cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

Compare commits

base: cnst:2cb07c45a71430f1c49deba190802b90bde2dd75
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken
..
compare: cnst:compare_broken
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken

17 Commits
2cb07c45a7 ... compare_br

Author SHA1 Message Date
cnst
d53bf7546a broken 2 2025-10-05 10:02:39 +02:00
cnst
c9edc99a85 chore(revert): slowly introducing changes 2025-10-05 09:27:51 +02:00
cnst
67e83e3e4e feat(authentik): fixing some fail2ban things 2025-10-02 05:45:35 +02:00
cnst
923c810972 feat(authentik): fixing some fail2ban things 2025-10-01 18:00:55 +02:00
cnst
6ab35f4e91 feat(www): fixing fail2ban and other minor tweaks 2025-09-30 18:16:49 +02:00
cnst
593f0e619c chore(ded): remove dead code 2025-09-29 19:31:23 +02:00
cnst
688e23d229 feat(pstate): opt in changes and sooooo 2025-09-29 19:28:33 +02:00
cnst
725a3ed27e chore(niri): go to nixpkgs niri release 2025-09-29 17:10:38 +02:00
cnst
e45dc0d223 feat(homelab): fixing cf tunnels, authentik and tailscale! 2025-09-28 18:27:17 +02:00
cnst
bc78dd7302 chore(?): hm 2025-09-28 16:24:32 +02:00
cnst
94c34f8675 chore(update): flake lock 2025-09-28 08:03:38 +02:00
cnst
fda7d972c4 chore(age): adding bunk credentials to agenix 2025-09-27 19:54:03 +02:00
cnst
f6bb6672bb chore(agenix): refactor some secrets 2025-09-27 14:35:04 +02:00
cnst
68f1cb9b09 chore(misc): removing dead code and small insignificant changes 2025-09-26 20:41:26 +02:00
cnst
e721a2088b feat(homepage-dashboard): adding some disk info 2025-09-26 17:41:19 +02:00
cnst
551a47989c Merge pull request 'feat(swaybg) adding swaybg and some script' (#5) from wutwut into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/5
 2025-09-25 17:30:37 +02:00
cnst
4666731676 feat(swaybg) adding swaybg and some script 2025-09-25 17:17:49 +02:00
42 changed files with 744 additions and 970 deletions
Expand all files Collapse all files

