.gnome-keyring.enable = true;
# Use openssh's own ssh-agent — gcr's ssh-agent stalls signing RSA keys.
services.gnome.gcr-ssh-agent.enable = false;
programs.ssh.startAgent = true;
home-manager.users.alex = { home-manager.users.alex = {
services.gnome-keyring = {
enable = true;
components = [ "secrets" ];
};
programs.ssh = { programs.ssh = {
enable = true; enable = true;
enableDefaultConfig = false;
matchBlocks = { matchBlocks = {
"manatee" = {
hostname = "manatee";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-manatee";
port = 1122;
};
"backwards" = { "backwards" = {
hostname = "backwards"; hostname = "backwards";
user = "alex"; user = "alex";
@@ -32,6 +12,12 @@
port = 1122; port = 1122;
}; };
"andromeda" = {
hostname = "andromeda.a2x.se";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-andromeda";
};
"tadpole" = { "tadpole" = {
hostname = "65.21.106.222"; hostname = "65.21.106.222";
user = "alex"; user = "alex";
@@ -44,46 +30,22 @@
identityFile = "/home/alex/.ssh/alex.pinwheel-github.com"; identityFile = "/home/alex/.ssh/alex.pinwheel-github.com";
}; };
"codeberg.org" = {
hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
};
"git.ppp.pm" = { "git.ppp.pm" = {
hostname = "git.ppp.pm"; hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
}; };
"*" = {
forwardAgent = false;
addKeysToAgent = "yes";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
}; };
}; };
home.packages = [ home.packages = [ pkgs.sshfs ];
pkgs.sshfs
pkgs.seahorse # GUI for managing gnome-keyring
];
}; };
age.secrets = { age.secrets = {
"alex.pinwheel-manatee" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.age;
path = "/home/alex/.ssh/alex.pinwheel-manatee";
owner = "alex";
group = "users";
};
"alex.pinwheel-manatee.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-manatee.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-backwards" = { "alex.pinwheel-backwards" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.age; file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.age;
path = "/home/alex/.ssh/alex.pinwheel-backwards"; path = "/home/alex/.ssh/alex.pinwheel-backwards";
@@ -110,6 +72,19 @@
group = "users"; group = "users";
}; };
"alex.pinwheel-codeberg.org" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.age;
path = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
owner = "alex";
group = "users";
};
"alex.pinwheel-codeberg.org.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-codeberg.org.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-git.ppp.pm" = { "alex.pinwheel-git.ppp.pm" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age; file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm"; path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
@@ -123,6 +98,19 @@
group = "users"; group = "users";
}; };
"alex.pinwheel-andromeda" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda";
owner = "alex";
group = "users";
};
"alex.pinwheel-andromeda.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-tadpole" = { "alex.pinwheel-tadpole" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age; file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age;
path = "/home/alex/.ssh/alex.pinwheel-tadpole"; path = "/home/alex/.ssh/alex.pinwheel-tadpole";
@@ -135,19 +123,6 @@
owner = "alex"; owner = "alex";
group = "users"; group = "users";
}; };
"alex.pinwheel-tadpole-ed25519" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole-ed25519.age;
path = "/home/alex/.ssh/alex.pinwheel-tadpole-ed25519";
owner = "alex";
group = "users";
};
"alex.pinwheel-tadpole-ed25519.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole-ed25519.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-tadpole-ed25519.pub";
owner = "alex";
group = "users";
};
}; };
services.openssh = { services.openssh = {
hosts/pinwheel/modules/hyprlock/default.nix → hosts/pinwheel/modules/swaylock/default.nix
+16 -31
View File
@@ -5,13 +5,13 @@
... ...
