alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:main
Branches Tags
alex:main
..
compare: alex:762ea0640663d0dfd5b5f685e0ba7bab0b40e70a
Branches Tags
alex:main

9 Commits
main ... 762ea06406

Author SHA1 Message Date
Alexander Heldt
762ea06406 pinwheel: Remove mullvad 2024-09-12 15:39:35 +02:00
Alexander Heldt
51c4a1981c pinwheel: Increase waybar module intervals 2024-09-12 15:39:07 +02:00
Alexander Heldt
063acc40e2 pinwheel: Add tailscale module to waybar 2024-09-12 15:39:05 +02:00
Alexander Heldt
b4d1086d57 pinwheel: Add secret for preferred tailscale exit node 2024-09-12 15:28:12 +02:00
Alexander Heldt
040c0e2413 pinwheel: Add swapfile 2024-09-11 14:44:25 +02:00
Alexander Heldt
cd5fd3dffa pinwheel: Remove URL preference for gitlab in git 2024-09-11 14:44:07 +02:00
Alexander Heldt
d591feff45 Update url for pppdotpm-site input 2024-09-05 19:25:48 +02:00
Alexander Heldt
06c9b628b6 tadpole: Add match block for git.ppp.pm in ssh 2024-09-05 18:44:19 +02:00
Alexander Heldt
3870b95c4b tadpole: Add secrets for git.ppp.pm 2024-09-05 18:44:19 +02:00
119 changed files with 556 additions and 4895 deletions
Expand all files Collapse all files

10
README.md
View File

@@ -25,13 +25,3 @@ EDITOR=vim agenix -d "some-secret.age" -i ~/.ssh/alex.pinwheel
Or use some other SSH key that is has been used to key the secret. Or use some other SSH key that is has been used to key the secret.
# Test VM
Build the test VM with the command:
```
cm --build-test-vm
```
and test it with:
```
cm --run-test-vm
```

8
alex.tadpole-git.ppp.pm Normal file
View File

@@ -0,0 +1,8 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDJGnS+ne
CYQhwLNFuW0lORAAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIFoVMhke2g8n48Fa
nAdf8Q0K52iHn62D37Zq7MVDbAjEAAAAoLI0dbPITXAhkRXqAKJUh9IsWmviAJE8XMUAMQ
WPKr2GUxRwf9rVrIB3/VEhY2xfTFzFOiyPkMu4zFvBFoYyqlpXaojihfJv+obV+SgtxnPT
PxmUG5X0HMryYxswpY/kAG4c2Y7iDQZOuN504WSlDV8ZNkmEzr05Nc+JqaY8J70k7Kl1Wr
qqtbilUNtETsEGUgXaQ/msYWRmt2K8EwiyhdY=
-----END OPENSSH PRIVATE KEY-----

1
alex.tadpole-git.ppp.pm.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFoVMhke2g8n48FanAdf8Q0K52iHn62D37Zq7MVDbAjE alex.tadpole-git.ppp.pm

4
config-manager/default.nix
View File

@@ -9,7 +9,7 @@ let
flakePath = config.config-manager.flakePath; flakePath = config.config-manager.flakePath;
nixosConfiguration = config.config-manager.nixosConfiguration; nixosConfiguration = config.config-manager.nixosConfiguration;
nh = inputs.nh.packages."${pkgs.stdenv.hostPlatform.system}".default; nh = inputs.nh.packages."${pkgs.system}".default;
config-manager = config-manager =
if flakePath == "" then if flakePath == "" then
@@ -33,7 +33,7 @@ let
update() { update() {
echo -e "\033[0;31mUPDATING FLAKE\033[0m" echo -e "\033[0;31mUPDATING FLAKE\033[0m"
nix flake update --flake ${flakePath} nix flake update ${flakePath}
} }
switch() { switch() {

758
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1770165109, "lastModified": 1723293904,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -23,39 +23,6 @@
"type": "github" "type": "github"
} }
}, },
"aquamarine": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1770895474,
"narHash": "sha256-JBcrq1Y0uw87VZdYsByVbv+GBuT6ECaCNb9txLX9UuU=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "a494d50d32b5567956b558437ceaa58a380712f7",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "aquamarine",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -64,11 +31,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744478979, "lastModified": 1700795494,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b", "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -78,39 +45,20 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"owner": "nix-community",
"repo": "disko",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"emacs-overlay": { "emacs-overlay": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1771057865, "lastModified": 1725470024,
"narHash": "sha256-Suny75DfQS3Mqd8ihiDZNsRs4CfRC3GiQDMmaFPj2qM=", "narHash": "sha256-i2iWRFWaTCahFz9B2vKqIqpPimL/yn1zX3lZ2EkBzc0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "56690eb79372e49054b0c2b87780fe3f86be7616", "rev": "8a94f9d557f3f8b372f03f18b2e1be3820d7da7f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -119,48 +67,16 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1710146030,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -169,28 +85,6 @@
"type": "github" "type": "github"
} }
}, },
"gitignore": {
"inputs": {
"nixpkgs": [
"hyprland",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -199,11 +93,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745494811, "lastModified": 1703113217,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -219,11 +113,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771037579, "lastModified": 1725180166,
"narHash": "sha256-NX5XuhGcsmk0oEII2PEtMRgvh2KaAv3/WWQsOpxAgR4=", "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "05e6dc0f6ed936f918cb6f0f21f1dad1e4c53150", "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -232,96 +126,6 @@
"type": "github" "type": "github"
} }
}, },
"hyprcursor": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1753964049,
"narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprcursor",
"type": "github"
}
},
"hyprgraphics": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1770511807,
"narHash": "sha256-suKmSbSk34uPOJDTg/GbPrKEJutzK08vj0VoTvAFBCA=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "7c75487edd43a71b61adb01cae8326d277aab683",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprgraphics",
"type": "github"
}
},
"hyprland": {
"inputs": {
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor",
"hyprgraphics": "hyprgraphics",
"hyprland-guiutils": "hyprland-guiutils",
"hyprland-protocols": "hyprland-protocols",
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"hyprwire": "hyprwire",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_2",
"xdph": "xdph"
},
"locked": {
"lastModified": 1771026735,
"narHash": "sha256-vIzZ1Pb1o9xOXwGTdr09vRwGFgD/II6ZnGpnCfl8zz8=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "e80f705d76d4dbe836e0f57aadea994a624ac63e",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-contrib": { "hyprland-contrib": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -329,11 +133,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770889987, "lastModified": 1725276753,
"narHash": "sha256-JPbwE1Yg5t9zrMcOyDQwl1Pd8e0J1dtZf3kGnC7udwQ=", "narHash": "sha256-kcV2M7xIoQvLRIrMndysM4E0d2zGSwIDejamT4LKnDg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "8fdd69edefed16c9ab395b433a1c3323d5633f30", "rev": "ae618eafa81b596db034c5df1d75d4eddf785824",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -342,310 +146,18 @@
"type": "github" "type": "github"
} }
}, },
"hyprland-guiutils": {
"inputs": {
"aquamarine": [
"hyprland",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprtoolkit": "hyprtoolkit",
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1767023960,
"narHash": "sha256-R2HgtVS1G3KSIKAQ77aOZ+Q0HituOmPgXW9nBNkpp3Q=",
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"rev": "c2e906261142f5dd1ee0bfc44abba23e2754c660",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1765214753,
"narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1767983607,
"narHash": "sha256-8C2co8NYfR4oMOUEsPROOJ9JHrv9/ktbJJ6X1WsTbXc=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "d4037379e6057246b408bbcf796cf3e9838af5b2",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprtoolkit": {
"inputs": {
"aquamarine": [
"hyprland",
"hyprland-guiutils",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprland-guiutils",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprland-guiutils",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-guiutils",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprland-guiutils",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"hyprland-guiutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-guiutils",
"systems"
]
},
"locked": {
"lastModified": 1764592794,
"narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=",
"owner": "hyprwm",
"repo": "hyprtoolkit",
"rev": "5cfe0743f0e608e1462972303778d8a0859ee63e",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprtoolkit",
"type": "github"
}
},
"hyprutils": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1770139857,
"narHash": "sha256-bCqxcXjavgz5KBJ/1CBLqnagMMf9JvU1m9HmYVASKoc=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "9038eec033843c289b06b83557a381a2648d8fa5",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprutils",
"type": "github"
}
},
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1770501770,
"narHash": "sha256-NWRM6+YxTRv+bT9yvlhhJ2iLae1B1pNH3mAL5wi2rlQ=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "0bd8b6cde9ec27d48aad9e5b4deefb3746909d40",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"type": "github"
}
},
"hyprwire": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1770203293,
"narHash": "sha256-PR/KER+yiHabFC/h1Wjb+9fR2Uy0lWM3Qld7jPVaWkk=",
"owner": "hyprwm",
"repo": "hyprwire",
"rev": "37bc90eed02b0c8b5a77a0b00867baf3005cfb98",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwire",
"type": "github"
}
},
"komga-bookmanager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1772572455,
"narHash": "sha256-B4KOdV2GQogU1XL9903qFkOFf/6H7UGa+dprNGctgMY=",
"ref": "main",
"rev": "002732d4ebc5b80c2b8522896427c9f6bee9e1d1",
"revCount": 6,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git"
}
},
"komga-comictracker": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1772884418,
"narHash": "sha256-2V/JnGsIhvQoAiH7iIQkOPX5OTZVwGTOEv+nFetd4I8=",
"ref": "main",
"rev": "0b91385e8906ca40cc89381bf8394ed24a116c6b",
"revCount": 49,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git"
}
},
"naviterm": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1770485744,
"narHash": "sha256-ZJGHKtEWhpXyONjy6/popJz0uL2MXmknGr9Vr1B6BAk=",
"owner": "detoxify92",
"repo": "naviterm",
"rev": "b311af7ae0ab095657264b5fe4a43b9118207584",
"type": "gitlab"
},
"original": {
"owner": "detoxify92",
"repo": "naviterm",
"type": "gitlab"
}
},
"nh": { "nh": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1770930949, "lastModified": 1725287741,
"narHash": "sha256-ulX/6yOI9fmiiDqNjn59oLsVkABRo0M2Wkr2w8Ric64=", "narHash": "sha256-ZxyB7BwxQjoMz5lUnsb+KuTWfRyPtJVqEjnlOoABSUE=",
"owner": "viperML", "owner": "viperML",
"repo": "nh", "repo": "nh",
"rev": "b37b9a6ca31741282873dd8e335f66aad54f6326", "rev": "5dd64eb04fddeac2eb08c018212cc58978934920",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -669,35 +181,13 @@
"type": "github" "type": "github"
} }
}, },
"nix-jetbrains-plugins": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_4"
},
"locked": {
"lastModified": 1771059595,
"narHash": "sha256-avvMQpGX/erjzPI10bN5uHDD08er5QC+pBypQisUNHs=",
"owner": "nix-community",
"repo": "nix-jetbrains-plugins",
"rev": "fb4b27d169c7fbfc92c9dfec971e9c87506cb8f0",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-jetbrains-plugins",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1770882871, "lastModified": 1725470640,
"narHash": "sha256-nw5g+xl3veea+maxJ2/81tMEA/rPq9aF1H5XF35X+OE=", "narHash": "sha256-xaIvCE8ZP65fj2HR7DlDX+iJMBxasfjEv+zc6Cuwf3I=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "af04cb78aa85b2a4d1c15fc7270347e0d0eda97b", "rev": "ace1cedf3ecfbac81b29522d71009878951a69eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -709,48 +199,32 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1770770419, "lastModified": 1725103162,
"narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-25.11", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1767313136, "lastModified": 1725001927,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.05", "ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1771008912,
"narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a82ccc39b39b621151d6732718e3e250109076fa",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -776,48 +250,17 @@
"url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git" "url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
} }
}, },
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1770726378,
"narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"disko": "disko",
"emacs-overlay": "emacs-overlay", "emacs-overlay": "emacs-overlay",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"hyprland": "hyprland",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"komga-bookmanager": "komga-bookmanager",
"komga-comictracker": "komga-comictracker",
"naviterm": "naviterm",
"nh": "nh", "nh": "nh",
"nix-gc-env": "nix-gc-env", "nix-gc-env": "nix-gc-env",
"nix-jetbrains-plugins": "nix-jetbrains-plugins",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"pppdotpm-site": "pppdotpm-site", "pppdotpm-site": "pppdotpm-site"
"whib-backend": "whib-backend",
"whib-frontend": "whib-frontend"
} }
}, },
"systems": { "systems": {
@@ -836,21 +279,6 @@
} }
}, },
"systems_2": { "systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_3": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -864,104 +292,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"whib-backend": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739029248,
"narHash": "sha256-ux/Udy0Mhs66P/EQQ8S+xIuXRm9UHEYwSy12IZtlbnA=",
"ref": "master",
"rev": "222a8f6dde2e9270f6390b5e1e83c7ae1ea48290",
"revCount": 371,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
},
"original": {
"ref": "master",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
}
},
"whib-frontend": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1761508816,
"narHash": "sha256-adV/lyxcmuopyuzZ49v46Yt0gft+ioEL4yl1S+vUbus=",
"ref": "master",
"rev": "ab10bf50cb6b023a1b99f91c7e8d550231135eef",
"revCount": 223,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
},
"original": {
"ref": "master",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"hyprland",
"hyprland-protocols"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1761431178,
"narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "4b8801228ff958d028f588f0c2b911dbf32297f9",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