340
flake.lock generated
View File

@@ -29,11 +29,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1758645700,
"narHash": "sha256-7VHPjP/FDqx3EctIXqUssh8GC9ldXq/eNMX21uVkI8c=",
"lastModified": 1758874004,
"narHash": "sha256-+RUCBtT01Z595NpGc6Tvms+dJ/C/cn1zdjT9+gE6dbU=",
"owner": "anyrun-org",
"repo": "anyrun",
"rev": "8cf7bd9de48e50cf1d662a56af28c0d13da91761",
"rev": "3c571bc1514c4211d1d6c011a1d482f97efd9c5f",
"type": "github"
},
"original": {
@@ -50,11 +50,11 @@
]
},
"locked": {
"lastModified": 1758040471,
"narHash": "sha256-jsFBGoLiciAFRs5Fi4eOvbsXtf2tLyYh+OiRhV6BGI4=",
"lastModified": 1758817837,
"narHash": "sha256-J3Jl4Z8SJHj+ogyohPeypT5LmQtCupdBteFezwiEZ9E=",
"owner": "anyrun-org",
"repo": "anyrun-provider",
"rev": "6631af0ecb8f245cbf88e972d1522f747d6cd883",
"rev": "b20650aa1bf80ae86b5bf5253d21fc0ddb7985c7",
"type": "github"
},
"original": {
@@ -83,11 +83,11 @@
]
},
"locked": {
"lastModified": 1755946532,
"narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=",
"lastModified": 1759499898,
"narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada",
"rev": "655e067f96fd44b3f5685e17f566b0e4d535d798",
"type": "github"
},
"original": {
@@ -114,11 +114,11 @@
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1758177015,
"narHash": "sha256-PCUWdbaxayY3YfSjVlyddBMYoGvSaRysd5AmZ8gqSFs=",
"lastModified": 1759322529,
"narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "4c626ed84cc0f1278bfba0f534efd6cba2788d75",
"rev": "69fac057b2e553ee17c9a09b822d735823d65a6c",
"type": "github"
},
"original": {
@@ -130,16 +130,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1758035356,
"narHash": "sha256-DkvxDwHCfSqEpZ9rRXNR8MP0Mz/y1kHAr38exrHQ39c=",
"lastModified": 1759190535,
"narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "680feaefa17934471a6b33ebc35caf5b64120404",
"rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.8.3",
"ref": "version/2025.8.4",
"repo": "authentik",
"type": "github"
}
@@ -153,11 +153,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1758642505,
"narHash": "sha256-056XfEHlYdBKU2RtN4R+9m2nzL588TCZ8AsIviWONRg=",
"lastModified": 1759532138,
"narHash": "sha256-sLQIlgDwMP3mEY2PwjGW+cL56QQ2n2WXoZ3GpG5QWOY=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "0fe60fa161631289a051fef36dfaab28465ddc7b",
"rev": "bad02bbca5b5c6d45539a0d740ad0e21b1ba9afc",
"type": "github"
},
"original": {
@@ -212,11 +212,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1758695884,
"narHash": "sha256-rnHjtBRkcwRkrUZxg0RqN1qWTG+QC/gj4vn9uzEkBww=",
"lastModified": 1759646430,
"narHash": "sha256-V8mjmGzi9nS7BZfhpzYAOUg3BcCsC6MrEh9xlKq3+7s=",
"owner": "nix-community",
"repo": "fenix",
"rev": "9cdb79384d02234fb2868eba6c7d390253ef6f83",
"rev": "b326bea4d58c9a58b346f17c710538eac00f71d1",
"type": "github"
},
"original": {
@@ -312,11 +312,11 @@
]
},
"locked": {
"lastModified": 1754487366,
"narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github"
},
"original": {
@@ -332,11 +332,11 @@
]
},
"locked": {
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"lastModified": 1759362264,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github"
},
"original": {
@@ -392,11 +392,11 @@
]
},
"locked": {
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"lastModified": 1759362264,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github"
},
"original": {
@@ -491,11 +491,11 @@
]
},
"locked": {
"lastModified": 1758108966,
"narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
"lastModified": 1759523803,
"narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
"rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835",
"type": "github"
},
"original": {
@@ -571,11 +571,11 @@
},
"hardware": {
"locked": {
"lastModified": 1758663926,
"narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=",
"lastModified": 1759582739,
"narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1",
"rev": "3441b5242af7577230a78ffb03542add264179ab",
"type": "github"
},
"original": {
@@ -590,11 +590,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1758722153,
"narHash": "sha256-q0t19uo2qGy9iA+pvhQ97jQ4jMWJfG3a3diLspPeBAQ=",
"lastModified": 1759605748,
"narHash": "sha256-qALSaIE4fbTo0wbPjEp7RZKbtFk1cDhRZ0BYOHW0JwQ=",
"owner": "helix-editor",
"repo": "helix",
"rev": "ed08fbd4102e320bf96f2af2854b9de77df7a104",
"rev": "6fffaf6a7ded9a12fb2d5715a4eb83787a5e6402",
"type": "github"
},
"original": {
@@ -610,11 +610,11 @@
]
},
"locked": {
"lastModified": 1758719930,
"narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=",
"lastModified": 1759573136,
"narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d",
"rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43",
"type": "github"
},
"original": {
@@ -652,11 +652,11 @@
]
},
"locked": {
"lastModified": 1758464306,
"narHash": "sha256-i56XRXqjwJRdVYmpzVUQ0ktqBBHqNzQHQMQvFRF/acQ=",
"lastModified": 1759337100,
"narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "939e91e1cff1f99736c5b02529658218ed819a2a",
"rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3",
"type": "github"
},
"original": {
@@ -710,11 +710,11 @@
]
},
"locked": {
"lastModified": 1758192433,
"narHash": "sha256-CR6RnqEJSTiFgA6KQY4TTLUWbZ8RBnb+hxQqesuQNzQ=",
"lastModified": 1759490292,
"narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "c44e749dd611521dee940d00f7c444ee0ae4cfb7",
"rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
"type": "github"
},
"original": {
@@ -803,11 +803,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1758654510,
"narHash": "sha256-V4hLuM9uB4ecz0sFnnrt0idxpw0kGIw+6tLmBw2X0u8=",
"lastModified": 1759530922,
"narHash": "sha256-9NgZKpibALekGTPDc2O8lP8vFealQSZkXe+L+S7MMZU=",
"owner": "hyprwm",
"repo": "hyprland",
"rev": "ec9a72d9fbe8372c4cc4e86966f6b13d178b0bba",
"rev": "76d998743ac10e712238c1016db4d8e8d16f1049",
"type": "github"
},
"original": {
@@ -824,11 +824,11 @@
]
},
"locked": {
"lastModified": 1758531979,
"narHash": "sha256-iRv5afKzuu6SkwztqMwZ33161CzBJsyeRHp0uviN9TI=",
"lastModified": 1759613406,
"narHash": "sha256-PzgQJydp+RlKvwDi807pXPlURdIAVqLppZDga3DwPqg=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "de79078fd59140067e53cd00ebdf17f96ce27846",
"rev": "32e1a75b65553daefb419f0906ce19e04815aa3a",
"type": "github"
},
"original": {
@@ -942,11 +942,11 @@
]
},
"locked": {
"lastModified": 1757694755,
"narHash": "sha256-j+w5QUUr2QT/jkxgVKecGYV8J7fpzXCMgzEEr6LG9ug=",
"lastModified": 1759080228,
"narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "5ffdfc13ed03df1dae5084468d935f0a3f2c9a4c",
"rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
"type": "github"
},
"original": {
@@ -971,11 +971,11 @@
]
},
"locked": {
"lastModified": 1756810301,
"narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=",
"lastModified": 1758927902,
"narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931",
"rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
"type": "github"
},
"original": {
@@ -1006,11 +1006,11 @@
]
},
"locked": {
"lastModified": 1758124489,
"narHash": "sha256-YiVF/8Me3vVKJBEgGpQhn0HF09EWfXZGaWLzAaJBrO4=",
"lastModified": 1759572448,
"narHash": "sha256-o+r44fqPQM+/hQdjFy9qV9C51Jhty6M4icFVYocyJfA=",
"owner": "hyprwm",
"repo": "hyprlock",
"rev": "7f769fa993cb492982d7bf25676c68ddbcc0268e",
"rev": "c8a6768dca626cf7d7cbc333095f048bc007b6d9",
"type": "github"
},
"original": {
@@ -1069,11 +1069,11 @@
]
},
"locked": {
"lastModified": 1756117388,
"narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=",
"lastModified": 1759490926,
"narHash": "sha256-7IbZGJ5qAAfZsGhBHIsP8MBsfuFYS0hsxYHVkkeDG5Q=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0",
"rev": "94cce794344538c4d865e38682684ec2bbdb2ef3",
"type": "github"
},
"original": {
@@ -1191,11 +1191,11 @@
]
},
"locked": {
"lastModified": 1757230583,
"narHash": "sha256-4uqu7sFPOaVTCogsxaGMgbzZ2vK40GVGMfUmrvK3/LY=",
"lastModified": 1759387127,
"narHash": "sha256-uuwJAP92SkHmnI1zo7rrK/gEuHtb97vFZcMa5w+0SZA=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "fc3960e6c32c9d4f95fff2ef84444284d24d3bea",
"rev": "0cc290e05882745060fccfe6d7d073f913e0cce7",
"type": "github"
},
"original": {
@@ -1229,11 +1229,11 @@
},
"mnw": {
"locked": {
"lastModified": 1756659871,
"narHash": "sha256-v6Rh4aQ6RKjM2N02kK9Usn0Ix7+OY66vNpeklc1MnGE=",
"lastModified": 1758834834,
"narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=",
"owner": "Gerg-L",
"repo": "mnw",
"rev": "ed6cc3e48557ba18266e598a5ebb6602499ada16",
"rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001",
"type": "github"
},
"original": {
@@ -1268,62 +1268,6 @@
"type": "github"
}
},
"niri": {
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1758697829,
"narHash": "sha256-1pO4A16ssvjHNyHilpvxo15mBkAifCSOiLs3hBlrYdU=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "9dbeb8f613d2da107bff8375c2db7182a2bb79bb",
"type": "github"
},
"original": {
"owner": "sodiboo",
"repo": "niri-flake",
"type": "github"
}
},
"niri-stable": {
"flake": false,
"locked": {
"lastModified": 1756556321,
"narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"ref": "v25.08",
"repo": "niri",
"type": "github"
}
},
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1758691861,
"narHash": "sha256-CYgoGrY/Fx+hjzp8graTxJw1M7mn1f2jBkK26M04T0s=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "e837e39623457dc5ad29c34a5ce4d4616e5fbf1e",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"repo": "niri",
"type": "github"
}
},
"nix-gaming": {
"inputs": {
"flake-parts": [
@@ -1334,11 +1278,11 @@
]
},
"locked": {
"lastModified": 1758678659,
"narHash": "sha256-Ff5IFCEABf3CStKvf8MqJe7jwrHk2J8swdYTrwOj9dk=",
"lastModified": 1759629535,
"narHash": "sha256-VIXcJ2ahRgoqIUySwAz3r5mtITO2dp6tXGCVKVW6FmA=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "6418c314274a8ce27078402ab1fbac7c06da7a36",
"rev": "df388c42b54714bd121796a9cec9322b7fa2894e",
"type": "github"
},
"original": {
@@ -1401,45 +1345,13 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1758589230,
"narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d1d883129b193f0b495d75c148c2c3a7d95789a0",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1756696532,
"narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "58dcbf1ec551914c3756c267b8b9c8c86baa1b2f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"lastModified": 1758690382,
"narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"rev": "e643668fd71b949c53f8626614b21ff71a07379d",
"type": "github"
},
"original": {
@@ -1451,11 +1363,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1758633633,
"narHash": "sha256-20FVSEcXWV0P1A/1EDMUH7UVFvktg/ltBNqHJmoQTO8=",
"lastModified": 1759147044,
"narHash": "sha256-3ZPFytJOcLjTChljeaGgoaNj+tOqzgEpqZAvRe3bU90=",
"owner": "PedroHLC",
"repo": "nixpkgs",
"rev": "36740bcdb7ea5625132575da3c627032b812c236",
"rev": "18e83bbe13aa50992777832b52bd0e0d8585fb3b",
"type": "github"
},
"original": {
@@ -1499,11 +1411,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1758198701,
"narHash": "sha256-7To75JlpekfUmdkUZewnT6MoBANS0XVypW6kjUOXQwc=",
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0147c2f1d54b30b5dd6d4a8c8542e8d7edf93b5d",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
@@ -1531,11 +1443,11 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1758427187,
"narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=",
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "554be6495561ff07b6c724047bdd7e0716aa7b46",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
@@ -1547,16 +1459,16 @@
},
"nixpkgs_9": {
"locked": {
"lastModified": 1758427187,
"narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=",
"owner": "NixOS",
"lastModified": 1759386674,
"narHash": "sha256-wg1Lz/1FC5Q13R+mM5a2oTV9TA9L/CHHTm3/PiLayfA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "554be6495561ff07b6c724047bdd7e0716aa7b46",
"rev": "625ad6366178f03acd79f9e3822606dd7985b657",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
@@ -1566,15 +1478,15 @@
"flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_5",
"mnw": "mnw",
"nixpkgs": "nixpkgs_10",
"nixpkgs": "nixpkgs_9",
"systems": "systems_5"
},
"locked": {
"lastModified": 1758271661,
"narHash": "sha256-ENqd2/33uP5vB44ClDjjAV+J78oF8q1er4QUZuT8Z7g=",
"lastModified": 1759469269,
"narHash": "sha256-DP833ejGUNRRHsJOB3WRTaWWXLNucaDga2ju/fGe+sc=",
"owner": "notashelf",
"repo": "nvf",
"rev": "b7571df4d6e9ac08506a738ddceeec0b141751b0",
"rev": "e48638aef3a95377689de0ef940443c64f870a09",
"type": "github"
},
"original": {
@@ -1702,9 +1614,8 @@
"hyprlock": "hyprlock",
"hyprpaper": "hyprpaper",
"lanzaboote": "lanzaboote",
"niri": "niri",
"nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_8",
"nvf": "nvf",
"systems": "systems_6",
"treefmt-nix": "treefmt-nix",
@@ -1715,11 +1626,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1758620797,
"narHash": "sha256-Ly4rHgrixFMBnkbMursVt74mxnntnE6yVdF5QellJ+A=",
"lastModified": 1759601486,
"narHash": "sha256-ZywfLIFtRr907us1tONwUJLeg3ssO4D01XBFHx7RdAo=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "905641f3520230ad6ef421bcf5da9c6b49f2479b",
"rev": "4ae99f0150c94f4bdf7192b4447f512ece3546fd",
"type": "github"
},
"original": {
@@ -1737,11 +1648,11 @@
]
},
"locked": {
"lastModified": 1758422215,
"narHash": "sha256-JvF5SXhp1wBHbfEVAWgJCDVSO8iknfDqXfqMch5YWg0=",
"lastModified": 1759458749,
"narHash": "sha256-WKnbJnm1B2+TO2ZUudgS39EzecQeLl4/bnRtd3y46LI=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "6f3988eb5885f1e2efa874a480d91de09a7f9f0b",
"rev": "bbc3a8ae797d1700e57a4f4bcc4e79af727d4138",
"type": "github"
},
"original": {
@@ -2005,39 +1916,6 @@
"type": "github"
}
},
"xwayland-satellite-stable": {
"flake": false,
"locked": {
"lastModified": 1755491097,
"narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "388d291e82ffbc73be18169d39470f340707edaa",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"ref": "v0.7",
"repo": "xwayland-satellite",
"type": "github"
}
},
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1758577423,
"narHash": "sha256-sB2GAOjhjoWnjU6A/uHNJiY6O3UeztV5pJAN2g1FkXU=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "03368548ba745e17a85bd631613a59cb2d8469a4",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"nixpkgs": [
@@ -2045,11 +1923,11 @@
]
},
"locked": {
"lastModified": 1758575291,
"narHash": "sha256-Y/sVWFUNVI663tnNvMZ/n3bLsg8V7idA4M2eaoHxmhs=",
"lastModified": 1759590499,
"narHash": "sha256-EBToRzqe5WMz4DQyxOp9/CP+rWjdaZ2EUwbItfNf3VI=",
"ref": "refs/heads/main",
"rev": "ee14b24cfe16dd9bc02aa25409a2a4349ed361c9",
"revCount": 131,
"rev": "6e606c8bfa6a88209488790388b1005bc489fa66",
"revCount": 136,
"type": "git",
"url": "https://git.sr.ht/~canasta/zen-browser-flake"
},

