cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

Compare commits

base: cnst:13b18e64a0b7d9b088064604b414256007e85d5f
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken
...
compare: cnst:compare_broken
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken

43 Commits
13b18e64a0 ... compare_br

Author SHA1 Message Date
cnst
d53bf7546a broken 2 2025-10-05 10:02:39 +02:00
cnst
c9edc99a85 chore(revert): slowly introducing changes 2025-10-05 09:27:51 +02:00
cnst
67e83e3e4e feat(authentik): fixing some fail2ban things 2025-10-02 05:45:35 +02:00
cnst
923c810972 feat(authentik): fixing some fail2ban things 2025-10-01 18:00:55 +02:00
cnst
6ab35f4e91 feat(www): fixing fail2ban and other minor tweaks 2025-09-30 18:16:49 +02:00
cnst
593f0e619c chore(ded): remove dead code 2025-09-29 19:31:23 +02:00
cnst
688e23d229 feat(pstate): opt in changes and sooooo 2025-09-29 19:28:33 +02:00
cnst
725a3ed27e chore(niri): go to nixpkgs niri release 2025-09-29 17:10:38 +02:00
cnst
e45dc0d223 feat(homelab): fixing cf tunnels, authentik and tailscale! 2025-09-28 18:27:17 +02:00
cnst
bc78dd7302 chore(?): hm 2025-09-28 16:24:32 +02:00
cnst
94c34f8675 chore(update): flake lock 2025-09-28 08:03:38 +02:00
cnst
fda7d972c4 chore(age): adding bunk credentials to agenix 2025-09-27 19:54:03 +02:00
cnst
f6bb6672bb chore(agenix): refactor some secrets 2025-09-27 14:35:04 +02:00
cnst
68f1cb9b09 chore(misc): removing dead code and small insignificant changes 2025-09-26 20:41:26 +02:00
cnst
e721a2088b feat(homepage-dashboard): adding some disk info 2025-09-26 17:41:19 +02:00
cnst
551a47989c Merge pull request 'feat(swaybg) adding swaybg and some script' (#5) from wutwut into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/5
 2025-09-25 17:30:37 +02:00
cnst
2cb07c45a7 Merge pull request 'feat(swaybg) adding bg script' (#4) from wut into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/4
 2025-09-25 17:26:09 +02:00
cnst
4666731676 feat(swaybg) adding swaybg and some script 2025-09-25 17:17:49 +02:00
cnst
8fe6382c48 feat(swaybg) adding bg script 2025-09-25 17:16:55 +02:00
cnst
068f47e9a2 chore(alacritty): fix cfg 2025-09-24 18:46:36 +02:00
cnst
27bd976a60 chore(alacritty): fix cfg 2025-09-24 06:30:48 +02:00
cnst
9adfb329af feat(theme): go to adwaita gtk theme 2025-09-23 20:04:08 +02:00
cnst
757c3081fd feat(alacritty): change theme and flake lock 2025-09-23 20:02:08 +02:00
cnst
1d2f934c98 chore(?): remove deader code 2025-09-23 18:14:43 +02:00
cnst
86624f362d feat(IP): migrate to traefik and authentik, remove dead code 2025-09-23 18:13:28 +02:00
cnst
b752781064 feat(nextcloud): switch from nginx to caddy 2025-09-21 13:27:02 +02:00
cnst
884b40c71d chore(?): remove dead code 2025-09-21 10:32:05 +02:00
cnst
f861d363ca feat(nextcloud): finishing touches and other chores 2025-09-21 10:28:54 +02:00
cnst
c63daec95c feat(nextcloud): tweaks to nextcloud 2025-09-20 12:31:12 +02:00
cnst
2e1d28450b Merge pull request 'feat(nextcloud): back to basics' (#3) from nextc into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/3
 2025-09-19 20:09:18 +02:00
cnst
1228c800a1 feat(nextcloud): back to basics 2025-09-19 20:08:45 +02:00
cnst
1c8ccb6405 feat(sh): niri spawning script for stacking two windows of same app vertically 2025-09-19 20:03:11 +02:00
cnst
3b7e566545 Merge pull request 'chore(update): remove lix patch, minor waybar changes' (#2) from update into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/2
 2025-09-18 20:00:32 +02:00
cnst
8c07f3642b chore(update): remove lix patch, minor waybar changes 2025-09-18 19:59:39 +02:00
cnst
0d447771eb feat(cloud): small change 2025-09-16 15:40:52 +02:00
cnst
73960162b0 feat(cloud): a lot of shitty stuff 2025-09-16 15:01:48 +02:00
cnst
eb76e0242d Merge pull request 'feat(nextcloud): adding nextcloud)' (#1) from nextcloud into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/1
 2025-09-16 10:16:21 +02:00
cnst
d58ad62975 feat(nextcloud): adding nextcloud) 2025-09-16 10:15:32 +02:00
cnst
8f2dbe061b feat(nextcloud): adding some secrets and stuff 2025-09-16 10:15:06 +02:00
cnst
a843e806bd feat(libvirtd): adding virtualisation 2025-09-16 08:54:20 +02:00
cnst
bc8b5449c7 fix(syncthing): disable 2025-09-15 18:18:57 +02:00
cnst
002f23378b fix(syncthing): typo 2025-09-15 17:49:59 +02:00
cnst
fb4c9dbba2 feat(gitea): disable mailing and test indexing 2025-09-15 12:20:20 +02:00
77 changed files with 1931 additions and 1132 deletions
Expand all files Collapse all files

560
flake.lock generated
View File

@@ -23,16 +23,17 @@
}, },
"anyrun": { "anyrun": {
"inputs": { "inputs": {
"anyrun-provider": "anyrun-provider",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1757840226, "lastModified": 1758874004,
"narHash": "sha256-Bxacqw2208XnOsOeDFLg0XqZ8b48jenepwS2OshA7D4=", "narHash": "sha256-+RUCBtT01Z595NpGc6Tvms+dJ/C/cn1zdjT9+gE6dbU=",
"owner": "anyrun-org", "owner": "anyrun-org",
"repo": "anyrun", "repo": "anyrun",
"rev": "b21edf8db8bf914774c8beb29f2161f1acb0ea9b", "rev": "3c571bc1514c4211d1d6c011a1d482f97efd9c5f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -41,6 +42,27 @@
"type": "github" "type": "github"
} }
}, },
"anyrun-provider": {
"inputs": {
"nixpkgs": [
"anyrun",
"nixpkgs"
]
},
"locked": {
"lastModified": 1758817837,
"narHash": "sha256-J3Jl4Z8SJHj+ogyohPeypT5LmQtCupdBteFezwiEZ9E=",
"owner": "anyrun-org",
"repo": "anyrun-provider",
"rev": "b20650aa1bf80ae86b5bf5253d21fc0ddb7985c7",
"type": "github"
},
"original": {
"owner": "anyrun-org",
"repo": "anyrun-provider",
"type": "github"
}
},
"aquamarine": { "aquamarine": {
"inputs": { "inputs": {
"hyprutils": [ "hyprutils": [
@@ -61,11 +83,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755946532, "lastModified": 1759499898,
"narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=", "narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada", "rev": "655e067f96fd44b3f5685e17f566b0e4d535d798",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -74,6 +96,54 @@
"type": "github" "type": "github"
} }
}, },
"authentik": {
"inputs": {
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": [
"flake-parts"
],
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": [
"nixpkgs"
],
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"systems": "systems_3",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1759322529,
"narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "69fac057b2e553ee17c9a09b822d735823d65a6c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "authentik-nix",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1759190535,
"narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.8.4",
"repo": "authentik",
"type": "github"
}
},
"chaotic": { "chaotic": {
"inputs": { "inputs": {
"flake-schemas": "flake-schemas", "flake-schemas": "flake-schemas",
@@ -83,11 +153,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1757789833, "lastModified": 1759532138,
"narHash": "sha256-cpYiHtQ9ROyutuFEkqDNkc3sOVayEeNHAtCVQI5reoc=", "narHash": "sha256-sLQIlgDwMP3mEY2PwjGW+cL56QQ2n2WXoZ3GpG5QWOY=",
"owner": "chaotic-cx", "owner": "chaotic-cx",
"repo": "nyx", "repo": "nyx",
"rev": "5a088eb3f84aeea80b2d240e25c4f72a0fbdea4e", "rev": "bad02bbca5b5c6d45539a0d740ad0e21b1ba9afc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -142,11 +212,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1757831996, "lastModified": 1759646430,
"narHash": "sha256-vLvo3VmGXA+mvra90asjpZTdjElDOZB62xuQP31pO2s=", "narHash": "sha256-V8mjmGzi9nS7BZfhpzYAOUg3BcCsC6MrEh9xlKq3+7s=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "7b679aa06678433ff15df49c9fc50671fc4fc4cc", "rev": "b326bea4d58c9a58b346f17c710538eac00f71d1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -156,6 +226,7 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": { "locked": {
"lastModified": 1747046372, "lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
@@ -171,7 +242,6 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"flake": false,
"locked": { "locked": {
"lastModified": 1747046372, "lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
@@ -203,6 +273,22 @@
} }
}, },
"flake-compat_4": { "flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1751685974, "lastModified": 1751685974,
@@ -226,11 +312,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754487366, "lastModified": 1756770412,
"narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -246,11 +332,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756770412, "lastModified": 1759362264,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751", "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -306,11 +392,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756770412, "lastModified": 1759362264,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751", "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -354,6 +440,27 @@
"url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz" "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz"
} }
}, },
"flake-utils": {
"inputs": {
"systems": [
"authentik",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fonts": { "fonts": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
@@ -384,11 +491,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757588530, "lastModified": 1759523803,
"narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", "narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", "rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -464,11 +571,11 @@
}, },
"hardware": { "hardware": {
"locked": { "locked": {
"lastModified": 1757891025, "lastModified": 1759582739,
"narHash": "sha256-NfiTk59huy/YK9H4W4wVwRYyiP2u86QqROM5KK4f5F4=", "narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "4c38a024fa32e61db2be8573e5282b15d9733a79", "rev": "3441b5242af7577230a78ffb03542add264179ab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -483,11 +590,11 @@
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1757891477, "lastModified": 1759605748,
"narHash": "sha256-xNZXCWqmJ1XOYbNYGKgp6o5sWcayyLWrSE3b7wzEA7k=", "narHash": "sha256-qALSaIE4fbTo0wbPjEp7RZKbtFk1cDhRZ0BYOHW0JwQ=",
"owner": "helix-editor", "owner": "helix-editor",
"repo": "helix", "repo": "helix",
"rev": "1f020b1d724fdbd1c8542c9654f2cb78c4f147b6", "rev": "6fffaf6a7ded9a12fb2d5715a4eb83787a5e6402",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -503,11 +610,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757910558, "lastModified": 1759573136,
"narHash": "sha256-qD2UBG+JfmIE50OmjumOQZ73LKUacxO7uq2hxkna0rA=", "narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5e06d0f1844bd150e7813368b06f32b03c816a0d", "rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -545,11 +652,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757698511, "lastModified": 1759337100,
"narHash": "sha256-UqHHGydF/q3jfYXCpvYLA0TWtvByOp1NwOKCUjhYmPs=", "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a3fcc92180c7462082cd849498369591dfb20855", "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -603,11 +710,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757542864, "lastModified": 1759490292,
"narHash": "sha256-8i9tsVoOmLQDHJkNgzJWnmxYFGkJNsSndimYpCoqmoA=", "narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprgraphics", "repo": "hyprgraphics",
"rev": "aa9d14963b94186934fd0715d9a7f0f2719e64bb", "rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -692,15 +799,15 @@
"hyprwayland-scanner": "hyprwayland-scanner_2", "hyprwayland-scanner": "hyprwayland-scanner_2",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_6",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_3", "systems": "systems_4",
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1757811161, "lastModified": 1759530922,
"narHash": "sha256-laCB71qgn9Eht7bH1nobIzEiR5r7WRHAB7XHHxLTiLQ=", "narHash": "sha256-9NgZKpibALekGTPDc2O8lP8vFealQSZkXe+L+S7MMZU=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland", "repo": "hyprland",
"rev": "559024c3314e4b1180b10b80fce4e9f20bad14c8", "rev": "76d998743ac10e712238c1016db4d8e8d16f1049",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -717,11 +824,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757889285, "lastModified": 1759613406,
"narHash": "sha256-IUDbY2sjfa+ySyI+BEw61QANuzCYXGIdCrbkULLAr1s=", "narHash": "sha256-PzgQJydp+RlKvwDi807pXPlURdIAVqLppZDga3DwPqg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "bc9dbdebbebeb8eb75115a865f74c8acc3ec2424", "rev": "32e1a75b65553daefb419f0906ce19e04815aa3a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -835,11 +942,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757508108, "lastModified": 1759080228,
"narHash": "sha256-bTYedtQFqqVBAh42scgX7+S3O6XKLnT6FTC6rpmyCCc=", "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-qtutils", "repo": "hyprland-qtutils",
"rev": "119bcb9aa742658107b326c50dcd24ab59b309b7", "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -864,11 +971,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756810301, "lastModified": 1758927902,
"narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=", "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931", "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -899,11 +1006,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757520666, "lastModified": 1759572448,
"narHash": "sha256-jYV+vPzfii7HSr3RSHMMP8msjvljsfOQd6JWpKjgLuw=", "narHash": "sha256-o+r44fqPQM+/hQdjFy9qV9C51Jhty6M4icFVYocyJfA=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlock", "repo": "hyprlock",
"rev": "450ae1e5f09fa95c970fb370c037e60d3b4783f2", "rev": "c8a6768dca626cf7d7cbc333095f048bc007b6d9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -962,11 +1069,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756117388, "lastModified": 1759490926,
"narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=", "narHash": "sha256-7IbZGJ5qAAfZsGhBHIsP8MBsfuFYS0hsxYHVkkeDG5Q=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0", "rev": "94cce794344538c4d865e38682684ec2bbdb2ef3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1084,11 +1191,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757230583, "lastModified": 1759387127,
"narHash": "sha256-4uqu7sFPOaVTCogsxaGMgbzZ2vK40GVGMfUmrvK3/LY=", "narHash": "sha256-uuwJAP92SkHmnI1zo7rrK/gEuHtb97vFZcMa5w+0SZA=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "fc3960e6c32c9d4f95fff2ef84444284d24d3bea", "rev": "0cc290e05882745060fccfe6d7d073f913e0cce7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1100,7 +1207,7 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_7",
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
@@ -1122,11 +1229,11 @@
}, },
"mnw": { "mnw": {
"locked": { "locked": {
"lastModified": 1756659871, "lastModified": 1758834834,
"narHash": "sha256-v6Rh4aQ6RKjM2N02kK9Usn0Ix7+OY66vNpeklc1MnGE=", "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=",
"owner": "Gerg-L", "owner": "Gerg-L",
"repo": "mnw", "repo": "mnw",
"rev": "ed6cc3e48557ba18266e598a5ebb6602499ada16", "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1135,59 +1242,29 @@
"type": "github" "type": "github"
} }
}, },
"niri": { "napalm": {
"inputs": { "inputs": {
"niri-stable": "niri-stable", "flake-utils": [
"niri-unstable": "niri-unstable", "authentik",
"nixpkgs": "nixpkgs_8", "flake-utils"
"nixpkgs-stable": "nixpkgs-stable", ],
"xwayland-satellite-stable": "xwayland-satellite-stable", "nixpkgs": [
"xwayland-satellite-unstable": "xwayland-satellite-unstable" "authentik",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1757870947, "lastModified": 1725806412,
"narHash": "sha256-0N8w6SB6a68kWioFmlr+KfwfG44KVjPjJIBSQKNdNhE=", "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=",
"owner": "sodiboo", "owner": "willibutz",
"repo": "niri-flake", "repo": "napalm",
"rev": "8e9b1a571399104e42d8fa5de6c28c63bff0c16a", "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "sodiboo", "owner": "willibutz",
"repo": "niri-flake", "ref": "avoid-foldl-stack-overflow",
"type": "github" "repo": "napalm",
}
},
"niri-stable": {
"flake": false,
"locked": {
"lastModified": 1756556321,
"narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"ref": "v25.08",
"repo": "niri",
"type": "github"
}
},
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1757832020,
"narHash": "sha256-SCdus7r4IS8l3jzF8mcMFMlDvACTdmDCcsPnGUEqll0=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "e6a8ad38479eb179dc7301755316f993e3e872ea",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"repo": "niri",
"type": "github" "type": "github"
} }
}, },
@@ -1201,11 +1278,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757814419, "lastModified": 1759629535,
"narHash": "sha256-wmlDAkOrwX9cvhXQa7wekGr/5G6SfE2D5KlvuvSEEXc=", "narHash": "sha256-VIXcJ2ahRgoqIUySwAz3r5mtITO2dp6tXGCVKVW6FmA=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "17db183a6a2ba1217bbfc123b47d4b5ee70b256a", "rev": "df388c42b54714bd121796a9cec9322b7fa2894e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1268,45 +1345,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1757810152,
"narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a094440e02a699be5c57453a092a8baf569bdad",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1756696532,
"narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "58dcbf1ec551914c3756c267b8b9c8c86baa1b2f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1755186698, "lastModified": 1758690382,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "rev": "e643668fd71b949c53f8626614b21ff71a07379d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1318,11 +1363,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1757598577, "lastModified": 1759147044,
"narHash": "sha256-+PccWxBVh1cFy2sDWHlpSBG+OP0b6o/DE2EzCxsB0ns=", "narHash": "sha256-3ZPFytJOcLjTChljeaGgoaNj+tOqzgEpqZAvRe3bU90=",
"owner": "PedroHLC", "owner": "PedroHLC",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7bbfafff0e9f1c9a0d10ca4d4c26aaa49a13d893", "rev": "18e83bbe13aa50992777832b52bd0e0d8585fb3b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1366,11 +1411,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1757487488, "lastModified": 1759381078,
"narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1398,11 +1443,11 @@
}, },
"nixpkgs_8": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1757745802, "lastModified": 1759381078,
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1414,34 +1459,34 @@
}, },
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1757745802, "lastModified": 1759386674,
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "narHash": "sha256-wg1Lz/1FC5Q13R+mM5a2oTV9TA9L/CHHTm3/PiLayfA=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "rev": "625ad6366178f03acd79f9e3822606dd7985b657",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nvf": { "nvf": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_5", "flake-parts": "flake-parts_5",
"mnw": "mnw", "mnw": "mnw",
"nixpkgs": "nixpkgs_10", "nixpkgs": "nixpkgs_9",
"systems": "systems_4" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1757773905, "lastModified": 1759469269,
"narHash": "sha256-lM1K3cJsPQyiSGI3rE/F7u02fA/JYBsinMN49IQCY1s=", "narHash": "sha256-DP833ejGUNRRHsJOB3WRTaWWXLNucaDga2ju/fGe+sc=",
"owner": "notashelf", "owner": "notashelf",
"repo": "nvf", "repo": "nvf",
"rev": "7e74ee604a7c18dda21e6a809720ad37ab5bae43", "rev": "e48638aef3a95377689de0ef940443c64f870a09",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1452,7 +1497,7 @@
}, },
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"gitignore": "gitignore_2", "gitignore": "gitignore_2",
"nixpkgs": [ "nixpkgs": [
"hyprland", "hyprland",
@@ -1460,11 +1505,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757588530, "lastModified": 1758108966,
"narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1499,13 +1544,64 @@
"type": "github" "type": "github"
} }
}, },
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
],
"pyproject-nix": [
"authentik",
"pyproject-nix"
],
"uv2nix": [
"authentik",
"uv2nix"
]
},
"locked": {
"lastModified": 1757296493,
"narHash": "sha256-6nzSZl28IwH2Vx8YSmd3t6TREHpDbKlDPK+dq1LKIZQ=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "5b8e37fe0077db5c1df3a5ee90a651345f085d38",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
]
},
"locked": {
"lastModified": 1757246327,
"narHash": "sha256-6pNlGhwOIMfhe/RLjHdpXveKS4FyLHvlGe+KtjDild4=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "8d77f342d66ad1601cdb9d97e9388b69f64d4c8e",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"anyrun": "anyrun", "anyrun": "anyrun",
"authentik": "authentik",
"chaotic": "chaotic", "chaotic": "chaotic",
"fenix": "fenix", "fenix": "fenix",
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"fonts": "fonts", "fonts": "fonts",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
@@ -1518,11 +1614,10 @@
"hyprlock": "hyprlock", "hyprlock": "hyprlock",
"hyprpaper": "hyprpaper", "hyprpaper": "hyprpaper",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"niri": "niri",
"nix-gaming": "nix-gaming", "nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_9", "nixpkgs": "nixpkgs_8",
"nvf": "nvf", "nvf": "nvf",
"systems": "systems_5", "systems": "systems_6",
"treefmt-nix": "treefmt-nix", "treefmt-nix": "treefmt-nix",
"tuirun": "tuirun", "tuirun": "tuirun",
"zen-browser": "zen-browser" "zen-browser": "zen-browser"
@@ -1531,11 +1626,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1757362324, "lastModified": 1759601486,
"narHash": "sha256-/PAhxheUq4WBrW5i/JHzcCqK5fGWwLKdH6/Lu1tyS18=", "narHash": "sha256-ZywfLIFtRr907us1tONwUJLeg3ssO4D01XBFHx7RdAo=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "9edc9cbe5d8e832b5864e09854fa94861697d2fd", "rev": "4ae99f0150c94f4bdf7192b4447f512ece3546fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1553,11 +1648,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757730403, "lastModified": 1759458749,
"narHash": "sha256-Jxl4OZRVsXs8JxEHUVQn3oPu6zcqFyGGKaFrlNgbzp0=", "narHash": "sha256-WKnbJnm1B2+TO2ZUudgS39EzecQeLl4/bnRtd3y46LI=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "3232f7f8bd07849fc6f4ae77fe695e0abb2eba2c", "rev": "bbc3a8ae797d1700e57a4f4bcc4e79af727d4138",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1654,6 +1749,21 @@
} }
}, },
"systems_4": { "systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_5": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -1668,7 +1778,7 @@
"type": "github" "type": "github"
} }
}, },
"systems_5": { "systems_6": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -1683,7 +1793,7 @@
"type": "github" "type": "github"
} }
}, },
"systems_6": { "systems_7": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -1705,11 +1815,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756662192, "lastModified": 1758728421,
"narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=", "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4", "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1724,7 +1834,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_6" "systems": "systems_7"
}, },
"locked": { "locked": {
"lastModified": 1735478319, "lastModified": 1735478319,
@@ -1740,6 +1850,31 @@
"url": "https://git.sr.ht/~canasta/tuirun" "url": "https://git.sr.ht/~canasta/tuirun"
} }
}, },
"uv2nix": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
],
"pyproject-nix": [
"authentik",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1757925761,
"narHash": "sha256-7Hwz0vfHuFqCo5v7Q07GQgLBWuPvZCuf/5/pk4NoADg=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "780494c40895bb7419a73d942bee326291e80b3b",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
},
"xdph": { "xdph": {
"inputs": { "inputs": {
"hyprland-protocols": [ "hyprland-protocols": [
@@ -1781,39 +1916,6 @@
"type": "github" "type": "github"
} }
}, },
"xwayland-satellite-stable": {
"flake": false,
"locked": {
"lastModified": 1755491097,
"narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "388d291e82ffbc73be18169d39470f340707edaa",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"ref": "v0.7",
"repo": "xwayland-satellite",
"type": "github"
}
},
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1757179758,
"narHash": "sha256-TIvyWzRt1miQj6Cf5Wy8Qz43XIZX7c4vTVwRLAT5S4Y=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "970728d0d9d1eada342bb8860af214b601139e58",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"type": "github"
}
},
"zen-browser": { "zen-browser": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -1821,11 +1923,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757279270, "lastModified": 1759590499,
"narHash": "sha256-q9XVkyORjd+5uZKuSbErz0nEzlKLR3TRwLtxPgkiJVI=", "narHash": "sha256-EBToRzqe5WMz4DQyxOp9/CP+rWjdaZ2EUwbItfNf3VI=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "2a6161f5ef9c2c65ce1e324fa0d3e0adc12a9c95", "rev": "6e606c8bfa6a88209488790388b1005bc489fa66",
"revCount": 130, "revCount": 136,
"type": "git", "type": "git",
"url": "https://git.sr.ht/~canasta/zen-browser-flake" "url": "https://git.sr.ht/~canasta/zen-browser-flake"
}, },