78
flake.nix
View File

@@ -6,13 +6,9 @@
nixos-hardware.url = "github:nixos/nixos-hardware/master"; nixos-hardware.url = "github:nixos/nixos-hardware/master";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nh = { nh = {
url = "github:viperML/nh"; url = "github:viperML/nh";
inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-gc-env.url = "github:Julow/nix-gc-env"; nix-gc-env.url = "github:Julow/nix-gc-env";
@@ -32,54 +28,15 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hyprland = {
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland-contrib = { hyprland-contrib = {
url = "github:hyprwm/contrib"; url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-jetbrains-plugins = {
url = "github:nix-community/nix-jetbrains-plugins";
inputs.nixpkgs.follows = "nixpkgs";
};
naviterm = {
url = "gitlab:detoxify92/naviterm";
inputs.nixpkgs.follows = "nixpkgs";
};
pppdotpm-site = { pppdotpm-site = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main"; url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
whib-backend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=master";
# url = "path:/home/alex/code/own/whib";
inputs.nixpkgs.follows = "nixpkgs";
};
whib-frontend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib-react.git?ref=master";
# url = "path:/home/alex/code/own/whib-react";
inputs.nixpkgs.follows = "nixpkgs";
};
komga-comictracker = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git?ref=main";
# url = "path:/home/alex/code/own/komga-comictracker";
inputs.nixpkgs.follows = "nixpkgs";
};
komga-bookmanager = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git?ref=main";
# url = "path:/home/alex/code/own/komga-comictracker";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = outputs =
@@ -98,17 +55,6 @@
]; ];
}; };
manatee = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/manatee/configuration.nix
./hosts/manatee/home.nix
];
};
backwards = inputs.nixpkgs.lib.nixosSystem { backwards = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
@@ -120,37 +66,23 @@
]; ];
}; };
tadpole = tadpole = inputs.nixpkgs.lib.nixosSystem {
let
system = "x86_64-linux"; system = "x86_64-linux";
in
inputs.nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
}; };
modules = [ modules = [
./hosts/tadpole/configuration.nix ./hosts/tadpole/configuration.nix
./hosts/tadpole/home.nix ./hosts/tadpole/home.nix
inputs.whib-backend.nixosModules.${system}.default
inputs.whib-frontend.nixosModules.${system}.default
]; ];
}; };
test-vm = test-vm = inputs.nixpkgs.lib.nixosSystem {
let
system = "x86_64-linux"; system = "x86_64-linux";
in
inputs.nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
}; };
modules = [ modules = [ ./hosts/test-vm/configuration.nix ];
./hosts/test-vm/configuration.nix
inputs.whib-backend.nixosModules.${system}.default
inputs.whib-frontend.nixosModules.${system}.default
];
}; };
}; };
@@ -161,7 +93,7 @@
in in
{ {
${system}.default = pkgs.mkShell { ${system}.default = pkgs.mkShell {
packages = [ pkgs.nixfmt ]; packages = [ pkgs.nixfmt-rfc-style ];
}; };
}; };
}; };

21
hosts/backwards/configuration.nix
View File

@@ -15,30 +15,13 @@
console.keyMap = "sv-latin1"; console.keyMap = "sv-latin1";
services.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
extraConfig.pipewire."90-hdmi-fix" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.allowed-rates" = [ 48000 ];
};
};
};
hardware = {
graphics = {
enable = true;
extraPackages = [
pkgs.intel-media-driver
pkgs.libvdpau-va-gl
];
};
}; };
users.users.alex = { users.users.alex = {
@@ -47,8 +30,6 @@
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"wheel" "wheel"
"video"
"render"
]; ];
packages = [ ]; packages = [ ];
}; };

2
hosts/backwards/modules/age/default.nix
View File

@@ -8,7 +8,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default inputs.agenix.packages."${pkgs.system}".default
]; ];
}; };
} }

20
hosts/manatee/modules/audiobookshelf/default.nix → hosts/backwards/modules/audiobookshelf/default.nix
View File

@@ -10,25 +10,17 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
mod.homepage.services = [ fileSystems."/home/alex/media" = {
{ device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
name = "Audiobookshelf"; fsType = "ext4";
port = 8000; options = [ "nofail" ];
description = "Audiobooks & podcasts";
}
];
users.users.audiobookshelf = {
isSystemUser = true;
description = "audiobookshelf";
group = "storage";
}; };
services.audiobookshelf = { services.audiobookshelf = {
enable = true; enable = true;
user = "audiobookshelf"; user = "alex";
group = "storage"; group = "users";
host = "0.0.0.0"; host = "0.0.0.0";
port = 8000; port = 8000;

5
hosts/backwards/modules/boot/default.nix
View File

@@ -38,11 +38,6 @@ in
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
extraModprobeConfig = ''
options snd-intel-dspcfg dsp_driver=1
options snd_hda_intel power_save=0 power_save_controller=N
'';
}; };
}; };
} }

32
hosts/backwards/modules/calibre-web/default.nix Normal file
View File

@@ -0,0 +1,32 @@
{ lib, config, ... }:
let
enabled = config.mod.calibre-web.enable;
in
{
options = {
mod.calibre-web = {
enable = lib.mkEnableOption "add calibre-web module";
};
};
config = lib.mkIf enabled {
services = {
calibre-web = {
enable = true;
user = "alex";
group = "users";
listen = {
ip = "0.0.0.0";
port = 8083;
};
options = {
calibreLibrary = "/home/alex/sync/books";
enableBookUploading = true;
};
};
};
};
}

4
hosts/backwards/modules/default.nix
View File

@@ -12,9 +12,11 @@ in
ssh.enable = true; ssh.enable = true;
git.enable = true; git.enable = true;
nginx.enable = true;
syncthing.enable = true; syncthing.enable = true;
restic.enable = true; restic.enable = true;
transmission.enable = true;
audiobookshelf.enable = true;
calibre-web.enable = true;
}; };
}; };
} }

99
hosts/backwards/modules/firefox/default.nix
View File

@@ -1,99 +0,0 @@
{ pkgs, ... }:
let
wrapped = pkgs.wrapFirefox pkgs.firefox-devedition-unwrapped {
extraPolicies = {
DisableFirefoxAccounts = false;
CaptivePortal = false;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
OfferToSaveLogins = false;
OfferToSaveLoginsDefault = false;
PasswordManagerEnabled = false;
FirefoxHome = {
Search = false;
Pocket = false;
Snippets = false;
TopSites = false;
Highlights = false;
};
UserMessaging = {
ExtensionRecommendations = false;
SkipOnboarding = true;
};
};
};
ff-alex = pkgs.writeShellApplication {
name = "ff-alex";
text = ''
${wrapped}/bin/firefox-devedition -P alex --new-window "$@"
'';
};
sharedSettings = {
"general.smoothScroll" = true;
"apz.gtk.kinetic_scroll.enabled" = false;
"network.dns.force_waiting_https_rr" = false;
};
in
{
home-manager.users.alex = {
programs.firefox = {
enable = true;
package = wrapped;
profiles = {
alex = {
id = 0;
name = "alex";
isDefault = true;
settings = sharedSettings // { };
};
};
};
xdg = {
# /etc/profiles/per-user/alex/share/applications
desktopEntries = {
ff-alex = {
name = "ff-alex";
exec = "${ff-alex}/bin/ff-alex %U";
terminal = false;
};
};
mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "ff-alex.desktop";
"x-scheme-handler/http" = "ff-alex.desktop";
"x-scheme-handler/https" = "ff-alex.desktop";
"application/x-exension-htm" = "ff-alex.desktop";
"application/x-exension-html" = "ff-alex.desktop";
"application/x-exension-shtml" = "ff-alex.desktop";
"application/xhtml+xml" = "ff-alex.desktop";
"application/x-exension-xhtml" = "ff-alex.desktop";
"application/x-exension-xht" = "ff-alex.desktop";
};
};
# https://github.com/nix-community/home-manager/issues/1213
configFile."mimeapps.list".force = true;
};
home.packages = [
ff-alex
];
};
environment.variables = {
MOZ_ENABLE_WAYLAND = 1;
BROWSER = "${ff-alex}/bin/ff-alex $@";
};
}

11
hosts/backwards/modules/games/default.nix
View File

@@ -2,16 +2,13 @@
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.nethack (pkgs.retroarch.override {
cores = [
pkgs.moonlight-qt
pkgs.pcsx2
(pkgs.retroarch.withCores (cores: [
pkgs.libretro.snes9x pkgs.libretro.snes9x
pkgs.libretro.genesis-plus-gx pkgs.libretro.genesis-plus-gx
pkgs.libretro.swanstation pkgs.libretro.swanstation
])) ];
})
]; ];
}; };
} }

3
hosts/backwards/modules/git/gitconfig
View File

@@ -4,3 +4,6 @@
[url "git@github.com:"] [url "git@github.com:"]
insteadOf = https://github.com/ insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/

16
hosts/backwards/modules/gnome/default.nix
View File

@@ -8,14 +8,6 @@
}; };
}; };
desktopManager = {
gnome.enable = true;
};
displayManager = {
gdm.enable = true;
};
xserver = { xserver = {
enable = true; enable = true;
@@ -23,6 +15,14 @@
layout = "se"; layout = "se";
variant = ""; variant = "";
}; };
desktopManager = {
gnome.enable = true;
};
displayManager = {
gdm.enable = true;
};
}; };
}; };

44
hosts/backwards/modules/jellyfin/default.nix Normal file
View File

@@ -0,0 +1,44 @@
{ pkgs, ... }:
{
fileSystems."/home/alex/media" = {
device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
fsType = "ext4";
options = [ "nofail" ];
};
# 1. enable vaapi on OS-level
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware = {
graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver # previously vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
];
};
};
services.jellyfin = {
enable = true;
openFirewall = true;
user = "alex";
group = "users";
dataDir = "/home/alex/media/jellyfin";
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
}

52
hosts/backwards/modules/network/default.nix
View File

@@ -1,48 +1,32 @@
{ config, ... }:
{ {
networking = { networking = {
hostName = "backwards"; hostName = "backwards";
wireless.enable = false; networkmanager.enable = false;
wireless.enable = true;
#wireless.networks are defined in the secret `wpa_supplicant.conf`
networkmanager = { defaultGateway = "192.168.50.1";
enable = true; nameservers = [ "1.1.1.1" ];
interfaces = {
wifi.backend = "iwd"; wlp1s0 = {
useDHCP = false;
ensureProfiles = {
environmentFiles = [
config.age.secrets.wireless-network-secrets.path
];
profiles = {
w1-f1_5G = {
connection = {
id = "w1-f1_5G";
type = "wifi";
interface-name = "wlp1s0";
};
wifi = {
ssid = "w1-f1_5G";
mode = "infrastructure";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$w1_f1_psk";
};
ipv4 = { ipv4 = {
method = "manual"; addresses = [
addresses = "192.168.50.202/24"; {
gateway = "192.168.50.1"; address = "192.168.50.202";
dns = "1.1.1.1"; prefixLength = 24;
}; }
}; ];
}; };
}; };
}; };
}; };
age.secrets = { age.secrets = {
"wireless-network-secrets".file = ../../../../secrets/backwards/wireless-network-secrets.age; "wpa_supplicant.conf" = {
file = ../../../../secrets/backwards/wpa_supplicant.conf.age;
path = "/etc/wpa_supplicant.conf";
};
}; };
} }

22
hosts/backwards/modules/nginx/default.nix
View File

@@ -1,22 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.nginx.enable;
in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "Enable nginx module";
};
};
config = lib.mkIf enabled {
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
};
}

4
hosts/backwards/modules/restic/default.nix
View File

@@ -46,7 +46,6 @@ in
repositoryFile = config.age.secrets.restic-cloud-sync-repository.path; repositoryFile = config.age.secrets.restic-cloud-sync-repository.path;
paths = [ "/home/alex/sync" ]; paths = [ "/home/alex/sync" ];
exclude = [ "/home/alex/sync/reading-material" ];
timerConfig = { timerConfig = {
OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day
@@ -66,8 +65,7 @@ in
secrets = { secrets = {
"restic-password".file = ../../../../secrets/backwards/restic-password.age; "restic-password".file = ../../../../secrets/backwards/restic-password.age;
"restic-cloud-sync-key".file = ../../../../secrets/backwards/restic-cloud-sync-key.age; "restic-cloud-sync-key".file = ../../../../secrets/backwards/restic-cloud-sync-key.age;
"restic-cloud-sync-repository".file = "restic-cloud-sync-repository".file = ../../../../secrets/backwards/restic-cloud-sync-repository.age;
../../../../secrets/backwards/restic-cloud-sync-repository.age;
}; };
}; };
}; };

