alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:main
Branches Tags
alex:main
..
compare: alex:ad6e1504db90cda4ce18893dc73b794b54edcfb0
Branches Tags
alex:main

1 Commits
main ... ad6e1504db

Author SHA1 Message Date
Alexander Heldt
ad6e1504db tadpole: Add whib-frontend service 2025-10-26 15:35:16 +01:00
82 changed files with 359 additions and 3557 deletions
Expand all files Collapse all files

2
config-manager/default.nix
View File

@@ -9,7 +9,7 @@ let
flakePath = config.config-manager.flakePath; flakePath = config.config-manager.flakePath;
nixosConfiguration = config.config-manager.nixosConfiguration; nixosConfiguration = config.config-manager.nixosConfiguration;
nh = inputs.nh.packages."${pkgs.stdenv.hostPlatform.system}".default; nh = inputs.nh.packages."${pkgs.system}".default;
config-manager = config-manager =
if flakePath == "" then if flakePath == "" then

729
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1770165109, "lastModified": 1760836749,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -23,39 +23,6 @@
"type": "github" "type": "github"
} }
}, },
"aquamarine": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1773436376,
"narHash": "sha256-OUPRrprbgN27BXHuWkMAPSCfLLQ/uwpWghEfKYN2iAg=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "43f10d24391692bba3d762931ee35e7f17f8e8b8",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "aquamarine",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -85,11 +52,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773889306, "lastModified": 1760701190,
"narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -106,11 +73,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1774197122, "lastModified": 1760951609,
"narHash": "sha256-eidCp9jr4doBF6v2hPwqZkt8fUtW14w7fqHFVtstR94=", "narHash": "sha256-rWkUWKWcLin0+dKvinWC1IZVxJnIvXV3q/wlmmKkzo4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "4f7b5653f8845eee7c41c9a029d7bc22aaca4e67", "rev": "41bee8f6a80b36b0348a8e750e5db88fea528171",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -119,41 +86,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@@ -169,46 +104,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"hyprland",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -237,11 +132,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774201162, "lastModified": 1760969583,
"narHash": "sha256-th4i3X3P3yikPk3qu1A5DQ40tIztZKvAKPaa9hjXF+U=", "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "932ca46013acabbedd13c27dc278e3d043707e46", "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -250,96 +145,6 @@
"type": "github" "type": "github"
} }
}, },
"hyprcursor": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772461003,
"narHash": "sha256-pVICsV7FtcEeVwg5y/LFh3XFUkVJninm/P1j/JHzEbM=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "b62396457b9cfe2ebf24fe05404b09d2a40f8ed7",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprcursor",
"type": "github"
}
},
"hyprgraphics": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772461523,
"narHash": "sha256-mI6A51do+hEUzeJKk9YSWfVHdI/SEEIBi2tp5Whq5mI=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "7d63c04b4a2dd5e59ef943b4b143f46e713df804",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprgraphics",
"type": "github"
}
},
"hyprland": {
"inputs": {
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor",
"hyprgraphics": "hyprgraphics",
"hyprland-guiutils": "hyprland-guiutils",
"hyprland-protocols": "hyprland-protocols",
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"hyprwire": "hyprwire",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_2",
"xdph": "xdph"
},
"locked": {
"lastModified": 1774136452,
"narHash": "sha256-pSwj8WNWXMuZaDqCyhQwlngRD3JyNmZwldSe6UqWAos=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "bf31f642b08a8d8ca796a1b713285f2580805c2f",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-contrib": { "hyprland-contrib": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -347,11 +152,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773993211, "lastModified": 1759613406,
"narHash": "sha256-4J6vEtf7dIw3pZ/xM/dU7ECTmr8AsIIUQJba1B8wp5k=", "narHash": "sha256-PzgQJydp+RlKvwDi807pXPlURdIAVqLppZDga3DwPqg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "43c012d21d9314c585b97ac4f34752f6de93dc8f", "rev": "32e1a75b65553daefb419f0906ce19e04815aa3a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -360,280 +165,7 @@
"type": "github" "type": "github"
} }
}, },
"hyprland-guiutils": { "naviterm": {
"inputs": {
"aquamarine": [
"hyprland",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprtoolkit": "hyprtoolkit",
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772467975,
"narHash": "sha256-kipyuDBxrZq+beYpZqWzGvFWm4QbayW9agAvi94vDXY=",
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"rev": "5e1c6b9025aaf4d578f3eff7c0eb1f0c197a9507",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772460177,
"narHash": "sha256-/6G/MsPvtn7bc4Y32pserBT/Z4SUUdBd4XYJpOEKVR4=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "1cb6db5fd6bb8aee419f4457402fa18293ace917",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772459629,
"narHash": "sha256-/iwvNUYShmmnwmz/czEUh6+0eF5vCMv0xtDW0STPIuM=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "7615ee388de18239a4ab1400946f3d0e498a8186",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprtoolkit": {
"inputs": {
"aquamarine": [
"hyprland",
"hyprland-guiutils",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprland-guiutils",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprland-guiutils",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-guiutils",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprland-guiutils",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"hyprland-guiutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-guiutils",
"systems"
]
},
"locked": {
"lastModified": 1772462885,
"narHash": "sha256-5pHXrQK9zasMnIo6yME6EOXmWGFMSnCITcfKshhKJ9I=",
"owner": "hyprwm",
"repo": "hyprtoolkit",
"rev": "9af245a69fa6b286b88ddfc340afd288e00a6998",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprtoolkit",
"type": "github"
}
},
"hyprutils": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1773948364,
"narHash": "sha256-S76omfIVQ1TpGiXFbqih6o6XcH3sA5+5QI+SXB4HvlY=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "b85b779e3e3a1adcd9b098e3447cf48f9e780b35",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprutils",
"type": "github"
}
},
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772459835,
"narHash": "sha256-978jRz/y/9TKmZb/qD4lEYHCQGHpEXGqy+8X2lFZsak=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "0a692d4a645165eebd65f109146b8861e3a925e7",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"type": "github"
}
},
"hyprwire": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1773074819,
"narHash": "sha256-qRqYnXiKoJLRTcfaRukn7EifmST2IVBUMZOeZMAc5UA=",
"owner": "hyprwm",
"repo": "hyprwire",
"rev": "f68afd0e73687598cc2774804fedad76693046f0",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwire",
"type": "github"
}
},
"komga-bookmanager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1772988002,
"narHash": "sha256-42Arpp+ShJorA9uR1nNlKuMoDx3y+cHg2BxQUW1fo7U=",
"ref": "main",
"rev": "bd5ae71978bb60eda28a010956825983dd931e2a",
"revCount": 18,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git"
}
},
"komga-comictracker": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773858923,
"narHash": "sha256-JOm+qe+loPxpjpTn2fN5QuqeGLDqYc1QevNeZZuEkdE=",
"ref": "main",
"rev": "2ab63ae85af1e2009e4bce10940e8db56827d942",
"revCount": 67,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git"
}
},
"komga-reading-stats": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
@@ -641,33 +173,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774185820, "lastModified": 1757496832,
"narHash": "sha256-ASExCDbdujwneZ/tZeNXxzKPbUFLroBnmPBJ5jEniCI=", "narHash": "sha256-R5EMcms24G6QGk62iNAMApeZmKsHwCDLj68UUdkhSLw=",
"ref": "main",
"rev": "769bd540e8975050b2778025fdebc6fdd5c5e2b5",
"revCount": 42,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-reading-stats.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/komga-reading-stats.git"
}
},
"naviterm": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773476909,
"narHash": "sha256-hSg/7xFO+3G3wWFq1480OecREqTY+fu06L06rM2UBmQ=",
"owner": "detoxify92", "owner": "detoxify92",
"repo": "naviterm", "repo": "naviterm",
"rev": "f89dbde00222fb1e4f611419d05583d8edee4c25", "rev": "3b3bd2bace3676000f530b2f47fa28f431c56761",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -678,20 +188,21 @@
}, },
"nh": { "nh": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1773920367, "lastModified": 1760961269,
"narHash": "sha256-ADGQjlsFzT9POglBkBJZcFqg3go4d+J3E4GS4WlxENY=", "narHash": "sha256-Udg6DnM6scJj+imbttJR7GQpG2WWeDZ1JOtySTY99M0=",
"owner": "viperML", "owner": "viperML",
"repo": "nh", "repo": "nh",
"rev": "b00a24b39944efd4ec7944f02e0bd9113d991767", "rev": "e27508e06f74c7f03616150c1ac1431eaef7f443",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "viperML", "owner": "viperML",
"repo": "nh", "repo": "nh",
"rev": "b00a24b39944efd4ec7944f02e0bd9113d991767",
"type": "github" "type": "github"
} }
}, },
@@ -710,35 +221,13 @@
"type": "github" "type": "github"
} }
}, },
"nix-jetbrains-plugins": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_5"
},
"locked": {
"lastModified": 1774078133,
"narHash": "sha256-8Z4VI0CzoQ528LjSpy7t8YRMVUU+50L+wzYxpRXHXBI=",
"owner": "nix-community",
"repo": "nix-jetbrains-plugins",
"rev": "df85a8aace815dec8d78683f9717b2958a8f1364",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-jetbrains-plugins",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1774018263, "lastModified": 1760958188,
"narHash": "sha256-HHYEwK1A22aSaxv2ibhMMkKvrDGKGlA/qObG4smrSqc=", "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "2d4b4717b2534fad5c715968c1cece04a172b365", "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -750,48 +239,32 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1772822230, "lastModified": 1760878510,
"narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=", "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "71caefce12ba78d84fe618cf61644dce01cf3a96", "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-25.11", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1773964973, "lastModified": 1760862643,
"narHash": "sha256-NV/J+tTER0P5iJhUDL/8HO5MDjDceLQPRUYgdmy5wXw=", "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "812b3986fd1568f7a858f97fcf425ad996ba7d25", "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.11", "ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1773821835,
"narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -817,46 +290,18 @@
"url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git" "url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
} }
}, },
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772893680,
"narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"disko": "disko", "disko": "disko",
"emacs-overlay": "emacs-overlay", "emacs-overlay": "emacs-overlay",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"hyprland": "hyprland",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"komga-bookmanager": "komga-bookmanager",
"komga-comictracker": "komga-comictracker",
"komga-reading-stats": "komga-reading-stats",
"naviterm": "naviterm", "naviterm": "naviterm",
"nh": "nh", "nh": "nh",
"nix-gc-env": "nix-gc-env", "nix-gc-env": "nix-gc-env",
"nix-jetbrains-plugins": "nix-jetbrains-plugins",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"pppdotpm-site": "pppdotpm-site", "pppdotpm-site": "pppdotpm-site",
"whib-backend": "whib-backend", "whib-backend": "whib-backend",
"whib-frontend": "whib-frontend" "whib-frontend": "whib-frontend"
@@ -878,51 +323,6 @@
} }
}, },
"systems_2": { "systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -965,11 +365,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1761508816, "lastModified": 1761488530,
"narHash": "sha256-adV/lyxcmuopyuzZ49v46Yt0gft+ioEL4yl1S+vUbus=", "narHash": "sha256-ooXnvS3ffmqZ91Gl81CZzCj65rdAjVEc8oR/9CsGZ2Y=",
"ref": "master", "ref": "master",
"rev": "ab10bf50cb6b023a1b99f91c7e8d550231135eef", "rev": "95bb44fae3187e5d8c007e80fa30addffe154544",
"revCount": 223, "revCount": 221,
"type": "git", "type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git" "url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
}, },
@@ -978,47 +378,6 @@
"type": "git", "type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git" "url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
} }
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"hyprland",
"hyprland-protocols"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1772669058,
"narHash": "sha256-XhnY0aRuDo5LT8pmJVPofPOgO2hAR7T+XRoaQxtNPzQ=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "906d0ac159803a7df2dc1f948df9327670380f69",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