16
flake.nix
View File

@@ -18,7 +18,11 @@
]; ];
perSystem = perSystem =
{ config, pkgs, ... }: {
config,
pkgs,
...
}:
{ {
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
packages = [ packages = [
@@ -51,6 +55,14 @@
inputs.nixpkgs-lib.follows = "nixpkgs"; inputs.nixpkgs-lib.follows = "nixpkgs";
}; };
authentik = {
url = "github:nix-community/authentik-nix";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
};
};
flake-compat.url = "github:edolstra/flake-compat"; flake-compat.url = "github:edolstra/flake-compat";
# Hyprland environment # Hyprland environment
@@ -135,8 +147,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
niri.url = "github:sodiboo/niri-flake";
# Custom # Custom
tuirun = { tuirun = {
url = "git+https://git.sr.ht/~canasta/tuirun"; url = "git+https://git.sr.ht/~canasta/tuirun";

1
hosts/default.nix
View File

@@ -82,6 +82,7 @@
self.nixosModules.settings self.nixosModules.settings
self.nixosModules.server self.nixosModules.server
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
inputs.authentik.nixosModules.default
]; ];
}; };
ziggy = nixosSystem { ziggy = nixosSystem {

2
hosts/kima/default.nix
View File

@@ -46,8 +46,6 @@ in
environment.variables = { environment.variables = {
NH_FLAKE = "/home/cnst/.nix-config"; NH_FLAKE = "/home/cnst/.nix-config";
GEMINI_API_KEY = config.age.secrets.gcapi.path; GEMINI_API_KEY = config.age.secrets.gcapi.path;
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
NIXOS_OZONE_WL = "1";
}; };
# # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion

3
hosts/kima/hardware-configuration.nix
View File

@@ -21,8 +21,9 @@
"usbhid" "usbhid"
"sd_mod" "sd_mod"
]; ];
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ boot.kernelModules = [
"amdgpu"
"kvm-amd" "kvm-amd"
"i2c-dev" "i2c-dev"
]; ];

9
hosts/kima/modules.nix
View File

@@ -4,7 +4,8 @@
kernel = { kernel = {
variant = "latest"; variant = "latest";
hardware = [ "amd" ]; hardware = [ "amd" ];
extraKernelParams = [ "amdgpu.dcdebugmask=0x10" ]; extraKernelParams = [ ];
amdOverdrive.enable = true;
}; };
loader = { loader = {
default = { default = {
@@ -171,6 +172,9 @@
kanata = { kanata = {
enable = true; enable = true;
}; };
virtualisation = {
enable = false;
};
locate = { locate = {
enable = true; enable = true;
}; };
@@ -211,6 +215,9 @@
scheduler = "scx_lavd"; scheduler = "scx_lavd";
flags = "--performance"; flags = "--performance";
}; };
tailscale = {
enable = false;
};
udisks = { udisks = {
enable = true; enable = true;
}; };

16
hosts/sobotka/default.nix
View File

@@ -3,11 +3,9 @@
config, config,
pkgs, pkgs,
... ...
}: }: let
let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in in {
{
users.users.cnst = { users.users.cnst = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.fish; shell = pkgs.fish;
@@ -41,6 +39,7 @@ in
"share" "share"
"jellyfin" "jellyfin"
"render" "render"
"traefik"
]; ];
}; };
@@ -51,8 +50,7 @@ in
./server.nix ./server.nix
]; ];
boot.initrd.luks.devices."luks-47b35d4b-467a-4637-a5f9-45177da62897".device = boot.initrd.luks.devices."luks-47b35d4b-467a-4637-a5f9-45177da62897".device = "/dev/disk/by-uuid/47b35d4b-467a-4637-a5f9-45177da62897";
"/dev/disk/by-uuid/47b35d4b-467a-4637-a5f9-45177da62897";
networking = { networking = {
hostName = "sobotka"; hostName = "sobotka";
@@ -69,8 +67,8 @@ in
]; ];
boot = { boot = {
supportedFilesystems = [ "zfs" ]; supportedFilesystems = ["zfs"];
zfs.extraPools = [ "data" ]; zfs.extraPools = ["data"];
}; };
services.zfs = { services.zfs = {
@@ -78,6 +76,8 @@ in
autoScrub.enable = true; autoScrub.enable = true;
}; };
environment.etc."nextcloud-admin-pass".text = "DeHKor3x8^eqqnBXjqhQ&QBl*3!sOLg8agfzOILihju#^0!2AfJ9W*vn";
environment.variables.NH_FLAKE = "/home/cnst/.nix-config"; environment.variables.NH_FLAKE = "/home/cnst/.nix-config";
# # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion

7
hosts/sobotka/modules.nix
View File

@@ -3,8 +3,8 @@
boot = { boot = {
kernel = { kernel = {
variant = "latest"; variant = "latest";
hardware = [ "amd" ]; hardware = ["amd"];
extraKernelParams = [ ]; extraKernelParams = [];
}; };
loader = { loader = {
default = { default = {
@@ -213,6 +213,9 @@
scheduler = "scx_lavd"; scheduler = "scx_lavd";
flags = "--performance"; flags = "--performance";
}; };
tailscale = {
enable = false;
};
udisks = { udisks = {
enable = true; enable = true;
}; };