49
hosts/backwards/modules/ssh/default.nix
View File

@@ -23,34 +23,17 @@ in
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"manatee" = {
hostname = "manatee";
user = "alex";
identityFile = "/home/alex/.ssh/alex.backwards-manatee";
port = 1122;
};
"git.ppp.pm" = { "git.ppp.pm" = {
hostname = "git.ppp.pm"; hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
}; };
"*" = { "codeberg.org" = {
forwardAgent = false; hostname = "codeberg.org";
addKeysToAgent = "no"; identityFile = "/home/alex/.ssh/alex.backwards-codeberg.org";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
}; };
}; };
}; };
home.packages = [ pkgs.sshfs ];
}; };
environment.etc."ssh/authorized_keys_command" = { environment.etc."ssh/authorized_keys_command" = {
@@ -101,19 +84,6 @@ in
path = "${rootSSHKeyPath}/root.backwards.pub"; path = "${rootSSHKeyPath}/root.backwards.pub";
}; };
"alex.backwards-manatee" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.age;
path = "/home/alex/.ssh/alex.backwards-manatee";
owner = "alex";
group = "users";
};
"alex.backwards-manatee.pub" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
path = "/home/alex/.ssh/alex.backwards-manatee.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-backwards.pub" = { "alex.pinwheel-backwards.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.pub.age; file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub"; path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub";
@@ -131,6 +101,19 @@ in
owner = "alex"; owner = "alex";
group = "users"; group = "users";
}; };
"alex.backwards-codeberg.org" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org";
owner = "alex";
group = "users";
};
"alex.backwards-codeberg.org.pub" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org.pub";
owner = "alex";
group = "users";
};
}; };
}; };
} }

3
hosts/backwards/modules/syncthing/default.nix
View File

@@ -34,7 +34,6 @@ in
devices = { devices = {
phone.id = config.lib.syncthing.phone; phone.id = config.lib.syncthing.phone;
pinwheel.id = config.lib.syncthing.pinwheel; pinwheel.id = config.lib.syncthing.pinwheel;
tablet.id = config.lib.syncthing.tablet;
}; };
folders = { folders = {
@@ -75,7 +74,7 @@ in
}; };
books = { books = {
path = "/home/alex/sync/reading-material/books"; path = "/home/alex/sync/books";
devices = [ "pinwheel" ]; devices = [ "pinwheel" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";

31
hosts/manatee/modules/transmission/default.nix → hosts/backwards/modules/transmission/default.nix
View File

@@ -15,40 +15,31 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Transmission";
port = 9091;
description = "Torrent client";
}
];
services = { services = {
transmission = { transmission = {
enable = true; enable = true;
package = pkgs.transmission_4; package = pkgs.transmission_4;
openFirewall = true; openFirewall = true;
openRPCPort = true;
user = "storage"; user = "alex";
group = "storage"; group = "users";
home = "/mnt/media/public/.ts-home"; home = "/home/alex/media/ts-home";
downloadDirPermissions = "775"; downloadDirPermissions = "775";
settings = { settings = {
incomplete-dir-enabled = false;
download-dir = "/mnt/media/public/downloads";
rpc-bind-address = "0.0.0.0"; rpc-bind-address = "0.0.0.0";
rpc-port = 9191;
incomplete-dir-enabled = false;
download-dir = "/home/alex/media/downloads";
# Required to have empty user/pass to satisfy transmissionA
# https://github.com/transmission/transmission/discussions/1941#discussioncomment-1472352
rpc-whitelist-enabled = false;
rpc-authentication-required = true; rpc-authentication-required = true;
rpc-username = ""; rpc-whitelist-enabled = false;
rpc-password = ""; rpc-username = "transmission";
rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi";
}; };
}; };
}; };

56
hosts/manatee/configuration.nix
View File

@@ -1,56 +0,0 @@
{ pkgs, ... }:
{
imports = [
../../config-manager/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./disk-config.nix
./modules
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true;
users.users.alex = {
isNormalUser = true;
description = "alex";
extraGroups = [
"wheel"
"storage"
];
};
environment.variables.EDITOR = "vim";
environment.systemPackages = with pkgs; [
vim
git
];
config-manager = {
flakePath = "/home/alex/config";
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

243
hosts/manatee/disk-config.nix
View File

@@ -1,243 +0,0 @@
{
inputs,
pkgs,
config,
...
}:
{
imports = [ inputs.disko.nixosModules.disko ];
config = {
users.groups.storage = { };
users.users.storage = {
isSystemUser = true;
description = "storage";
group = "storage";
};
systemd.tmpfiles.settings = {
"10-media-public" = {
"/mnt/media/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
"10-cameras-public" = {
"/mnt/cameras/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
"10-sync-public" = {
"/mnt/sync/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
};
environment.systemPackages = [
pkgs.smartmontools
];
services.smartd = {
enable = true;
devices = [
{ device = config.disko.devices.disk.root.device; }
{ device = config.disko.devices.disk.disk1.device; }
{ device = config.disko.devices.disk.disk2.device; }
];
};
services.zfs.autoScrub.enable = true;
networking.hostId = "0a9474e7"; # Required by ZFS
disko.devices = {
disk = {
root = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
disk1 = {
type = "disk";
device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QCG4";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk2 = {
type = "disk";
device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QDJ5";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk3 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0UCF4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk4 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0V6F4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
};
zpool = {
storage = {
type = "zpool";
mode = {
topology = {
type = "topology";
vdev = [
{
mode = "mirror";
members = [
"disk1"
"disk2"
];
}
{
mode = "mirror";
members = [
"disk3"
"disk4"
];
}
];
};
};
rootFsOptions = {
mountpoint = "none";
compression = "zstd";
xattr = "sa";
"com.sun:auto-snapshot" = "false";
};
datasets = {
media = {
type = "zfs_fs";
mountpoint = "/mnt/media";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
cameras = {
type = "zfs_fs";
mountpoint = "/mnt/cameras";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
sync = {
type = "zfs_fs";
mountpoint = "/mnt/sync";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
};
};
};
};
};
}

46
hosts/manatee/hardware-configuration.nix
View File

@@ -1,46 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
swapDevices = [
{
device = "/swapfile";
size = 32 * 1024; # 32GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

24
hosts/manatee/home.nix
View File

@@ -1,24 +0,0 @@
{ inputs, pkgs, ... }:
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
config = {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.alex = {
programs.home-manager.enable = true;
home.username = "alex";
home.homeDirectory = "/home/alex";
home.packages = [
pkgs.streamrip
];
home.stateVersion = "24.11";
};
};
};
}

14
hosts/manatee/modules/age/default.nix
View File

@@ -1,14 +0,0 @@
{ inputs, pkgs, ... }:
{
imports = [ inputs.agenix.nixosModules.default ];
config = {
age = {
identityPaths = [ "/etc/ssh/manatee" ];
};
environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default
];
};
}

43
hosts/manatee/modules/boot/default.nix
View File

@@ -1,43 +0,0 @@
{
inputs,
lib,
config,
...
}:
let
configurationLimit = config.mod.gc.configurationLimit;
in
{
imports = [ inputs.nix-gc-env.nixosModules.default ];
options = {
mod.gc = {
configurationLimit = lib.mkOption {
type = lib.types.int;
default = 10;
description = "number of configuration generations to keep";
};
};
};
config = {
nix.gc = {
automatic = true;
dates = "weekly";
# `delete_generations` added by nix-gc-env
delete_generations = "+${builtins.toString configurationLimit}";
};
boot = {
loader = {
systemd-boot = {
enable = true;
inherit configurationLimit;
};
efi.canTouchEfiVariables = true;
};
};
};
}

44
hosts/manatee/modules/certs/default.nix
View File

@@ -1,44 +0,0 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@ppp.pm";
};
certs = {
"ha.ppp.pm" = {
dnsProvider = "hetzner";
environmentFile = config.age.secrets.hetzner-dns.path;
group = "nginx";
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s" # Wait for 60 seconds for DNS propagation
"--dns-timeout=60"
"--http-timeout=60"
];
};
"komga.ppp.pm" = {
dnsProvider = "hetzner";
environmentFile = config.age.secrets.hetzner-dns.path;
group = "nginx";
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s"
"--dns-timeout=60"
"--http-timeout=60"
];
};
};
};
age = {
secrets = {
"hetzner-dns".file = ../../../../secrets/manatee/hetzner-dns.age;
};
};
}

27
hosts/manatee/modules/default.nix
View File

@@ -1,27 +0,0 @@
{ lib, ... }:
let
toModulePath = dir: _: ./. + "/${dir}";
filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs;
in
{
imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.));
config = {
mod = {
gc.configurationLimit = 10;
ssh.enable = true;
git.enable = true;
nginx.enable = true;
syncthing.enable = true;
transmission.enable = true;
audiobookshelf.enable = true;
jellyfin.enable = true;
immich.enable = true;
navidrome.enable = true;
komga.enable = true;
homepage.enable = true;
};
};
}

39
hosts/manatee/modules/git/default.nix
View File

@@ -1,39 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.git.enable;
in
{
options = {
mod.git = {
enable = lib.mkEnableOption "enable git module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.git = {
enable = true;
includes = [
{ path = ./gitconfig; }
];
settings = {
rerere.enable = true;
};
};
home.packages = [ pkgs.tig ];
home.file.".tigrc".text = ''
set main-view-line-number = yes
set main-view-line-number-interval = 1
'';
};
};
}

9
hosts/manatee/modules/git/gitconfig
View File

@@ -1,9 +0,0 @@
[user]
name = Alexander Heldt
email = me@alexanderheldt.se
[url "git@github.com:"]
insteadOf = https://github.com/
[url "gitea@git.ppp.pm:"]
insteadOf = https://git.ppp.pm/

243
hosts/manatee/modules/home-assistant/default.nix
View File

@@ -1,243 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
nginxEnabled = config.mod.nginx.enable;
script = pkgs.writeShellScript "bt-reset" ''
set -euo pipefail
export PATH="${
lib.makeBinPath [
pkgs.bluez
pkgs.util-linux
pkgs.kmod
pkgs.gnugrep
pkgs.coreutils
]
}"
logger -t bt-reset "Starting Bluetooth adapter reset..."
# Exit early if the adapter is already present and running
if hciconfig hci0 2>/dev/null | grep -q "UP RUNNING"; then
logger -t bt-reset "hci0 is already UP RUNNING nothing to do"
exit 0
fi
# If hci0 exists but isn't UP, try bringing it up
if hciconfig hci0 2>/dev/null; then
logger -t bt-reset "hci0 exists but not running bringing it up"
hciconfig hci0 up || true
sleep 2
if hciconfig hci0 2>/dev/null | grep -q "UP RUNNING"; then
logger -t bt-reset "hci0 is UP now"
systemctl restart bluetooth.service
logger -t bt-reset "bluetooth.service restarted done"
exit 0
fi
fi
# Hard reset: reload the btusb kernel module (works for USB adapters)
logger -t bt-reset "hci0 missing reloading btusb module..."
modprobe -r btusb 2>/dev/null || true
sleep 3
modprobe btusb
sleep 3
if hciconfig hci0 2>/dev/null; then
hciconfig hci0 up
logger -t bt-reset "hci0 restored after module reload"
else
logger -t bt-reset "ERROR: hci0 not found after module reload"
exit 1
fi
# Restart the bluetooth systemd service so bluetoothd picks up the adapter
systemctl restart bluetooth.service
logger -t bt-reset "bluetooth.service restarted done"
'';
in
{
mod.homepage.services = [
{
name = "Home Assistant";
port = 8123;
description = "Home automation";
}
];
hardware.bluetooth.enable = true;
virtualisation.oci-containers = {
backend = "podman";
containers.homeassistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
volumes = [
"/home/alex/.config/home-assistant:/config"
# Pass in bluetooth
"/run/dbus:/run/dbus:ro"
];
environment.TZ = "Europe/Stockholm";
extraOptions = [
"--network=host"
# Allows HA to perform low-level network operations (scan/reset adapter)
"--cap-add=NET_ADMIN"
"--cap-add=NET_RAW"
# Pass in Zigbee antenna
"--device=/dev/serial/by-id/usb-Nabu_Casa_ZBT-2_9C139EAAD464-if00:/dev/ttyACM0"
];
};
};
services = {
blueman.enable = true;
nginx = lib.mkIf nginxEnabled {
recommendedProxySettings = true;
virtualHosts."ha.ppp.pm" = {
forceSSL = true;
useACMEHost = "ha.ppp.pm";
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8123";
proxyWebsockets = true;
};
};
};
# Trigger reset via udev when hci0 disappears
udev.extraRules = ''
ACTION=="remove", SUBSYSTEM=="bluetooth", KERNEL=="hci0", \
TAG+="systemd", ENV{SYSTEMD_WANTS}+="bt-reset.service"
'';
};
systemd = {
services = {
# Trigger reset on bluetoothd failure
bluetooth = {
unitConfig.OnFailure = [ "bt-reset.service" ];
};
bt-reset = {
description = "Reset Bluetooth adapter";
after = [ "bluetooth.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = script;
Restart = "on-failure";
RestartSec = "10s";
StartLimitIntervalSec = "120";
StartLimitBurst = 3;
};
};
};
timers.bt-reset = {
description = "Periodically reset Bluetooth adapter";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5min"; # first run 5 min after boot
OnUnitActiveSec = "4h"; # then every 4 hours
RandomizedDelaySec = "5min";
};
};
user = {
timers = {
"update-hetzner-dns" = {
unitConfig = {
Description = "updates Hetzner DNS records";
};
timerConfig = {
Unit = "update-hetzner-dns.service";
OnCalendar = "*-*-* *:00/30:00";
Persistent = true;
};
wantedBy = [ "timers.target" ];
};
};
services = {
"update-hetzner-dns" = {
unitConfig = {
Description = "updates Hetzner DNS records";
};
serviceConfig = {
Type = "exec";
EnvironmentFile = config.age.secrets.hetzner-dns.path;
};
path = [
pkgs.curl
pkgs.coreutils
pkgs.jq
];
script = ''
SUBDOMAINS="ha komga"
INTERFACE="enp3s0"
CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me)
for SUBDOMAIN in $SUBDOMAINS; do
LAST_IP_FILE="/tmp/hetzner-dns-''${SUBDOMAIN}-ip"
LAST_IP=""
if [[ -f "$LAST_IP_FILE" ]]; then
LAST_IP=$(cat "$LAST_IP_FILE")
fi
if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then
echo "$SUBDOMAIN: IP unchanged, NOOP update."
else
echo "$SUBDOMAIN: Updating IP"
JSON_BODY=$(jq -n --arg ip "$CURRENT_IP" '{records: [{value: $ip}]}')
curl \
--fail \
-X POST \
-H "Authorization: Bearer $HETZNER_API_TOKEN" \
-H "Content-Type: application/json" \
-d "$JSON_BODY" \
"https://api.hetzner.cloud/v1/zones/ppp.pm/rrsets/''${SUBDOMAIN}/A/actions/set_records" \
&& echo $CURRENT_IP > $LAST_IP_FILE
fi
done
'';
};
};
};
};
age = {
secrets = {
"hetzner-dns" = {
file = ../../../../secrets/manatee/hetzner-dns.age;
owner = "alex";
group = "users";
};
};
};
}