36
flake.nix
View File

@@ -12,7 +12,8 @@
}; };
nh = { nh = {
url = "github:viperML/nh/b00a24b39944efd4ec7944f02e0bd9113d991767"; url = "github:viperML/nh";
inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-gc-env.url = "github:Julow/nix-gc-env"; nix-gc-env.url = "github:Julow/nix-gc-env";
@@ -32,21 +33,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hyprland = {
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland-contrib = { hyprland-contrib = {
url = "github:hyprwm/contrib"; url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-jetbrains-plugins = {
url = "github:nix-community/nix-jetbrains-plugins";
inputs.nixpkgs.follows = "nixpkgs";
};
naviterm = { naviterm = {
url = "gitlab:detoxify92/naviterm"; url = "gitlab:detoxify92/naviterm";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -59,31 +50,11 @@
whib-backend = { whib-backend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=master"; url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=master";
# url = "path:/home/alex/code/own/whib";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
whib-frontend = { whib-frontend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib-react.git?ref=master"; url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib-react.git?ref=master";
# url = "path:/home/alex/code/own/whib-react";
inputs.nixpkgs.follows = "nixpkgs";
};
komga-comictracker = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/komga-comictracker.git?ref=main";
# url = "path:/home/alex/code/own/komga-comictracker";
inputs.nixpkgs.follows = "nixpkgs";
};
komga-bookmanager = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/komga-bookmanager.git?ref=main";
# url = "path:/home/alex/code/own/komga-bookmanager";
inputs.nixpkgs.follows = "nixpkgs";
};
komga-reading-stats = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/komga-reading-stats.git?ref=main";
# url = "path:/home/alex/code/own/komga-reading-stats";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@@ -139,7 +110,6 @@
./hosts/tadpole/configuration.nix ./hosts/tadpole/configuration.nix
./hosts/tadpole/home.nix ./hosts/tadpole/home.nix
inputs.whib-backend.nixosModules.${system}.default inputs.whib-backend.nixosModules.${system}.default
inputs.whib-frontend.nixosModules.${system}.default
]; ];
}; };
@@ -167,7 +137,7 @@
in in
{ {
${system}.default = pkgs.mkShell { ${system}.default = pkgs.mkShell {
packages = [ pkgs.nixfmt ]; packages = [ pkgs.nixfmt-rfc-style ];
}; };
}; };
}; };

7
hosts/backwards/configuration.nix
View File

@@ -22,13 +22,6 @@
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
extraConfig.pipewire."90-hdmi-fix" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.allowed-rates" = [ 48000 ];
};
};
}; };
hardware = { hardware = {

2
hosts/backwards/modules/age/default.nix
View File

@@ -8,7 +8,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default inputs.agenix.packages."${pkgs.system}".default
]; ];
}; };
} }

5
hosts/backwards/modules/boot/default.nix
View File

@@ -38,11 +38,6 @@ in
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
extraModprobeConfig = ''
options snd-intel-dspcfg dsp_driver=1
options snd_hda_intel power_save=0 power_save_controller=N
'';
}; };
}; };
} }

3
hosts/backwards/modules/git/gitconfig
View File

@@ -4,3 +4,6 @@
[url "git@github.com:"] [url "git@github.com:"]
insteadOf = https://github.com/ insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/

16
hosts/backwards/modules/gnome/default.nix
View File

@@ -8,14 +8,6 @@
}; };
}; };
desktopManager = {
gnome.enable = true;
};
displayManager = {
gdm.enable = true;
};
xserver = { xserver = {
enable = true; enable = true;
@@ -23,6 +15,14 @@
layout = "se"; layout = "se";
variant = ""; variant = "";
}; };
desktopManager = {
gnome.enable = true;
};
displayManager = {
gdm.enable = true;
};
}; };
}; };

49
hosts/backwards/modules/network/default.nix
View File

@@ -3,40 +3,33 @@
networking = { networking = {
hostName = "backwards"; hostName = "backwards";
wireless.enable = false; networkmanager.enable = false;
networkmanager = { #wireless.networks are defined in the secret `wpa_supplicant.conf`
wireless = {
enable = true; enable = true;
wifi.backend = "iwd"; secretsFile = config.age.secrets.wireless-network-secrets.path;
ensureProfiles = { networks = {
environmentFiles = [ "w1-f1_5G" = {
config.age.secrets.wireless-network-secrets.path pskRaw = "ext:w1-f1_psk";
]; };
};
};
profiles = { defaultGateway = "192.168.50.1";
w1-f1_5G = { nameservers = [ "1.1.1.1" ];
connection = { interfaces = {
id = "w1-f1_5G"; wlp1s0 = {
type = "wifi"; useDHCP = false;
interface-name = "wlp1s0";
};
wifi = {
ssid = "w1-f1_5G";
mode = "infrastructure";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$w1_f1_psk";
};
ipv4 = { ipv4 = {
method = "manual"; addresses = [
addresses = "192.168.50.202/24"; {
gateway = "192.168.50.1"; address = "192.168.50.202";
dns = "1.1.1.1"; prefixLength = 24;
}; }
}; ];
}; };
}; };
}; };

27
hosts/backwards/modules/ssh/default.nix
View File

@@ -35,17 +35,9 @@ in
identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
}; };
"*" = { "codeberg.org" = {
forwardAgent = false; hostname = "codeberg.org";
addKeysToAgent = "no"; identityFile = "/home/alex/.ssh/alex.backwards-codeberg.org";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
}; };
}; };
}; };
@@ -131,6 +123,19 @@ in
owner = "alex"; owner = "alex";
group = "users"; group = "users";
}; };
"alex.backwards-codeberg.org" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org";
owner = "alex";
group = "users";
};
"alex.backwards-codeberg.org.pub" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org.pub";
owner = "alex";
group = "users";
};
}; };
}; };
} }

40
hosts/manatee/disk-config.nix
View File

@@ -149,39 +149,6 @@
}; };
}; };
}; };
disk3 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0UCF4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk4 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0V6F4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
}; };
zpool = { zpool = {
@@ -199,13 +166,6 @@
"disk2" "disk2"
]; ];
} }
{
mode = "mirror";
members = [
"disk3"
"disk4"
];
}
]; ];
}; };
}; };

7
hosts/manatee/hardware-configuration.nix
View File

@@ -26,13 +26,6 @@
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
swapDevices = [
{
device = "/swapfile";
size = 32 * 1024; # 32GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction

6
hosts/manatee/home.nix
View File

@@ -1,4 +1,4 @@
{ inputs, pkgs, ... }: { inputs, ... }:
{ {
imports = [ inputs.home-manager.nixosModules.home-manager ]; imports = [ inputs.home-manager.nixosModules.home-manager ];
@@ -13,9 +13,7 @@
home.username = "alex"; home.username = "alex";
home.homeDirectory = "/home/alex"; home.homeDirectory = "/home/alex";
home.packages = [ home.packages = [ ];
pkgs.streamrip
];
home.stateVersion = "24.11"; home.stateVersion = "24.11";
}; };

2
hosts/manatee/modules/age/default.nix
View File

@@ -8,7 +8,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default inputs.agenix.packages."${pkgs.system}".default
]; ];
}; };
} }

8
hosts/manatee/modules/audiobookshelf/default.nix
View File

@@ -10,14 +10,6 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Audiobookshelf";
port = 8000;
description = "Audiobooks & podcasts";
}
];
users.users.audiobookshelf = { users.users.audiobookshelf = {
isSystemUser = true; isSystemUser = true;
description = "audiobookshelf"; description = "audiobookshelf";

47
hosts/manatee/modules/calibre-web/default.nix Normal file
View File

@@ -0,0 +1,47 @@
{ lib, config, ... }:
let
enabled = config.mod.calibre-web.enable;
in
{
options = {
mod.calibre-web = {
enable = lib.mkEnableOption "add calibre-web module";
};
};
config = lib.mkIf enabled {
services = {
calibre-web = {
enable = true;
user = "storage";
group = "storage";
listen = {
ip = "0.0.0.0";
port = 8083;
};
dataDir = "/mnt/media/public/books";
options = {
calibreLibrary = "/mnt/media/public/books";
enableBookUploading = true;
};
};
nginx = {
virtualHosts."books.ppp.pm" = {
extraConfig = ''
client_max_body_size 1024M;
'';
locations."/" = {
proxyPass = "http://0.0.0.0:8083"; # TODO add option for port + host
};
};
};
};
};
}

44
hosts/manatee/modules/certs/default.nix
View File

@@ -1,44 +0,0 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@ppp.pm";
};
certs = {
"ha.ppp.pm" = {
dnsProvider = "hetzner";
environmentFile = config.age.secrets.hetzner-dns.path;
group = "nginx";
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s" # Wait for 60 seconds for DNS propagation
"--dns-timeout=60"
"--http-timeout=60"
];
};
"komga.ppp.pm" = {
dnsProvider = "hetzner";
environmentFile = config.age.secrets.hetzner-dns.path;
group = "nginx";
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s"
"--dns-timeout=60"
"--http-timeout=60"
];
};
};
};
age = {
secrets = {
"hetzner-dns".file = ../../../../secrets/manatee/hetzner-dns.age;
};
};
}

4
hosts/manatee/modules/default.nix
View File

@@ -16,12 +16,10 @@ in
nginx.enable = true; nginx.enable = true;
syncthing.enable = true; syncthing.enable = true;
transmission.enable = true; transmission.enable = true;
calibre-web.enable = true;
audiobookshelf.enable = true; audiobookshelf.enable = true;
jellyfin.enable = true; jellyfin.enable = true;
immich.enable = true; immich.enable = true;
navidrome.enable = true;
komga.enable = true;
homepage.enable = true;
}; };
}; };
} }