30
hosts/sobotka/server.nix
View File

@@ -8,16 +8,19 @@
uid = 994; uid = 994;
gid = 993; gid = 993;
traefik = {
enable = true;
};
gitea = { gitea = {
enable = true; enable = true;
}; };
unbound = { unbound = {
enable = true; enable = true;
}; };
caddy = { homepage-dashboard = {
enable = true; enable = true;
}; };
homepage-dashboard = { n8n = {
enable = true; enable = true;
}; };
bazarr = { bazarr = {
@@ -52,14 +55,31 @@
credentialsFile = config.age.secrets.vaultwardenCloudflared.path; credentialsFile = config.age.secrets.vaultwardenCloudflared.path;
}; };
}; };
www = {
enable = true;
url = "cnst.dev";
cloudflared = {
tunnelId = "e5076186-efb7-405a-998c-6155af7fb221";
credentialsFile = config.age.secrets.wwwCloudflared.path;
};
};
authentik = {
enable = true;
url = "auth.cnst.dev";
cloudflared = {
tunnelId = "b66f9368-db9e-4302-8b48-527cda34a635";
credentialsFile = config.age.secrets.authentikCloudflared.path;
};
};
nextcloud = {
enable = true;
adminpassFile = config.age.secrets.nextcloudAdminPass.path;
};
fail2ban = { fail2ban = {
enable = true; enable = true;
apiKeyFile = config.age.secrets.cloudflareFirewallApiKey.path; apiKeyFile = config.age.secrets.cloudflareFirewallApiKey.path;
zoneId = "0027acdfb8bbe010f55b676ad8698dfb"; zoneId = "0027acdfb8bbe010f55b676ad8698dfb";
}; };
syncthing = {
enable = true;
};
keepalived = { keepalived = {
enable = true; enable = true;
interface = "enp6s0"; interface = "enp6s0";

6
hosts/ziggy/server.nix
View File

@@ -1,5 +1,4 @@
{ config, ... }: {config, ...}: {
{
server = { server = {
enable = true; enable = true;
email = "adam@cnst.dev"; email = "adam@cnst.dev";
@@ -12,9 +11,6 @@
unbound = { unbound = {
enable = true; enable = true;
}; };
caddy = {
enable = true;
};
homepage-dashboard = { homepage-dashboard = {
enable = false; enable = false;
}; };

10
lib/theme/bgs.nix
View File

@@ -1,11 +1,11 @@
lib: { lib: {
bgs = rec { bgs = rec {
files = { files = {
wallpaper_1 = "~/media/images/bg_1.jpg"; wallpaper_1 = "~/media/images/bgs/bg_1.jpg";
wallpaper_2 = "~/media/images/bg_2.jpg"; wallpaper_2 = "~/media/images/bgs/bg_2.jpg";
wallpaper_3 = "~/media/images/bg_3.jpg"; wallpaper_3 = "~/media/images/bgs/bg_3.jpg";
wallpaper_4 = "~/media/images/waterwindow.jpg"; wallpaper_4 = "~/media/images/bgs/waterwindow.jpg";
wallpaper_5 = "~/media/images/barngreet.png"; wallpaper_5 = "~/media/images/bgs/barngreet.png";
}; };
list = builtins.attrNames files; list = builtins.attrNames files;

9
modules/default.nix
View File

@@ -97,6 +97,7 @@
./nixos/services/greetd ./nixos/services/greetd
./nixos/services/gvfs ./nixos/services/gvfs
./nixos/services/kanata ./nixos/services/kanata
./nixos/services/virtualisation
./nixos/services/locate ./nixos/services/locate
./nixos/services/mullvad ./nixos/services/mullvad
./nixos/services/nfs ./nixos/services/nfs
@@ -112,6 +113,7 @@
./nixos/services/udisks ./nixos/services/udisks
./nixos/services/xserver ./nixos/services/xserver
./nixos/services/zram ./nixos/services/zram
./nixos/services/tailscale
./nixos/system/fonts ./nixos/system/fonts
./nixos/system/locale ./nixos/system/locale
@@ -121,24 +123,27 @@
server = { server = {
imports = [ imports = [
./server ./server
./server/caddy
./server/fail2ban ./server/fail2ban
./server/homepage-dashboard ./server/homepage-dashboard
./server/nextcloud
./server/vaultwarden ./server/vaultwarden
./server/bazarr ./server/bazarr
./server/prowlarr ./server/prowlarr
./server/lidarr ./server/lidarr
./server/radarr ./server/radarr
./server/sonarr ./server/sonarr
./server/syncthing
./server/jellyseerr ./server/jellyseerr
./server/jellyfin ./server/jellyfin
./server/n8n
./server/podman ./server/podman
./server/unbound ./server/unbound
./server/uptime-kuma ./server/uptime-kuma
./server/keepalived ./server/keepalived
./server/gitea ./server/gitea
./server/postgres ./server/postgres
./server/traefik
./server/www
./server/authentik
]; ];
}; };
settings = { settings = {

59
modules/home/programs/alacritty/default.nix
View File

@@ -14,36 +14,37 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.alacritty = { programs.alacritty = {
enable = true; enable = true;
theme = "gruvbox_material_hard_dark";
settings = { settings = {
# Default colors # Default colors
colors.primary = { # colors = {
background = "#282828"; # primary = {
foreground = "#d4be98"; # background = "#282828";
}; # foreground = "#d4be98";
colors = { # };
# Normal colors # # Normal colors
normal = { # normal = {
black = "#3c3836"; # black = "#3c3836";
red = "#ea6962"; # red = "#ea6962";
green = "#a9b665"; # green = "#a9b665";
yellow = "#d8a657"; # yellow = "#d8a657";
blue = "#7daea3"; # blue = "#7daea3";
magenta = "#d3869b"; # magenta = "#d3869b";
cyan = "#89b482"; # cyan = "#89b482";
white = "#d4be98"; # white = "#d4be98";
}; # };
# Bright colors (same as normal colors) # # Bright colors (same as normal colors)
bright = { # bright = {
black = "#3c3836"; # black = "#3c3836";
red = "#ea6962"; # red = "#ea6962";
green = "#a9b665"; # green = "#a9b665";
yellow = "#d8a657"; # yellow = "#d8a657";
blue = "#7daea3"; # blue = "#7daea3";
magenta = "#d3869b"; # magenta = "#d3869b";
cyan = "#89b482"; # cyan = "#89b482";
white = "#d4be98"; # white = "#d4be98";
}; # };
}; # };
font = { font = {
size = 12; size = 12;
normal = { normal = {
@@ -73,7 +74,7 @@ in
]; ];
window = { window = {
dynamic_title = true; dynamic_title = true;
opacity = 0.9; opacity = 0.95;
padding = { padding = {
x = 5; x = 5;
y = 5; y = 5;

2
modules/home/programs/ghostty/default.nix
View File

@@ -28,7 +28,7 @@ in
enableFishIntegration = config.programs.fish.enable; enableFishIntegration = config.programs.fish.enable;
enableZshIntegration = config.programs.zsh.enable; enableZshIntegration = config.programs.zsh.enable;
settings = { settings = {
theme = "GruvboxDarkHard"; theme = "Gruvbox Dark Hard";
focus-follows-mouse = true; focus-follows-mouse = true;
resize-overlay = "never"; resize-overlay = "never";
background-opacity = 0.95; background-opacity = 0.95;

70
modules/home/programs/mpv/default.nix
View File

@@ -7,6 +7,9 @@
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.home.programs.mpv; cfg = config.home.programs.mpv;
inherit (config.xdg.userDirs) videos;
inherit (config.home) homeDirectory;
shaders_dir = "${pkgs.mpv-shim-default-shaders}/share/mpv-shim-default-shaders/shaders";
in in
{ {
options = { options = {
@@ -15,8 +18,71 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.mpv = { programs.mpv = {
enable = true; enable = true;
defaultProfiles = [ "gpu-hq" ]; config = {
scripts = [ pkgs.mpvScripts.mpris ]; profile = "gpu-hq";
gpu-context = "wayland";
vo = "gpu-next";
video-sync = "display-resample";
interpolation = true;
tscale = "oversample";
fullscreen = false;
keep-open = true;
sub-auto = "fuzzy";
sub-font = "Noto Sans Medium";
sub-blur = 10;
screenshot-format = "png";
title = "\${filename} - mpv";
script-opts = "osc-title=\${filename},osc-boxalpha=150,osc-visibility=never,osc-boxvideo=yes";
ytdl-format = "bestvideo[height<=?1440]+bestaudio/best";
ao = "pipewire";
alang = "eng,en";
slang = "eng,en,enUS";
glsl-shader = "${homeDirectory}/.config/mpv/shaders/FSR.glsl";
scale = "lanczos";
cscale = "lanczos";
dscale = "mitchell";
deband = "yes";
scale-antiring = 1;
osc = "no";
osd-on-seek = "no";
osd-bar = "no";
osd-bar-w = 30;
osd-bar-h = "0.2";
osd-duration = 750;
really-quiet = "yes";
autofit = "65%";
};
bindings = {
"ctrl+a" = "script-message osc-visibility cycle";
};
scripts = with pkgs.mpvScripts; [
mpris
uosc
thumbfast
sponsorblock
autocrop
];
};
programs.yt-dlp = {
enable = true;
extraConfig = ''
-o ${videos}/youtube/%(title)s.%(ext)s
'';
};
home = {
file = {
".config/mpv/shaders/FSR.glsl".source = "${shaders_dir}/FSR.glsl";
};
packages = with pkgs; [
jellyfin-mpv-shim
];
}; };
}; };
} }

1
modules/home/programs/pkgs/default.nix
View File

@@ -92,7 +92,6 @@ in
adwaita-icon-theme adwaita-icon-theme
qt5.qtwayland qt5.qtwayland
qt6.qtwayland qt6.qtwayland
wl-clipboard
wpa_supplicant wpa_supplicant
unrar unrar
material-icons material-icons

36
modules/home/programs/waybar/config/config.jsonc
View File

@@ -1,5 +1,11 @@
[ [
{ {
"height": 25,
"layer": "top",
"output": [
"DP-3",
"eDP-1"
],
"modules-left": [ "modules-left": [
"group/system" "group/system"
], ],
@@ -9,13 +15,12 @@
"modules-right": [ "modules-right": [
"custom/progress", "custom/progress",
"custom/systemd", "custom/systemd",
"group/tray",
"pulseaudio", "pulseaudio",
"backlight", "backlight",
"battery", "battery",
"date", "group/tray",
"clock", "custom/dunst",
"custom/dunst" "clock"
], ],
"backlight": { "backlight": {
"format": "<span foreground='#928374'>{icon}</span> {percent}%", "format": "<span foreground='#928374'>{icon}</span> {percent}%",
@@ -42,18 +47,9 @@
"clock": { "clock": {
"interval": 60, "interval": 60,
"format": "{:%H:%M}", "format": "{:%H:%M}",
// "on-click": "calcurse-toggle.sh",
// "on-click-right": "calsync.sh",
"rotate": 0, "rotate": 0,
"tooltip": false "tooltip": false
}, },
// "date": {
// "format": "<span foreground='#928374'></span> {%a, %d %b}",
// "on-click": "calcurse-toggle.sh",
// "on-click-right": "calsync.sh",
// "rotate": 0,
// "tooltip": false
// },
"cpu": { "cpu": {
"format": "<span foreground='#928374'></span> {usage}%", "format": "<span foreground='#928374'></span> {usage}%",
"states": { "states": {
@@ -125,16 +121,13 @@
], ],
"orientation": "inherit" "orientation": "inherit"
}, },
"height": 25,
"hyprland/workspaces": { "hyprland/workspaces": {
"active-only": false, "active-only": false,
"all-outputs": false, "all-outputs": false,
"format": "{icon}", "format": "{icon}",
"format-icons": { "format-icons": {
"urgent": "", "urgent": "",
"active": "",
"visible": "", "visible": "",
"default": "",
"empty": "" "empty": ""
}, },
"on-click": "activate", "on-click": "activate",
@@ -148,14 +141,11 @@
"niri/workspaces": { "niri/workspaces": {
"format": "{icon}", "format": "{icon}",
"format-icons": { "format-icons": {
// Named workspaces
// (you need to configure them in niri)
"browser": "", "browser": "",
"discord": "", "discord": "",
"chat": "<b></b>", "chat": "<b></b>",
// Icons by state "active": "",
"active": "", "default": ""
"default": ""
} }
}, },
"memory": { "memory": {
@@ -173,10 +163,6 @@
"interval": 2, "interval": 2,
"tooltip-format": "{ifname}: {ipaddr}/{cidr}\n {bandwidthDownBits}\n {bandwidthUpBits}" "tooltip-format": "{ifname}: {ipaddr}/{cidr}\n {bandwidthDownBits}\n {bandwidthUpBits}"
}, },
"output": [
"DP-3",
"eDP-1"
],
"pulseaudio": { "pulseaudio": {
"format": "<span foreground='#928374'>{icon}</span> {volume}% {format_source}", "format": "<span foreground='#928374'>{icon}</span> {volume}% {format_source}",
"format-bluetooth": "<span foreground='#928374'>{icon}</span> {volume}% {format_source}", "format-bluetooth": "<span foreground='#928374'>{icon}</span> {volume}% {format_source}",

35
modules/home/programs/waybar/config/style.css
View File

@@ -2,14 +2,25 @@
all: unset; all: unset;
border: none; border: none;
border-radius: 0; border-radius: 0;
font-family: "DepartureMono Nerd Font", "Font Awesome 6 Free Solid"; font-family:
font-size: 14px; "DepartureMono Nerd Font", "Input Sans Compressed",
"Font Awesome 6 Free Solid";
font-size: 15px;
min-height: 0; min-height: 0;
} }
window#waybar { window#waybar {
color: #fbf1c7; color: #fbf1c7;
background-color: rgba(43, 45, 50, 0.6); background-color: rgba(43, 45, 50, 0.5);
}
tooltip {
background: rgba(50, 50, 50, 0.9);
border: 1px solid rgba(100, 114, 125, 0.6);
}
tooltip label {
color: #fbf1c7;
font-family: "Input Sans Compressed";
} }
#workspaces button { #workspaces button {
@@ -23,14 +34,10 @@ window#waybar {
#workspaces button:hover { #workspaces button:hover {
color: #ebdbb2; color: #ebdbb2;
animation: ws_active 0s ease-in-out 1;
transition: all 0.2s cubic-bezier(0.55, -0.68, 0.48, 1.682);
} }
#workspaces button.active { #workspaces button.active {
color: #fbf1c7; color: #fbf1c7;
animation: ws_active 0s ease-in-out 1;
transition: all 0.2s cubic-bezier(0.55, -0.68, 0.48, 1.682);
} }
#custom-logo { #custom-logo {
@@ -87,13 +94,14 @@ window#waybar {
#memory, #memory,
#backlight, #backlight,
#battery, #battery,
#date, #date {
#clock {
padding: 0 3px; padding: 0 3px;
margin: 0 3px; margin: 0 3px;
} }
#clock { #clock {
padding: 0px 3px;
margin: 0px 6px 0px 0px;
font-family: "DepartureMono Nerd Font"; font-family: "DepartureMono Nerd Font";
} }
@@ -132,12 +140,17 @@ window#waybar {
} }
#tray menu * { #tray menu * {
background-color: rgba(50, 48, 47, 0.9); background: rgba(50, 50, 50, 0.9);
color: #fbf1c7;
font-family: "Input Sans Compressed"; font-family: "Input Sans Compressed";
padding: 2px 2px; padding: 2px 2px;
} }
#tray menu menuitem:hover { #tray menu {
border: 1px solid rgba(100, 114, 125, 0.6);
}
#tray menu item:hover {
color: #4c7a5d; color: #4c7a5d;
} }