111
hosts/manatee/modules/homepage/default.nix
View File

@@ -1,111 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.homepage.enable;
nginxEnabled = config.mod.nginx.enable;
services = config.mod.homepage.services;
serviceToCard = svc: ''
<a class="card" href="http://manatee:${toString svc.port}">
<div class="name">${svc.name}</div>
<div class="desc">${svc.description}</div>
<div class="port">:${toString svc.port}</div>
</a>
'';
page = pkgs.writeTextDir "index.html" ''
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>manatee</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
background: #1a1b26;
color: #c0caf5;
min-height: 100vh;
padding: 3rem 1.5rem;
}
h1 {
text-align: center;
font-size: 1.5rem;
font-weight: 400;
color: #7aa2f7;
margin-bottom: 2rem;
}
.grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(200px, 1fr));
gap: 1rem;
max-width: 900px;
margin: 0 auto;
}
.card {
display: block;
background: #24283b;
border: 1px solid #414868;
border-radius: 8px;
padding: 1.25rem;
text-decoration: none;
color: inherit;
transition: border-color 0.15s;
}
.card:hover { border-color: #7aa2f7; }
.name { font-size: 1.1rem; font-weight: 600; color: #c0caf5; }
.desc { font-size: 0.85rem; color: #565f89; margin-top: 0.35rem; }
.port { font-size: 0.8rem; color: #414868; margin-top: 0.5rem; font-family: monospace; }
</style>
</head>
<body>
<h1>manatee</h1>
<div class="grid">
${lib.concatMapStrings serviceToCard services}
</div>
</body>
</html>
'';
in
{
options = {
mod.homepage = {
enable = lib.mkEnableOption "Enable homepage module";
services = lib.mkOption {
type = lib.types.listOf (
lib.types.submodule {
options = {
name = lib.mkOption { type = lib.types.str; };
port = lib.mkOption { type = lib.types.port; };
description = lib.mkOption { type = lib.types.str; };
};
}
);
default = [ ];
description = "Services to display on the homepage";
};
};
};
config = lib.mkIf (enabled && nginxEnabled) {
services.nginx.virtualHosts."homepage" = {
listen = [
{
addr = "0.0.0.0";
port = 9999;
}
];
root = page;
locations."/" = {
index = "index.html";
};
};
networking.firewall.allowedTCPPorts = [ 9999 ];
};
}

43
hosts/manatee/modules/immich/default.nix
View File

@@ -1,43 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.immich.enable;
in
{
options = {
mod.immich = {
enable = lib.mkEnableOption "Enable immich module";
};
};
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Immich";
port = 2283;
description = "Photo library";
}
];
users.users.immich = {
isSystemUser = true;
group = "storage";
extraGroups = [
"render"
"video"
];
};
services.immich = {
enable = true;
user = "immich";
group = "storage";
host = "0.0.0.0";
mediaLocation = "/mnt/cameras/public";
accelerationDevices = [ "/dev/dri/renderD128" ];
};
};
}

68
hosts/manatee/modules/jellyfin/default.nix
View File

@@ -1,68 +0,0 @@
{
lib,
pkgs,
config,
...
}:
let
enabled = config.mod.jellyfin.enable;
in
{
options = {
mod.jellyfin = {
enable = lib.mkEnableOption "Enable jellyfin module";
};
};
config = lib.mkIf enabled {
users.users.jellyfin = {
isSystemUser = true;
group = "storage";
extraGroups = [
"render"
"video"
];
};
hardware = {
graphics = {
enable = true;
extraPackages = [
pkgs.intel-media-driver # Modern Intel VA-API driver (needed for N305)
pkgs.libvdpau-va-gl # VDPAU backend for VA-API GLX interop
pkgs.intel-compute-runtime # OpenCL support
];
};
};
services = {
jellyfin = {
enable = true;
openFirewall = true;
user = "jellyfin";
group = "storage";
};
};
mod.homepage.services = [
{
name = "Jellyfin";
port = 8096;
description = "Media streaming";
}
];
networking = {
firewall.allowedTCPPorts = [ 8096 ];
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
};
}

125
hosts/manatee/modules/komga/default.nix
View File

@@ -1,125 +0,0 @@
{
inputs,
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.komga.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
options = {
mod.komga = {
enable = lib.mkEnableOption "Enable komga module";
};
};
imports = [
inputs.komga-comictracker.nixosModules.default
inputs.komga-bookmanager.nixosModules.default
];
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Komga";
port = 8002;
description = "Comic library";
}
{
name = "Komga Reader";
port = 8888;
description = "Comic reader";
}
{
name = "Komga Book Manager";
port = 8686;
description = "Book manager";
}
];
users.users.komga = {
isSystemUser = true;
group = "storage";
};
services.komga = {
enable = true;
user = "komga";
group = "storage";
settings = {
server.port = 8002;
komga."cors.allowed-origins" = [
"http://manatee:8888"
"https://komga.ppp.pm"
];
};
openFirewall = true;
};
services.nginx = lib.mkIf nginxEnabled {
virtualHosts."komga-reader" = {
listen = [
{
addr = "0.0.0.0";
port = 8888;
}
];
root = (pkgs.writeTextDir "komga-reader.html" (builtins.readFile ./komga-reader.html));
locations."/" = {
index = "komga-reader.html";
tryFiles = "$uri $uri/ /komga-reader.html";
};
};
virtualHosts."komga.ppp.pm" = {
forceSSL = true;
useACMEHost = "komga.ppp.pm";
locations."/" = {
proxyPass = "http://127.0.0.1:8002";
proxyWebsockets = true;
};
};
};
networking.firewall.allowedTCPPorts = [ 8888 ];
programs.comictracker = {
enable = true;
komgaUrl = "http://127.0.0.1:8002";
komgaLibraryId = "0NVZH5AK3RPE1";
secretsFile = config.age.secrets.komga-comicbooktracker-credentials.path;
};
services.komga-book-manager = {
enable = true;
port = 8686;
group = "storage";
komgaUrl = "http://127.0.0.1:8002";
credentialsFile = config.age.secrets.komga-bookmanager-credentials.path;
libraryRoot = "/mnt/media/public/books";
libraryId = "0PNE1NEPY6995";
};
age.secrets = {
"komga-comicbooktracker-credentials" = {
file = ../../../../secrets/manatee/komga-comicbooktracker-credentials.age;
owner = "alex";
group = "users";
};
"komga-bookmanager-credentials" = {
file = ../../../../secrets/manatee/komga-bookmanager-credentials.age;
owner = "alex";
group = "users";
};
};
};
}

1553
hosts/manatee/modules/komga/komga-reader.html
View File

File diff suppressed because it is too large Load Diff

41
hosts/manatee/modules/navidrome/default.nix
View File

@@ -1,41 +0,0 @@
{
lib,
pkgs,
config,
...
}:
let
navidromeEnabled = config.mod.navidrome.enable;
in
{
options = {
mod.navidrome = {
enable = lib.mkEnableOption "Enable navidrome module";
};
};
config = {
mod.homepage.services = lib.mkIf navidromeEnabled [
{
name = "Navidrome";
port = 4533;
description = "Music streaming";
}
];
services = lib.mkIf navidromeEnabled {
navidrome = {
enable = true;
openFirewall = true;
user = "navidrome";
group = "storage";
settings = {
Port = 4533;
Address = "0.0.0.0";
MusicFolder = "/mnt/media/public/music";
};
};
};
};
}

50
hosts/manatee/modules/network/default.nix
View File

@@ -1,50 +0,0 @@
{ ... }:
let
hostAddress = "192.168.50.203";
in
{
networking = {
hostName = "manatee";
# Required for asymmetric routing (sending replies out a different interface
# than the default route). Without this, the kernel drops the return traffic.
firewall.checkReversePath = "loose";
defaultGateway = "192.168.50.1";
nameservers = [ "1.1.1.1" ];
interfaces = {
enp3s0 = {
useDHCP = false;
ipv4 = {
addresses = [
{
address = hostAddress;
prefixLength = 24;
}
];
};
ipv4.routes = [
{
address = "0.0.0.0";
prefixLength = 0;
via = "192.168.50.1"; # Router
options = {
table = "100";
};
}
];
};
};
localCommands = ''
# Ensure local LAN traffic uses the main table, e.g. responds to the local machine
ip rule list | grep -q "192.168.50.0/24 lookup main" || \
ip rule add to 192.168.50.0/24 lookup main priority 4999
# All other traffic from this IP uses Table 100 (e.g. responds to router and back out)
ip rule list | grep -q "from ${hostAddress} lookup 100" || \
ip rule add from ${hostAddress} lookup 100 priority 5000
'';
};
}

28
hosts/manatee/modules/nginx/default.nix
View File

@@ -1,28 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.nginx.enable;
in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "Enable nginx module";
};
};
config = lib.mkIf enabled {
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
networking = {
firewall = {
allowedTCPPorts = [ 443 ];
};
};
};
}

119
hosts/manatee/modules/ssh/default.nix
View File

@@ -1,119 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.ssh.enable;
authorizedKeysPath = "/home/alex/.ssh/authorized-keys";
rootSSHKeyPath = "/etc/ssh";
in
{
options = {
mod.ssh = {
enable = lib.mkEnableOption "enable ssh module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.ssh = {
enable = true;
matchBlocks = {
"git.ppp.pm" = {
hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
};
"*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
};
};
};
environment.etc."ssh/authorized_keys_command" = {
mode = "0755";
text = ''
#!${pkgs.bash}/bin/bash
for file in ${authorizedKeysPath}/*; do
${pkgs.coreutils}/bin/cat "$file"
done
'';
};
services = {
openssh = {
enable = true;
ports = [ 1122 ];
hostKeys = [
{
path = "${rootSSHKeyPath}/root.manatee";
type = "ed25519";
}
];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
authorizedKeysCommand = "/etc/ssh/authorized_keys_command";
authorizedKeysCommandUser = "root";
};
};
networking = {
firewall = {
allowedTCPPorts = [ 1122 ];
};
};
age.secrets = {
"root.manatee" = {
file = ../../../../secrets/manatee/root.manatee.age;
path = "${rootSSHKeyPath}/root.manatee";
};
"root.manatee.pub" = {
file = ../../../../secrets/manatee/root.manatee.pub.age;
path = "${rootSSHKeyPath}/root.manatee.pub";
};
"alex.pinwheel-manatee.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-manatee.pub";
};
"alex.backwards-manatee.pub" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
path = "${authorizedKeysPath}/alex.backwards-manatee.pub";
};
"alex.manatee-git.ppp.pm" = {
file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
owner = "alex";
group = "users";
};
"alex.manatee-git.ppp.pm.pub" = {
file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.pub.age;
path = "/home/alex/.ssh/alex.manatee-git.ppp.pm.pub";
owner = "alex";
group = "users";
};
};
};
}