}: }:
let let
enabled = config.mod.hyprlock.enable; enabled = config.mod.swaylock.enable;
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
in in
{ {
options = { options = {
mod.hyprlock = { mod.swaylock = {
enable = lib.mkEnableOption "enable hyprlock module"; enable = lib.mkEnableOption "enable swaylock module";
dpmsTimeout = lib.mkOption { dpmsTimeout = lib.mkOption {
description = "timeout in seconds before DPMS is turned on"; description = "timeout in seconds before DPMS is turned on";
@@ -23,32 +23,13 @@ in
config = lib.mkIf enabled { config = lib.mkIf enabled {
home-manager.users.alex = { home-manager.users.alex = {
programs.hyprlock = { programs.swaylock = {
enable = true; enable = true;
settings = { settings = {
general = { color = "000000";
hide_cursor = true; indicator-idle-visible = false;
}; show-failed-attempts = true;
background = [
{
color = "rgb(000000)";
}
];
input-field = [
{
size = "250, 50";
position = "0, 0";
halign = "center";
valign = "center";
outline_thickness = 2;
dots_center = true;
fade_on_empty = false;
placeholder_text = "";
}
];
}; };
}; };
@@ -56,20 +37,20 @@ in
settings = { settings = {
bind = bind =
let let
pause-music = "${pkgs.playerctl}/bin/playerctl -a pause"; pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
dpmsTimeout = config.mod.hyprlock.dpmsTimeout; dpmsTimeout = config.mod.swaylock.dpmsTimeout;
dpms-lock = pkgs.writeShellScript "dpms-lock" '' dpms-lock = pkgs.writeShellScript "dpms-lock" ''
${pkgs.swayidle}/bin/swayidle \ ${pkgs.swayidle}/bin/swayidle \
timeout ${dpmsTimeout} "${pkgs.hyprland}/bin/hyprctl dispatch dpms off" \ timeout ${dpmsTimeout} "${pkgs.hyprland}/bin/hyprctl dispatch dpms off" \
resume "${pkgs.hyprland}/bin/hyprctl dispatch dpms on" & resume "${pkgs.hyprland}/bin/hyprctl dispatch dpms on" &
${pkgs.hyprlock}/bin/hyprlock; ${pkgs.procps}/bin/pkill swayidle ${pkgs.swaylock}/bin/swaylock && ${pkgs.procps}/bin/pkill swayidle
''; '';
in in
[ [
"$mod, x, exec, ${pause-music}; ${dpms-lock}" "$mod, x, exec, ${pause-music}; ${dpms-lock}"
"$mod SHIFT, x, exec, ${pause-music}; ${pkgs.hyprlock}/bin/hyprlock & sleep 0.5; systemctl suspend" "$mod SHIFT, x, exec, ${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend"
]; ];
}; };
}; };
@@ -78,7 +59,11 @@ in
security = { security = {
polkit.enable = true; polkit.enable = true;
pam.services.hyprlock = {}; pam.services.swaylock.text = ''
# PAM configuration file for the swaylock screen locker. By default, it includes
# the 'login' configuration file (see /etc/pam.d/login)
auth include login
'';
}; };
}; };
} }
hosts/pinwheel/modules/syncthing/default.nix
+1 -3
View File
@@ -16,7 +16,6 @@
devices = { devices = {
phone.id = config.lib.syncthing.phone; phone.id = config.lib.syncthing.phone;
backwards.id = config.lib.syncthing.backwards; backwards.id = config.lib.syncthing.backwards;
manatee.id = config.lib.syncthing.manatee;
}; };
folders = { folders = {
@@ -25,7 +24,6 @@
devices = [ devices = [
"phone" "phone"
"backwards" "backwards"
"manatee"
]; ];
versioning = { versioning = {
type = "staggered"; type = "staggered";
@@ -58,7 +56,7 @@
}; };
books = { books = {
path = "/home/alex/sync/reading-material/books"; path = "/home/alex/sync/books";
devices = [ "backwards" ]; devices = [ "backwards" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";
hosts/pinwheel/modules/tailscale/default.nix
+1 -17
View File
@@ -1,23 +1,7 @@
{ pkgs, ... }: { ... }:
{ {
services.tailscale.enable = true; services.tailscale.enable = true;