8
modules/home/services/gtk/default.nix
View File

@@ -27,10 +27,10 @@ in
}; };
gtk = { gtk = {
enable = true; enable = true;
theme = { # theme = {
package = pkgs.orchis-theme; # package = pkgs.orchis-theme;
name = "Orchis-Grey-Dark-Compact"; # name = "Orchis-Grey-Dark-Compact";
}; # };
iconTheme = { iconTheme = {
# package = pkgs.adwaita-icon-theme; # package = pkgs.adwaita-icon-theme;
package = pkgs.papirus-icon-theme; package = pkgs.papirus-icon-theme;

13
modules/nixos/boot/kernel/default.nix
View File

@@ -5,7 +5,12 @@
... ...
}: }:
let let
inherit (lib) mkOption types; inherit (lib)
mkOption
types
mkEnableOption
mkIf
;
cfg = config.nixos.boot.kernel; cfg = config.nixos.boot.kernel;
hasHardware = hw: builtins.elem hw cfg.hardware; hasHardware = hw: builtins.elem hw cfg.hardware;
@@ -37,8 +42,11 @@ in
); );
default = [ ]; default = [ ];
description = "List of hardware types (e.g. GPU and CPU vendors) to configure kernel settings for."; description = "List of hardware types (e.g. GPU and CPU vendors) to configure kernel settings for.";
}; };
amdOverdrive.enable = mkEnableOption "Enable AMD pstate/overdrive";
extraKernelParams = mkOption { extraKernelParams = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
@@ -74,7 +82,7 @@ in
"quiet" "quiet"
"splash" "splash"
] ]
++ (if hasHardware "amd" then [ "amd_pstate=active" ] else [ ]) ++ (if hasHardware "amd" then [ ] else [ ])
++ (if hasHardware "intel" then [ ] else [ ]) ++ (if hasHardware "intel" then [ ] else [ ])
++ (if hasHardware "nvidia" then [ ] else [ ]) ++ (if hasHardware "nvidia" then [ ] else [ ])
++ cfg.extraKernelParams; ++ cfg.extraKernelParams;
@@ -85,5 +93,6 @@ in
++ (if hasHardware "nvidia" then [ "nouveau" ] else [ ]) ++ (if hasHardware "nvidia" then [ "nouveau" ] else [ ])
++ cfg.extraBlacklistedModules; ++ cfg.extraBlacklistedModules;
}; };
hardware.amdgpu.overdrive.enable = mkIf cfg.amdOverdrive.enable true;
}; };
} }

66
modules/nixos/hardware/graphics/default.nix
View File

@@ -89,37 +89,39 @@ in
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable (mkMerge [
{ {
hardware.graphics = { hardware = {
enable = true; graphics = {
enable32Bit = true; enable = true;
extraPackages = flatten ( enable32Bit = true;
concatMap ( extraPackages = flatten (
vendor: concatMap (
if vendor == "amd" then vendor:
commonPackages ++ mesaVulkanPackages if vendor == "amd" then
else if vendor == "intel" then commonPackages ++ mesaVulkanPackages
commonPackages else if vendor == "intel" then
++ mesaVulkanPackages commonPackages
++ (with pkgs; [ ++ mesaVulkanPackages
vpl-gpu-rt ++ (with pkgs; [
intel-media-driver vpl-gpu-rt
intel-compute-runtime intel-media-driver
intel-vaapi-driver intel-compute-runtime
]) intel-vaapi-driver
else if vendor == "nvidia" then ])
commonPackages else if vendor == "nvidia" then
++ (with pkgs; [ commonPackages
nvidiaOffloadScript ++ (with pkgs; [
intel-media-driver nvidiaOffloadScript
nvidia-vaapi-driver intel-media-driver
vulkan-tools nvidia-vaapi-driver
]) vulkan-tools
else ])
[ ] else
) cfg.vendors [ ]
); ) cfg.vendors
);
extraPackages32 = flatten (concatMap (_: commonPackages32) cfg.vendors); extraPackages32 = flatten (concatMap (_: commonPackages32) cfg.vendors);
};
}; };
environment.systemPackages = flatten ( environment.systemPackages = flatten (
@@ -145,10 +147,6 @@ in
); );
} }
(mkIf (hasVendor "amd") {
hardware.amdgpu.overdrive.enable = true;
})
(mkIf (hasVendor "nvidia") { (mkIf (hasVendor "nvidia") {
hardware.nvidia = { hardware.nvidia = {
package = package =

16
modules/nixos/programs/niri/default.nix
View File

@@ -1,6 +1,5 @@
{ {
config, config,
inputs,
lib, lib,
pkgs, pkgs,
... ...
@@ -14,11 +13,22 @@ in
nixos.programs.niri.enable = mkEnableOption "Enables niri"; nixos.programs.niri.enable = mkEnableOption "Enables niri";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
nixpkgs.overlays = [ inputs.niri.overlays.niri ]; environment = {
variables = {
DISPLAY = ":0";
NIXOS_OZONE_WL = "1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
};
systemPackages = with pkgs; [
xwayland-satellite
wl-clipboard
wayland-utils
xdg-utils
];
};
systemd.user.services.niri-flake-polkit.enable = false; systemd.user.services.niri-flake-polkit.enable = false;
programs.niri = { programs.niri = {
enable = true; enable = true;
package = pkgs.niri-unstable;
}; };
}; };
} }

15
modules/nixos/services/agenix/default.nix
View File

@@ -5,17 +5,16 @@
pkgs, pkgs,
self, self,
... ...
}: }: let
let inherit
inherit (lib) (lib)
mkIf mkIf
mkEnableOption mkEnableOption
mkOption mkOption
mkMerge mkMerge
; ;
cfg = config.nixos.services.agenix; cfg = config.nixos.services.agenix;
in in {
{
options = { options = {
nixos.services.agenix = { nixos.services.agenix = {
enable = mkEnableOption "Enables agenix system environment"; enable = mkEnableOption "Enables agenix system environment";
@@ -75,17 +74,11 @@ in
wgCredentials.file = "${self}/secrets/wgCredentials.age"; wgCredentials.file = "${self}/secrets/wgCredentials.age";
wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age"; wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age";
gluetunEnvironment.file = "${self}/secrets/gluetunEnvironment.age"; gluetunEnvironment.file = "${self}/secrets/gluetunEnvironment.age";
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
pihole.file = "${self}/secrets/pihole.age";
slskd.file = "${self}/secrets/slskd.age";
}; };
}) })
(mkIf cfg.ziggy.enable { (mkIf cfg.ziggy.enable {
secrets = { secrets = {
cloudflareDnsCredentialsZiggy.file = "${self}/secrets/cloudflareDnsCredentialsZiggy.age"; cloudflareDnsCredentialsZiggy.file = "${self}/secrets/cloudflareDnsCredentialsZiggy.age";
piholeZiggy.file = "${self}/secrets/piholeZiggy.age";
}; };
}) })
(mkIf cfg.toothpc.enable { (mkIf cfg.toothpc.enable {

2
modules/nixos/services/greetd/default.nix
View File

@@ -63,7 +63,7 @@ in
settings = rec { settings = rec {
tuigreet_session = tuigreet_session =
let let
session = "${pkgs.niri-unstable}/bin/niri-session"; session = "${pkgs.niri}/bin/niri-session";
tuigreet = "${lib.getExe pkgs.tuigreet}"; tuigreet = "${lib.getExe pkgs.tuigreet}";
in in
{ {

16
modules/nixos/services/tailscale/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.nixos.services.tailscale;
in {
options.nixos.services.tailscale = {
enable = mkEnableOption "Enable tailscale";
};
config = mkIf cfg.enable {
services.tailscale.enable = true;
};
}

41
modules/nixos/services/virtualisation/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
pkgs,
config,
lib,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.nixos.services.virtualisation;
in
{
options = {
nixos.services.virtualisation.enable = mkEnableOption "Enables virtualisation";
};
imports = [
./vfio.nix
];
config = mkIf cfg.enable {
networking.firewall.trustedInterfaces = [ "virbr0" ];
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
];
virtualisation = {
spiceUSBRedirection.enable = true;
libvirtd = {
enable = true;
onShutdown = "shutdown";
qemu = {
ovmf = {
enable = true;
packages = [ pkgs.OVMFFull.fd ];
};
};
};
};
nixos.services.virtualisation.vfio.enable = true;
};
}

41
modules/nixos/services/virtualisation/vfio.nix Normal file
View File

@@ -0,0 +1,41 @@
{ lib, config, ... }:
let
gpuIDs = [
"1002:13c0"
"1002:1640"
];
vfioIds = "vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs;
baseBootKernelParams = config.boot.kernelParams or [ ];
cfg = config.nixos.services.virtualisation.vfio;
in
{
options = {
nixos.services.virtualisation.vfio.enable =
lib.mkEnableOption "Enable VFIO passthrough for the iGPU";
};
config = lib.mkIf cfg.enable {
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
];
kernelParams = [
"amd_iommu=on"
"iommu=pt"
]
++ [ vfioIds ];
};
specialisation.vfio.configuration = {
system.nixos.tags = [ "vfio" ];
boot = {
kernelParams = baseBootKernelParams ++ [ vfioIds ];
blacklistedKernelModules = [ "amdgpu:0f:00.0" ];
};
};
};
}

10
modules/nixos/system/xdg/default.nix
View File

@@ -30,13 +30,19 @@ in
enable = true; enable = true;
xdgOpenUsePortal = cfg.xdgOpenUsePortal; xdgOpenUsePortal = cfg.xdgOpenUsePortal;
config = { config = {
common.default = [ "gtk" ]; common.default = [
"gtk"
"gnome"
];
hyprland.default = [ hyprland.default = [
"gtk" "gtk"
"hyprland" "hyprland"
]; ];
}; };
extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
];
}; };
}; };
} }

2
modules/server/README.md Normal file
View File

@@ -0,0 +1,2 @@
This server/homelab configuration is largely a copy (with some tweaks) of
@notthebee's homelab setup.

148
modules/server/authentik/default.nix Normal file
View File

@@ -0,0 +1,148 @@
{
config,
lib,
pkgs,
self,
...
}: let
unit = "authentik";
cfg = config.server.${unit};
srv = config.server;
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "auth.${srv.www.domain}";
};
cloudflared = {
credentialsFile = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression ''
pkgs.writeText "cloudflare-credentials.json" '''
{"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
'''
'';
};
tunnelId = lib.mkOption {
type = lib.types.str;
example = "00000000-0000-0000-0000-000000000000";
};
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Authentik";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "An open-source IdP for modern SSO";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "authentik.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
age.secrets = {
authentikEnv = {
file = "${self}/secrets/authentikEnv.age";
owner = "authentik";
group = "authentik";
mode = "0400";
};
authentikCloudflared = {
file = "${self}/secrets/authentikCloudflared.age";
owner = "authentik";
group = "authentik";
mode = "0400";
};
};
server = {
fail2ban = lib.mkIf cfg.enable {
jails = {
authentik = {
serviceName = "authentik";
failRegex = "^.*Username or password is incorrect.*IP:\s*<HOST>";
};
};
};
};
services = {
authentik = {
enable = true;
environmentFile = config.age.secrets.authentikEnv.path;
settings = {
email = {
};
disable_startup_analytics = true;
avatars = "initials";
};
};
cloudflared = {
enable = true;
tunnels.${cfg.cloudflared.tunnelId} = {
credentialsFile = cfg.cloudflared.credentialsFile;
default = "http_status:404";
ingress."${cfg.url}".service = "http://127.0.0.1:9000";
};
};
traefik = {
dynamicConfigOptions = {
http = {
middlewares = {
authentik = {
forwardAuth = {
# tls.insecureSkipVerify = true;
address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true;
authResponseHeaders = [
"X-authentik-username"
"X-authentik-groups"
"X-authentik-email"
"X-authentik-name"
"X-authentik-uid"
"X-authentik-jwt"
"X-authentik-meta-jwks"
"X-authentik-meta-outpost"
"X-authentik-meta-provider"
"X-authentik-meta-app"
"X-authentik-meta-version"
];
timeout = "10s";
};
};
};
services = {
auth.loadBalancer.servers = [
{
url = "http://localhost:9000";
}
];
};
routers = {
auth = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
tls.certResolver = "letsencrypt";
};
};
};
};
};
};
};
}

26
modules/server/bazarr/default.nix
View File

@@ -2,13 +2,11 @@
config, config,
lib, lib,
... ...
}: }: let
let
unit = "bazarr"; unit = "bazarr";
srv = config.server; srv = config.server;
cfg = config.server.${unit}; cfg = config.server.${unit};
in in {
{
options.server.${unit} = { options.server.${unit} = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${unit}"; description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user; user = srv.user;
group = srv.group; group = srv.group;
}; };
services.caddy.virtualHosts."${cfg.url}" = { services.traefik = {
useACMEHost = srv.domain; dynamicConfigOptions = {
extraConfig = '' http = {
reverse_proxy http://127.0.0.1:${toString config.services.${unit}.listenPort} services.bazarr.loadBalancer.servers = [{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}];
''; routers = {
bazarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "bazarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
}; };
}; };
} }

63
modules/server/caddy/default.nix
View File

@@ -1,63 +0,0 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.server.caddy;
getCloudflareCredentials = hostname:
if hostname == "ziggy"
then config.age.secrets.cloudflareDnsCredentialsZiggy.path
else if hostname == "sobotka"
then config.age.secrets.cloudflareDnsCredentials.path
else throw "Unknown hostname: ${hostname}";
in {
options = {
server.caddy.enable = mkEnableOption "Enables caddy";
};
config = mkIf cfg.enable {
networking.firewall = let
ports = [
80
443
];
in {
allowedTCPPorts = ports;
};
security.acme = {
acceptTerms = true;
defaults.email = config.server.email;
certs.${config.server.domain} = {
reloadServices = ["caddy.service"];
domain = "${config.server.domain}";
extraDomainNames = ["*.${config.server.domain}"];
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
group = config.services.caddy.group;
environmentFile = getCloudflareCredentials config.networking.hostName;
};
};
services.caddy = {
enable = true;
globalConfig = ''
auto_https off
'';
virtualHosts = {
"http://${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://*.${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
};
};
};
}

12
modules/server/default.nix
View File

@@ -1,14 +1,16 @@
{ {
lib, lib,
config, config,
pkgs,
... ...
}: }: let
let hardDrives = [
"/dev/disk/by-label/data"
];
inherit (lib) mkOption types; inherit (lib) mkOption types;
cfg = config.server; cfg = config.server;
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in in {
{
options.server = { options.server = {
enable = lib.mkEnableOption "The server services and configuration variables"; enable = lib.mkEnableOption "The server services and configuration variables";
email = mkOption { email = mkOption {
@@ -90,6 +92,8 @@ in
"share" "share"
"render" "render"
"input" "input"
"authentik"
"traefik"
]; ];
}; };
}; };

