cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

Compare commits

base: cnst:3156e922109491a661aef668157cf37c79e4d3ff
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken
...
compare: cnst:compare_broken
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken

53 Commits
3156e92210 ... compare_br

Author SHA1 Message Date
cnst
d53bf7546a broken 2 2025-10-05 10:02:39 +02:00
cnst
c9edc99a85 chore(revert): slowly introducing changes 2025-10-05 09:27:51 +02:00
cnst
67e83e3e4e feat(authentik): fixing some fail2ban things 2025-10-02 05:45:35 +02:00
cnst
923c810972 feat(authentik): fixing some fail2ban things 2025-10-01 18:00:55 +02:00
cnst
6ab35f4e91 feat(www): fixing fail2ban and other minor tweaks 2025-09-30 18:16:49 +02:00
cnst
593f0e619c chore(ded): remove dead code 2025-09-29 19:31:23 +02:00
cnst
688e23d229 feat(pstate): opt in changes and sooooo 2025-09-29 19:28:33 +02:00
cnst
725a3ed27e chore(niri): go to nixpkgs niri release 2025-09-29 17:10:38 +02:00
cnst
e45dc0d223 feat(homelab): fixing cf tunnels, authentik and tailscale! 2025-09-28 18:27:17 +02:00
cnst
bc78dd7302 chore(?): hm 2025-09-28 16:24:32 +02:00
cnst
94c34f8675 chore(update): flake lock 2025-09-28 08:03:38 +02:00
cnst
fda7d972c4 chore(age): adding bunk credentials to agenix 2025-09-27 19:54:03 +02:00
cnst
f6bb6672bb chore(agenix): refactor some secrets 2025-09-27 14:35:04 +02:00
cnst
68f1cb9b09 chore(misc): removing dead code and small insignificant changes 2025-09-26 20:41:26 +02:00
cnst
e721a2088b feat(homepage-dashboard): adding some disk info 2025-09-26 17:41:19 +02:00
cnst
551a47989c Merge pull request 'feat(swaybg) adding swaybg and some script' (#5) from wutwut into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/5
 2025-09-25 17:30:37 +02:00
cnst
2cb07c45a7 Merge pull request 'feat(swaybg) adding bg script' (#4) from wut into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/4
 2025-09-25 17:26:09 +02:00
cnst
4666731676 feat(swaybg) adding swaybg and some script 2025-09-25 17:17:49 +02:00
cnst
8fe6382c48 feat(swaybg) adding bg script 2025-09-25 17:16:55 +02:00
cnst
068f47e9a2 chore(alacritty): fix cfg 2025-09-24 18:46:36 +02:00
cnst
27bd976a60 chore(alacritty): fix cfg 2025-09-24 06:30:48 +02:00
cnst
9adfb329af feat(theme): go to adwaita gtk theme 2025-09-23 20:04:08 +02:00
cnst
757c3081fd feat(alacritty): change theme and flake lock 2025-09-23 20:02:08 +02:00
cnst
1d2f934c98 chore(?): remove deader code 2025-09-23 18:14:43 +02:00
cnst
86624f362d feat(IP): migrate to traefik and authentik, remove dead code 2025-09-23 18:13:28 +02:00
cnst
b752781064 feat(nextcloud): switch from nginx to caddy 2025-09-21 13:27:02 +02:00
cnst
884b40c71d chore(?): remove dead code 2025-09-21 10:32:05 +02:00
cnst
f861d363ca feat(nextcloud): finishing touches and other chores 2025-09-21 10:28:54 +02:00
cnst
c63daec95c feat(nextcloud): tweaks to nextcloud 2025-09-20 12:31:12 +02:00
cnst
2e1d28450b Merge pull request 'feat(nextcloud): back to basics' (#3) from nextc into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/3
 2025-09-19 20:09:18 +02:00
cnst
1228c800a1 feat(nextcloud): back to basics 2025-09-19 20:08:45 +02:00
cnst
1c8ccb6405 feat(sh): niri spawning script for stacking two windows of same app vertically 2025-09-19 20:03:11 +02:00
cnst
3b7e566545 Merge pull request 'chore(update): remove lix patch, minor waybar changes' (#2) from update into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/2
 2025-09-18 20:00:32 +02:00
cnst
8c07f3642b chore(update): remove lix patch, minor waybar changes 2025-09-18 19:59:39 +02:00
cnst
0d447771eb feat(cloud): small change 2025-09-16 15:40:52 +02:00
cnst
73960162b0 feat(cloud): a lot of shitty stuff 2025-09-16 15:01:48 +02:00
cnst
eb76e0242d Merge pull request 'feat(nextcloud): adding nextcloud)' (#1) from nextcloud into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/1
 2025-09-16 10:16:21 +02:00
cnst
d58ad62975 feat(nextcloud): adding nextcloud) 2025-09-16 10:15:32 +02:00
cnst
8f2dbe061b feat(nextcloud): adding some secrets and stuff 2025-09-16 10:15:06 +02:00
cnst
a843e806bd feat(libvirtd): adding virtualisation 2025-09-16 08:54:20 +02:00
cnst
bc8b5449c7 fix(syncthing): disable 2025-09-15 18:18:57 +02:00
cnst
002f23378b fix(syncthing): typo 2025-09-15 17:49:59 +02:00
cnst
fb4c9dbba2 feat(gitea): disable mailing and test indexing 2025-09-15 12:20:20 +02:00
cnst
13b18e64a0 feat(git): adding gitea and postgresql, copied jtojnar setup to play around with 2025-09-15 11:57:01 +02:00
cnsta
9f2c86920f Merge pull request #64 from cnsta/dashy 
feat(dashy): broken
 2025-09-15 08:20:33 +02:00
cnst
1e675d1c81 feat(dashy): broken 2025-09-15 08:18:35 +02:00
cnst
d865a5c9cb chore(update): temp patch lix, ssh keys and other fixes 2025-09-15 08:17:38 +02:00
cnst
cc43567fc9 fuck 2025-09-14 21:56:15 +02:00
cnst
1db875ce10 feat(dashy): giving it a test run 2025-09-14 14:58:28 +02:00
cnst
c1bbd3d8ba feat(arr): tweaking flaresolverr 2.0 2025-09-14 10:54:58 +02:00
cnst
b4dcdac1f8 feat(arr): tweaking flaresolverr 2025-09-14 10:54:22 +02:00
cnst
06d95cdb8e feat(arr): adding flaresolverr 2025-09-14 10:52:44 +02:00
cnst
af910eacda fix(keepalived): change IP 2025-09-14 10:39:57 +02:00
82 changed files with 2272 additions and 1244 deletions
Expand all files Collapse all files