69
hosts/manatee/modules/syncthing/default.nix
View File

@@ -1,69 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.syncthing.enable;
in
{
options = {
mod.syncthing = {
enable = lib.mkEnableOption "Enable syncthing module";
};
};
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Syncthing";
port = 8384;
description = "File sync";
}
];
services.syncthing = {
enable = true;
cert = config.age.secrets.syncthing-cert.path;
key = config.age.secrets.syncthing-key.path;
user = "storage";
group = "storage";
dataDir = "/mnt/sync/public";
guiAddress = "0.0.0.0:8384";
settings = {
gui = {
user = "syncthing";
password = "$2a$12$YBcqhl8AXpoLmIWikuMtkOQLcrPXKKj0xY/qy4hggWnfjeVLQ3Ct6";
insecureSkipHostcheck = false;
};
devices = {
pinwheel.id = config.lib.syncthing.pinwheel;
};
folders = {
org = {
path = "/mnt/sync/public/org";
devices = [
"pinwheel"
];
versioning = {
type = "staggered";
params = {
maxage = "2592000"; # 30 days
};
};
};
};
};
};
age = {
secrets = {
"syncthing-cert".file = ../../../../secrets/manatee/syncthing-cert.age;
"syncthing-key".file = ../../../../secrets/manatee/syncthing-key.age;
};
};
};
}

11
hosts/manatee/modules/tailscale/default.nix
View File

@@ -1,11 +0,0 @@
{ ... }:
{
# If an exit node is used, set:
# tailscale set --exit-node-allow-lan-access
services.tailscale.enable = true;
networking.firewall = {
checkReversePath = "loose";
allowedUDPPorts = [ 41641 ];
};
}

5
hosts/pinwheel/configuration.nix
View File

@@ -17,10 +17,7 @@
users.users.alex = { users.users.alex = {
isNormalUser = true; isNormalUser = true;
description = "alex"; description = "alex";
extraGroups = [ extraGroups = [ "wheel" ];
"wheel"
"networkmanager"
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

2
hosts/pinwheel/hardware-configuration.nix
View File

@@ -39,7 +39,7 @@
swapDevices = [ swapDevices = [
{ {
device = "/swapfile"; device = "/swapfile";
size = 48 * 1024; # 48GB size = 24 * 1024; # 24GB
} }
]; ];

7
hosts/pinwheel/home.nix
View File

@@ -14,19 +14,14 @@
home.homeDirectory = "/home/alex"; home.homeDirectory = "/home/alex";
home.packages = [ home.packages = [
inputs.whib-backend.packages.${pkgs.stdenv.hostPlatform.system}.whib-import
# pkgs.beekeeper-studio
pkgs.bitwarden-desktop
pkgs.gimp pkgs.gimp
pkgs.zip pkgs.zip
pkgs.unzip
pkgs.unar pkgs.unar
pkgs.jq pkgs.jq
pkgs.dbeaver-bin pkgs.dbeaver-bin
pkgs.htop pkgs.htop
pkgs.onlyoffice-desktopeditors pkgs.onlyoffice-bin
pkgs.wdisplays pkgs.wdisplays
pkgs.vlc
]; ];
home.stateVersion = "23.05"; home.stateVersion = "23.05";

2
hosts/pinwheel/modules/age/default.nix
View File

@@ -11,7 +11,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default inputs.agenix.packages."${pkgs.system}".default
]; ];
}; };
} }

8
hosts/pinwheel/modules/bluetooth/default.nix
View File

@@ -30,6 +30,12 @@ in
# Low battery notification for bluetooth devices # Low battery notification for bluetooth devices
systemd.user = systemd.user =
let let
trackpad = {
id = "battery_hid_a8o91o3doe5ofeo38_battery";
name = "trackpad";
threshold = "20";
};
headphones = { headphones = {
id = "headset_dev_38_18_4C_18_A4_6E"; id = "headset_dev_38_18_4C_18_A4_6E";
name = "headphones"; name = "headphones";
@@ -59,6 +65,7 @@ in
in in
builtins.listToAttrs ( builtins.listToAttrs (
builtins.map mkTimer [ builtins.map mkTimer [
trackpad
headphones headphones
] ]
); );
@@ -112,6 +119,7 @@ in
in in
builtins.listToAttrs ( builtins.listToAttrs (
builtins.map mkService [ builtins.map mkService [
trackpad
headphones headphones
] ]
); );

2
hosts/pinwheel/modules/colors/default.nix
View File

@@ -3,7 +3,7 @@
colors = { colors = {
foreground = "bd93f9"; foreground = "bd93f9";
foreground-dim = "644294"; foreground-dim = "644294";
background = "1E1E2F"; background = "1E2029";
gray = "3a3a3a"; gray = "3a3a3a";
warning = "ff6969"; warning = "ff6969";

1
hosts/pinwheel/modules/default.nix
View File

@@ -33,7 +33,6 @@ in
rust.enable = true; rust.enable = true;
scala.enable = true; scala.enable = true;
python.enable = true; python.enable = true;
gleam.enable = true;
keyboard.enable = true; keyboard.enable = true;
containers = { containers = {

2
hosts/pinwheel/modules/dunst/default.nix
View File

@@ -7,6 +7,8 @@
settings = { settings = {
global = { global = {
monitor = 1; monitor = 1;
width = 300;
height = 300;
offset = "10x10"; offset = "10x10";
origin = "top-right"; origin = "top-right";
transparency = 10; transparency = 10;

62
hosts/pinwheel/modules/emacs/config.org
View File

@@ -479,34 +479,7 @@ Setup prefix for keybindings.
* Flycheck * Flycheck
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package flycheck (use-package flycheck)
:preface
(defun mp-flycheck-eldoc (callback &rest _ignored)
"Print flycheck messages at point by calling CALLBACK."
(when-let ((flycheck-errors (and flycheck-mode (flycheck-overlay-errors-at (point)))))
(mapc
(lambda (err)
(funcall callback
(format "%s: %s"
(let ((level (flycheck-error-level err)))
(pcase level
('info (propertize "I" 'face 'flycheck-error-list-info))
('error (propertize "E" 'face 'flycheck-error-list-error))
('warning (propertize "W" 'face 'flycheck-error-list-warning))
(_ level)))
(flycheck-error-message err))
:thing (or (flycheck-error-id err)
(flycheck-error-group err))
:face 'font-lock-doc-face))
flycheck-errors)))
(defun mp-flycheck-prefer-eldoc ()
(add-hook 'eldoc-documentation-functions #'mp-flycheck-eldoc nil t)
(setq eldoc-documentation-strategy 'eldoc-documentation-compose-eagerly)
(setq flycheck-display-errors-function nil)
(setq flycheck-help-echo-function nil))
:hook ((flycheck-mode . mp-flycheck-prefer-eldoc)))
(use-package flycheck-eglot (use-package flycheck-eglot
:after (flycheck eglot) :after (flycheck eglot)
@@ -530,12 +503,6 @@ Setup prefix for keybindings.
(add-hook 'before-save-hook #'eglot-format-buffer -10 t)))) (add-hook 'before-save-hook #'eglot-format-buffer -10 t))))
(use-package eglot (use-package eglot
:preface
(defun mp-eglot-eldoc ()
(setq eldoc-echo-area-use-multiline-p nil)
(setq eldoc-documentation-strategy
'eldoc-documentation-compose-eagerly))
:config :config
(add-to-list 'eglot-server-programs (add-to-list 'eglot-server-programs
'(scala-mode . '(scala-mode .
@@ -544,9 +511,6 @@ Setup prefix for keybindings.
(add-to-list 'eglot-server-programs (add-to-list 'eglot-server-programs
'(nix-mode . ("nixd"))) '(nix-mode . ("nixd")))
(add-to-list 'eglot-server-programs
'(gleam-ts-mode . ("gleam" "lsp")))
(setq-default eglot-workspace-configuration (setq-default eglot-workspace-configuration
'( '(
:metals ( :metals (
@@ -555,11 +519,7 @@ Setup prefix for keybindings.
) )
) )
:custom
(eglot-code-action-indications nil)
:hook ( :hook (
(eglot-managed-mode . mp-eglot-eldoc)
(go-mode . eglot-ensure) (go-mode . eglot-ensure)
(go-mode . alex/organize-imports-on-save) (go-mode . alex/organize-imports-on-save)
(go-mode . alex/format-on-save) (go-mode . alex/format-on-save)
@@ -569,10 +529,6 @@ Setup prefix for keybindings.
(nix-mode . eglot-ensure) (nix-mode . eglot-ensure)
(nix-mode . alex/format-on-save) (nix-mode . alex/format-on-save)
(gleam-ts-mode . eglot-ensure)
(gleam-ts-mode . alex/format-on-save)
(python-mode . eglot-ensure)
(javascript-mode . eglot-ensure) (javascript-mode . eglot-ensure)
(js-mode . eglot-ensure) (js-mode . eglot-ensure)
(js-jsx-mode . eglot-ensure) (js-jsx-mode . eglot-ensure)
@@ -592,6 +548,13 @@ Setup prefix for keybindings.
:after eglot :after eglot
:config (eglot-booster-mode)) :config (eglot-booster-mode))
#+END_SRC #+END_SRC
** Eldoc-box
#+BEGIN_SRC emacs-lisp
(use-package eldoc-box
:after eglot
:bind (:map eglot-mode-map
("M-h" . eldoc-box-help-at-point)))
#+END_SRC
** Go ** Go
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package go-mode (use-package go-mode
@@ -609,12 +572,6 @@ Setup prefix for keybindings.
) )
) )
#+END_SRC #+END_SRC
** Gleam
#+BEGIN_SRC emacs-lisp
(use-package gleam-ts-mode
:mode "\\.gleam\\'"
)
#+END_SRC
** YAML ** YAML
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package yaml-mode (use-package yaml-mode
@@ -646,8 +603,7 @@ Setup prefix for keybindings.
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(setq (setq
js-indent-level 2 js-indent-level 2
js2-basic-offset 2 js2-basic-offset 2)
indent-tabs-mode nil)
(add-to-list 'auto-mode-alist '("\\.ts\\'" . typescript-ts-mode)) (add-to-list 'auto-mode-alist '("\\.ts\\'" . typescript-ts-mode))
#+END_SRC #+END_SRC

4
hosts/pinwheel/modules/firefox/default.nix
View File

@@ -29,14 +29,14 @@ let
ff = pkgs.writeShellApplication { ff = pkgs.writeShellApplication {
name = "ff"; name = "ff";
text = '' text = ''
${wrapped}/bin/firefox-devedition --ProfileManager ${wrapped}/bin/firefox --ProfileManager
''; '';
}; };
ff-alex = pkgs.writeShellApplication { ff-alex = pkgs.writeShellApplication {
name = "ff-alex"; name = "ff-alex";
text = '' text = ''
${wrapped}/bin/firefox-devedition -P alex --new-window "$@" ${wrapped}/bin/firefox -P alex --new-window "$@"
''; '';
}; };

6
hosts/pinwheel/modules/fonts/default.nix
View File

@@ -2,9 +2,9 @@
{ {
fonts.packages = [ fonts.packages = [
pkgs.noto-fonts pkgs.noto-fonts
pkgs.noto-fonts-cjk-sans pkgs.noto-fonts-cjk
pkgs.noto-fonts-color-emoji pkgs.noto-fonts-emoji
pkgs.nerd-fonts.jetbrains-mono pkgs.nerdfonts
pkgs.liberation_ttf pkgs.liberation_ttf
]; ];
} }

2
hosts/pinwheel/modules/fzf/default.nix
View File

@@ -1,4 +1,4 @@
{ ... }: { pkgs, ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
programs.fzf = { programs.fzf = {

12
hosts/pinwheel/modules/games/default.nix
View File

@@ -1,6 +1,16 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ pkgs.brogue-ce ]; home.packages = [
pkgs.brogue-ce
(pkgs.retroarch.override {
cores = [
pkgs.libretro.genesis-plus-gx
pkgs.libretro.snes9x
pkgs.libretro.dolphin
];
})
];
}; };
} }

2
hosts/pinwheel/modules/git/default.nix
View File

@@ -23,7 +23,7 @@ in
{ path = ./gitconfig; } { path = ./gitconfig; }
]; ];
settings = { extraConfig = {
rerere.enable = true; rerere.enable = true;
}; };
}; };

3
hosts/pinwheel/modules/git/gitconfig
View File

@@ -5,5 +5,8 @@
[url "git@github.com:"] [url "git@github.com:"]
insteadOf = https://github.com/ insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/
[url "gitea@git.ppp.pm:"] [url "gitea@git.ppp.pm:"]
insteadOf = https://git.ppp.pm/ insteadOf = https://git.ppp.pm/

25
hosts/pinwheel/modules/gleam/default.nix
View File

@@ -1,25 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.gleam.enable;
in
{
options = {
mod.gleam = {
enable = lib.mkEnableOption "enable gleam module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
home.packages = [
pkgs.gleam
pkgs.erlang
];
};
};
}

18
hosts/pinwheel/modules/go/default.nix
View File

@@ -15,14 +15,26 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
nixpkgs.overlays =
let
buildGo122 = pkgs: pkg: pkg.override { buildGoModule = pkgs.buildGo122Module; };
in
[
(final: prev: {
go = prev.go_1_22;
gopls = buildGo122 prev prev.gopls;
go-tools = buildGo122 prev prev.go-tools;
govulncheck = buildGo122 prev prev.govulncheck;
gotestsum = buildGo122 prev prev.gotestsum;
})
];
home-manager.users.alex = { home-manager.users.alex = {
programs.go = { programs.go = {
enable = true; enable = true;
package = pkgs.go; package = pkgs.go;
env = { goPath = "code/go";
GOPATH = "/home/alex/code/go";
};
}; };
home.packages = [ home.packages = [