2
hosts/manatee/modules/git/default.nix
View File

@@ -23,7 +23,7 @@ in
{ path = ./gitconfig; } { path = ./gitconfig; }
]; ];
settings = { extraConfig = {
rerere.enable = true; rerere.enable = true;
}; };
}; };

243
hosts/manatee/modules/home-assistant/default.nix
View File

@@ -1,243 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
nginxEnabled = config.mod.nginx.enable;
script = pkgs.writeShellScript "bt-reset" ''
set -euo pipefail
export PATH="${
lib.makeBinPath [
pkgs.bluez
pkgs.util-linux
pkgs.kmod
pkgs.gnugrep
pkgs.coreutils
]
}"
logger -t bt-reset "Starting Bluetooth adapter reset..."
# Exit early if the adapter is already present and running
if hciconfig hci0 2>/dev/null | grep -q "UP RUNNING"; then
logger -t bt-reset "hci0 is already UP RUNNING nothing to do"
exit 0
fi
# If hci0 exists but isn't UP, try bringing it up
if hciconfig hci0 2>/dev/null; then
logger -t bt-reset "hci0 exists but not running bringing it up"
hciconfig hci0 up || true
sleep 2
if hciconfig hci0 2>/dev/null | grep -q "UP RUNNING"; then
logger -t bt-reset "hci0 is UP now"
systemctl restart bluetooth.service
logger -t bt-reset "bluetooth.service restarted done"
exit 0
fi
fi
# Hard reset: reload the btusb kernel module (works for USB adapters)
logger -t bt-reset "hci0 missing reloading btusb module..."
modprobe -r btusb 2>/dev/null || true
sleep 3
modprobe btusb
sleep 3
if hciconfig hci0 2>/dev/null; then
hciconfig hci0 up
logger -t bt-reset "hci0 restored after module reload"
else
logger -t bt-reset "ERROR: hci0 not found after module reload"
exit 1
fi
# Restart the bluetooth systemd service so bluetoothd picks up the adapter
systemctl restart bluetooth.service
logger -t bt-reset "bluetooth.service restarted done"
'';
in
{
mod.homepage.services = [
{
name = "Home Assistant";
port = 8123;
description = "Home automation";
}
];
hardware.bluetooth.enable = true;
virtualisation.oci-containers = {
backend = "podman";
containers.homeassistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
volumes = [
"/home/alex/.config/home-assistant:/config"
# Pass in bluetooth
"/run/dbus:/run/dbus:ro"
];
environment.TZ = "Europe/Stockholm";
extraOptions = [
"--network=host"
# Allows HA to perform low-level network operations (scan/reset adapter)
"--cap-add=NET_ADMIN"
"--cap-add=NET_RAW"
# Pass in Zigbee antenna
"--device=/dev/serial/by-id/usb-Nabu_Casa_ZBT-2_9C139EAAD464-if00:/dev/ttyACM0"
];
};
};
services = {
blueman.enable = true;
nginx = lib.mkIf nginxEnabled {
recommendedProxySettings = true;
virtualHosts."ha.ppp.pm" = {
forceSSL = true;
useACMEHost = "ha.ppp.pm";
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8123";
proxyWebsockets = true;
};
};
};
# Trigger reset via udev when hci0 disappears
udev.extraRules = ''
ACTION=="remove", SUBSYSTEM=="bluetooth", KERNEL=="hci0", \
TAG+="systemd", ENV{SYSTEMD_WANTS}+="bt-reset.service"
'';
};
systemd = {
services = {
# Trigger reset on bluetoothd failure
bluetooth = {
unitConfig.OnFailure = [ "bt-reset.service" ];
};
bt-reset = {
description = "Reset Bluetooth adapter";
after = [ "bluetooth.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = script;
Restart = "on-failure";
RestartSec = "10s";
StartLimitIntervalSec = "120";
StartLimitBurst = 3;
};
};
};
timers.bt-reset = {
description = "Periodically reset Bluetooth adapter";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5min"; # first run 5 min after boot
OnUnitActiveSec = "4h"; # then every 4 hours
RandomizedDelaySec = "5min";
};
};
user = {
timers = {
"update-hetzner-dns" = {
unitConfig = {
Description = "updates Hetzner DNS records";
};
timerConfig = {
Unit = "update-hetzner-dns.service";
OnCalendar = "*-*-* *:00/30:00";
Persistent = true;
};
wantedBy = [ "timers.target" ];
};
};
services = {
"update-hetzner-dns" = {
unitConfig = {
Description = "updates Hetzner DNS records";
};
serviceConfig = {
Type = "exec";
EnvironmentFile = config.age.secrets.hetzner-dns.path;
};
path = [
pkgs.curl
pkgs.coreutils
pkgs.jq
];
script = ''
SUBDOMAINS="ha komga"
INTERFACE="enp3s0"
CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me)
for SUBDOMAIN in $SUBDOMAINS; do
LAST_IP_FILE="/tmp/hetzner-dns-''${SUBDOMAIN}-ip"
LAST_IP=""
if [[ -f "$LAST_IP_FILE" ]]; then
LAST_IP=$(cat "$LAST_IP_FILE")
fi
if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then
echo "$SUBDOMAIN: IP unchanged, NOOP update."
else
echo "$SUBDOMAIN: Updating IP"
JSON_BODY=$(jq -n --arg ip "$CURRENT_IP" '{records: [{value: $ip}]}')
curl \
--fail \
-X POST \
-H "Authorization: Bearer $HETZNER_API_TOKEN" \
-H "Content-Type: application/json" \
-d "$JSON_BODY" \
"https://api.hetzner.cloud/v1/zones/ppp.pm/rrsets/''${SUBDOMAIN}/A/actions/set_records" \
&& echo $CURRENT_IP > $LAST_IP_FILE
fi
done
'';
};
};
};
};
age = {
secrets = {
"hetzner-dns" = {
file = ../../../../secrets/manatee/hetzner-dns.age;
owner = "alex";
group = "users";
};
};
};
}

111
hosts/manatee/modules/homepage/default.nix
View File

@@ -1,111 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.homepage.enable;
nginxEnabled = config.mod.nginx.enable;
services = config.mod.homepage.services;
serviceToCard = svc: ''
<a class="card" href="http://manatee:${toString svc.port}">
<div class="name">${svc.name}</div>
<div class="desc">${svc.description}</div>
<div class="port">:${toString svc.port}</div>
</a>
'';
page = pkgs.writeTextDir "index.html" ''
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>manatee</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
background: #1a1b26;
color: #c0caf5;
min-height: 100vh;
padding: 3rem 1.5rem;
}
h1 {
text-align: center;
font-size: 1.5rem;
font-weight: 400;
color: #7aa2f7;
margin-bottom: 2rem;
}
.grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(200px, 1fr));
gap: 1rem;
max-width: 900px;
margin: 0 auto;
}
.card {
display: block;
background: #24283b;
border: 1px solid #414868;
border-radius: 8px;
padding: 1.25rem;
text-decoration: none;
color: inherit;
transition: border-color 0.15s;
}
.card:hover { border-color: #7aa2f7; }
.name { font-size: 1.1rem; font-weight: 600; color: #c0caf5; }
.desc { font-size: 0.85rem; color: #565f89; margin-top: 0.35rem; }
.port { font-size: 0.8rem; color: #414868; margin-top: 0.5rem; font-family: monospace; }
</style>
</head>
<body>
<h1>manatee</h1>
<div class="grid">
${lib.concatMapStrings serviceToCard services}
</div>
</body>
</html>
'';
in
{
options = {
mod.homepage = {
enable = lib.mkEnableOption "Enable homepage module";
services = lib.mkOption {
type = lib.types.listOf (
lib.types.submodule {
options = {
name = lib.mkOption { type = lib.types.str; };
port = lib.mkOption { type = lib.types.port; };
description = lib.mkOption { type = lib.types.str; };
};
}
);
default = [ ];
description = "Services to display on the homepage";
};
};
};
config = lib.mkIf (enabled && nginxEnabled) {
services.nginx.virtualHosts."homepage" = {
listen = [
{
addr = "0.0.0.0";
port = 9999;
}
];
root = page;
locations."/" = {
index = "index.html";
};
};
networking.firewall.allowedTCPPorts = [ 9999 ];
};
}

8
hosts/manatee/modules/immich/default.nix
View File

@@ -10,14 +10,6 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Immich";
port = 2283;
description = "Photo library";
}
];
users.users.immich = { users.users.immich = {
isSystemUser = true; isSystemUser = true;
group = "storage"; group = "storage";

13
hosts/manatee/modules/jellyfin/default.nix
View File

@@ -31,7 +31,6 @@ in
extraPackages = [ extraPackages = [
pkgs.intel-media-driver # Modern Intel VA-API driver (needed for N305) pkgs.intel-media-driver # Modern Intel VA-API driver (needed for N305)
pkgs.libvdpau-va-gl # VDPAU backend for VA-API GLX interop pkgs.libvdpau-va-gl # VDPAU backend for VA-API GLX interop
pkgs.intel-compute-runtime # OpenCL support
]; ];
}; };
@@ -47,18 +46,6 @@ in
}; };
}; };
mod.homepage.services = [
{
name = "Jellyfin";
port = 8096;
description = "Media streaming";
}
];
networking = {
firewall.allowedTCPPorts = [ 8096 ];
};
environment.systemPackages = [ environment.systemPackages = [
pkgs.jellyfin pkgs.jellyfin
pkgs.jellyfin-web pkgs.jellyfin-web