566
flake.lock generated
View File

@@ -23,16 +23,17 @@
},
"anyrun": {
"inputs": {
"anyrun-provider": "anyrun-provider",
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2",
"systems": "systems_2"
},
"locked": {
"lastModified": 1757042560,
"narHash": "sha256-M+N9yi0ziCVeMGuqMnLRZBoIoZHXCvWNlkLBpyp+4Jo=",
"lastModified": 1758874004,
"narHash": "sha256-+RUCBtT01Z595NpGc6Tvms+dJ/C/cn1zdjT9+gE6dbU=",
"owner": "anyrun-org",
"repo": "anyrun",
"rev": "df2a914b5acdd0f39ed4bf4336afc9e94fb28be8",
"rev": "3c571bc1514c4211d1d6c011a1d482f97efd9c5f",
"type": "github"
},
"original": {
@@ -41,6 +42,27 @@
"type": "github"
}
},
"anyrun-provider": {
"inputs": {
"nixpkgs": [
"anyrun",
"nixpkgs"
]
},
"locked": {
"lastModified": 1758817837,
"narHash": "sha256-J3Jl4Z8SJHj+ogyohPeypT5LmQtCupdBteFezwiEZ9E=",
"owner": "anyrun-org",
"repo": "anyrun-provider",
"rev": "b20650aa1bf80ae86b5bf5253d21fc0ddb7985c7",
"type": "github"
},
"original": {
"owner": "anyrun-org",
"repo": "anyrun-provider",
"type": "github"
}
},
"aquamarine": {
"inputs": {
"hyprutils": [
@@ -61,11 +83,11 @@
]
},
"locked": {
"lastModified": 1755946532,
"narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=",
"lastModified": 1759499898,
"narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada",
"rev": "655e067f96fd44b3f5685e17f566b0e4d535d798",
"type": "github"
},
"original": {
@@ -74,6 +96,54 @@
"type": "github"
}
},
"authentik": {
"inputs": {
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": [
"flake-parts"
],
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": [
"nixpkgs"
],
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"systems": "systems_3",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1759322529,
"narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "69fac057b2e553ee17c9a09b822d735823d65a6c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "authentik-nix",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1759190535,
"narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.8.4",
"repo": "authentik",
"type": "github"
}
},
"chaotic": {
"inputs": {
"flake-schemas": "flake-schemas",
@@ -83,11 +153,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1757122261,
"narHash": "sha256-K4b+ujyYhbur7TY4JCiiKXdNLeAvsAkoFW8ulOkfayY=",
"lastModified": 1759532138,
"narHash": "sha256-sLQIlgDwMP3mEY2PwjGW+cL56QQ2n2WXoZ3GpG5QWOY=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "e347ef625cf40c90592e419521b0d5127272a045",
"rev": "bad02bbca5b5c6d45539a0d740ad0e21b1ba9afc",
"type": "github"
},
"original": {
@@ -142,11 +212,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1756795219,
"narHash": "sha256-tKBQtz1JLKWrCJUxVkHKR+YKmVpm0KZdJdPWmR2slQ8=",
"lastModified": 1759646430,
"narHash": "sha256-V8mjmGzi9nS7BZfhpzYAOUg3BcCsC6MrEh9xlKq3+7s=",
"owner": "nix-community",
"repo": "fenix",
"rev": "80dbdab137f2809e3c823ed027e1665ce2502d74",
"rev": "b326bea4d58c9a58b346f17c710538eac00f71d1",
"type": "github"
},
"original": {
@@ -156,6 +226,7 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
@@ -171,7 +242,6 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
@@ -203,6 +273,22 @@
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1751685974,
@@ -226,11 +312,11 @@
]
},
"locked": {
"lastModified": 1754487366,
"narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github"
},
"original": {
@@ -246,11 +332,11 @@
]
},
"locked": {
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"lastModified": 1759362264,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github"
},
"original": {
@@ -306,11 +392,11 @@
]
},
"locked": {
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"lastModified": 1759362264,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github"
},
"original": {
@@ -354,6 +440,27 @@
"url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": [
"authentik",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fonts": {
"inputs": {
"flake-parts": "flake-parts_3",
@@ -384,11 +491,11 @@
]
},
"locked": {
"lastModified": 1755960406,
"narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
"lastModified": 1759523803,
"narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
"rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835",
"type": "github"
},
"original": {
@@ -464,11 +571,11 @@
},
"hardware": {
"locked": {
"lastModified": 1757103352,
"narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=",
"lastModified": 1759582739,
"narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "11b2a10c7be726321bb854403fdeec391e798bf0",
"rev": "3441b5242af7577230a78ffb03542add264179ab",
"type": "github"
},
"original": {
@@ -483,11 +590,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1757082973,
"narHash": "sha256-mnzEsFAJkw26fvE0SE1jrzdAZrwDDleTTgNL7huXABI=",
"lastModified": 1759605748,
"narHash": "sha256-qALSaIE4fbTo0wbPjEp7RZKbtFk1cDhRZ0BYOHW0JwQ=",
"owner": "helix-editor",
"repo": "helix",
"rev": "d0218f7e78bc0c3af4b0995ab8bda66b9c542cf3",
"rev": "6fffaf6a7ded9a12fb2d5715a4eb83787a5e6402",
"type": "github"
},
"original": {
@@ -503,11 +610,11 @@
]
},
"locked": {
"lastModified": 1757075491,
"narHash": "sha256-a+NMGl5tcvm+hyfSG2DlVPa8nZLpsumuRj1FfcKb2mQ=",
"lastModified": 1759573136,
"narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f56bf065f9abedc7bc15e1f2454aa5c8edabaacf",
"rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43",
"type": "github"
},
"original": {
@@ -545,11 +652,11 @@
]
},
"locked": {
"lastModified": 1757072639,
"narHash": "sha256-8aC1lUvVpu2BBBgX7iKYyf5nyuGfoyYStxD4es3mzuM=",
"lastModified": 1759337100,
"narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a51e585a05d318f988dfe09ec7fe31de966d9a76",
"rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3",
"type": "github"
},
"original": {
@@ -603,11 +710,11 @@
]
},
"locked": {
"lastModified": 1755678602,
"narHash": "sha256-uEC5O/NIUNs1zmc1aH1+G3GRACbODjk2iS0ET5hXtuk=",
"lastModified": 1759490292,
"narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "157cc52065a104fc3b8fa542ae648b992421d1c7",
"rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
"type": "github"
},
"original": {
@@ -667,11 +774,11 @@
]
},
"locked": {
"lastModified": 1756291201,
"narHash": "sha256-YzRWE3rCnsY0WDRJcn4KvyWUoe+5zdkUYNIaHGP9BZ4=",
"lastModified": 1757420192,
"narHash": "sha256-jVkY2ax7e+V+M4RwLZTJnOVTdjR5Bj10VstJuK60tl4=",
"owner": "hyprwm",
"repo": "hypridle",
"rev": "5430b73ddf148651bcf35fa39ed4d757c7534028",
"rev": "f158b2fe9293f9b25f681b8e46d84674e7bc7f01",
"type": "github"
},
"original": {
@@ -692,15 +799,15 @@
"hyprwayland-scanner": "hyprwayland-scanner_2",
"nixpkgs": "nixpkgs_6",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_3",
"systems": "systems_4",
"xdph": "xdph"
},
"locked": {
"lastModified": 1756977414,
"narHash": "sha256-Hz5S4fILpYd1smWDZ+uLYjHgW22v6JS/04j15I4cFZE=",
"lastModified": 1759530922,
"narHash": "sha256-9NgZKpibALekGTPDc2O8lP8vFealQSZkXe+L+S7MMZU=",
"owner": "hyprwm",
"repo": "hyprland",
"rev": "4e785d12a91117cd5b255052799d1a051d9976c0",
"rev": "76d998743ac10e712238c1016db4d8e8d16f1049",
"type": "github"
},
"original": {
@@ -717,11 +824,11 @@
]
},
"locked": {
"lastModified": 1755680610,
"narHash": "sha256-g7/g5o0spemkZCzPa8I21RgCmN0Kv41B5z9Z5HQWraY=",
"lastModified": 1759613406,
"narHash": "sha256-PzgQJydp+RlKvwDi807pXPlURdIAVqLppZDga3DwPqg=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "04721247f417256ca96acf28cdfe946cf1006263",
"rev": "32e1a75b65553daefb419f0906ce19e04815aa3a",
"type": "github"
},
"original": {
@@ -835,11 +942,11 @@
]
},
"locked": {
"lastModified": 1753819801,
"narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=",
"lastModified": 1759080228,
"narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc",
"rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
"type": "github"
},
"original": {
@@ -864,11 +971,11 @@
]
},
"locked": {
"lastModified": 1753622892,
"narHash": "sha256-0K+A+gmOI8IklSg5It1nyRNv0kCNL51duwnhUO/B8JA=",
"lastModified": 1758927902,
"narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "23f0debd2003f17bd65f851cd3f930cff8a8c809",
"rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
"type": "github"
},
"original": {
@@ -899,11 +1006,11 @@
]
},
"locked": {
"lastModified": 1756969494,
"narHash": "sha256-gpTDaJT8CSTqumMdENIw4x+mmbeoP1D3ywuAaOaRfac=",
"lastModified": 1759572448,
"narHash": "sha256-o+r44fqPQM+/hQdjFy9qV9C51Jhty6M4icFVYocyJfA=",
"owner": "hyprwm",
"repo": "hyprlock",
"rev": "04cfdc4e5bb0e53036e70cc20922ab346ce165cd",
"rev": "c8a6768dca626cf7d7cbc333095f048bc007b6d9",
"type": "github"
},
"original": {
@@ -962,11 +1069,11 @@
]
},
"locked": {
"lastModified": 1756117388,
"narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=",
"lastModified": 1759490926,
"narHash": "sha256-7IbZGJ5qAAfZsGhBHIsP8MBsfuFYS0hsxYHVkkeDG5Q=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0",
"rev": "94cce794344538c4d865e38682684ec2bbdb2ef3",
"type": "github"
},
"original": {
@@ -1084,11 +1191,11 @@
]
},
"locked": {
"lastModified": 1757052778,
"narHash": "sha256-rYszJwY0EArAqK6q0i5bB1zxNCNRk6gVmD9SIvnoXW8=",
"lastModified": 1759387127,
"narHash": "sha256-uuwJAP92SkHmnI1zo7rrK/gEuHtb97vFZcMa5w+0SZA=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "ceaa413a68f28bbf6731464594fdb2c3513e9110",
"rev": "0cc290e05882745060fccfe6d7d073f913e0cce7",
"type": "github"
},
"original": {
@@ -1100,7 +1207,7 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_7",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
@@ -1122,11 +1229,11 @@
},
"mnw": {
"locked": {
"lastModified": 1756659871,
"narHash": "sha256-v6Rh4aQ6RKjM2N02kK9Usn0Ix7+OY66vNpeklc1MnGE=",
"lastModified": 1758834834,
"narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=",
"owner": "Gerg-L",
"repo": "mnw",
"rev": "ed6cc3e48557ba18266e598a5ebb6602499ada16",
"rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001",
"type": "github"
},
"original": {
@@ -1135,59 +1242,29 @@
"type": "github"
}
},
"niri": {
"napalm": {
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
"flake-utils": [
"authentik",
"flake-utils"
],
"nixpkgs": [
"authentik",
"nixpkgs"
]
},
"locked": {
"lastModified": 1757698528,
"narHash": "sha256-vXZaxm2LfFrVyuUOKkyWpwR0K2WB7k2oo94HN1o4910=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "2418edea929640fb5f856bc0a25fb91f54dfc229",
"lastModified": 1725806412,
"narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=",
"owner": "willibutz",
"repo": "napalm",
"rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5",
"type": "github"
},
"original": {
"owner": "sodiboo",
"repo": "niri-flake",
"type": "github"
}
},
"niri-stable": {
"flake": false,
"locked": {
"lastModified": 1756556321,
"narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"ref": "v25.08",
"repo": "niri",
"type": "github"
}
},
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1757656821,
"narHash": "sha256-MDaLusQZflxngGMU41g6cqabM7KE8I55UazzAZsjNN0=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "b7909dbf61c7c1511b9a51ef46e1d503d5ba3d05",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"repo": "niri",
"owner": "willibutz",
"ref": "avoid-foldl-stack-overflow",
"repo": "napalm",
"type": "github"
}
},
@@ -1201,11 +1278,11 @@
]
},
"locked": {
"lastModified": 1757123094,
"narHash": "sha256-S0lJ5N55/DQuCeudcbZZnBZWeVs+uU+G69hgMMCosTk=",
"lastModified": 1759629535,
"narHash": "sha256-VIXcJ2ahRgoqIUySwAz3r5mtITO2dp6tXGCVKVW6FmA=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "77c3d68d549bfd1d43269ed2584a2cdee6320946",
"rev": "df388c42b54714bd121796a9cec9322b7fa2894e",
"type": "github"
},
"original": {
@@ -1268,45 +1345,13 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1757545623,
"narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8cd5ce828d5d1d16feff37340171a98fc3bf6526",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1756696532,
"narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "58dcbf1ec551914c3756c267b8b9c8c86baa1b2f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"lastModified": 1758690382,
"narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"rev": "e643668fd71b949c53f8626614b21ff71a07379d",
"type": "github"
},
"original": {
@@ -1318,11 +1363,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1756989294,
"narHash": "sha256-vh3F0p7pGvj9tItYjlqiZ3zTJCuw9+d74RhYCYLuaBQ=",
"lastModified": 1759147044,
"narHash": "sha256-3ZPFytJOcLjTChljeaGgoaNj+tOqzgEpqZAvRe3bU90=",
"owner": "PedroHLC",
"repo": "nixpkgs",
"rev": "f04ea9d87566cfe950cf45d7311a9964dcf3bf38",
"rev": "18e83bbe13aa50992777832b52bd0e0d8585fb3b",
"type": "github"
},
"original": {
@@ -1366,11 +1411,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1756266583,
"narHash": "sha256-cr748nSmpfvnhqSXPiCfUPxRz2FJnvf/RjJGvFfaCsM=",
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
@@ -1398,11 +1443,11 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1757487488,
"narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=",
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
@@ -1414,34 +1459,34 @@
},
"nixpkgs_9": {
"locked": {
"lastModified": 1756787288,
"narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
"owner": "NixOS",
"lastModified": 1759386674,
"narHash": "sha256-wg1Lz/1FC5Q13R+mM5a2oTV9TA9L/CHHTm3/PiLayfA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
"rev": "625ad6366178f03acd79f9e3822606dd7985b657",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nvf": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_5",
"mnw": "mnw",
"nixpkgs": "nixpkgs_10",
"systems": "systems_4"
"nixpkgs": "nixpkgs_9",
"systems": "systems_5"
},
"locked": {
"lastModified": 1757095994,
"narHash": "sha256-AXwM6/7CuQ39iwBqmc6ZNkVcCdFiK4MFRIGQgU6Mkyk=",
"lastModified": 1759469269,
"narHash": "sha256-DP833ejGUNRRHsJOB3WRTaWWXLNucaDga2ju/fGe+sc=",
"owner": "notashelf",
"repo": "nvf",
"rev": "fb31022b366ad21951f0352f0cc282cc6a8e9e6f",
"rev": "e48638aef3a95377689de0ef940443c64f870a09",
"type": "github"
},
"original": {
@@ -1452,7 +1497,7 @@
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_2",
"nixpkgs": [
"hyprland",
@@ -1460,11 +1505,11 @@
]
},
"locked": {
"lastModified": 1755960406,
"narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
"lastModified": 1758108966,
"narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
"rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
"type": "github"
},
"original": {
@@ -1499,13 +1544,64 @@
"type": "github"
}
},
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
],
"pyproject-nix": [
"authentik",
"pyproject-nix"
],
"uv2nix": [
"authentik",
"uv2nix"
]
},
"locked": {
"lastModified": 1757296493,
"narHash": "sha256-6nzSZl28IwH2Vx8YSmd3t6TREHpDbKlDPK+dq1LKIZQ=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "5b8e37fe0077db5c1df3a5ee90a651345f085d38",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
]
},
"locked": {
"lastModified": 1757246327,
"narHash": "sha256-6pNlGhwOIMfhe/RLjHdpXveKS4FyLHvlGe+KtjDild4=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "8d77f342d66ad1601cdb9d97e9388b69f64d4c8e",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"anyrun": "anyrun",
"authentik": "authentik",
"chaotic": "chaotic",
"fenix": "fenix",
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"fonts": "fonts",
"git-hooks": "git-hooks",
@@ -1518,11 +1614,10 @@
"hyprlock": "hyprlock",
"hyprpaper": "hyprpaper",
"lanzaboote": "lanzaboote",
"niri": "niri",
"nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_8",
"nvf": "nvf",
"systems": "systems_5",
"systems": "systems_6",
"treefmt-nix": "treefmt-nix",
"tuirun": "tuirun",
"zen-browser": "zen-browser"
@@ -1531,11 +1626,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1756597274,
"narHash": "sha256-wfaKRKsEVQDB7pQtAt04vRgFphkVscGRpSx3wG1l50E=",
"lastModified": 1759601486,
"narHash": "sha256-ZywfLIFtRr907us1tONwUJLeg3ssO4D01XBFHx7RdAo=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "21614ed2d3279a9aa1f15c88d293e65a98991b30",
"rev": "4ae99f0150c94f4bdf7192b4447f512ece3546fd",
"type": "github"
},
"original": {
@@ -1553,11 +1648,11 @@
]
},
"locked": {
"lastModified": 1757039615,
"narHash": "sha256-qm53+EUFfzyF8F0MEscHGqf9tx462GV3/zUZrn9wiQU=",
"lastModified": 1759458749,
"narHash": "sha256-WKnbJnm1B2+TO2ZUudgS39EzecQeLl4/bnRtd3y46LI=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "4486e04adbb4b0e39f593767f2c36e2211003d01",
"rev": "bbc3a8ae797d1700e57a4f4bcc4e79af727d4138",
"type": "github"
},
"original": {
@@ -1654,6 +1749,21 @@
}
},
"systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -1668,7 +1778,7 @@
"type": "github"
}
},
"systems_5": {
"systems_6": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -1683,7 +1793,7 @@
"type": "github"
}
},
"systems_6": {
"systems_7": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -1705,11 +1815,11 @@
]
},
"locked": {
"lastModified": 1756662192,
"narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=",
"lastModified": 1758728421,
"narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4",
"rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1",
"type": "github"
},
"original": {
@@ -1724,7 +1834,7 @@
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_6"
"systems": "systems_7"
},
"locked": {
"lastModified": 1735478319,
@@ -1740,6 +1850,31 @@
"url": "https://git.sr.ht/~canasta/tuirun"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
],
"pyproject-nix": [
"authentik",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1757925761,
"narHash": "sha256-7Hwz0vfHuFqCo5v7Q07GQgLBWuPvZCuf/5/pk4NoADg=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "780494c40895bb7419a73d942bee326291e80b3b",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
@@ -1781,39 +1916,6 @@
"type": "github"
}
},
"xwayland-satellite-stable": {
"flake": false,
"locked": {
"lastModified": 1755491097,
"narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "388d291e82ffbc73be18169d39470f340707edaa",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"ref": "v0.7",
"repo": "xwayland-satellite",
"type": "github"
}
},
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1757179758,
"narHash": "sha256-TIvyWzRt1miQj6Cf5Wy8Qz43XIZX7c4vTVwRLAT5S4Y=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "970728d0d9d1eada342bb8860af214b601139e58",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"nixpkgs": [
@@ -1821,11 +1923,11 @@
]
},
"locked": {
"lastModified": 1757106493,
"narHash": "sha256-erGDiPr316aVzFoFKX0aaAU1ZHuhn07HySbnYlpOH5w=",
"lastModified": 1759590499,
"narHash": "sha256-EBToRzqe5WMz4DQyxOp9/CP+rWjdaZ2EUwbItfNf3VI=",
"ref": "refs/heads/main",
"rev": "91ee5973cc8c7bd350eb15da5ab6aa0d765c3516",
"revCount": 127,
"rev": "6e606c8bfa6a88209488790388b1005bc489fa66",
"revCount": 136,
"type": "git",
"url": "https://git.sr.ht/~canasta/zen-browser-flake"
},

16
flake.nix
View File

@@ -18,7 +18,11 @@
];
perSystem =
{ config, pkgs, ... }:
{
config,
pkgs,
...
}:
{
devShells.default = pkgs.mkShell {
packages = [
@@ -51,6 +55,14 @@
inputs.nixpkgs-lib.follows = "nixpkgs";
};
authentik = {
url = "github:nix-community/authentik-nix";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
};
};
flake-compat.url = "github:edolstra/flake-compat";
# Hyprland environment
@@ -135,8 +147,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
niri.url = "github:sodiboo/niri-flake";
# Custom
tuirun = {
url = "git+https://git.sr.ht/~canasta/tuirun";

7
hosts/bunk/modules.nix
View File

@@ -73,8 +73,8 @@
enable = false;
};
hyprland = {
enable = true;
withUWSM = true;
enable = false;
withUWSM = false;
};
inkscape = {
enable = false;
@@ -85,6 +85,9 @@
microfetch = {
enable = true;
};
niri = {
enable = true;
};
pkgs = {
enable = true;
common = {

1
hosts/bunk/ssh_host_ed25519_key.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH72llEVDSHH/FZnjLVCe6zfdkdJRRVg2QL+ifHiPXXk root@cnix

1
hosts/default.nix
View File

@@ -82,6 +82,7 @@
self.nixosModules.settings
self.nixosModules.server
inputs.agenix.nixosModules.default
inputs.authentik.nixosModules.default
];
};
ziggy = nixosSystem {

3
hosts/kima/hardware-configuration.nix
View File

@@ -21,8 +21,9 @@
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"amdgpu"
"kvm-amd"
"i2c-dev"
];

9
hosts/kima/modules.nix
View File

@@ -4,7 +4,8 @@
kernel = {
variant = "latest";
hardware = [ "amd" ];
extraKernelParams = [ "amdgpu.dcdebugmask=0x10" ];
extraKernelParams = [ ];
amdOverdrive.enable = true;
};
loader = {
default = {
@@ -171,6 +172,9 @@
kanata = {
enable = true;
};
virtualisation = {
enable = false;
};
locate = {
enable = true;
};
@@ -211,6 +215,9 @@
scheduler = "scx_lavd";
flags = "--performance";
};
tailscale = {
enable = false;
};
udisks = {
enable = true;
};