# Pinned to 1.96.5. 1.98.0 regressed split-DNS handling under work-vpn: the
# netmap's "resolve <tailnet>.ts.net locally via MagicDNS" hint is dropped
# when translated into systemd-resolved config, so *.ts.net queries get sent
# to a public resolver (199.247.155.53) that the corporate VPN's port-53
# egress filter blocks.
services.tailscale.package = pkgs.tailscale.overrideAttrs (_: rec {
version = "1.96.5";
src = pkgs.fetchFromGitHub {
owner = "tailscale";
repo = "tailscale";
tag = "v${version}";
hash = "sha256-vYYb+2OtuXftjGGG0zWJesHccrClB8YZpclv9KzNN/c=";
};
vendorHash = "sha256-rhuWEEN+CtumVxOw6Dy/IRxWIrZ2x6RJb6ULYwXCQc4=";
});
networking.firewall = { networking.firewall = {
checkReversePath = "loose"; checkReversePath = "loose";
allowedUDPPorts = [ 41641 ]; allowedUDPPorts = [ 41641 ];
hosts/pinwheel/modules/tmux/default.nix
+1 -1
View File
@@ -18,7 +18,7 @@
# https://old.reddit.com/r/tmux/comments/mesrci/tmux_2_doesnt_seem_to_use_256_colors/ # https://old.reddit.com/r/tmux/comments/mesrci/tmux_2_doesnt_seem_to_use_256_colors/
set -g default-terminal "xterm-256color" set -g default-terminal "xterm-256color"
set -ga terminal-overrides ",*256col*:Tc" set -ga terminal-overrides ",*256col*:Tc"
set -ga terminal-overrides ',*:Ss=\E[%p1%d q:Se=\E[ q' set -ga terminal-overrides "*:Ss=\E[%p1%d q:Se=\E[ q"
set-environment -g COLORTERM "truecolor" set-environment -g COLORTERM "truecolor"
set-option -g allow-rename off set-option -g allow-rename off
hosts/pinwheel/modules/vim/default.nix
+1 -1
View File
@@ -18,7 +18,7 @@ in
}; };
programs.git = lib.mkIf gitEnabled { programs.git = lib.mkIf gitEnabled {
settings = { extraConfig = {
core = { core = {
editor = "vim"; editor = "vim";
}; };
hosts/pinwheel/modules/waybar/default.nix
+11 -28
View File
@@ -7,14 +7,14 @@
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
music-status = pkgs.writeShellScript "music-status" '' spotify-status = pkgs.writeShellScript "spotify-status" ''
STATUS=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify status 2>&1) STATUS=$(${pkgs.playerctl}/bin/playerctl -p spotify status 2>&1)
if [ "$STATUS" = "No players found" ]; then if [ "$STATUS" = "No players found" ]; then
echo "" echo ""
else else
FORMAT="{{markup_escape(xesam:title)}} - {{markup_escape(xesam:artist)}}" FORMAT="{{markup_escape(xesam:title)}} - {{markup_escape(xesam:artist)}}"
OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify metadata --format "$FORMAT") OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p spotify metadata --format "$FORMAT")
case "$STATUS" in case "$STATUS" in
"Playing") "Playing")
echo "<span font='14' rise='-3000'></span> $OUTPUT" echo "<span font='14' rise='-3000'></span> $OUTPUT"
@@ -85,25 +85,11 @@ let
''; '';
work-vpn-status = pkgs.writeShellScript "work-vpn-status" '' work-vpn-status = pkgs.writeShellScript "work-vpn-status" ''
ACTIVE_ENVS="" STAGING=$(systemctl is-active openvpn-work-staging.service)
[ "$STAGING" == "active" ] && echo "WORK-VPN STAGING ON" && exit 0
STAGING_STATUS=$(systemctl is-active openvpn-work-staging.service) PRODUCTION=$(systemctl is-active openvpn-work-production.service)
if [ "$STAGING_STATUS" == "active" ]; then [ "$PRODUCTION" == "active" ] && echo "WORK-VPN PRODUCTION ON" && exit 0
ACTIVE_ENVS="S"
fi
PRODUCTION_STATUS=$(systemctl is-active openvpn-work-production.service)
if [ "$PRODUCTION_STATUS" == "active" ]; then
if [ -n "$ACTIVE_ENVS" ]; then
ACTIVE_ENVS="$ACTIVE_ENVS&amp;P"
else
ACTIVE_ENVS="P"
fi
fi
if [ -n "$ACTIVE_ENVS" ]; then
echo "WORK-VPN $ACTIVE_ENVS ON"
fi
''; '';
toggle-bt-power = pkgs.writeShellScript "toggle-bt-power" '' toggle-bt-power = pkgs.writeShellScript "toggle-bt-power" ''
@@ -140,7 +126,7 @@ in
modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ]; modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
modules-right = [ modules-right = [
"custom/work-vpn-status" "custom/work-vpn-status"
"custom/music" "custom/spotify"
"custom/container-status" "custom/container-status"
"custom/dunst" "custom/dunst"
"bluetooth" "bluetooth"
@@ -156,8 +142,8 @@ in
interval = 2; interval = 2;
}; };
"custom/music" = { "custom/spotify" = {
exec = music-status; exec = spotify-status;
interval = 2; interval = 2;
max-length = 70; max-length = 70;
tooltip = false; tooltip = false;
@@ -236,10 +222,7 @@ in
height = 30; height = 30;
spacing = 20; spacing = 20;
fixed-center = false; fixed-center = false;
output = [ output = [ "HDMI-A-1" ];
"HDMI-A-1"
"DP-3"
];
modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ]; modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