157
hosts/manatee/modules/komga/default.nix
View File

@@ -1,157 +0,0 @@
{
inputs,
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.komga.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
options = {
mod.komga = {
enable = lib.mkEnableOption "Enable komga module";
};
};
imports = [
inputs.komga-comictracker.nixosModules.default
inputs.komga-bookmanager.nixosModules.default
inputs.komga-reading-stats.nixosModules.default
];
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Komga";
port = 8002;
description = "Comic library";
}
{
name = "Komga Reader";
port = 8888;
description = "Comic reader";
}
{
name = "Komga Book Manager";
port = 8686;
description = "Book manager";
}
{
name = "Komga Reading Stats";
port = 8787;
description = "Reading stats";
}
];
users.users.komga = {
isSystemUser = true;
group = "storage";
};
services.komga = {
enable = true;
user = "komga";
group = "storage";
settings = {
server.port = 8002;
komga."cors.allowed-origins" = [
"http://manatee:8888"
"https://komga.ppp.pm"
];
};
openFirewall = true;
};
services.nginx = lib.mkIf nginxEnabled {
virtualHosts."komga-reader" = {
listen = [
{
addr = "0.0.0.0";
port = 8888;
}
];
root = (pkgs.writeTextDir "komga-reader.html" (builtins.readFile ./komga-reader.html));
locations."/" = {
index = "komga-reader.html";
tryFiles = "$uri $uri/ /komga-reader.html";
};
};
virtualHosts."komga.ppp.pm" = {
forceSSL = true;
useACMEHost = "komga.ppp.pm";
locations."/" = {
proxyPass = "http://127.0.0.1:8002";
proxyWebsockets = true;
};
};
};
networking.firewall.allowedTCPPorts = [ 8888 ];
programs.comictracker = {
enable = true;
komgaUrl = "http://127.0.0.1:8002";
komgaLibraryId = "0NVZH5AK3RPE1";
secretsFile = config.age.secrets.komga-comicbooktracker-credentials.path;
};
services.komga-book-manager = {
enable = true;
port = 8686;
group = "storage";
komgaUrl = "http://127.0.0.1:8002";
credentialsFile = config.age.secrets.komga-bookmanager-credentials.path;
libraryRoot = "/mnt/media/public/books";
libraryId = "0PNE1NEPY6995";
};
services.komga-reading-stats = {
enable = true;
host = "0.0.0.0";
port = 8787;
origin = "http://manatee:8787";
anthropicApiKeyFile = config.age.secrets.komga-reading-stats-claude-api-key.path;
claudeModel = "claude-sonnet-4-6";
komga = {
url = "http://127.0.0.1:8002";
apiKeyFile = config.age.secrets.komga-reading-stats-komga-api-key.path;
};
};
age.secrets = {
"komga-comicbooktracker-credentials" = {
file = ../../../../secrets/manatee/komga-comicbooktracker-credentials.age;
owner = "alex";
group = "users";
};
"komga-bookmanager-credentials" = {
file = ../../../../secrets/manatee/komga-bookmanager-credentials.age;
owner = "alex";
group = "users";
};
"komga-reading-stats-claude-api-key" = {
file = ../../../../secrets/manatee/komga-reading-stats-claude-api-key.age;
owner = "komga-reading-stats";
group = "komga-reading-stats";
};
"komga-reading-stats-komga-api-key" = {
file = ../../../../secrets/manatee/komga-reading-stats-komga-api-key.age;
owner = "komga-reading-stats";
group = "komga-reading-stats";
};
};
};
}

1553
hosts/manatee/modules/komga/komga-reader.html
View File

File diff suppressed because it is too large Load Diff

41
hosts/manatee/modules/navidrome/default.nix
View File

@@ -1,41 +0,0 @@
{
lib,
pkgs,
config,
...
}:
let
navidromeEnabled = config.mod.navidrome.enable;
in
{
options = {
mod.navidrome = {
enable = lib.mkEnableOption "Enable navidrome module";
};
};
config = {
mod.homepage.services = lib.mkIf navidromeEnabled [
{
name = "Navidrome";
port = 4533;
description = "Music streaming";
}
];
services = lib.mkIf navidromeEnabled {
navidrome = {
enable = true;
openFirewall = true;
user = "navidrome";
group = "storage";
settings = {
Port = 4533;
Address = "0.0.0.0";
MusicFolder = "/mnt/media/public/music";
};
};
};
};
}

34
hosts/manatee/modules/network/default.nix
View File

@@ -1,15 +1,8 @@
{ ... }: { ... }:
let
hostAddress = "192.168.50.203";
in
{ {
networking = { networking = {
hostName = "manatee"; hostName = "manatee";
# Required for asymmetric routing (sending replies out a different interface
# than the default route). Without this, the kernel drops the return traffic.
firewall.checkReversePath = "loose";
defaultGateway = "192.168.50.1"; defaultGateway = "192.168.50.1";
nameservers = [ "1.1.1.1" ]; nameservers = [ "1.1.1.1" ];
interfaces = { interfaces = {
@@ -18,33 +11,12 @@ in
ipv4 = { ipv4 = {
addresses = [ addresses = [
{ {
address = hostAddress; address = "192.168.50.203";
prefixLength = 24; prefixLength = 24;
} }
]; ];
}; };
};
ipv4.routes = [ };
{
address = "0.0.0.0";
prefixLength = 0;
via = "192.168.50.1"; # Router
options = {
table = "100";
};
}
];
};
};
localCommands = ''
# Ensure local LAN traffic uses the main table, e.g. responds to the local machine
ip rule list | grep -q "192.168.50.0/24 lookup main" || \
ip rule add to 192.168.50.0/24 lookup main priority 4999
# All other traffic from this IP uses Table 100 (e.g. responds to router and back out)
ip rule list | grep -q "from ${hostAddress} lookup 100" || \
ip rule add from ${hostAddress} lookup 100 priority 5000
'';
}; };
} }

6
hosts/manatee/modules/nginx/default.nix
View File

@@ -18,11 +18,5 @@ in
recommendedTlsSettings = true; recommendedTlsSettings = true;
}; };
}; };
networking = {
firewall = {
allowedTCPPorts = [ 443 ];
};
};
}; };
} }

13
hosts/manatee/modules/ssh/default.nix
View File

@@ -27,19 +27,6 @@ in
hostname = "git.ppp.pm"; hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.manatee-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
}; };
"*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
}; };
}; };
}; };

8
hosts/manatee/modules/syncthing/default.nix
View File

@@ -10,14 +10,6 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Syncthing";
port = 8384;
description = "File sync";
}
];
services.syncthing = { services.syncthing = {
enable = true; enable = true;

8
hosts/manatee/modules/transmission/default.nix
View File

@@ -15,14 +15,6 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "Transmission";
port = 9091;
description = "Torrent client";
}
];
services = { services = {
transmission = { transmission = {
enable = true; enable = true;

5
hosts/pinwheel/configuration.nix
View File

@@ -17,10 +17,7 @@
users.users.alex = { users.users.alex = {
isNormalUser = true; isNormalUser = true;
description = "alex"; description = "alex";
extraGroups = [ extraGroups = [ "wheel" ];
"wheel"
"networkmanager"
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

7
hosts/pinwheel/home.nix
View File

@@ -14,21 +14,18 @@
home.homeDirectory = "/home/alex"; home.homeDirectory = "/home/alex";
home.packages = [ home.packages = [
inputs.whib-backend.packages.${pkgs.stdenv.hostPlatform.system}.whib-import inputs.whib-backend.packages.${pkgs.system}.whib-import
# pkgs.beekeeper-studio # pkgs.beekeeper-studio
pkgs.bitwarden-desktop pkgs.bitwarden-desktop
pkgs.gimp pkgs.gimp
pkgs.zip pkgs.zip
pkgs.unzip
pkgs.unar pkgs.unar
pkgs.jq pkgs.jq
pkgs.dbeaver-bin pkgs.dbeaver-bin
pkgs.htop pkgs.htop
pkgs.onlyoffice-desktopeditors pkgs.onlyoffice-bin
pkgs.wdisplays pkgs.wdisplays
pkgs.vlc pkgs.vlc
pkgs.claude-code
pkgs.opencode
]; ];
home.stateVersion = "23.05"; home.stateVersion = "23.05";

2
hosts/pinwheel/modules/age/default.nix
View File

@@ -11,7 +11,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default inputs.agenix.packages."${pkgs.system}".default
]; ];
}; };
} }

8
hosts/pinwheel/modules/bluetooth/default.nix
View File

@@ -30,6 +30,12 @@ in
# Low battery notification for bluetooth devices # Low battery notification for bluetooth devices
systemd.user = systemd.user =
let let
trackpad = {
id = "battery_hid_a8o91o3doe5ofeo38_battery";
name = "trackpad";
threshold = "20";
};
headphones = { headphones = {
id = "headset_dev_38_18_4C_18_A4_6E"; id = "headset_dev_38_18_4C_18_A4_6E";
name = "headphones"; name = "headphones";
@@ -59,6 +65,7 @@ in
in in
builtins.listToAttrs ( builtins.listToAttrs (
builtins.map mkTimer [ builtins.map mkTimer [
trackpad
headphones headphones
] ]
); );
@@ -112,6 +119,7 @@ in
in in
builtins.listToAttrs ( builtins.listToAttrs (
builtins.map mkService [ builtins.map mkService [
trackpad
headphones headphones
] ]
); );

3
hosts/pinwheel/modules/default.nix
View File

@@ -14,7 +14,7 @@ in
nix-index.enable = false; nix-index.enable = false;
greetd.enable = true; greetd.enable = true;
hyprland.enable = true; hyprland.enable = true;
hyprlock.enable = true; swaylock.enable = true;
physlock.enable = false; physlock.enable = false;
power.enable = true; power.enable = true;
@@ -33,7 +33,6 @@ in
rust.enable = true; rust.enable = true;
scala.enable = true; scala.enable = true;
python.enable = true; python.enable = true;
gleam.enable = true;
keyboard.enable = true; keyboard.enable = true;
containers = { containers = {