41
flake.nix
View File

@@ -1,8 +1,9 @@
{
description = "cnix nix";
outputs = inputs:
inputs.flake-parts.lib.mkFlake {inherit inputs;} {
outputs =
inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
"aarch64-linux"
@@ -16,23 +17,25 @@
./fmt-hooks.nix
];
perSystem = {
config,
pkgs,
...
}: {
devShells.default = pkgs.mkShell {
packages = [
pkgs.git
config.packages.repl
];
name = "dots";
env.DIRENV_LOG_FORMAT = "";
shellHook = ''
${config.pre-commit.installationScript}
'';
perSystem =
{
config,
pkgs,
...
}:
{
devShells.default = pkgs.mkShell {
packages = [
pkgs.git
config.packages.repl
];
name = "dots";
env.DIRENV_LOG_FORMAT = "";
shellHook = ''
${config.pre-commit.installationScript}
'';
};
};
};
};
inputs = {
@@ -144,8 +147,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
niri.url = "github:sodiboo/niri-flake";
# Custom
tuirun = {
url = "git+https://git.sr.ht/~canasta/tuirun";

207
hosts/default.nix
View File

@@ -4,111 +4,114 @@
homeImports,
self,
...
}: {
flake.nixosConfigurations = let
cLib = import ../lib inputs.nixpkgs.lib;
userConfig = "${self}/home";
systemConfig = "${self}/system";
hostConfig = "${self}/hosts";
}:
{
flake.nixosConfigurations =
let
cLib = import ../lib inputs.nixpkgs.lib;
userConfig = "${self}/home";
systemConfig = "${self}/system";
hostConfig = "${self}/hosts";
cnstConfig = "${self}/users/cnst";
toothpickConfig = "${self}/users/toothpick";
cnstConfig = "${self}/users/cnst";
toothpickConfig = "${self}/users/toothpick";
umodPath = "${self}/modules/home";
smodPath = "${self}/modules/system";
umodPath = "${self}/modules/home";
smodPath = "${self}/modules/system";
inherit (inputs.nixpkgs.lib) nixosSystem;
inherit (self) outputs;
inherit (inputs.nixpkgs.lib) nixosSystem;
inherit (self) outputs;
specialArgs = {
inherit
cLib
inputs
outputs
self
userConfig
systemConfig
hostConfig
cnstConfig
toothpickConfig
umodPath
smodPath
;
specialArgs = {
inherit
cLib
inputs
outputs
self
userConfig
systemConfig
hostConfig
cnstConfig
toothpickConfig
umodPath
smodPath
;
};
in
{
kima = nixosSystem {
inherit specialArgs;
modules = [
./kima
"${self}/nix"
{
home-manager = {
users.cnst.imports = homeImports."cnst@kima";
extraSpecialArgs = specialArgs;
};
}
self.nixosModules.nixos
self.nixosModules.settings
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
];
};
bunk = nixosSystem {
inherit specialArgs;
modules = [
./bunk
"${self}/nix"
{
home-manager = {
users.cnst.imports = homeImports."cnst@bunk";
extraSpecialArgs = specialArgs;
};
}
self.nixosModules.nixos
self.nixosModules.settings
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
];
};
sobotka = nixosSystem {
inherit specialArgs;
modules = [
./sobotka
"${self}/nix"
self.nixosModules.nixos
self.nixosModules.settings
self.nixosModules.server
inputs.agenix.nixosModules.default
inputs.authentik.nixosModules.default
];
};
ziggy = nixosSystem {
inherit specialArgs;
modules = [
./ziggy
"${self}/nix"
self.nixosModules.nixos
self.nixosModules.settings
self.nixosModules.server
inputs.agenix.nixosModules.default
];
};
toothpc = nixosSystem {
inherit specialArgs;
modules = [
./toothpc
"${self}/nix"
{
home-manager = {
users.toothpick.imports = homeImports."toothpick@toothpc";
extraSpecialArgs = specialArgs;
};
}
self.nixosModules.nixos
self.nixosModules.settings
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
];
};
};
in {
kima = nixosSystem {
inherit specialArgs;
modules = [
./kima
"${self}/nix"
{
home-manager = {
users.cnst.imports = homeImports."cnst@kima";
extraSpecialArgs = specialArgs;
};
}
self.nixosModules.nixos
self.nixosModules.settings
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
];
};
bunk = nixosSystem {
inherit specialArgs;
modules = [
./bunk
"${self}/nix"
{
home-manager = {
users.cnst.imports = homeImports."cnst@bunk";
extraSpecialArgs = specialArgs;
};
}
self.nixosModules.nixos
self.nixosModules.settings
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
];
};
sobotka = nixosSystem {
inherit specialArgs;
modules = [
./sobotka
"${self}/nix"
self.nixosModules.nixos
self.nixosModules.settings
self.nixosModules.server
inputs.agenix.nixosModules.default
inputs.authentik.nixosModules.default
];
};
ziggy = nixosSystem {
inherit specialArgs;
modules = [
./ziggy
"${self}/nix"
self.nixosModules.nixos
self.nixosModules.settings
self.nixosModules.server
inputs.agenix.nixosModules.default
];
};
toothpc = nixosSystem {
inherit specialArgs;
modules = [
./toothpc
"${self}/nix"
{
home-manager = {
users.toothpick.imports = homeImports."toothpick@toothpc";
extraSpecialArgs = specialArgs;
};
}
self.nixosModules.nixos
self.nixosModules.settings
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
];
};
};
}

4
hosts/kima/modules.nix
View File

@@ -5,6 +5,7 @@
variant = "latest";
hardware = [ "amd" ];
extraKernelParams = [ ];
amdOverdrive.enable = true;
};
loader = {
default = {
@@ -214,6 +215,9 @@
scheduler = "scx_lavd";
flags = "--performance";
};
tailscale = {
enable = false;
};
udisks = {
enable = true;
};

1
hosts/sobotka/default.nix
View File

@@ -39,6 +39,7 @@ in {
"share"
"jellyfin"
"render"
"traefik"
];
};