modules-right = [ modules-right = [
hosts/pinwheel/modules/work/default.nix
+18 -77
View File
@@ -1,5 +1,4 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
config, config,
@@ -12,66 +11,30 @@ let
in in
{ {
home-manager.users.alex = { home-manager.users.alex = {
# Ensure bashInteractive is first in PATH inside nix devshells.
# stdenv provides a non-interactive bash that breaks Copilot shell commands.
# Adding bashInteractive to home.packages alone isn't enough because devshell
# packages are prepended to PATH. This precmd hook runs after direnv's hook
# and re-prepends bashInteractive so it takes priority.
programs.zsh.initContent = ''
_ensure_bash_interactive() {
[[ "$PATH" == "${pkgs.bashInteractive}/bin:"* ]] || export PATH="${pkgs.bashInteractive}/bin:$PATH"
}
precmd_functions+=(_ensure_bash_interactive)
# Source the zsh-specific rc file that nix-direnv emits ($DIRENV_ZSH_RC)
# so devshell completions and zsh setup are picked up. direnv itself only
# exports env vars, so without this hook the zsh side of the devshell is
# never loaded. Guarded by LAST_LOADED_DIRENV_ZSH_RC so we don't re-source
# it on every precmd.
_nix_direnv_bridge_hook() {
if [[ -n "$DIRENV_ZSH_RC" && "$LAST_LOADED_DIRENV_ZSH_RC" != "$DIRENV_ZSH_RC" ]]; then
if [[ -f "$DIRENV_ZSH_RC" ]]; then
source "$DIRENV_ZSH_RC"
export LAST_LOADED_DIRENV_ZSH_RC="$DIRENV_ZSH_RC"
echo " direnv zsh loaded..."
fi
fi
}
autoload -Uz add-zsh-hook
add-zsh-hook precmd _nix_direnv_bridge_hook
'';
# Configure IntelliJ to exclude .direnv from indexing
home.activation.intellijIgnoreDirenv = ''
for idea_config in $HOME/.config/JetBrains/IntelliJIdea*; do
if [ -d "$idea_config" ]; then
$DRY_RUN_CMD mkdir -p "$idea_config/options"
$DRY_RUN_CMD tee "$idea_config/options/filetypes.xml" > /dev/null <<'EOF'
<application>
<component name="FileTypeManager" version="18">
<ignoreFiles list="*.pyc;*.pyo;*.rbc;*.yarb;*~;.DS_Store;.git;.hg;.svn;CVS;__pycache__;_svn;vssver.scc;vssver2.scc;.direnv" />
</component>
</application>
EOF
fi
done
'';
home.sessionVariables = { home.sessionVariables = {
GITHUB_ACTOR = "Alexander Heldt"; GITHUB_ACTOR = "Alexander Heldt";
GITHUB_TOKEN = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})"; GITHUB_TOKEN = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})";
}; };
home.packages = [ home.packages =
# (pkgs.callPackage ./pants.nix { inherit (pkgs) stdenv.hostPlatform.system; }) let
intellij = (
pkgs.jetbrains.idea-ultimate.overrideAttrs (
final: prev: {
version = "2024.2.4";
src = pkgs.fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${final.version}.tar.gz";
sha256 = "8411fda793a20356a4982e4f18f6691839d8a471e2081ab6d8cc78b3f8b02532";
};
}
)
);
in
[
# (pkgs.callPackage ./pants.nix { inherit (pkgs) system; })
# (pkgs.callPackage ./syb-cli.nix { }) # (pkgs.callPackage ./syb-cli.nix { })
(inputs.nix-jetbrains-plugins.lib.buildIdeWithPlugins pkgs "idea" [ (pkgs.jetbrains.plugins.addPlugins intellij [ "ideavim" ])
"IdeaVIM"
"com.github.copilot"
])
pkgs.bashInteractive
(pkgs.google-cloud-sdk.withExtraComponents [ (pkgs.google-cloud-sdk.withExtraComponents [
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
@@ -82,28 +45,13 @@ EOF
pkgs.postman pkgs.postman
pkgs.grpcurl pkgs.grpcurl
pkgs.slack
# for `radio` # for `radio`
pkgs.go-mockery pkgs.go-mockery
pkgs.golangci-lint pkgs.golangci-lint
(pkgs.writeShellScriptBin "work-vpn" ''
case $1 in
up)
sudo sh -c "systemctl start openvpn-work-staging.service; systemctl start openvpn-work-production.service"
;;
down)
sudo sh -c "systemctl stop openvpn-work-staging.service; systemctl stop openvpn-work-production.service"
;;
esac
'')
]; ];
programs.go = lib.mkIf goEnabled { programs.go = lib.mkIf goEnabled {
env = { goPrivate = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ];
GOPRIVATE = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ];
};
}; };
programs.git = lib.mkIf gitEnabled { programs.git = lib.mkIf gitEnabled {
@@ -116,13 +64,6 @@ EOF
}; };
}; };
# Needed for `copilot`
programs.nix-ld.enable = true;
programs.nix-ld.libraries = [
pkgs.stdenv.cc.cc.lib
pkgs.zlib
];
services.openvpn.servers = lib.mkIf openvpnEnabled { services.openvpn.servers = lib.mkIf openvpnEnabled {
work-staging = { work-staging = {
config = "config ${config.age.secrets.work-staging-ovpn.path}"; config = "config ${config.age.secrets.work-staging-ovpn.path}";
hosts/pinwheel/modules/work/pants.nix
+2 -1
View File
@@ -1,4 +1,5 @@
{ {
system,
pkgs, pkgs,
lib, lib,
... ...