58
hosts/pinwheel/modules/emacs/config.org
View File

@@ -479,34 +479,7 @@ Setup prefix for keybindings.
* Flycheck * Flycheck
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package flycheck (use-package flycheck)
:preface
(defun mp-flycheck-eldoc (callback &rest _ignored)
"Print flycheck messages at point by calling CALLBACK."
(when-let ((flycheck-errors (and flycheck-mode (flycheck-overlay-errors-at (point)))))
(mapc
(lambda (err)
(funcall callback
(format "%s: %s"
(let ((level (flycheck-error-level err)))
(pcase level
('info (propertize "I" 'face 'flycheck-error-list-info))
('error (propertize "E" 'face 'flycheck-error-list-error))
('warning (propertize "W" 'face 'flycheck-error-list-warning))
(_ level)))
(flycheck-error-message err))
:thing (or (flycheck-error-id err)
(flycheck-error-group err))
:face 'font-lock-doc-face))
flycheck-errors)))
(defun mp-flycheck-prefer-eldoc ()
(add-hook 'eldoc-documentation-functions #'mp-flycheck-eldoc nil t)
(setq eldoc-documentation-strategy 'eldoc-documentation-compose-eagerly)
(setq flycheck-display-errors-function nil)
(setq flycheck-help-echo-function nil))
:hook ((flycheck-mode . mp-flycheck-prefer-eldoc)))
(use-package flycheck-eglot (use-package flycheck-eglot
:after (flycheck eglot) :after (flycheck eglot)
@@ -530,12 +503,6 @@ Setup prefix for keybindings.
(add-hook 'before-save-hook #'eglot-format-buffer -10 t)))) (add-hook 'before-save-hook #'eglot-format-buffer -10 t))))
(use-package eglot (use-package eglot
:preface
(defun mp-eglot-eldoc ()
(setq eldoc-echo-area-use-multiline-p nil)
(setq eldoc-documentation-strategy
'eldoc-documentation-compose-eagerly))
:config :config
(add-to-list 'eglot-server-programs (add-to-list 'eglot-server-programs
'(scala-mode . '(scala-mode .
@@ -544,9 +511,6 @@ Setup prefix for keybindings.
(add-to-list 'eglot-server-programs (add-to-list 'eglot-server-programs
'(nix-mode . ("nixd"))) '(nix-mode . ("nixd")))
(add-to-list 'eglot-server-programs
'(gleam-ts-mode . ("gleam" "lsp")))
(setq-default eglot-workspace-configuration (setq-default eglot-workspace-configuration
'( '(
:metals ( :metals (
@@ -555,11 +519,7 @@ Setup prefix for keybindings.
) )
) )
:custom
(eglot-code-action-indications nil)
:hook ( :hook (
(eglot-managed-mode . mp-eglot-eldoc)
(go-mode . eglot-ensure) (go-mode . eglot-ensure)
(go-mode . alex/organize-imports-on-save) (go-mode . alex/organize-imports-on-save)
(go-mode . alex/format-on-save) (go-mode . alex/format-on-save)
@@ -569,9 +529,6 @@ Setup prefix for keybindings.
(nix-mode . eglot-ensure) (nix-mode . eglot-ensure)
(nix-mode . alex/format-on-save) (nix-mode . alex/format-on-save)
(gleam-ts-mode . eglot-ensure)
(gleam-ts-mode . alex/format-on-save)
(python-mode . eglot-ensure) (python-mode . eglot-ensure)
(javascript-mode . eglot-ensure) (javascript-mode . eglot-ensure)
(js-mode . eglot-ensure) (js-mode . eglot-ensure)
@@ -592,6 +549,13 @@ Setup prefix for keybindings.
:after eglot :after eglot
:config (eglot-booster-mode)) :config (eglot-booster-mode))
#+END_SRC #+END_SRC
** Eldoc-box
#+BEGIN_SRC emacs-lisp
(use-package eldoc-box
:after eglot
:bind (:map eglot-mode-map
("M-h" . eldoc-box-help-at-point)))
#+END_SRC
** Go ** Go
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package go-mode (use-package go-mode
@@ -609,12 +573,6 @@ Setup prefix for keybindings.
) )
) )
#+END_SRC #+END_SRC
** Gleam
#+BEGIN_SRC emacs-lisp
(use-package gleam-ts-mode
:mode "\\.gleam\\'"
)
#+END_SRC
** YAML ** YAML
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package yaml-mode (use-package yaml-mode

2
hosts/pinwheel/modules/fonts/default.nix
View File

@@ -3,7 +3,7 @@
fonts.packages = [ fonts.packages = [
pkgs.noto-fonts pkgs.noto-fonts
pkgs.noto-fonts-cjk-sans pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-color-emoji pkgs.noto-fonts-emoji
pkgs.nerd-fonts.jetbrains-mono pkgs.nerd-fonts.jetbrains-mono
pkgs.liberation_ttf pkgs.liberation_ttf
]; ];

2
hosts/pinwheel/modules/fzf/default.nix
View File

@@ -1,4 +1,4 @@
{ ... }: { pkgs, ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
programs.fzf = { programs.fzf = {

25
hosts/pinwheel/modules/git/default.nix
View File

@@ -23,16 +23,8 @@ in
{ path = ./gitconfig; } { path = ./gitconfig; }
]; ];
signing = { extraConfig = {
key = config.age.secrets."alex.pinwheel-github.com-signing.pub".path;
signByDefault = true;
};
settings = {
rerere.enable = true; rerere.enable = true;
# Tells Git to use SSH instead of the default GPG
gpg.format = "ssh";
}; };
}; };
@@ -43,20 +35,5 @@ in
set main-view-line-number-interval = 1 set main-view-line-number-interval = 1
''; '';
}; };
age.secrets = {
"alex.pinwheel-github.com-signing" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-github.com-signing.age;
path = "/home/alex/.ssh/alex.pinwheel-github.com-signing";
owner = "alex";
group = "users";
};
"alex.pinwheel-github.com-signing.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-github.com-signing.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-github.com-signing.pub";
owner = "alex";
group = "users";
};
};
}; };
} }

3
hosts/pinwheel/modules/git/gitconfig
View File

@@ -5,5 +5,8 @@
[url "git@github.com:"] [url "git@github.com:"]
insteadOf = https://github.com/ insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/
[url "gitea@git.ppp.pm:"] [url "gitea@git.ppp.pm:"]
insteadOf = https://git.ppp.pm/ insteadOf = https://git.ppp.pm/

25
hosts/pinwheel/modules/gleam/default.nix
View File

@@ -1,25 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.gleam.enable;
in
{
options = {
mod.gleam = {
enable = lib.mkEnableOption "enable gleam module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
home.packages = [
pkgs.gleam
pkgs.erlang
];
};
};
}

2
hosts/pinwheel/modules/go/default.nix
View File

@@ -21,7 +21,7 @@ in
package = pkgs.go; package = pkgs.go;
env = { env = {
GOPATH = "/home/alex/code/go"; GOPATH = "code/go";
}; };
}; };

2
hosts/pinwheel/modules/greetd/default.nix
View File

@@ -22,7 +22,7 @@ in
let let
session = { session = {
user = "alex"; user = "alex";
command = "uwsm start hyprland-uwsm.desktop"; command = "${pkgs.hyprland}/bin/Hyprland";
}; };
in in
{ {

118
hosts/pinwheel/modules/hyprland/default.nix
View File

@@ -1,5 +1,4 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
config, config,
@@ -7,61 +6,6 @@
}: }:
let let
enabled = config.mod.hyprland.enable; enabled = config.mod.hyprland.enable;
monitorScript = pkgs.writeShellScript "hyprland-monitor-handler" ''
INTERNAL="eDP-1"
EXTERNAL_MONITORS="HDMI-A-1 DP-3"
HYPRCTL="${pkgs.hyprland}/bin/hyprctl"
JQ="${pkgs.jq}/bin/jq"
get_active_external() {
# Return the first connected external monitor
for mon in $EXTERNAL_MONITORS; do
if $HYPRCTL monitors -j | $JQ -e ".[] | select(.name == \"$mon\")" > /dev/null 2>&1; then
echo "$mon"
return 0
fi
done
return 1
}
bind_workspaces() {
local external batch=""
if external=$(get_active_external); then
# External monitor connected: move workspaces 1-5 to external, 6-10 to internal
for ws in 1 2 3 4 5; do
batch="$batch dispatch moveworkspacetomonitor $ws $external;"
done
for ws in 6 7 8 9 10; do
batch="$batch dispatch moveworkspacetomonitor $ws $INTERNAL;"
done
else
# No external monitor: move all workspaces to internal
for ws in 1 2 3 4 5 6 7 8 9 10; do
batch="$batch dispatch moveworkspacetomonitor $ws $INTERNAL;"
done
fi
$HYPRCTL --batch "$batch"
}
handle_event() {
case $1 in
monitoradded*|monitorremoved*)
sleep 0.5
bind_workspaces
;;
esac
}
# Bind workspaces on startup
bind_workspaces
${pkgs.socat}/bin/socat -U - UNIX-CONNECT:"$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock" | while read -r line; do
handle_event "$line"
done
'';
in in
{ {
options = { options = {
@@ -71,26 +15,17 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
programs.hyprland = { home-manager.users.alex = {
wayland.windowManager.hyprland = {
enable = true; enable = true;
withUWSM = true;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
portalPackage =
inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
xwayland = { xwayland = {
enable = true; enable = true;
}; };
};
home-manager.users.alex = {
wayland.windowManager.hyprland = {
enable = true;
systemd.enable = false;
extraConfig = '' extraConfig = ''
exec-once = uwsm app -- waybar exec-once=waybar
exec-once = uwsm app -- hyprctl setcursor Adwaita 24 exec-once=hyprctl setcursor Adwaita 24
env = GDK_DPI_SCALE,1.5 env = GDK_DPI_SCALE,1.5
env = HYPRCURSOR_THEME,Adwaita env = HYPRCURSOR_THEME,Adwaita
@@ -98,22 +33,13 @@ in
monitor=eDP-1, 1920x1200, auto-center-down, 1 monitor=eDP-1, 1920x1200, auto-center-down, 1
monitor=HDMI-A-1, 2560x1440@100, auto-center-up, 1 monitor=HDMI-A-1, 2560x1440@100, auto-center-up, 1
monitor=DP-3, 2560x1440@60, auto-center-up, 1
# Workspaces 1-5 on external monitors (HDMI-A-1 or DP-3) workspace = 1, monitor:HDMI-A-1
workspace = 1, monitor:HDMI-A-1, default:true
workspace = 2, monitor:HDMI-A-1 workspace = 2, monitor:HDMI-A-1
workspace = 3, monitor:HDMI-A-1 workspace = 3, monitor:HDMI-A-1
workspace = 4, monitor:HDMI-A-1 workspace = 4, monitor:HDMI-A-1
workspace = 5, monitor:HDMI-A-1 workspace = 5, monitor:HDMI-A-1
workspace = 1, monitor:DP-3, default:true workspace = 6, monitor:eDP-1
workspace = 2, monitor:DP-3
workspace = 3, monitor:DP-3
workspace = 4, monitor:DP-3
workspace = 5, monitor:DP-3
# Workspaces 6-10 on internal monitor
workspace = 6, monitor:eDP-1, default:true
workspace = 7, monitor:eDP-1 workspace = 7, monitor:eDP-1
workspace = 8, monitor:eDP-1 workspace = 8, monitor:eDP-1
workspace = 9, monitor:eDP-1 workspace = 9, monitor:eDP-1
@@ -121,14 +47,12 @@ in
workspace = w[tv1], gapsout:0, gapsin:0 workspace = w[tv1], gapsout:0, gapsin:0
workspace = f[1], gapsout:0, gapsin:0 workspace = f[1], gapsout:0, gapsin:0
windowrule = border_size 0, match:float 0, match:workspace w[tv1] windowrulev2 = bordersize 0, floating:0, onworkspace:w[tv1]
windowrule = rounding 0, match:float 0, match:workspace w[tv1] windowrulev2 = rounding 0, floating:0, onworkspace:w[tv1]
windowrule = border_size 0, match:float 0, match:workspace f[1] windowrulev2 = bordersize 0, floating:0, onworkspace:f[1]
windowrule = rounding 0, match:float 0, match:workspace f[1] windowrulev2 = rounding 0, floating:0, onworkspace:f[1]
# https://wiki.archlinux.org/title/Hyprland#Jetbrains_apps_focus_issues
windowrule = match:xwayland true, no_initial_focus on
exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
''; '';
settings = { settings = {
@@ -147,7 +71,6 @@ in
follow_mouse = 2; follow_mouse = 2;
sensitivity = 0.3; sensitivity = 0.3;
accel_profile = "flat";
touchpad = { touchpad = {
natural_scroll = false; natural_scroll = false;
tap-and-drag = false; tap-and-drag = false;
@@ -240,23 +163,6 @@ in
pkgs.wdisplays pkgs.wdisplays
pkgs.bc pkgs.bc
]; ];
systemd.user.services.hyprland-monitors = {
Unit = {
Description = "Hyprland monitor hotplug handler";
PartOf = [ "graphical-session.target" ];
After = [ "graphical-session.target" ];
};
Service = {
Type = "simple";
ExecStart = "${monitorScript}";
Restart = "on-failure";
RestartSec = 5;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
};
}; };
# To start electron apps like `chromium` with wayland support # To start electron apps like `chromium` with wayland support
@@ -274,7 +180,5 @@ in
# openGL is needed for wayland/hyprland # openGL is needed for wayland/hyprland
hardware.graphics.enable = true; hardware.graphics.enable = true;
boot.kernelParams = [ "i915.enable_psr=0" ];
}; };
} }