94
modules/server/fail2ban/default.nix
View File

@@ -4,11 +4,9 @@
config, config,
pkgs, pkgs,
... ...
}: }: let
let
cfg = config.server.fail2ban; cfg = config.server.fail2ban;
in in {
{
options.server.fail2ban = { options.server.fail2ban = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable cloudflare fail2ban"; description = "Enable cloudflare fail2ban";
@@ -17,7 +15,7 @@ in
description = "File containing your API key, scoped to Firewall Rules: Edit"; description = "File containing your API key, scoped to Firewall Rules: Edit";
type = lib.types.str; type = lib.types.str;
example = lib.literalExpression '' example = lib.literalExpression ''
Authorization: Bearer Qj06My1wXJEzcW46QCyjFbSMgVtwIGfX63Ki3NOj79o= Authorization: Bearer vH6-p0y=i4w3n7TjKqZ@x8D_lR!A9b2cOezXgUuJdE5F
''' '''
''; '';
}; };
@@ -57,54 +55,54 @@ in
pkgs.jq pkgs.jq
]; ];
jails = lib.attrsets.mapAttrs (name: value: { jails =
settings = { lib.attrsets.mapAttrs (name: value: {
bantime = "30d"; settings = {
findtime = "1h"; bantime = "24h";
enabled = true; findtime = "10m";
backend = "systemd"; enabled = true;
journalmatch = "_SYSTEMD_UNIT=${value.serviceName}.service"; backend = "systemd";
port = "http,https"; journalmatch = "_SYSTEMD_UNIT=${value.serviceName}.service";
filter = "${name}"; port = "http,https";
maxretry = 3; filter = "${name}";
action = "cloudflare-token-agenix"; maxretry = 3;
}; action = "cloudflare-token-agenix";
}) cfg.jails; };
})
cfg.jails;
}; };
environment.etc = lib.attrsets.mergeAttrsList [ environment.etc = lib.attrsets.mergeAttrsList [
(lib.attrsets.mapAttrs' ( (lib.attrsets.mapAttrs' (
name: value: name: value: (lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
(lib.nameValuePair "fail2ban/filter.d/${name}.conf" { text = ''
text = '' [Definition]
[Definition] failregex = ${value.failRegex}
failregex = ${value.failRegex} ignoreregex = ${value.ignoreRegex}
ignoreregex = ${value.ignoreRegex} '';
''; })
}) )
) cfg.jails) cfg.jails)
{ {
"fail2ban/action.d/cloudflare-token-agenix.conf".text = "fail2ban/action.d/cloudflare-token-agenix.conf".text = let
let notes = "Fail2Ban on ${config.networking.hostName}";
notes = "Fail2Ban on ${config.networking.hostName}"; cfapi = "https://api.cloudflare.com/client/v4/zones/${cfg.zoneId}/firewall/access_rules/rules";
cfapi = "https://api.cloudflare.com/client/v4/zones/${cfg.zoneId}/firewall/access_rules/rules"; in ''
in [Definition]
'' actionstart =
[Definition] actionstop =
actionstart = actioncheck =
actionstop = actionunban = id=$(curl -s -X GET "${cfapi}" \
actioncheck = -H @${cfg.apiKeyFile} -H "Content-Type: application/json" \
actionunban = id=$(curl -s -X GET "${cfapi}" \ | jq -r '.result[] | select(.notes == "${notes}" and .configuration.target == "ip" and .configuration.value == "<ip>") | .id')
-H @${cfg.apiKeyFile} -H "Content-Type: application/json" \ if [ -z "$id" ]; then echo "id for <ip> cannot be found"; exit 0; fi; \
| jq -r '.result[] | select(.notes == "${notes}" and .configuration.target == "ip" and .configuration.value == "<ip>") | .id') curl -s -X DELETE "${cfapi}/$id" \
if [ -z "$id" ]; then echo "id for <ip> cannot be found"; exit 0; fi; \ -H @${cfg.apiKeyFile} -H "Content-Type: application/json" \
curl -s -X DELETE "${cfapi}/$id" \ --data '{"cascade": "none"}'
-H @${cfg.apiKeyFile} -H "Content-Type: application/json" \ actionban = curl -X POST "${cfapi}" -H @${cfg.apiKeyFile} -H "Content-Type: application/json" --data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"${notes}"}'
--data '{"cascade": "none"}' [Init]
actionban = curl -X POST "${cfapi}" -H @${cfg.apiKeyFile} -H "Content-Type: application/json" --data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"${notes}"}' name = cloudflare-token-agenix
[Init] '';
name = cloudflare-token-agenix
'';
} }
]; ];
}; };

25
modules/server/gitea/default.nix
View File

@@ -65,7 +65,7 @@ in {
MODE = "console"; MODE = "console";
}; };
mailer = { mailer = {
ENABLED = true; ENABLED = false;
MAILER_TYPE = "sendmail"; MAILER_TYPE = "sendmail";
FROM = "noreply+adam@cnst.dev"; FROM = "noreply+adam@cnst.dev";
SENDMAIL_PATH = "/run/wrappers/bin/sendmail"; SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
@@ -78,6 +78,9 @@ in {
DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls"; DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true; DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true;
}; };
indexer = {
REPO_INDEXER_ENABLED = true;
};
server = { server = {
DOMAIN = cfg.url; DOMAIN = cfg.url;
LANDING_PAGE = "explore"; LANDING_PAGE = "explore";
@@ -96,11 +99,21 @@ in {
}; };
}; };
services.caddy.virtualHosts."${cfg.url}" = { services.traefik = {
useACMEHost = srv.domain; dynamicConfigOptions = {
extraConfig = '' http = {
reverse_proxy http://127.0.0.1:5003 services.gitea.loadBalancer.servers = [{url = "http://127.0.0.1:5003";}];
''; routers = {
gitea = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "gitea";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
}; };
server.postgresql.databases = [ server.postgresql.databases = [

197
modules/server/homepage-dashboard/default.nix
View File

@@ -1,20 +1,19 @@
{ {
config, config,
lib, lib,
self,
... ...
}: }: let
let
unit = "homepage-dashboard"; unit = "homepage-dashboard";
cfg = config.server.homepage-dashboard; cfg = config.server.homepage-dashboard;
srv = config.server; srv = config.server;
in in {
{
options.server.homepage-dashboard = { options.server.homepage-dashboard = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${unit}"; description = "Enable ${unit}";
}; };
misc = lib.mkOption { misc = lib.mkOption {
default = [ ]; default = [];
type = lib.types.listOf ( type = lib.types.listOf (
lib.types.attrsOf ( lib.types.attrsOf (
lib.types.submodule { lib.types.submodule {
@@ -38,99 +37,91 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.glances.enable = true; age.secrets = {
services.${unit} = { homepageEnvironment = {
enable = true; file = "${self}/secrets/homepageEnvironment.age";
allowedHosts = srv.domain; };
settings = { };
layout = [ services = {
glances.enable = true;
${unit} = {
enable = true;
environmentFile = config.age.secrets.homepageEnvironment.path;
settings = {
layout = [
{
Glances = {
header = false;
style = "row";
columns = 4;
};
}
{
Arr = {
header = true;
style = "column";
};
}
{
Downloads = {
header = true;
style = "column";
};
}
{
Media = {
header = true;
style = "column";
};
}
{
Services = {
header = true;
style = "column";
};
}
];
headerStyle = "clean";
statusStyle = "dot";
hideVersion = "true";
};
widgets = [
{ {
Glances = { openmeteo = {
header = false; label = "Kalmar";
style = "row"; timezone = "Europe/Stockholm";
columns = 4; units = "metric";
cache = 5;
latitude = 56.707262;
longitude = 16.324541;
}; };
} }
{ {
Arr = { resources = {
header = true; label = "SYSTEM";
style = "column"; memory = true;
}; cpu = true;
} uptime = true;
{
Downloads = {
header = true;
style = "column";
};
}
{
Media = {
header = true;
style = "column";
};
}
{
Services = {
header = true;
style = "column";
}; };
} }
]; ];
headerStyle = "clean"; services = let
statusStyle = "dot";
hideVersion = "true";
};
widgets = [
{
openmeteo = {
label = "Kalmar";
timezone = "Europe/Stockholm";
units = "metric";
cache = 5;
latitude = 56.707262;
longitude = 16.324541;
};
}
{
datetime = {
text_size = "x1";
format = {
hour12 = false;
timeStyle = "short";
dateStyle = "long";
};
};
}
{
resources = {
label = "";
memory = true;
disk = [ "/" ];
};
}
];
services =
let
homepageCategories = [ homepageCategories = [
"Arr" "Arr"
"Media" "Media"
"Downloads" "Downloads"
"Services" "Services"
"Smart Home"
]; ];
hl = config.server; hl = config.server;
mergedServices = hl // hl.podman; mergedServices = hl // hl.podman;
homepageServices = homepageServices = x: (lib.attrsets.filterAttrs (
x:
(lib.attrsets.filterAttrs (
name: value: value ? homepage && value.homepage.category == x name: value: value ? homepage && value.homepage.category == x
) mergedServices); )
mergedServices);
in in
lib.lists.forEach homepageCategories (cat: { lib.lists.forEach homepageCategories (cat: {
"${cat}" = "${cat}" =
lib.lists.forEach lib.lists.forEach
(lib.attrsets.mapAttrsToList (name: value: { (lib.attrsets.mapAttrsToList (name: value: {
inherit name; inherit name;
url = value.url; url = value.url;
@@ -144,15 +135,13 @@ in
siteMonitor = "https://${x.url}${x.homepage.path or ""}"; siteMonitor = "https://${x.url}${x.homepage.path or ""}";
}; };
}); });
}) })
++ [ { Misc = cfg.misc; } ] ++ [{Misc = cfg.misc;}]
++ [ ++ [
{ {
Glances = Glances = let
let
port = toString config.services.glances.port; port = toString config.services.glances.port;
in in [
[
{ {
Info = { Info = {
widget = { widget = {
@@ -220,14 +209,28 @@ in
}; };
} }
]; ];
} }
]; ];
}; };
services.caddy.virtualHosts."${srv.domain}" = {
useACMEHost = srv.domain; traefik = {
extraConfig = '' dynamicConfigOptions = {
reverse_proxy http://127.0.0.1:${toString config.services.${unit}.listenPort} http = {
''; services.homepage.loadBalancer.servers = [
{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}
];
routers = {
homepage = {
entryPoints = ["websecure"];
rule = "Host(`cnix.dev`)";
service = "homepage";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
}; };
}; };
} }

26
modules/server/jellyfin/default.nix
View File

@@ -3,13 +3,11 @@
lib, lib,
pkgs, pkgs,
... ...
}: }: let
let
service = "jellyfin"; service = "jellyfin";
cfg = config.server.${service}; cfg = config.server.${service};
srv = config.server; srv = config.server;
in in {
{
options.server.${service} = { options.server.${service} = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${service}"; description = "Enable ${service}";
@@ -48,11 +46,21 @@ in
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
jellyfin-ffmpeg jellyfin-ffmpeg
]; ];
services.caddy.virtualHosts."${cfg.url}" = { services.traefik = {
useACMEHost = srv.domain; dynamicConfigOptions = {
extraConfig = '' http = {
reverse_proxy http://127.0.0.1:8096 services.jellyfin.loadBalancer.servers = [{url = "http://127.0.0.1:8096";}];
''; routers = {
jellyfin = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "jellyfin";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
}; };
}; };
} }

26
modules/server/jellyseerr/default.nix
View File

@@ -2,13 +2,11 @@
config, config,
lib, lib,
... ...
}: }: let
let
service = "jellyseerr"; service = "jellyseerr";
srv = config.server; srv = config.server;
cfg = config.server.${service}; cfg = config.server.${service};
in in {
{
options.server.${service} = { options.server.${service} = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${service}"; description = "Enable ${service}";
@@ -43,11 +41,21 @@ in
enable = true; enable = true;
port = cfg.port; port = cfg.port;
}; };
services.caddy.virtualHosts."${cfg.url}" = { services.traefik = {
useACMEHost = srv.domain; dynamicConfigOptions = {
extraConfig = '' http = {
reverse_proxy http://127.0.0.1:${toString cfg.port} services.jellyseerr.loadBalancer.servers = [{url = "http://127.0.0.1:${toString cfg.port}";}];
''; routers = {
jellyseerr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "jellyseerr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
}; };
}; };
} }

26
modules/server/lidarr/default.nix
View File

@@ -2,13 +2,11 @@
config, config,
lib, lib,
... ...
}: }: let
let
unit = "lidarr"; unit = "lidarr";
srv = config.server; srv = config.server;
cfg = config.server.${unit}; cfg = config.server.${unit};
in in {
{
options.server.${unit} = { options.server.${unit} = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${unit}"; description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user; user = srv.user;
group = srv.group; group = srv.group;
}; };
services.caddy.virtualHosts."${cfg.url}" = { services.traefik = {
useACMEHost = srv.domain; dynamicConfigOptions = {
extraConfig = '' http = {
reverse_proxy http://127.0.0.1:8686 services.lidarr.loadBalancer.servers = [{url = "http://127.0.0.1:8686";}];
''; routers = {
lidarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "lidarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
}; };
}; };
} }

64
modules/server/n8n/default.nix Normal file
View File

@@ -0,0 +1,64 @@
{
config,
lib,
...
}: let
unit = "n8n";
srv = config.server;
cfg = config.server.${unit};
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
configDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${unit}.${srv.domain}";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "n8n";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "A workflow automation platform";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "n8n.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
services = {
n8n = {
enable = true;
openFirewall = true;
};
traefik = {
dynamicConfigOptions = {
http = {
services.n8n.loadBalancer.servers = [{url = "http://127.0.0.1:5678";}];
routers = {
n8n = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "n8n";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
};
}

147
modules/server/nextcloud/default.nix Normal file
View File

@@ -0,0 +1,147 @@
{
config,
pkgs,
lib,
self,
...
}: let
unit = "nextcloud";
cfg = config.server.${unit};
srv = config.server;
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
adminpassFile = lib.mkOption {
type = lib.types.path;
};
adminuser = lib.mkOption {
type = lib.types.str;
default = "cnst";
};
configDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "cloud.${srv.domain}";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Nextcloud";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "A safe home for all your data";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "nextcloud.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
age.secrets = {
nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age";
nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
};
server.fail2ban = lib.mkIf config.server.fail2ban.enable {
jails = {
nextcloud = {
serviceName = "phpfpm-nextcloud";
failRegex = "^.*Login failed:.*(Remote IP: <HOST>).*$";
};
};
};
services = {
${unit} = {
enable = true;
package = pkgs.nextcloud31;
hostName = "nextcloud";
configureRedis = true;
caching = {
redis = true;
};
phpOptions = {
"opcache.interned_strings_buffer" = "32";
};
maxUploadSize = "50G";
settings = {
maintenance_window_start = "1";
trusted_proxies = [
"127.0.0.1"
"::1"
];
trusted_domains = ["cloud.${srv.domain}"];
overwriteprotocol = "https";
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
];
};
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
adminuser = "cnst";
adminpassFile = cfg.adminpassFile;
};
};
nginx = {
defaultListen = [
{
addr = "127.0.0.1";
port = 8182;
}
{
addr = "127.0.0.1";
port = 8482;
}
];
virtualHosts.nextcloud = {
forceSSL = false;
};
};
traefik.dynamicConfigOptions.http = {
routers.nextcloud = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "nextcloud";
tls.certResolver = "letsencrypt";
};
services.nextcloud.loadBalancer.servers = [
{url = "http://127.0.0.1:8182";}
];
};
};
server.postgresql.databases = [
{
database = "nextcloud";
}
];
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
};
}