@@ -10,7 +11,7 @@ let
match = match =
v: l: builtins.elemAt (lib.lists.findFirst (x: (if_let v (builtins.elemAt x 0)) != null) null l) 1; v: l: builtins.elemAt (lib.lists.findFirst (x: (if_let v (builtins.elemAt x 0)) != null) null l) 1;
package = match { platform = pkgs.stdenv.hostPlatform.system; } [ package = match { platform = system; } [
[ [
{ platform = "aarch64-linux"; } { platform = "aarch64-linux"; }
{ {
hosts/pinwheel/modules/zsh/default.nix
+1 -1
View File
@@ -54,7 +54,7 @@ in
} }
]; ];
initContent = lib.strings.concatStringsSep "\n" [ initExtra = lib.strings.concatStringsSep "\n" [
"export KEYTIMEOUT=1" "export KEYTIMEOUT=1"
"bindkey -v '^?' backward-delete-char" "bindkey -v '^?' backward-delete-char"
"bindkey '^a' beginning-of-line" "bindkey '^a' beginning-of-line"
hosts/tadpole/modules/age/default.nix
+1 -1
View File
@@ -8,7 +8,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default inputs.agenix.packages."${pkgs.system}".default
]; ];
}; };
} }
hosts/tadpole/modules/certs/default.nix
-15
View File
@@ -17,21 +17,6 @@
webroot = "/var/lib/acme/acme-challenge/"; webroot = "/var/lib/acme/acme-challenge/";
group = "nginx"; group = "nginx";
}; };
"whib.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
group = "nginx";
};
"api.whib.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
group = "nginx";
};
"grafana.whib.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
group = "nginx";
};
}; };
}; };
} }
hosts/tadpole/modules/default.nix
-2
View File
@@ -22,8 +22,6 @@ in
}; };
pppdotpm-site.enable = true; pppdotpm-site.enable = true;
whib-backend.enable = true;
whib-frontend.enable = true;
}; };
}; };
} }
hosts/tadpole/modules/gitea/default.nix
+4 -11
View File
@@ -7,6 +7,8 @@
let let
conf = config.mod.gitea; conf = config.mod.gitea;
gitDomain = "git.${conf.baseDomain}"; gitDomain = "git.${conf.baseDomain}";
nginxEnable = config.mod.nginx.enable;
in in
{ {
options = { options = {
@@ -35,12 +37,8 @@ in
}; };
}; };
config = lib.mkIf conf.enable { config = lib.mkIf (conf.enable && nginxEnable) {
assertions = [ assertions = [
{
assertion = config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
{ {
assertion = conf.baseDomain != ""; assertion = conf.baseDomain != "";
message = "Option 'mod.gitea.baseDomain' cannot be empty"; message = "Option 'mod.gitea.baseDomain' cannot be empty";
@@ -64,11 +62,6 @@ in
ROOT_URL = "https://${gitDomain}"; ROOT_URL = "https://${gitDomain}";
SSH_PORT = 1122; # see `ssh` module SSH_PORT = 1122; # see `ssh` module
HTTP_PORT = 3001;
};
oauth2 = {
JWT_CLAIM_ISSUER = "https://${gitDomain}/";
}; };
database = { database = {
@@ -128,7 +121,7 @@ in
useACMEHost = gitDomain; useACMEHost = gitDomain;
locations."/" = { locations."/" = {
proxyPass = "http://0.0.0.0:3001"; proxyPass = "http://0.0.0.0:3000";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
hosts/tadpole/modules/ppp.pm-site/default.nix
+3 -8
View File
@@ -6,6 +6,8 @@
}: }:
let let
enabled = config.mod.pppdotpm-site.enable; enabled = config.mod.pppdotpm-site.enable;
nginxEnabled = config.mod.nginx.enable;
in in
{ {
imports = [ inputs.pppdotpm-site.nixosModules.default ]; imports = [ inputs.pppdotpm-site.nixosModules.default ];
@@ -16,14 +18,7 @@ in
}; };
}; };
config = lib.mkIf enabled { config = lib.mkIf (enabled && nginxEnabled) {
assertions = [
{
assertion = config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
];
services.pppdotpm-site = { services.pppdotpm-site = {
enable = true; enable = true;