7
hosts/sobotka/modules.nix
View File

@@ -3,8 +3,8 @@
boot = {
kernel = {
variant = "latest";
hardware = [ "amd" ];
extraKernelParams = [ ];
hardware = ["amd"];
extraKernelParams = [];
};
loader = {
default = {
@@ -213,6 +213,9 @@
scheduler = "scx_lavd";
flags = "--performance";
};
tailscale = {
enable = false;
};
udisks = {
enable = true;
};

26
hosts/sobotka/server.nix
View File

@@ -8,25 +8,15 @@
uid = 994;
gid = 993;
authentik = {
enable = true;
};
traefik = {
enable = true;
};
www = {
enable = true;
url = "cnst.dev";
};
gitea = {
enable = true;
};
unbound = {
enable = true;
};
acme = {
enable = false;
};
homepage-dashboard = {
enable = true;
};
@@ -65,6 +55,22 @@
credentialsFile = config.age.secrets.vaultwardenCloudflared.path;
};
};
www = {
enable = true;
url = "cnst.dev";
cloudflared = {
tunnelId = "e5076186-efb7-405a-998c-6155af7fb221";
credentialsFile = config.age.secrets.wwwCloudflared.path;
};
};
authentik = {
enable = true;
url = "auth.cnst.dev";
cloudflared = {
tunnelId = "b66f9368-db9e-4302-8b48-527cda34a635";
credentialsFile = config.age.secrets.authentikCloudflared.path;
};
};
nextcloud = {
enable = true;
adminpassFile = config.age.secrets.nextcloudAdminPass.path;

3
hosts/ziggy/server.nix
View File

@@ -11,9 +11,6 @@
unbound = {
enable = true;
};
acme = {
enable = true;
};
homepage-dashboard = {
enable = false;
};

10
lib/theme/bgs.nix
View File

@@ -1,11 +1,11 @@
lib: {
bgs = rec {
files = {
wallpaper_1 = "~/media/images/bg_1.jpg";
wallpaper_2 = "~/media/images/bg_2.jpg";
wallpaper_3 = "~/media/images/bg_3.jpg";
wallpaper_4 = "~/media/images/waterwindow.jpg";
wallpaper_5 = "~/media/images/barngreet.png";
wallpaper_1 = "~/media/images/bgs/bg_1.jpg";
wallpaper_2 = "~/media/images/bgs/bg_2.jpg";
wallpaper_3 = "~/media/images/bgs/bg_3.jpg";
wallpaper_4 = "~/media/images/bgs/waterwindow.jpg";
wallpaper_5 = "~/media/images/bgs/barngreet.png";
};
list = builtins.attrNames files;

3
modules/default.nix
View File

@@ -100,7 +100,6 @@
./nixos/services/virtualisation
./nixos/services/locate
./nixos/services/mullvad
./nixos/services/mullvad-netns
./nixos/services/nfs
./nixos/services/nix-ld
./nixos/services/openssh
@@ -114,6 +113,7 @@
./nixos/services/udisks
./nixos/services/xserver
./nixos/services/zram
./nixos/services/tailscale
./nixos/system/fonts
./nixos/system/locale
@@ -123,7 +123,6 @@
server = {
imports = [
./server
./server/acme
./server/fail2ban
./server/homepage-dashboard
./server/nextcloud

2
modules/home/programs/alacritty/default.nix
View File

@@ -74,7 +74,7 @@ in
];
window = {
dynamic_title = true;
opacity = 0.9;
opacity = 0.95;
padding = {
x = 5;
y = 5;

70
modules/home/programs/mpv/default.nix
View File

@@ -7,6 +7,9 @@
let
inherit (lib) mkIf mkEnableOption;
cfg = config.home.programs.mpv;
inherit (config.xdg.userDirs) videos;
inherit (config.home) homeDirectory;
shaders_dir = "${pkgs.mpv-shim-default-shaders}/share/mpv-shim-default-shaders/shaders";
in
{
options = {
@@ -15,8 +18,71 @@ in
config = mkIf cfg.enable {
programs.mpv = {
enable = true;
defaultProfiles = [ "gpu-hq" ];
scripts = [ pkgs.mpvScripts.mpris ];
config = {
profile = "gpu-hq";
gpu-context = "wayland";
vo = "gpu-next";
video-sync = "display-resample";
interpolation = true;
tscale = "oversample";
fullscreen = false;
keep-open = true;
sub-auto = "fuzzy";
sub-font = "Noto Sans Medium";
sub-blur = 10;
screenshot-format = "png";
title = "\${filename} - mpv";
script-opts = "osc-title=\${filename},osc-boxalpha=150,osc-visibility=never,osc-boxvideo=yes";
ytdl-format = "bestvideo[height<=?1440]+bestaudio/best";
ao = "pipewire";
alang = "eng,en";
slang = "eng,en,enUS";
glsl-shader = "${homeDirectory}/.config/mpv/shaders/FSR.glsl";
scale = "lanczos";
cscale = "lanczos";
dscale = "mitchell";
deband = "yes";
scale-antiring = 1;
osc = "no";
osd-on-seek = "no";
osd-bar = "no";
osd-bar-w = 30;
osd-bar-h = "0.2";
osd-duration = 750;
really-quiet = "yes";
autofit = "65%";
};
bindings = {
"ctrl+a" = "script-message osc-visibility cycle";
};
scripts = with pkgs.mpvScripts; [
mpris
uosc
thumbfast
sponsorblock
autocrop
];
};
programs.yt-dlp = {
enable = true;
extraConfig = ''
-o ${videos}/youtube/%(title)s.%(ext)s
'';
};
home = {
file = {
".config/mpv/shaders/FSR.glsl".source = "${shaders_dir}/FSR.glsl";
};
packages = with pkgs; [
jellyfin-mpv-shim
];
};
};
}

13
modules/nixos/boot/kernel/default.nix
View File

@@ -5,7 +5,12 @@
...
}:
let
inherit (lib) mkOption types;
inherit (lib)
mkOption
types
mkEnableOption
mkIf
;
cfg = config.nixos.boot.kernel;
hasHardware = hw: builtins.elem hw cfg.hardware;
@@ -37,8 +42,11 @@ in
);
default = [ ];
description = "List of hardware types (e.g. GPU and CPU vendors) to configure kernel settings for.";
};
amdOverdrive.enable = mkEnableOption "Enable AMD pstate/overdrive";
extraKernelParams = mkOption {
type = types.listOf types.str;
default = [ ];
@@ -74,7 +82,7 @@ in
"quiet"
"splash"
]
++ (if hasHardware "amd" then [ "amd_pstate=active" ] else [ ])
++ (if hasHardware "amd" then [ ] else [ ])
++ (if hasHardware "intel" then [ ] else [ ])
++ (if hasHardware "nvidia" then [ ] else [ ])
++ cfg.extraKernelParams;
@@ -85,5 +93,6 @@ in
++ (if hasHardware "nvidia" then [ "nouveau" ] else [ ])
++ cfg.extraBlacklistedModules;
};
hardware.amdgpu.overdrive.enable = mkIf cfg.amdOverdrive.enable true;
};
}

66
modules/nixos/hardware/graphics/default.nix
View File

@@ -89,37 +89,39 @@ in
config = mkIf cfg.enable (mkMerge [
{
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = flatten (
concatMap (
vendor:
if vendor == "amd" then
commonPackages ++ mesaVulkanPackages
else if vendor == "intel" then
commonPackages
++ mesaVulkanPackages
++ (with pkgs; [
vpl-gpu-rt
intel-media-driver
intel-compute-runtime
intel-vaapi-driver
])
else if vendor == "nvidia" then
commonPackages
++ (with pkgs; [
nvidiaOffloadScript
intel-media-driver
nvidia-vaapi-driver
vulkan-tools
])
else
[ ]
) cfg.vendors
);
hardware = {
graphics = {
enable = true;
enable32Bit = true;
extraPackages = flatten (
concatMap (
vendor:
if vendor == "amd" then
commonPackages ++ mesaVulkanPackages
else if vendor == "intel" then
commonPackages
++ mesaVulkanPackages
++ (with pkgs; [
vpl-gpu-rt
intel-media-driver
intel-compute-runtime
intel-vaapi-driver
])
else if vendor == "nvidia" then
commonPackages
++ (with pkgs; [
nvidiaOffloadScript
intel-media-driver
nvidia-vaapi-driver
vulkan-tools
])
else
[ ]
) cfg.vendors
);
extraPackages32 = flatten (concatMap (_: commonPackages32) cfg.vendors);
extraPackages32 = flatten (concatMap (_: commonPackages32) cfg.vendors);
};
};
environment.systemPackages = flatten (
@@ -145,10 +147,6 @@ in
);
}
(mkIf (hasVendor "amd") {
hardware.amdgpu.overdrive.enable = true;
})
(mkIf (hasVendor "nvidia") {
hardware.nvidia = {
package =