5
hosts/pinwheel/modules/light/default.nix
View File

@@ -9,13 +9,14 @@ let
in in
{ {
users.users.alex.extraGroups = [ "video" ]; users.users.alex.extraGroups = [ "video" ];
programs.light.enable = true;
home-manager.users.alex = { home-manager.users.alex = {
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled { wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = { settings = {
bind = [ bind = [
", XF86MonBrightnessUp, exec, ${pkgs.brightnessctl}/bin/brightnessctl set +5%" ", XF86MonBrightnessUp, exec, ${pkgs.light}/bin/light -A 5"
", XF86MonBrightnessDown, exec, ${pkgs.brightnessctl}/bin/brightnessctl set 5%-" ", XF86MonBrightnessDown, exec, ${pkgs.light}/bin/light -U 5"
]; ];
}; };
}; };

2
hosts/pinwheel/modules/music/default.nix
View File

@@ -33,7 +33,7 @@ in
home.packages = [ home.packages = [
pkgs.playerctl pkgs.playerctl
pkgs.spotify pkgs.spotify
inputs.naviterm.packages.${pkgs.stdenv.hostPlatform.system}.default inputs.naviterm.packages.${pkgs.system}.default
]; ];
}; };

23
hosts/pinwheel/modules/network/default.nix
View File

@@ -1,22 +1,21 @@
{ pkgs, ... }:
{ {
home-manager = { services.connman = {
users.alex = {
home.packages = [ pkgs.networkmanager ];
};
};
networking = {
wireless.enable = false; # Wireless is managed by networkmanager
networkmanager = {
enable = true; enable = true;
wifi = { wifi = {
backend = "iwd"; backend = "iwd";
}; };
};
networkInterfaceBlacklist = [
"vmnet"
"vboxnet"
"virbr"
"ifb"
"ve"
"docker"
"br-"
"wg-"
];
}; };
networking = { networking = {

2
hosts/pinwheel/modules/nix/default.nix
View File

@@ -2,7 +2,7 @@
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.nixfmt pkgs.nixfmt-rfc-style
pkgs.nix-tree pkgs.nix-tree
]; ];
}; };

17
hosts/pinwheel/modules/openvpn/default.nix
View File

@@ -23,14 +23,15 @@ in
services.resolved = { services.resolved = {
enable = true; enable = true;
settings = { dnssec = "false";
Resolve = { domains = [ "~." ];
Domains = [ "~." ]; fallbackDns = [
DNSSEC = false; "1.1.1.1#one.one.one.one"
DNSOverTLS = true; "1.0.0.1#one.one.one.one"
}; ];
}; extraConfig = ''
DNSOverTLS=yes
'';
}; };
}; };
} }

6
hosts/pinwheel/modules/power/default.nix
View File

@@ -80,12 +80,12 @@ in
path = [ path = [
pkgs.coreutils # For `cat` pkgs.coreutils # For `cat`
pkgs.libnotify pkgs.libnotify
pkgs.hyprlock pkgs.swaylock
]; ];
script = script =
let let
pause-music = "${pkgs.playerctl}/bin/playerctl -a pause"; pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
in in
'' ''
BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity) BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity)
@@ -103,7 +103,7 @@ in
BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status) BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status)
if [[ $BATTERY_STATUS = "Discharging" ]]; then if [[ $BATTERY_STATUS = "Discharging" ]]; then
${pause-music}; ${pkgs.hyprlock}/bin/hyprlock & sleep 0.5; systemctl suspend ${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend
fi fi
fi fi
''; '';

2
hosts/pinwheel/modules/screenshot/default.nix
View File

@@ -8,7 +8,7 @@
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
grimblast = inputs.hyprland-contrib.packages.${pkgs.stdenv.hostPlatform.system}.grimblast; grimblast = inputs.hyprland-contrib.packages.${pkgs.system}.grimblast;
area = "${pkgs.libnotify}/bin/notify-send 'ps: selected area' && ${grimblast}/bin/grimblast copy area"; area = "${pkgs.libnotify}/bin/notify-send 'ps: selected area' && ${grimblast}/bin/grimblast copy area";
screen = "${pkgs.libnotify}/bin/notify-send 'ps: selected screen' &&${grimblast}/bin/grimblast copy output"; screen = "${pkgs.libnotify}/bin/notify-send 'ps: selected screen' &&${grimblast}/bin/grimblast copy output";
in in

64
hosts/pinwheel/modules/ssh/default.nix
View File

@@ -1,17 +1,8 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
# Enable gnome-keyring at system level for PAM integration
services.gnome.gnome-keyring.enable = true;
home-manager.users.alex = { home-manager.users.alex = {
services.gnome-keyring = {
enable = true;
components = [ "secrets" "ssh" ];
};
programs.ssh = { programs.ssh = {
enable = true; enable = true;
enableDefaultConfig = false;
matchBlocks = { matchBlocks = {
"manatee" = { "manatee" = {
@@ -28,6 +19,12 @@
port = 1122; port = 1122;
}; };
"andromeda" = {
hostname = "andromeda.a2x.se";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-andromeda";
};
"tadpole" = { "tadpole" = {
hostname = "65.21.106.222"; hostname = "65.21.106.222";
user = "alex"; user = "alex";
@@ -40,30 +37,19 @@
identityFile = "/home/alex/.ssh/alex.pinwheel-github.com"; identityFile = "/home/alex/.ssh/alex.pinwheel-github.com";
}; };
"codeberg.org" = {
hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
};
"git.ppp.pm" = { "git.ppp.pm" = {
hostname = "git.ppp.pm"; hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
}; };
"*" = {
forwardAgent = false;
addKeysToAgent = "yes";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
}; };
}; };
home.packages = [ home.packages = [ pkgs.sshfs ];
pkgs.sshfs
pkgs.seahorse # GUI for managing gnome-keyring
];
}; };
age.secrets = { age.secrets = {
@@ -106,6 +92,19 @@
group = "users"; group = "users";
}; };
"alex.pinwheel-codeberg.org" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.age;
path = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
owner = "alex";
group = "users";
};
"alex.pinwheel-codeberg.org.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-codeberg.org.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-git.ppp.pm" = { "alex.pinwheel-git.ppp.pm" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age; file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm"; path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
@@ -119,6 +118,19 @@
group = "users"; group = "users";
}; };
"alex.pinwheel-andromeda" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda";
owner = "alex";
group = "users";
};
"alex.pinwheel-andromeda.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-tadpole" = { "alex.pinwheel-tadpole" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age; file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age;
path = "/home/alex/.ssh/alex.pinwheel-tadpole"; path = "/home/alex/.ssh/alex.pinwheel-tadpole";

47
hosts/pinwheel/modules/hyprlock/default.nix → hosts/pinwheel/modules/swaylock/default.nix
View File

@@ -5,13 +5,13 @@
... ...
}: }:
let let
enabled = config.mod.hyprlock.enable; enabled = config.mod.swaylock.enable;
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
in in
{ {
options = { options = {
mod.hyprlock = { mod.swaylock = {
enable = lib.mkEnableOption "enable hyprlock module"; enable = lib.mkEnableOption "enable swaylock module";
dpmsTimeout = lib.mkOption { dpmsTimeout = lib.mkOption {
description = "timeout in seconds before DPMS is turned on"; description = "timeout in seconds before DPMS is turned on";
@@ -23,32 +23,13 @@ in
config = lib.mkIf enabled { config = lib.mkIf enabled {
home-manager.users.alex = { home-manager.users.alex = {
programs.hyprlock = { programs.swaylock = {
enable = true; enable = true;
settings = { settings = {
general = { color = "000000";
hide_cursor = true; indicator-idle-visible = false;
}; show-failed-attempts = true;
background = [
{
color = "rgb(000000)";
}
];
input-field = [
{
size = "250, 50";
position = "0, 0";
halign = "center";
valign = "center";
outline_thickness = 2;
dots_center = true;
fade_on_empty = true;
placeholder_text = "";
}
];
}; };
}; };
@@ -56,20 +37,20 @@ in
settings = { settings = {
bind = bind =
let let
pause-music = "${pkgs.playerctl}/bin/playerctl -a pause"; pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
dpmsTimeout = config.mod.hyprlock.dpmsTimeout; dpmsTimeout = config.mod.swaylock.dpmsTimeout;
dpms-lock = pkgs.writeShellScript "dpms-lock" '' dpms-lock = pkgs.writeShellScript "dpms-lock" ''
${pkgs.swayidle}/bin/swayidle \ ${pkgs.swayidle}/bin/swayidle \
timeout ${dpmsTimeout} "${pkgs.hyprland}/bin/hyprctl dispatch dpms off" \ timeout ${dpmsTimeout} "${pkgs.hyprland}/bin/hyprctl dispatch dpms off" \
resume "${pkgs.hyprland}/bin/hyprctl dispatch dpms on" & resume "${pkgs.hyprland}/bin/hyprctl dispatch dpms on" &
${pkgs.hyprlock}/bin/hyprlock; ${pkgs.procps}/bin/pkill swayidle ${pkgs.swaylock}/bin/swaylock && ${pkgs.procps}/bin/pkill swayidle
''; '';
in in
[ [
"$mod, x, exec, ${pause-music}; ${dpms-lock}" "$mod, x, exec, ${pause-music}; ${dpms-lock}"
"$mod SHIFT, x, exec, ${pause-music}; ${pkgs.hyprlock}/bin/hyprlock & sleep 0.5; systemctl suspend" "$mod SHIFT, x, exec, ${pause-music}; ${pkgs.swaylock}/bin/swaylock -f; systemctl suspend"
]; ];
}; };
}; };
@@ -78,7 +59,11 @@ in
security = { security = {
polkit.enable = true; polkit.enable = true;
pam.services.hyprlock = {}; pam.services.swaylock.text = ''
# PAM configuration file for the swaylock screen locker. By default, it includes
# the 'login' configuration file (see /etc/pam.d/login)
auth include login
'';
}; };
}; };
} }