domain = "ppp.pm"; domain = "ppp.pm";
hosts/tadpole/modules/ssh/default.nix
+17 -18
View File
@@ -28,17 +28,9 @@ in
identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm";
}; };
"*" = { "codeberg.org" = {
forwardAgent = false; hostname = "codeberg.org";
addKeysToAgent = "no"; identityFile = "/home/alex/.ssh/alex.tadpole-codeberg.org";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
}; };
}; };
}; };
@@ -48,7 +40,6 @@ in
mode = "0755"; mode = "0755";
text = '' text = ''
#!${pkgs.bash}/bin/bash #!${pkgs.bash}/bin/bash
[ "$1" = "alex" ] || exit 0
for file in ${authorizedKeysPath}/*; do for file in ${authorizedKeysPath}/*; do
${pkgs.coreutils}/bin/cat "$file" ${pkgs.coreutils}/bin/cat "$file"
done done
@@ -72,7 +63,7 @@ in
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
}; };
authorizedKeysCommand = "/etc/ssh/authorized_keys_command %u"; authorizedKeysCommand = "/etc/ssh/authorized_keys_command";
authorizedKeysCommandUser = "root"; authorizedKeysCommandUser = "root";
}; };
}; };
@@ -98,11 +89,6 @@ in
path = "${authorizedKeysPath}/alex.pinwheel-tadpole.pub"; path = "${authorizedKeysPath}/alex.pinwheel-tadpole.pub";
}; };
"alex.pinwheel-tadpole-ed25519.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole-ed25519.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-tadpole-ed25519.pub";
};
"alex.tadpole-git.ppp.pm" = { "alex.tadpole-git.ppp.pm" = {
file = ../../../../secrets/tadpole/alex.tadpole-git.ppp.pm.age; file = ../../../../secrets/tadpole/alex.tadpole-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.tadpole-git.ppp.pm"; path = "/home/alex/.ssh/alex.tadpole-git.ppp.pm";
@@ -115,6 +101,19 @@ in
owner = "alex"; owner = "alex";
group = "users"; group = "users";
}; };
"alex.tadpole-codeberg.org" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org";
owner = "alex";
group = "users";
};
"alex.tadpole-codeberg.org.pub" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org.pub";
owner = "alex";
group = "users";
};
}; };
}; };
} }
hosts/tadpole/modules/whib/default.nix
-79
View File
@@ -1,79 +0,0 @@
{
lib,
config,
...
}:
let
backendEnabled = config.mod.whib-backend.enable;
frontendEnabled = config.mod.whib-frontend.enable;
in
{
options = {
mod.whib-backend = {
enable = lib.mkEnableOption "enable WHIB backend";
};
mod.whib-frontend = {
enable = lib.mkEnableOption "enable WHIB frontend";
};
};
config = {
assertions = [
{
assertion = backendEnabled && config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
];
services = {
whib-backend = lib.mkIf backendEnabled {
enable = true;
backend = {
domain = "api.whib.ppp.pm";
useACMEHost = "api.whib.ppp.pm";
environmentFile = config.age.secrets.whib-backend-env-vars.path;
};
postgres = {
environmentFile = config.age.secrets.whib-postgres-env-vars.path;
backup = {
interval = "*-*-* 00:00:00 UTC";
environmentFile = config.age.secrets.whib-postgres-backup-env-vars.path;
gpgPassphraseFile = config.age.secrets.whib-gpg-key.path;
};
};
grafana = {
domain = "grafana.whib.ppp.pm";
useACMEHost = "grafana.whib.ppp.pm";
environmentFile = config.age.secrets.whib-grafana-env-vars.path;
};
};
whib-frontend = lib.mkIf frontendEnabled {
enable = true;
domain = "whib.ppp.pm";
useACMEHost = "whib.ppp.pm";
backendHost = "https://api.whib.ppp.pm";
};
};
age.secrets = {
"whib-backend-env-vars".file = ../../../../secrets/tadpole/whib-backend-env-vars.age;
"whib-postgres-env-vars".file = ../../../../secrets/tadpole/whib-postgres-env-vars.age;
"whib-postgres-backup-env-vars".file =