16
hosts/sobotka/default.nix
View File

@@ -3,11 +3,9 @@
config,
pkgs,
...
}:
let
}: let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in
{
in {
users.users.cnst = {
isNormalUser = true;
shell = pkgs.fish;
@@ -41,6 +39,7 @@ in
"share"
"jellyfin"
"render"
"traefik"
];
};
@@ -51,8 +50,7 @@ in
./server.nix
];
boot.initrd.luks.devices."luks-47b35d4b-467a-4637-a5f9-45177da62897".device =
"/dev/disk/by-uuid/47b35d4b-467a-4637-a5f9-45177da62897";
boot.initrd.luks.devices."luks-47b35d4b-467a-4637-a5f9-45177da62897".device = "/dev/disk/by-uuid/47b35d4b-467a-4637-a5f9-45177da62897";
networking = {
hostName = "sobotka";
@@ -69,8 +67,8 @@ in
];
boot = {
supportedFilesystems = [ "zfs" ];
zfs.extraPools = [ "data" ];
supportedFilesystems = ["zfs"];
zfs.extraPools = ["data"];
};
services.zfs = {
@@ -78,6 +76,8 @@ in
autoScrub.enable = true;
};
environment.etc."nextcloud-admin-pass".text = "DeHKor3x8^eqqnBXjqhQ&QBl*3!sOLg8agfzOILihju#^0!2AfJ9W*vn";
environment.variables.NH_FLAKE = "/home/cnst/.nix-config";
# # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion

7
hosts/sobotka/modules.nix
View File

@@ -3,8 +3,8 @@
boot = {
kernel = {
variant = "latest";
hardware = [ "amd" ];
extraKernelParams = [ ];
hardware = ["amd"];
extraKernelParams = [];
};
loader = {
default = {
@@ -213,6 +213,9 @@
scheduler = "scx_lavd";
flags = "--performance";
};
tailscale = {
enable = false;
};
udisks = {
enable = true;
};

39
hosts/sobotka/server.nix
View File

@@ -1,5 +1,4 @@
{ config, ... }:
{
{config, ...}: {
server = {
enable = true;
email = "adam@cnst.dev";
@@ -9,18 +8,19 @@
uid = 994;
gid = 993;
mounts = {
fast = "/mnt/user";
config = "/persist/opt/services";
traefik = {
enable = true;
};
gitea = {
enable = true;
};
unbound = {
enable = true;
};
caddy = {
homepage-dashboard = {
enable = true;
};
homepage-dashboard = {
n8n = {
enable = true;
};
bazarr = {
@@ -55,14 +55,31 @@
credentialsFile = config.age.secrets.vaultwardenCloudflared.path;
};
};
www = {
enable = true;
url = "cnst.dev";
cloudflared = {
tunnelId = "e5076186-efb7-405a-998c-6155af7fb221";
credentialsFile = config.age.secrets.wwwCloudflared.path;
};
};
authentik = {
enable = true;
url = "auth.cnst.dev";
cloudflared = {
tunnelId = "b66f9368-db9e-4302-8b48-527cda34a635";
credentialsFile = config.age.secrets.authentikCloudflared.path;
};
};
nextcloud = {
enable = true;
adminpassFile = config.age.secrets.nextcloudAdminPass.path;
};
fail2ban = {
enable = true;
apiKeyFile = config.age.secrets.cloudflareFirewallApiKey.path;
zoneId = "0027acdfb8bbe010f55b676ad8698dfb";
};
syncthing = {
enable = true;
};
keepalived = {
enable = true;
interface = "enp6s0";

6
hosts/ziggy/server.nix
View File

@@ -1,5 +1,4 @@
{ config, ... }:
{
{config, ...}: {
server = {
enable = true;
email = "adam@cnst.dev";
@@ -12,9 +11,6 @@
unbound = {
enable = true;
};
caddy = {
enable = true;
};
homepage-dashboard = {
enable = false;
};

10
lib/theme/bgs.nix
View File

@@ -1,11 +1,11 @@
lib: {
bgs = rec {
files = {
wallpaper_1 = "~/media/images/bg_1.jpg";
wallpaper_2 = "~/media/images/bg_2.jpg";
wallpaper_3 = "~/media/images/bg_3.jpg";
wallpaper_4 = "~/media/images/waterwindow.jpg";
wallpaper_5 = "~/media/images/barngreet.png";
wallpaper_1 = "~/media/images/bgs/bg_1.jpg";
wallpaper_2 = "~/media/images/bgs/bg_2.jpg";
wallpaper_3 = "~/media/images/bgs/bg_3.jpg";
wallpaper_4 = "~/media/images/bgs/waterwindow.jpg";
wallpaper_5 = "~/media/images/bgs/barngreet.png";
};
list = builtins.attrNames files;

11
modules/default.nix
View File

@@ -97,6 +97,7 @@
./nixos/services/greetd
./nixos/services/gvfs
./nixos/services/kanata
./nixos/services/virtualisation
./nixos/services/locate
./nixos/services/mullvad
./nixos/services/nfs
@@ -112,6 +113,7 @@
./nixos/services/udisks
./nixos/services/xserver
./nixos/services/zram
./nixos/services/tailscale
./nixos/system/fonts
./nixos/system/locale
@@ -121,22 +123,27 @@
server = {
imports = [
./server
./server/caddy
./server/fail2ban
./server/homepage-dashboard
./server/nextcloud
./server/vaultwarden
./server/bazarr
./server/prowlarr
./server/lidarr
./server/radarr
./server/sonarr
./server/syncthing
./server/jellyseerr
./server/jellyfin
./server/n8n
./server/podman
./server/unbound
./server/uptime-kuma
./server/keepalived
./server/gitea
./server/postgres
./server/traefik
./server/www
./server/authentik
];
};
settings = {

59
modules/home/programs/alacritty/default.nix
View File

@@ -14,36 +14,37 @@ in
config = mkIf cfg.enable {
programs.alacritty = {
enable = true;
theme = "gruvbox_material_hard_dark";
settings = {
# Default colors
colors.primary = {
background = "#282828";
foreground = "#d4be98";
};
colors = {
# Normal colors
normal = {
black = "#3c3836";
red = "#ea6962";
green = "#a9b665";
yellow = "#d8a657";
blue = "#7daea3";
magenta = "#d3869b";
cyan = "#89b482";
white = "#d4be98";
};
# Bright colors (same as normal colors)
bright = {
black = "#3c3836";
red = "#ea6962";
green = "#a9b665";
yellow = "#d8a657";
blue = "#7daea3";
magenta = "#d3869b";
cyan = "#89b482";
white = "#d4be98";
};
};
# colors = {
# primary = {
# background = "#282828";
# foreground = "#d4be98";
# };
# # Normal colors
# normal = {
# black = "#3c3836";
# red = "#ea6962";
# green = "#a9b665";
# yellow = "#d8a657";
# blue = "#7daea3";
# magenta = "#d3869b";
# cyan = "#89b482";
# white = "#d4be98";
# };
# # Bright colors (same as normal colors)
# bright = {
# black = "#3c3836";
# red = "#ea6962";
# green = "#a9b665";
# yellow = "#d8a657";
# blue = "#7daea3";
# magenta = "#d3869b";
# cyan = "#89b482";
# white = "#d4be98";
# };
# };
font = {
size = 12;
normal = {
@@ -73,7 +74,7 @@ in
];
window = {
dynamic_title = true;
opacity = 0.9;
opacity = 0.95;
padding = {
x = 5;
y = 5;

2
modules/home/programs/ghostty/default.nix
View File

@@ -28,7 +28,7 @@ in
enableFishIntegration = config.programs.fish.enable;
enableZshIntegration = config.programs.zsh.enable;
settings = {
theme = "GruvboxDarkHard";
theme = "Gruvbox Dark Hard";
focus-follows-mouse = true;
resize-overlay = "never";
background-opacity = 0.95;

70
modules/home/programs/mpv/default.nix
View File

@@ -7,6 +7,9 @@
let
inherit (lib) mkIf mkEnableOption;
cfg = config.home.programs.mpv;
inherit (config.xdg.userDirs) videos;
inherit (config.home) homeDirectory;
shaders_dir = "${pkgs.mpv-shim-default-shaders}/share/mpv-shim-default-shaders/shaders";
in
{
options = {
@@ -15,8 +18,71 @@ in
config = mkIf cfg.enable {
programs.mpv = {
enable = true;
defaultProfiles = [ "gpu-hq" ];
scripts = [ pkgs.mpvScripts.mpris ];
config = {
profile = "gpu-hq";
gpu-context = "wayland";
vo = "gpu-next";
video-sync = "display-resample";
interpolation = true;
tscale = "oversample";
fullscreen = false;
keep-open = true;
sub-auto = "fuzzy";
sub-font = "Noto Sans Medium";
sub-blur = 10;
screenshot-format = "png";
title = "\${filename} - mpv";
script-opts = "osc-title=\${filename},osc-boxalpha=150,osc-visibility=never,osc-boxvideo=yes";
ytdl-format = "bestvideo[height<=?1440]+bestaudio/best";
ao = "pipewire";
alang = "eng,en";
slang = "eng,en,enUS";
glsl-shader = "${homeDirectory}/.config/mpv/shaders/FSR.glsl";
scale = "lanczos";
cscale = "lanczos";
dscale = "mitchell";
deband = "yes";
scale-antiring = 1;
osc = "no";
osd-on-seek = "no";
osd-bar = "no";
osd-bar-w = 30;
osd-bar-h = "0.2";
osd-duration = 750;
really-quiet = "yes";
autofit = "65%";
};
bindings = {
"ctrl+a" = "script-message osc-visibility cycle";
};
scripts = with pkgs.mpvScripts; [
mpris
uosc
thumbfast
sponsorblock
autocrop
];
};
programs.yt-dlp = {
enable = true;
extraConfig = ''
-o ${videos}/youtube/%(title)s.%(ext)s
'';
};
home = {
file = {
".config/mpv/shaders/FSR.glsl".source = "${shaders_dir}/FSR.glsl";
};
packages = with pkgs; [
jellyfin-mpv-shim
];
};
};
}

1
modules/home/programs/pkgs/default.nix
View File

@@ -92,7 +92,6 @@ in
adwaita-icon-theme
qt5.qtwayland
qt6.qtwayland
wl-clipboard
wpa_supplicant
unrar
material-icons

2
modules/home/programs/rofi/default.nix
View File

@@ -15,7 +15,7 @@ in
config = mkIf cfg.enable {
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
package = pkgs.rofi;
theme = ./style.rasi;
font = "Input Mono Narrow Light 12";
extraConfig = {

36
modules/home/programs/waybar/config/config.jsonc
View File

@@ -1,5 +1,11 @@
[
{
"height": 25,
"layer": "top",
"output": [
"DP-3",
"eDP-1"
],
"modules-left": [
"group/system"
],
@@ -9,13 +15,12 @@
"modules-right": [
"custom/progress",
"custom/systemd",
"group/tray",
"pulseaudio",
"backlight",
"battery",
"date",
"clock",
"custom/dunst"
"group/tray",
"custom/dunst",
"clock"
],
"backlight": {
"format": "<span foreground='#928374'>{icon}</span> {percent}%",
@@ -42,18 +47,9 @@
"clock": {
"interval": 60,
"format": "{:%H:%M}",
// "on-click": "calcurse-toggle.sh",
// "on-click-right": "calsync.sh",
"rotate": 0,
"tooltip": false
},
// "date": {
// "format": "<span foreground='#928374'></span> {%a, %d %b}",
// "on-click": "calcurse-toggle.sh",
// "on-click-right": "calsync.sh",
// "rotate": 0,
// "tooltip": false
// },
"cpu": {
"format": "<span foreground='#928374'></span> {usage}%",
"states": {
@@ -125,16 +121,13 @@
],
"orientation": "inherit"
},
"height": 25,
"hyprland/workspaces": {
"active-only": false,
"all-outputs": false,
"format": "{icon}",
"format-icons": {
"urgent": "",
"active": "",
"visible": "",
"default": "",
"empty": ""
},
"on-click": "activate",
@@ -148,14 +141,11 @@
"niri/workspaces": {
"format": "{icon}",
"format-icons": {
// Named workspaces
// (you need to configure them in niri)
"browser": "",
"discord": "",
"chat": "<b></b>",
// Icons by state
"active": "",
"default": ""
"active": "",
"default": ""
}
},
"memory": {
@@ -173,10 +163,6 @@
"interval": 2,
"tooltip-format": "{ifname}: {ipaddr}/{cidr}\n {bandwidthDownBits}\n {bandwidthUpBits}"
},
"output": [
"DP-3",
"eDP-1"
],
"pulseaudio": {
"format": "<span foreground='#928374'>{icon}</span> {volume}% {format_source}",
"format-bluetooth": "<span foreground='#928374'>{icon}</span> {volume}% {format_source}",

35
modules/home/programs/waybar/config/style.css
View File

@@ -2,14 +2,25 @@
all: unset;
border: none;
border-radius: 0;
font-family: "DepartureMono Nerd Font", "Font Awesome 6 Free Solid";
font-size: 14px;
font-family:
"DepartureMono Nerd Font", "Input Sans Compressed",
"Font Awesome 6 Free Solid";
font-size: 15px;
min-height: 0;
}
window#waybar {
color: #fbf1c7;
background-color: rgba(43, 45, 50, 0.6);
background-color: rgba(43, 45, 50, 0.5);
}
tooltip {
background: rgba(50, 50, 50, 0.9);
border: 1px solid rgba(100, 114, 125, 0.6);
}
tooltip label {
color: #fbf1c7;
font-family: "Input Sans Compressed";
}
#workspaces button {
@@ -23,14 +34,10 @@ window#waybar {
#workspaces button:hover {
color: #ebdbb2;
animation: ws_active 0s ease-in-out 1;
transition: all 0.2s cubic-bezier(0.55, -0.68, 0.48, 1.682);
}
#workspaces button.active {
color: #fbf1c7;
animation: ws_active 0s ease-in-out 1;
transition: all 0.2s cubic-bezier(0.55, -0.68, 0.48, 1.682);
}
#custom-logo {
@@ -87,13 +94,14 @@ window#waybar {
#memory,
#backlight,
#battery,
#date,
#clock {
#date {
padding: 0 3px;
margin: 0 3px;
}
#clock {
padding: 0px 3px;
margin: 0px 6px 0px 0px;
font-family: "DepartureMono Nerd Font";
}
@@ -132,12 +140,17 @@ window#waybar {
}
#tray menu * {
background-color: rgba(50, 48, 47, 0.9);
background: rgba(50, 50, 50, 0.9);
color: #fbf1c7;
font-family: "Input Sans Compressed";
padding: 2px 2px;
}
#tray menu menuitem:hover {
#tray menu {
border: 1px solid rgba(100, 114, 125, 0.6);
}
#tray menu item:hover {
color: #4c7a5d;
}