198
hosts/pinwheel/modules/hyprland/default.nix
View File

@@ -1,5 +1,4 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
config, config,
@@ -7,59 +6,6 @@
}: }:
let let
enabled = config.mod.hyprland.enable; enabled = config.mod.hyprland.enable;
monitorScript = pkgs.writeShellScript "hyprland-monitor-handler" ''
INTERNAL="eDP-1"
EXTERNAL_MONITORS="HDMI-A-1 DP-3"
HYPRCTL="${pkgs.hyprland}/bin/hyprctl"
JQ="${pkgs.jq}/bin/jq"
get_active_external() {
# Return the first connected external monitor
for mon in $EXTERNAL_MONITORS; do
if $HYPRCTL monitors -j | $JQ -e ".[] | select(.name == \"$mon\")" > /dev/null 2>&1; then
echo "$mon"
return 0
fi
done
return 1
}
bind_workspaces() {
local external
if external=$(get_active_external); then
# External monitor connected: 1-5 on external, 6-10 on internal
for ws in 1 2 3 4 5; do
$HYPRCTL keyword workspace "$ws, monitor:$external, default:true"
done
for ws in 6 7 8 9 10; do
$HYPRCTL keyword workspace "$ws, monitor:$INTERNAL, default:true"
done
else
# No external monitor: all workspaces on internal
for ws in 1 2 3 4 5 6 7 8 9 10; do
$HYPRCTL keyword workspace "$ws, monitor:$INTERNAL, default:true"
done
fi
}
handle_event() {
case $1 in
monitoradded*|monitorremoved*)
sleep 0.5 # Give monitor time to initialize
bind_workspaces
;;
esac
}
# Bind workspaces on startup
bind_workspaces
${pkgs.socat}/bin/socat -U - UNIX-CONNECT:"$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock" | while read -r line; do
handle_event "$line"
done
'';
in in
{ {
options = { options = {
@@ -69,42 +15,32 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
programs.hyprland = {
enable = true;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage =
inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
xwayland = {
enable = true;
};
};
home-manager.users.alex = { home-manager.users.alex = {
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
xwayland = {
enable = true;
};
extraConfig = '' extraConfig = ''
exec-once=waybar exec-once=waybar
exec-once=hyprctl setcursor Adwaita 24
env = GDK_DPI_SCALE,1.5 env = GDK_DPI_SCALE,1.5
env = HYPRCURSOR_THEME,Adwaita env = XCURSOR_SIZE,64
env = HYPRCURSOR_SIZE,24
monitor=eDP-1, 1920x1200, auto-center-down, 1 monitor=eDP-1, 1920x1200, 0x0, 1
monitor=HDMI-A-1, 2560x1440@100, auto-center-up, 1
monitor=DP-3, 2560x1440@60, auto-center-up, 1
workspace = w[tv1], gapsout:0, gapsin:0 workspace = 1, monitor:HDMI-A-1
workspace = f[1], gapsout:0, gapsin:0 workspace = 2, monitor:HDMI-A-1
windowrule = border_size 0, match:float 0, match:workspace w[tv1] workspace = 3, monitor:HDMI-A-1
windowrule = rounding 0, match:float 0, match:workspace w[tv1] workspace = 4, monitor:HDMI-A-1
windowrule = border_size 0, match:float 0, match:workspace f[1] workspace = 5, monitor:HDMI-A-1
windowrule = rounding 0, match:float 0, match:workspace f[1] workspace = 6, monitor:eDP-1
workspace = 7, monitor:eDP-1
# https://wiki.archlinux.org/title/Hyprland#Jetbrains_apps_focus_issues workspace = 8, monitor:eDP-1
windowrule = match:xwayland true, no_initial_focus on workspace = 9, monitor:eDP-1
workspace = 10, monitor:eDP-1
exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
''; '';
@@ -125,7 +61,6 @@ in
follow_mouse = 2; follow_mouse = 2;
sensitivity = 0.3; sensitivity = 0.3;
accel_profile = "flat";
touchpad = { touchpad = {
natural_scroll = false; natural_scroll = false;
tap-and-drag = false; tap-and-drag = false;
@@ -149,6 +84,7 @@ in
dwindle = { dwindle = {
force_split = 2; force_split = 2;
no_gaps_when_only = 1;
}; };
bind = bind =
@@ -218,23 +154,6 @@ in
pkgs.wdisplays pkgs.wdisplays
pkgs.bc pkgs.bc
]; ];
systemd.user.services.hyprland-monitors = {
Unit = {
Description = "Hyprland monitor hotplug handler";
PartOf = [ "graphical-session.target" ];
After = [ "graphical-session.target" ];
};
Service = {
Type = "simple";
ExecStart = "${monitorScript}";
Restart = "on-failure";
RestartSec = 5;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
};
}; };
# To start electron apps like `chromium` with wayland support # To start electron apps like `chromium` with wayland support
@@ -253,6 +172,87 @@ in
# openGL is needed for wayland/hyprland # openGL is needed for wayland/hyprland
hardware.graphics.enable = true; hardware.graphics.enable = true;
boot.kernelParams = [ "i915.enable_psr=0" ]; systemd.user.services.hyprland-monitors = {
# systemctl --user restart hyprland-monitors.service
# journalctl --user -u hyprland-monitors.service -e -f
unitConfig = {
Description = "handles hyprland monitor connect/disconnect";
};
wantedBy = [ "graphical-session.target" ];
requires = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
path = [
pkgs.coreutils # to include `cat`
pkgs.waybar
pkgs.hyprland
pkgs.socat
pkgs.jq
pkgs.bc
pkgs.libnotify
];
script =
let
moveWSToMonitor =
monitor: first: last:
if last < first then
throw "'first' has to be less than or equal to 'last'"
else
builtins.genList (
n: "dispatch moveworkspacetomonitor ${builtins.toString (first + n)} ${monitor}"
) (last - first + 1);
external = moveWSToMonitor "HDMI-A-1" 1 5;
internal = moveWSToMonitor "eDPI-1" 6 10;
onlyInternal = moveWSToMonitor "eDPI-1" 1 10;
in
''
update() {
HDMI_STATUS=$(cat /sys/class/drm/card1-HDMI-A-1/status)
INTERNAL_WIDTH=1920
INTERNAL_HEIGHT=1200
if [ $HDMI_STATUS = "connected" ]; then
notify-send "Using external and laptop monitor"
hyprctl keyword monitor HDMI-A-1,preferred,0x0,1
HDMI=$(hyprctl monitors -j | jq '.[] | select(.name=="HDMI-A-1")')
HDMI_WIDTH=$(echo $HDMI | jq .width)
HDMI_HEIGHT=$(echo $HDMI | jq .height)
INTERNAL_POS_X=$(echo "($HDMI_WIDTH - $INTERNAL_WIDTH) / 2" | bc)
if (( $(echo "$INTERNAL_POS_X < 0" | bc) )); then INTERNAL_POS_X=0; fi
INTERNAL_POS_Y=$HDMI_HEIGHT
hyprctl keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,$INTERNAL_POS_X"x"$INTERNAL_POS_Y,1
hyprctl --batch "${lib.strings.concatStringsSep ";" (external ++ internal)}"
else
notify-send "Using only laptop monitor"
hyprctl --batch "keyword monitor HDMI-A,disable; keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,0x0,1"
hyprctl --batch "${lib.strings.concatStringsSep ";" onlyInternal}"
fi
}
handle() {
case $1 in
monitoradded\>\>*|monitorremoved\>\>*)
echo "handling event: \"$1\""
update ;;
esac
}
echo "Starting service with instance \"$HYPRLAND_INSTANCE_SIGNATURE\""
# Do initial configuration
update
socat -U - UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock | while read -r line; do handle "$line"; done
'';
};
}; };
} }

23
hosts/pinwheel/modules/network/default.nix
View File

@@ -1,22 +1,21 @@
{ pkgs, ... }:
{ {
home-manager = { services.connman = {
users.alex = {
home.packages = [ pkgs.networkmanager ];
};
};
networking = {
wireless.enable = false; # Wireless is managed by networkmanager
networkmanager = {
enable = true; enable = true;
wifi = { wifi = {
backend = "iwd"; backend = "iwd";
}; };
};
networkInterfaceBlacklist = [
"vmnet"
"vboxnet"
"virbr"
"ifb"
"ve"
"docker"
"br-"
"wg-"
];
}; };
networking = { networking = {

2
hosts/pinwheel/modules/nix/default.nix
View File

@@ -2,7 +2,7 @@
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.nixfmt pkgs.nixfmt-rfc-style
pkgs.nix-tree pkgs.nix-tree
]; ];
}; };

20
hosts/pinwheel/modules/openvpn/default.nix
View File

@@ -18,19 +18,21 @@ in
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.openvpn pkgs.openvpn
pkgs.update-systemd-resolved
]; ];
}; };
services.resolved = { services.resolved = {
enable = true; enable = false;
settings = { dnssec = "true";
Resolve = { domains = [ "~." ];
Domains = [ "~." ]; fallbackDns = [
DNSSEC = false; "1.1.1.1#one.one.one.one"
DNSOverTLS = true; "1.0.0.1#one.one.one.one"
}; ];
}; extraConfig = ''
DNSOverTLS=yes
'';
}; };
}; };
} }

2
hosts/pinwheel/modules/screenshot/default.nix
View File

@@ -8,7 +8,7 @@
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
grimblast = inputs.hyprland-contrib.packages.${pkgs.stdenv.hostPlatform.system}.grimblast; grimblast = inputs.hyprland-contrib.packages.${pkgs.system}.grimblast;
area = "${pkgs.libnotify}/bin/notify-send 'ps: selected area' && ${grimblast}/bin/grimblast copy area"; area = "${pkgs.libnotify}/bin/notify-send 'ps: selected area' && ${grimblast}/bin/grimblast copy area";
screen = "${pkgs.libnotify}/bin/notify-send 'ps: selected screen' &&${grimblast}/bin/grimblast copy output"; screen = "${pkgs.libnotify}/bin/notify-send 'ps: selected screen' &&${grimblast}/bin/grimblast copy output";
in in

2
hosts/pinwheel/modules/sound/default.nix
View File

@@ -10,7 +10,7 @@ in
{ {
users.users.alex.extraGroups = [ "audio" ]; users.users.alex.extraGroups = [ "audio" ];
services.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {

12
hosts/pinwheel/modules/music/default.nix → hosts/pinwheel/modules/spotify/default.nix
View File

@@ -1,5 +1,4 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
config, config,
@@ -14,18 +13,18 @@ in
settings = { settings = {
bind = bind =
let let
prev = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify previous"; prev = "${pkgs.playerctl}/bin/playerctl -p spotify previous";
next = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify next"; next = "${pkgs.playerctl}/bin/playerctl -p spotify next";
in in
[ [
", XF86AudioPrev, exec, ${prev}" ", XF86AudioPrev, exec, ${prev}"
", XF86AudioNext, exec, ${next}" ", XF86AudioNext, exec, ${next}"
", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause" ", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spoitfy play-pause" ", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p spoitfy play-pause"
"$mod ALT, LEFT, exec, ${prev}" "$mod ALT, LEFT, exec, ${prev}"
"$mod ALT, RIGHT, exec, ${next}" "$mod ALT, RIGHT, exec, ${next}"
"$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause" "$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
]; ];
}; };
}; };
@@ -33,7 +32,6 @@ in
home.packages = [ home.packages = [
pkgs.playerctl pkgs.playerctl
pkgs.spotify pkgs.spotify
inputs.naviterm.packages.${pkgs.stdenv.hostPlatform.system}.default
]; ];
}; };

71
hosts/pinwheel/modules/ssh/default.nix
View File

@@ -3,16 +3,8 @@
home-manager.users.alex = { home-manager.users.alex = {
programs.ssh = { programs.ssh = {
enable = true; enable = true;
enableDefaultConfig = false;
matchBlocks = { matchBlocks = {
"manatee" = {
hostname = "manatee";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-manatee";
port = 1122;
};
"backwards" = { "backwards" = {
hostname = "backwards"; hostname = "backwards";
user = "alex"; user = "alex";
@@ -20,6 +12,12 @@
port = 1122; port = 1122;
}; };
"andromeda" = {
hostname = "andromeda.a2x.se";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-andromeda";
};
"tadpole" = { "tadpole" = {
hostname = "65.21.106.222"; hostname = "65.21.106.222";
user = "alex"; user = "alex";
@@ -32,23 +30,15 @@
identityFile = "/home/alex/.ssh/alex.pinwheel-github.com"; identityFile = "/home/alex/.ssh/alex.pinwheel-github.com";
}; };
"codeberg.org" = {
hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
};
"git.ppp.pm" = { "git.ppp.pm" = {
hostname = "git.ppp.pm"; hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
}; };
"*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
}; };
}; };
@@ -56,19 +46,6 @@
}; };
age.secrets = { age.secrets = {
"alex.pinwheel-manatee" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.age;
path = "/home/alex/.ssh/alex.pinwheel-manatee";
owner = "alex";
group = "users";
};
"alex.pinwheel-manatee.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-manatee.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-backwards" = { "alex.pinwheel-backwards" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.age; file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.age;
path = "/home/alex/.ssh/alex.pinwheel-backwards"; path = "/home/alex/.ssh/alex.pinwheel-backwards";
@@ -95,6 +72,19 @@
group = "users"; group = "users";
}; };
"alex.pinwheel-codeberg.org" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.age;
path = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
owner = "alex";
group = "users";
};
"alex.pinwheel-codeberg.org.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-codeberg.org.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-git.ppp.pm" = { "alex.pinwheel-git.ppp.pm" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age; file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm"; path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
@@ -108,6 +98,19 @@
group = "users"; group = "users";
}; };
"alex.pinwheel-andromeda" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda";
owner = "alex";
group = "users";
};
"alex.pinwheel-andromeda.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-tadpole" = { "alex.pinwheel-tadpole" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age; file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age;
path = "/home/alex/.ssh/alex.pinwheel-tadpole"; path = "/home/alex/.ssh/alex.pinwheel-tadpole";