../../../../secrets/tadpole/whib-postgres-backup-env-vars.age;
"whib-gpg-key".file = ../../../../secrets/tadpole/whib-gpg-key.age;
"whib-grafana-env-vars".file = ../../../../secrets/tadpole/whib-grafana-env-vars.age;
};
};
}
hosts/test-vm/configuration.nix
+2 -4
View File
@@ -3,7 +3,6 @@
imports = [ imports = [
./ppp.pm-site.nix ./ppp.pm-site.nix
./whib-backend.nix ./whib-backend.nix
./whib-frontend.nix
]; ];
config = { config = {
@@ -14,7 +13,6 @@
mod = { mod = {
pppdotpm-site.enable = false; pppdotpm-site.enable = false;
whib-backend.enable = true; whib-backend.enable = true;
whib-frontend.enable = true;
}; };
users.users.a = { users.users.a = {
@@ -26,9 +24,9 @@
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
virtualisation.vmVariant = { virtualisation.vmVariant = {
# following configuration is added only when building VM the *first* time with `build-vm` # following configuration is added only when building VM with build-vm
virtualisation = { virtualisation = {
diskSize = 8192; diskSize = 4096;
memorySize = 2048; memorySize = 2048;
cores = 3; cores = 3;
graphics = false; graphics = false;
hosts/test-vm/whib-backend.nix
+10 -45
View File
@@ -15,65 +15,30 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
services.whib-backend = environment.systemPackages = [ pkgs.gnupg ];
let
backendEnvVars = pkgs.writeText "backend-env-vars" ''
SIGNING_KEY=signingkey
POSTGRES_DB=whib
POSTGRES_USER=whib
POSTGRES_PASSWORD=pgpassword
'';
postgresEnvVars = pkgs.writeText "postgres-env-vars" '' services.whib-backend = {
POSTGRES_DB=whib
POSTGRES_USER=whib
POSTGRES_PASSWORD=pgpassword
'';
postgresBackupEnvVars = pkgs.writeText "postgres-backup-env-vars" ''
PGDATABASE=whib
PGUSER=whib
PGPASSWORD=pgpassword
B2_BUCKET=a
B2_APPLICATION_KEY_ID=b
B2_APPLICATION_KEY=c
'';
gpgPassphraseFile = pkgs.writeText "gpg-passphrase" ''
foobar
'';
grafanaEnvVars = pkgs.writeText "grafana-env-vars" ''
GF_SECURITY_ADMIN_PASSWORD=grafanapassword
GF_USERS_ALLOW_SIGN_UP=false
'';
in
{
enable = true; enable = true;
backend = {
domain = "whib-backend.local"; domain = "whib-backend.local";
environmentFile = backendEnvVars; backend = {
signingKey = "super-secret-key";
}; };
postgres = { postgres = {
environmentFile = postgresEnvVars; password = "postgrespassword";
backup = { backup = {
interval = "*-*-* *:*:00 UTC"; # Every minute, for testing gpgPassphraseFile = ./whib-gpgPassfile;
environmentFile = postgresBackupEnvVars;
gpgPassphraseFile = gpgPassphraseFile;
backblazeBucket = "whib-postgres-backups";
backblazeKeyID = "003867c33cd1a9b0000000003";
backblazeKey = "K003+GUNG0lwTOMS5EheKC9YzgxFzuU";
}; };
}; };
grafana = { grafana = {
domain = "grafana.local"; password = "granfanapassword";
environmentFile = grafanaEnvVars;
}; };
}; };
hosts/test-vm/whib-frontend.nix
-35
View File
@@ -1,35 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.whib-frontend.enable;
in
{
options = {
mod.whib-frontend = {
enable = lib.mkEnableOption "enable WHIB backend";
};
};
config = lib.mkIf enabled {
services.whib-frontend = {
enable = true;
domain = "whib-frontend.local";
port = "8081";
# backendHost = "https://api.whib.ppp.pm/";
backendHost = "http://localhost:8080";
};
virtualisation.vmVariant = {
virtualisation = {
forwardPorts = [
{
# Service API
from = "host";
host.port = 8081;
guest.port = 8081;
}
];
};
};
};
}
hosts/test-vm/whib-gpgPassfile
+1
View File
@@ -0,0 +1 @@
abc123
secrets/backwards/alex.backwards-codeberg.org.age
BIN
View File
Binary file not shown.