8
modules/home/services/gtk/default.nix
View File

@@ -27,10 +27,10 @@ in
};
gtk = {
enable = true;
theme = {
package = pkgs.orchis-theme;
name = "Orchis-Grey-Dark-Compact";
};
# theme = {
# package = pkgs.orchis-theme;
# name = "Orchis-Grey-Dark-Compact";
# };
iconTheme = {
# package = pkgs.adwaita-icon-theme;
package = pkgs.papirus-icon-theme;

13
modules/nixos/boot/kernel/default.nix
View File

@@ -5,7 +5,12 @@
...
}:
let
inherit (lib) mkOption types;
inherit (lib)
mkOption
types
mkEnableOption
mkIf
;
cfg = config.nixos.boot.kernel;
hasHardware = hw: builtins.elem hw cfg.hardware;
@@ -37,8 +42,11 @@ in
);
default = [ ];
description = "List of hardware types (e.g. GPU and CPU vendors) to configure kernel settings for.";
};
amdOverdrive.enable = mkEnableOption "Enable AMD pstate/overdrive";
extraKernelParams = mkOption {
type = types.listOf types.str;
default = [ ];
@@ -74,7 +82,7 @@ in
"quiet"
"splash"
]
++ (if hasHardware "amd" then [ "amd_pstate=active" ] else [ ])
++ (if hasHardware "amd" then [ ] else [ ])
++ (if hasHardware "intel" then [ ] else [ ])
++ (if hasHardware "nvidia" then [ ] else [ ])
++ cfg.extraKernelParams;
@@ -85,5 +93,6 @@ in
++ (if hasHardware "nvidia" then [ "nouveau" ] else [ ])
++ cfg.extraBlacklistedModules;
};
hardware.amdgpu.overdrive.enable = mkIf cfg.amdOverdrive.enable true;
};
}

66
modules/nixos/hardware/graphics/default.nix
View File

@@ -89,37 +89,39 @@ in
config = mkIf cfg.enable (mkMerge [
{
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = flatten (
concatMap (
vendor:
if vendor == "amd" then
commonPackages ++ mesaVulkanPackages
else if vendor == "intel" then
commonPackages
++ mesaVulkanPackages
++ (with pkgs; [
vpl-gpu-rt
intel-media-driver
intel-compute-runtime
intel-vaapi-driver
])
else if vendor == "nvidia" then
commonPackages
++ (with pkgs; [
nvidiaOffloadScript
intel-media-driver
nvidia-vaapi-driver
vulkan-tools
])
else
[ ]
) cfg.vendors
);
hardware = {
graphics = {
enable = true;
enable32Bit = true;
extraPackages = flatten (
concatMap (
vendor:
if vendor == "amd" then
commonPackages ++ mesaVulkanPackages
else if vendor == "intel" then
commonPackages
++ mesaVulkanPackages
++ (with pkgs; [
vpl-gpu-rt
intel-media-driver
intel-compute-runtime
intel-vaapi-driver
])
else if vendor == "nvidia" then
commonPackages
++ (with pkgs; [
nvidiaOffloadScript
intel-media-driver
nvidia-vaapi-driver
vulkan-tools
])
else
[ ]
) cfg.vendors
);
extraPackages32 = flatten (concatMap (_: commonPackages32) cfg.vendors);
extraPackages32 = flatten (concatMap (_: commonPackages32) cfg.vendors);
};
};
environment.systemPackages = flatten (
@@ -145,10 +147,6 @@ in
);
}
(mkIf (hasVendor "amd") {
hardware.amdgpu.overdrive.enable = true;
})
(mkIf (hasVendor "nvidia") {
hardware.nvidia = {
package =

16
modules/nixos/programs/niri/default.nix
View File

@@ -1,6 +1,5 @@
{
config,
inputs,
lib,
pkgs,
...
@@ -14,11 +13,22 @@ in
nixos.programs.niri.enable = mkEnableOption "Enables niri";
};
config = mkIf cfg.enable {
nixpkgs.overlays = [ inputs.niri.overlays.niri ];
environment = {
variables = {
DISPLAY = ":0";
NIXOS_OZONE_WL = "1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
};
systemPackages = with pkgs; [
xwayland-satellite
wl-clipboard
wayland-utils
xdg-utils
];
};
systemd.user.services.niri-flake-polkit.enable = false;
programs.niri = {
enable = true;
package = pkgs.niri-unstable;
};
};
}

15
modules/nixos/services/agenix/default.nix
View File

@@ -5,17 +5,16 @@
pkgs,
self,
...
}:
let
inherit (lib)
}: let
inherit
(lib)
mkIf
mkEnableOption
mkOption
mkMerge
;
cfg = config.nixos.services.agenix;
in
{
in {
options = {
nixos.services.agenix = {
enable = mkEnableOption "Enables agenix system environment";
@@ -75,17 +74,11 @@ in
wgCredentials.file = "${self}/secrets/wgCredentials.age";
wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age";
gluetunEnvironment.file = "${self}/secrets/gluetunEnvironment.age";
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
pihole.file = "${self}/secrets/pihole.age";
slskd.file = "${self}/secrets/slskd.age";
};
})
(mkIf cfg.ziggy.enable {
secrets = {
cloudflareDnsCredentialsZiggy.file = "${self}/secrets/cloudflareDnsCredentialsZiggy.age";
piholeZiggy.file = "${self}/secrets/piholeZiggy.age";
};
})
(mkIf cfg.toothpc.enable {

2
modules/nixos/services/greetd/default.nix
View File

@@ -63,7 +63,7 @@ in
settings = rec {
tuigreet_session =
let
session = "${pkgs.niri-unstable}/bin/niri-session";
session = "${pkgs.niri}/bin/niri-session";
tuigreet = "${lib.getExe pkgs.tuigreet}";
in
{

16
modules/nixos/services/tailscale/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.nixos.services.tailscale;
in {
options.nixos.services.tailscale = {
enable = mkEnableOption "Enable tailscale";
};
config = mkIf cfg.enable {
services.tailscale.enable = true;
};
}

41
modules/nixos/services/virtualisation/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
pkgs,
config,
lib,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.nixos.services.virtualisation;
in
{
options = {
nixos.services.virtualisation.enable = mkEnableOption "Enables virtualisation";
};
imports = [
./vfio.nix
];
config = mkIf cfg.enable {
networking.firewall.trustedInterfaces = [ "virbr0" ];
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
];
virtualisation = {
spiceUSBRedirection.enable = true;
libvirtd = {
enable = true;
onShutdown = "shutdown";
qemu = {
ovmf = {
enable = true;
packages = [ pkgs.OVMFFull.fd ];
};
};
};
};
nixos.services.virtualisation.vfio.enable = true;
};
}

41
modules/nixos/services/virtualisation/vfio.nix Normal file
View File

@@ -0,0 +1,41 @@
{ lib, config, ... }:
let
gpuIDs = [
"1002:13c0"
"1002:1640"
];
vfioIds = "vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs;
baseBootKernelParams = config.boot.kernelParams or [ ];
cfg = config.nixos.services.virtualisation.vfio;
in
{
options = {
nixos.services.virtualisation.vfio.enable =
lib.mkEnableOption "Enable VFIO passthrough for the iGPU";
};
config = lib.mkIf cfg.enable {
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
];
kernelParams = [
"amd_iommu=on"
"iommu=pt"
]
++ [ vfioIds ];
};
specialisation.vfio.configuration = {
system.nixos.tags = [ "vfio" ];
boot = {
kernelParams = baseBootKernelParams ++ [ vfioIds ];
blacklistedKernelModules = [ "amdgpu:0f:00.0" ];
};
};
};
}

10
modules/nixos/system/xdg/default.nix
View File

@@ -30,13 +30,19 @@ in
enable = true;
xdgOpenUsePortal = cfg.xdgOpenUsePortal;
config = {
common.default = [ "gtk" ];
common.default = [
"gtk"
"gnome"
];
hyprland.default = [
"gtk"
"hyprland"
];
};
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
];
};
};
}

2
modules/server/README.md Normal file
View File

@@ -0,0 +1,2 @@
This server/homelab configuration is largely a copy (with some tweaks) of
@notthebee's homelab setup.

148
modules/server/authentik/default.nix Normal file
View File

@@ -0,0 +1,148 @@
{
config,
lib,
pkgs,
self,
...
}: let
unit = "authentik";
cfg = config.server.${unit};
srv = config.server;
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "auth.${srv.www.domain}";
};
cloudflared = {
credentialsFile = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression ''
pkgs.writeText "cloudflare-credentials.json" '''
{"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
'''
'';
};
tunnelId = lib.mkOption {
type = lib.types.str;
example = "00000000-0000-0000-0000-000000000000";
};
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Authentik";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "An open-source IdP for modern SSO";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "authentik.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
age.secrets = {
authentikEnv = {
file = "${self}/secrets/authentikEnv.age";
owner = "authentik";
group = "authentik";
mode = "0400";
};
authentikCloudflared = {
file = "${self}/secrets/authentikCloudflared.age";
owner = "authentik";
group = "authentik";
mode = "0400";
};
};
server = {
fail2ban = lib.mkIf cfg.enable {
jails = {
authentik = {
serviceName = "authentik";
failRegex = "^.*Username or password is incorrect.*IP:\s*<HOST>";
};
};
};
};
services = {
authentik = {
enable = true;
environmentFile = config.age.secrets.authentikEnv.path;
settings = {
email = {
};
disable_startup_analytics = true;
avatars = "initials";
};
};
cloudflared = {
enable = true;
tunnels.${cfg.cloudflared.tunnelId} = {
credentialsFile = cfg.cloudflared.credentialsFile;
default = "http_status:404";
ingress."${cfg.url}".service = "http://127.0.0.1:9000";
};
};
traefik = {
dynamicConfigOptions = {
http = {
middlewares = {
authentik = {
forwardAuth = {
# tls.insecureSkipVerify = true;
address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true;
authResponseHeaders = [
"X-authentik-username"
"X-authentik-groups"
"X-authentik-email"
"X-authentik-name"
"X-authentik-uid"
"X-authentik-jwt"
"X-authentik-meta-jwks"
"X-authentik-meta-outpost"
"X-authentik-meta-provider"
"X-authentik-meta-app"
"X-authentik-meta-version"
];
timeout = "10s";
};
};
};
services = {
auth.loadBalancer.servers = [
{
url = "http://localhost:9000";
}
];
};
routers = {
auth = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
tls.certResolver = "letsencrypt";
};
};
};
};
};
};
};
}

26
modules/server/bazarr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "bazarr";
srv = config.server;
cfg = config.server.${unit};
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user;
group = srv.group;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString config.services.${unit}.listenPort}
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.bazarr.loadBalancer.servers = [{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}];
routers = {
bazarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "bazarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

69
modules/server/caddy/default.nix
View File

@@ -1,69 +0,0 @@
{
config,
lib,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.server.caddy;
getCloudflareCredentials =
hostname:
if hostname == "ziggy" then
config.age.secrets.cloudflareDnsCredentialsZiggy.path
else if hostname == "sobotka" then
config.age.secrets.cloudflareDnsCredentials.path
else
throw "Unknown hostname: ${hostname}";
in
{
options = {
server.caddy.enable = mkEnableOption "Enables caddy";
};
config = mkIf cfg.enable {
networking.firewall =
let
ports = [
80
443
];
in
{
allowedTCPPorts = ports;
};
security.acme = {
acceptTerms = true;
defaults.email = config.server.email;
certs.${config.server.domain} = {
reloadServices = [ "caddy.service" ];
domain = "${config.server.domain}";
extraDomainNames = [ "*.${config.server.domain}" ];
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
group = config.services.caddy.group;
environmentFile = getCloudflareCredentials config.networking.hostName;
};
};
services.caddy = {
enable = true;
globalConfig = ''
auto_https off
'';
virtualHosts = {
"http://${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://*.${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
};
};
};
}

26
modules/server/default.nix
View File

@@ -1,30 +1,18 @@
{
lib,
config,
pkgs,
...
}:
let
}: let
hardDrives = [
"/dev/disk/by-label/data"
];
inherit (lib) mkOption types;
cfg = config.server;
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in
{
in {
options.server = {
enable = lib.mkEnableOption "The server services and configuration variables";
mounts.fast = lib.mkOption {
default = "/mnt/cache";
type = lib.types.path;
description = ''
Path to the 'fast' tier mount
'';
};
mounts.config = lib.mkOption {
default = "/persist/opt/services";
type = lib.types.path;
description = ''
Path to the service configuration files
'';
};
email = mkOption {
default = "";
type = types.str;
@@ -104,6 +92,8 @@ in
"share"
"render"
"input"
"authentik"
"traefik"
];
};
};

94
modules/server/fail2ban/default.nix
View File

@@ -4,11 +4,9 @@
config,
pkgs,
...
}:
let
}: let
cfg = config.server.fail2ban;
in
{
in {
options.server.fail2ban = {
enable = lib.mkEnableOption {
description = "Enable cloudflare fail2ban";
@@ -17,7 +15,7 @@ in
description = "File containing your API key, scoped to Firewall Rules: Edit";
type = lib.types.str;
example = lib.literalExpression ''
Authorization: Bearer Qj06My1wXJEzcW46QCyjFbSMgVtwIGfX63Ki3NOj79o=
Authorization: Bearer vH6-p0y=i4w3n7TjKqZ@x8D_lR!A9b2cOezXgUuJdE5F
'''
'';
};
@@ -57,54 +55,54 @@ in
pkgs.jq
];
jails = lib.attrsets.mapAttrs (name: value: {
settings = {
bantime = "30d";
findtime = "1h";
enabled = true;
backend = "systemd";
journalmatch = "_SYSTEMD_UNIT=${value.serviceName}.service";
port = "http,https";
filter = "${name}";
maxretry = 3;
action = "cloudflare-token-agenix";
};
}) cfg.jails;
jails =
lib.attrsets.mapAttrs (name: value: {
settings = {
bantime = "24h";
findtime = "10m";
enabled = true;
backend = "systemd";
journalmatch = "_SYSTEMD_UNIT=${value.serviceName}.service";
port = "http,https";
filter = "${name}";
maxretry = 3;
action = "cloudflare-token-agenix";
};
})
cfg.jails;
};
environment.etc = lib.attrsets.mergeAttrsList [
(lib.attrsets.mapAttrs' (
name: value:
(lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
text = ''
[Definition]
failregex = ${value.failRegex}
ignoreregex = ${value.ignoreRegex}
'';
})
) cfg.jails)
name: value: (lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
text = ''
[Definition]
failregex = ${value.failRegex}
ignoreregex = ${value.ignoreRegex}
'';
})
)
cfg.jails)
{
"fail2ban/action.d/cloudflare-token-agenix.conf".text =
let
notes = "Fail2Ban on ${config.networking.hostName}";
cfapi = "https://api.cloudflare.com/client/v4/zones/${cfg.zoneId}/firewall/access_rules/rules";
in
''
[Definition]
actionstart =
actionstop =
actioncheck =
actionunban = id=$(curl -s -X GET "${cfapi}" \
-H @${cfg.apiKeyFile} -H "Content-Type: application/json" \
| jq -r '.result[] | select(.notes == "${notes}" and .configuration.target == "ip" and .configuration.value == "<ip>") | .id')
if [ -z "$id" ]; then echo "id for <ip> cannot be found"; exit 0; fi; \
curl -s -X DELETE "${cfapi}/$id" \
-H @${cfg.apiKeyFile} -H "Content-Type: application/json" \
--data '{"cascade": "none"}'
actionban = curl -X POST "${cfapi}" -H @${cfg.apiKeyFile} -H "Content-Type: application/json" --data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"${notes}"}'
[Init]
name = cloudflare-token-agenix
'';
"fail2ban/action.d/cloudflare-token-agenix.conf".text = let
notes = "Fail2Ban on ${config.networking.hostName}";
cfapi = "https://api.cloudflare.com/client/v4/zones/${cfg.zoneId}/firewall/access_rules/rules";
in ''
[Definition]
actionstart =
actionstop =
actioncheck =
actionunban = id=$(curl -s -X GET "${cfapi}" \
-H @${cfg.apiKeyFile} -H "Content-Type: application/json" \
| jq -r '.result[] | select(.notes == "${notes}" and .configuration.target == "ip" and .configuration.value == "<ip>") | .id')
if [ -z "$id" ]; then echo "id for <ip> cannot be found"; exit 0; fi; \
curl -s -X DELETE "${cfapi}/$id" \
-H @${cfg.apiKeyFile} -H "Content-Type: application/json" \
--data '{"cascade": "none"}'
actionban = curl -X POST "${cfapi}" -H @${cfg.apiKeyFile} -H "Content-Type: application/json" --data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"${notes}"}'
[Init]
name = cloudflare-token-agenix
'';
}
];
};