7
modules/nixos/programs/niri/default.nix
View File

@@ -1,6 +1,5 @@
{
config,
inputs,
lib,
pkgs,
...
@@ -14,22 +13,22 @@ in
nixos.programs.niri.enable = mkEnableOption "Enables niri";
};
config = mkIf cfg.enable {
nixpkgs.overlays = [ inputs.niri.overlays.niri ];
environment = {
variables = {
DISPLAY = ":0";
NIXOS_OZONE_WL = "1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
};
systemPackages = with pkgs; [
xwayland-satellite-unstable
xwayland-satellite
wl-clipboard
wayland-utils
xdg-utils
];
};
systemd.user.services.niri-flake-polkit.enable = false;
programs.niri = {
enable = true;
package = pkgs.niri-unstable;
};
};
}

8
modules/nixos/services/agenix/default.nix
View File

@@ -74,19 +74,11 @@ in {
wgCredentials.file = "${self}/secrets/wgCredentials.age";
wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age";
gluetunEnvironment.file = "${self}/secrets/gluetunEnvironment.age";
nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age";
nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
pihole.file = "${self}/secrets/pihole.age";
slskd.file = "${self}/secrets/slskd.age";
};
})
(mkIf cfg.ziggy.enable {
secrets = {
cloudflareDnsCredentialsZiggy.file = "${self}/secrets/cloudflareDnsCredentialsZiggy.age";
piholeZiggy.file = "${self}/secrets/piholeZiggy.age";
};
})
(mkIf cfg.toothpc.enable {

2
modules/nixos/services/greetd/default.nix
View File

@@ -63,7 +63,7 @@ in
settings = rec {
tuigreet_session =
let
session = "${pkgs.niri-unstable}/bin/niri-session";
session = "${pkgs.niri}/bin/niri-session";
tuigreet = "${lib.getExe pkgs.tuigreet}";
in
{

50
modules/nixos/services/mullvad-netns/default.nix
View File

@@ -1,50 +0,0 @@
{ self, pkgs, ... }:
{
age.secrets.wgCredentials = {
file = "${self}/secrets/wgCredentials.age";
mode = "0400";
owner = "root";
group = "root";
path = "/etc/wireguard/mullvad.conf";
};
systemd.services.mullvad-netns = {
description = "WireGuard Mullvad netns for VMs";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.writeShellScript "mullvad-netns-up" ''
set -euo pipefail
ip netns add mullvad || true
ip link add veth0 type veth peer name veth1 || true
ip link set veth1 netns mullvad
ip addr add 10.250.0.1/24 dev veth0 || true
ip link set veth0 up
ip netns exec mullvad ip addr add 10.250.0.2/24 dev veth1 || true
ip netns exec mullvad ip link set veth1 up
ip netns exec mullvad wg-quick up /etc/wireguard/mullvad.conf
ip netns exec mullvad ip route add default dev wg0 || true
nft add table ip mullvad-nat || true
nft add chain ip mullvad-nat postrouting { type nat hook postrouting priority 100 \; } || true
nft add rule ip mullvad-nat postrouting ip saddr 10.250.0.0/24 oif "wg0" masquerade || true
''}";
ExecStop = "${pkgs.writeShellScript "mullvad-netns-down" ''
set -euo pipefail
ip netns exec mullvad wg-quick down /etc/wireguard/mullvad.conf || true
ip link delete veth0 || true
ip netns delete mullvad || true
nft delete table ip mullvad-nat || true
''}";
};
# no wantedBy here -> won't start at boot
};
}

16
modules/nixos/services/tailscale/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.nixos.services.tailscale;
in {
options.nixos.services.tailscale = {
enable = mkEnableOption "Enable tailscale";
};
config = mkIf cfg.enable {
services.tailscale.enable = true;
};
}

10
modules/nixos/system/xdg/default.nix
View File

@@ -30,13 +30,19 @@ in
enable = true;
xdgOpenUsePortal = cfg.xdgOpenUsePortal;
config = {
common.default = [ "gtk" ];
common.default = [
"gtk"
"gnome"
];
hyprland.default = [
"gtk"
"hyprland"
];
};
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
];
};
};
}

84
modules/server/acme/default.nix
View File

@@ -1,84 +0,0 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.server.acme;
getCloudflareCredentials = hostname:
if hostname == "ziggy"
then config.age.secrets.cloudflareDnsCredentialsZiggy.path
else if hostname == "sobotka"
then config.age.secrets.cloudflareDnsCredentials.path
else throw "Unknown hostname: ${hostname}";
in {
options = {
server.acme.enable = mkEnableOption "Enables ACME";
};
config = mkIf cfg.enable {
networking.firewall = let
ports = [
80
443
];
in {
allowedTCPPorts = ports;
};
security.acme = {
acceptTerms = true;
defaults.email = config.server.email;
certs.${config.server.domain} = {
reloadServices = ["caddy.service"];
domain = "${config.server.domain}";
extraDomainNames = ["*.${config.server.domain}"];
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
group = config.services.caddy.group;
environmentFile = getCloudflareCredentials config.networking.hostName;
};
certs.${config.server.www.url} = {
reloadServices = ["caddy.service"];
domain = "${config.server.www.url}";
extraDomainNames = ["*.${config.server.www.url}"];
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
group = config.services.caddy.group;
environmentFile = getCloudflareCredentials config.networking.hostName;
};
};
services.caddy = {
enable = true;
globalConfig = ''
auto_https off
'';
virtualHosts = {
"http://${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://*.${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://${config.server.www.url}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://*.${config.server.www.url}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
};
};
};
}

58
modules/server/authentik/default.nix
View File

@@ -15,7 +15,21 @@ in {
};
url = lib.mkOption {
type = lib.types.str;
default = "auth.${srv.domain}";
default = "auth.${srv.www.domain}";
};
cloudflared = {
credentialsFile = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression ''
pkgs.writeText "cloudflare-credentials.json" '''
{"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
'''
'';
};
tunnelId = lib.mkOption {
type = lib.types.str;
example = "00000000-0000-0000-0000-000000000000";
};
};
homepage.name = lib.mkOption {
type = lib.types.str;
@@ -36,10 +50,32 @@ in {
};
config = lib.mkIf cfg.enable {
age.secrets.authentikEnv = {
file = "${self}/secrets/authentikEnv.age";
owner = "authentik";
age.secrets = {
authentikEnv = {
file = "${self}/secrets/authentikEnv.age";
owner = "authentik";
group = "authentik";
mode = "0400";
};
authentikCloudflared = {
file = "${self}/secrets/authentikCloudflared.age";
owner = "authentik";
group = "authentik";
mode = "0400";
};
};
server = {
fail2ban = lib.mkIf cfg.enable {
jails = {
authentik = {
serviceName = "authentik";
failRegex = "^.*Username or password is incorrect.*IP:\s*<HOST>";
};
};
};
};
services = {
authentik = {
enable = true;
@@ -52,13 +88,22 @@ in {
};
};
cloudflared = {
enable = true;
tunnels.${cfg.cloudflared.tunnelId} = {
credentialsFile = cfg.cloudflared.credentialsFile;
default = "http_status:404";
ingress."${cfg.url}".service = "http://127.0.0.1:9000";
};
};
traefik = {
dynamicConfigOptions = {
http = {
middlewares = {
authentik = {
forwardAuth = {
tls.insecureSkipVerify = true;
# tls.insecureSkipVerify = true;
address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true;
authResponseHeaders = [
@@ -74,6 +119,7 @@ in {
"X-authentik-meta-app"
"X-authentik-meta-version"
];
timeout = "10s";
};
};
};
@@ -89,7 +135,7 @@ in {
routers = {
auth = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.domain}`) && PathPrefix(`/outpost.goauthentik.io/`)";
rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
tls.certResolver = "letsencrypt";
};