76
modules/server/podman/default.nix
View File

@@ -2,6 +2,7 @@
config, config,
lib, lib,
pkgs, pkgs,
self,
... ...
}: let }: let
srv = config.server; srv = config.server;
@@ -121,6 +122,11 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets = {
pihole.file = "${self}/secrets/${config.networking.hostName}Pihole.age";
slskd.file = "${self}/secrets/slskd.age";
};
virtualisation = { virtualisation = {
containers.enable = true; containers.enable = true;
podman.enable = true; podman.enable = true;
@@ -137,31 +143,58 @@ in {
]; ];
}; };
services.caddy.virtualHosts = lib.mkMerge [ services.traefik = lib.mkMerge [
(lib.mkIf cfg.pihole.enable {
dynamicConfigOptions = {
http = {
services = {
pihole.loadBalancer.servers = [{url = "http://localhost:${toString cfg.pihole.port}";}];
};
routers = {
pihole = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.pihole.url}`)";
service = "pihole";
tls.certResolver = "letsencrypt";
};
};
};
};
})
(lib.mkIf cfg.qbittorrent.enable { (lib.mkIf cfg.qbittorrent.enable {
"${cfg.qbittorrent.url}" = { dynamicConfigOptions = {
useACMEHost = srv.domain; http = {
extraConfig = '' services = {
reverse_proxy http://127.0.0.1:${toString cfg.qbittorrent.port} qbittorrent.loadBalancer.servers = [{url = "http://localhost:${toString cfg.qbittorrent.port}";}];
''; };
routers = {
qbittorrent = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.qbittorrent.url}`)";
service = "qbittorrent";
tls.certResolver = "letsencrypt";
};
};
};
}; };
}) })
(lib.mkIf cfg.slskd.enable { (lib.mkIf cfg.slskd.enable {
"${cfg.slskd.url}" = { dynamicConfigOptions = {
useACMEHost = srv.domain; http = {
extraConfig = '' services = {
reverse_proxy http://127.0.0.1:${toString cfg.slskd.port} slskd.loadBalancer.servers = [{url = "http://localhost:${toString cfg.slskd.port}";}];
''; };
}; routers = {
}) slskd = {
entryPoints = ["websecure"];
(lib.mkIf cfg.pihole.enable { rule = "Host(`${cfg.slskd.url}`)";
"${cfg.pihole.url}" = { service = "slskd";
useACMEHost = srv.domain; tls.certResolver = "letsencrypt";
extraConfig = '' };
reverse_proxy http://127.0.0.1:${toString cfg.pihole.port} };
''; };
}; };
}) })
]; ];
@@ -268,9 +301,6 @@ in {
environment = { environment = {
TZ = "Europe/Stockholm"; TZ = "Europe/Stockholm";
CUSTOM_CACHE_SIZE = "0"; CUSTOM_CACHE_SIZE = "0";
# PIHOLE_DNS_ = "10.88.0.1#5335";
# DNSSEC = "false";
# REV_SERVER = "true";
WEBTHEME = "default-darker"; WEBTHEME = "default-darker";
}; };
environmentFiles = getPiholeSecret config.networking.hostName; environmentFiles = getPiholeSecret config.networking.hostName;

18
modules/server/postgres/postgres.nix
View File

@@ -54,14 +54,28 @@ in {
local all postgres peer local all postgres peer
local sameuser all peer local sameuser all peer
# extra users # local peer access for extra users
${lib.concatMapStringsSep "\n" ( ${lib.concatMapStringsSep "\n" (
{ {
database, database,
extraUsers, extraUsers,
... ...
}: }:
lib.concatMapStringsSep "\n" (user: "local ${database} ${user} peer") extraUsers lib.concatMapStringsSep "\n" (user: "local ${database} ${user} peer") ([database] ++ extraUsers)
)
cfg.databases}
# host access (TCP) for databases and their users
${lib.concatMapStringsSep "\n" (
{
database,
extraUsers,
...
}:
lib.concatMapStringsSep "\n" (user: ''
host ${database} ${user} 127.0.0.1/32 trust
host ${database} ${user} ::1/128 trust
'') ([database] ++ extraUsers)
) )
cfg.databases} cfg.databases}
''; '';

46
modules/server/prowlarr/default.nix
View File

@@ -2,13 +2,11 @@
config, config,
lib, lib,
... ...
}: }: let
let
unit = "prowlarr"; unit = "prowlarr";
srv = config.server; srv = config.server;
cfg = config.server.${unit}; cfg = config.server.${unit};
in in {
{
options.server.${unit} = { options.server.${unit} = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${unit}"; description = "Enable ${unit}";
@@ -47,18 +45,34 @@ in
enable = true; enable = true;
}; };
caddy = { traefik = {
virtualHosts."${cfg.url}" = { dynamicConfigOptions = {
useACMEHost = srv.domain; http = {
extraConfig = '' services = {
reverse_proxy http://127.0.0.1:9696 prowlarr = {
''; loadBalancer.servers = [{url = "http://127.0.0.1:9696";}];
}; };
virtualHosts."flaresolverr.${srv.domain}" = { flaresolverr = {
useACMEHost = srv.domain; loadBalancer.servers = [{url = "http://127.0.0.1:8191";}];
extraConfig = '' };
reverse_proxy http://127.0.0.1:8191 };
''; routers = {
prowlarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "prowlarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
flaresolverr = {
entryPoints = ["websecure"];
rule = "Host(`flaresolverr.${srv.domain}`)";
service = "flaresolverr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
}; };
}; };
}; };

26
modules/server/radarr/default.nix
View File

@@ -2,13 +2,11 @@
config, config,
lib, lib,
... ...
}: }: let
let
unit = "radarr"; unit = "radarr";
srv = config.server; srv = config.server;
cfg = config.server.${unit}; cfg = config.server.${unit};
in in {
{
options.server.${unit} = { options.server.${unit} = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${unit}"; description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user; user = srv.user;
group = srv.group; group = srv.group;
}; };
services.caddy.virtualHosts."${cfg.url}" = { services.traefik = {
useACMEHost = srv.domain; dynamicConfigOptions = {
extraConfig = '' http = {
reverse_proxy http://127.0.0.1:7878 services.radarr.loadBalancer.servers = [{url = "http://127.0.0.1:7878";}];
''; routers = {
radarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "radarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
}; };
}; };
} }

26
modules/server/sonarr/default.nix
View File

@@ -2,13 +2,11 @@
config, config,
lib, lib,
... ...
}: }: let
let
unit = "sonarr"; unit = "sonarr";
srv = config.server; srv = config.server;
cfg = config.server.${unit}; cfg = config.server.${unit};
in in {
{
options.server.${unit} = { options.server.${unit} = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${unit}"; description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user; user = srv.user;
group = srv.group; group = srv.group;
}; };
services.caddy.virtualHosts."${cfg.url}" = { services.traefik = {
useACMEHost = srv.domain; dynamicConfigOptions = {
extraConfig = '' http = {
reverse_proxy http://127.0.0.1:8989 services.sonarr.loadBalancer.servers = [{url = "http://127.0.0.1:8989";}];
''; routers = {
sonarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "sonarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
}; };
}; };
} }

64
modules/server/syncthing/default.nix
View File

@@ -1,64 +0,0 @@
{
config,
lib,
...
}:
let
unit = "syncthing";
srv = config.server;
cfg = config.server.${unit};
in
{
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${unit}.${srv.domain}";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Syncthing";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "Continuous file synchronization program";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "syncthing.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
networking.firewall = {
allowedTCPPorts = [
8384
22000
];
allowedUDPPorts = [
22000
21027
];
};
services.${unit} = {
enable = true;
user = srv.user;
guiAddress = "0.0.0.0:8384";
overrideFolders = false;
overrideDevices = false;
dataDir = "/home/${srv.user}/syncthing";
configDir = "/home/${srv.user}/syncthing/.config/syncting";
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:8384
'';
};
};
}

100
modules/server/traefik/default.nix Normal file
View File

@@ -0,0 +1,100 @@
{
lib,
config,
pkgs,
self,
...
}: let
inherit (lib) mkEnableOption mkIf types;
cfg = config.server.traefik;
getCloudflareCredentials = hostname:
if hostname == "ziggy"
then config.age.secrets.cloudflareDnsCredentialsZiggy.path
else if hostname == "sobotka"
then config.age.secrets.cloudflareDnsCredentials.path
else throw "Unknown hostname: ${hostname}";
in {
options.server.traefik = {
enable = mkEnableOption "Enable global Traefik reverse proxy with ACME";
};
config = mkIf cfg.enable {
age.secrets.traefikEnv = {
file = "${self}/secrets/traefikEnv.age";
mode = "640";
owner = "root";
group = "traefik";
};
systemd.services.traefik = {
serviceConfig = {
EnvironmentFile = [config.age.secrets.traefikEnv.path];
};
};
networking.firewall.allowedTCPPorts = [80 443];
services = {
tailscale.permitCertUid = "traefik";
traefik = {
enable = true;
staticConfigOptions = {
log = {
level = "DEBUG";
};
tracing = {};
api = {
dashboard = true;
};
certificatesResolvers = {
tailscale.tailscale = {};
letsencrypt = {
acme = {
email = "adam@cnst.dev";
storage = "/var/lib/traefik/cert.json";
dnsChallenge = {
provider = "cloudflare";
resolvers = [
"1.1.1.1:53"
"1.0.0.1:53"
];
};
};
};
};
entryPoints = {
redis = {
address = "0.0.0.0:6381";
};
postgres = {
address = "0.0.0.0:5433";
};
web = {
address = "0.0.0.0:80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
permanent = true;
};
};
websecure = {
address = "0.0.0.0:443";
http.tls = {
certResolver = "letsencrypt";
domains = [
{
main = "cnix.dev";
sans = ["*.cnix.dev"];
}
];
};
};
};
};
};
};
};
}

34
modules/server/uptime-kuma/default.nix
View File

@@ -2,13 +2,11 @@
config, config,
lib, lib,
... ...
}: }: let
let
unit = "uptime-kuma"; unit = "uptime-kuma";
cfg = config.server.${unit}; cfg = config.server.${unit};
srv = config.server; srv = config.server;
in in {
{
options.server.${unit} = { options.server.${unit} = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${unit}"; description = "Enable ${unit}";
@@ -39,14 +37,26 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.${unit} = { services = {
enable = true; ${unit} = {
}; enable = true;
services.caddy.virtualHosts."${cfg.url}" = { };
useACMEHost = srv.domain; traefik = {
extraConfig = '' dynamicConfigOptions = {
reverse_proxy http://127.0.0.1:3001 http = {
''; services.uptime-kuma.loadBalancer.servers = [{url = "http://127.0.0.1:3001";}];
routers = {
uptime-kuma = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "uptime-kuma";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
}; };
}; };
} }

12
modules/server/vaultwarden/default.nix
View File

@@ -2,14 +2,13 @@
{ {
config, config,
lib, lib,
self,
... ...
}: }: let
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
vcfg = config.services.vaultwarden.config; vcfg = config.services.vaultwarden.config;
cfg = config.server.vaultwarden; cfg = config.server.vaultwarden;
in in {
{
options = { options = {
server.vaultwarden = { server.vaultwarden = {
enable = mkEnableOption "Enables vaultwarden"; enable = mkEnableOption "Enables vaultwarden";
@@ -35,6 +34,11 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets = {
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
};
server = { server = {
fail2ban = lib.mkIf config.server.fail2ban.enable { fail2ban = lib.mkIf config.server.fail2ban.enable {
jails = { jails = {

138
modules/server/www/default.nix Normal file
View File

@@ -0,0 +1,138 @@
{
lib,
config,
pkgs,
self,
...
}:
let
inherit (lib)
mkOption
mkEnableOption
mkIf
types
;
cfg = config.server.www;
srv = config.server;
in
{
options.server.www = {
enable = mkEnableOption {
description = "Enable personal website";
};
url = mkOption {
default = "";
type = types.str;
description = ''
Public domain name to be used to access the server services via Traefik reverse proxy
'';
};
cloudflared = {
credentialsFile = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression ''
pkgs.writeText "cloudflare-credentials.json" '''
{"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
'''
'';
};
tunnelId = lib.mkOption {
type = lib.types.str;
example = "00000000-0000-0000-0000-000000000000";
};
};
};
config = mkIf cfg.enable {
age.secrets = {
wwwCloudflared.file = "${self}/secrets/wwwCloudflared.age";
};
server = {
fail2ban = lib.mkIf config.server.www.enable {
jails = {
nginx-404 = {
serviceName = "nginx";
failRegex = ''^.*\[error\].*directory index of.* is forbidden.*client: <HOST>.*$'';
ignoreRegex = "";
maxRetry = 5;
};
};
};
};
services = {
nginx = {
enable = true;
defaultListen = [
{
addr = "127.0.0.1";
port = 8283;
}
];
virtualHosts."webfinger" = {
forceSSL = false;
serverName = cfg.url;
root = "/var/www/webfinger";
locations."= /.well-known/webfinger" = {
root = "/var/www/webfinger";
extraConfig = ''
default_type application/jrd+json;
try_files /.well-known/webfinger =404;
'';
};
locations."= /robots.txt" = {
root = "/var/www/webfinger";
extraConfig = ''
default_type text/plain;
try_files /robots.txt =404;
'';
};
};
};
cloudflared = {
enable = true;
tunnels.${cfg.cloudflared.tunnelId} = {
credentialsFile = cfg.cloudflared.credentialsFile;
default = "http_status:404";
ingress."${cfg.url}".service = "http://127.0.0.1:8283";
};
};
};
environment.etc = {
"webfinger/.well-known/webfinger".text = ''
{
"subject": "acct:adam@${cfg.url}",
"links": [
{
"rel": "http://openid.net/specs/connect/1.0/issuer",
"href": "https://auth.${cfg.url}/application/o/tailscale/"
}
]
}
'';
"webfinger/robots.txt".text = ''
User-agent: *
Disallow: /
'';
};
services.traefik.dynamicConfigOptions.http = {
routers.webfinger = {
entryPoints = [ "websecure" ];
rule = "Host(`${cfg.url}`) && Path(`/.well-known/webfinger`)";
service = "webfinger";
tls.certResolver = "letsencrypt";
};
services.webfinger.loadBalancer.servers = [
{ url = "http://127.0.0.1:8283"; }
];
};
};
}