125
modules/server/gitea/default.nix Normal file
View File

@@ -0,0 +1,125 @@
# taken from @jtojnar
{
config,
lib,
...
}: let
unit = "gitea";
srv = config.server;
cfg = config.server.${unit};
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "git.${srv.domain}";
};
port = lib.mkOption {
type = lib.types.int;
default = 5003;
description = "The port to host Gitea on.";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Gitea";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "Git with a cup of tea";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "gitea.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
services.${unit} = {
enable = true;
appName = "cnix code forge";
database = {
type = "postgres";
socket = "/run/postgresql";
name = "gitea";
user = "gitea";
createDatabase = false;
};
lfs = {
enable = true;
};
settings = {
cors = {
ENABLED = true;
SCHEME = "https";
ALLOW_DOMAIN = cfg.url;
};
log = {
MODE = "console";
};
mailer = {
ENABLED = false;
MAILER_TYPE = "sendmail";
FROM = "noreply+adam@cnst.dev";
SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
};
picture = {
DISABLE_GRAVATAR = true;
};
repository = {
DEFAULT_BRANCH = "main";
DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true;
};
indexer = {
REPO_INDEXER_ENABLED = true;
};
server = {
DOMAIN = cfg.url;
LANDING_PAGE = "explore";
HTTP_PORT = cfg.port;
ROOT_URL = "https://${cfg.url}/";
};
security = {
DISABLE_GIT_HOOKS = false;
};
service = {
DISABLE_REGISTRATION = true;
};
session = {
COOKIE_SECURE = true;
};
};
};
services.traefik = {
dynamicConfigOptions = {
http = {
services.gitea.loadBalancer.servers = [{url = "http://127.0.0.1:5003";}];
routers = {
gitea = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "gitea";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
server.postgresql.databases = [
{
database = "gitea";
}
];
};
}

261
modules/server/homepage-dashboard/default.nix
View File

@@ -1,20 +1,19 @@
{
config,
lib,
self,
...
}:
let
}: let
unit = "homepage-dashboard";
cfg = config.server.homepage-dashboard;
srv = config.server;
in
{
in {
options.server.homepage-dashboard = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
misc = lib.mkOption {
default = [ ];
default = [];
type = lib.types.listOf (
lib.types.attrsOf (
lib.types.submodule {
@@ -38,163 +37,91 @@ in
};
};
config = lib.mkIf cfg.enable {
services.glances.enable = true;
services.${unit} = {
enable = true;
allowedHosts = srv.domain;
# environmentFile = config.age.secrets.homepageEnvironment.path;
# customCSS = ''
# @font-face {
# font-family: "VCR OSD Mono";
# src: url("https://git.sr.ht/~canasta/fonts/tree/main/item/fonts/vcr-mono/TTF/vcr-mono.ttf")
# format("truetype");
# }
# body,
# html {
# --mint: #d7ffff;
# --outerspace: #f8ffff;
# --ghostY: #0d090f;
# background: var(--ghostY);
# }
# .font-medium {
# font-weight: 700 !important;
# }
# .font-light {
# font-weight: 500 !important;
# }
# .font-thin {
# font-weight: 400 !important;
# }
# body .colorOverlay {
# background: linear-gradient(0deg, var(--overlayA) 0%, var(--overlayB) 100%);
# z-index: 2147483647;
# pointer-events: none;
# position: absolute;
# top: 0;
# bottom: 0;
# left: 0;
# right: 0;
# overflow: hidden;
# body {
# background: var(--ghostY);
# color: var(--mint);
# fill: var(--outerspace);
# min-width: 320px;
# max-width: 100%;
# min-height: 100%;
# -webkit-font-smoothing: antialiased;
# --overlayA: rgba(130, 0, 100, 0.07);
# --overlayB: rgba(30, 190, 180, 0.07);
# margin: 0;
# padding: 0;
# font: inherit;
# font-family: VCR OSD Mono Regular;
# font-size: 16px;
# font-weight: 600;
# position: relative;
# }
# #information-widgets {
# padding-left: 1.5rem;
# padding-right: 1.5rem;
# }
# div#footer {
# display: none;
# }
# .services-group.basis-full.flex-1.px-1.-my-1 {
# padding-bottom: 3rem;
# }
# }
# '';
settings = {
background = "/fonts/foto.jpg";
layout = [
age.secrets = {
homepageEnvironment = {
file = "${self}/secrets/homepageEnvironment.age";
};
};
services = {
glances.enable = true;
${unit} = {
enable = true;
environmentFile = config.age.secrets.homepageEnvironment.path;
settings = {
layout = [
{
Glances = {
header = false;
style = "row";
columns = 4;
};
}
{
Arr = {
header = true;
style = "column";
};
}
{
Downloads = {
header = true;
style = "column";
};
}
{
Media = {
header = true;
style = "column";
};
}
{
Services = {
header = true;
style = "column";
};
}
];
headerStyle = "clean";
statusStyle = "dot";
hideVersion = "true";
};
widgets = [
{
Glances = {
header = false;
style = "row";
columns = 4;
openmeteo = {
label = "Kalmar";
timezone = "Europe/Stockholm";
units = "metric";
cache = 5;
latitude = 56.707262;
longitude = 16.324541;
};
}
{
Arr = {
header = true;
style = "column";
};
}
{
Downloads = {
header = true;
style = "column";
};
}
{
Media = {
header = true;
style = "column";
};
}
{
Services = {
header = true;
style = "column";
resources = {
label = "SYSTEM";
memory = true;
cpu = true;
uptime = true;
};
}
];
headerStyle = "clean";
statusStyle = "dot";
hideVersion = "true";
};
widgets = [
{
openmeteo = {
label = "Kalmar";
timezone = "Europe/Stockholm";
units = "metric";
cache = 5;
latitude = 56.707262;
longitude = 16.324541;
};
}
{
datetime = {
text_size = "x1";
format = {
hour12 = false;
timeStyle = "short";
dateStyle = "long";
};
};
}
{
resources = {
label = "";
memory = true;
disk = [ "/" ];
};
}
];
services =
let
services = let
homepageCategories = [
"Arr"
"Media"
"Downloads"
"Services"
"Smart Home"
];
hl = config.server;
mergedServices = hl // hl.podman;
homepageServices =
x:
(lib.attrsets.filterAttrs (
homepageServices = x: (lib.attrsets.filterAttrs (
name: value: value ? homepage && value.homepage.category == x
) mergedServices);
)
mergedServices);
in
lib.lists.forEach homepageCategories (cat: {
"${cat}" =
lib.lists.forEach
lib.lists.forEach homepageCategories (cat: {
"${cat}" =
lib.lists.forEach
(lib.attrsets.mapAttrsToList (name: value: {
inherit name;
url = value.url;
@@ -208,15 +135,13 @@ in
siteMonitor = "https://${x.url}${x.homepage.path or ""}";
};
});
})
++ [ { Misc = cfg.misc; } ]
++ [
{
Glances =
let
})
++ [{Misc = cfg.misc;}]
++ [
{
Glances = let
port = toString config.services.glances.port;
in
[
in [
{
Info = {
widget = {
@@ -284,14 +209,28 @@ in
};
}
];
}
];
};
services.caddy.virtualHosts."${srv.domain}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString config.services.${unit}.listenPort}
'';
}
];
};
traefik = {
dynamicConfigOptions = {
http = {
services.homepage.loadBalancer.servers = [
{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}
];
routers = {
homepage = {
entryPoints = ["websecure"];
rule = "Host(`cnix.dev`)";
service = "homepage";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
};
}

26
modules/server/jellyfin/default.nix
View File

@@ -3,13 +3,11 @@
lib,
pkgs,
...
}:
let
}: let
service = "jellyfin";
cfg = config.server.${service};
srv = config.server;
in
{
in {
options.server.${service} = {
enable = lib.mkEnableOption {
description = "Enable ${service}";
@@ -48,11 +46,21 @@ in
environment.systemPackages = with pkgs; [
jellyfin-ffmpeg
];
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:8096
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.jellyfin.loadBalancer.servers = [{url = "http://127.0.0.1:8096";}];
routers = {
jellyfin = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "jellyfin";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

26
modules/server/jellyseerr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
service = "jellyseerr";
srv = config.server;
cfg = config.server.${service};
in
{
in {
options.server.${service} = {
enable = lib.mkEnableOption {
description = "Enable ${service}";
@@ -43,11 +41,21 @@ in
enable = true;
port = cfg.port;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString cfg.port}
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.jellyseerr.loadBalancer.servers = [{url = "http://127.0.0.1:${toString cfg.port}";}];
routers = {
jellyseerr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "jellyseerr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

2
modules/server/keepalived/default.nix
View File

@@ -60,7 +60,7 @@ in
unicastPeers = peers;
virtualIps = [
{
addr = "10.2.1.69/24";
addr = "192.168.88.69/24";
}
];
extraConfig = ''

26
modules/server/lidarr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "lidarr";
srv = config.server;
cfg = config.server.${unit};
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user;
group = srv.group;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:8686
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.lidarr.loadBalancer.servers = [{url = "http://127.0.0.1:8686";}];
routers = {
lidarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "lidarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

64
modules/server/n8n/default.nix Normal file
View File

@@ -0,0 +1,64 @@
{
config,
lib,
...
}: let
unit = "n8n";
srv = config.server;
cfg = config.server.${unit};
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
configDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${unit}.${srv.domain}";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "n8n";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "A workflow automation platform";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "n8n.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
services = {
n8n = {
enable = true;
openFirewall = true;
};
traefik = {
dynamicConfigOptions = {
http = {
services.n8n.loadBalancer.servers = [{url = "http://127.0.0.1:5678";}];
routers = {
n8n = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "n8n";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
};
}

147
modules/server/nextcloud/default.nix Normal file
View File

@@ -0,0 +1,147 @@
{
config,
pkgs,
lib,
self,
...
}: let
unit = "nextcloud";
cfg = config.server.${unit};
srv = config.server;
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
adminpassFile = lib.mkOption {
type = lib.types.path;
};
adminuser = lib.mkOption {
type = lib.types.str;
default = "cnst";
};
configDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "cloud.${srv.domain}";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Nextcloud";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "A safe home for all your data";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "nextcloud.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
age.secrets = {
nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age";
nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
};
server.fail2ban = lib.mkIf config.server.fail2ban.enable {
jails = {
nextcloud = {
serviceName = "phpfpm-nextcloud";
failRegex = "^.*Login failed:.*(Remote IP: <HOST>).*$";
};
};
};
services = {
${unit} = {
enable = true;
package = pkgs.nextcloud31;
hostName = "nextcloud";
configureRedis = true;
caching = {
redis = true;
};
phpOptions = {
"opcache.interned_strings_buffer" = "32";
};
maxUploadSize = "50G";
settings = {
maintenance_window_start = "1";
trusted_proxies = [
"127.0.0.1"
"::1"
];
trusted_domains = ["cloud.${srv.domain}"];
overwriteprotocol = "https";
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
];
};
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
adminuser = "cnst";
adminpassFile = cfg.adminpassFile;
};
};
nginx = {
defaultListen = [
{
addr = "127.0.0.1";
port = 8182;
}
{
addr = "127.0.0.1";
port = 8482;
}
];
virtualHosts.nextcloud = {
forceSSL = false;
};
};
traefik.dynamicConfigOptions.http = {
routers.nextcloud = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "nextcloud";
tls.certResolver = "letsencrypt";
};
services.nextcloud.loadBalancer.servers = [
{url = "http://127.0.0.1:8182";}
];
};
};
server.postgresql.databases = [
{
database = "nextcloud";
}
];
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
};
}