2
hosts/pinwheel/modules/tmux/default.nix
View File

@@ -18,7 +18,7 @@
# https://old.reddit.com/r/tmux/comments/mesrci/tmux_2_doesnt_seem_to_use_256_colors/ # https://old.reddit.com/r/tmux/comments/mesrci/tmux_2_doesnt_seem_to_use_256_colors/
set -g default-terminal "xterm-256color" set -g default-terminal "xterm-256color"
set -ga terminal-overrides ",*256col*:Tc" set -ga terminal-overrides ",*256col*:Tc"
set -ga terminal-overrides ',*:Ss=\E[%p1%d q:Se=\E[ q' set -ga terminal-overrides "*:Ss=\E[%p1%d q:Se=\E[ q"
set-environment -g COLORTERM "truecolor" set-environment -g COLORTERM "truecolor"
set-option -g allow-rename off set-option -g allow-rename off

2
hosts/pinwheel/modules/vim/default.nix
View File

@@ -18,7 +18,7 @@ in
}; };
programs.git = lib.mkIf gitEnabled { programs.git = lib.mkIf gitEnabled {
settings = { extraConfig = {
core = { core = {
editor = "vim"; editor = "vim";
}; };

22
hosts/pinwheel/modules/waybar/default.nix
View File

@@ -85,25 +85,11 @@ let
''; '';
work-vpn-status = pkgs.writeShellScript "work-vpn-status" '' work-vpn-status = pkgs.writeShellScript "work-vpn-status" ''
ACTIVE_ENVS="" STAGING=$(systemctl is-active openvpn-work-staging.service)
[ "$STAGING" == "active" ] && echo "WORK-VPN STAGING ON" && exit 0
STAGING_STATUS=$(systemctl is-active openvpn-work-staging.service) PRODUCTION=$(systemctl is-active openvpn-work-production.service)
if [ "$STAGING_STATUS" == "active" ]; then [ "$PRODUCTION" == "active" ] && echo "WORK-VPN PRODUCTION ON" && exit 0
ACTIVE_ENVS="S"
fi
PRODUCTION_STATUS=$(systemctl is-active openvpn-work-production.service)
if [ "$PRODUCTION_STATUS" == "active" ]; then
if [ -n "$ACTIVE_ENVS" ]; then
ACTIVE_ENVS="$ACTIVE_ENVS&amp;P"
else
ACTIVE_ENVS="P"
fi
fi
if [ -n "$ACTIVE_ENVS" ]; then
echo "WORK-VPN $ACTIVE_ENVS ON"
fi
''; '';
toggle-bt-power = pkgs.writeShellScript "toggle-bt-power" '' toggle-bt-power = pkgs.writeShellScript "toggle-bt-power" ''

57
hosts/pinwheel/modules/work/default.nix
View File

@@ -1,5 +1,4 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
config, config,
@@ -12,48 +11,16 @@ let
in in
{ {
home-manager.users.alex = { home-manager.users.alex = {
# Ensure bashInteractive is first in PATH inside nix devshells.
# stdenv provides a non-interactive bash that breaks Copilot shell commands.
# Adding bashInteractive to home.packages alone isn't enough because devshell
# packages are prepended to PATH. This precmd hook runs after direnv's hook
# and re-prepends bashInteractive so it takes priority.
programs.zsh.initContent = ''
_ensure_bash_interactive() {
[[ "$PATH" == "${pkgs.bashInteractive}/bin:"* ]] || export PATH="${pkgs.bashInteractive}/bin:$PATH"
}
precmd_functions+=(_ensure_bash_interactive)
'';
# Configure IntelliJ to exclude .direnv from indexing
home.activation.intellijIgnoreDirenv = ''
for idea_config in $HOME/.config/JetBrains/IntelliJIdea*; do
if [ -d "$idea_config" ]; then
$DRY_RUN_CMD mkdir -p "$idea_config/options"
$DRY_RUN_CMD tee "$idea_config/options/filetypes.xml" > /dev/null <<'EOF'
<application>
<component name="FileTypeManager" version="18">
<ignoreFiles list="*.pyc;*.pyo;*.rbc;*.yarb;*~;.DS_Store;.git;.hg;.svn;CVS;__pycache__;_svn;vssver.scc;vssver2.scc;.direnv" />
</component>
</application>
EOF
fi
done
'';
home.sessionVariables = { home.sessionVariables = {
GITHUB_ACTOR = "Alexander Heldt"; GITHUB_ACTOR = "Alexander Heldt";
GITHUB_TOKEN = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})"; GITHUB_TOKEN = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})";
}; };
home.packages = [ home.packages = [
# (pkgs.callPackage ./pants.nix { inherit (pkgs) stdenv.hostPlatform.system; }) # (pkgs.callPackage ./pants.nix { inherit (pkgs) system; })
# (pkgs.callPackage ./syb-cli.nix { }) # (pkgs.callPackage ./syb-cli.nix { })
(inputs.nix-jetbrains-plugins.lib.buildIdeWithPlugins pkgs "idea" [ (pkgs.jetbrains.plugins.addPlugins pkgs.jetbrains.idea-ultimate [ "ideavim" ])
"IdeaVIM"
"com.github.copilot"
])
pkgs.bashInteractive
(pkgs.google-cloud-sdk.withExtraComponents [ (pkgs.google-cloud-sdk.withExtraComponents [
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
@@ -64,22 +31,9 @@ EOF
pkgs.postman pkgs.postman
pkgs.grpcurl pkgs.grpcurl
pkgs.slack
# for `radio` # for `radio`
pkgs.go-mockery pkgs.go-mockery
pkgs.golangci-lint pkgs.golangci-lint
(pkgs.writeShellScriptBin "work-vpn" ''
case $1 in
up)
sudo sh -c "systemctl start openvpn-work-staging.service; systemctl start openvpn-work-production.service"
;;
down)
sudo sh -c "systemctl stop openvpn-work-staging.service; systemctl stop openvpn-work-production.service"
;;
esac
'')
]; ];
programs.go = lib.mkIf goEnabled { programs.go = lib.mkIf goEnabled {
@@ -98,13 +52,6 @@ EOF
}; };
}; };
# Needed for `copilot`
programs.nix-ld.enable = true;
programs.nix-ld.libraries = [
pkgs.stdenv.cc.cc.lib
pkgs.zlib
];
services.openvpn.servers = lib.mkIf openvpnEnabled { services.openvpn.servers = lib.mkIf openvpnEnabled {
work-staging = { work-staging = {
config = "config ${config.age.secrets.work-staging-ovpn.path}"; config = "config ${config.age.secrets.work-staging-ovpn.path}";

3
hosts/pinwheel/modules/work/pants.nix
View File

@@ -1,4 +1,5 @@
{ {
system,
pkgs, pkgs,
lib, lib,
... ...
@@ -10,7 +11,7 @@ let
match = match =
v: l: builtins.elemAt (lib.lists.findFirst (x: (if_let v (builtins.elemAt x 0)) != null) null l) 1; v: l: builtins.elemAt (lib.lists.findFirst (x: (if_let v (builtins.elemAt x 0)) != null) null l) 1;
package = match { platform = pkgs.stdenv.hostPlatform.system; } [ package = match { platform = system; } [
[ [
{ platform = "aarch64-linux"; } { platform = "aarch64-linux"; }
{ {

2
hosts/tadpole/modules/age/default.nix
View File

@@ -8,7 +8,7 @@
}; };
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages."${pkgs.stdenv.hostPlatform.system}".default inputs.agenix.packages."${pkgs.system}".default
]; ];
}; };
} }

5
hosts/tadpole/modules/certs/default.nix
View File

@@ -18,11 +18,6 @@
group = "nginx"; group = "nginx";
}; };
"whib.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
group = "nginx";
};
"api.whib.ppp.pm" = { "api.whib.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/"; webroot = "/var/lib/acme/acme-challenge/";
group = "nginx"; group = "nginx";

4
hosts/tadpole/modules/gitea/default.nix
View File

@@ -67,10 +67,6 @@ in
HTTP_PORT = 3001; HTTP_PORT = 3001;
}; };
oauth2 = {
JWT_CLAIM_ISSUER = "https://${gitDomain}/";
};
database = { database = {
type = "sqlite3"; type = "sqlite3";
passwordFile = config.age.secrets.gitea-dbpassword.path; passwordFile = config.age.secrets.gitea-dbpassword.path;

27
hosts/tadpole/modules/ssh/default.nix
View File

@@ -28,17 +28,9 @@ in
identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm"; identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm";
}; };
"*" = { "codeberg.org" = {
forwardAgent = false; hostname = "codeberg.org";
addKeysToAgent = "no"; identityFile = "/home/alex/.ssh/alex.tadpole-codeberg.org";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
}; };
}; };
}; };
@@ -109,6 +101,19 @@ in
owner = "alex"; owner = "alex";
group = "users"; group = "users";
}; };
"alex.tadpole-codeberg.org" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org";
owner = "alex";
group = "users";
};
"alex.tadpole-codeberg.org.pub" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org.pub";
owner = "alex";
group = "users";
};
}; };
}; };
} }

12
hosts/tadpole/modules/whib/default.nix
View File

@@ -19,15 +19,14 @@ in
}; };
config = { config = {
assertions = [ assertions = lib.mkIf backendEnabled [
{ {
assertion = backendEnabled && config.services.nginx.enable; assertion = config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled"; message = "Option 'config.services.nginx' must be enabled";
} }
]; ];
services = { services.whib-backend = lib.mkIf backendEnabled {
whib-backend = lib.mkIf backendEnabled {
enable = true; enable = true;
backend = { backend = {
@@ -56,13 +55,12 @@ in
}; };
}; };
whib-frontend = lib.mkIf frontendEnabled { services.whib-frontend = lib.mkIf frontendEnabled {
enable = true; enable = true;
domain = "whib.ppp.pm"; domain = "whib.ppp.pm";
useACMEHost = "whib.ppp.pm"; useACMEHost = "whib.ppp.pm";
backendHost = "https://api.whib.ppp.pm"; backendHost = "api.whib.ppp.pm";
};
}; };
age.secrets = { age.secrets = {

4
hosts/test-vm/configuration.nix
View File

@@ -26,9 +26,9 @@
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
virtualisation.vmVariant = { virtualisation.vmVariant = {
# following configuration is added only when building VM the *first* time with `build-vm` # following configuration is added only when building VM with build-vm
virtualisation = { virtualisation = {
diskSize = 8192; diskSize = 4096;
memorySize = 2048; memorySize = 2048;
cores = 3; cores = 3;
graphics = false; graphics = false;

3
hosts/test-vm/whib-frontend.nix
View File

@@ -15,8 +15,7 @@ in
domain = "whib-frontend.local"; domain = "whib-frontend.local";
port = "8081"; port = "8081";
# backendHost = "https://api.whib.ppp.pm/"; backendHost = "https://api.whib.ppp.pm/"; # "whib-backend.local";
backendHost = "http://localhost:8080";
}; };
virtualisation.vmVariant = { virtualisation.vmVariant = {

BIN
secrets/backwards/alex.backwards-codeberg.org.age Normal file
View File

Binary file not shown.