4
hosts/pinwheel/modules/syncthing/default.nix
View File

@@ -16,7 +16,6 @@
devices = { devices = {
phone.id = config.lib.syncthing.phone; phone.id = config.lib.syncthing.phone;
backwards.id = config.lib.syncthing.backwards; backwards.id = config.lib.syncthing.backwards;
manatee.id = config.lib.syncthing.manatee;
}; };
folders = { folders = {
@@ -25,7 +24,6 @@
devices = [ devices = [
"phone" "phone"
"backwards" "backwards"
"manatee"
]; ];
versioning = { versioning = {
type = "staggered"; type = "staggered";
@@ -58,7 +56,7 @@
}; };
books = { books = {
path = "/home/alex/sync/reading-material/books"; path = "/home/alex/sync/books";
devices = [ "backwards" ]; devices = [ "backwards" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";

2
hosts/pinwheel/modules/vim/default.nix
View File

@@ -18,7 +18,7 @@ in
}; };
programs.git = lib.mkIf gitEnabled { programs.git = lib.mkIf gitEnabled {
settings = { extraConfig = {
core = { core = {
editor = "vim"; editor = "vim";
}; };

5
hosts/pinwheel/modules/vm/default.nix
View File

@@ -17,10 +17,7 @@ in
config = lib.mkIf enabled { config = lib.mkIf enabled {
virtualisation = { virtualisation = {
spiceUSBRedirection.enable = true; # Allow redirecting USB to the VM spiceUSBRedirection.enable = true; # Allow redirecting USB to the VM
libvirtd = { libvirtd.enable = true;
enable = true;
qemu.vhostUserPackages = [ pkgs.virtiofsd ];
};
}; };
users.users.alex = { users.users.alex = {

39
hosts/pinwheel/modules/waybar/default.nix
View File

@@ -7,14 +7,14 @@
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
music-status = pkgs.writeShellScript "music-status" '' spotify-status = pkgs.writeShellScript "spotify-status" ''
STATUS=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify status 2>&1) STATUS=$(${pkgs.playerctl}/bin/playerctl -p spotify status 2>&1)
if [ "$STATUS" = "No players found" ]; then if [ "$STATUS" = "No players found" ]; then
echo "" echo ""
else else
FORMAT="{{markup_escape(xesam:title)}} - {{markup_escape(xesam:artist)}}" FORMAT="{{markup_escape(xesam:title)}} - {{markup_escape(xesam:artist)}}"
OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify metadata --format "$FORMAT") OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p spotify metadata --format "$FORMAT")
case "$STATUS" in case "$STATUS" in
"Playing") "Playing")
echo "<span font='14' rise='-3000'></span> $OUTPUT" echo "<span font='14' rise='-3000'></span> $OUTPUT"
@@ -85,25 +85,11 @@ let
''; '';
work-vpn-status = pkgs.writeShellScript "work-vpn-status" '' work-vpn-status = pkgs.writeShellScript "work-vpn-status" ''
ACTIVE_ENVS="" STAGING=$(systemctl is-active openvpn-work-staging.service)
[ "$STAGING" == "active" ] && echo "WORK-VPN STAGING ON" && exit 0
STAGING_STATUS=$(systemctl is-active openvpn-work-staging.service) PRODUCTION=$(systemctl is-active openvpn-work-production.service)
if [ "$STAGING_STATUS" == "active" ]; then [ "$PRODUCTION" == "active" ] && echo "WORK-VPN PRODUCTION ON" && exit 0
ACTIVE_ENVS="S"
fi
PRODUCTION_STATUS=$(systemctl is-active openvpn-work-production.service)
if [ "$PRODUCTION_STATUS" == "active" ]; then
if [ -n "$ACTIVE_ENVS" ]; then
ACTIVE_ENVS="$ACTIVE_ENVS&amp;P"
else
ACTIVE_ENVS="P"
fi
fi
if [ -n "$ACTIVE_ENVS" ]; then
echo "WORK-VPN $ACTIVE_ENVS ON"
fi
''; '';
toggle-bt-power = pkgs.writeShellScript "toggle-bt-power" '' toggle-bt-power = pkgs.writeShellScript "toggle-bt-power" ''
@@ -140,7 +126,7 @@ in
modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ]; modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
modules-right = [ modules-right = [
"custom/work-vpn-status" "custom/work-vpn-status"
"custom/music" "custom/spotify"
"custom/container-status" "custom/container-status"
"custom/dunst" "custom/dunst"
"bluetooth" "bluetooth"
@@ -156,8 +142,8 @@ in
interval = 2; interval = 2;
}; };
"custom/music" = { "custom/spotify" = {
exec = music-status; exec = spotify-status;
interval = 2; interval = 2;
max-length = 70; max-length = 70;
tooltip = false; tooltip = false;
@@ -236,10 +222,7 @@ in
height = 30; height = 30;
spacing = 20; spacing = 20;
fixed-center = false; fixed-center = false;
output = [ output = [ "HDMI-A-1" ];
"HDMI-A-1"
"DP-3"
];
modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ]; modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
modules-right = [ modules-right = [

38
hosts/pinwheel/modules/work/default.nix
View File

@@ -1,5 +1,4 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
config, config,
@@ -18,19 +17,16 @@ in
}; };
home.packages = [ home.packages = [
# (pkgs.callPackage ./pants.nix { inherit (pkgs) stdenv.hostPlatform.system; }) (pkgs.callPackage ./syb-cli.nix { })
# (pkgs.callPackage ./syb-cli.nix { })
(inputs.nix-jetbrains-plugins.lib.buildIdeWithPlugins pkgs "idea" [
"IdeaVIM"
"com.github.copilot"
])
(pkgs.jetbrains.plugins.addPlugins pkgs.jetbrains.idea-ultimate [ "ideavim" ])
(pkgs.google-cloud-sdk.withExtraComponents [ (pkgs.google-cloud-sdk.withExtraComponents [
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
]) ])
(pkgs.graphite-cli.overrideAttrs (_: {
pkgs.graphite-cli version = "1.4.3";
}))
pkgs.xdg-utils # needed by graphite-cli
pkgs.postman pkgs.postman
pkgs.grpcurl pkgs.grpcurl
@@ -38,23 +34,10 @@ in
# for `radio` # for `radio`
pkgs.go-mockery pkgs.go-mockery
pkgs.golangci-lint pkgs.golangci-lint
(pkgs.writeShellScriptBin "work-vpn" ''
case $1 in
up)
sudo sh -c "systemctl start openvpn-work-staging.service; systemctl start openvpn-work-production.service"
;;
down)
sudo sh -c "systemctl stop openvpn-work-staging.service; systemctl stop openvpn-work-production.service"
;;
esac
'')
]; ];
programs.go = lib.mkIf goEnabled { programs.go = lib.mkIf goEnabled {
env = { goPrivate = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ];
GOPRIVATE = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ];
};
}; };
programs.git = lib.mkIf gitEnabled { programs.git = lib.mkIf gitEnabled {
@@ -67,13 +50,6 @@ in
}; };
}; };
# Needed for `copilot`
programs.nix-ld.enable = true;
programs.nix-ld.libraries = [
pkgs.stdenv.cc.cc.lib
pkgs.zlib
];
services.openvpn.servers = lib.mkIf openvpnEnabled { services.openvpn.servers = lib.mkIf openvpnEnabled {
work-staging = { work-staging = {
config = "config ${config.age.secrets.work-staging-ovpn.path}"; config = "config ${config.age.secrets.work-staging-ovpn.path}";

68
hosts/pinwheel/modules/work/pants.nix
View File

@@ -1,68 +0,0 @@
{
pkgs,
lib,
...
}:
let
version = "0.12.0";
if_let = v: p: if lib.attrsets.matchAttrs p v then v else null;
match =
v: l: builtins.elemAt (lib.lists.findFirst (x: (if_let v (builtins.elemAt x 0)) != null) null l) 1;
package = match { platform = pkgs.stdenv.hostPlatform.system; } [
[
{ platform = "aarch64-linux"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-linux-aarch64";
hash = lib.fakeSha256;
}
]
[
{ platform = "x86_64-linux"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-linux-x86_64";
hash = "sha256-9PjgobndxVqDTYGtw1HESrtzwzH2qE9zFwR26xtwZrM=";
}
]
[
{ platform = "aarch64-darwin"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-macos-aarch64";
hash = "sha256-1Ha8GAOl7mWVunGKf7INMjar+jnLXaDEPStqE+kK3D4=";
}
]
];
unpatched = pkgs.stdenv.mkDerivation {
name = "scie-pants";
version = version;
sourceRoot = ".";
phases = [
"installPhase"
"patchPhase"
];
src = pkgs.fetchurl package;
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp $src $out/bin/pants
chmod +x $out/bin/pants
runHook postInstall
'';
};
patched = pkgs.buildFHSEnv {
name = "pants";
targetPackages = [ pkgs.python39 ];
runScript = "${unpatched}/bin/pants";
profile = ''
export NIX_SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"
export SSL_CERT_FILE="/etc/ssl/certs/ca-bundle.crt"
'';
};
in
if pkgs.stdenv.isDarwin then unpatched else patched

2
hosts/pinwheel/modules/zsh/default.nix
View File

@@ -54,7 +54,7 @@ in
} }
]; ];
initContent = lib.strings.concatStringsSep "\n" [ initExtra = lib.strings.concatStringsSep "\n" [
"export KEYTIMEOUT=1" "export KEYTIMEOUT=1"
"bindkey -v '^?' backward-delete-char" "bindkey -v '^?' backward-delete-char"
"bindkey '^a' beginning-of-line" "bindkey '^a' beginning-of-line"

2
hosts/tadpole/modules/age/default.nix
View File

@@ -8,7 +8,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default inputs.agenix.packages."${pkgs.system}".default
]; ];
}; };
} }

23
hosts/tadpole/modules/certs/default.nix
View File

@@ -1,35 +1,16 @@
{ ... }: { ... }:
{ {
security.acme = { security.acme = {
acceptTerms = true;
defaults = {
email = "acme@ppp.pm";
};
certs = { certs = {
"ppp.pm" = { "ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/"; webroot = "/var/lib/acme/acme-challenge/";
email = "p@ppp.pm";
group = "nginx"; group = "nginx";
}; };
"git.ppp.pm" = { "git.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/"; webroot = "/var/lib/acme/acme-challenge/";
group = "nginx"; email = "p@ppp.pm";
};
"whib.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
group = "nginx";
};
"api.whib.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
group = "nginx";
};
"grafana.whib.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
group = "nginx"; group = "nginx";
}; };
}; };

2
hosts/tadpole/modules/default.nix
View File

@@ -22,8 +22,6 @@ in
}; };
pppdotpm-site.enable = true; pppdotpm-site.enable = true;
whib-backend.enable = true;
whib-frontend.enable = true;
}; };
}; };
} }

23
hosts/tadpole/modules/gitea/default.nix
View File

@@ -7,6 +7,8 @@
let let
conf = config.mod.gitea; conf = config.mod.gitea;
gitDomain = "git.${conf.baseDomain}"; gitDomain = "git.${conf.baseDomain}";
nginxEnable = config.mod.nginx.enable;
in in
{ {
options = { options = {
@@ -35,16 +37,20 @@ in
}; };
}; };
config = lib.mkIf conf.enable { config = lib.mkIf (conf.enable && nginxEnable) {
assertions = [ assertions = [
{
assertion = config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
{ {
assertion = conf.baseDomain != ""; assertion = conf.baseDomain != "";
message = "Option 'mod.gitea.baseDomain' cannot be empty"; message = "Option 'mod.gitea.baseDomain' cannot be empty";
} }
{
assertion = builtins.hasAttr gitDomain config.security.acme.certs;
message = "There is no cert configured for ${gitDomain} used by gitea";
}
{
assertion = conf.webfingerEnable && builtins.hasAttr conf.baseDomain config.security.acme.certs;
message = "There is no cert configured for ${conf.baseDomain} used by webfinger";
}
{ {
assertion = conf.webfingerEnable && conf.webfingerAccounts != [ ]; assertion = conf.webfingerEnable && conf.webfingerAccounts != [ ];
message = "Option 'mod.gitea.webfingerAccounts' cannot be empty"; message = "Option 'mod.gitea.webfingerAccounts' cannot be empty";
@@ -64,11 +70,6 @@ in
ROOT_URL = "https://${gitDomain}"; ROOT_URL = "https://${gitDomain}";
SSH_PORT = 1122; # see `ssh` module SSH_PORT = 1122; # see `ssh` module
HTTP_PORT = 3001;
};
oauth2 = {
JWT_CLAIM_ISSUER = "https://${gitDomain}/";
}; };
database = { database = {
@@ -128,7 +129,7 @@ in
useACMEHost = gitDomain; useACMEHost = gitDomain;
locations."/" = { locations."/" = {
proxyPass = "http://0.0.0.0:3001"; proxyPass = "http://0.0.0:3000";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