94
modules/server/fail2ban/default.nix
View File

@@ -4,11 +4,9 @@
config,
pkgs,
...
}:
let
}: let
cfg = config.server.fail2ban;
in
{
in {
options.server.fail2ban = {
enable = lib.mkEnableOption {
description = "Enable cloudflare fail2ban";
@@ -17,7 +15,7 @@ in
description = "File containing your API key, scoped to Firewall Rules: Edit";
type = lib.types.str;
example = lib.literalExpression ''
Authorization: Bearer Qj06My1wXJEzcW46QCyjFbSMgVtwIGfX63Ki3NOj79o=
Authorization: Bearer vH6-p0y=i4w3n7TjKqZ@x8D_lR!A9b2cOezXgUuJdE5F
'''
'';
};
@@ -57,54 +55,54 @@ in
pkgs.jq
];
jails = lib.attrsets.mapAttrs (name: value: {
settings = {
bantime = "30d";
findtime = "1h";
enabled = true;
backend = "systemd";
journalmatch = "_SYSTEMD_UNIT=${value.serviceName}.service";
port = "http,https";
filter = "${name}";
maxretry = 3;
action = "cloudflare-token-agenix";
};
}) cfg.jails;
jails =
lib.attrsets.mapAttrs (name: value: {
settings = {
bantime = "24h";
findtime = "10m";
enabled = true;
backend = "systemd";
journalmatch = "_SYSTEMD_UNIT=${value.serviceName}.service";
port = "http,https";
filter = "${name}";
maxretry = 3;
action = "cloudflare-token-agenix";
};
})
cfg.jails;
};
environment.etc = lib.attrsets.mergeAttrsList [
(lib.attrsets.mapAttrs' (
name: value:
(lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
text = ''
[Definition]
failregex = ${value.failRegex}
ignoreregex = ${value.ignoreRegex}
'';
})
) cfg.jails)
name: value: (lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
text = ''
[Definition]
failregex = ${value.failRegex}
ignoreregex = ${value.ignoreRegex}
'';
})
)
cfg.jails)
{
"fail2ban/action.d/cloudflare-token-agenix.conf".text =
let
notes = "Fail2Ban on ${config.networking.hostName}";
cfapi = "https://api.cloudflare.com/client/v4/zones/${cfg.zoneId}/firewall/access_rules/rules";
in
''
[Definition]
actionstart =
actionstop =
actioncheck =
actionunban = id=$(curl -s -X GET "${cfapi}" \
-H @${cfg.apiKeyFile} -H "Content-Type: application/json" \
| jq -r '.result[] | select(.notes == "${notes}" and .configuration.target == "ip" and .configuration.value == "<ip>") | .id')
if [ -z "$id" ]; then echo "id for <ip> cannot be found"; exit 0; fi; \
curl -s -X DELETE "${cfapi}/$id" \
-H @${cfg.apiKeyFile} -H "Content-Type: application/json" \
--data '{"cascade": "none"}'
actionban = curl -X POST "${cfapi}" -H @${cfg.apiKeyFile} -H "Content-Type: application/json" --data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"${notes}"}'
[Init]
name = cloudflare-token-agenix
'';
"fail2ban/action.d/cloudflare-token-agenix.conf".text = let
notes = "Fail2Ban on ${config.networking.hostName}";
cfapi = "https://api.cloudflare.com/client/v4/zones/${cfg.zoneId}/firewall/access_rules/rules";
in ''
[Definition]
actionstart =
actionstop =
actioncheck =
actionunban = id=$(curl -s -X GET "${cfapi}" \
-H @${cfg.apiKeyFile} -H "Content-Type: application/json" \
| jq -r '.result[] | select(.notes == "${notes}" and .configuration.target == "ip" and .configuration.value == "<ip>") | .id')
if [ -z "$id" ]; then echo "id for <ip> cannot be found"; exit 0; fi; \
curl -s -X DELETE "${cfapi}/$id" \
-H @${cfg.apiKeyFile} -H "Content-Type: application/json" \
--data '{"cascade": "none"}'
actionban = curl -X POST "${cfapi}" -H @${cfg.apiKeyFile} -H "Content-Type: application/json" --data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"${notes}"}'
[Init]
name = cloudflare-token-agenix
'';
}
];
};

119
modules/server/gitea/default.nix.bak
View File

@@ -1,119 +0,0 @@
# taken from @jtojnar
{
config,
lib,
...
}: let
unit = "gitea";
srv = config.server;
cfg = config.server.${unit};
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "git.${srv.domain}";
};
port = lib.mkOption {
type = lib.types.int;
default = 5003;
description = "The port to host Gitea on.";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Gitea";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "Git with a cup of tea";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "gitea.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
services.${unit} = {
enable = true;
appName = "cnix code forge";
database = {
type = "postgres";
socket = "/run/postgresql";
name = "gitea";
user = "gitea";
createDatabase = false;
};
lfs = {
enable = true;
};
settings = {
cors = {
ENABLED = true;
SCHEME = "https";
ALLOW_DOMAIN = cfg.url;
};
log = {
MODE = "console";
};
mailer = {
ENABLED = false;
MAILER_TYPE = "sendmail";
FROM = "noreply+adam@cnst.dev";
SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
};
picture = {
DISABLE_GRAVATAR = true;
};
repository = {
DEFAULT_BRANCH = "main";
DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true;
};
indexer = {
REPO_INDEXER_ENABLED = true;
};
server = {
DOMAIN = cfg.url;
LANDING_PAGE = "explore";
HTTP_PORT = cfg.port;
ROOT_URL = "https://${cfg.url}/";
};
security = {
DISABLE_GIT_HOOKS = false;
};
service = {
DISABLE_REGISTRATION = true;
};
session = {
COOKIE_SECURE = true;
};
};
};
services.traefik.dynamicConfigOptions.http.routers."${unit}" = {
rule = "Host(`" + cfg.url + "`)";
service = "${unit}-service";
entryPoints = ["websecure"];
tls = {};
};
services.traefik.dynamicConfigOptions.http.services."${unit}-service".loadBalancer.servers = [
{url = "http://127.0.0.1:${toString cfg.port}";}
];
server.postgresql.databases = [
{
database = "gitea";
}
];
};
}

30
modules/server/homepage-dashboard/default.nix
View File

@@ -1,6 +1,7 @@
{
config,
lib,
self,
...
}: let
unit = "homepage-dashboard";
@@ -36,11 +37,16 @@ in {
};
};
config = lib.mkIf cfg.enable {
age.secrets = {
homepageEnvironment = {
file = "${self}/secrets/homepageEnvironment.age";
};
};
services = {
glances.enable = true;
${unit} = {
enable = true;
allowedHosts = srv.domain;
environmentFile = config.age.secrets.homepageEnvironment.path;
settings = {
layout = [
{
@@ -79,7 +85,6 @@ in {
statusStyle = "dot";
hideVersion = "true";
};
widgets = [
{
openmeteo = {
@@ -91,32 +96,21 @@ in {
longitude = 16.324541;
};
}
{
datetime = {
text_size = "x1";
format = {
hour12 = false;
timeStyle = "short";
dateStyle = "long";
};
};
}
{
resources = {
label = "";
label = "SYSTEM";
memory = true;
disk = ["/"];
cpu = true;
uptime = true;
};
}
];
services = let
homepageCategories = [
"Arr"
"Media"
"Downloads"
"Services"
"Smart Home"
];
hl = config.server;
mergedServices = hl // hl.podman;
@@ -222,7 +216,9 @@ in {
traefik = {
dynamicConfigOptions = {
http = {
services.homepage.loadBalancer.servers = [{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}];
services.homepage.loadBalancer.servers = [
{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}
];
routers = {
homepage = {
entryPoints = ["websecure"];

6
modules/server/nextcloud/default.nix
View File

@@ -2,6 +2,7 @@
config,
pkgs,
lib,
self,
...
}: let
unit = "nextcloud";
@@ -45,6 +46,11 @@ in {
};
};
config = lib.mkIf cfg.enable {
age.secrets = {
nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age";
nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
};
server.fail2ban = lib.mkIf config.server.fail2ban.enable {
jails = {
nextcloud = {

6
modules/server/podman/default.nix
View File

@@ -2,6 +2,7 @@
config,
lib,
pkgs,
self,
...
}: let
srv = config.server;
@@ -121,6 +122,11 @@ in {
};
config = lib.mkIf cfg.enable {
age.secrets = {
pihole.file = "${self}/secrets/${config.networking.hostName}Pihole.age";
slskd.file = "${self}/secrets/slskd.age";
};
virtualisation = {
containers.enable = true;
podman.enable = true;

12
modules/server/vaultwarden/default.nix
View File

@@ -2,14 +2,13 @@
{
config,
lib,
self,
...
}:
let
}: let
inherit (lib) mkIf mkEnableOption;
vcfg = config.services.vaultwarden.config;
cfg = config.server.vaultwarden;
in
{
in {
options = {
server.vaultwarden = {
enable = mkEnableOption "Enables vaultwarden";
@@ -35,6 +34,11 @@ in
};
config = mkIf cfg.enable {
age.secrets = {
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
};
server = {
fail2ban = lib.mkIf config.server.fail2ban.enable {
jails = {