117
modules/server/podman/default.nix
View File

@@ -1,33 +1,31 @@
{
config,
lib,
pkgs,
self,
...
}:
let
}: let
srv = config.server;
cfg = config.server.podman;
piholeUrl =
if config.networking.hostName == "sobotka" then
"pihole0"
else if config.networking.hostName == "ziggy" then
"pihole1"
else
throw "Unknown hostname";
if config.networking.hostName == "sobotka"
then "pihole0"
else if config.networking.hostName == "ziggy"
then "pihole1"
else throw "Unknown hostname";
getPiholeSecret =
hostname:
if hostname == "ziggy" then
[ config.age.secrets.piholeZiggy.path ]
else if hostname == "sobotka" then
[ config.age.secrets.pihole.path ]
else
throw "Unknown hostname: ${hostname}";
in
{
getPiholeSecret = hostname:
if hostname == "ziggy"
then [config.age.secrets.piholeZiggy.path]
else if hostname == "sobotka"
then [config.age.secrets.pihole.path]
else throw "Unknown hostname: ${hostname}";
in {
options.server.podman = {
enable = lib.mkEnableOption "Enables Podman";
gluetun.enable = lib.mkEnableOption "Enables gluetun";
qbittorrent = {
enable = lib.mkEnableOption "Enable qBittorrent";
url = lib.mkOption {
@@ -124,6 +122,11 @@ in
};
config = lib.mkIf cfg.enable {
age.secrets = {
pihole.file = "${self}/secrets/${config.networking.hostName}Pihole.age";
slskd.file = "${self}/secrets/slskd.age";
};
virtualisation = {
containers.enable = true;
podman.enable = true;
@@ -140,31 +143,58 @@ in
];
};
services.caddy.virtualHosts = lib.mkMerge [
services.traefik = lib.mkMerge [
(lib.mkIf cfg.pihole.enable {
dynamicConfigOptions = {
http = {
services = {
pihole.loadBalancer.servers = [{url = "http://localhost:${toString cfg.pihole.port}";}];
};
routers = {
pihole = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.pihole.url}`)";
service = "pihole";
tls.certResolver = "letsencrypt";
};
};
};
};
})
(lib.mkIf cfg.qbittorrent.enable {
"${cfg.qbittorrent.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString cfg.qbittorrent.port}
'';
dynamicConfigOptions = {
http = {
services = {
qbittorrent.loadBalancer.servers = [{url = "http://localhost:${toString cfg.qbittorrent.port}";}];
};
routers = {
qbittorrent = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.qbittorrent.url}`)";
service = "qbittorrent";
tls.certResolver = "letsencrypt";
};
};
};
};
})
(lib.mkIf cfg.slskd.enable {
"${cfg.slskd.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString cfg.slskd.port}
'';
};
})
(lib.mkIf cfg.pihole.enable {
"${cfg.pihole.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString cfg.pihole.port}
'';
dynamicConfigOptions = {
http = {
services = {
slskd.loadBalancer.servers = [{url = "http://localhost:${toString cfg.slskd.port}";}];
};
routers = {
slskd = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.slskd.url}`)";
service = "slskd";
tls.certResolver = "letsencrypt";
};
};
};
};
})
];
@@ -181,12 +211,12 @@ in
"5031:5031"
"50300:50300"
];
devices = [ "/dev/net/tun:/dev/net/tun" ];
devices = ["/dev/net/tun:/dev/net/tun"];
autoStart = true;
extraOptions = [
"--cap-add=NET_ADMIN"
];
volumes = [ "/var:/gluetun" ];
volumes = ["/var:/gluetun"];
environmentFiles = [
config.age.secrets.gluetunEnvironment.path
];
@@ -203,7 +233,7 @@ in
qbittorrent = {
image = "ghcr.io/hotio/qbittorrent:latest";
autoStart = true;
dependsOn = [ "gluetun" ];
dependsOn = ["gluetun"];
ports = [
"8080:8080"
"58846:58846"
@@ -231,7 +261,7 @@ in
slskd = {
image = "slskd/slskd:latest";
autoStart = true;
dependsOn = [ "gluetun" ];
dependsOn = ["gluetun"];
ports = [
"5030:5030"
"5031:5031"
@@ -271,9 +301,6 @@ in
environment = {
TZ = "Europe/Stockholm";
CUSTOM_CACHE_SIZE = "0";
# PIHOLE_DNS_ = "10.88.0.1#5335";
# DNSSEC = "false";
# REV_SERVER = "true";
WEBTHEME = "default-darker";
};
environmentFiles = getPiholeSecret config.networking.hostName;

6
modules/server/postgres/default.nix Normal file
View File

@@ -0,0 +1,6 @@
{
imports = [
./postgres.nix
./postgres-upgrade.nix
];
}

48
modules/server/postgres/postgres-upgrade.nix Normal file
View File

@@ -0,0 +1,48 @@
# taken from @jtojnar
{
config,
lib,
pkgs,
...
}: let
inherit (lib) types mkOption;
cfg = config.server.postgresql;
in {
options = {
server.postgresql = {
upgradeTargetPackage = mkOption {
type = types.nullOr types.package;
default = null;
description = "PostgreSQL package that we want to upgrade to. When set, an update script will be installed.";
};
};
};
config = {
# https://nixos.org/manual/nixos/unstable/#module-services-postgres-upgrading
environment.systemPackages = lib.mkIf (cfg.upgradeTargetPackage != null) [
(pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${cfg.upgradeTargetPackage.psqlSchema}"
export NEWBIN="${cfg.upgradeTargetPackage}/bin"
export OLDDATA="${config.services.postgresql.dataDir}"
export OLDBIN="${config.services.postgresql.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
];
};
}

153
modules/server/postgres/postgres.nix Normal file
View File

@@ -0,0 +1,153 @@
# taken from @jtojnar
{
config,
lib,
pkgs,
...
}: let
inherit (lib) types mkOption;
cfg = config.server.postgresql;
database = {name, ...}: {
options = {
database = mkOption {
type = types.str;
description = "Database name";
};
extraUsers = mkOption {
type = types.listOf types.str;
default = [];
description = "List of extra users with access to this database.";
};
extensions = mkOption {
type = types.listOf types.str;
default = [];
description = "List of extensions to install and enable.";
};
};
};
in {
options = {
server.postgresql = {
databases = mkOption {
type = types.listOf (types.submodule database);
default = [];
description = "List of databases to set up.";
};
};
};
config = lib.mkIf (cfg.databases != []) {
services.postgresql = {
enable = true;
package = pkgs.postgresql_17;
extensions = lib.filter (x: x != null) (
lib.concatMap (
{extensions, ...}: map (ext: config.services.postgresql.package.pkgs.${ext} or null) extensions
)
cfg.databases
);
authentication = lib.mkForce ''
local all postgres peer
local sameuser all peer
# local peer access for extra users
${lib.concatMapStringsSep "\n" (
{
database,
extraUsers,
...
}:
lib.concatMapStringsSep "\n" (user: "local ${database} ${user} peer") ([database] ++ extraUsers)
)
cfg.databases}
# host access (TCP) for databases and their users
${lib.concatMapStringsSep "\n" (
{
database,
extraUsers,
...
}:
lib.concatMapStringsSep "\n" (user: ''
host ${database} ${user} 127.0.0.1/32 trust
host ${database} ${user} ::1/128 trust
'') ([database] ++ extraUsers)
)
cfg.databases}
'';
ensureUsers = let
dbToUsers = {
database,
extraUsers,
...
}:
# we use same username as dbname
[database] ++ extraUsers;
in
map (name: {inherit name;}) (lib.unique (builtins.concatMap dbToUsers cfg.databases));
};
systemd.services = {
postgres-setup = let
pgsql = config.services.postgresql;
in {
after = ["postgresql.service"];
wantedBy = ["multi-user.target"];
path = [pgsql.package];
script =
lib.concatMapStringsSep "\n" (
{
database,
extensions,
extraUsers,
...
}: let
createExtensionsSql =
lib.concatMapStringsSep "; " (
ext: ''CREATE EXTENSION IF NOT EXISTS "${ext}"''
)
extensions;
createExtensionsIfAny = lib.optionalString (extensions != []) ''
$PSQL -d '${database}' -c '${createExtensionsSql}'
'';
in ''
set -eu
PSQL="${pkgs.util-linux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.settings.port} --tuples-only --no-align"
if ! $PSQL -c "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep --quiet 1; then
$PSQL -c 'CREATE DATABASE "${database}" WITH OWNER = "${database}"'
${createExtensionsIfAny}
fi
${
lib.optionalString (extraUsers != [])
"$PSQL '${database}' -c '${
lib.concatMapStringsSep "\n" (
user: "GRANT ALL ON ALL TABLES IN SCHEMA public TO ${user};"
)
extraUsers
}'"
}
''
)
cfg.databases;
serviceConfig = {
Type = "oneshot";
};
};
postgresql.serviceConfig = {
# Required by PLV8.
MemoryDenyWriteExecute = false;
SystemCallFilter = [
"@pkey"
];
};
};
};
}

59
modules/server/prowlarr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "prowlarr";
srv = config.server;
cfg = config.server.${unit};
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -39,21 +37,44 @@ in
};
};
config = lib.mkIf cfg.enable {
services.${unit} = {
enable = true;
# user = srv.user;
# group = srv.group;
services = {
${unit} = {
enable = true;
};
flaresolverr = {
enable = true;
};
traefik = {
dynamicConfigOptions = {
http = {
services = {
prowlarr = {
loadBalancer.servers = [{url = "http://127.0.0.1:9696";}];
};
flaresolverr = {
loadBalancer.servers = [{url = "http://127.0.0.1:8191";}];
};
};
routers = {
prowlarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "prowlarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
flaresolverr = {
entryPoints = ["websecure"];
rule = "Host(`flaresolverr.${srv.domain}`)";
service = "flaresolverr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:9696
'';
};
# users.users.prowlarr = {
# group = "prowlarr";
# isSystemUser = true;
# };
# users.groups.prowlarr = {};
};
}

26
modules/server/radarr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "radarr";
srv = config.server;
cfg = config.server.${unit};
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user;
group = srv.group;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:7878
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.radarr.loadBalancer.servers = [{url = "http://127.0.0.1:7878";}];
routers = {
radarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "radarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

26
modules/server/sonarr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "sonarr";
srv = config.server;
cfg = config.server.${unit};
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user;
group = srv.group;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:8989
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.sonarr.loadBalancer.servers = [{url = "http://127.0.0.1:8989";}];
routers = {
sonarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "sonarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

64
modules/server/syncthing/default.nix
View File

@@ -1,64 +0,0 @@
{
config,
lib,
...
}:
let
unit = "syncthing";
srv = config.server;
cfg = config.server.${unit};
in
{
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${unit}.${srv.domain}";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Syncthing";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "Continuous file synchronization program";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "syncthing.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
networking.firewall = {
allowedTCPPorts = [
8384
22000
];
allowedUDPPorts = [
22000
21027
];
};
services.${unit} = {
enable = true;
user = srv.user;
guiAddress = "0.0.0.0:8384";
overrideFolders = false;
overrideDevices = false;
dataDir = "/home/${srv.user}/syncthing";
configDir = "/home/${srv.user}/syncthing/.config/syncting";
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:8384
'';
};
};
}

100
modules/server/traefik/default.nix Normal file
View File

@@ -0,0 +1,100 @@
{
lib,
config,
pkgs,
self,
...
}: let
inherit (lib) mkEnableOption mkIf types;
cfg = config.server.traefik;
getCloudflareCredentials = hostname:
if hostname == "ziggy"
then config.age.secrets.cloudflareDnsCredentialsZiggy.path
else if hostname == "sobotka"
then config.age.secrets.cloudflareDnsCredentials.path
else throw "Unknown hostname: ${hostname}";
in {
options.server.traefik = {
enable = mkEnableOption "Enable global Traefik reverse proxy with ACME";
};
config = mkIf cfg.enable {
age.secrets.traefikEnv = {
file = "${self}/secrets/traefikEnv.age";
mode = "640";
owner = "root";
group = "traefik";
};
systemd.services.traefik = {
serviceConfig = {
EnvironmentFile = [config.age.secrets.traefikEnv.path];
};
};
networking.firewall.allowedTCPPorts = [80 443];
services = {
tailscale.permitCertUid = "traefik";
traefik = {
enable = true;
staticConfigOptions = {
log = {
level = "DEBUG";
};
tracing = {};
api = {
dashboard = true;
};
certificatesResolvers = {
tailscale.tailscale = {};
letsencrypt = {
acme = {
email = "adam@cnst.dev";
storage = "/var/lib/traefik/cert.json";
dnsChallenge = {
provider = "cloudflare";
resolvers = [
"1.1.1.1:53"
"1.0.0.1:53"
];
};
};
};
};
entryPoints = {
redis = {
address = "0.0.0.0:6381";
};
postgres = {
address = "0.0.0.0:5433";
};
web = {
address = "0.0.0.0:80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
permanent = true;
};
};
websecure = {
address = "0.0.0.0:443";
http.tls = {
certResolver = "letsencrypt";
domains = [
{
main = "cnix.dev";
sans = ["*.cnix.dev"];
}
];
};
};
};
};
};
};
};
}

34
modules/server/uptime-kuma/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "uptime-kuma";
cfg = config.server.${unit};
srv = config.server;
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -39,14 +37,26 @@ in
};
};
config = lib.mkIf cfg.enable {
services.${unit} = {
enable = true;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:3001
'';
services = {
${unit} = {
enable = true;
};
traefik = {
dynamicConfigOptions = {
http = {
services.uptime-kuma.loadBalancer.servers = [{url = "http://127.0.0.1:3001";}];
routers = {
uptime-kuma = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "uptime-kuma";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
};
}

12
modules/server/vaultwarden/default.nix
View File

@@ -2,14 +2,13 @@
{
config,
lib,
self,
...
}:
let
}: let
inherit (lib) mkIf mkEnableOption;
vcfg = config.services.vaultwarden.config;
cfg = config.server.vaultwarden;
in
{
in {
options = {
server.vaultwarden = {
enable = mkEnableOption "Enables vaultwarden";
@@ -35,6 +34,11 @@ in
};
config = mkIf cfg.enable {
age.secrets = {
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
};
server = {
fail2ban = lib.mkIf config.server.fail2ban.enable {
jails = {

138
modules/server/www/default.nix Normal file
View File

@@ -0,0 +1,138 @@
{
lib,
config,
pkgs,
self,
...
}:
let
inherit (lib)
mkOption
mkEnableOption
mkIf
types
;
cfg = config.server.www;
srv = config.server;
in
{
options.server.www = {
enable = mkEnableOption {
description = "Enable personal website";
};
url = mkOption {
default = "";
type = types.str;
description = ''
Public domain name to be used to access the server services via Traefik reverse proxy
'';
};
cloudflared = {
credentialsFile = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression ''
pkgs.writeText "cloudflare-credentials.json" '''
{"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
'''
'';
};
tunnelId = lib.mkOption {
type = lib.types.str;
example = "00000000-0000-0000-0000-000000000000";
};
};
};
config = mkIf cfg.enable {
age.secrets = {
wwwCloudflared.file = "${self}/secrets/wwwCloudflared.age";
};
server = {
fail2ban = lib.mkIf config.server.www.enable {
jails = {
nginx-404 = {
serviceName = "nginx";
failRegex = ''^.*\[error\].*directory index of.* is forbidden.*client: <HOST>.*$'';
ignoreRegex = "";
maxRetry = 5;
};
};
};
};
services = {
nginx = {
enable = true;
defaultListen = [
{
addr = "127.0.0.1";
port = 8283;
}
];
virtualHosts."webfinger" = {
forceSSL = false;
serverName = cfg.url;
root = "/var/www/webfinger";
locations."= /.well-known/webfinger" = {
root = "/var/www/webfinger";
extraConfig = ''
default_type application/jrd+json;
try_files /.well-known/webfinger =404;
'';
};
locations."= /robots.txt" = {
root = "/var/www/webfinger";
extraConfig = ''
default_type text/plain;
try_files /robots.txt =404;
'';
};
};
};
cloudflared = {
enable = true;
tunnels.${cfg.cloudflared.tunnelId} = {
credentialsFile = cfg.cloudflared.credentialsFile;
default = "http_status:404";
ingress."${cfg.url}".service = "http://127.0.0.1:8283";
};
};
};
environment.etc = {
"webfinger/.well-known/webfinger".text = ''
{
"subject": "acct:adam@${cfg.url}",
"links": [
{
"rel": "http://openid.net/specs/connect/1.0/issuer",
"href": "https://auth.${cfg.url}/application/o/tailscale/"
}
]
}
'';
"webfinger/robots.txt".text = ''
User-agent: *
Disallow: /
'';
};
services.traefik.dynamicConfigOptions.http = {
routers.webfinger = {
entryPoints = [ "websecure" ];
rule = "Host(`${cfg.url}`) && Path(`/.well-known/webfinger`)";
service = "webfinger";
tls.certResolver = "letsencrypt";
};
services.webfinger.loadBalancer.servers = [
{ url = "http://127.0.0.1:8283"; }
];
};
};
}