10
hosts/tadpole/modules/nginx/default.nix
View File

@@ -10,6 +10,16 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
security = {
acme = {
acceptTerms = true;
defaults = {
email = "p@ppp.pm";
};
};
};
services = { services = {
nginx = { nginx = {
enable = true; enable = true;

11
hosts/tadpole/modules/ppp.pm-site/default.nix
View File

@@ -6,6 +6,8 @@
}: }:
let let
enabled = config.mod.pppdotpm-site.enable; enabled = config.mod.pppdotpm-site.enable;
nginxEnabled = config.mod.nginx.enable;
in in
{ {
imports = [ inputs.pppdotpm-site.nixosModules.default ]; imports = [ inputs.pppdotpm-site.nixosModules.default ];
@@ -16,14 +18,7 @@ in
}; };
}; };
config = lib.mkIf enabled { config = lib.mkIf (enabled && nginxEnabled) {
assertions = [
{
assertion = config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
];
services.pppdotpm-site = { services.pppdotpm-site = {
enable = true; enable = true;
domain = "ppp.pm"; domain = "ppp.pm";

27
hosts/tadpole/modules/ssh/default.nix
View File

@@ -28,17 +28,9 @@ in
identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm";
}; };
"*" = { "codeberg.org" = {
forwardAgent = false; hostname = "codeberg.org";
addKeysToAgent = "no"; identityFile = "/home/alex/.ssh/alex.tadpole-codeberg.org";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
}; };
}; };
}; };
@@ -109,6 +101,19 @@ in
owner = "alex"; owner = "alex";
group = "users"; group = "users";
}; };
"alex.tadpole-codeberg.org" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org";
owner = "alex";
group = "users";
};
"alex.tadpole-codeberg.org.pub" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org.pub";
owner = "alex";
group = "users";
};
}; };
}; };
} }

79
hosts/tadpole/modules/whib/default.nix
View File

@@ -1,79 +0,0 @@
{
lib,
config,
...
}:
let
backendEnabled = config.mod.whib-backend.enable;
frontendEnabled = config.mod.whib-frontend.enable;
in
{
options = {
mod.whib-backend = {
enable = lib.mkEnableOption "enable WHIB backend";
};
mod.whib-frontend = {
enable = lib.mkEnableOption "enable WHIB frontend";
};
};
config = {
assertions = [
{
assertion = backendEnabled && config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
];
services = {
whib-backend = lib.mkIf backendEnabled {
enable = true;
backend = {
domain = "api.whib.ppp.pm";
useACMEHost = "api.whib.ppp.pm";
environmentFile = config.age.secrets.whib-backend-env-vars.path;
};
postgres = {
environmentFile = config.age.secrets.whib-postgres-env-vars.path;
backup = {
interval = "*-*-* 00:00:00 UTC";
environmentFile = config.age.secrets.whib-postgres-backup-env-vars.path;
gpgPassphraseFile = config.age.secrets.whib-gpg-key.path;
};
};
grafana = {
domain = "grafana.whib.ppp.pm";
useACMEHost = "grafana.whib.ppp.pm";
environmentFile = config.age.secrets.whib-grafana-env-vars.path;
};
};
whib-frontend = lib.mkIf frontendEnabled {
enable = true;
domain = "whib.ppp.pm";
useACMEHost = "whib.ppp.pm";
backendHost = "https://api.whib.ppp.pm";
};
};
age.secrets = {
"whib-backend-env-vars".file = ../../../../secrets/tadpole/whib-backend-env-vars.age;
"whib-postgres-env-vars".file = ../../../../secrets/tadpole/whib-postgres-env-vars.age;
"whib-postgres-backup-env-vars".file =
../../../../secrets/tadpole/whib-postgres-backup-env-vars.age;
"whib-gpg-key".file = ../../../../secrets/tadpole/whib-gpg-key.age;
"whib-grafana-env-vars".file = ../../../../secrets/tadpole/whib-grafana-env-vars.age;
};
};
}

22
hosts/test-vm/configuration.nix
View File

@@ -2,8 +2,6 @@
{ {
imports = [ imports = [
./ppp.pm-site.nix ./ppp.pm-site.nix
./whib-backend.nix
./whib-frontend.nix
]; ];
config = { config = {
@@ -12,9 +10,7 @@
networking.hostName = "test-vm"; networking.hostName = "test-vm";
mod = { mod = {
pppdotpm-site.enable = false; pppdotpm-site.enable = true;
whib-backend.enable = true;
whib-frontend.enable = true;
}; };
users.users.a = { users.users.a = {
@@ -22,30 +18,16 @@
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
password = "a"; password = "a";
}; };
services.getty.autologinUser = "a";
security.sudo.wheelNeedsPassword = false;
virtualisation.vmVariant = { virtualisation.vmVariant = {
# following configuration is added only when building VM the *first* time with `build-vm` # following configuration is added only when building VM with build-vm
virtualisation = { virtualisation = {
diskSize = 8192;
memorySize = 2048; memorySize = 2048;
cores = 3; cores = 3;
graphics = false; graphics = false;
}; };
}; };
# Resize terminal to host terminal size
environment.loginShellInit = ''
${pkgs.xterm}/bin/resize
echo alias 'sd' can be used to shutdown the VM
'';
environment.interactiveShellInit = ''
alias sd='sudo shutdown now'
'';
environment.systemPackages = [ ]; environment.systemPackages = [ ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";

124
hosts/test-vm/whib-backend.nix
View File

@@ -1,124 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.whib-backend.enable;
in
{
options = {
mod.whib-backend = {
enable = lib.mkEnableOption "enable WHIB backend";
};
};
config = lib.mkIf enabled {
services.whib-backend =
let
backendEnvVars = pkgs.writeText "backend-env-vars" ''
SIGNING_KEY=signingkey
POSTGRES_DB=whib
POSTGRES_USER=whib
POSTGRES_PASSWORD=pgpassword
'';
postgresEnvVars = pkgs.writeText "postgres-env-vars" ''
POSTGRES_DB=whib
POSTGRES_USER=whib
POSTGRES_PASSWORD=pgpassword
'';
postgresBackupEnvVars = pkgs.writeText "postgres-backup-env-vars" ''
PGDATABASE=whib
PGUSER=whib
PGPASSWORD=pgpassword
B2_BUCKET=a
B2_APPLICATION_KEY_ID=b
B2_APPLICATION_KEY=c
'';
gpgPassphraseFile = pkgs.writeText "gpg-passphrase" ''
foobar
'';
grafanaEnvVars = pkgs.writeText "grafana-env-vars" ''
GF_SECURITY_ADMIN_PASSWORD=grafanapassword
GF_USERS_ALLOW_SIGN_UP=false
'';
in
{
enable = true;
backend = {
domain = "whib-backend.local";
environmentFile = backendEnvVars;
};
postgres = {
environmentFile = postgresEnvVars;
backup = {
interval = "*-*-* *:*:00 UTC"; # Every minute, for testing
environmentFile = postgresBackupEnvVars;
gpgPassphraseFile = gpgPassphraseFile;
};
};
grafana = {
domain = "grafana.local";
environmentFile = grafanaEnvVars;
};
};
virtualisation.vmVariant = {
virtualisation = {
sharedDirectories = {
my-shared = {
source = "/home/alex/whib-backup";
target = "/mnt/shared";
};
};
forwardPorts = [
{
# Service API
from = "host";
host.port = 8080;
guest.port = 8080;
}
{
# Service Metrics
from = "host";
host.port = 8181;
guest.port = 8181;
}
{
# Postgres
from = "host";
host.port = 5432;
guest.port = 5432;
}
{
# Grafana
from = "host";
host.port = 3000;
guest.port = 3000;
}
{
# Prometheus
from = "host";
host.port = 9090;
guest.port = 9090;
}
];
};
};
};
}

35
hosts/test-vm/whib-frontend.nix
View File

@@ -1,35 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.whib-frontend.enable;
in
{
options = {
mod.whib-frontend = {
enable = lib.mkEnableOption "enable WHIB backend";
};
};
config = lib.mkIf enabled {
services.whib-frontend = {
enable = true;
domain = "whib-frontend.local";
port = "8081";
# backendHost = "https://api.whib.ppp.pm/";
backendHost = "http://localhost:8080";
};
virtualisation.vmVariant = {
virtualisation = {
forwardPorts = [
{
# Service API
from = "host";
host.port = 8081;
guest.port = 8081;
}
];
};
};
};
}

BIN
secrets/backwards/alex.backwards-codeberg.org.age Normal file
View File

Binary file not shown.

7
secrets/backwards/alex.backwards-codeberg.org.pub.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Pu0HWg eK/pdhmsF334C7rSuYsRnXCtenmlT2hOXpfW5CQEARY
odooTLu8ZQUZjCeVPZYOA6Vgb470cosE1Q1iBkE9Kc0
-> ssh-ed25519 +oNaHQ nJU52SSZ9v3+8NuXR6coSHosEYrs7T8GeZYzV/quOU4
IV5YduRGdJLy93gVwfYmwvldRXoXXX3QvAsH3ljBadw
--- 3gJg9NFmqHCrgcvgnYOeSY1H4klPEyzI+07IlKCOItc
 ¦Ì\5çܤ‰}õyñÐáAý_J§

BIN
secrets/backwards/alex.backwards-manatee.age
View File

Binary file not shown.

BIN
secrets/backwards/alex.backwards-manatee.pub.age
View File

Binary file not shown.

BIN
secrets/backwards/wireless-network-secrets.age
View File

Binary file not shown.

BIN
secrets/backwards/wpa_supplicant.conf.age Normal file
View File

Binary file not shown.

BIN
secrets/manatee/alex.manatee-git.ppp.pm.age
View File

Binary file not shown.

7
secrets/manatee/alex.manatee-git.ppp.pm.pub.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA NmI7zT9UKGRlh3wQIt61Xww4p4pHMf9dtbZjYoWZ8Uw
f+zEnvRCRG5jg/jvJyhn7cDwNQiQdycS1MjbEnD64Tc
-> ssh-ed25519 +oNaHQ 73NC7E0ns+6Y5mSZFdlkPhZHWsqxe61CMnEqFEMZ90I
hRfah4GDNd7Jcrfy0Xc6mGtTFGugm1R9EQTXWIQ3Dlo
--- nCgXbaJ4nU1ovuOTtD025pzEwmtr2svW2XXj+oqd49g
©Éßâ—‹Õ.íýQ1pUvi@ÅÖyQ§h7ëˆn.r •¿%ÖÖ"YLÕRmwÊ÷ ÜŒ§ã‹$gÜñjâíϸ<C38F>§ßKYéÅ<>òïg&ÞMeˆ oÓä°ï¨¡ºêÝí*³½4W€8ìäÒ»Näÿn«@Qèìc^¬ý…Ïñ8SÂ…À

9
secrets/manatee/hetzner-dns.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA mr8aDxrNmdcxT5BEXJ32Q4DckYKidh3zblrSm8GV3hg
JngH+sfId8Z6SuXnQo9EQR0nw+y7LfdgYgI7SYisPL4
-> ssh-ed25519 +oNaHQ QI1+VLIa1sN8HSzBXoAGio7TcfxpGERw30uNlMCmejw
m3+nrTwsAb/Fg1p9JCYnc7jS9uteMO3AbUtDbKP60Dk
--- etDNlalBL2SdgfFxIhDCAWXpXcSZr+BlCoTt6yIUiBQ
èZw œ»ØÁëkáÂÎó4=UÉÜ:J
ã½p#"ˆà^pŠî!KÚÔ
¯cŽC÷ô´cd¾·"g.óÒ¦ó¥_(ÄA% ¶Ýp<C39D>ÇÏGA2`CqÖPš¢<C5A1>P¾Ç$j åMººŒþ¾ƒ™_â

7
secrets/manatee/komga-bookmanager-credentials.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA GW8mvnaXpspxr78xV0fKhXwHVvReyjvDc0v7uPwhuBI
Rne8JZYVhrTTesSFpRQ/IOZlFIMoX9Wmv5n1Ed7Ehv8
-> ssh-ed25519 +oNaHQ d7utzodGQ7LsD2Uht1rbT8Qq9BZp3PkJS9EDhajCjnk
qd2Vj+1TQrjEKkSVAf0cXcCdkgeN/Jbp4UrBSp3cKYQ
--- JQr5UQlutONqnTeoT/mIVZL8ME7ipUDK8zDfNcN3uhU
ø5-VŸÌ²ÂòÀ-®ªÁÅ'^žô5kú.t(d1‡)É'<u%

BIN
secrets/manatee/komga-comicbooktracker-credentials.age
View File

Binary file not shown.

BIN
secrets/manatee/root.manatee.age
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More