11
nix/default.nix
View File

@@ -22,16 +22,7 @@
flakeInputs = lib.filterAttrs (_: v: lib.isType "flake" v) inputs; flakeInputs = lib.filterAttrs (_: v: lib.isType "flake" v) inputs;
in in
{ {
package = pkgs.lix.overrideAttrs (old: { package = pkgs.lix;
patches = (old.patches or [ ]) ++ [
(pkgs.fetchpatch2 {
name = "lix-lowdown-1.4.0.patch";
url = "https://git.lix.systems/lix-project/lix/commit/858de5f47a1bfd33835ec97794ece339a88490f1.patch";
hash = "sha256-FfLO2dFSWV1qwcupIg8dYEhCHir2XX6/Hs89eLwd+SY=";
})
];
});
# pin the registry to avoid downloading and evaling a new nixpkgs version every time # pin the registry to avoid downloading and evaling a new nixpkgs version every time
registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs; registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs;

5
scripts/bin/choosepaper.sh Normal file
View File

@@ -0,0 +1,5 @@
export bg_dir="$HOME/media/images/bgs/"
find "$bg_dir" -type f | fzf --reverse --preview 'pistol {}' | while read -r img; do
pkill swaybg || true
swaybg -m fill -o '*' -i "$img" &
done

82
scripts/bin/spawn.sh Normal file
View File

@@ -0,0 +1,82 @@
# Spawn-or-focus logic for Niri:
# If no "app" windows exist, spawn one.
# If focused window is not "app", focus the first "app" instance.
# If "app" is focused and only one instance exists, spawn + consume into stack.
# If "app" is focused and two instances already exist, spawn a new separate one.
# Cycle repeats: focus first > allow stack of 2 > reset on 3rd.
if [ $# -lt 1 ]; then
echo "Usage: $0 <APP_ID> [APP_CMD]" >&2
exit 1
fi
APP_ID="$1"
APP_CMD="${2:-$1}"
WINDOW_DATA=$(niri msg -j windows)
readarray -t APP_IDS < <(
echo "$WINDOW_DATA" | jq -r --arg app_id "$APP_ID" '
[ .[] | select(.app_id == $app_id) ]
| sort_by(.layout.pos_in_scrolling_layout // [0,0])
| .[].id
'
)
COUNT=${#APP_IDS[@]}
FOCUSED_IS_APP=$(
echo "$WINDOW_DATA" | jq -r --arg app_id "$APP_ID" '
any(.[]; .app_id == $app_id and .is_focused)
'
)
spawn_normal() {
"$APP_CMD" &
}
spawn_and_consume() {
local initial_ids=("$@")
"$APP_CMD" &
local pid=$!
for _ in {1..50}; do
readarray -t after_ids < <(
niri msg -j windows | jq -r --arg app_id "$APP_ID" '
[ .[] | select(.app_id == $app_id) ]
| sort_by(.layout.pos_in_scrolling_layout // [0,0])
| .[].id
'
)
NEW_ID=""
for id in "${after_ids[@]}"; do
[[ " ${initial_ids[*]} " == *" $id "* ]] || NEW_ID="$id"
done
if [ -n "$NEW_ID" ]; then
niri msg action focus-window --id "${initial_ids[$((${#initial_ids[@]} - 1))]}"
niri msg action consume-window-into-column
break
fi
sleep 0.05
done
wait "$pid" 2>/dev/null || true
}
if ((COUNT == 0)); then
spawn_normal
exit 0
fi
if [ "$FOCUSED_IS_APP" != "true" ]; then
niri msg action focus-window --id "${APP_IDS[0]}"
exit 0
fi
if ((COUNT % 2 == 0)); then
spawn_normal
else
spawn_and_consume "${APP_IDS[@]}"
fi

41
scripts/bin/tuirun-debug.sh
View File

@@ -1,41 +0,0 @@
# Log file location
LOGFILE="/home/$USER/.cache/tuirun/tuirun-toggle.log"
# Redirect all output and errors to the log file
exec >>"$LOGFILE" 2>&1
# Enable command tracing
set -x
echo "Script started at $(date)"
# Log the environment variables
echo "Environment variables:"
env
# Define TERMINAL if not set
TERMINAL="${TERMINAL:-foot}"
echo "TERMINAL is set to: $TERMINAL"
# Ensure USER is set
USER="${USER:-$(whoami)}"
echo "USER is set to: $USER"
# Path to the tuirun executable
TUIRUN_PATH="/etc/profiles/per-user/$USER/bin/tuirun"
echo "TUIRUN_PATH is set to: $TUIRUN_PATH"
# Use absolute paths for commands
PGREP="/run/current-system/sw/bin/pgrep"
PKILL="/run/current-system/sw/bin/pkill"
HYPRCTL="/etc/profiles/per-user/$USER/bin/hyprctl"
echo "Checking if tuirun is already running..."
if "$PGREP" -f "$TERMINAL --title tuirun" >/dev/null; then
echo "Found existing tuirun process. Terminating..."
"$PKILL" -f "$TERMINAL --title tuirun"
else
echo "No existing tuirun process. Starting a new one..."
"$HYPRCTL" dispatch exec "$TERMINAL --title tuirun -e $TUIRUN_PATH"
fi
echo "Script finished at $(date)"

37
scripts/bin/tuirun-toggle.sh
View File

@@ -1,37 +0,0 @@
# Define TERMINAL if not set
TERMINAL="${TERMINAL:-foot}"
# Use absolute paths for commands
PGREP="/run/current-system/sw/bin/pgrep"
PKILL="/run/current-system/sw/bin/pkill"
UWSM="/run/current-system/sw/bin/uwsm"
TUIRUN_PATH="/etc/profiles/per-user/$USER/bin/tuirun"
# Determine OPTIONS based on TERMINAL
if [ "$TERMINAL" = "foot" ]; then
OPTIONS="--override=main.pad=0x0"
elif [ "$TERMINAL" = "alacritty" ]; then
OPTIONS="--option window.padding.x=0 --option window.padding.y=0"
else
OPTIONS=""
fi
# Matching pattern for the process
MATCH_PATTERN="$TERMINAL --title tuirun"
if "$PGREP" -f "$MATCH_PATTERN" >/dev/null; then
echo "$(date): Killing existing process"
"$PKILL" -f "$MATCH_PATTERN"
else
# Log the environment for debugging
env >/tmp/script_env.txt
# Construct the command as an array for proper argument handling
CMD=("$TERMINAL" "--title" "tuirun")
if [ -n "$OPTIONS" ]; then
CMD+=("$OPTIONS")
fi
CMD+=("-e" "$TUIRUN_PATH")
echo "$(date): Executing command: ${CMD[*]}"
# Use eval to expand the command or pass the arguments directly
"$UWSM" app -- "${CMD[@]}"
fi

33
scripts/bin/tuirun-toggle.shbak
View File

@@ -1,33 +0,0 @@
# Define TERMINAL if not set
TERMINAL="${TERMINAL:-foot}"
# Use absolute paths for commands
PGREP="/run/current-system/sw/bin/pgrep"
PKILL="/run/current-system/sw/bin/pkill"
HYPRCTL="/etc/profiles/per-user/$USER/bin/hyprctl"
TUIRUN_PATH="/etc/profiles/per-user/$USER/bin/tuirun"
# Determine OPTIONS based on TERMINAL
if [ "$TERMINAL" = "foot" ]; then
OPTIONS="--override=main.pad=0x0"
elif [ "$TERMINAL" = "alacritty" ]; then
OPTIONS="--option window.padding.x=0 --option window.padding.y=0"
else
OPTIONS=""
fi
# Matching pattern for the process
MATCH_PATTERN="$TERMINAL --title tuirun"
if "$PGREP" -f "$MATCH_PATTERN" >/dev/null; then
"$PKILL" -f "$MATCH_PATTERN"
else
# Construct the command
CMD="$TERMINAL --title tuirun"
if [ -n "$OPTIONS" ]; then
CMD="$CMD $OPTIONS"
fi
# Use login shell to ensure proper environment
CMD="$CMD -e $SHELL -l -c '$TUIRUN_PATH'"
# Launch the terminal with OPTIONS
"$HYPRCTL" dispatch exec "$CMD"
fi

53
scripts/default.nix
View File

@@ -12,8 +12,17 @@ in
{ {
home = { home = {
sessionPath = [ "${config.home.homeDirectory}/.local/bin" ]; sessionPath = [ "${config.home.homeDirectory}/.local/bin" ];
file = { file = {
".local/bin/spawn.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "spawn";
runtimeInputs = with pkgs; [ niri ];
text = readFile ./bin/spawn.sh;
}
);
};
".local/bin/spawn-or-focus.sh" = { ".local/bin/spawn-or-focus.sh" = {
source = getExe ( source = getExe (
pkgs.writeShellApplication { pkgs.writeShellApplication {
@@ -24,6 +33,20 @@ in
); );
}; };
".local/bin/choosepaper.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "spawn";
runtimeInputs = with pkgs; [
fzf
swaybg
pistol
];
text = readFile ./bin/choosepaper.sh;
}
);
};
".local/bin/pavucontrol-toggle.sh" = { ".local/bin/pavucontrol-toggle.sh" = {
source = getExe ( source = getExe (
pkgs.writeShellApplication { pkgs.writeShellApplication {
@@ -34,34 +57,6 @@ in
); );
}; };
".local/bin/tuirun-toggle.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "tuirun-toggle";
runtimeInputs = with pkgs; [
hyprland
uwsm
];
text = readFile ./bin/tuirun-toggle.sh;
}
);
};
".local/bin/tuirun-debugger.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "tuirun-debugger";
runtimeInputs = with pkgs; [ hyprland ];
text = ''
# Save environment to file
env > /tmp/tuirun-env.txt
# Run tuirun
/etc/profiles/per-user/cnst/bin/tuirun
'';
}
);
};
".local/bin/calcurse-toggle.sh" = { ".local/bin/calcurse-toggle.sh" = {
source = getExe ( source = getExe (
pkgs.writeShellApplication { pkgs.writeShellApplication {

14
secrets/authentikCloudflared.age Normal file
View File

@@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg 2oTh42u4hxJGAypwwLJwDCPMngauHB8BhKA83xAXr1M
Sr6Hbfnd52F0dUk5RO3wxxJ7RGi3+NUCBq/MzDbKR7s
-> ssh-ed25519 KUYMFA O2j6gYY1QR1ZlFiWw+7y6nKUeE658Wp3PdV6dsMqwTU
NYwnTkZX5PHnNtL1vqJqIsYzIFUY43AVso8ecMAHvWs
-> ssh-ed25519 76RhUQ VTzoQh0fHrG41Gr0YnPY7Jz7yFFugigm/DpUUE/Ny18
SITvKJf5+ql4DhpJoPVvEXdLGIBeKnlLlm8u4QPr0RY
-> ssh-ed25519 Jf8sqw oVI2y3zqpswvyZoNwklrKI1ZbxMJ5a1kzc43RErkbD8
aHNuHMH2XNQ7+9sfsA8LMhBSgTDmvmI1wY26V2j+lsE
--- 0UL0vxM2f5IeVhDO1Cg7SUmhuvpFh+GsEEW4g5JEORU
<EFBFBD>)q<>$*<2A><><EFBFBD>b<10>X<EFBFBD><58><EFBFBD>`<60> %f
_<EFBFBD>%%1ݗ<><DD97><EFBFBD>)<29><>fT<66>٧&<26>`+<2B>K<EFBFBD><4B>q<EFBFBD><71>I<><EEADBE><EFBFBD><EFBFBD><EFBFBD><19><><03>\=<3D>M<EFBFBD><4D><18>
!<21><>7<EFBFBD>b<EFBFBD>]<5D>X<>_lri<72>_<EFBFBD><03><>;<3B>R
<EFBFBD>)<29><>c<EFBFBD>H<><48>5. p<> :m<>_<EFBFBD>&Vj/<2F><01><>Ra|MU<4D><55>b<EFBFBD><62><02>y<EFBFBD><79><EFBFBD><EFBFBD>El<45>nS<6E>9"<11><>گ+<<3C>

BIN
secrets/authentikEnv.age Normal file
View File

Binary file not shown.

BIN
secrets/cloudflareDnsApiToken.age
View File

Binary file not shown.

20
secrets/cloudflareDnsCredentials.age
View File

@@ -1,11 +1,11 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 t9iOEg QY+660BNebZu+onRxjUCOqQ4iqCySPWfw9eCLXdFsl8 -> ssh-ed25519 t9iOEg EO9wY72yR1e+1vy7G+bSpm2Rcv6bv/Df0D1i/SO+zA0
AP1XZcDAY4/hrtyTnVXEpybPgEh38PcMaiiBPTlkDZ8 pmABveIZ53zQOoJ27P4zqb0jtaDJoYkhclMP6wcl+ZM
-> ssh-ed25519 KUYMFA nCLslugBChJUP4e6XXxV5GGUZdM/YHcOqSQEzgBnpnk -> ssh-ed25519 KUYMFA h02lppvPUe8eJLAfIEkGQqgdNWqvFYpJ2eZjJGHJ+SA
9Y/N0Clq/qSGa/XHGKr5Yg6iz40fb+5Rti+6RvEoiXs 5+T4ytKUXPdIIDXfcc/LUnQsOMlmck2Ug32MKNuCh2Q
-> ssh-ed25519 76RhUQ ZeJds5ce27IAjkBpECnQY73Y0g2eB8lI5g2K3wn3STQ -> ssh-ed25519 76RhUQ E/ng+K+F+iaNZ0QjSyo2JuAz717aoygNguzon798dlI
IQ8TZ/jrTme1cUxzSDNYN6hfHKXJV9aKNXFP7jNWlgs CPJV+mjKX1ZtmWvBroFHVyuRnnUI5ymfEw6OqnQa2kI
-> ssh-ed25519 Jf8sqw 6o1aN6NB+YgDM/q1DyTwRGbE85oOvyyGGNGIrd+P31Q -> ssh-ed25519 Jf8sqw yrWSLSAjsIfyd+DYUyojy0k6GwMa3ZmVjyIz36gLin0
QpL1gGnfLs2Xm7Sx0jVE3Cx4J7aIzcUOXUp9Yt/Ztt0 ly8wMETBPdaF5dM5r//UCdfSqTMEfnodffgIAUGydcE
--- DR/KkJALCKIdMQvWi1abl8Q9UWJVPSv/a3sAoxY/t2Q --- kNDVEUJATIeuOYNXY/Bl++PfDEn/lCo4nBiTEFntOw0
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>gPm<EFBFBD>?\<5C><><EFBFBD>}v/[ <EFBFBD>g<EFBFBD><EFBFBD>Q=[g<><16>?_<><5F>|<7C><>7[<5B><>-<2D><>CngڡǗ<01>+<2B>m<><6D><r<01><>bv?i<><69>S<EFBFBD>2W<32>f<EFBFBD><66>51<11><>P<>x~<13><>_c<5F>"m<><01>)<29><>h"I<>

BIN
secrets/homepageEnvironment.age
View File

Binary file not shown.