1
nix/default.nix
View File

@@ -23,7 +23,6 @@
in
{
package = pkgs.lix;
# pin the registry to avoid downloading and evaling a new nixpkgs version every time
registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs;

5
scripts/bin/choosepaper.sh Normal file
View File

@@ -0,0 +1,5 @@
export bg_dir="$HOME/media/images/bgs/"
find "$bg_dir" -type f | fzf --reverse --preview 'pistol {}' | while read -r img; do
pkill swaybg || true
swaybg -m fill -o '*' -i "$img" &
done

82
scripts/bin/spawn.sh Normal file
View File

@@ -0,0 +1,82 @@
# Spawn-or-focus logic for Niri:
# If no "app" windows exist, spawn one.
# If focused window is not "app", focus the first "app" instance.
# If "app" is focused and only one instance exists, spawn + consume into stack.
# If "app" is focused and two instances already exist, spawn a new separate one.
# Cycle repeats: focus first > allow stack of 2 > reset on 3rd.
if [ $# -lt 1 ]; then
echo "Usage: $0 <APP_ID> [APP_CMD]" >&2
exit 1
fi
APP_ID="$1"
APP_CMD="${2:-$1}"
WINDOW_DATA=$(niri msg -j windows)
readarray -t APP_IDS < <(
echo "$WINDOW_DATA" | jq -r --arg app_id "$APP_ID" '
[ .[] | select(.app_id == $app_id) ]
| sort_by(.layout.pos_in_scrolling_layout // [0,0])
| .[].id
'
)
COUNT=${#APP_IDS[@]}
FOCUSED_IS_APP=$(
echo "$WINDOW_DATA" | jq -r --arg app_id "$APP_ID" '
any(.[]; .app_id == $app_id and .is_focused)
'
)
spawn_normal() {
"$APP_CMD" &
}
spawn_and_consume() {
local initial_ids=("$@")
"$APP_CMD" &
local pid=$!
for _ in {1..50}; do
readarray -t after_ids < <(
niri msg -j windows | jq -r --arg app_id "$APP_ID" '
[ .[] | select(.app_id == $app_id) ]
| sort_by(.layout.pos_in_scrolling_layout // [0,0])
| .[].id
'
)
NEW_ID=""
for id in "${after_ids[@]}"; do
[[ " ${initial_ids[*]} " == *" $id "* ]] || NEW_ID="$id"
done
if [ -n "$NEW_ID" ]; then
niri msg action focus-window --id "${initial_ids[$((${#initial_ids[@]} - 1))]}"
niri msg action consume-window-into-column
break
fi
sleep 0.05
done
wait "$pid" 2>/dev/null || true
}
if ((COUNT == 0)); then
spawn_normal
exit 0
fi
if [ "$FOCUSED_IS_APP" != "true" ]; then
niri msg action focus-window --id "${APP_IDS[0]}"
exit 0
fi
if ((COUNT % 2 == 0)); then
spawn_normal
else
spawn_and_consume "${APP_IDS[@]}"
fi

41
scripts/bin/tuirun-debug.sh
View File

@@ -1,41 +0,0 @@
# Log file location
LOGFILE="/home/$USER/.cache/tuirun/tuirun-toggle.log"
# Redirect all output and errors to the log file
exec >>"$LOGFILE" 2>&1
# Enable command tracing
set -x
echo "Script started at $(date)"
# Log the environment variables
echo "Environment variables:"
env
# Define TERMINAL if not set
TERMINAL="${TERMINAL:-foot}"
echo "TERMINAL is set to: $TERMINAL"
# Ensure USER is set
USER="${USER:-$(whoami)}"
echo "USER is set to: $USER"
# Path to the tuirun executable
TUIRUN_PATH="/etc/profiles/per-user/$USER/bin/tuirun"
echo "TUIRUN_PATH is set to: $TUIRUN_PATH"
# Use absolute paths for commands
PGREP="/run/current-system/sw/bin/pgrep"
PKILL="/run/current-system/sw/bin/pkill"
HYPRCTL="/etc/profiles/per-user/$USER/bin/hyprctl"
echo "Checking if tuirun is already running..."
if "$PGREP" -f "$TERMINAL --title tuirun" >/dev/null; then
echo "Found existing tuirun process. Terminating..."
"$PKILL" -f "$TERMINAL --title tuirun"
else
echo "No existing tuirun process. Starting a new one..."
"$HYPRCTL" dispatch exec "$TERMINAL --title tuirun -e $TUIRUN_PATH"
fi
echo "Script finished at $(date)"

37
scripts/bin/tuirun-toggle.sh
View File

@@ -1,37 +0,0 @@
# Define TERMINAL if not set
TERMINAL="${TERMINAL:-foot}"
# Use absolute paths for commands
PGREP="/run/current-system/sw/bin/pgrep"
PKILL="/run/current-system/sw/bin/pkill"
UWSM="/run/current-system/sw/bin/uwsm"
TUIRUN_PATH="/etc/profiles/per-user/$USER/bin/tuirun"
# Determine OPTIONS based on TERMINAL
if [ "$TERMINAL" = "foot" ]; then
OPTIONS="--override=main.pad=0x0"
elif [ "$TERMINAL" = "alacritty" ]; then
OPTIONS="--option window.padding.x=0 --option window.padding.y=0"
else
OPTIONS=""
fi
# Matching pattern for the process
MATCH_PATTERN="$TERMINAL --title tuirun"
if "$PGREP" -f "$MATCH_PATTERN" >/dev/null; then
echo "$(date): Killing existing process"
"$PKILL" -f "$MATCH_PATTERN"
else
# Log the environment for debugging
env >/tmp/script_env.txt
# Construct the command as an array for proper argument handling
CMD=("$TERMINAL" "--title" "tuirun")
if [ -n "$OPTIONS" ]; then
CMD+=("$OPTIONS")
fi
CMD+=("-e" "$TUIRUN_PATH")
echo "$(date): Executing command: ${CMD[*]}"
# Use eval to expand the command or pass the arguments directly
"$UWSM" app -- "${CMD[@]}"
fi

33
scripts/bin/tuirun-toggle.shbak
View File

@@ -1,33 +0,0 @@
# Define TERMINAL if not set
TERMINAL="${TERMINAL:-foot}"
# Use absolute paths for commands
PGREP="/run/current-system/sw/bin/pgrep"
PKILL="/run/current-system/sw/bin/pkill"
HYPRCTL="/etc/profiles/per-user/$USER/bin/hyprctl"
TUIRUN_PATH="/etc/profiles/per-user/$USER/bin/tuirun"
# Determine OPTIONS based on TERMINAL
if [ "$TERMINAL" = "foot" ]; then
OPTIONS="--override=main.pad=0x0"
elif [ "$TERMINAL" = "alacritty" ]; then
OPTIONS="--option window.padding.x=0 --option window.padding.y=0"
else
OPTIONS=""
fi
# Matching pattern for the process
MATCH_PATTERN="$TERMINAL --title tuirun"
if "$PGREP" -f "$MATCH_PATTERN" >/dev/null; then
"$PKILL" -f "$MATCH_PATTERN"
else
# Construct the command
CMD="$TERMINAL --title tuirun"
if [ -n "$OPTIONS" ]; then
CMD="$CMD $OPTIONS"
fi
# Use login shell to ensure proper environment
CMD="$CMD -e $SHELL -l -c '$TUIRUN_PATH'"
# Launch the terminal with OPTIONS
"$HYPRCTL" dispatch exec "$CMD"
fi

53
scripts/default.nix
View File

@@ -12,8 +12,17 @@ in
{
home = {
sessionPath = [ "${config.home.homeDirectory}/.local/bin" ];
file = {
".local/bin/spawn.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "spawn";
runtimeInputs = with pkgs; [ niri ];
text = readFile ./bin/spawn.sh;
}
);
};
".local/bin/spawn-or-focus.sh" = {
source = getExe (
pkgs.writeShellApplication {
@@ -24,6 +33,20 @@ in
);
};
".local/bin/choosepaper.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "spawn";
runtimeInputs = with pkgs; [
fzf
swaybg
pistol
];
text = readFile ./bin/choosepaper.sh;
}
);
};
".local/bin/pavucontrol-toggle.sh" = {
source = getExe (
pkgs.writeShellApplication {
@@ -34,34 +57,6 @@ in
);
};
".local/bin/tuirun-toggle.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "tuirun-toggle";
runtimeInputs = with pkgs; [
hyprland
uwsm
];
text = readFile ./bin/tuirun-toggle.sh;
}
);
};
".local/bin/tuirun-debugger.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "tuirun-debugger";
runtimeInputs = with pkgs; [ hyprland ];
text = ''
# Save environment to file
env > /tmp/tuirun-env.txt
# Run tuirun
/etc/profiles/per-user/cnst/bin/tuirun
'';
}
);
};
".local/bin/calcurse-toggle.sh" = {
source = getExe (
pkgs.writeShellApplication {

14
secrets/authentikCloudflared.age Normal file
View File

@@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg 2oTh42u4hxJGAypwwLJwDCPMngauHB8BhKA83xAXr1M
Sr6Hbfnd52F0dUk5RO3wxxJ7RGi3+NUCBq/MzDbKR7s
-> ssh-ed25519 KUYMFA O2j6gYY1QR1ZlFiWw+7y6nKUeE658Wp3PdV6dsMqwTU
NYwnTkZX5PHnNtL1vqJqIsYzIFUY43AVso8ecMAHvWs
-> ssh-ed25519 76RhUQ VTzoQh0fHrG41Gr0YnPY7Jz7yFFugigm/DpUUE/Ny18
SITvKJf5+ql4DhpJoPVvEXdLGIBeKnlLlm8u4QPr0RY
-> ssh-ed25519 Jf8sqw oVI2y3zqpswvyZoNwklrKI1ZbxMJ5a1kzc43RErkbD8
aHNuHMH2XNQ7+9sfsA8LMhBSgTDmvmI1wY26V2j+lsE
--- 0UL0vxM2f5IeVhDO1Cg7SUmhuvpFh+GsEEW4g5JEORU
<EFBFBD>)q<>$*<2A><><EFBFBD>b<10>X<EFBFBD><58><EFBFBD>`<60> %f
_<EFBFBD>%%1ݗ<><DD97><EFBFBD>)<29><>fT<66>٧&<26>`+<2B>K<EFBFBD><4B>q<EFBFBD><71>I<><EEADBE><EFBFBD><EFBFBD><EFBFBD><19><><03>\=<3D>M<EFBFBD><4D><18>
!<21><>7<EFBFBD>b<EFBFBD>]<5D>X<>_lri<72>_<EFBFBD><03><>;<3B>R
<EFBFBD>)<29><>c<EFBFBD>H<><48>5. p<> :m<>_<EFBFBD>&Vj/<2F><01><>Ra|MU<4D><55>b<EFBFBD><62><02>y<EFBFBD><79><EFBFBD><EFBFBD>El<45>nS<6E>9"<11><>گ+<<3C>

BIN
secrets/authentikEnv.age Normal file
View File

Binary file not shown.

BIN
secrets/cloudflareDnsApiToken.age
View File

Binary file not shown.

20
secrets/cloudflareDnsCredentials.age
View File

@@ -1,11 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg QY+660BNebZu+onRxjUCOqQ4iqCySPWfw9eCLXdFsl8
AP1XZcDAY4/hrtyTnVXEpybPgEh38PcMaiiBPTlkDZ8
-> ssh-ed25519 KUYMFA nCLslugBChJUP4e6XXxV5GGUZdM/YHcOqSQEzgBnpnk
9Y/N0Clq/qSGa/XHGKr5Yg6iz40fb+5Rti+6RvEoiXs
-> ssh-ed25519 76RhUQ ZeJds5ce27IAjkBpECnQY73Y0g2eB8lI5g2K3wn3STQ
IQ8TZ/jrTme1cUxzSDNYN6hfHKXJV9aKNXFP7jNWlgs
-> ssh-ed25519 Jf8sqw 6o1aN6NB+YgDM/q1DyTwRGbE85oOvyyGGNGIrd+P31Q
QpL1gGnfLs2Xm7Sx0jVE3Cx4J7aIzcUOXUp9Yt/Ztt0
--- DR/KkJALCKIdMQvWi1abl8Q9UWJVPSv/a3sAoxY/t2Q
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>gPm<EFBFBD>?\<5C><><EFBFBD>}v/[
-> ssh-ed25519 t9iOEg EO9wY72yR1e+1vy7G+bSpm2Rcv6bv/Df0D1i/SO+zA0
pmABveIZ53zQOoJ27P4zqb0jtaDJoYkhclMP6wcl+ZM
-> ssh-ed25519 KUYMFA h02lppvPUe8eJLAfIEkGQqgdNWqvFYpJ2eZjJGHJ+SA
5+T4ytKUXPdIIDXfcc/LUnQsOMlmck2Ug32MKNuCh2Q
-> ssh-ed25519 76RhUQ E/ng+K+F+iaNZ0QjSyo2JuAz717aoygNguzon798dlI
CPJV+mjKX1ZtmWvBroFHVyuRnnUI5ymfEw6OqnQa2kI
-> ssh-ed25519 Jf8sqw yrWSLSAjsIfyd+DYUyojy0k6GwMa3ZmVjyIz36gLin0
ly8wMETBPdaF5dM5r//UCdfSqTMEfnodffgIAUGydcE
--- kNDVEUJATIeuOYNXY/Bl++PfDEn/lCo4nBiTEFntOw0
<EFBFBD>g<EFBFBD><EFBFBD>Q=[g<><16>?_<><5F>|<7C><>7[<5B><>-<2D><>CngڡǗ<01>+<2B>m<><6D><r<01><>bv?i<><69>S<EFBFBD>2W<32>f<EFBFBD><66>51<11><>P<>x~<13><>_c<5F>"m<><01>)<29><>h"I<>

BIN
secrets/homepageEnvironment.age
View File

Binary file not shown.