136
modules/server/www/default.nix
View File

@@ -2,12 +2,20 @@
lib,
config,
pkgs,
self,
...
}: let
inherit (lib) mkOption mkEnableOption mkIf types;
}:
let
inherit (lib)
mkOption
mkEnableOption
mkIf
types
;
cfg = config.server.www;
srv = config.server;
in {
in
{
options.server.www = {
enable = mkEnableOption {
description = "Enable personal website";
@@ -16,29 +24,115 @@ in {
default = "";
type = types.str;
description = ''
Public domain name to be used to access the server services via Caddy reverse proxy
Public domain name to be used to access the server services via Traefik reverse proxy
'';
};
cloudflared = {
credentialsFile = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression ''
pkgs.writeText "cloudflare-credentials.json" '''
{"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
'''
'';
};
tunnelId = lib.mkOption {
type = lib.types.str;
example = "00000000-0000-0000-0000-000000000000";
};
};
};
config = mkIf cfg.enable {
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.url;
extraConfig = ''
handle_path /.well-known/webfinger {
header Content-Type application/jrd+json
respond `{
"subject": "acct:adam@${cfg.url}",
"links": [
{
"rel": "http://openid.net/specs/connect/1.0/issuer",
"href": "https://login.${cfg.url}/realms/cnix"
}
]
}`
}
reverse_proxy http://127.0.0.1:8283
config = mkIf cfg.enable {
age.secrets = {
wwwCloudflared.file = "${self}/secrets/wwwCloudflared.age";
};
server = {
fail2ban = lib.mkIf config.server.www.enable {
jails = {
nginx-404 = {
serviceName = "nginx";
failRegex = ''^.*\[error\].*directory index of.* is forbidden.*client: <HOST>.*$'';
ignoreRegex = "";
maxRetry = 5;
};
};
};
};
services = {
nginx = {
enable = true;
defaultListen = [
{
addr = "127.0.0.1";
port = 8283;
}
];
virtualHosts."webfinger" = {
forceSSL = false;
serverName = cfg.url;
root = "/var/www/webfinger";
locations."= /.well-known/webfinger" = {
root = "/var/www/webfinger";
extraConfig = ''
default_type application/jrd+json;
try_files /.well-known/webfinger =404;
'';
};
locations."= /robots.txt" = {
root = "/var/www/webfinger";
extraConfig = ''
default_type text/plain;
try_files /robots.txt =404;
'';
};
};
};
cloudflared = {
enable = true;
tunnels.${cfg.cloudflared.tunnelId} = {
credentialsFile = cfg.cloudflared.credentialsFile;
default = "http_status:404";
ingress."${cfg.url}".service = "http://127.0.0.1:8283";
};
};
};
environment.etc = {
"webfinger/.well-known/webfinger".text = ''
{
"subject": "acct:adam@${cfg.url}",
"links": [
{
"rel": "http://openid.net/specs/connect/1.0/issuer",
"href": "https://auth.${cfg.url}/application/o/tailscale/"
}
]
}
'';
"webfinger/robots.txt".text = ''
User-agent: *
Disallow: /
'';
};
services.traefik.dynamicConfigOptions.http = {
routers.webfinger = {
entryPoints = [ "websecure" ];
rule = "Host(`${cfg.url}`) && Path(`/.well-known/webfinger`)";
service = "webfinger";
tls.certResolver = "letsencrypt";
};
services.webfinger.loadBalancer.servers = [
{ url = "http://127.0.0.1:8283"; }
];
};
};
}

5
scripts/bin/choosepaper.sh Normal file
View File

@@ -0,0 +1,5 @@
export bg_dir="$HOME/media/images/bgs/"
find "$bg_dir" -type f | fzf --reverse --preview 'pistol {}' | while read -r img; do
pkill swaybg || true
swaybg -m fill -o '*' -i "$img" &
done

14
scripts/default.nix
View File

@@ -33,6 +33,20 @@ in
);
};
".local/bin/choosepaper.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "spawn";
runtimeInputs = with pkgs; [
fzf
swaybg
pistol
];
text = readFile ./bin/choosepaper.sh;
}
);
};
".local/bin/pavucontrol-toggle.sh" = {
source = getExe (
pkgs.writeShellApplication {

14
secrets/authentikCloudflared.age Normal file
View File

@@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg 2oTh42u4hxJGAypwwLJwDCPMngauHB8BhKA83xAXr1M
Sr6Hbfnd52F0dUk5RO3wxxJ7RGi3+NUCBq/MzDbKR7s
-> ssh-ed25519 KUYMFA O2j6gYY1QR1ZlFiWw+7y6nKUeE658Wp3PdV6dsMqwTU
NYwnTkZX5PHnNtL1vqJqIsYzIFUY43AVso8ecMAHvWs
-> ssh-ed25519 76RhUQ VTzoQh0fHrG41Gr0YnPY7Jz7yFFugigm/DpUUE/Ny18
SITvKJf5+ql4DhpJoPVvEXdLGIBeKnlLlm8u4QPr0RY
-> ssh-ed25519 Jf8sqw oVI2y3zqpswvyZoNwklrKI1ZbxMJ5a1kzc43RErkbD8
aHNuHMH2XNQ7+9sfsA8LMhBSgTDmvmI1wY26V2j+lsE
--- 0UL0vxM2f5IeVhDO1Cg7SUmhuvpFh+GsEEW4g5JEORU
<EFBFBD>)q<>$*<2A><><EFBFBD>b<10>X<EFBFBD><58><EFBFBD>`<60> %f
_<EFBFBD>%%1ݗ<><DD97><EFBFBD>)<29><>fT<66>٧&<26>`+<2B>K<EFBFBD><4B>q<EFBFBD><71>I<><EEADBE><EFBFBD><EFBFBD><EFBFBD><19><><03>\=<3D>M<EFBFBD><4D><18>
!<21><>7<EFBFBD>b<EFBFBD>]<5D>X<>_lri<72>_<EFBFBD><03><>;<3B>R
<EFBFBD>)<29><>c<EFBFBD>H<><48>5. p<> :m<>_<EFBFBD>&Vj/<2F><01><>Ra|MU<4D><55>b<EFBFBD><62><02>y<EFBFBD><79><EFBFBD><EFBFBD>El<45>nS<6E>9"<11><>گ+<<3C>

BIN
secrets/homepageEnvironment.age
View File

Binary file not shown.