7
secrets/backwards/alex.backwards-codeberg.org.pub.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Pu0HWg eK/pdhmsF334C7rSuYsRnXCtenmlT2hOXpfW5CQEARY
odooTLu8ZQUZjCeVPZYOA6Vgb470cosE1Q1iBkE9Kc0
-> ssh-ed25519 +oNaHQ nJU52SSZ9v3+8NuXR6coSHosEYrs7T8GeZYzV/quOU4
IV5YduRGdJLy93gVwfYmwvldRXoXXX3QvAsH3ljBadw
--- 3gJg9NFmqHCrgcvgnYOeSY1H4klPEyzI+07IlKCOItc
 ¦Ì\5çܤ‰}õyñÐáAý_J§

9
secrets/manatee/hetzner-dns.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA mr8aDxrNmdcxT5BEXJ32Q4DckYKidh3zblrSm8GV3hg
JngH+sfId8Z6SuXnQo9EQR0nw+y7LfdgYgI7SYisPL4
-> ssh-ed25519 +oNaHQ QI1+VLIa1sN8HSzBXoAGio7TcfxpGERw30uNlMCmejw
m3+nrTwsAb/Fg1p9JCYnc7jS9uteMO3AbUtDbKP60Dk
--- etDNlalBL2SdgfFxIhDCAWXpXcSZr+BlCoTt6yIUiBQ
èZw œ»ØÁëkáÂÎó4=UÉÜ:J
ã½p#"ˆà^pŠî!KÚÔ
¯cŽC÷ô´cd¾·"g.óÒ¦ó¥_(ÄA% ¶Ýp<C39D>ÇÏGA2`CqÖPš¢<C5A1>P¾Ç$j åMººŒþ¾ƒ™_â

7
secrets/manatee/komga-bookmanager-credentials.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA GW8mvnaXpspxr78xV0fKhXwHVvReyjvDc0v7uPwhuBI
Rne8JZYVhrTTesSFpRQ/IOZlFIMoX9Wmv5n1Ed7Ehv8
-> ssh-ed25519 +oNaHQ d7utzodGQ7LsD2Uht1rbT8Qq9BZp3PkJS9EDhajCjnk
qd2Vj+1TQrjEKkSVAf0cXcCdkgeN/Jbp4UrBSp3cKYQ
--- JQr5UQlutONqnTeoT/mIVZL8ME7ipUDK8zDfNcN3uhU
ø5-VŸÌ²ÂòÀ-®ªÁÅ'^žô5kú.t(d1‡)É'<u%

BIN
secrets/manatee/komga-comicbooktracker-credentials.age
View File

Binary file not shown.

7
secrets/manatee/komga-reading-stats-claude-api-key.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA 5bEWAlzS34w3tMqMCTRqFoni4MKyQCcaBdEQ96BccVk
85rIfjpzL/cNx5SlpKeOUzsMl0rwvCdPgrZ0jlXE1nQ
-> ssh-ed25519 +oNaHQ d2ZZ/XQ5fgT8FMwhyfWHB5FESXM0Y9tlE1KcWwQV7HY
bCj5fLqN2zfPBcnXaJAYJYA+PXTPAdLZVy2FinZvUTM
--- vxopGi8/YrgI/VceX807yk7edWrdYgjmGYG9Zp/cuQA
žFc˜ÖÂ|ª67Ñ~uðáúÉ€Wêÿeïó‰ÍVMj5ÜG?³JâË_pîcf57^ƒŒ¥r@g&<26>?„¬4ŠþÎðˆÉ‘@ƒN…œsjZ¡Šé^-âyB{\ºÔñˆýT)³ž¯uÝ\Wa\àìB)@d ™vrì8q.kÚ™˜

7
secrets/manatee/komga-reading-stats-komga-api-key.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA ykXbxHlehL+AucBCiS7NKNOWjHm51ZTbfgM7fPU+QDo
FtPBWg91yWq90n4PkzdwpIq+DnwL+nwUNzH3mQP4lgg
-> ssh-ed25519 +oNaHQ fCNig/NdBmbZqicNhSnYKz7Rmc7S2JpN+sQ50o+QFg0
AQiKSjZMsjuJGsnZWjSNePrbXBQ/f1zhNCXLznbZk1w
--- zjW49MAgjerHuHqMrSSDpgkWLD40eMSr+ZkKZ0Y9pJo
؇¯O¹Þ°<>}Œ/¨ïd°°

BIN
secrets/pinwheel/alex.pinwheel-andromeda.age Normal file
View File

Binary file not shown.

BIN
secrets/pinwheel/alex.pinwheel-andromeda.pub.age Normal file
View File

Binary file not shown.

BIN
secrets/pinwheel/alex.pinwheel-codeberg.org.age Normal file
View File

Binary file not shown.

8
secrets/pinwheel/alex.pinwheel-codeberg.org.pub.age Normal file
View File

@@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 vxPbZg IKvbUY2e3wCrphoiFOKJYxyWvj4DjMlW1yv1VrZ/kBk
8sS9cNUsb8NtPHD5iKx8dfcgKxLObcZDfWJohduWEl4
-> ssh-ed25519 +oNaHQ nIY6nLvP+HIUlCumO/MxGoBGfutwfwv4zlvsLCuu2C8
eFqY9TaVsYoKulu5e++WI1zYzoBinEVUJt/lDan+ttQ
--- 67CbghCaK4yhjqH6vHEUzfeFth9PmX8h+qTKHocKGzk
iFÞ0ƒV•5œ1²·7¡~w&Õ´>¨Žƒ1¶bƒ…ÅåŒÆgŽ«cì6Fb<46>s5àhk6¥W?0Ô@­
ûÞó³|CÑ ¼Äm<C384>ðGÍ1

BIN
secrets/pinwheel/alex.pinwheel-github.com-signing.age
View File

Binary file not shown.

BIN
secrets/pinwheel/alex.pinwheel-github.com-signing.pub.age
View File

Binary file not shown.

15
secrets/secrets.nix
View File

@@ -17,8 +17,10 @@ in {
"pinwheel/alex.pinwheel-tadpole.pub.age".publicKeys = [ pinwheel tadpole alex ]; "pinwheel/alex.pinwheel-tadpole.pub.age".publicKeys = [ pinwheel tadpole alex ];
"pinwheel/alex.pinwheel-github.com.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-github.com.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-github.com.pub.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-github.com.pub.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-github.com-signing.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-andromeda.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-github.com-signing.pub.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-andromeda.pub.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-codeberg.org.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-codeberg.org.pub.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-git.ppp.pm.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-git.ppp.pm.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-git.ppp.pm.pub.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-git.ppp.pm.pub.age".publicKeys = [ pinwheel alex ];
@@ -34,11 +36,6 @@ in {
"manatee/alex.manatee-git.ppp.pm.pub.age".publicKeys = [ manatee alex ]; "manatee/alex.manatee-git.ppp.pm.pub.age".publicKeys = [ manatee alex ];
"manatee/syncthing-cert.age".publicKeys = [ manatee alex ]; "manatee/syncthing-cert.age".publicKeys = [ manatee alex ];
"manatee/syncthing-key.age".publicKeys = [ manatee alex ]; "manatee/syncthing-key.age".publicKeys = [ manatee alex ];
"manatee/hetzner-dns.age".publicKeys = [ manatee alex ];
"manatee/komga-comicbooktracker-credentials.age".publicKeys = [ manatee alex];
"manatee/komga-bookmanager-credentials.age".publicKeys = [ manatee alex];
"manatee/komga-reading-stats-claude-api-key.age".publicKeys = [ manatee alex];
"manatee/komga-reading-stats-komga-api-key.age".publicKeys = [ manatee alex];
"backwards/root.backwards.age".publicKeys = [ backwards alex ]; "backwards/root.backwards.age".publicKeys = [ backwards alex ];
"backwards/root.backwards.pub.age".publicKeys = [ backwards alex ]; "backwards/root.backwards.pub.age".publicKeys = [ backwards alex ];
@@ -49,12 +46,16 @@ in {
"backwards/restic-password.age".publicKeys = [ backwards alex ]; "backwards/restic-password.age".publicKeys = [ backwards alex ];
"backwards/restic-cloud-sync-key.age".publicKeys = [ backwards alex ]; "backwards/restic-cloud-sync-key.age".publicKeys = [ backwards alex ];
"backwards/restic-cloud-sync-repository.age".publicKeys = [ backwards alex ]; "backwards/restic-cloud-sync-repository.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-codeberg.org.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-codeberg.org.pub.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-git.ppp.pm.age".publicKeys = [ backwards alex ]; "backwards/alex.backwards-git.ppp.pm.age".publicKeys = [ backwards alex ];
"backwards/alex.backwards-git.ppp.pm.pub.age".publicKeys = [ backwards alex ]; "backwards/alex.backwards-git.ppp.pm.pub.age".publicKeys = [ backwards alex ];
"backwards/wireless-network-secrets.age".publicKeys = [ backwards alex ]; "backwards/wireless-network-secrets.age".publicKeys = [ backwards alex ];
"tadpole/root.tadpole.age".publicKeys = [ tadpole alex ]; "tadpole/root.tadpole.age".publicKeys = [ tadpole alex ];
"tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ]; "tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-codeberg.org.pub.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-git.ppp.pm.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-git.ppp.pm.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ];
"tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ]; "tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ];

BIN
secrets/tadpole/alex.tadpole-codeberg.org.age Normal file
View File

Binary file not shown.

BIN
secrets/tadpole/alex.tadpole-codeberg.org.pub.age Normal file
View File

Binary file not shown.