11
secrets/nextcloudAdminPass.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg 5z2kiVAol78mM42O1Jf9ndeBwElB0x4BectRt+R8GkM
gE89nfzfPZ7dcQDG57xdJAcrq565V+rbWDUEtNuBEwA
-> ssh-ed25519 KUYMFA 7aaMHpHzTC3U/7zol+LWE5IXrXm98ORcQpXkC3SNBBw
i4cyBlQrGmPiosCaCjv/7GUUikP2c/I8tA93Qz0o3cI
-> ssh-ed25519 76RhUQ 7Jppe6oBvuXqxoB4LNU+725b6ZeopHxgXq3WWDZlbhg
f+8GtX9dsCrnQ+kN0Swhq5LLNZrlzEVYJhwn+oN7yG8
-> ssh-ed25519 Jf8sqw qBlvp6ZCHVkr37lfE+HrBNNEGcqQ8++GbMYBKhpr1Dk
9CoVJgvPZyIQOdTOFQWMotZaohFUmt953pivSVx6C9Q
--- ZSaeUcQ9T8TdcDXXNOWgTRAAG5+lRsl4sOFIOYgMISQ
Ua<55><61>`<60><><1A>'<27>^n<02>eP<65>=<3D><12>b<EFBFBD><62><EFBFBD>><3E><>~<7E>ؑ RV<52><05><><EFBFBD>n<05>g0Z<30><5A><EFBFBD><EFBFBD><EFBFBD>E<EFBFBD><45><EFBFBD>k<1E><1D><1C><>ml<6D>w<08>`<60>ҝ<EFBFBD><D29D><EFBFBD> <20>/<2F>x<EFBFBD><78>~

11
secrets/nextcloudCloudflared.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg tCTVBy/ZypZ8DjzMhp6MsG0OUSmY/Z7nprs6OgMXiRs
GXMwQ7THAvuh9SpM12ck84R86Qvs+Db62ybohItDloE
-> ssh-ed25519 KUYMFA EwdbsocHYlzEJ2JLiI6oD6wkhaN+llPghPuO50oNLmY
NYQmMaeBM511yQeeEczVEW9Hx6y8/5NiQJ4PGtytBlw
-> ssh-ed25519 76RhUQ 3zs9rA1RoMUahExIGTBXV6i815jrK9UDrh6ZKi4gXQk
lWRnELDu+qd+MHBnYoSkBZblJoNcBXIeIW7phdZb7fg
-> ssh-ed25519 Jf8sqw zDqvIhlZ5TMP5l4Ymc0VUccb0EZHu6nzT0zAz0n/yiA
2C6PIEpv7dsDV7u87B991XRHIDcYRIfi60cvHK0Bkgo
--- TzhNfeAGrl1ggKFbSWgQw+R0xpKU+VOod/iEJlgLPOA
uGe<47><65><EFBFBD>R H<10><><EFBFBD>=<3D><>of<6F>|t'e <09>L뉱l<EB89B1>w<1D><><EFBFBD>fMG"<22><>}@\<5C>e *R<>7j<37>%<25><><EFBFBD>=?<3F><>v<EFBFBD>%i<><10>\<5C><>'<27><><03>0Qyj <04><>8<><38><EFBFBD><EFBFBD>x<EFBFBD>yj<79><04><><05>&EB<45>T<EFBFBD>ɥ#<23>H<EFBFBD><48>u<EFBFBD>E%5uLҐy<D290>Ć5<C486><35>K<EFBFBD>><3E>t<><03><><EFBFBD><EFBFBD>0<EFBFBD><30><EFBFBD><EFBFBD><EFBFBD>0 <0C>q<EFBFBD>V ŵ>_j<5F>U<EFBFBD>D<><1A><><EFBFBD>JWꂿ<0F>>@<40><><EFBFBD><EFBFBD>w :<3A><>CJEb,5U

73
secrets/secrets.nix
View File

@@ -1,7 +1,11 @@
let let
# --- Users --- # --- Users ---
cnst = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev"; ukima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
kima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix"; rkima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
# --- Hosts: bunk ---
ubunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXCjkKouZrsMoswMIeueO8X/c3kuY3Gb0E9emvkqwUv cnst@cnixpad";
rbunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH72llEVDSHH/FZnjLVCe6zfdkdJRRVg2QL+ifHiPXXk root@cnix";
# --- Hosts: sobotka --- # --- Hosts: sobotka ---
usobotka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5ydTeaWcowmNXdDNqIa/lb5l9w5CAzyF2Kg6U5PSSu cnst@sobotka"; usobotka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5ydTeaWcowmNXdDNqIa/lb5l9w5CAzyF2Kg6U5PSSu cnst@sobotka";
@@ -12,9 +16,13 @@ let
rziggy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnca8xg1MZ4Hx5k5SVFSxcPnWc1O6r7w7JGYzX9aQm8 root@nixos"; rziggy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnca8xg1MZ4Hx5k5SVFSxcPnWc1O6r7w7JGYzX9aQm8 root@nixos";
# --- Groups --- # --- Groups ---
core = [ kima = [
cnst ukima
kima rkima
];
bunk = [
ubunk
rbunk
]; ];
sobotka = [ sobotka = [
usobotka usobotka
@@ -24,35 +32,40 @@ let
uziggy uziggy
rziggy rziggy
]; ];
all = core ++ sobotka ++ ziggy; all = kima ++ bunk ++ sobotka ++ ziggy;
in in {
{
# Generic # Generic
"cnstssh.age".publicKeys = core; "cnstssh.age".publicKeys = kima;
"cnixssh.age".publicKeys = core; "cnixssh.age".publicKeys = kima;
"certpem.age".publicKeys = core; "certpem.age".publicKeys = kima;
"keypem.age".publicKeys = core; "keypem.age".publicKeys = kima;
"mailpwd.age".publicKeys = core; "mailpwd.age".publicKeys = kima;
"gcapi.age".publicKeys = core; "gcapi.age".publicKeys = kima;
# Shared between core + sobotka # Shared between kima + sobotka
"cloudflareEnvironment.age".publicKeys = core ++ sobotka; "cloudflareEnvironment.age".publicKeys = kima ++ sobotka;
"vaultwardenEnvironment.age".publicKeys = core ++ sobotka; "vaultwardenEnvironment.age".publicKeys = kima ++ sobotka;
"homepageEnvironment.age".publicKeys = core ++ sobotka; "homepageEnvironment.age".publicKeys = kima ++ sobotka;
"cloudflareFirewallApiKey.age".publicKeys = core ++ sobotka; "cloudflareFirewallApiKey.age".publicKeys = kima ++ sobotka;
"vaultwardenCloudflared.age".publicKeys = core ++ sobotka; "vaultwardenCloudflared.age".publicKeys = kima ++ sobotka;
"cloudflareDnsApiToken.age".publicKeys = core ++ sobotka; "nextcloudCloudflared.age".publicKeys = kima ++ sobotka;
"cloudflareDnsCredentials.age".publicKeys = core ++ sobotka; "nextcloudAdminPass.age".publicKeys = kima ++ sobotka;
"wgCredentials.age".publicKeys = core ++ sobotka; "cloudflareDnsApiToken.age".publicKeys = kima ++ sobotka;
"wgSobotkaPrivateKey.age".publicKeys = core ++ sobotka; "cloudflareDnsCredentials.age".publicKeys = kima ++ sobotka;
"gluetunEnvironment.age".publicKeys = core ++ sobotka; "wgCredentials.age".publicKeys = kima ++ sobotka;
"pihole.age".publicKeys = core ++ sobotka; "wgSobotkaPrivateKey.age".publicKeys = kima ++ sobotka;
"slskd.age".publicKeys = core ++ sobotka; "gluetunEnvironment.age".publicKeys = kima ++ sobotka;
"sobotkaPihole.age".publicKeys = kima ++ sobotka;
"slskd.age".publicKeys = kima ++ sobotka;
"authentikEnv.age".publicKeys = kima ++ sobotka;
"traefikEnv.age".publicKeys = kima ++ sobotka;
"wwwCloudflared.age".publicKeys = kima ++ sobotka;
"authentikCloudflared.age".publicKeys = kima ++ sobotka;
# Ziggy-specific # Ziggy-specific
"cloudflareDnsCredentialsZiggy.age".publicKeys = core ++ ziggy; "cloudflareDnsCredentialsZiggy.age".publicKeys = kima ++ ziggy;
"piholeZiggy.age".publicKeys = core ++ ziggy; "ziggyPihole.age".publicKeys = kima ++ ziggy;
# Both sobotka + ziggy (for HA stuff like keepalived) # Both sobotka + ziggy (for HA stuff like keepalived)
"keepalived.age".publicKeys = core ++ sobotka ++ ziggy; "keepalived.age".publicKeys = kima ++ sobotka ++ ziggy;
} }

0
secrets/pihole.age → secrets/sobotkaPihole.age
View File

BIN
secrets/sslCert.age Normal file
View File

Binary file not shown.

BIN
secrets/sslKey.age Normal file
View File

Binary file not shown.

BIN
secrets/traefikEnv.age Normal file
View File

Binary file not shown.

11
secrets/wwwCloudflared.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg CWarcJM8RPjJW+e3BQ99KEUnOZQUDEIIeygeh/8MZUw
xux60KMmyOVvgiuEqyEPXM1Wr2ne8AyHT6CAWKMOcKo
-> ssh-ed25519 KUYMFA AThOlxHT41vsczkSGzJmT+VmWC2dAnLiIcTJP+YySkc
Jy8HyRuzIFtGYMimxsQNm2NnbluVwS6ZuXhq4uRfabY
-> ssh-ed25519 76RhUQ dKyDJ4DCNtYWQ2+cC7gwa+14aw99S+mU38tpQrlOmFc
0mD5Qcv8b8Bh1e4mbqdH26UtCJaUe7C7dDDSXJd1iRY
-> ssh-ed25519 Jf8sqw To2I/347gMqYx0PxMgYqbGekUpfqWOQwtgJ+0AFilTw
nIo4dH9JnOuWo48a17Kjyee5sQV8HN+PNXCWDT4fjIg
--- SuE6Z9ipbuWhxoaULMf6OGtG3BNkQ1BpWXkgfAI7Y6Y
<EFBFBD>R<EFBFBD>u1<12><><16><><EFBFBD>d<EFBFBD>ژdʋ(s <0B>)<29>M0v<30>ѹ<EFBFBD><D1B9><EFBFBD>Z<EFBFBD>V<EFBFBD><56><10>q<05>i<EFBFBD>i<EFBFBD><69>Ec* <09>{<7B>~teP<65><50><EFBFBD>{<1C>D<>mA~Ŭ<><1B>c.<2E>TbƝ<62>}<<3C><><EFBFBD><EFBFBD><EFBFBD>e0<65>Vq <0C><><EFBFBD>k<EFBFBD><6B><EFBFBD> b<>T<1F><>*Y<><59>$<24><>t<EFBFBD><74>:<3A><>^<1C><>+<2B><1D><>;<3B>1<EFBFBD><31><EFBFBD>ۤ<EFBFBD><DBA4>Ӎ<12>X<EFBFBD>H<EFBFBD><03><>u<EFBFBD><75><EFBFBD>g<EFBFBD>߄<EFBFBD>o<EFBFBD>/<2F>G<EFBFBD><0E><><16>Kl<4B>I<EFBFBD>C<EFBFBD><43>==A<><11><>Y<EFBFBD><59><EFBFBD>U<EFBFBD><55><EFBFBD><EFBFBD>

0
secrets/piholeZiggy.age → secrets/ziggyPihole.age
View File

1
users/cnst/default.nix
View File

@@ -23,6 +23,5 @@
json.enable = false; json.enable = false;
manpages.enable = false; manpages.enable = false;
}; };
programs.home-manager.enable = true; programs.home-manager.enable = true;
} }

2
users/cnst/modules/bunkmod.nix
View File

@@ -131,7 +131,7 @@
enable = true; enable = true;
}; };
syncthing = { syncthing = {
enable = true; enable = false;
}; };
udiskie = { udiskie = {
enable = true; enable = true;

4
users/cnst/modules/kimamod.nix
View File

@@ -11,7 +11,7 @@
enable = true; enable = true;
}; };
chromium = { chromium = {
enable = true; enable = false;
}; };
discord = { discord = {
enable = true; enable = true;
@@ -132,7 +132,7 @@
enable = true; enable = true;
}; };
syncthing = { syncthing = {
enable = true; enable = false;
}; };
udiskie = { udiskie = {
enable = true; enable = true;

154
users/cnst/modules/sobotkamod.nix
View File

@@ -1,154 +0,0 @@
{
home = {
programs = {
aerc = {
enable = false;
};
alacritty = {
enable = false;
};
bash = {
enable = true;
};
chromium = {
enable = false;
};
discord = {
enable = false;
};
eza = {
enable = true;
};
floorp = {
enable = false;
};
firefox = {
enable = false;
};
fish = {
enable = true;
};
foot = {
enable = false;
};
fuzzel = {
enable = false;
};
git = {
enable = true;
};
ghostty = {
enable = false;
};
helix = {
enable = true;
};
hyprlock = {
enable = false;
};
jujutsu = {
enable = false;
};
kitty = {
enable = false;
};
mpv = {
enable = false;
};
neovim = {
enable = false;
};
nvf = {
enable = false;
};
nwg-bar = {
enable = false;
};
pkgs = {
enable = true;
};
rofi = {
enable = false;
};
ssh = {
enable = true;
};
tuirun = {
enable = false;
};
vscode = {
enable = false;
};
waybar = {
enable = false;
};
wezterm = {
enable = false;
};
yazi = {
enable = false;
};
zathura = {
enable = false;
};
zed-editor = {
enable = false;
};
zellij = {
enable = false;
};
zen = {
enable = false;
};
zsh = {
enable = false;
};
};
services = {
blueman-applet = {
enable = false;
};
copyq = {
enable = false;
};
dconf = {
settings = {
color-scheme = "prefer-dark";
};
};
dunst = {
enable = false;
};
gpg = {
enable = true;
};
gtk = {
enable = false;
};
hypridle = {
enable = false;
};
hyprpaper = {
enable = false;
};
mako = {
enable = false;
};
nix-index = {
enable = true;
};
protonmail-bridge = {
enable = false;
};
syncthing = {
enable = false;
};
udiskie = {
enable = false;
};
xdg = {
enable = false;
};
};
};
}

4
users/cnst/variables/default.nix
View File

@@ -14,8 +14,8 @@ let
BROWSER = "zen"; BROWSER = "zen";
EDITOR = "hx"; EDITOR = "hx";
TERM = "xterm-256color"; TERM = "xterm-256color";
VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json"; # VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d"; # STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d";
QT_QPA_PLATFORM = "wayland"; QT_QPA_PLATFORM = "wayland";
XDG_SESSION_TYPE = "wayland"; XDG_SESSION_TYPE = "wayland";
}; };