74
secrets/secrets.nix
View File

@@ -1,7 +1,11 @@
let
# --- Users ---
cnst = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
kima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
ukima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
rkima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
# --- Hosts: bunk ---
ubunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXCjkKouZrsMoswMIeueO8X/c3kuY3Gb0E9emvkqwUv cnst@cnixpad";
rbunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH72llEVDSHH/FZnjLVCe6zfdkdJRRVg2QL+ifHiPXXk root@cnix";
# --- Hosts: sobotka ---
usobotka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5ydTeaWcowmNXdDNqIa/lb5l9w5CAzyF2Kg6U5PSSu cnst@sobotka";
@@ -12,9 +16,13 @@ let
rziggy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnca8xg1MZ4Hx5k5SVFSxcPnWc1O6r7w7JGYzX9aQm8 root@nixos";
# --- Groups ---
core = [
cnst
kima
kima = [
ukima
rkima
];
bunk = [
ubunk
rbunk
];
sobotka = [
usobotka
@@ -24,38 +32,40 @@ let
uziggy
rziggy
];
all = core ++ sobotka ++ ziggy;
all = kima ++ bunk ++ sobotka ++ ziggy;
in {
# Generic
"cnstssh.age".publicKeys = core;
"cnixssh.age".publicKeys = core;
"certpem.age".publicKeys = core;
"keypem.age".publicKeys = core;
"mailpwd.age".publicKeys = core;
"gcapi.age".publicKeys = core;
"cnstssh.age".publicKeys = kima;
"cnixssh.age".publicKeys = kima;
"certpem.age".publicKeys = kima;
"keypem.age".publicKeys = kima;
"mailpwd.age".publicKeys = kima;
"gcapi.age".publicKeys = kima;
# Shared between core + sobotka
"cloudflareEnvironment.age".publicKeys = core ++ sobotka;
"vaultwardenEnvironment.age".publicKeys = core ++ sobotka;
"homepageEnvironment.age".publicKeys = core ++ sobotka;
"cloudflareFirewallApiKey.age".publicKeys = core ++ sobotka;
"vaultwardenCloudflared.age".publicKeys = core ++ sobotka;
"nextcloudCloudflared.age".publicKeys = core ++ sobotka;
"nextcloudAdminPass.age".publicKeys = core ++ sobotka;
"cloudflareDnsApiToken.age".publicKeys = core ++ sobotka;
"cloudflareDnsCredentials.age".publicKeys = core ++ sobotka;
"wgCredentials.age".publicKeys = core ++ sobotka;
"wgSobotkaPrivateKey.age".publicKeys = core ++ sobotka;
"gluetunEnvironment.age".publicKeys = core ++ sobotka;
"pihole.age".publicKeys = core ++ sobotka;
"slskd.age".publicKeys = core ++ sobotka;
"authentikEnv.age".publicKeys = core ++ sobotka;
"traefikEnv.age".publicKeys = core ++ sobotka;
# Shared between kima + sobotka
"cloudflareEnvironment.age".publicKeys = kima ++ sobotka;
"vaultwardenEnvironment.age".publicKeys = kima ++ sobotka;
"homepageEnvironment.age".publicKeys = kima ++ sobotka;
"cloudflareFirewallApiKey.age".publicKeys = kima ++ sobotka;
"vaultwardenCloudflared.age".publicKeys = kima ++ sobotka;
"nextcloudCloudflared.age".publicKeys = kima ++ sobotka;
"nextcloudAdminPass.age".publicKeys = kima ++ sobotka;
"cloudflareDnsApiToken.age".publicKeys = kima ++ sobotka;
"cloudflareDnsCredentials.age".publicKeys = kima ++ sobotka;
"wgCredentials.age".publicKeys = kima ++ sobotka;
"wgSobotkaPrivateKey.age".publicKeys = kima ++ sobotka;
"gluetunEnvironment.age".publicKeys = kima ++ sobotka;
"sobotkaPihole.age".publicKeys = kima ++ sobotka;
"slskd.age".publicKeys = kima ++ sobotka;
"authentikEnv.age".publicKeys = kima ++ sobotka;
"traefikEnv.age".publicKeys = kima ++ sobotka;
"wwwCloudflared.age".publicKeys = kima ++ sobotka;
"authentikCloudflared.age".publicKeys = kima ++ sobotka;
# Ziggy-specific
"cloudflareDnsCredentialsZiggy.age".publicKeys = core ++ ziggy;
"piholeZiggy.age".publicKeys = core ++ ziggy;
"cloudflareDnsCredentialsZiggy.age".publicKeys = kima ++ ziggy;
"ziggyPihole.age".publicKeys = kima ++ ziggy;
# Both sobotka + ziggy (for HA stuff like keepalived)
"keepalived.age".publicKeys = core ++ sobotka ++ ziggy;
"keepalived.age".publicKeys = kima ++ sobotka ++ ziggy;
}

0
secrets/pihole.age → secrets/sobotkaPihole.age
View File

11
secrets/wwwCloudflared.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg CWarcJM8RPjJW+e3BQ99KEUnOZQUDEIIeygeh/8MZUw
xux60KMmyOVvgiuEqyEPXM1Wr2ne8AyHT6CAWKMOcKo
-> ssh-ed25519 KUYMFA AThOlxHT41vsczkSGzJmT+VmWC2dAnLiIcTJP+YySkc
Jy8HyRuzIFtGYMimxsQNm2NnbluVwS6ZuXhq4uRfabY
-> ssh-ed25519 76RhUQ dKyDJ4DCNtYWQ2+cC7gwa+14aw99S+mU38tpQrlOmFc
0mD5Qcv8b8Bh1e4mbqdH26UtCJaUe7C7dDDSXJd1iRY
-> ssh-ed25519 Jf8sqw To2I/347gMqYx0PxMgYqbGekUpfqWOQwtgJ+0AFilTw
nIo4dH9JnOuWo48a17Kjyee5sQV8HN+PNXCWDT4fjIg
--- SuE6Z9ipbuWhxoaULMf6OGtG3BNkQ1BpWXkgfAI7Y6Y
<EFBFBD>R<EFBFBD>u1<12><><16><><EFBFBD>d<EFBFBD>ژdʋ(s <0B>)<29>M0v<30>ѹ<EFBFBD><D1B9><EFBFBD>Z<EFBFBD>V<EFBFBD><56><10>q<05>i<EFBFBD>i<EFBFBD><69>Ec* <09>{<7B>~teP<65><50><EFBFBD>{<1C>D<>mA~Ŭ<><1B>c.<2E>TbƝ<62>}<<3C><><EFBFBD><EFBFBD><EFBFBD>e0<65>Vq <0C><><EFBFBD>k<EFBFBD><6B><EFBFBD> b<>T<1F><>*Y<><59>$<24><>t<EFBFBD><74>:<3A><>^<1C><>+<2B><1D><>;<3B>1<EFBFBD><31><EFBFBD>ۤ<EFBFBD><DBA4>Ӎ<12>X<EFBFBD>H<EFBFBD><03><>u<EFBFBD><75><EFBFBD>g<EFBFBD>߄<EFBFBD>o<EFBFBD>/<2F>G<EFBFBD><0E><><16>Kl<4B>I<EFBFBD>C<EFBFBD><43>==A<><11><>Y<EFBFBD><59><EFBFBD>U<EFBFBD><55><EFBFBD><EFBFBD>

0
secrets/piholeZiggy.age → secrets/ziggyPihole.age
View File

1
users/cnst/default.nix
View File

@@ -23,6 +23,5 @@
json.enable = false;
manpages.enable = false;
};
programs.home-manager.enable = true;
}

2
users/cnst/modules/bunkmod.nix
View File

@@ -131,7 +131,7 @@
enable = true;
};
syncthing = {
enable = true;
enable = false;
};
udiskie = {
enable = true;

4
users/cnst/modules/kimamod.nix
View File

@@ -11,7 +11,7 @@
enable = true;
};
chromium = {
enable = true;
enable = false;
};
discord = {
enable = true;
@@ -132,7 +132,7 @@
enable = true;
};
syncthing = {
enable = true;
enable = false;
};
udiskie = {
enable = true;

154
users/cnst/modules/sobotkamod.nix
View File

@@ -1,154 +0,0 @@
{
home = {
programs = {
aerc = {
enable = false;
};
alacritty = {
enable = false;
};
bash = {
enable = true;
};
chromium = {
enable = false;
};
discord = {
enable = false;
};
eza = {
enable = true;
};
floorp = {
enable = false;
};
firefox = {
enable = false;
};
fish = {
enable = true;
};
foot = {
enable = false;
};
fuzzel = {
enable = false;
};
git = {
enable = true;
};
ghostty = {
enable = false;
};
helix = {
enable = true;
};
hyprlock = {
enable = false;
};
jujutsu = {
enable = false;
};
kitty = {
enable = false;
};
mpv = {
enable = false;
};
neovim = {
enable = false;
};
nvf = {
enable = false;
};
nwg-bar = {
enable = false;
};
pkgs = {
enable = true;
};
rofi = {
enable = false;
};
ssh = {
enable = true;
};
tuirun = {
enable = false;
};
vscode = {
enable = false;
};
waybar = {
enable = false;
};
wezterm = {
enable = false;
};
yazi = {
enable = false;
};
zathura = {
enable = false;
};
zed-editor = {
enable = false;
};
zellij = {
enable = false;
};
zen = {
enable = false;
};
zsh = {
enable = false;
};
};
services = {
blueman-applet = {
enable = false;
};
copyq = {
enable = false;
};
dconf = {
settings = {
color-scheme = "prefer-dark";
};
};
dunst = {
enable = false;
};
gpg = {
enable = true;
};
gtk = {
enable = false;
};
hypridle = {
enable = false;
};
hyprpaper = {
enable = false;
};
mako = {
enable = false;
};
nix-index = {
enable = true;
};
protonmail-bridge = {
enable = false;
};
syncthing = {
enable = false;
};
udiskie = {
enable = false;
};
xdg = {
enable = false;
};
};
};
}

4
users/cnst/variables/default.nix
View File

@@ -14,8 +14,8 @@ let
BROWSER = "zen";
EDITOR = "hx";
TERM = "xterm-256color";
VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d";
# VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
# STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d";
QT_QPA_PLATFORM = "wayland";
XDG_SESSION_TYPE = "wayland";
};