11
secrets/nextcloudAdminPass.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg 5z2kiVAol78mM42O1Jf9ndeBwElB0x4BectRt+R8GkM
gE89nfzfPZ7dcQDG57xdJAcrq565V+rbWDUEtNuBEwA
-> ssh-ed25519 KUYMFA 7aaMHpHzTC3U/7zol+LWE5IXrXm98ORcQpXkC3SNBBw
i4cyBlQrGmPiosCaCjv/7GUUikP2c/I8tA93Qz0o3cI
-> ssh-ed25519 76RhUQ 7Jppe6oBvuXqxoB4LNU+725b6ZeopHxgXq3WWDZlbhg
f+8GtX9dsCrnQ+kN0Swhq5LLNZrlzEVYJhwn+oN7yG8
-> ssh-ed25519 Jf8sqw qBlvp6ZCHVkr37lfE+HrBNNEGcqQ8++GbMYBKhpr1Dk
9CoVJgvPZyIQOdTOFQWMotZaohFUmt953pivSVx6C9Q
--- ZSaeUcQ9T8TdcDXXNOWgTRAAG5+lRsl4sOFIOYgMISQ
Ua<55><61>`<60><><1A>'<27>^n<02>eP<65>=<3D><12>b<EFBFBD><62><EFBFBD>><3E><>~<7E>ؑ RV<52><05><><EFBFBD>n<05>g0Z<30><5A><EFBFBD><EFBFBD><EFBFBD>E<EFBFBD><45><EFBFBD>k<1E><1D><1C><>ml<6D>w<08>`<60>ҝ<EFBFBD><D29D><EFBFBD> <20>/<2F>x<EFBFBD><78>~

11
secrets/nextcloudCloudflared.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg tCTVBy/ZypZ8DjzMhp6MsG0OUSmY/Z7nprs6OgMXiRs
GXMwQ7THAvuh9SpM12ck84R86Qvs+Db62ybohItDloE
-> ssh-ed25519 KUYMFA EwdbsocHYlzEJ2JLiI6oD6wkhaN+llPghPuO50oNLmY
NYQmMaeBM511yQeeEczVEW9Hx6y8/5NiQJ4PGtytBlw
-> ssh-ed25519 76RhUQ 3zs9rA1RoMUahExIGTBXV6i815jrK9UDrh6ZKi4gXQk
lWRnELDu+qd+MHBnYoSkBZblJoNcBXIeIW7phdZb7fg
-> ssh-ed25519 Jf8sqw zDqvIhlZ5TMP5l4Ymc0VUccb0EZHu6nzT0zAz0n/yiA
2C6PIEpv7dsDV7u87B991XRHIDcYRIfi60cvHK0Bkgo
--- TzhNfeAGrl1ggKFbSWgQw+R0xpKU+VOod/iEJlgLPOA
uGe<47><65><EFBFBD>R H<10><><EFBFBD>=<3D><>of<6F>|t'e <09>L뉱l<EB89B1>w<1D><><EFBFBD>fMG"<22><>}@\<5C>e *R<>7j<37>%<25><><EFBFBD>=?<3F><>v<EFBFBD>%i<><10>\<5C><>'<27><><03>0Qyj <04><>8<><38><EFBFBD><EFBFBD>x<EFBFBD>yj<79><04><><05>&EB<45>T<EFBFBD>ɥ#<23>H<EFBFBD><48>u<EFBFBD>E%5uLҐy<D290>Ć5<C486><35>K<EFBFBD>><3E>t<><03><><EFBFBD><EFBFBD>0<EFBFBD><30><EFBFBD><EFBFBD><EFBFBD>0 <0C>q<EFBFBD>V ŵ>_j<5F>U<EFBFBD>D<><1A><><EFBFBD>JWꂿ<0F>>@<40><><EFBFBD><EFBFBD>w :<3A><>CJEb,5U

73
secrets/secrets.nix
View File

@@ -1,7 +1,11 @@
let
# --- Users ---
cnst = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
kima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
ukima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
rkima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
# --- Hosts: bunk ---
ubunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXCjkKouZrsMoswMIeueO8X/c3kuY3Gb0E9emvkqwUv cnst@cnixpad";
rbunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH72llEVDSHH/FZnjLVCe6zfdkdJRRVg2QL+ifHiPXXk root@cnix";
# --- Hosts: sobotka ---
usobotka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5ydTeaWcowmNXdDNqIa/lb5l9w5CAzyF2Kg6U5PSSu cnst@sobotka";
@@ -12,9 +16,13 @@ let
rziggy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnca8xg1MZ4Hx5k5SVFSxcPnWc1O6r7w7JGYzX9aQm8 root@nixos";
# --- Groups ---
core = [
cnst
kima
kima = [
ukima
rkima
];
bunk = [
ubunk
rbunk
];
sobotka = [
usobotka
@@ -24,35 +32,40 @@ let
uziggy
rziggy
];
all = core ++ sobotka ++ ziggy;
in
{
all = kima ++ bunk ++ sobotka ++ ziggy;
in {
# Generic
"cnstssh.age".publicKeys = core;
"cnixssh.age".publicKeys = core;
"certpem.age".publicKeys = core;
"keypem.age".publicKeys = core;
"mailpwd.age".publicKeys = core;
"gcapi.age".publicKeys = core;
"cnstssh.age".publicKeys = kima;
"cnixssh.age".publicKeys = kima;
"certpem.age".publicKeys = kima;
"keypem.age".publicKeys = kima;
"mailpwd.age".publicKeys = kima;
"gcapi.age".publicKeys = kima;
# Shared between core + sobotka
"cloudflareEnvironment.age".publicKeys = core ++ sobotka;
"vaultwardenEnvironment.age".publicKeys = core ++ sobotka;
"homepageEnvironment.age".publicKeys = core ++ sobotka;
"cloudflareFirewallApiKey.age".publicKeys = core ++ sobotka;
"vaultwardenCloudflared.age".publicKeys = core ++ sobotka;
"cloudflareDnsApiToken.age".publicKeys = core ++ sobotka;
"cloudflareDnsCredentials.age".publicKeys = core ++ sobotka;
"wgCredentials.age".publicKeys = core ++ sobotka;
"wgSobotkaPrivateKey.age".publicKeys = core ++ sobotka;
"gluetunEnvironment.age".publicKeys = core ++ sobotka;
"pihole.age".publicKeys = core ++ sobotka;
"slskd.age".publicKeys = core ++ sobotka;
# Shared between kima + sobotka
"cloudflareEnvironment.age".publicKeys = kima ++ sobotka;
"vaultwardenEnvironment.age".publicKeys = kima ++ sobotka;
"homepageEnvironment.age".publicKeys = kima ++ sobotka;
"cloudflareFirewallApiKey.age".publicKeys = kima ++ sobotka;
"vaultwardenCloudflared.age".publicKeys = kima ++ sobotka;
"nextcloudCloudflared.age".publicKeys = kima ++ sobotka;
"nextcloudAdminPass.age".publicKeys = kima ++ sobotka;
"cloudflareDnsApiToken.age".publicKeys = kima ++ sobotka;
"cloudflareDnsCredentials.age".publicKeys = kima ++ sobotka;
"wgCredentials.age".publicKeys = kima ++ sobotka;
"wgSobotkaPrivateKey.age".publicKeys = kima ++ sobotka;
"gluetunEnvironment.age".publicKeys = kima ++ sobotka;
"sobotkaPihole.age".publicKeys = kima ++ sobotka;
"slskd.age".publicKeys = kima ++ sobotka;
"authentikEnv.age".publicKeys = kima ++ sobotka;
"traefikEnv.age".publicKeys = kima ++ sobotka;
"wwwCloudflared.age".publicKeys = kima ++ sobotka;
"authentikCloudflared.age".publicKeys = kima ++ sobotka;
# Ziggy-specific
"cloudflareDnsCredentialsZiggy.age".publicKeys = core ++ ziggy;
"piholeZiggy.age".publicKeys = core ++ ziggy;
"cloudflareDnsCredentialsZiggy.age".publicKeys = kima ++ ziggy;
"ziggyPihole.age".publicKeys = kima ++ ziggy;
# Both sobotka + ziggy (for HA stuff like keepalived)
"keepalived.age".publicKeys = core ++ sobotka ++ ziggy;
"keepalived.age".publicKeys = kima ++ sobotka ++ ziggy;
}

0
secrets/pihole.age → secrets/sobotkaPihole.age
View File

BIN
secrets/sslCert.age Normal file
View File

Binary file not shown.

BIN
secrets/sslKey.age Normal file
View File

Binary file not shown.

BIN
secrets/traefikEnv.age Normal file
View File

Binary file not shown.

11
secrets/wwwCloudflared.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg CWarcJM8RPjJW+e3BQ99KEUnOZQUDEIIeygeh/8MZUw
xux60KMmyOVvgiuEqyEPXM1Wr2ne8AyHT6CAWKMOcKo
-> ssh-ed25519 KUYMFA AThOlxHT41vsczkSGzJmT+VmWC2dAnLiIcTJP+YySkc
Jy8HyRuzIFtGYMimxsQNm2NnbluVwS6ZuXhq4uRfabY
-> ssh-ed25519 76RhUQ dKyDJ4DCNtYWQ2+cC7gwa+14aw99S+mU38tpQrlOmFc
0mD5Qcv8b8Bh1e4mbqdH26UtCJaUe7C7dDDSXJd1iRY
-> ssh-ed25519 Jf8sqw To2I/347gMqYx0PxMgYqbGekUpfqWOQwtgJ+0AFilTw
nIo4dH9JnOuWo48a17Kjyee5sQV8HN+PNXCWDT4fjIg
--- SuE6Z9ipbuWhxoaULMf6OGtG3BNkQ1BpWXkgfAI7Y6Y
<EFBFBD>R<EFBFBD>u1<12><><16><><EFBFBD>d<EFBFBD>ژdʋ(s <0B>)<29>M0v<30>ѹ<EFBFBD><D1B9><EFBFBD>Z<EFBFBD>V<EFBFBD><56><10>q<05>i<EFBFBD>i<EFBFBD><69>Ec* <09>{<7B>~teP<65><50><EFBFBD>{<1C>D<>mA~Ŭ<><1B>c.<2E>TbƝ<62>}<<3C><><EFBFBD><EFBFBD><EFBFBD>e0<65>Vq <0C><><EFBFBD>k<EFBFBD><6B><EFBFBD> b<>T<1F><>*Y<><59>$<24><>t<EFBFBD><74>:<3A><>^<1C><>+<2B><1D><>;<3B>1<EFBFBD><31><EFBFBD>ۤ<EFBFBD><DBA4>Ӎ<12>X<EFBFBD>H<EFBFBD><03><>u<EFBFBD><75><EFBFBD>g<EFBFBD>߄<EFBFBD>o<EFBFBD>/<2F>G<EFBFBD><0E><><16>Kl<4B>I<EFBFBD>C<EFBFBD><43>==A<><11><>Y<EFBFBD><59><EFBFBD>U<EFBFBD><55><EFBFBD><EFBFBD>

0
secrets/piholeZiggy.age → secrets/ziggyPihole.age
View File

1
users/cnst/default.nix
View File

@@ -23,6 +23,5 @@
json.enable = false;
manpages.enable = false;
};
programs.home-manager.enable = true;
}

11
users/cnst/modules/bunkmod.nix
View File

@@ -44,9 +44,6 @@
helix = {
enable = true;
};
hyprlock = {
enable = true;
};
jujutsu = {
enable = false;
};
@@ -127,12 +124,6 @@
gtk = {
enable = true;
};
hypridle = {
enable = true;
};
hyprpaper = {
enable = true;
};
mako = {
enable = false;
};
@@ -140,7 +131,7 @@
enable = true;
};
syncthing = {
enable = true;
enable = false;
};
udiskie = {
enable = true;

4
users/cnst/modules/kimamod.nix
View File

@@ -11,7 +11,7 @@
enable = true;
};
chromium = {
enable = true;
enable = false;
};
discord = {
enable = true;
@@ -132,7 +132,7 @@
enable = true;
};
syncthing = {
enable = true;
enable = false;
};
udiskie = {
enable = true;

154
users/cnst/modules/sobotkamod.nix
View File

@@ -1,154 +0,0 @@
{
home = {
programs = {
aerc = {
enable = false;
};
alacritty = {
enable = false;
};
bash = {
enable = true;
};
chromium = {
enable = false;
};
discord = {
enable = false;
};
eza = {
enable = true;
};
floorp = {
enable = false;
};
firefox = {
enable = false;
};
fish = {
enable = true;
};
foot = {
enable = false;
};
fuzzel = {
enable = false;
};
git = {
enable = true;
};
ghostty = {
enable = false;
};
helix = {
enable = true;
};
hyprlock = {
enable = false;
};
jujutsu = {
enable = false;
};
kitty = {
enable = false;
};
mpv = {
enable = false;
};
neovim = {
enable = false;
};
nvf = {
enable = false;
};
nwg-bar = {
enable = false;
};
pkgs = {
enable = true;
};
rofi = {
enable = false;
};
ssh = {
enable = true;
};
tuirun = {
enable = false;
};
vscode = {
enable = false;
};
waybar = {
enable = false;
};
wezterm = {
enable = false;
};
yazi = {
enable = false;
};
zathura = {
enable = false;
};
zed-editor = {
enable = false;
};
zellij = {
enable = false;
};
zen = {
enable = false;
};
zsh = {
enable = false;
};
};
services = {
blueman-applet = {
enable = false;
};
copyq = {
enable = false;
};
dconf = {
settings = {
color-scheme = "prefer-dark";
};
};
dunst = {
enable = false;
};
gpg = {
enable = true;
};
gtk = {
enable = false;
};
hypridle = {
enable = false;
};
hyprpaper = {
enable = false;
};
mako = {
enable = false;
};
nix-index = {
enable = true;
};
protonmail-bridge = {
enable = false;
};
syncthing = {
enable = false;
};
udiskie = {
enable = false;
};
xdg = {
enable = false;
};
};
};
}

4
users/cnst/variables/default.nix
View File

@@ -14,8 +14,8 @@ let
BROWSER = "zen";
EDITOR = "hx";
TERM = "xterm-256color";
VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d";
# VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
# STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d";
QT_QPA_PLATFORM = "wayland";
XDG_SESSION_TYPE = "wayland";
};