secrets/backwards/alex.backwards-codeberg.org.pub.age
+7
View File
@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Pu0HWg eK/pdhmsF334C7rSuYsRnXCtenmlT2hOXpfW5CQEARY
odooTLu8ZQUZjCeVPZYOA6Vgb470cosE1Q1iBkE9Kc0
-> ssh-ed25519 +oNaHQ nJU52SSZ9v3+8NuXR6coSHosEYrs7T8GeZYzV/quOU4
IV5YduRGdJLy93gVwfYmwvldRXoXXX3QvAsH3ljBadw
--- 3gJg9NFmqHCrgcvgnYOeSY1H4klPEyzI+07IlKCOItc
 ¦Ì\5çܤ‰}õyñÐáAý_J§ õ“{ÂÉp± +ꜞ+¹JØeìñLìW¯å¯éµ 7šÉ=S*³¥É}fPܽқÒÉ!X©ê7úÎ3¡øœ³\`S•è‰iºözW¸À©<4Pb™ˆ—€ZI’©hH˜îÃî¦61õ'™é…ybmCmE
secrets/backwards/alex.backwards-manatee.age
BIN
View File
Binary file not shown.
secrets/backwards/alex.backwards-manatee.pub.age
BIN
View File
Binary file not shown.
secrets/manatee/alex.manatee-git.ppp.pm.age
BIN
View File
Binary file not shown.
secrets/manatee/alex.manatee-git.ppp.pm.pub.age
-7
View File
@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA NmI7zT9UKGRlh3wQIt61Xww4p4pHMf9dtbZjYoWZ8Uw
f+zEnvRCRG5jg/jvJyhn7cDwNQiQdycS1MjbEnD64Tc
-> ssh-ed25519 +oNaHQ 73NC7E0ns+6Y5mSZFdlkPhZHWsqxe61CMnEqFEMZ90I
hRfah4GDNd7Jcrfy0Xc6mGtTFGugm1R9EQTXWIQ3Dlo
--- nCgXbaJ4nU1ovuOTtD025pzEwmtr2svW2XXj+oqd49g
©Éßâ—‹Õ.íý‹Q1pUv‚i@ÅÖyQ§h7ëˆn.r •¿%ÖÖ"YLÕRmwÊ÷ ÜŒ§ã‹$gÜñjâíϸ§ßKYéÅòïg&ÞMeˆwÝ oÓä°ï¨¡ºêÝí*³½4W€8ìäÒ»Näÿn«@Qèìc^¬ý WÆ‹…Ï‹ñ8SÂ…À
secrets/manatee/hetzner-dns.age
-9
View File
@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA mr8aDxrNmdcxT5BEXJ32Q4DckYKidh3zblrSm8GV3hg
JngH+sfId8Z6SuXnQo9EQR0nw+y7LfdgYgI7SYisPL4
-> ssh-ed25519 +oNaHQ QI1+VLIa1sN8HSzBXoAGio7TcfxpGERw30uNlMCmejw
m3+nrTwsAb/Fg1p9JCYnc7jS9uteMO3AbUtDbKP60Dk
--- etDNlalBL2SdgfFxIhDCAWXpXcSZr+BlCoTt6yIUiBQ
èZw œ»ØÁëkáÂÎó4=UÉÜ:J
ã–›½p#"ˆà^pŠî!KÚÔ
¯’cŽC÷ô´cd¾·"g.óÒ¦ó¥_(ÄA% ¶ÝpÇÏGA2`CqÖPš¢P¾Ç$j åMººŒþ¾ƒ™_â
secrets/manatee/komga-bookmanager-credentials.age
-7
View File
@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA GW8mvnaXpspxr78xV0fKhXwHVvReyjvDc0v7uPwhuBI
Rne8JZYVhrTTesSFpRQ/IOZlFIMoX9Wmv5n1Ed7Ehv8
-> ssh-ed25519 +oNaHQ d7utzodGQ7LsD2Uht1rbT8Qq9BZp3PkJS9EDhajCjnk
qd2Vj+1TQrjEKkSVAf0cXcCdkgeN/Jbp4UrBSp3cKYQ
--- JQr5UQlutONqnTeoT/mIVZL8ME7ipUDK8zDfNcN3uhU
ø5-VŸÌ²ÂòÀ-®ªÁÅ'^žô5kú.t(d1‡)É'<u%
secrets/manatee/komga-comicbooktracker-credentials.age
BIN
View File
Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More